diff options
| author | markus <> | 2002-09-05 12:51:50 +0000 |
|---|---|---|
| committer | markus <> | 2002-09-05 12:51:50 +0000 |
| commit | 15b5d84f9da2ce4bfae8580e56e34a859f74ad71 (patch) | |
| tree | bf939e82d7fd73cc8a01cf6959002209972091bc /src/lib | |
| parent | 027351f729b9e837200dae6e1520cda6577ab930 (diff) | |
| download | openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.gz openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.tar.bz2 openbsd-15b5d84f9da2ce4bfae8580e56e34a859f74ad71.zip | |
import openssl-0.9.7-beta1
Diffstat (limited to 'src/lib')
476 files changed, 46811 insertions, 27019 deletions
diff --git a/src/lib/libcrypto/aes/aes_cfb.c b/src/lib/libcrypto/aes/aes_cfb.c index 9b2917298a..41c2a5ec3d 100644 --- a/src/lib/libcrypto/aes/aes_cfb.c +++ b/src/lib/libcrypto/aes/aes_cfb.c | |||
| @@ -137,7 +137,7 @@ void AES_cfb128_encrypt(const unsigned char *in, unsigned char *out, | |||
| 137 | } else { | 137 | } else { |
| 138 | while (l--) { | 138 | while (l--) { |
| 139 | if (n == 0) { | 139 | if (n == 0) { |
| 140 | AES_decrypt(ivec, ivec, key); | 140 | AES_encrypt(ivec, ivec, key); |
| 141 | } | 141 | } |
| 142 | c = *(in); | 142 | c = *(in); |
| 143 | *(out++) = *(in++) ^ ivec[n]; | 143 | *(out++) = *(in++) ^ ivec[n]; |
diff --git a/src/lib/libcrypto/aes/aes_ctr.c b/src/lib/libcrypto/aes/aes_ctr.c index 8e800481de..aea3db2092 100644 --- a/src/lib/libcrypto/aes/aes_ctr.c +++ b/src/lib/libcrypto/aes/aes_ctr.c | |||
| @@ -106,8 +106,8 @@ void AES_ctr128_encrypt(const unsigned char *in, unsigned char *out, | |||
| 106 | 106 | ||
| 107 | while (l--) { | 107 | while (l--) { |
| 108 | if (n == 0) { | 108 | if (n == 0) { |
| 109 | AES_ctr128_inc(counter); | ||
| 110 | AES_encrypt(counter, tmp, key); | 109 | AES_encrypt(counter, tmp, key); |
| 110 | AES_ctr128_inc(counter); | ||
| 111 | } | 111 | } |
| 112 | *(out++) = *(in++) ^ tmp[n]; | 112 | *(out++) = *(in++) ^ tmp[n]; |
| 113 | n = (n+1) % AES_BLOCK_SIZE; | 113 | n = (n+1) % AES_BLOCK_SIZE; |
diff --git a/src/lib/libcrypto/asn1/a_bitstr.c b/src/lib/libcrypto/asn1/a_bitstr.c index 2c10120651..ed0bdfbde1 100644 --- a/src/lib/libcrypto/asn1/a_bitstr.c +++ b/src/lib/libcrypto/asn1/a_bitstr.c | |||
| @@ -58,78 +58,86 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_ASN1_STRING_NEW,ASN1_R_STRING_TOO_SHORT); | 63 | int ASN1_BIT_STRING_set(ASN1_BIT_STRING *x, unsigned char *d, int len) |
| 64 | * ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,ASN1_R_EXPECTING_A_BIT_STRING); | 64 | { return M_ASN1_BIT_STRING_set(x, d, len); } |
| 65 | */ | ||
| 66 | 65 | ||
| 67 | int i2d_ASN1_BIT_STRING(a,pp) | 66 | int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a, unsigned char **pp) |
| 68 | ASN1_BIT_STRING *a; | ||
| 69 | unsigned char **pp; | ||
| 70 | { | 67 | { |
| 71 | int ret,j,r,bits; | 68 | int ret,j,bits,len; |
| 72 | unsigned char *p,*d; | 69 | unsigned char *p,*d; |
| 73 | 70 | ||
| 74 | if (a == NULL) return(0); | 71 | if (a == NULL) return(0); |
| 75 | 72 | ||
| 76 | /* our bit strings are always a multiple of 8 :-) */ | 73 | len=a->length; |
| 77 | bits=0; | 74 | |
| 78 | ret=1+a->length; | 75 | if (len > 0) |
| 79 | r=ASN1_object_size(0,ret,V_ASN1_BIT_STRING); | 76 | { |
| 80 | if (pp == NULL) return(r); | 77 | if (a->flags & ASN1_STRING_FLAG_BITS_LEFT) |
| 78 | { | ||
| 79 | bits=(int)a->flags&0x07; | ||
| 80 | } | ||
| 81 | else | ||
| 82 | { | ||
| 83 | for ( ; len > 0; len--) | ||
| 84 | { | ||
| 85 | if (a->data[len-1]) break; | ||
| 86 | } | ||
| 87 | j=a->data[len-1]; | ||
| 88 | if (j & 0x01) bits=0; | ||
| 89 | else if (j & 0x02) bits=1; | ||
| 90 | else if (j & 0x04) bits=2; | ||
| 91 | else if (j & 0x08) bits=3; | ||
| 92 | else if (j & 0x10) bits=4; | ||
| 93 | else if (j & 0x20) bits=5; | ||
| 94 | else if (j & 0x40) bits=6; | ||
| 95 | else if (j & 0x80) bits=7; | ||
| 96 | else bits=0; /* should not happen */ | ||
| 97 | } | ||
| 98 | } | ||
| 99 | else | ||
| 100 | bits=0; | ||
| 101 | |||
| 102 | ret=1+len; | ||
| 103 | if (pp == NULL) return(ret); | ||
| 104 | |||
| 81 | p= *pp; | 105 | p= *pp; |
| 82 | 106 | ||
| 83 | ASN1_put_object(&p,0,ret,V_ASN1_BIT_STRING,V_ASN1_UNIVERSAL); | 107 | *(p++)=(unsigned char)bits; |
| 84 | if (bits == 0) | ||
| 85 | j=0; | ||
| 86 | else j=8-bits; | ||
| 87 | *(p++)=(unsigned char)j; | ||
| 88 | d=a->data; | 108 | d=a->data; |
| 89 | memcpy(p,d,a->length); | 109 | memcpy(p,d,len); |
| 90 | p+=a->length; | 110 | p+=len; |
| 91 | if (a->length > 0) p[-1]&=(0xff<<j); | 111 | if (len > 0) p[-1]&=(0xff<<bits); |
| 92 | *pp=p; | 112 | *pp=p; |
| 93 | return(r); | 113 | return(ret); |
| 94 | } | 114 | } |
| 95 | 115 | ||
| 96 | ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(a, pp, length) | 116 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a, unsigned char **pp, |
| 97 | ASN1_BIT_STRING **a; | 117 | long len) |
| 98 | unsigned char **pp; | ||
| 99 | long length; | ||
| 100 | { | 118 | { |
| 101 | ASN1_BIT_STRING *ret=NULL; | 119 | ASN1_BIT_STRING *ret=NULL; |
| 102 | unsigned char *p,*s; | 120 | unsigned char *p,*s; |
| 103 | long len; | ||
| 104 | int inf,tag,xclass; | ||
| 105 | int i; | 121 | int i; |
| 106 | 122 | ||
| 107 | if ((a == NULL) || ((*a) == NULL)) | 123 | if ((a == NULL) || ((*a) == NULL)) |
| 108 | { | 124 | { |
| 109 | if ((ret=ASN1_BIT_STRING_new()) == NULL) return(NULL); | 125 | if ((ret=M_ASN1_BIT_STRING_new()) == NULL) return(NULL); |
| 110 | } | 126 | } |
| 111 | else | 127 | else |
| 112 | ret=(*a); | 128 | ret=(*a); |
| 113 | 129 | ||
| 114 | p= *pp; | 130 | p= *pp; |
| 115 | inf=ASN1_get_object(&p,&len,&tag,&xclass,length); | ||
| 116 | if (inf & 0x80) | ||
| 117 | { | ||
| 118 | i=ASN1_R_BAD_OBJECT_HEADER; | ||
| 119 | goto err; | ||
| 120 | } | ||
| 121 | |||
| 122 | if (tag != V_ASN1_BIT_STRING) | ||
| 123 | { | ||
| 124 | i=ASN1_R_EXPECTING_A_BIT_STRING; | ||
| 125 | goto err; | ||
| 126 | } | ||
| 127 | if (len < 1) { i=ASN1_R_STRING_TOO_SHORT; goto err; } | ||
| 128 | |||
| 129 | i= *(p++); | 131 | i= *(p++); |
| 132 | /* We do this to preserve the settings. If we modify | ||
| 133 | * the settings, via the _set_bit function, we will recalculate | ||
| 134 | * on output */ | ||
| 135 | ret->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear */ | ||
| 136 | ret->flags|=(ASN1_STRING_FLAG_BITS_LEFT|(i&0x07)); /* set */ | ||
| 137 | |||
| 130 | if (len-- > 1) /* using one because of the bits left byte */ | 138 | if (len-- > 1) /* using one because of the bits left byte */ |
| 131 | { | 139 | { |
| 132 | s=(unsigned char *)Malloc((int)len); | 140 | s=(unsigned char *)OPENSSL_malloc((int)len); |
| 133 | if (s == NULL) | 141 | if (s == NULL) |
| 134 | { | 142 | { |
| 135 | i=ERR_R_MALLOC_FAILURE; | 143 | i=ERR_R_MALLOC_FAILURE; |
| @@ -143,7 +151,7 @@ long length; | |||
| 143 | s=NULL; | 151 | s=NULL; |
| 144 | 152 | ||
| 145 | ret->length=(int)len; | 153 | ret->length=(int)len; |
| 146 | if (ret->data != NULL) Free((char *)ret->data); | 154 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 147 | ret->data=s; | 155 | ret->data=s; |
| 148 | ret->type=V_ASN1_BIT_STRING; | 156 | ret->type=V_ASN1_BIT_STRING; |
| 149 | if (a != NULL) (*a)=ret; | 157 | if (a != NULL) (*a)=ret; |
| @@ -152,16 +160,13 @@ long length; | |||
| 152 | err: | 160 | err: |
| 153 | ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); | 161 | ASN1err(ASN1_F_D2I_ASN1_BIT_STRING,i); |
| 154 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | 162 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 155 | ASN1_BIT_STRING_free(ret); | 163 | M_ASN1_BIT_STRING_free(ret); |
| 156 | return(NULL); | 164 | return(NULL); |
| 157 | } | 165 | } |
| 158 | 166 | ||
| 159 | /* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> | 167 | /* These next 2 functions from Goetz Babin-Ebell <babinebell@trustcenter.de> |
| 160 | */ | 168 | */ |
| 161 | int ASN1_BIT_STRING_set_bit(a,n,value) | 169 | int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value) |
| 162 | ASN1_BIT_STRING *a; | ||
| 163 | int n; | ||
| 164 | int value; | ||
| 165 | { | 170 | { |
| 166 | int w,v,iv; | 171 | int w,v,iv; |
| 167 | unsigned char *c; | 172 | unsigned char *c; |
| @@ -169,29 +174,30 @@ int value; | |||
| 169 | w=n/8; | 174 | w=n/8; |
| 170 | v=1<<(7-(n&0x07)); | 175 | v=1<<(7-(n&0x07)); |
| 171 | iv= ~v; | 176 | iv= ~v; |
| 177 | if (!value) v=0; | ||
| 178 | |||
| 179 | a->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); /* clear, set on write */ | ||
| 172 | 180 | ||
| 173 | if (a == NULL) return(0); | 181 | if (a == NULL) return(0); |
| 174 | if ((a->length < (w+1)) || (a->data == NULL)) | 182 | if ((a->length < (w+1)) || (a->data == NULL)) |
| 175 | { | 183 | { |
| 176 | if (!value) return(1); /* Don't need to set */ | 184 | if (!value) return(1); /* Don't need to set */ |
| 177 | if (a->data == NULL) | 185 | if (a->data == NULL) |
| 178 | c=(unsigned char *)Malloc(w+1); | 186 | c=(unsigned char *)OPENSSL_malloc(w+1); |
| 179 | else | 187 | else |
| 180 | c=(unsigned char *)Realloc(a->data,w+1); | 188 | c=(unsigned char *)OPENSSL_realloc(a->data,w+1); |
| 181 | if (c == NULL) return(0); | 189 | if (c == NULL) return(0); |
| 190 | if (w+1-a->length > 0) memset(c+a->length, 0, w+1-a->length); | ||
| 182 | a->data=c; | 191 | a->data=c; |
| 183 | a->length=w+1; | 192 | a->length=w+1; |
| 184 | c[w]=0; | 193 | } |
| 185 | } | ||
| 186 | a->data[w]=((a->data[w])&iv)|v; | 194 | a->data[w]=((a->data[w])&iv)|v; |
| 187 | while ((a->length > 0) && (a->data[a->length-1] == 0)) | 195 | while ((a->length > 0) && (a->data[a->length-1] == 0)) |
| 188 | a->length--; | 196 | a->length--; |
| 189 | return(1); | 197 | return(1); |
| 190 | } | 198 | } |
| 191 | 199 | ||
| 192 | int ASN1_BIT_STRING_get_bit(a,n) | 200 | int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n) |
| 193 | ASN1_BIT_STRING *a; | ||
| 194 | int n; | ||
| 195 | { | 201 | { |
| 196 | int w,v; | 202 | int w,v; |
| 197 | 203 | ||
diff --git a/src/lib/libcrypto/asn1/a_bool.c b/src/lib/libcrypto/asn1/a_bool.c index 41a95aa278..24333ea4d5 100644 --- a/src/lib/libcrypto/asn1/a_bool.c +++ b/src/lib/libcrypto/asn1/a_bool.c | |||
| @@ -58,15 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1t.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_EXPECTING_A_BOOLEAN); | 63 | int i2d_ASN1_BOOLEAN(int a, unsigned char **pp) |
| 64 | * ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,ASN1_R_BOOLEAN_IS_WRONG_LENGTH); | ||
| 65 | */ | ||
| 66 | |||
| 67 | int i2d_ASN1_BOOLEAN(a,pp) | ||
| 68 | int a; | ||
| 69 | unsigned char **pp; | ||
| 70 | { | 64 | { |
| 71 | int r; | 65 | int r; |
| 72 | unsigned char *p; | 66 | unsigned char *p; |
| @@ -81,10 +75,7 @@ unsigned char **pp; | |||
| 81 | return(r); | 75 | return(r); |
| 82 | } | 76 | } |
| 83 | 77 | ||
| 84 | int d2i_ASN1_BOOLEAN(a, pp, length) | 78 | int d2i_ASN1_BOOLEAN(int *a, unsigned char **pp, long length) |
| 85 | int *a; | ||
| 86 | unsigned char **pp; | ||
| 87 | long length; | ||
| 88 | { | 79 | { |
| 89 | int ret= -1; | 80 | int ret= -1; |
| 90 | unsigned char *p; | 81 | unsigned char *p; |
| @@ -119,3 +110,5 @@ err: | |||
| 119 | ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); | 110 | ASN1err(ASN1_F_D2I_ASN1_BOOLEAN,i); |
| 120 | return(ret); | 111 | return(ret); |
| 121 | } | 112 | } |
| 113 | |||
| 114 | |||
diff --git a/src/lib/libcrypto/asn1/a_bytes.c b/src/lib/libcrypto/asn1/a_bytes.c index 14168d61ad..bb88660f58 100644 --- a/src/lib/libcrypto/asn1/a_bytes.c +++ b/src/lib/libcrypto/asn1/a_bytes.c | |||
| @@ -58,38 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK); | 63 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c); |
| 64 | * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_ERROR_STACK); | 64 | /* type is a 'bitmap' of acceptable string types. |
| 65 | * ASN1err(ASN1_F_D2I_ASN1_TYPE_BYTES,ASN1_R_WRONG_TYPE); | ||
| 66 | * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG); | ||
| 67 | */ | 65 | */ |
| 68 | 66 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a, unsigned char **pp, | |
| 69 | static unsigned long tag2bit[32]={ | 67 | long length, int type) |
| 70 | 0, 0, 0, B_ASN1_BIT_STRING, /* tags 0 - 3 */ | ||
| 71 | B_ASN1_OCTET_STRING, 0, 0, B_ASN1_UNKNOWN,/* tags 4- 7 */ | ||
| 72 | B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 8-11 */ | ||
| 73 | B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN, B_ASN1_UNKNOWN,/* tags 12-15 */ | ||
| 74 | 0, 0, B_ASN1_NUMERICSTRING,B_ASN1_PRINTABLESTRING, | ||
| 75 | B_ASN1_T61STRING,B_ASN1_VIDEOTEXSTRING,B_ASN1_IA5STRING,0, | ||
| 76 | 0,B_ASN1_GRAPHICSTRING,B_ASN1_ISO64STRING,B_ASN1_GENERALSTRING, | ||
| 77 | B_ASN1_UNIVERSALSTRING,B_ASN1_UNKNOWN,B_ASN1_BMPSTRING,B_ASN1_UNKNOWN, | ||
| 78 | }; | ||
| 79 | |||
| 80 | #ifndef NOPROTO | ||
| 81 | static int asn1_collate_primative(ASN1_STRING *a, ASN1_CTX *c); | ||
| 82 | #else | ||
| 83 | static int asn1_collate_primative(); | ||
| 84 | #endif | ||
| 85 | |||
| 86 | /* type is a 'bitmap' of acceptable string types to be accepted. | ||
| 87 | */ | ||
| 88 | ASN1_STRING *d2i_ASN1_type_bytes(a, pp, length, type) | ||
| 89 | ASN1_STRING **a; | ||
| 90 | unsigned char **pp; | ||
| 91 | long length; | ||
| 92 | int type; | ||
| 93 | { | 68 | { |
| 94 | ASN1_STRING *ret=NULL; | 69 | ASN1_STRING *ret=NULL; |
| 95 | unsigned char *p,*s; | 70 | unsigned char *p,*s; |
| @@ -106,7 +81,7 @@ int type; | |||
| 106 | i=ASN1_R_TAG_VALUE_TOO_HIGH;; | 81 | i=ASN1_R_TAG_VALUE_TOO_HIGH;; |
| 107 | goto err; | 82 | goto err; |
| 108 | } | 83 | } |
| 109 | if (!(tag2bit[tag] & type)) | 84 | if (!(ASN1_tag2bit(tag) & type)) |
| 110 | { | 85 | { |
| 111 | i=ASN1_R_WRONG_TYPE; | 86 | i=ASN1_R_WRONG_TYPE; |
| 112 | goto err; | 87 | goto err; |
| @@ -125,7 +100,7 @@ int type; | |||
| 125 | 100 | ||
| 126 | if (len != 0) | 101 | if (len != 0) |
| 127 | { | 102 | { |
| 128 | s=(unsigned char *)Malloc((int)len+1); | 103 | s=(unsigned char *)OPENSSL_malloc((int)len+1); |
| 129 | if (s == NULL) | 104 | if (s == NULL) |
| 130 | { | 105 | { |
| 131 | i=ERR_R_MALLOC_FAILURE; | 106 | i=ERR_R_MALLOC_FAILURE; |
| @@ -138,7 +113,7 @@ int type; | |||
| 138 | else | 113 | else |
| 139 | s=NULL; | 114 | s=NULL; |
| 140 | 115 | ||
| 141 | if (ret->data != NULL) Free((char *)ret->data); | 116 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 142 | ret->length=(int)len; | 117 | ret->length=(int)len; |
| 143 | ret->data=s; | 118 | ret->data=s; |
| 144 | ret->type=tag; | 119 | ret->type=tag; |
| @@ -152,11 +127,7 @@ err: | |||
| 152 | return(NULL); | 127 | return(NULL); |
| 153 | } | 128 | } |
| 154 | 129 | ||
| 155 | int i2d_ASN1_bytes(a, pp, tag, xclass) | 130 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass) |
| 156 | ASN1_STRING *a; | ||
| 157 | unsigned char **pp; | ||
| 158 | int tag; | ||
| 159 | int xclass; | ||
| 160 | { | 131 | { |
| 161 | int ret,r,constructed; | 132 | int ret,r,constructed; |
| 162 | unsigned char *p; | 133 | unsigned char *p; |
| @@ -182,12 +153,8 @@ int xclass; | |||
| 182 | return(r); | 153 | return(r); |
| 183 | } | 154 | } |
| 184 | 155 | ||
| 185 | ASN1_STRING *d2i_ASN1_bytes(a, pp, length, Ptag, Pclass) | 156 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, long length, |
| 186 | ASN1_STRING **a; | 157 | int Ptag, int Pclass) |
| 187 | unsigned char **pp; | ||
| 188 | long length; | ||
| 189 | int Ptag; | ||
| 190 | int Pclass; | ||
| 191 | { | 158 | { |
| 192 | ASN1_STRING *ret=NULL; | 159 | ASN1_STRING *ret=NULL; |
| 193 | unsigned char *p,*s; | 160 | unsigned char *p,*s; |
| @@ -227,7 +194,7 @@ int Pclass; | |||
| 227 | c.tag=Ptag; | 194 | c.tag=Ptag; |
| 228 | c.xclass=Pclass; | 195 | c.xclass=Pclass; |
| 229 | c.max=(length == 0)?0:(p+length); | 196 | c.max=(length == 0)?0:(p+length); |
| 230 | if (!asn1_collate_primative(ret,&c)) | 197 | if (!asn1_collate_primitive(ret,&c)) |
| 231 | goto err; | 198 | goto err; |
| 232 | else | 199 | else |
| 233 | { | 200 | { |
| @@ -240,8 +207,8 @@ int Pclass; | |||
| 240 | { | 207 | { |
| 241 | if ((ret->length < len) || (ret->data == NULL)) | 208 | if ((ret->length < len) || (ret->data == NULL)) |
| 242 | { | 209 | { |
| 243 | if (ret->data != NULL) Free((char *)ret->data); | 210 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 244 | s=(unsigned char *)Malloc((int)len); | 211 | s=(unsigned char *)OPENSSL_malloc((int)len + 1); |
| 245 | if (s == NULL) | 212 | if (s == NULL) |
| 246 | { | 213 | { |
| 247 | i=ERR_R_MALLOC_FAILURE; | 214 | i=ERR_R_MALLOC_FAILURE; |
| @@ -251,12 +218,13 @@ int Pclass; | |||
| 251 | else | 218 | else |
| 252 | s=ret->data; | 219 | s=ret->data; |
| 253 | memcpy(s,p,(int)len); | 220 | memcpy(s,p,(int)len); |
| 221 | s[len] = '\0'; | ||
| 254 | p+=len; | 222 | p+=len; |
| 255 | } | 223 | } |
| 256 | else | 224 | else |
| 257 | { | 225 | { |
| 258 | s=NULL; | 226 | s=NULL; |
| 259 | if (ret->data != NULL) Free((char *)ret->data); | 227 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 260 | } | 228 | } |
| 261 | 229 | ||
| 262 | ret->length=(int)len; | 230 | ret->length=(int)len; |
| @@ -275,13 +243,11 @@ err: | |||
| 275 | } | 243 | } |
| 276 | 244 | ||
| 277 | 245 | ||
| 278 | /* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapes | 246 | /* We are about to parse 0..n d2i_ASN1_bytes objects, we are to collapse |
| 279 | * them into the one struture that is then returned */ | 247 | * them into the one structure that is then returned */ |
| 280 | /* There have been a few bug fixes for this function from | 248 | /* There have been a few bug fixes for this function from |
| 281 | * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ | 249 | * Paul Keogh <paul.keogh@sse.ie>, many thanks to him */ |
| 282 | static int asn1_collate_primative(a,c) | 250 | static int asn1_collate_primitive(ASN1_STRING *a, ASN1_CTX *c) |
| 283 | ASN1_STRING *a; | ||
| 284 | ASN1_CTX *c; | ||
| 285 | { | 251 | { |
| 286 | ASN1_STRING *os=NULL; | 252 | ASN1_STRING *os=NULL; |
| 287 | BUF_MEM b; | 253 | BUF_MEM b; |
| @@ -333,14 +299,14 @@ ASN1_CTX *c; | |||
| 333 | if (!asn1_Finish(c)) goto err; | 299 | if (!asn1_Finish(c)) goto err; |
| 334 | 300 | ||
| 335 | a->length=num; | 301 | a->length=num; |
| 336 | if (a->data != NULL) Free(a->data); | 302 | if (a->data != NULL) OPENSSL_free(a->data); |
| 337 | a->data=(unsigned char *)b.data; | 303 | a->data=(unsigned char *)b.data; |
| 338 | if (os != NULL) ASN1_STRING_free(os); | 304 | if (os != NULL) ASN1_STRING_free(os); |
| 339 | return(1); | 305 | return(1); |
| 340 | err: | 306 | err: |
| 341 | ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,c->error); | 307 | ASN1err(ASN1_F_ASN1_COLLATE_PRIMITIVE,c->error); |
| 342 | if (os != NULL) ASN1_STRING_free(os); | 308 | if (os != NULL) ASN1_STRING_free(os); |
| 343 | if (b.data != NULL) Free(b.data); | 309 | if (b.data != NULL) OPENSSL_free(b.data); |
| 344 | return(0); | 310 | return(0); |
| 345 | } | 311 | } |
| 346 | 312 | ||
diff --git a/src/lib/libcrypto/asn1/a_d2i_fp.c b/src/lib/libcrypto/asn1/a_d2i_fp.c index d952836a91..a80fbe9ff7 100644 --- a/src/lib/libcrypto/asn1/a_d2i_fp.c +++ b/src/lib/libcrypto/asn1/a_d2i_fp.c | |||
| @@ -58,17 +58,16 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1_mac.h> |
| 63 | 63 | ||
| 64 | #define HEADER_SIZE 8 | 64 | static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb); |
| 65 | |||
| 66 | #ifndef NO_OLD_ASN1 | ||
| 67 | #ifndef OPENSSL_NO_FP_API | ||
| 65 | 68 | ||
| 66 | #ifndef NO_FP_API | 69 | char *ASN1_d2i_fp(char *(*xnew)(), char *(*d2i)(), FILE *in, |
| 67 | char *ASN1_d2i_fp(xnew,d2i,in,x) | 70 | unsigned char **x) |
| 68 | char *(*xnew)(); | ||
| 69 | char *(*d2i)(); | ||
| 70 | FILE *in; | ||
| 71 | unsigned char **x; | ||
| 72 | { | 71 | { |
| 73 | BIO *b; | 72 | BIO *b; |
| 74 | char *ret; | 73 | char *ret; |
| @@ -85,16 +84,68 @@ unsigned char **x; | |||
| 85 | } | 84 | } |
| 86 | #endif | 85 | #endif |
| 87 | 86 | ||
| 88 | char *ASN1_d2i_bio(xnew,d2i,in,x) | 87 | char *ASN1_d2i_bio(char *(*xnew)(), char *(*d2i)(), BIO *in, |
| 89 | char *(*xnew)(); | 88 | unsigned char **x) |
| 90 | char *(*d2i)(); | 89 | { |
| 91 | BIO *in; | 90 | BUF_MEM *b = NULL; |
| 92 | unsigned char **x; | 91 | unsigned char *p; |
| 92 | char *ret=NULL; | ||
| 93 | int len; | ||
| 94 | |||
| 95 | len = asn1_d2i_read_bio(in, &b); | ||
| 96 | if(len < 0) goto err; | ||
| 97 | |||
| 98 | p=(unsigned char *)b->data; | ||
| 99 | ret=d2i(x,&p,len); | ||
| 100 | err: | ||
| 101 | if (b != NULL) BUF_MEM_free(b); | ||
| 102 | return(ret); | ||
| 103 | } | ||
| 104 | |||
| 105 | #endif | ||
| 106 | |||
| 107 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x) | ||
| 108 | { | ||
| 109 | BUF_MEM *b = NULL; | ||
| 110 | unsigned char *p; | ||
| 111 | void *ret=NULL; | ||
| 112 | int len; | ||
| 113 | |||
| 114 | len = asn1_d2i_read_bio(in, &b); | ||
| 115 | if(len < 0) goto err; | ||
| 116 | |||
| 117 | p=(unsigned char *)b->data; | ||
| 118 | ret=ASN1_item_d2i(x,&p,len, it); | ||
| 119 | err: | ||
| 120 | if (b != NULL) BUF_MEM_free(b); | ||
| 121 | return(ret); | ||
| 122 | } | ||
| 123 | |||
| 124 | #ifndef OPENSSL_NO_FP_API | ||
| 125 | void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x) | ||
| 126 | { | ||
| 127 | BIO *b; | ||
| 128 | char *ret; | ||
| 129 | |||
| 130 | if ((b=BIO_new(BIO_s_file())) == NULL) | ||
| 131 | { | ||
| 132 | ASN1err(ASN1_F_ASN1_D2I_FP,ERR_R_BUF_LIB); | ||
| 133 | return(NULL); | ||
| 134 | } | ||
| 135 | BIO_set_fp(b,in,BIO_NOCLOSE); | ||
| 136 | ret=ASN1_item_d2i_bio(it,b,x); | ||
| 137 | BIO_free(b); | ||
| 138 | return(ret); | ||
| 139 | } | ||
| 140 | #endif | ||
| 141 | |||
| 142 | #define HEADER_SIZE 8 | ||
| 143 | static int asn1_d2i_read_bio(BIO *in, BUF_MEM **pb) | ||
| 93 | { | 144 | { |
| 94 | BUF_MEM *b; | 145 | BUF_MEM *b; |
| 95 | unsigned char *p; | 146 | unsigned char *p; |
| 96 | int i; | 147 | int i; |
| 97 | char *ret=NULL; | 148 | int ret=-1; |
| 98 | ASN1_CTX c; | 149 | ASN1_CTX c; |
| 99 | int want=HEADER_SIZE; | 150 | int want=HEADER_SIZE; |
| 100 | int eos=0; | 151 | int eos=0; |
| @@ -105,7 +156,7 @@ unsigned char **x; | |||
| 105 | if (b == NULL) | 156 | if (b == NULL) |
| 106 | { | 157 | { |
| 107 | ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); | 158 | ASN1err(ASN1_F_ASN1_D2I_BIO,ERR_R_MALLOC_FAILURE); |
| 108 | return(NULL); | 159 | return -1; |
| 109 | } | 160 | } |
| 110 | 161 | ||
| 111 | ERR_clear_error(); | 162 | ERR_clear_error(); |
| @@ -193,8 +244,8 @@ unsigned char **x; | |||
| 193 | } | 244 | } |
| 194 | } | 245 | } |
| 195 | 246 | ||
| 196 | p=(unsigned char *)b->data; | 247 | *pb = b; |
| 197 | ret=d2i(x,&p,off); | 248 | return off; |
| 198 | err: | 249 | err: |
| 199 | if (b != NULL) BUF_MEM_free(b); | 250 | if (b != NULL) BUF_MEM_free(b); |
| 200 | return(ret); | 251 | return(ret); |
diff --git a/src/lib/libcrypto/asn1/a_digest.c b/src/lib/libcrypto/asn1/a_digest.c index 8ddb65b0dc..4931e222a0 100644 --- a/src/lib/libcrypto/asn1/a_digest.c +++ b/src/lib/libcrypto/asn1/a_digest.c | |||
| @@ -58,34 +58,49 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <sys/types.h> | ||
| 62 | #include <sys/stat.h> | ||
| 63 | 61 | ||
| 64 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 65 | #include "evp.h" | ||
| 66 | #include "x509.h" | ||
| 67 | #include "buffer.h" | ||
| 68 | 63 | ||
| 69 | int ASN1_digest(i2d,type,data,md,len) | 64 | #ifndef NO_SYS_TYPES_H |
| 70 | int (*i2d)(); | 65 | # include <sys/types.h> |
| 71 | EVP_MD *type; | 66 | #endif |
| 72 | char *data; | 67 | |
| 73 | unsigned char *md; | 68 | #include <openssl/evp.h> |
| 74 | unsigned int *len; | 69 | #include <openssl/buffer.h> |
| 70 | #include <openssl/x509.h> | ||
| 71 | |||
| 72 | #ifndef NO_ASN1_OLD | ||
| 73 | |||
| 74 | int ASN1_digest(int (*i2d)(), const EVP_MD *type, char *data, | ||
| 75 | unsigned char *md, unsigned int *len) | ||
| 75 | { | 76 | { |
| 76 | EVP_MD_CTX ctx; | ||
| 77 | int i; | 77 | int i; |
| 78 | unsigned char *str,*p; | 78 | unsigned char *str,*p; |
| 79 | 79 | ||
| 80 | i=i2d(data,NULL); | 80 | i=i2d(data,NULL); |
| 81 | if ((str=(unsigned char *)Malloc(i)) == NULL) return(0); | 81 | if ((str=(unsigned char *)OPENSSL_malloc(i)) == NULL) return(0); |
| 82 | p=str; | 82 | p=str; |
| 83 | i2d(data,&p); | 83 | i2d(data,&p); |
| 84 | 84 | ||
| 85 | EVP_DigestInit(&ctx,type); | 85 | EVP_Digest(str, i, md, len, type, NULL); |
| 86 | EVP_DigestUpdate(&ctx,str,i); | 86 | OPENSSL_free(str); |
| 87 | EVP_DigestFinal(&ctx,md,len); | 87 | return(1); |
| 88 | Free(str); | 88 | } |
| 89 | |||
| 90 | #endif | ||
| 91 | |||
| 92 | |||
| 93 | int ASN1_item_digest(const ASN1_ITEM *it, const EVP_MD *type, void *asn, | ||
| 94 | unsigned char *md, unsigned int *len) | ||
| 95 | { | ||
| 96 | int i; | ||
| 97 | unsigned char *str = NULL; | ||
| 98 | |||
| 99 | i=ASN1_item_i2d(asn,&str, it); | ||
| 100 | if (!str) return(0); | ||
| 101 | |||
| 102 | EVP_Digest(str, i, md, len, type, NULL); | ||
| 103 | OPENSSL_free(str); | ||
| 89 | return(1); | 104 | return(1); |
| 90 | } | 105 | } |
| 91 | 106 | ||
diff --git a/src/lib/libcrypto/asn1/a_dup.c b/src/lib/libcrypto/asn1/a_dup.c index 961b4cb069..58a017884c 100644 --- a/src/lib/libcrypto/asn1/a_dup.c +++ b/src/lib/libcrypto/asn1/a_dup.c | |||
| @@ -58,14 +58,11 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | #define READ_CHUNK 2048 | 63 | #ifndef NO_OLD_ASN1 |
| 64 | 64 | ||
| 65 | char *ASN1_dup(i2d,d2i,x) | 65 | char *ASN1_dup(int (*i2d)(), char *(*d2i)(), char *x) |
| 66 | int (*i2d)(); | ||
| 67 | char *(*d2i)(); | ||
| 68 | char *x; | ||
| 69 | { | 66 | { |
| 70 | unsigned char *b,*p; | 67 | unsigned char *b,*p; |
| 71 | long i; | 68 | long i; |
| @@ -74,13 +71,37 @@ char *x; | |||
| 74 | if (x == NULL) return(NULL); | 71 | if (x == NULL) return(NULL); |
| 75 | 72 | ||
| 76 | i=(long)i2d(x,NULL); | 73 | i=(long)i2d(x,NULL); |
| 77 | b=(unsigned char *)Malloc((unsigned int)i+10); | 74 | b=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); |
| 78 | if (b == NULL) | 75 | if (b == NULL) |
| 79 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } | 76 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } |
| 80 | p= b; | 77 | p= b; |
| 81 | i=i2d(x,&p); | 78 | i=i2d(x,&p); |
| 82 | p= b; | 79 | p= b; |
| 83 | ret=d2i(NULL,&p,i); | 80 | ret=d2i(NULL,&p,i); |
| 84 | Free((char *)b); | 81 | OPENSSL_free(b); |
| 82 | return(ret); | ||
| 83 | } | ||
| 84 | |||
| 85 | #endif | ||
| 86 | |||
| 87 | /* ASN1_ITEM version of dup: this follows the model above except we don't need | ||
| 88 | * to allocate the buffer. At some point this could be rewritten to directly dup | ||
| 89 | * the underlying structure instead of doing and encode and decode. | ||
| 90 | */ | ||
| 91 | |||
| 92 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x) | ||
| 93 | { | ||
| 94 | unsigned char *b = NULL, *p; | ||
| 95 | long i; | ||
| 96 | void *ret; | ||
| 97 | |||
| 98 | if (x == NULL) return(NULL); | ||
| 99 | |||
| 100 | i=ASN1_item_i2d(x,&b,it); | ||
| 101 | if (b == NULL) | ||
| 102 | { ASN1err(ASN1_F_ASN1_DUP,ERR_R_MALLOC_FAILURE); return(NULL); } | ||
| 103 | p= b; | ||
| 104 | ret=ASN1_item_d2i(NULL,&p,i, it); | ||
| 105 | OPENSSL_free(b); | ||
| 85 | return(ret); | 106 | return(ret); |
| 86 | } | 107 | } |
diff --git a/src/lib/libcrypto/asn1/a_enum.c b/src/lib/libcrypto/asn1/a_enum.c index 9239ecc439..ad8f0ffd1a 100644 --- a/src/lib/libcrypto/asn1/a_enum.c +++ b/src/lib/libcrypto/asn1/a_enum.c | |||
| @@ -65,162 +65,6 @@ | |||
| 65 | * for comments on encoding see a_int.c | 65 | * for comments on encoding see a_int.c |
| 66 | */ | 66 | */ |
| 67 | 67 | ||
| 68 | int i2d_ASN1_ENUMERATED(ASN1_ENUMERATED *a, unsigned char **pp) | ||
| 69 | { | ||
| 70 | int pad=0,ret,r,i,t; | ||
| 71 | unsigned char *p,*n,pb=0; | ||
| 72 | |||
| 73 | if ((a == NULL) || (a->data == NULL)) return(0); | ||
| 74 | t=a->type; | ||
| 75 | if (a->length == 0) | ||
| 76 | ret=1; | ||
| 77 | else | ||
| 78 | { | ||
| 79 | ret=a->length; | ||
| 80 | i=a->data[0]; | ||
| 81 | if ((t == V_ASN1_ENUMERATED) && (i > 127)) { | ||
| 82 | pad=1; | ||
| 83 | pb=0; | ||
| 84 | } else if(t == V_ASN1_NEG_ENUMERATED) { | ||
| 85 | if(i>128) { | ||
| 86 | pad=1; | ||
| 87 | pb=0xFF; | ||
| 88 | } else if(i == 128) { | ||
| 89 | for(i = 1; i < a->length; i++) if(a->data[i]) { | ||
| 90 | pad=1; | ||
| 91 | pb=0xFF; | ||
| 92 | break; | ||
| 93 | } | ||
| 94 | } | ||
| 95 | } | ||
| 96 | ret+=pad; | ||
| 97 | } | ||
| 98 | r=ASN1_object_size(0,ret,V_ASN1_ENUMERATED); | ||
| 99 | if (pp == NULL) return(r); | ||
| 100 | p= *pp; | ||
| 101 | |||
| 102 | ASN1_put_object(&p,0,ret,V_ASN1_ENUMERATED,V_ASN1_UNIVERSAL); | ||
| 103 | if (pad) *(p++)=pb; | ||
| 104 | if (a->length == 0) | ||
| 105 | *(p++)=0; | ||
| 106 | else if (t == V_ASN1_ENUMERATED) | ||
| 107 | { | ||
| 108 | memcpy(p,a->data,(unsigned int)a->length); | ||
| 109 | p+=a->length; | ||
| 110 | } | ||
| 111 | else { | ||
| 112 | /* Begin at the end of the encoding */ | ||
| 113 | n=a->data + a->length - 1; | ||
| 114 | p += a->length - 1; | ||
| 115 | i = a->length; | ||
| 116 | /* Copy zeros to destination as long as source is zero */ | ||
| 117 | while(!*n) { | ||
| 118 | *(p--) = 0; | ||
| 119 | n--; | ||
| 120 | i--; | ||
| 121 | } | ||
| 122 | /* Complement and increment next octet */ | ||
| 123 | *(p--) = ((*(n--)) ^ 0xff) + 1; | ||
| 124 | i--; | ||
| 125 | /* Complement any octets left */ | ||
| 126 | for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; | ||
| 127 | p += a->length; | ||
| 128 | } | ||
| 129 | |||
| 130 | *pp=p; | ||
| 131 | return(r); | ||
| 132 | } | ||
| 133 | |||
| 134 | ASN1_ENUMERATED *d2i_ASN1_ENUMERATED(ASN1_ENUMERATED **a, unsigned char **pp, | ||
| 135 | long length) | ||
| 136 | { | ||
| 137 | ASN1_ENUMERATED *ret=NULL; | ||
| 138 | unsigned char *p,*to,*s; | ||
| 139 | long len; | ||
| 140 | int inf,tag,xclass; | ||
| 141 | int i; | ||
| 142 | |||
| 143 | if ((a == NULL) || ((*a) == NULL)) | ||
| 144 | { | ||
| 145 | if ((ret=ASN1_ENUMERATED_new()) == NULL) return(NULL); | ||
| 146 | ret->type=V_ASN1_ENUMERATED; | ||
| 147 | } | ||
| 148 | else | ||
| 149 | ret=(*a); | ||
| 150 | |||
| 151 | p= *pp; | ||
| 152 | inf=ASN1_get_object(&p,&len,&tag,&xclass,length); | ||
| 153 | if (inf & 0x80) | ||
| 154 | { | ||
| 155 | i=ASN1_R_BAD_OBJECT_HEADER; | ||
| 156 | goto err; | ||
| 157 | } | ||
| 158 | |||
| 159 | if (tag != V_ASN1_ENUMERATED) | ||
| 160 | { | ||
| 161 | i=ASN1_R_EXPECTING_AN_ENUMERATED; | ||
| 162 | goto err; | ||
| 163 | } | ||
| 164 | |||
| 165 | /* We must Malloc stuff, even for 0 bytes otherwise it | ||
| 166 | * signifies a missing NULL parameter. */ | ||
| 167 | s=(unsigned char *)Malloc((int)len+1); | ||
| 168 | if (s == NULL) | ||
| 169 | { | ||
| 170 | i=ERR_R_MALLOC_FAILURE; | ||
| 171 | goto err; | ||
| 172 | } | ||
| 173 | to=s; | ||
| 174 | if (*p & 0x80) /* a negative number */ | ||
| 175 | { | ||
| 176 | ret->type=V_ASN1_NEG_ENUMERATED; | ||
| 177 | if ((*p == 0xff) && (len != 1)) { | ||
| 178 | p++; | ||
| 179 | len--; | ||
| 180 | } | ||
| 181 | i = len; | ||
| 182 | p += i - 1; | ||
| 183 | to += i - 1; | ||
| 184 | while((!*p) && i) { | ||
| 185 | *(to--) = 0; | ||
| 186 | i--; | ||
| 187 | p--; | ||
| 188 | } | ||
| 189 | if(!i) { | ||
| 190 | *s = 1; | ||
| 191 | s[len] = 0; | ||
| 192 | p += len; | ||
| 193 | len++; | ||
| 194 | } else { | ||
| 195 | *(to--) = (*(p--) ^ 0xff) + 1; | ||
| 196 | i--; | ||
| 197 | for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; | ||
| 198 | p += len; | ||
| 199 | } | ||
| 200 | } else { | ||
| 201 | ret->type=V_ASN1_ENUMERATED; | ||
| 202 | if ((*p == 0) && (len != 1)) | ||
| 203 | { | ||
| 204 | p++; | ||
| 205 | len--; | ||
| 206 | } | ||
| 207 | memcpy(s,p,(int)len); | ||
| 208 | p+=len; | ||
| 209 | } | ||
| 210 | |||
| 211 | if (ret->data != NULL) Free((char *)ret->data); | ||
| 212 | ret->data=s; | ||
| 213 | ret->length=(int)len; | ||
| 214 | if (a != NULL) (*a)=ret; | ||
| 215 | *pp=p; | ||
| 216 | return(ret); | ||
| 217 | err: | ||
| 218 | ASN1err(ASN1_F_D2I_ASN1_ENUMERATED,i); | ||
| 219 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | ||
| 220 | ASN1_ENUMERATED_free(ret); | ||
| 221 | return(NULL); | ||
| 222 | } | ||
| 223 | |||
| 224 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) | 68 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) |
| 225 | { | 69 | { |
| 226 | int i,j,k; | 70 | int i,j,k; |
| @@ -231,8 +75,8 @@ int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v) | |||
| 231 | if (a->length < (sizeof(long)+1)) | 75 | if (a->length < (sizeof(long)+1)) |
| 232 | { | 76 | { |
| 233 | if (a->data != NULL) | 77 | if (a->data != NULL) |
| 234 | Free((char *)a->data); | 78 | OPENSSL_free(a->data); |
| 235 | if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL) | 79 | if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) |
| 236 | memset((char *)a->data,0,sizeof(long)+1); | 80 | memset((char *)a->data,0,sizeof(long)+1); |
| 237 | } | 81 | } |
| 238 | if (a->data == NULL) | 82 | if (a->data == NULL) |
| @@ -270,7 +114,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) | |||
| 270 | if (i == V_ASN1_NEG_ENUMERATED) | 114 | if (i == V_ASN1_NEG_ENUMERATED) |
| 271 | neg=1; | 115 | neg=1; |
| 272 | else if (i != V_ASN1_ENUMERATED) | 116 | else if (i != V_ASN1_ENUMERATED) |
| 273 | return(0); | 117 | return -1; |
| 274 | 118 | ||
| 275 | if (a->length > sizeof(long)) | 119 | if (a->length > sizeof(long)) |
| 276 | { | 120 | { |
| @@ -278,7 +122,7 @@ long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a) | |||
| 278 | return(0xffffffffL); | 122 | return(0xffffffffL); |
| 279 | } | 123 | } |
| 280 | if (a->data == NULL) | 124 | if (a->data == NULL) |
| 281 | return(0); | 125 | return 0; |
| 282 | 126 | ||
| 283 | for (i=0; i<a->length; i++) | 127 | for (i=0; i<a->length; i++) |
| 284 | { | 128 | { |
| @@ -295,7 +139,7 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) | |||
| 295 | int len,j; | 139 | int len,j; |
| 296 | 140 | ||
| 297 | if (ai == NULL) | 141 | if (ai == NULL) |
| 298 | ret=ASN1_ENUMERATED_new(); | 142 | ret=M_ASN1_ENUMERATED_new(); |
| 299 | else | 143 | else |
| 300 | ret=ai; | 144 | ret=ai; |
| 301 | if (ret == NULL) | 145 | if (ret == NULL) |
| @@ -307,11 +151,21 @@ ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai) | |||
| 307 | else ret->type=V_ASN1_ENUMERATED; | 151 | else ret->type=V_ASN1_ENUMERATED; |
| 308 | j=BN_num_bits(bn); | 152 | j=BN_num_bits(bn); |
| 309 | len=((j == 0)?0:((j/8)+1)); | 153 | len=((j == 0)?0:((j/8)+1)); |
| 310 | ret->data=(unsigned char *)Malloc(len+4); | 154 | if (ret->length < len+4) |
| 155 | { | ||
| 156 | unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); | ||
| 157 | if (!new_data) | ||
| 158 | { | ||
| 159 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | ||
| 160 | goto err; | ||
| 161 | } | ||
| 162 | ret->data=new_data; | ||
| 163 | } | ||
| 164 | |||
| 311 | ret->length=BN_bn2bin(bn,ret->data); | 165 | ret->length=BN_bn2bin(bn,ret->data); |
| 312 | return(ret); | 166 | return(ret); |
| 313 | err: | 167 | err: |
| 314 | if (ret != ai) ASN1_ENUMERATED_free(ret); | 168 | if (ret != ai) M_ASN1_ENUMERATED_free(ret); |
| 315 | return(NULL); | 169 | return(NULL); |
| 316 | } | 170 | } |
| 317 | 171 | ||
| @@ -321,6 +175,6 @@ BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai, BIGNUM *bn) | |||
| 321 | 175 | ||
| 322 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) | 176 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) |
| 323 | ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); | 177 | ASN1err(ASN1_F_ASN1_ENUMERATED_TO_BN,ASN1_R_BN_LIB); |
| 324 | if(ai->type == V_ASN1_NEG_ENUMERATED) bn->neg = 1; | 178 | else if(ai->type == V_ASN1_NEG_ENUMERATED) ret->neg = 1; |
| 325 | return(ret); | 179 | return(ret); |
| 326 | } | 180 | } |
diff --git a/src/lib/libcrypto/asn1/a_i2d_fp.c b/src/lib/libcrypto/asn1/a_i2d_fp.c index 66c3df68d5..f4f1b73ebe 100644 --- a/src/lib/libcrypto/asn1/a_i2d_fp.c +++ b/src/lib/libcrypto/asn1/a_i2d_fp.c | |||
| @@ -58,14 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1.h> |
| 63 | 63 | ||
| 64 | #ifndef NO_FP_API | 64 | #ifndef NO_OLD_ASN1 |
| 65 | int ASN1_i2d_fp(i2d,out,x) | 65 | |
| 66 | int (*i2d)(); | 66 | #ifndef OPENSSL_NO_FP_API |
| 67 | FILE *out; | 67 | int ASN1_i2d_fp(int (*i2d)(), FILE *out, unsigned char *x) |
| 68 | unsigned char *x; | ||
| 69 | { | 68 | { |
| 70 | BIO *b; | 69 | BIO *b; |
| 71 | int ret; | 70 | int ret; |
| @@ -82,17 +81,14 @@ unsigned char *x; | |||
| 82 | } | 81 | } |
| 83 | #endif | 82 | #endif |
| 84 | 83 | ||
| 85 | int ASN1_i2d_bio(i2d,out,x) | 84 | int ASN1_i2d_bio(int (*i2d)(), BIO *out, unsigned char *x) |
| 86 | int (*i2d)(); | ||
| 87 | BIO *out; | ||
| 88 | unsigned char *x; | ||
| 89 | { | 85 | { |
| 90 | char *b; | 86 | char *b; |
| 91 | unsigned char *p; | 87 | unsigned char *p; |
| 92 | int i,j=0,n,ret=1; | 88 | int i,j=0,n,ret=1; |
| 93 | 89 | ||
| 94 | n=i2d(x,NULL); | 90 | n=i2d(x,NULL); |
| 95 | b=(char *)Malloc(n); | 91 | b=(char *)OPENSSL_malloc(n); |
| 96 | if (b == NULL) | 92 | if (b == NULL) |
| 97 | { | 93 | { |
| 98 | ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); | 94 | ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); |
| @@ -114,6 +110,54 @@ unsigned char *x; | |||
| 114 | j+=i; | 110 | j+=i; |
| 115 | n-=i; | 111 | n-=i; |
| 116 | } | 112 | } |
| 117 | Free((char *)b); | 113 | OPENSSL_free(b); |
| 114 | return(ret); | ||
| 115 | } | ||
| 116 | |||
| 117 | #endif | ||
| 118 | |||
| 119 | #ifndef OPENSSL_NO_FP_API | ||
| 120 | int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x) | ||
| 121 | { | ||
| 122 | BIO *b; | ||
| 123 | int ret; | ||
| 124 | |||
| 125 | if ((b=BIO_new(BIO_s_file())) == NULL) | ||
| 126 | { | ||
| 127 | ASN1err(ASN1_F_ASN1_I2D_FP,ERR_R_BUF_LIB); | ||
| 128 | return(0); | ||
| 129 | } | ||
| 130 | BIO_set_fp(b,out,BIO_NOCLOSE); | ||
| 131 | ret=ASN1_item_i2d_bio(it,b,x); | ||
| 132 | BIO_free(b); | ||
| 133 | return(ret); | ||
| 134 | } | ||
| 135 | #endif | ||
| 136 | |||
| 137 | int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x) | ||
| 138 | { | ||
| 139 | unsigned char *b = NULL; | ||
| 140 | int i,j=0,n,ret=1; | ||
| 141 | |||
| 142 | n = ASN1_item_i2d(x, &b, it); | ||
| 143 | if (b == NULL) | ||
| 144 | { | ||
| 145 | ASN1err(ASN1_F_ASN1_I2D_BIO,ERR_R_MALLOC_FAILURE); | ||
| 146 | return(0); | ||
| 147 | } | ||
| 148 | |||
| 149 | for (;;) | ||
| 150 | { | ||
| 151 | i=BIO_write(out,&(b[j]),n); | ||
| 152 | if (i == n) break; | ||
| 153 | if (i <= 0) | ||
| 154 | { | ||
| 155 | ret=0; | ||
| 156 | break; | ||
| 157 | } | ||
| 158 | j+=i; | ||
| 159 | n-=i; | ||
| 160 | } | ||
| 161 | OPENSSL_free(b); | ||
| 118 | return(ret); | 162 | return(ret); |
| 119 | } | 163 | } |
diff --git a/src/lib/libcrypto/asn1/a_int.c b/src/lib/libcrypto/asn1/a_int.c index df79cf99bb..edb243c021 100644 --- a/src/lib/libcrypto/asn1/a_int.c +++ b/src/lib/libcrypto/asn1/a_int.c | |||
| @@ -58,68 +58,197 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_D2I_ASN1_INTEGER,ASN1_R_EXPECTING_AN_INTEGER); | 63 | ASN1_INTEGER *ASN1_INTEGER_dup(ASN1_INTEGER *x) |
| 64 | { return M_ASN1_INTEGER_dup(x);} | ||
| 65 | |||
| 66 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y) | ||
| 67 | { return M_ASN1_INTEGER_cmp(x,y);} | ||
| 68 | |||
| 69 | /* | ||
| 70 | * This converts an ASN1 INTEGER into its content encoding. | ||
| 71 | * The internal representation is an ASN1_STRING whose data is a big endian | ||
| 72 | * representation of the value, ignoring the sign. The sign is determined by | ||
| 73 | * the type: V_ASN1_INTEGER for positive and V_ASN1_NEG_INTEGER for negative. | ||
| 74 | * | ||
| 75 | * Positive integers are no problem: they are almost the same as the DER | ||
| 76 | * encoding, except if the first byte is >= 0x80 we need to add a zero pad. | ||
| 77 | * | ||
| 78 | * Negative integers are a bit trickier... | ||
| 79 | * The DER representation of negative integers is in 2s complement form. | ||
| 80 | * The internal form is converted by complementing each octet and finally | ||
| 81 | * adding one to the result. This can be done less messily with a little trick. | ||
| 82 | * If the internal form has trailing zeroes then they will become FF by the | ||
| 83 | * complement and 0 by the add one (due to carry) so just copy as many trailing | ||
| 84 | * zeros to the destination as there are in the source. The carry will add one | ||
| 85 | * to the last none zero octet: so complement this octet and add one and finally | ||
| 86 | * complement any left over until you get to the start of the string. | ||
| 87 | * | ||
| 88 | * Padding is a little trickier too. If the first bytes is > 0x80 then we pad | ||
| 89 | * with 0xff. However if the first byte is 0x80 and one of the following bytes | ||
| 90 | * is non-zero we pad with 0xff. The reason for this distinction is that 0x80 | ||
| 91 | * followed by optional zeros isn't padded. | ||
| 64 | */ | 92 | */ |
| 65 | 93 | ||
| 66 | int i2d_ASN1_INTEGER(a,pp) | 94 | int i2c_ASN1_INTEGER(ASN1_INTEGER *a, unsigned char **pp) |
| 67 | ASN1_INTEGER *a; | ||
| 68 | unsigned char **pp; | ||
| 69 | { | 95 | { |
| 70 | int pad=0,ret,r,i,t; | 96 | int pad=0,ret,i,neg; |
| 71 | unsigned char *p,*pt,*n,pb=0; | 97 | unsigned char *p,*n,pb=0; |
| 72 | 98 | ||
| 73 | if ((a == NULL) || (a->data == NULL)) return(0); | 99 | if ((a == NULL) || (a->data == NULL)) return(0); |
| 74 | t=a->type; | 100 | neg=a->type & V_ASN1_NEG; |
| 75 | if (a->length == 0) | 101 | if (a->length == 0) |
| 76 | ret=1; | 102 | ret=1; |
| 77 | else | 103 | else |
| 78 | { | 104 | { |
| 79 | ret=a->length; | 105 | ret=a->length; |
| 80 | i=a->data[0]; | 106 | i=a->data[0]; |
| 81 | if ((t == V_ASN1_INTEGER) && (i > 127)) | 107 | if (!neg && (i > 127)) { |
| 82 | { | ||
| 83 | pad=1; | 108 | pad=1; |
| 84 | pb=0; | 109 | pb=0; |
| 110 | } else if(neg) { | ||
| 111 | if(i>128) { | ||
| 112 | pad=1; | ||
| 113 | pb=0xFF; | ||
| 114 | } else if(i == 128) { | ||
| 115 | /* | ||
| 116 | * Special case: if any other bytes non zero we pad: | ||
| 117 | * otherwise we don't. | ||
| 118 | */ | ||
| 119 | for(i = 1; i < a->length; i++) if(a->data[i]) { | ||
| 120 | pad=1; | ||
| 121 | pb=0xFF; | ||
| 122 | break; | ||
| 123 | } | ||
| 85 | } | 124 | } |
| 86 | else if ((t == V_ASN1_NEG_INTEGER) && (i>128)) | 125 | } |
| 87 | { | ||
| 88 | pad=1; | ||
| 89 | pb=0xFF; | ||
| 90 | } | ||
| 91 | ret+=pad; | 126 | ret+=pad; |
| 92 | } | 127 | } |
| 93 | r=ASN1_object_size(0,ret,V_ASN1_INTEGER); | 128 | if (pp == NULL) return(ret); |
| 94 | if (pp == NULL) return(r); | ||
| 95 | p= *pp; | 129 | p= *pp; |
| 96 | 130 | ||
| 97 | ASN1_put_object(&p,0,ret,V_ASN1_INTEGER,V_ASN1_UNIVERSAL); | ||
| 98 | if (pad) *(p++)=pb; | 131 | if (pad) *(p++)=pb; |
| 99 | if (a->length == 0) | 132 | if (a->length == 0) *(p++)=0; |
| 100 | *(p++)=0; | 133 | else if (!neg) memcpy(p,a->data,(unsigned int)a->length); |
| 101 | else if (t == V_ASN1_INTEGER) | 134 | else { |
| 135 | /* Begin at the end of the encoding */ | ||
| 136 | n=a->data + a->length - 1; | ||
| 137 | p += a->length - 1; | ||
| 138 | i = a->length; | ||
| 139 | /* Copy zeros to destination as long as source is zero */ | ||
| 140 | while(!*n) { | ||
| 141 | *(p--) = 0; | ||
| 142 | n--; | ||
| 143 | i--; | ||
| 144 | } | ||
| 145 | /* Complement and increment next octet */ | ||
| 146 | *(p--) = ((*(n--)) ^ 0xff) + 1; | ||
| 147 | i--; | ||
| 148 | /* Complement any octets left */ | ||
| 149 | for(;i > 0; i--) *(p--) = *(n--) ^ 0xff; | ||
| 150 | } | ||
| 151 | |||
| 152 | *pp+=ret; | ||
| 153 | return(ret); | ||
| 154 | } | ||
| 155 | |||
| 156 | /* Convert just ASN1 INTEGER content octets to ASN1_INTEGER structure */ | ||
| 157 | |||
| 158 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a, unsigned char **pp, | ||
| 159 | long len) | ||
| 160 | { | ||
| 161 | ASN1_INTEGER *ret=NULL; | ||
| 162 | unsigned char *p,*to,*s, *pend; | ||
| 163 | int i; | ||
| 164 | |||
| 165 | if ((a == NULL) || ((*a) == NULL)) | ||
| 102 | { | 166 | { |
| 103 | memcpy(p,a->data,(unsigned int)a->length); | 167 | if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); |
| 104 | p+=a->length; | 168 | ret->type=V_ASN1_INTEGER; |
| 105 | } | 169 | } |
| 106 | else | 170 | else |
| 171 | ret=(*a); | ||
| 172 | |||
| 173 | p= *pp; | ||
| 174 | pend = p + len; | ||
| 175 | |||
| 176 | /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it | ||
| 177 | * signifies a missing NULL parameter. */ | ||
| 178 | s=(unsigned char *)OPENSSL_malloc((int)len+1); | ||
| 179 | if (s == NULL) | ||
| 107 | { | 180 | { |
| 108 | n=a->data; | 181 | i=ERR_R_MALLOC_FAILURE; |
| 109 | pt=p; | 182 | goto err; |
| 110 | for (i=a->length; i>0; i--) | ||
| 111 | *(p++)= (*(n++)^0xFF)+1; | ||
| 112 | if (!pad) *pt|=0x80; | ||
| 113 | } | 183 | } |
| 184 | to=s; | ||
| 185 | if(!len) { | ||
| 186 | /* Strictly speaking this is an illegal INTEGER but we | ||
| 187 | * tolerate it. | ||
| 188 | */ | ||
| 189 | ret->type=V_ASN1_INTEGER; | ||
| 190 | } else if (*p & 0x80) /* a negative number */ | ||
| 191 | { | ||
| 192 | ret->type=V_ASN1_NEG_INTEGER; | ||
| 193 | if ((*p == 0xff) && (len != 1)) { | ||
| 194 | p++; | ||
| 195 | len--; | ||
| 196 | } | ||
| 197 | i = len; | ||
| 198 | p += i - 1; | ||
| 199 | to += i - 1; | ||
| 200 | while((!*p) && i) { | ||
| 201 | *(to--) = 0; | ||
| 202 | i--; | ||
| 203 | p--; | ||
| 204 | } | ||
| 205 | /* Special case: if all zeros then the number will be of | ||
| 206 | * the form FF followed by n zero bytes: this corresponds to | ||
| 207 | * 1 followed by n zero bytes. We've already written n zeros | ||
| 208 | * so we just append an extra one and set the first byte to | ||
| 209 | * a 1. This is treated separately because it is the only case | ||
| 210 | * where the number of bytes is larger than len. | ||
| 211 | */ | ||
| 212 | if(!i) { | ||
| 213 | *s = 1; | ||
| 214 | s[len] = 0; | ||
| 215 | len++; | ||
| 216 | } else { | ||
| 217 | *(to--) = (*(p--) ^ 0xff) + 1; | ||
| 218 | i--; | ||
| 219 | for(;i > 0; i--) *(to--) = *(p--) ^ 0xff; | ||
| 220 | } | ||
| 221 | } else { | ||
| 222 | ret->type=V_ASN1_INTEGER; | ||
| 223 | if ((*p == 0) && (len != 1)) | ||
| 224 | { | ||
| 225 | p++; | ||
| 226 | len--; | ||
| 227 | } | ||
| 228 | memcpy(s,p,(int)len); | ||
| 229 | } | ||
| 114 | 230 | ||
| 115 | *pp=p; | 231 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 116 | return(r); | 232 | ret->data=s; |
| 233 | ret->length=(int)len; | ||
| 234 | if (a != NULL) (*a)=ret; | ||
| 235 | *pp=pend; | ||
| 236 | return(ret); | ||
| 237 | err: | ||
| 238 | ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); | ||
| 239 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | ||
| 240 | M_ASN1_INTEGER_free(ret); | ||
| 241 | return(NULL); | ||
| 117 | } | 242 | } |
| 118 | 243 | ||
| 119 | ASN1_INTEGER *d2i_ASN1_INTEGER(a, pp, length) | 244 | |
| 120 | ASN1_INTEGER **a; | 245 | /* This is a version of d2i_ASN1_INTEGER that ignores the sign bit of |
| 121 | unsigned char **pp; | 246 | * ASN1 integers: some broken software can encode a positive INTEGER |
| 122 | long length; | 247 | * with its MSB set as negative (it doesn't add a padding zero). |
| 248 | */ | ||
| 249 | |||
| 250 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a, unsigned char **pp, | ||
| 251 | long length) | ||
| 123 | { | 252 | { |
| 124 | ASN1_INTEGER *ret=NULL; | 253 | ASN1_INTEGER *ret=NULL; |
| 125 | unsigned char *p,*to,*s; | 254 | unsigned char *p,*to,*s; |
| @@ -129,7 +258,7 @@ long length; | |||
| 129 | 258 | ||
| 130 | if ((a == NULL) || ((*a) == NULL)) | 259 | if ((a == NULL) || ((*a) == NULL)) |
| 131 | { | 260 | { |
| 132 | if ((ret=ASN1_INTEGER_new()) == NULL) return(NULL); | 261 | if ((ret=M_ASN1_INTEGER_new()) == NULL) return(NULL); |
| 133 | ret->type=V_ASN1_INTEGER; | 262 | ret->type=V_ASN1_INTEGER; |
| 134 | } | 263 | } |
| 135 | else | 264 | else |
| @@ -149,29 +278,17 @@ long length; | |||
| 149 | goto err; | 278 | goto err; |
| 150 | } | 279 | } |
| 151 | 280 | ||
| 152 | /* We must Malloc stuff, even for 0 bytes otherwise it | 281 | /* We must OPENSSL_malloc stuff, even for 0 bytes otherwise it |
| 153 | * signifies a missing NULL parameter. */ | 282 | * signifies a missing NULL parameter. */ |
| 154 | s=(unsigned char *)Malloc((int)len+1); | 283 | s=(unsigned char *)OPENSSL_malloc((int)len+1); |
| 155 | if (s == NULL) | 284 | if (s == NULL) |
| 156 | { | 285 | { |
| 157 | i=ERR_R_MALLOC_FAILURE; | 286 | i=ERR_R_MALLOC_FAILURE; |
| 158 | goto err; | 287 | goto err; |
| 159 | } | 288 | } |
| 160 | to=s; | 289 | to=s; |
| 161 | if (*p & 0x80) /* a negative number */ | 290 | ret->type=V_ASN1_INTEGER; |
| 162 | { | 291 | if(len) { |
| 163 | ret->type=V_ASN1_NEG_INTEGER; | ||
| 164 | if (*p == 0xff) | ||
| 165 | { | ||
| 166 | p++; | ||
| 167 | len--; | ||
| 168 | } | ||
| 169 | for (i=(int)len; i>0; i--) | ||
| 170 | *(to++)= (*(p++)^0xFF)+1; | ||
| 171 | } | ||
| 172 | else | ||
| 173 | { | ||
| 174 | ret->type=V_ASN1_INTEGER; | ||
| 175 | if ((*p == 0) && (len != 1)) | 292 | if ((*p == 0) && (len != 1)) |
| 176 | { | 293 | { |
| 177 | p++; | 294 | p++; |
| @@ -179,24 +296,22 @@ long length; | |||
| 179 | } | 296 | } |
| 180 | memcpy(s,p,(int)len); | 297 | memcpy(s,p,(int)len); |
| 181 | p+=len; | 298 | p+=len; |
| 182 | } | 299 | } |
| 183 | 300 | ||
| 184 | if (ret->data != NULL) Free((char *)ret->data); | 301 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 185 | ret->data=s; | 302 | ret->data=s; |
| 186 | ret->length=(int)len; | 303 | ret->length=(int)len; |
| 187 | if (a != NULL) (*a)=ret; | 304 | if (a != NULL) (*a)=ret; |
| 188 | *pp=p; | 305 | *pp=p; |
| 189 | return(ret); | 306 | return(ret); |
| 190 | err: | 307 | err: |
| 191 | ASN1err(ASN1_F_D2I_ASN1_INTEGER,i); | 308 | ASN1err(ASN1_F_D2I_ASN1_UINTEGER,i); |
| 192 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | 309 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 193 | ASN1_INTEGER_free(ret); | 310 | M_ASN1_INTEGER_free(ret); |
| 194 | return(NULL); | 311 | return(NULL); |
| 195 | } | 312 | } |
| 196 | 313 | ||
| 197 | int ASN1_INTEGER_set(a,v) | 314 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v) |
| 198 | ASN1_INTEGER *a; | ||
| 199 | long v; | ||
| 200 | { | 315 | { |
| 201 | int i,j,k; | 316 | int i,j,k; |
| 202 | unsigned char buf[sizeof(long)+1]; | 317 | unsigned char buf[sizeof(long)+1]; |
| @@ -206,8 +321,8 @@ long v; | |||
| 206 | if (a->length < (sizeof(long)+1)) | 321 | if (a->length < (sizeof(long)+1)) |
| 207 | { | 322 | { |
| 208 | if (a->data != NULL) | 323 | if (a->data != NULL) |
| 209 | Free((char *)a->data); | 324 | OPENSSL_free(a->data); |
| 210 | if ((a->data=(unsigned char *)Malloc(sizeof(long)+1)) != NULL) | 325 | if ((a->data=(unsigned char *)OPENSSL_malloc(sizeof(long)+1)) != NULL) |
| 211 | memset((char *)a->data,0,sizeof(long)+1); | 326 | memset((char *)a->data,0,sizeof(long)+1); |
| 212 | } | 327 | } |
| 213 | if (a->data == NULL) | 328 | if (a->data == NULL) |
| @@ -229,15 +344,13 @@ long v; | |||
| 229 | d>>=8; | 344 | d>>=8; |
| 230 | } | 345 | } |
| 231 | j=0; | 346 | j=0; |
| 232 | if (v < 0) a->data[j++]=0; | ||
| 233 | for (k=i-1; k >=0; k--) | 347 | for (k=i-1; k >=0; k--) |
| 234 | a->data[j++]=buf[k]; | 348 | a->data[j++]=buf[k]; |
| 235 | a->length=j; | 349 | a->length=j; |
| 236 | return(1); | 350 | return(1); |
| 237 | } | 351 | } |
| 238 | 352 | ||
| 239 | long ASN1_INTEGER_get(a) | 353 | long ASN1_INTEGER_get(ASN1_INTEGER *a) |
| 240 | ASN1_INTEGER *a; | ||
| 241 | { | 354 | { |
| 242 | int neg=0,i; | 355 | int neg=0,i; |
| 243 | long r=0; | 356 | long r=0; |
| @@ -247,7 +360,7 @@ ASN1_INTEGER *a; | |||
| 247 | if (i == V_ASN1_NEG_INTEGER) | 360 | if (i == V_ASN1_NEG_INTEGER) |
| 248 | neg=1; | 361 | neg=1; |
| 249 | else if (i != V_ASN1_INTEGER) | 362 | else if (i != V_ASN1_INTEGER) |
| 250 | return(0); | 363 | return -1; |
| 251 | 364 | ||
| 252 | if (a->length > sizeof(long)) | 365 | if (a->length > sizeof(long)) |
| 253 | { | 366 | { |
| @@ -255,7 +368,7 @@ ASN1_INTEGER *a; | |||
| 255 | return(0xffffffffL); | 368 | return(0xffffffffL); |
| 256 | } | 369 | } |
| 257 | if (a->data == NULL) | 370 | if (a->data == NULL) |
| 258 | return(0); | 371 | return 0; |
| 259 | 372 | ||
| 260 | for (i=0; i<a->length; i++) | 373 | for (i=0; i<a->length; i++) |
| 261 | { | 374 | { |
| @@ -266,40 +379,56 @@ ASN1_INTEGER *a; | |||
| 266 | return(r); | 379 | return(r); |
| 267 | } | 380 | } |
| 268 | 381 | ||
| 269 | ASN1_INTEGER *BN_to_ASN1_INTEGER(bn,ai) | 382 | ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai) |
| 270 | BIGNUM *bn; | ||
| 271 | ASN1_INTEGER *ai; | ||
| 272 | { | 383 | { |
| 273 | ASN1_INTEGER *ret; | 384 | ASN1_INTEGER *ret; |
| 274 | int len,j; | 385 | int len,j; |
| 275 | 386 | ||
| 276 | if (ai == NULL) | 387 | if (ai == NULL) |
| 277 | ret=ASN1_INTEGER_new(); | 388 | ret=M_ASN1_INTEGER_new(); |
| 278 | else | 389 | else |
| 279 | ret=ai; | 390 | ret=ai; |
| 280 | if (ret == NULL) | 391 | if (ret == NULL) |
| 281 | { | 392 | { |
| 282 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ASN1_R_ERROR_STACK); | 393 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_NESTED_ASN1_ERROR); |
| 283 | goto err; | 394 | goto err; |
| 284 | } | 395 | } |
| 285 | ret->type=V_ASN1_INTEGER; | 396 | if(bn->neg) ret->type = V_ASN1_NEG_INTEGER; |
| 397 | else ret->type=V_ASN1_INTEGER; | ||
| 286 | j=BN_num_bits(bn); | 398 | j=BN_num_bits(bn); |
| 287 | len=((j == 0)?0:((j/8)+1)); | 399 | len=((j == 0)?0:((j/8)+1)); |
| 288 | ret->data=(unsigned char *)Malloc(len+4); | 400 | if (ret->length < len+4) |
| 401 | { | ||
| 402 | unsigned char *new_data=OPENSSL_realloc(ret->data, len+4); | ||
| 403 | if (!new_data) | ||
| 404 | { | ||
| 405 | ASN1err(ASN1_F_BN_TO_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | ||
| 406 | goto err; | ||
| 407 | } | ||
| 408 | ret->data=new_data; | ||
| 409 | } | ||
| 289 | ret->length=BN_bn2bin(bn,ret->data); | 410 | ret->length=BN_bn2bin(bn,ret->data); |
| 411 | /* Correct zero case */ | ||
| 412 | if(!ret->length) | ||
| 413 | { | ||
| 414 | ret->data[0] = 0; | ||
| 415 | ret->length = 1; | ||
| 416 | } | ||
| 290 | return(ret); | 417 | return(ret); |
| 291 | err: | 418 | err: |
| 292 | if (ret != ai) ASN1_INTEGER_free(ret); | 419 | if (ret != ai) M_ASN1_INTEGER_free(ret); |
| 293 | return(NULL); | 420 | return(NULL); |
| 294 | } | 421 | } |
| 295 | 422 | ||
| 296 | BIGNUM *ASN1_INTEGER_to_BN(ai,bn) | 423 | BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai, BIGNUM *bn) |
| 297 | ASN1_INTEGER *ai; | ||
| 298 | BIGNUM *bn; | ||
| 299 | { | 424 | { |
| 300 | BIGNUM *ret; | 425 | BIGNUM *ret; |
| 301 | 426 | ||
| 302 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) | 427 | if ((ret=BN_bin2bn(ai->data,ai->length,bn)) == NULL) |
| 303 | ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); | 428 | ASN1err(ASN1_F_ASN1_INTEGER_TO_BN,ASN1_R_BN_LIB); |
| 429 | else if(ai->type == V_ASN1_NEG_INTEGER) ret->neg = 1; | ||
| 304 | return(ret); | 430 | return(ret); |
| 305 | } | 431 | } |
| 432 | |||
| 433 | IMPLEMENT_STACK_OF(ASN1_INTEGER) | ||
| 434 | IMPLEMENT_ASN1_SET_OF(ASN1_INTEGER) | ||
diff --git a/src/lib/libcrypto/asn1/a_mbstr.c b/src/lib/libcrypto/asn1/a_mbstr.c index 7a710d5459..5d981c6553 100644 --- a/src/lib/libcrypto/asn1/a_mbstr.c +++ b/src/lib/libcrypto/asn1/a_mbstr.c | |||
| @@ -92,6 +92,7 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 92 | { | 92 | { |
| 93 | int str_type; | 93 | int str_type; |
| 94 | int ret; | 94 | int ret; |
| 95 | char free_out; | ||
| 95 | int outform, outlen; | 96 | int outform, outlen; |
| 96 | ASN1_STRING *dest; | 97 | ASN1_STRING *dest; |
| 97 | unsigned char *p; | 98 | unsigned char *p; |
| @@ -180,14 +181,16 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 180 | } | 181 | } |
| 181 | if(!out) return str_type; | 182 | if(!out) return str_type; |
| 182 | if(*out) { | 183 | if(*out) { |
| 184 | free_out = 0; | ||
| 183 | dest = *out; | 185 | dest = *out; |
| 184 | if(dest->data) { | 186 | if(dest->data) { |
| 185 | dest->length = 0; | 187 | dest->length = 0; |
| 186 | Free(dest->data); | 188 | OPENSSL_free(dest->data); |
| 187 | dest->data = NULL; | 189 | dest->data = NULL; |
| 188 | } | 190 | } |
| 189 | dest->type = str_type; | 191 | dest->type = str_type; |
| 190 | } else { | 192 | } else { |
| 193 | free_out = 1; | ||
| 191 | dest = ASN1_STRING_type_new(str_type); | 194 | dest = ASN1_STRING_type_new(str_type); |
| 192 | if(!dest) { | 195 | if(!dest) { |
| 193 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, | 196 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY, |
| @@ -228,8 +231,8 @@ int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, | |||
| 228 | cpyfunc = cpy_utf8; | 231 | cpyfunc = cpy_utf8; |
| 229 | break; | 232 | break; |
| 230 | } | 233 | } |
| 231 | if(!(p = Malloc(outlen + 1))) { | 234 | if(!(p = OPENSSL_malloc(outlen + 1))) { |
| 232 | ASN1_STRING_free(dest); | 235 | if(free_out) ASN1_STRING_free(dest); |
| 233 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); | 236 | ASN1err(ASN1_F_ASN1_MBSTRING_COPY,ERR_R_MALLOC_FAILURE); |
| 234 | return -1; | 237 | return -1; |
| 235 | } | 238 | } |
| @@ -258,8 +261,8 @@ static int traverse_string(const unsigned char *p, int len, int inform, | |||
| 258 | value |= *p++; | 261 | value |= *p++; |
| 259 | len -= 2; | 262 | len -= 2; |
| 260 | } else if(inform == MBSTRING_UNIV) { | 263 | } else if(inform == MBSTRING_UNIV) { |
| 261 | value = *p++ << 24; | 264 | value = ((unsigned long)*p++) << 24; |
| 262 | value |= *p++ << 16; | 265 | value |= ((unsigned long)*p++) << 16; |
| 263 | value |= *p++ << 8; | 266 | value |= *p++ << 8; |
| 264 | value |= *p++; | 267 | value |= *p++; |
| 265 | len -= 4; | 268 | len -= 4; |
| @@ -382,9 +385,16 @@ static int is_printable(unsigned long value) | |||
| 382 | /* Note: we can't use 'isalnum' because certain accented | 385 | /* Note: we can't use 'isalnum' because certain accented |
| 383 | * characters may count as alphanumeric in some environments. | 386 | * characters may count as alphanumeric in some environments. |
| 384 | */ | 387 | */ |
| 388 | #ifndef CHARSET_EBCDIC | ||
| 385 | if((ch >= 'a') && (ch <= 'z')) return 1; | 389 | if((ch >= 'a') && (ch <= 'z')) return 1; |
| 386 | if((ch >= 'A') && (ch <= 'Z')) return 1; | 390 | if((ch >= 'A') && (ch <= 'Z')) return 1; |
| 387 | if((ch >= '0') && (ch <= '9')) return 1; | 391 | if((ch >= '0') && (ch <= '9')) return 1; |
| 388 | if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; | 392 | if ((ch == ' ') || strchr("'()+,-./:=?", ch)) return 1; |
| 393 | #else /*CHARSET_EBCDIC*/ | ||
| 394 | if((ch >= os_toascii['a']) && (ch <= os_toascii['z'])) return 1; | ||
| 395 | if((ch >= os_toascii['A']) && (ch <= os_toascii['Z'])) return 1; | ||
| 396 | if((ch >= os_toascii['0']) && (ch <= os_toascii['9'])) return 1; | ||
| 397 | if ((ch == os_toascii[' ']) || strchr("'()+,-./:=?", os_toebcdic[ch])) return 1; | ||
| 398 | #endif /*CHARSET_EBCDIC*/ | ||
| 389 | return 0; | 399 | return 0; |
| 390 | } | 400 | } |
diff --git a/src/lib/libcrypto/asn1/a_object.c b/src/lib/libcrypto/asn1/a_object.c index 5a7eeef8d8..71ce7c3896 100644 --- a/src/lib/libcrypto/asn1/a_object.c +++ b/src/lib/libcrypto/asn1/a_object.c | |||
| @@ -58,25 +58,19 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "asn1.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | 64 | ||
| 65 | /* ASN1err(ASN1_F_ASN1_OBJECT_NEW,ASN1_R_EXPECTING_AN_OBJECT); | 65 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a, unsigned char **pp) |
| 66 | * ASN1err(ASN1_F_D2I_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); | ||
| 67 | * ASN1err(ASN1_F_I2T_ASN1_OBJECT,ASN1_R_BAD_OBJECT_HEADER); | ||
| 68 | */ | ||
| 69 | |||
| 70 | int i2d_ASN1_OBJECT(a, pp) | ||
| 71 | ASN1_OBJECT *a; | ||
| 72 | unsigned char **pp; | ||
| 73 | { | 66 | { |
| 74 | unsigned char *p; | 67 | unsigned char *p; |
| 68 | int objsize; | ||
| 75 | 69 | ||
| 76 | if ((a == NULL) || (a->data == NULL)) return(0); | 70 | if ((a == NULL) || (a->data == NULL)) return(0); |
| 77 | 71 | ||
| 78 | if (pp == NULL) | 72 | objsize = ASN1_object_size(0,a->length,V_ASN1_OBJECT); |
| 79 | return(ASN1_object_size(0,a->length,V_ASN1_OBJECT)); | 73 | if (pp == NULL) return objsize; |
| 80 | 74 | ||
| 81 | p= *pp; | 75 | p= *pp; |
| 82 | ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); | 76 | ASN1_put_object(&p,0,a->length,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); |
| @@ -84,17 +78,14 @@ unsigned char **pp; | |||
| 84 | p+=a->length; | 78 | p+=a->length; |
| 85 | 79 | ||
| 86 | *pp=p; | 80 | *pp=p; |
| 87 | return(a->length); | 81 | return(objsize); |
| 88 | } | 82 | } |
| 89 | 83 | ||
| 90 | int a2d_ASN1_OBJECT(out,olen,buf,num) | 84 | int a2d_ASN1_OBJECT(unsigned char *out, int olen, const char *buf, int num) |
| 91 | unsigned char *out; | ||
| 92 | int olen; | ||
| 93 | char *buf; | ||
| 94 | int num; | ||
| 95 | { | 85 | { |
| 96 | int i,first,len=0,c; | 86 | int i,first,len=0,c; |
| 97 | char tmp[24],*p; | 87 | char tmp[24]; |
| 88 | const char *p; | ||
| 98 | unsigned long l; | 89 | unsigned long l; |
| 99 | 90 | ||
| 100 | if (num == 0) | 91 | if (num == 0) |
| @@ -180,85 +171,12 @@ err: | |||
| 180 | return(0); | 171 | return(0); |
| 181 | } | 172 | } |
| 182 | 173 | ||
| 183 | int i2t_ASN1_OBJECT(buf,buf_len,a) | 174 | int i2t_ASN1_OBJECT(char *buf, int buf_len, ASN1_OBJECT *a) |
| 184 | char *buf; | 175 | { |
| 185 | int buf_len; | 176 | return OBJ_obj2txt(buf, buf_len, a, 0); |
| 186 | ASN1_OBJECT *a; | 177 | } |
| 187 | { | ||
| 188 | int i,idx=0,n=0,len,nid; | ||
| 189 | unsigned long l; | ||
| 190 | unsigned char *p; | ||
| 191 | char *s; | ||
| 192 | char tbuf[32]; | ||
| 193 | |||
| 194 | if (buf_len <= 0) return(0); | ||
| 195 | |||
| 196 | if ((a == NULL) || (a->data == NULL)) | ||
| 197 | { | ||
| 198 | buf[0]='\0'; | ||
| 199 | return(0); | ||
| 200 | } | ||
| 201 | |||
| 202 | nid=OBJ_obj2nid(a); | ||
| 203 | if (nid == NID_undef) | ||
| 204 | { | ||
| 205 | len=a->length; | ||
| 206 | p=a->data; | ||
| 207 | 178 | ||
| 208 | idx=0; | 179 | int i2a_ASN1_OBJECT(BIO *bp, ASN1_OBJECT *a) |
| 209 | l=0; | ||
| 210 | while (idx < a->length) | ||
| 211 | { | ||
| 212 | l|=(p[idx]&0x7f); | ||
| 213 | if (!(p[idx] & 0x80)) break; | ||
| 214 | l<<=7L; | ||
| 215 | idx++; | ||
| 216 | } | ||
| 217 | idx++; | ||
| 218 | i=(int)(l/40); | ||
| 219 | if (i > 2) i=2; | ||
| 220 | l-=(long)(i*40); | ||
| 221 | |||
| 222 | sprintf(tbuf,"%d.%ld",i,l); | ||
| 223 | i=strlen(tbuf); | ||
| 224 | strncpy(buf,tbuf,buf_len); | ||
| 225 | buf_len-=i; | ||
| 226 | buf+=i; | ||
| 227 | n+=i; | ||
| 228 | |||
| 229 | l=0; | ||
| 230 | for (; idx<len; idx++) | ||
| 231 | { | ||
| 232 | l|=p[idx]&0x7f; | ||
| 233 | if (!(p[idx] & 0x80)) | ||
| 234 | { | ||
| 235 | sprintf(tbuf,".%ld",l); | ||
| 236 | i=strlen(tbuf); | ||
| 237 | if (buf_len > 0) | ||
| 238 | strncpy(buf,tbuf,buf_len); | ||
| 239 | buf_len-=i; | ||
| 240 | buf+=i; | ||
| 241 | n+=i; | ||
| 242 | l=0; | ||
| 243 | } | ||
| 244 | l<<=7L; | ||
| 245 | } | ||
| 246 | } | ||
| 247 | else | ||
| 248 | { | ||
| 249 | s=(char *)OBJ_nid2ln(nid); | ||
| 250 | if (s == NULL) | ||
| 251 | s=(char *)OBJ_nid2sn(nid); | ||
| 252 | strncpy(buf,s,buf_len); | ||
| 253 | n=strlen(s); | ||
| 254 | } | ||
| 255 | buf[buf_len-1]='\0'; | ||
| 256 | return(n); | ||
| 257 | } | ||
| 258 | |||
| 259 | int i2a_ASN1_OBJECT(bp,a) | ||
| 260 | BIO *bp; | ||
| 261 | ASN1_OBJECT *a; | ||
| 262 | { | 180 | { |
| 263 | char buf[80]; | 181 | char buf[80]; |
| 264 | int i; | 182 | int i; |
| @@ -271,28 +189,15 @@ ASN1_OBJECT *a; | |||
| 271 | return(i); | 189 | return(i); |
| 272 | } | 190 | } |
| 273 | 191 | ||
| 274 | ASN1_OBJECT *d2i_ASN1_OBJECT(a, pp, length) | 192 | ASN1_OBJECT *d2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, |
| 275 | ASN1_OBJECT **a; | 193 | long length) |
| 276 | unsigned char **pp; | 194 | { |
| 277 | long length; | ||
| 278 | { | ||
| 279 | ASN1_OBJECT *ret=NULL; | ||
| 280 | unsigned char *p; | 195 | unsigned char *p; |
| 281 | long len; | 196 | long len; |
| 282 | int tag,xclass; | 197 | int tag,xclass; |
| 283 | int inf,i; | 198 | int inf,i; |
| 284 | 199 | ASN1_OBJECT *ret = NULL; | |
| 285 | /* only the ASN1_OBJECTs from the 'table' will have values | ||
| 286 | * for ->sn or ->ln */ | ||
| 287 | if ((a == NULL) || ((*a) == NULL) || | ||
| 288 | !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) | ||
| 289 | { | ||
| 290 | if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); | ||
| 291 | } | ||
| 292 | else ret=(*a); | ||
| 293 | |||
| 294 | p= *pp; | 200 | p= *pp; |
| 295 | |||
| 296 | inf=ASN1_get_object(&p,&len,&tag,&xclass,length); | 201 | inf=ASN1_get_object(&p,&len,&tag,&xclass,length); |
| 297 | if (inf & 0x80) | 202 | if (inf & 0x80) |
| 298 | { | 203 | { |
| @@ -305,10 +210,36 @@ long length; | |||
| 305 | i=ASN1_R_EXPECTING_AN_OBJECT; | 210 | i=ASN1_R_EXPECTING_AN_OBJECT; |
| 306 | goto err; | 211 | goto err; |
| 307 | } | 212 | } |
| 213 | ret = c2i_ASN1_OBJECT(a, &p, len); | ||
| 214 | if(ret) *pp = p; | ||
| 215 | return ret; | ||
| 216 | err: | ||
| 217 | ASN1err(ASN1_F_D2I_ASN1_OBJECT,i); | ||
| 218 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) | ||
| 219 | ASN1_OBJECT_free(ret); | ||
| 220 | return(NULL); | ||
| 221 | } | ||
| 222 | ASN1_OBJECT *c2i_ASN1_OBJECT(ASN1_OBJECT **a, unsigned char **pp, | ||
| 223 | long len) | ||
| 224 | { | ||
| 225 | ASN1_OBJECT *ret=NULL; | ||
| 226 | unsigned char *p; | ||
| 227 | int i; | ||
| 228 | |||
| 229 | /* only the ASN1_OBJECTs from the 'table' will have values | ||
| 230 | * for ->sn or ->ln */ | ||
| 231 | if ((a == NULL) || ((*a) == NULL) || | ||
| 232 | !((*a)->flags & ASN1_OBJECT_FLAG_DYNAMIC)) | ||
| 233 | { | ||
| 234 | if ((ret=ASN1_OBJECT_new()) == NULL) return(NULL); | ||
| 235 | } | ||
| 236 | else ret=(*a); | ||
| 237 | |||
| 238 | p= *pp; | ||
| 308 | if ((ret->data == NULL) || (ret->length < len)) | 239 | if ((ret->data == NULL) || (ret->length < len)) |
| 309 | { | 240 | { |
| 310 | if (ret->data != NULL) Free((char *)ret->data); | 241 | if (ret->data != NULL) OPENSSL_free(ret->data); |
| 311 | ret->data=(unsigned char *)Malloc((int)len); | 242 | ret->data=(unsigned char *)OPENSSL_malloc(len ? (int)len : 1); |
| 312 | ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; | 243 | ret->flags|=ASN1_OBJECT_FLAG_DYNAMIC_DATA; |
| 313 | if (ret->data == NULL) | 244 | if (ret->data == NULL) |
| 314 | { i=ERR_R_MALLOC_FAILURE; goto err; } | 245 | { i=ERR_R_MALLOC_FAILURE; goto err; } |
| @@ -330,11 +261,11 @@ err: | |||
| 330 | return(NULL); | 261 | return(NULL); |
| 331 | } | 262 | } |
| 332 | 263 | ||
| 333 | ASN1_OBJECT *ASN1_OBJECT_new() | 264 | ASN1_OBJECT *ASN1_OBJECT_new(void) |
| 334 | { | 265 | { |
| 335 | ASN1_OBJECT *ret; | 266 | ASN1_OBJECT *ret; |
| 336 | 267 | ||
| 337 | ret=(ASN1_OBJECT *)Malloc(sizeof(ASN1_OBJECT)); | 268 | ret=(ASN1_OBJECT *)OPENSSL_malloc(sizeof(ASN1_OBJECT)); |
| 338 | if (ret == NULL) | 269 | if (ret == NULL) |
| 339 | { | 270 | { |
| 340 | ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); | 271 | ASN1err(ASN1_F_ASN1_OBJECT_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -349,31 +280,29 @@ ASN1_OBJECT *ASN1_OBJECT_new() | |||
| 349 | return(ret); | 280 | return(ret); |
| 350 | } | 281 | } |
| 351 | 282 | ||
| 352 | void ASN1_OBJECT_free(a) | 283 | void ASN1_OBJECT_free(ASN1_OBJECT *a) |
| 353 | ASN1_OBJECT *a; | ||
| 354 | { | 284 | { |
| 355 | if (a == NULL) return; | 285 | if (a == NULL) return; |
| 356 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) | 286 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_STRINGS) |
| 357 | { | 287 | { |
| 358 | if (a->sn != NULL) Free(a->sn); | 288 | #ifndef CONST_STRICT /* disable purely for compile-time strict const checking. Doing this on a "real" compile will cause memory leaks */ |
| 359 | if (a->ln != NULL) Free(a->ln); | 289 | if (a->sn != NULL) OPENSSL_free((void *)a->sn); |
| 290 | if (a->ln != NULL) OPENSSL_free((void *)a->ln); | ||
| 291 | #endif | ||
| 360 | a->sn=a->ln=NULL; | 292 | a->sn=a->ln=NULL; |
| 361 | } | 293 | } |
| 362 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) | 294 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC_DATA) |
| 363 | { | 295 | { |
| 364 | if (a->data != NULL) Free(a->data); | 296 | if (a->data != NULL) OPENSSL_free(a->data); |
| 365 | a->data=NULL; | 297 | a->data=NULL; |
| 366 | a->length=0; | 298 | a->length=0; |
| 367 | } | 299 | } |
| 368 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) | 300 | if (a->flags & ASN1_OBJECT_FLAG_DYNAMIC) |
| 369 | Free((char *)a); | 301 | OPENSSL_free(a); |
| 370 | } | 302 | } |
| 371 | 303 | ||
| 372 | ASN1_OBJECT *ASN1_OBJECT_create(nid,data,len,sn,ln) | 304 | ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data, int len, |
| 373 | int nid; | 305 | const char *sn, const char *ln) |
| 374 | unsigned char *data; | ||
| 375 | int len; | ||
| 376 | char *sn,*ln; | ||
| 377 | { | 306 | { |
| 378 | ASN1_OBJECT o; | 307 | ASN1_OBJECT o; |
| 379 | 308 | ||
| @@ -382,8 +311,10 @@ char *sn,*ln; | |||
| 382 | o.data=data; | 311 | o.data=data; |
| 383 | o.nid=nid; | 312 | o.nid=nid; |
| 384 | o.length=len; | 313 | o.length=len; |
| 385 | o.flags=ASN1_OBJECT_FLAG_DYNAMIC| | 314 | o.flags=ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| |
| 386 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA; | 315 | ASN1_OBJECT_FLAG_DYNAMIC_DATA; |
| 387 | return(OBJ_dup(&o)); | 316 | return(OBJ_dup(&o)); |
| 388 | } | 317 | } |
| 389 | 318 | ||
| 319 | IMPLEMENT_STACK_OF(ASN1_OBJECT) | ||
| 320 | IMPLEMENT_ASN1_SET_OF(ASN1_OBJECT) | ||
diff --git a/src/lib/libcrypto/asn1/a_octet.c b/src/lib/libcrypto/asn1/a_octet.c index be3f172a8c..9690bae0f1 100644 --- a/src/lib/libcrypto/asn1/a_octet.c +++ b/src/lib/libcrypto/asn1/a_octet.c | |||
| @@ -58,33 +58,14 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_EXPECTING_AN_OCTET_STRING); | 63 | ASN1_OCTET_STRING *ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *x) |
| 64 | */ | 64 | { return M_ASN1_OCTET_STRING_dup(x); } |
| 65 | |||
| 66 | int i2d_ASN1_OCTET_STRING(a, pp) | ||
| 67 | ASN1_OCTET_STRING *a; | ||
| 68 | unsigned char **pp; | ||
| 69 | { | ||
| 70 | return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, | ||
| 71 | V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL)); | ||
| 72 | } | ||
| 73 | 65 | ||
| 74 | ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(a, pp, length) | 66 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b) |
| 75 | ASN1_OCTET_STRING **a; | 67 | { return M_ASN1_OCTET_STRING_cmp(a, b); } |
| 76 | unsigned char **pp; | ||
| 77 | long length; | ||
| 78 | { | ||
| 79 | ASN1_OCTET_STRING *ret=NULL; | ||
| 80 | 68 | ||
| 81 | ret=(ASN1_OCTET_STRING *)d2i_ASN1_bytes((ASN1_STRING **)a, | 69 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *x, unsigned char *d, int len) |
| 82 | pp,length,V_ASN1_OCTET_STRING,V_ASN1_UNIVERSAL); | 70 | { return M_ASN1_OCTET_STRING_set(x, d, len); } |
| 83 | if (ret == NULL) | ||
| 84 | { | ||
| 85 | ASN1err(ASN1_F_D2I_ASN1_OCTET_STRING,ASN1_R_ERROR_STACK); | ||
| 86 | return(NULL); | ||
| 87 | } | ||
| 88 | return(ret); | ||
| 89 | } | ||
| 90 | 71 | ||
diff --git a/src/lib/libcrypto/asn1/a_print.c b/src/lib/libcrypto/asn1/a_print.c index 3023361dee..8035513f04 100644 --- a/src/lib/libcrypto/asn1/a_print.c +++ b/src/lib/libcrypto/asn1/a_print.c | |||
| @@ -58,49 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_WRONG_PRINTABLE_TYPE); | 63 | int ASN1_PRINTABLE_type(unsigned char *s, int len) |
| 64 | * ASN1err(ASN1_F_D2I_ASN1_PRINT_TYPE,ASN1_R_TAG_VALUE_TOO_HIGH); | ||
| 65 | */ | ||
| 66 | |||
| 67 | int i2d_ASN1_IA5STRING(a,pp) | ||
| 68 | ASN1_IA5STRING *a; | ||
| 69 | unsigned char **pp; | ||
| 70 | { return(M_i2d_ASN1_IA5STRING(a,pp)); } | ||
| 71 | |||
| 72 | ASN1_IA5STRING *d2i_ASN1_IA5STRING(a,pp,l) | ||
| 73 | ASN1_IA5STRING **a; | ||
| 74 | unsigned char **pp; | ||
| 75 | long l; | ||
| 76 | { return(M_d2i_ASN1_IA5STRING(a,pp,l)); } | ||
| 77 | |||
| 78 | ASN1_T61STRING *d2i_ASN1_T61STRING(a,pp,l) | ||
| 79 | ASN1_T61STRING **a; | ||
| 80 | unsigned char **pp; | ||
| 81 | long l; | ||
| 82 | { return(M_d2i_ASN1_T61STRING(a,pp,l)); } | ||
| 83 | |||
| 84 | ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(a,pp,l) | ||
| 85 | ASN1_PRINTABLESTRING **a; | ||
| 86 | unsigned char **pp; | ||
| 87 | long l; | ||
| 88 | { return(M_d2i_ASN1_PRINTABLESTRING(a,pp,l)); } | ||
| 89 | |||
| 90 | int i2d_ASN1_PRINTABLE(a,pp) | ||
| 91 | ASN1_STRING *a; | ||
| 92 | unsigned char **pp; | ||
| 93 | { return(M_i2d_ASN1_PRINTABLE(a,pp)); } | ||
| 94 | |||
| 95 | ASN1_STRING *d2i_ASN1_PRINTABLE(a,pp,l) | ||
| 96 | ASN1_STRING **a; | ||
| 97 | unsigned char **pp; | ||
| 98 | long l; | ||
| 99 | { return(M_d2i_ASN1_PRINTABLE(a,pp,l)); } | ||
| 100 | |||
| 101 | int ASN1_PRINTABLE_type(s,len) | ||
| 102 | unsigned char *s; | ||
| 103 | int len; | ||
| 104 | { | 64 | { |
| 105 | int c; | 65 | int c; |
| 106 | int ia5=0; | 66 | int ia5=0; |
| @@ -112,6 +72,7 @@ int len; | |||
| 112 | while ((*s) && (len-- != 0)) | 72 | while ((*s) && (len-- != 0)) |
| 113 | { | 73 | { |
| 114 | c= *(s++); | 74 | c= *(s++); |
| 75 | #ifndef CHARSET_EBCDIC | ||
| 115 | if (!( ((c >= 'a') && (c <= 'z')) || | 76 | if (!( ((c >= 'a') && (c <= 'z')) || |
| 116 | ((c >= 'A') && (c <= 'Z')) || | 77 | ((c >= 'A') && (c <= 'Z')) || |
| 117 | (c == ' ') || | 78 | (c == ' ') || |
| @@ -125,14 +86,20 @@ int len; | |||
| 125 | ia5=1; | 86 | ia5=1; |
| 126 | if (c&0x80) | 87 | if (c&0x80) |
| 127 | t61=1; | 88 | t61=1; |
| 89 | #else | ||
| 90 | if (!isalnum(c) && (c != ' ') && | ||
| 91 | strchr("'()+,-./:=?", c) == NULL) | ||
| 92 | ia5=1; | ||
| 93 | if (os_toascii[c] & 0x80) | ||
| 94 | t61=1; | ||
| 95 | #endif | ||
| 128 | } | 96 | } |
| 129 | if (t61) return(V_ASN1_T61STRING); | 97 | if (t61) return(V_ASN1_T61STRING); |
| 130 | if (ia5) return(V_ASN1_IA5STRING); | 98 | if (ia5) return(V_ASN1_IA5STRING); |
| 131 | return(V_ASN1_PRINTABLESTRING); | 99 | return(V_ASN1_PRINTABLESTRING); |
| 132 | } | 100 | } |
| 133 | 101 | ||
| 134 | int ASN1_UNIVERSALSTRING_to_string(s) | 102 | int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s) |
| 135 | ASN1_UNIVERSALSTRING *s; | ||
| 136 | { | 103 | { |
| 137 | int i; | 104 | int i; |
| 138 | unsigned char *p; | 105 | unsigned char *p; |
| @@ -158,4 +125,3 @@ ASN1_UNIVERSALSTRING *s; | |||
| 158 | s->type=ASN1_PRINTABLE_type(s->data,s->length); | 125 | s->type=ASN1_PRINTABLE_type(s->data,s->length); |
| 159 | return(1); | 126 | return(1); |
| 160 | } | 127 | } |
| 161 | |||
diff --git a/src/lib/libcrypto/asn1/a_set.c b/src/lib/libcrypto/asn1/a_set.c index 17c49946cf..0f839822ff 100644 --- a/src/lib/libcrypto/asn1/a_set.c +++ b/src/lib/libcrypto/asn1/a_set.c | |||
| @@ -58,21 +58,42 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1_mac.h> |
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_ASN1_TYPE_NEW,ERR_R_MALLOC_FAILURE); | 63 | #ifndef NO_ASN1_OLD |
| 64 | |||
| 65 | typedef struct | ||
| 66 | { | ||
| 67 | unsigned char *pbData; | ||
| 68 | int cbData; | ||
| 69 | } MYBLOB; | ||
| 70 | |||
| 71 | /* SetBlobCmp | ||
| 72 | * This function compares two elements of SET_OF block | ||
| 64 | */ | 73 | */ |
| 74 | static int SetBlobCmp(const void *elem1, const void *elem2 ) | ||
| 75 | { | ||
| 76 | const MYBLOB *b1 = (const MYBLOB *)elem1; | ||
| 77 | const MYBLOB *b2 = (const MYBLOB *)elem2; | ||
| 78 | int r; | ||
| 79 | |||
| 80 | r = memcmp(b1->pbData, b2->pbData, | ||
| 81 | b1->cbData < b2->cbData ? b1->cbData : b2->cbData); | ||
| 82 | if(r != 0) | ||
| 83 | return r; | ||
| 84 | return b1->cbData-b2->cbData; | ||
| 85 | } | ||
| 65 | 86 | ||
| 66 | int i2d_ASN1_SET(a,pp,func,ex_tag,ex_class) | 87 | /* int is_set: if TRUE, then sort the contents (i.e. it isn't a SEQUENCE) */ |
| 67 | STACK *a; | 88 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, int (*func)(), int ex_tag, |
| 68 | unsigned char **pp; | 89 | int ex_class, int is_set) |
| 69 | int (*func)(); | ||
| 70 | int ex_tag; | ||
| 71 | int ex_class; | ||
| 72 | { | 90 | { |
| 73 | int ret=0,r; | 91 | int ret=0,r; |
| 74 | int i; | 92 | int i; |
| 75 | unsigned char *p; | 93 | unsigned char *p; |
| 94 | unsigned char *pStart, *pTempMem; | ||
| 95 | MYBLOB *rgSetBlob; | ||
| 96 | int totSize; | ||
| 76 | 97 | ||
| 77 | if (a == NULL) return(0); | 98 | if (a == NULL) return(0); |
| 78 | for (i=sk_num(a)-1; i>=0; i--) | 99 | for (i=sk_num(a)-1; i>=0; i--) |
| @@ -82,26 +103,64 @@ int ex_class; | |||
| 82 | 103 | ||
| 83 | p= *pp; | 104 | p= *pp; |
| 84 | ASN1_put_object(&p,1,ret,ex_tag,ex_class); | 105 | ASN1_put_object(&p,1,ret,ex_tag,ex_class); |
| 85 | for (i=0; i<sk_num(a); i++) | ||
| 86 | func(sk_value(a,i),&p); | ||
| 87 | 106 | ||
| 88 | *pp=p; | 107 | /* Modified by gp@nsj.co.jp */ |
| 89 | return(r); | 108 | /* And then again by Ben */ |
| 90 | } | 109 | /* And again by Steve */ |
| 110 | |||
| 111 | if(!is_set || (sk_num(a) < 2)) | ||
| 112 | { | ||
| 113 | for (i=0; i<sk_num(a); i++) | ||
| 114 | func(sk_value(a,i),&p); | ||
| 115 | |||
| 116 | *pp=p; | ||
| 117 | return(r); | ||
| 118 | } | ||
| 91 | 119 | ||
| 92 | STACK *d2i_ASN1_SET(a,pp,length,func,ex_tag,ex_class) | 120 | pStart = p; /* Catch the beg of Setblobs*/ |
| 93 | STACK **a; | 121 | if (!(rgSetBlob = (MYBLOB *)OPENSSL_malloc( sk_num(a) * sizeof(MYBLOB)))) return 0; /* In this array |
| 94 | unsigned char **pp; | 122 | we will store the SET blobs */ |
| 95 | long length; | 123 | |
| 96 | char *(*func)(); | 124 | for (i=0; i<sk_num(a); i++) |
| 97 | int ex_tag; | 125 | { |
| 98 | int ex_class; | 126 | rgSetBlob[i].pbData = p; /* catch each set encode blob */ |
| 127 | func(sk_value(a,i),&p); | ||
| 128 | rgSetBlob[i].cbData = p - rgSetBlob[i].pbData; /* Length of this | ||
| 129 | SetBlob | ||
| 130 | */ | ||
| 131 | } | ||
| 132 | *pp=p; | ||
| 133 | totSize = p - pStart; /* This is the total size of all set blobs */ | ||
| 134 | |||
| 135 | /* Now we have to sort the blobs. I am using a simple algo. | ||
| 136 | *Sort ptrs *Copy to temp-mem *Copy from temp-mem to user-mem*/ | ||
| 137 | qsort( rgSetBlob, sk_num(a), sizeof(MYBLOB), SetBlobCmp); | ||
| 138 | if (!(pTempMem = OPENSSL_malloc(totSize))) return 0; | ||
| 139 | |||
| 140 | /* Copy to temp mem */ | ||
| 141 | p = pTempMem; | ||
| 142 | for(i=0; i<sk_num(a); ++i) | ||
| 143 | { | ||
| 144 | memcpy(p, rgSetBlob[i].pbData, rgSetBlob[i].cbData); | ||
| 145 | p += rgSetBlob[i].cbData; | ||
| 146 | } | ||
| 147 | |||
| 148 | /* Copy back to user mem*/ | ||
| 149 | memcpy(pStart, pTempMem, totSize); | ||
| 150 | OPENSSL_free(pTempMem); | ||
| 151 | OPENSSL_free(rgSetBlob); | ||
| 152 | |||
| 153 | return(r); | ||
| 154 | } | ||
| 155 | |||
| 156 | STACK *d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | ||
| 157 | char *(*func)(), void (*free_func)(void *), int ex_tag, int ex_class) | ||
| 99 | { | 158 | { |
| 100 | ASN1_CTX c; | 159 | ASN1_CTX c; |
| 101 | STACK *ret=NULL; | 160 | STACK *ret=NULL; |
| 102 | 161 | ||
| 103 | if ((a == NULL) || ((*a) == NULL)) | 162 | if ((a == NULL) || ((*a) == NULL)) |
| 104 | { if ((ret=sk_new(NULL)) == NULL) goto err; } | 163 | { if ((ret=sk_new_null()) == NULL) goto err; } |
| 105 | else | 164 | else |
| 106 | ret=(*a); | 165 | ret=(*a); |
| 107 | 166 | ||
| @@ -136,14 +195,26 @@ int ex_class; | |||
| 136 | char *s; | 195 | char *s; |
| 137 | 196 | ||
| 138 | if (M_ASN1_D2I_end_sequence()) break; | 197 | if (M_ASN1_D2I_end_sequence()) break; |
| 139 | if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) goto err; | 198 | if ((s=func(NULL,&c.p,c.slen,c.max-c.p)) == NULL) |
| 199 | { | ||
| 200 | ASN1err(ASN1_F_D2I_ASN1_SET,ASN1_R_ERROR_PARSING_SET_ELEMENT); | ||
| 201 | asn1_add_error(*pp,(int)(c.q- *pp)); | ||
| 202 | goto err; | ||
| 203 | } | ||
| 140 | if (!sk_push(ret,s)) goto err; | 204 | if (!sk_push(ret,s)) goto err; |
| 141 | } | 205 | } |
| 142 | if (a != NULL) (*a)=ret; | 206 | if (a != NULL) (*a)=ret; |
| 143 | *pp=c.p; | 207 | *pp=c.p; |
| 144 | return(ret); | 208 | return(ret); |
| 145 | err: | 209 | err: |
| 146 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) sk_free(ret); | 210 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) |
| 211 | { | ||
| 212 | if (free_func != NULL) | ||
| 213 | sk_pop_free(ret,free_func); | ||
| 214 | else | ||
| 215 | sk_free(ret); | ||
| 216 | } | ||
| 147 | return(NULL); | 217 | return(NULL); |
| 148 | } | 218 | } |
| 149 | 219 | ||
| 220 | #endif | ||
diff --git a/src/lib/libcrypto/asn1/a_sign.c b/src/lib/libcrypto/asn1/a_sign.c index 02188e68c4..de53b44144 100644 --- a/src/lib/libcrypto/asn1/a_sign.c +++ b/src/lib/libcrypto/asn1/a_sign.c | |||
| @@ -55,34 +55,87 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include <time.h> | 113 | #include <time.h> |
| 61 | #include <sys/types.h> | ||
| 62 | #include <sys/stat.h> | ||
| 63 | 114 | ||
| 64 | #include "cryptlib.h" | 115 | #include "cryptlib.h" |
| 65 | #include "bn.h" | ||
| 66 | #include "evp.h" | ||
| 67 | #include "x509.h" | ||
| 68 | #include "objects.h" | ||
| 69 | #include "buffer.h" | ||
| 70 | #include "pem.h" | ||
| 71 | 116 | ||
| 72 | int ASN1_sign(i2d,algor1,algor2,signature,data,pkey,type) | 117 | #ifndef NO_SYS_TYPES_H |
| 73 | int (*i2d)(); | 118 | # include <sys/types.h> |
| 74 | X509_ALGOR *algor1; | 119 | #endif |
| 75 | X509_ALGOR *algor2; | 120 | |
| 76 | ASN1_BIT_STRING *signature; | 121 | #include <openssl/bn.h> |
| 77 | char *data; | 122 | #include <openssl/evp.h> |
| 78 | EVP_PKEY *pkey; | 123 | #include <openssl/x509.h> |
| 79 | EVP_MD *type; | 124 | #include <openssl/objects.h> |
| 125 | #include <openssl/buffer.h> | ||
| 126 | |||
| 127 | #ifndef NO_ASN1_OLD | ||
| 128 | |||
| 129 | int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, | ||
| 130 | ASN1_BIT_STRING *signature, char *data, EVP_PKEY *pkey, | ||
| 131 | const EVP_MD *type) | ||
| 80 | { | 132 | { |
| 81 | EVP_MD_CTX ctx; | 133 | EVP_MD_CTX ctx; |
| 82 | unsigned char *p,*buf_in=NULL,*buf_out=NULL; | 134 | unsigned char *p,*buf_in=NULL,*buf_out=NULL; |
| 83 | int i,inl=0,outl=0,outll=0; | 135 | int i,inl=0,outl=0,outll=0; |
| 84 | X509_ALGOR *a; | 136 | X509_ALGOR *a; |
| 85 | 137 | ||
| 138 | EVP_MD_CTX_init(&ctx); | ||
| 86 | for (i=0; i<2; i++) | 139 | for (i=0; i<2; i++) |
| 87 | { | 140 | { |
| 88 | if (i == 0) | 141 | if (i == 0) |
| @@ -90,7 +143,14 @@ EVP_MD *type; | |||
| 90 | else | 143 | else |
| 91 | a=algor2; | 144 | a=algor2; |
| 92 | if (a == NULL) continue; | 145 | if (a == NULL) continue; |
| 93 | if ( (a->parameter == NULL) || | 146 | if (type->pkey_type == NID_dsaWithSHA1) |
| 147 | { | ||
| 148 | /* special case: RFC 2459 tells us to omit 'parameters' | ||
| 149 | * with id-dsa-with-sha1 */ | ||
| 150 | ASN1_TYPE_free(a->parameter); | ||
| 151 | a->parameter = NULL; | ||
| 152 | } | ||
| 153 | else if ((a->parameter == NULL) || | ||
| 94 | (a->parameter->type != V_ASN1_NULL)) | 154 | (a->parameter->type != V_ASN1_NULL)) |
| 95 | { | 155 | { |
| 96 | ASN1_TYPE_free(a->parameter); | 156 | ASN1_TYPE_free(a->parameter); |
| @@ -111,9 +171,9 @@ EVP_MD *type; | |||
| 111 | } | 171 | } |
| 112 | } | 172 | } |
| 113 | inl=i2d(data,NULL); | 173 | inl=i2d(data,NULL); |
| 114 | buf_in=(unsigned char *)Malloc((unsigned int)inl); | 174 | buf_in=(unsigned char *)OPENSSL_malloc((unsigned int)inl); |
| 115 | outll=outl=EVP_PKEY_size(pkey); | 175 | outll=outl=EVP_PKEY_size(pkey); |
| 116 | buf_out=(unsigned char *)Malloc((unsigned int)outl); | 176 | buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); |
| 117 | if ((buf_in == NULL) || (buf_out == NULL)) | 177 | if ((buf_in == NULL) || (buf_out == NULL)) |
| 118 | { | 178 | { |
| 119 | outl=0; | 179 | outl=0; |
| @@ -123,7 +183,7 @@ EVP_MD *type; | |||
| 123 | p=buf_in; | 183 | p=buf_in; |
| 124 | 184 | ||
| 125 | i2d(data,&p); | 185 | i2d(data,&p); |
| 126 | EVP_SignInit(&ctx,type); | 186 | EVP_SignInit_ex(&ctx,type, NULL); |
| 127 | EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); | 187 | EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); |
| 128 | if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, | 188 | if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, |
| 129 | (unsigned int *)&outl,pkey)) | 189 | (unsigned int *)&outl,pkey)) |
| @@ -132,16 +192,103 @@ EVP_MD *type; | |||
| 132 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); | 192 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); |
| 133 | goto err; | 193 | goto err; |
| 134 | } | 194 | } |
| 135 | if (signature->data != NULL) Free((char *)signature->data); | 195 | if (signature->data != NULL) OPENSSL_free(signature->data); |
| 136 | signature->data=buf_out; | 196 | signature->data=buf_out; |
| 137 | buf_out=NULL; | 197 | buf_out=NULL; |
| 138 | signature->length=outl; | 198 | signature->length=outl; |
| 199 | /* In the interests of compatibility, I'll make sure that | ||
| 200 | * the bit string has a 'not-used bits' value of 0 | ||
| 201 | */ | ||
| 202 | signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | ||
| 203 | signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; | ||
| 204 | err: | ||
| 205 | EVP_MD_CTX_cleanup(&ctx); | ||
| 206 | if (buf_in != NULL) | ||
| 207 | { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } | ||
| 208 | if (buf_out != NULL) | ||
| 209 | { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } | ||
| 210 | return(outl); | ||
| 211 | } | ||
| 212 | |||
| 213 | #endif | ||
| 214 | |||
| 215 | int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | ||
| 216 | ASN1_BIT_STRING *signature, void *asn, EVP_PKEY *pkey, | ||
| 217 | const EVP_MD *type) | ||
| 218 | { | ||
| 219 | EVP_MD_CTX ctx; | ||
| 220 | unsigned char *buf_in=NULL,*buf_out=NULL; | ||
| 221 | int i,inl=0,outl=0,outll=0; | ||
| 222 | X509_ALGOR *a; | ||
| 223 | |||
| 224 | EVP_MD_CTX_init(&ctx); | ||
| 225 | for (i=0; i<2; i++) | ||
| 226 | { | ||
| 227 | if (i == 0) | ||
| 228 | a=algor1; | ||
| 229 | else | ||
| 230 | a=algor2; | ||
| 231 | if (a == NULL) continue; | ||
| 232 | if (type->pkey_type == NID_dsaWithSHA1) | ||
| 233 | { | ||
| 234 | /* special case: RFC 2459 tells us to omit 'parameters' | ||
| 235 | * with id-dsa-with-sha1 */ | ||
| 236 | ASN1_TYPE_free(a->parameter); | ||
| 237 | a->parameter = NULL; | ||
| 238 | } | ||
| 239 | else if ((a->parameter == NULL) || | ||
| 240 | (a->parameter->type != V_ASN1_NULL)) | ||
| 241 | { | ||
| 242 | ASN1_TYPE_free(a->parameter); | ||
| 243 | if ((a->parameter=ASN1_TYPE_new()) == NULL) goto err; | ||
| 244 | a->parameter->type=V_ASN1_NULL; | ||
| 245 | } | ||
| 246 | ASN1_OBJECT_free(a->algorithm); | ||
| 247 | a->algorithm=OBJ_nid2obj(type->pkey_type); | ||
| 248 | if (a->algorithm == NULL) | ||
| 249 | { | ||
| 250 | ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_UNKNOWN_OBJECT_TYPE); | ||
| 251 | goto err; | ||
| 252 | } | ||
| 253 | if (a->algorithm->length == 0) | ||
| 254 | { | ||
| 255 | ASN1err(ASN1_F_ASN1_SIGN,ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); | ||
| 256 | goto err; | ||
| 257 | } | ||
| 258 | } | ||
| 259 | inl=ASN1_item_i2d(asn,&buf_in, it); | ||
| 260 | outll=outl=EVP_PKEY_size(pkey); | ||
| 261 | buf_out=(unsigned char *)OPENSSL_malloc((unsigned int)outl); | ||
| 262 | if ((buf_in == NULL) || (buf_out == NULL)) | ||
| 263 | { | ||
| 264 | outl=0; | ||
| 265 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE); | ||
| 266 | goto err; | ||
| 267 | } | ||
| 139 | 268 | ||
| 269 | EVP_SignInit_ex(&ctx,type, NULL); | ||
| 270 | EVP_SignUpdate(&ctx,(unsigned char *)buf_in,inl); | ||
| 271 | if (!EVP_SignFinal(&ctx,(unsigned char *)buf_out, | ||
| 272 | (unsigned int *)&outl,pkey)) | ||
| 273 | { | ||
| 274 | outl=0; | ||
| 275 | ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB); | ||
| 276 | goto err; | ||
| 277 | } | ||
| 278 | if (signature->data != NULL) OPENSSL_free(signature->data); | ||
| 279 | signature->data=buf_out; | ||
| 280 | buf_out=NULL; | ||
| 281 | signature->length=outl; | ||
| 282 | /* In the interests of compatibility, I'll make sure that | ||
| 283 | * the bit string has a 'not-used bits' value of 0 | ||
| 284 | */ | ||
| 285 | signature->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | ||
| 286 | signature->flags|=ASN1_STRING_FLAG_BITS_LEFT; | ||
| 140 | err: | 287 | err: |
| 141 | memset(&ctx,0,sizeof(ctx)); | 288 | EVP_MD_CTX_cleanup(&ctx); |
| 142 | if (buf_in != NULL) | 289 | if (buf_in != NULL) |
| 143 | { memset((char *)buf_in,0,(unsigned int)inl); Free((char *)buf_in); } | 290 | { memset((char *)buf_in,0,(unsigned int)inl); OPENSSL_free(buf_in); } |
| 144 | if (buf_out != NULL) | 291 | if (buf_out != NULL) |
| 145 | { memset((char *)buf_out,0,outll); Free((char *)buf_out); } | 292 | { memset((char *)buf_out,0,outll); OPENSSL_free(buf_out); } |
| 146 | return(outl); | 293 | return(outl); |
| 147 | } | 294 | } |
diff --git a/src/lib/libcrypto/asn1/a_strex.c b/src/lib/libcrypto/asn1/a_strex.c index 569b811998..128aa7e772 100644 --- a/src/lib/libcrypto/asn1/a_strex.c +++ b/src/lib/libcrypto/asn1/a_strex.c | |||
| @@ -371,6 +371,8 @@ static int do_indent(char_io *io_ch, void *arg, int indent) | |||
| 371 | return 1; | 371 | return 1; |
| 372 | } | 372 | } |
| 373 | 373 | ||
| 374 | #define FN_WIDTH_LN 25 | ||
| 375 | #define FN_WIDTH_SN 10 | ||
| 374 | 376 | ||
| 375 | static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, | 377 | static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, |
| 376 | int indent, unsigned long flags) | 378 | int indent, unsigned long flags) |
| @@ -456,19 +458,29 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, | |||
| 456 | val = X509_NAME_ENTRY_get_data(ent); | 458 | val = X509_NAME_ENTRY_get_data(ent); |
| 457 | fn_nid = OBJ_obj2nid(fn); | 459 | fn_nid = OBJ_obj2nid(fn); |
| 458 | if(fn_opt != XN_FLAG_FN_NONE) { | 460 | if(fn_opt != XN_FLAG_FN_NONE) { |
| 459 | int objlen; | 461 | int objlen, fld_len; |
| 460 | if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { | 462 | if((fn_opt == XN_FLAG_FN_OID) || (fn_nid==NID_undef) ) { |
| 461 | OBJ_obj2txt(objtmp, 80, fn, 1); | 463 | OBJ_obj2txt(objtmp, 80, fn, 1); |
| 464 | fld_len = 0; /* XXX: what should this be? */ | ||
| 462 | objbuf = objtmp; | 465 | objbuf = objtmp; |
| 463 | } else { | 466 | } else { |
| 464 | if(fn_opt == XN_FLAG_FN_SN) | 467 | if(fn_opt == XN_FLAG_FN_SN) { |
| 468 | fld_len = FN_WIDTH_SN; | ||
| 465 | objbuf = OBJ_nid2sn(fn_nid); | 469 | objbuf = OBJ_nid2sn(fn_nid); |
| 466 | else if(fn_opt == XN_FLAG_FN_LN) | 470 | } else if(fn_opt == XN_FLAG_FN_LN) { |
| 471 | fld_len = FN_WIDTH_LN; | ||
| 467 | objbuf = OBJ_nid2ln(fn_nid); | 472 | objbuf = OBJ_nid2ln(fn_nid); |
| 468 | else objbuf = ""; | 473 | } else { |
| 474 | fld_len = 0; /* XXX: what should this be? */ | ||
| 475 | objbuf = ""; | ||
| 476 | } | ||
| 469 | } | 477 | } |
| 470 | objlen = strlen(objbuf); | 478 | objlen = strlen(objbuf); |
| 471 | if(!io_ch(arg, objbuf, objlen)) return -1; | 479 | if(!io_ch(arg, objbuf, objlen)) return -1; |
| 480 | if ((objlen < fld_len) && (flags & XN_FLAG_FN_ALIGN)) { | ||
| 481 | if (!do_indent(io_ch, arg, fld_len - objlen)) return -1; | ||
| 482 | outlen += fld_len - objlen; | ||
| 483 | } | ||
| 472 | if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; | 484 | if(!io_ch(arg, sep_eq, sep_eq_len)) return -1; |
| 473 | outlen += objlen + sep_eq_len; | 485 | outlen += objlen + sep_eq_len; |
| 474 | } | 486 | } |
| @@ -491,12 +503,24 @@ static int do_name_ex(char_io *io_ch, void *arg, X509_NAME *n, | |||
| 491 | 503 | ||
| 492 | int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) | 504 | int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags) |
| 493 | { | 505 | { |
| 506 | if(flags == XN_FLAG_COMPAT) | ||
| 507 | return X509_NAME_print(out, nm, indent); | ||
| 494 | return do_name_ex(send_bio_chars, out, nm, indent, flags); | 508 | return do_name_ex(send_bio_chars, out, nm, indent, flags); |
| 495 | } | 509 | } |
| 496 | 510 | ||
| 497 | 511 | ||
| 498 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) | 512 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags) |
| 499 | { | 513 | { |
| 514 | if(flags == XN_FLAG_COMPAT) | ||
| 515 | { | ||
| 516 | BIO *btmp; | ||
| 517 | int ret; | ||
| 518 | btmp = BIO_new_fp(fp, BIO_NOCLOSE); | ||
| 519 | if(!btmp) return -1; | ||
| 520 | ret = X509_NAME_print(btmp, nm, indent); | ||
| 521 | BIO_free(btmp); | ||
| 522 | return ret; | ||
| 523 | } | ||
| 500 | return do_name_ex(send_fp_chars, fp, nm, indent, flags); | 524 | return do_name_ex(send_fp_chars, fp, nm, indent, flags); |
| 501 | } | 525 | } |
| 502 | 526 | ||
diff --git a/src/lib/libcrypto/asn1/a_strnid.c b/src/lib/libcrypto/asn1/a_strnid.c index ab8417ffab..04789d1c63 100644 --- a/src/lib/libcrypto/asn1/a_strnid.c +++ b/src/lib/libcrypto/asn1/a_strnid.c | |||
| @@ -65,8 +65,9 @@ | |||
| 65 | 65 | ||
| 66 | static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; | 66 | static STACK_OF(ASN1_STRING_TABLE) *stable = NULL; |
| 67 | static void st_free(ASN1_STRING_TABLE *tbl); | 67 | static void st_free(ASN1_STRING_TABLE *tbl); |
| 68 | static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b); | 68 | static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, |
| 69 | static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b); | 69 | const ASN1_STRING_TABLE * const *b); |
| 70 | static int table_cmp(const void *a, const void *b); | ||
| 70 | 71 | ||
| 71 | 72 | ||
| 72 | /* This is the global mask for the mbstring functions: this is use to | 73 | /* This is the global mask for the mbstring functions: this is use to |
| @@ -104,9 +105,9 @@ int ASN1_STRING_set_default_mask_asc(char *p) | |||
| 104 | mask = strtoul(p + 5, &end, 0); | 105 | mask = strtoul(p + 5, &end, 0); |
| 105 | if(*end) return 0; | 106 | if(*end) return 0; |
| 106 | } else if(!strcmp(p, "nombstr")) | 107 | } else if(!strcmp(p, "nombstr")) |
| 107 | mask = ~(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING); | 108 | mask = ~((unsigned long)(B_ASN1_BMPSTRING|B_ASN1_UTF8STRING)); |
| 108 | else if(!strcmp(p, "pkix")) | 109 | else if(!strcmp(p, "pkix")) |
| 109 | mask = ~B_ASN1_T61STRING; | 110 | mask = ~((unsigned long)B_ASN1_T61STRING); |
| 110 | else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; | 111 | else if(!strcmp(p, "utf8only")) mask = B_ASN1_UTF8STRING; |
| 111 | else if(!strcmp(p, "default")) | 112 | else if(!strcmp(p, "default")) |
| 112 | mask = 0xFFFFFFFFL; | 113 | mask = 0xFFFFFFFFL; |
| @@ -132,7 +133,7 @@ ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, const unsigned char *in, | |||
| 132 | if(tbl) { | 133 | if(tbl) { |
| 133 | mask = tbl->mask; | 134 | mask = tbl->mask; |
| 134 | if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; | 135 | if(!(tbl->flags & STABLE_NO_MASK)) mask &= global_mask; |
| 135 | ret = ASN1_mbstring_ncopy(out, in, inlen, inform, tbl->mask, | 136 | ret = ASN1_mbstring_ncopy(out, in, inlen, inform, mask, |
| 136 | tbl->minsize, tbl->maxsize); | 137 | tbl->minsize, tbl->maxsize); |
| 137 | } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); | 138 | } else ret = ASN1_mbstring_copy(out, in, inlen, inform, DIRSTRING_TYPE & global_mask); |
| 138 | if(ret <= 0) return NULL; | 139 | if(ret <= 0) return NULL; |
| @@ -169,18 +170,22 @@ static ASN1_STRING_TABLE tbl_standard[] = { | |||
| 169 | {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, | 170 | {NID_givenName, 1, ub_name, DIRSTRING_TYPE, 0}, |
| 170 | {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, | 171 | {NID_surname, 1, ub_name, DIRSTRING_TYPE, 0}, |
| 171 | {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, | 172 | {NID_initials, 1, ub_name, DIRSTRING_TYPE, 0}, |
| 173 | {NID_friendlyName, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK}, | ||
| 172 | {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, | 174 | {NID_name, 1, ub_name, DIRSTRING_TYPE, 0}, |
| 173 | {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK} | 175 | {NID_dnQualifier, -1, -1, B_ASN1_PRINTABLESTRING, STABLE_NO_MASK}, |
| 176 | {NID_ms_csp_name, -1, -1, B_ASN1_BMPSTRING, STABLE_NO_MASK} | ||
| 174 | }; | 177 | }; |
| 175 | 178 | ||
| 176 | static int sk_table_cmp(ASN1_STRING_TABLE **a, ASN1_STRING_TABLE **b) | 179 | static int sk_table_cmp(const ASN1_STRING_TABLE * const *a, |
| 180 | const ASN1_STRING_TABLE * const *b) | ||
| 177 | { | 181 | { |
| 178 | return (*a)->nid - (*b)->nid; | 182 | return (*a)->nid - (*b)->nid; |
| 179 | } | 183 | } |
| 180 | 184 | ||
| 181 | static int table_cmp(ASN1_STRING_TABLE *a, ASN1_STRING_TABLE *b) | 185 | static int table_cmp(const void *a, const void *b) |
| 182 | { | 186 | { |
| 183 | return a->nid - b->nid; | 187 | const ASN1_STRING_TABLE *sa = a, *sb = b; |
| 188 | return sa->nid - sb->nid; | ||
| 184 | } | 189 | } |
| 185 | 190 | ||
| 186 | ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) | 191 | ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) |
| @@ -192,7 +197,7 @@ ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid) | |||
| 192 | ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, | 197 | ttmp = (ASN1_STRING_TABLE *) OBJ_bsearch((char *)&fnd, |
| 193 | (char *)tbl_standard, | 198 | (char *)tbl_standard, |
| 194 | sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), | 199 | sizeof(tbl_standard)/sizeof(ASN1_STRING_TABLE), |
| 195 | sizeof(ASN1_STRING_TABLE), (int(*)())table_cmp); | 200 | sizeof(ASN1_STRING_TABLE), table_cmp); |
| 196 | if(ttmp) return ttmp; | 201 | if(ttmp) return ttmp; |
| 197 | if(!stable) return NULL; | 202 | if(!stable) return NULL; |
| 198 | idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); | 203 | idx = sk_ASN1_STRING_TABLE_find(stable, &fnd); |
| @@ -213,7 +218,7 @@ int ASN1_STRING_TABLE_add(int nid, | |||
| 213 | return 0; | 218 | return 0; |
| 214 | } | 219 | } |
| 215 | if(!(tmp = ASN1_STRING_TABLE_get(nid))) { | 220 | if(!(tmp = ASN1_STRING_TABLE_get(nid))) { |
| 216 | tmp = Malloc(sizeof(ASN1_STRING_TABLE)); | 221 | tmp = OPENSSL_malloc(sizeof(ASN1_STRING_TABLE)); |
| 217 | if(!tmp) { | 222 | if(!tmp) { |
| 218 | ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, | 223 | ASN1err(ASN1_F_ASN1_STRING_TABLE_ADD, |
| 219 | ERR_R_MALLOC_FAILURE); | 224 | ERR_R_MALLOC_FAILURE); |
| @@ -241,7 +246,7 @@ void ASN1_STRING_TABLE_cleanup(void) | |||
| 241 | 246 | ||
| 242 | static void st_free(ASN1_STRING_TABLE *tbl) | 247 | static void st_free(ASN1_STRING_TABLE *tbl) |
| 243 | { | 248 | { |
| 244 | if(tbl->flags & STABLE_FLAGS_MALLOC) Free(tbl); | 249 | if(tbl->flags & STABLE_FLAGS_MALLOC) OPENSSL_free(tbl); |
| 245 | } | 250 | } |
| 246 | 251 | ||
| 247 | IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) | 252 | IMPLEMENT_STACK_OF(ASN1_STRING_TABLE) |
diff --git a/src/lib/libcrypto/asn1/a_time.c b/src/lib/libcrypto/asn1/a_time.c index c1690a5694..27ddd30899 100644 --- a/src/lib/libcrypto/asn1/a_time.c +++ b/src/lib/libcrypto/asn1/a_time.c | |||
| @@ -64,8 +64,14 @@ | |||
| 64 | #include <stdio.h> | 64 | #include <stdio.h> |
| 65 | #include <time.h> | 65 | #include <time.h> |
| 66 | #include "cryptlib.h" | 66 | #include "cryptlib.h" |
| 67 | #include <openssl/asn1.h> | 67 | #include "o_time.h" |
| 68 | #include <openssl/asn1t.h> | ||
| 68 | 69 | ||
| 70 | IMPLEMENT_ASN1_MSTRING(ASN1_TIME, B_ASN1_TIME) | ||
| 71 | |||
| 72 | IMPLEMENT_ASN1_FUNCTIONS(ASN1_TIME) | ||
| 73 | |||
| 74 | #if 0 | ||
| 69 | int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) | 75 | int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) |
| 70 | { | 76 | { |
| 71 | #ifdef CHARSET_EBCDIC | 77 | #ifdef CHARSET_EBCDIC |
| @@ -89,35 +95,64 @@ int i2d_ASN1_TIME(ASN1_TIME *a, unsigned char **pp) | |||
| 89 | ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); | 95 | ASN1err(ASN1_F_I2D_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); |
| 90 | return -1; | 96 | return -1; |
| 91 | } | 97 | } |
| 92 | 98 | #endif | |
| 93 | |||
| 94 | ASN1_TIME *d2i_ASN1_TIME(ASN1_TIME **a, unsigned char **pp, long length) | ||
| 95 | { | ||
| 96 | unsigned char tag; | ||
| 97 | tag = **pp & ~V_ASN1_CONSTRUCTED; | ||
| 98 | if(tag == (V_ASN1_UTCTIME|V_ASN1_UNIVERSAL)) | ||
| 99 | return d2i_ASN1_UTCTIME(a, pp, length); | ||
| 100 | if(tag == (V_ASN1_GENERALIZEDTIME|V_ASN1_UNIVERSAL)) | ||
| 101 | return d2i_ASN1_GENERALIZEDTIME(a, pp, length); | ||
| 102 | ASN1err(ASN1_F_D2I_ASN1_TIME,ASN1_R_EXPECTING_A_TIME); | ||
| 103 | return(NULL); | ||
| 104 | } | ||
| 105 | 99 | ||
| 106 | 100 | ||
| 107 | ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) | 101 | ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s, time_t t) |
| 108 | { | 102 | { |
| 109 | struct tm *ts; | 103 | struct tm *ts; |
| 110 | #if defined(THREADS) && !defined(WIN32) | ||
| 111 | struct tm data; | 104 | struct tm data; |
| 112 | #endif | ||
| 113 | 105 | ||
| 114 | #if defined(THREADS) && !defined(WIN32) | 106 | ts=OPENSSL_gmtime(&t,&data); |
| 115 | gmtime_r(&t,&data); | 107 | if (ts == NULL) |
| 116 | ts=&data; /* should return &data, but doesn't on some systems, so we don't even look at the return value */ | 108 | return NULL; |
| 117 | #else | ||
| 118 | ts=gmtime(&t); | ||
| 119 | #endif | ||
| 120 | if((ts->tm_year >= 50) && (ts->tm_year < 150)) | 109 | if((ts->tm_year >= 50) && (ts->tm_year < 150)) |
| 121 | return ASN1_UTCTIME_set(s, t); | 110 | return ASN1_UTCTIME_set(s, t); |
| 122 | return ASN1_GENERALIZEDTIME_set(s,t); | 111 | return ASN1_GENERALIZEDTIME_set(s,t); |
| 123 | } | 112 | } |
| 113 | |||
| 114 | int ASN1_TIME_check(ASN1_TIME *t) | ||
| 115 | { | ||
| 116 | if (t->type == V_ASN1_GENERALIZEDTIME) | ||
| 117 | return ASN1_GENERALIZEDTIME_check(t); | ||
| 118 | else if (t->type == V_ASN1_UTCTIME) | ||
| 119 | return ASN1_UTCTIME_check(t); | ||
| 120 | return 0; | ||
| 121 | } | ||
| 122 | |||
| 123 | /* Convert an ASN1_TIME structure to GeneralizedTime */ | ||
| 124 | ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out) | ||
| 125 | { | ||
| 126 | ASN1_GENERALIZEDTIME *ret; | ||
| 127 | char *str; | ||
| 128 | |||
| 129 | if (!ASN1_TIME_check(t)) return NULL; | ||
| 130 | |||
| 131 | if (!out || !*out) | ||
| 132 | { | ||
| 133 | if (!(ret = ASN1_GENERALIZEDTIME_new ())) | ||
| 134 | return NULL; | ||
| 135 | if (out) *out = ret; | ||
| 136 | } | ||
| 137 | else ret = *out; | ||
| 138 | |||
| 139 | /* If already GeneralizedTime just copy across */ | ||
| 140 | if (t->type == V_ASN1_GENERALIZEDTIME) | ||
| 141 | { | ||
| 142 | if(!ASN1_STRING_set(ret, t->data, t->length)) | ||
| 143 | return NULL; | ||
| 144 | return ret; | ||
| 145 | } | ||
| 146 | |||
| 147 | /* grow the string */ | ||
| 148 | if (!ASN1_STRING_set(ret, NULL, t->length + 2)) | ||
| 149 | return NULL; | ||
| 150 | str = (char *)ret->data; | ||
| 151 | /* Work out the century and prepend */ | ||
| 152 | if (t->data[0] >= '5') strcpy(str, "19"); | ||
| 153 | else strcpy(str, "20"); | ||
| 154 | |||
| 155 | strcat(str, (char *)t->data); | ||
| 156 | |||
| 157 | return ret; | ||
| 158 | } | ||
diff --git a/src/lib/libcrypto/asn1/a_type.c b/src/lib/libcrypto/asn1/a_type.c index 7c0004084c..96e111cf23 100644 --- a/src/lib/libcrypto/asn1/a_type.c +++ b/src/lib/libcrypto/asn1/a_type.c | |||
| @@ -57,219 +57,10 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/asn1t.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | ||
| 62 | 62 | ||
| 63 | /* ASN1err(ASN1_F_ASN1_TYPE_NEW,ASN1_R_ERROR_STACK); | 63 | int ASN1_TYPE_get(ASN1_TYPE *a) |
| 64 | * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_ERROR_STACK); | ||
| 65 | * ASN1err(ASN1_F_D2I_ASN1_BYTES,ASN1_R_WRONG_TAG); | ||
| 66 | * ASN1err(ASN1_F_ASN1_COLLATE_PRIMATIVE,ASN1_R_WRONG_TAG); | ||
| 67 | */ | ||
| 68 | |||
| 69 | #ifndef NOPROTO | ||
| 70 | static void ASN1_TYPE_component_free(ASN1_TYPE *a); | ||
| 71 | #else | ||
| 72 | static void ASN1_TYPE_component_free(); | ||
| 73 | #endif | ||
| 74 | |||
| 75 | int i2d_ASN1_TYPE(a,pp) | ||
| 76 | ASN1_TYPE *a; | ||
| 77 | unsigned char **pp; | ||
| 78 | { | ||
| 79 | int r=0; | ||
| 80 | |||
| 81 | if (a == NULL) return(0); | ||
| 82 | |||
| 83 | switch (a->type) | ||
| 84 | { | ||
| 85 | case V_ASN1_NULL: | ||
| 86 | if (pp != NULL) | ||
| 87 | ASN1_put_object(pp,0,0,V_ASN1_NULL,V_ASN1_UNIVERSAL); | ||
| 88 | r=2; | ||
| 89 | break; | ||
| 90 | case V_ASN1_INTEGER: | ||
| 91 | case V_ASN1_NEG_INTEGER: | ||
| 92 | r=i2d_ASN1_INTEGER(a->value.integer,pp); | ||
| 93 | break; | ||
| 94 | case V_ASN1_BIT_STRING: | ||
| 95 | r=i2d_ASN1_BIT_STRING(a->value.bit_string,pp); | ||
| 96 | break; | ||
| 97 | case V_ASN1_OCTET_STRING: | ||
| 98 | r=i2d_ASN1_OCTET_STRING(a->value.octet_string,pp); | ||
| 99 | break; | ||
| 100 | case V_ASN1_OBJECT: | ||
| 101 | r=i2d_ASN1_OBJECT(a->value.object,pp); | ||
| 102 | break; | ||
| 103 | case V_ASN1_PRINTABLESTRING: | ||
| 104 | r=M_i2d_ASN1_PRINTABLESTRING(a->value.printablestring,pp); | ||
| 105 | break; | ||
| 106 | case V_ASN1_T61STRING: | ||
| 107 | r=M_i2d_ASN1_T61STRING(a->value.t61string,pp); | ||
| 108 | break; | ||
| 109 | case V_ASN1_IA5STRING: | ||
| 110 | r=M_i2d_ASN1_IA5STRING(a->value.ia5string,pp); | ||
| 111 | break; | ||
| 112 | case V_ASN1_GENERALSTRING: | ||
| 113 | r=M_i2d_ASN1_GENERALSTRING(a->value.generalstring,pp); | ||
| 114 | break; | ||
| 115 | case V_ASN1_UNIVERSALSTRING: | ||
| 116 | r=M_i2d_ASN1_UNIVERSALSTRING(a->value.universalstring,pp); | ||
| 117 | break; | ||
| 118 | case V_ASN1_BMPSTRING: | ||
| 119 | r=M_i2d_ASN1_BMPSTRING(a->value.bmpstring,pp); | ||
| 120 | break; | ||
| 121 | case V_ASN1_UTCTIME: | ||
| 122 | r=i2d_ASN1_UTCTIME(a->value.utctime,pp); | ||
| 123 | break; | ||
| 124 | case V_ASN1_SET: | ||
| 125 | case V_ASN1_SEQUENCE: | ||
| 126 | if (a->value.set == NULL) | ||
| 127 | r=0; | ||
| 128 | else | ||
| 129 | { | ||
| 130 | r=a->value.set->length; | ||
| 131 | if (pp != NULL) | ||
| 132 | { | ||
| 133 | memcpy(*pp,a->value.set->data,r); | ||
| 134 | *pp+=r; | ||
| 135 | } | ||
| 136 | } | ||
| 137 | break; | ||
| 138 | } | ||
| 139 | return(r); | ||
| 140 | } | ||
| 141 | |||
| 142 | ASN1_TYPE *d2i_ASN1_TYPE(a,pp,length) | ||
| 143 | ASN1_TYPE **a; | ||
| 144 | unsigned char **pp; | ||
| 145 | long length; | ||
| 146 | { | ||
| 147 | ASN1_TYPE *ret=NULL; | ||
| 148 | unsigned char *q,*p,*max; | ||
| 149 | int inf,tag,xclass; | ||
| 150 | long len; | ||
| 151 | |||
| 152 | if ((a == NULL) || ((*a) == NULL)) | ||
| 153 | { | ||
| 154 | if ((ret=ASN1_TYPE_new()) == NULL) goto err; | ||
| 155 | } | ||
| 156 | else | ||
| 157 | ret=(*a); | ||
| 158 | |||
| 159 | p= *pp; | ||
| 160 | q=p; | ||
| 161 | max=(p+length); | ||
| 162 | |||
| 163 | inf=ASN1_get_object(&q,&len,&tag,&xclass,length); | ||
| 164 | if (inf & 0x80) goto err; | ||
| 165 | |||
| 166 | ASN1_TYPE_component_free(ret); | ||
| 167 | |||
| 168 | switch (tag) | ||
| 169 | { | ||
| 170 | case V_ASN1_NULL: | ||
| 171 | p=q; | ||
| 172 | ret->value.ptr=NULL; | ||
| 173 | break; | ||
| 174 | case V_ASN1_INTEGER: | ||
| 175 | if ((ret->value.integer= | ||
| 176 | d2i_ASN1_INTEGER(NULL,&p,max-p)) == NULL) | ||
| 177 | goto err; | ||
| 178 | break; | ||
| 179 | case V_ASN1_BIT_STRING: | ||
| 180 | if ((ret->value.bit_string= | ||
| 181 | d2i_ASN1_BIT_STRING(NULL,&p,max-p)) == NULL) | ||
| 182 | goto err; | ||
| 183 | break; | ||
| 184 | case V_ASN1_OCTET_STRING: | ||
| 185 | if ((ret->value.octet_string= | ||
| 186 | d2i_ASN1_OCTET_STRING(NULL,&p,max-p)) == NULL) | ||
| 187 | goto err; | ||
| 188 | break; | ||
| 189 | case V_ASN1_OBJECT: | ||
| 190 | if ((ret->value.object= | ||
| 191 | d2i_ASN1_OBJECT(NULL,&p,max-p)) == NULL) | ||
| 192 | goto err; | ||
| 193 | break; | ||
| 194 | case V_ASN1_PRINTABLESTRING: | ||
| 195 | if ((ret->value.printablestring= | ||
| 196 | d2i_ASN1_PRINTABLESTRING(NULL,&p,max-p)) == NULL) | ||
| 197 | goto err; | ||
| 198 | break; | ||
| 199 | case V_ASN1_T61STRING: | ||
| 200 | if ((ret->value.t61string= | ||
| 201 | M_d2i_ASN1_T61STRING(NULL,&p,max-p)) == NULL) | ||
| 202 | goto err; | ||
| 203 | break; | ||
| 204 | case V_ASN1_IA5STRING: | ||
| 205 | if ((ret->value.ia5string= | ||
| 206 | M_d2i_ASN1_IA5STRING(NULL,&p,max-p)) == NULL) | ||
| 207 | goto err; | ||
| 208 | break; | ||
| 209 | case V_ASN1_GENERALSTRING: | ||
| 210 | if ((ret->value.generalstring= | ||
| 211 | M_d2i_ASN1_GENERALSTRING(NULL,&p,max-p)) == NULL) | ||
| 212 | goto err; | ||
| 213 | break; | ||
| 214 | case V_ASN1_UNIVERSALSTRING: | ||
| 215 | if ((ret->value.universalstring= | ||
| 216 | M_d2i_ASN1_UNIVERSALSTRING(NULL,&p,max-p)) == NULL) | ||
| 217 | goto err; | ||
| 218 | break; | ||
| 219 | case V_ASN1_BMPSTRING: | ||
| 220 | if ((ret->value.bmpstring= | ||
| 221 | M_d2i_ASN1_BMPSTRING(NULL,&p,max-p)) == NULL) | ||
| 222 | goto err; | ||
| 223 | break; | ||
| 224 | case V_ASN1_UTCTIME: | ||
| 225 | if ((ret->value.utctime= | ||
| 226 | d2i_ASN1_UTCTIME(NULL,&p,max-p)) == NULL) | ||
| 227 | goto err; | ||
| 228 | break; | ||
| 229 | case V_ASN1_SET: | ||
| 230 | case V_ASN1_SEQUENCE: | ||
| 231 | /* Sets and sequences are left complete */ | ||
| 232 | if ((ret->value.set=ASN1_STRING_new()) == NULL) goto err; | ||
| 233 | ret->value.set->type=tag; | ||
| 234 | len+=(q-p); | ||
| 235 | if (!ASN1_STRING_set(ret->value.set,p,(int)len)) goto err; | ||
| 236 | p+=len; | ||
| 237 | break; | ||
| 238 | default: | ||
| 239 | ASN1err(ASN1_F_D2I_ASN1_TYPE,ASN1_R_BAD_TYPE); | ||
| 240 | goto err; | ||
| 241 | } | ||
| 242 | |||
| 243 | ret->type=tag; | ||
| 244 | if (a != NULL) (*a)=ret; | ||
| 245 | *pp=p; | ||
| 246 | return(ret); | ||
| 247 | err: | ||
| 248 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) ASN1_TYPE_free(ret); | ||
| 249 | return(NULL); | ||
| 250 | } | ||
| 251 | |||
| 252 | ASN1_TYPE *ASN1_TYPE_new() | ||
| 253 | { | ||
| 254 | ASN1_TYPE *ret=NULL; | ||
| 255 | |||
| 256 | M_ASN1_New_Malloc(ret,ASN1_TYPE); | ||
| 257 | ret->type= -1; | ||
| 258 | ret->value.ptr=NULL; | ||
| 259 | return(ret); | ||
| 260 | M_ASN1_New_Error(ASN1_F_ASN1_TYPE_NEW); | ||
| 261 | } | ||
| 262 | |||
| 263 | void ASN1_TYPE_free(a) | ||
| 264 | ASN1_TYPE *a; | ||
| 265 | { | ||
| 266 | if (a == NULL) return; | ||
| 267 | ASN1_TYPE_component_free(a); | ||
| 268 | Free((char *)(char *)a); | ||
| 269 | } | ||
| 270 | |||
| 271 | int ASN1_TYPE_get(a) | ||
| 272 | ASN1_TYPE *a; | ||
| 273 | { | 64 | { |
| 274 | if (a->value.ptr != NULL) | 65 | if (a->value.ptr != NULL) |
| 275 | return(a->type); | 66 | return(a->type); |
| @@ -277,49 +68,14 @@ ASN1_TYPE *a; | |||
| 277 | return(0); | 68 | return(0); |
| 278 | } | 69 | } |
| 279 | 70 | ||
| 280 | void ASN1_TYPE_set(a,type,value) | 71 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value) |
| 281 | ASN1_TYPE *a; | ||
| 282 | int type; | ||
| 283 | char *value; | ||
| 284 | { | 72 | { |
| 285 | if (a->value.ptr != NULL) | 73 | if (a->value.ptr != NULL) |
| 286 | ASN1_TYPE_component_free(a); | 74 | ASN1_primitive_free((ASN1_VALUE **)&a, NULL); |
| 287 | a->type=type; | 75 | a->type=type; |
| 288 | a->value.ptr=value; | 76 | a->value.ptr=value; |
| 289 | } | 77 | } |
| 290 | 78 | ||
| 291 | static void ASN1_TYPE_component_free(a) | ||
| 292 | ASN1_TYPE *a; | ||
| 293 | { | ||
| 294 | if (a == NULL) return; | ||
| 295 | |||
| 296 | if (a->value.ptr != NULL) | ||
| 297 | { | ||
| 298 | switch (a->type) | ||
| 299 | { | ||
| 300 | case V_ASN1_OBJECT: | ||
| 301 | ASN1_OBJECT_free(a->value.object); | ||
| 302 | break; | ||
| 303 | case V_ASN1_INTEGER: | ||
| 304 | case V_ASN1_NEG_INTEGER: | ||
| 305 | case V_ASN1_BIT_STRING: | ||
| 306 | case V_ASN1_OCTET_STRING: | ||
| 307 | case V_ASN1_PRINTABLESTRING: | ||
| 308 | case V_ASN1_T61STRING: | ||
| 309 | case V_ASN1_IA5STRING: | ||
| 310 | case V_ASN1_UNIVERSALSTRING: | ||
| 311 | case V_ASN1_GENERALSTRING: | ||
| 312 | case V_ASN1_UTCTIME: | ||
| 313 | case V_ASN1_SET: | ||
| 314 | case V_ASN1_SEQUENCE: | ||
| 315 | ASN1_STRING_free((ASN1_STRING *)a->value.ptr); | ||
| 316 | break; | ||
| 317 | default: | ||
| 318 | /* MEMORY LEAK */ | ||
| 319 | break; | ||
| 320 | } | ||
| 321 | a->type=0; | ||
| 322 | a->value.ptr=NULL; | ||
| 323 | } | ||
| 324 | } | ||
| 325 | 79 | ||
| 80 | IMPLEMENT_STACK_OF(ASN1_TYPE) | ||
| 81 | IMPLEMENT_ASN1_SET_OF(ASN1_TYPE) | ||
diff --git a/src/lib/libcrypto/asn1/a_utf8.c b/src/lib/libcrypto/asn1/a_utf8.c index 4a8a92e9e4..508e11e527 100644 --- a/src/lib/libcrypto/asn1/a_utf8.c +++ b/src/lib/libcrypto/asn1/a_utf8.c | |||
| @@ -60,24 +60,152 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | int i2d_ASN1_UTF8STRING(ASN1_UTF8STRING *a, unsigned char **pp) | ||
| 64 | { | ||
| 65 | return(i2d_ASN1_bytes((ASN1_STRING *)a,pp, | ||
| 66 | V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL)); | ||
| 67 | } | ||
| 68 | 63 | ||
| 69 | ASN1_UTF8STRING *d2i_ASN1_UTF8STRING(ASN1_UTF8STRING **a, unsigned char **pp, | 64 | /* UTF8 utilities */ |
| 70 | long length) | 65 | |
| 71 | { | 66 | /* This parses a UTF8 string one character at a time. It is passed a pointer |
| 72 | ASN1_UTF8STRING *ret=NULL; | 67 | * to the string and the length of the string. It sets 'value' to the value of |
| 68 | * the current character. It returns the number of characters read or a | ||
| 69 | * negative error code: | ||
| 70 | * -1 = string too short | ||
| 71 | * -2 = illegal character | ||
| 72 | * -3 = subsequent characters not of the form 10xxxxxx | ||
| 73 | * -4 = character encoded incorrectly (not minimal length). | ||
| 74 | */ | ||
| 75 | |||
| 76 | int UTF8_getc(const unsigned char *str, int len, unsigned long *val) | ||
| 77 | { | ||
| 78 | const unsigned char *p; | ||
| 79 | unsigned long value; | ||
| 80 | int ret; | ||
| 81 | if(len <= 0) return 0; | ||
| 82 | p = str; | ||
| 73 | 83 | ||
| 74 | ret=(ASN1_UTF8STRING *)d2i_ASN1_bytes((ASN1_STRING **)a, | 84 | /* Check syntax and work out the encoded value (if correct) */ |
| 75 | pp,length,V_ASN1_UTF8STRING,V_ASN1_UNIVERSAL); | 85 | if((*p & 0x80) == 0) { |
| 76 | if (ret == NULL) | 86 | value = *p++ & 0x7f; |
| 77 | { | 87 | ret = 1; |
| 78 | ASN1err(ASN1_F_D2I_ASN1_UTF8STRING,ERR_R_NESTED_ASN1_ERROR); | 88 | } else if((*p & 0xe0) == 0xc0) { |
| 79 | return(NULL); | 89 | if(len < 2) return -1; |
| 90 | if((p[1] & 0xc0) != 0x80) return -3; | ||
| 91 | value = (*p++ & 0x1f) << 6; | ||
| 92 | value |= *p++ & 0x3f; | ||
| 93 | if(value < 0x80) return -4; | ||
| 94 | ret = 2; | ||
| 95 | } else if((*p & 0xf0) == 0xe0) { | ||
| 96 | if(len < 3) return -1; | ||
| 97 | if( ((p[1] & 0xc0) != 0x80) | ||
| 98 | || ((p[2] & 0xc0) != 0x80) ) return -3; | ||
| 99 | value = (*p++ & 0xf) << 12; | ||
| 100 | value |= (*p++ & 0x3f) << 6; | ||
| 101 | value |= *p++ & 0x3f; | ||
| 102 | if(value < 0x800) return -4; | ||
| 103 | ret = 3; | ||
| 104 | } else if((*p & 0xf8) == 0xf0) { | ||
| 105 | if(len < 4) return -1; | ||
| 106 | if( ((p[1] & 0xc0) != 0x80) | ||
| 107 | || ((p[2] & 0xc0) != 0x80) | ||
| 108 | || ((p[3] & 0xc0) != 0x80) ) return -3; | ||
| 109 | value = ((unsigned long)(*p++ & 0x7)) << 18; | ||
| 110 | value |= (*p++ & 0x3f) << 12; | ||
| 111 | value |= (*p++ & 0x3f) << 6; | ||
| 112 | value |= *p++ & 0x3f; | ||
| 113 | if(value < 0x10000) return -4; | ||
| 114 | ret = 4; | ||
| 115 | } else if((*p & 0xfc) == 0xf8) { | ||
| 116 | if(len < 5) return -1; | ||
| 117 | if( ((p[1] & 0xc0) != 0x80) | ||
| 118 | || ((p[2] & 0xc0) != 0x80) | ||
| 119 | || ((p[3] & 0xc0) != 0x80) | ||
| 120 | || ((p[4] & 0xc0) != 0x80) ) return -3; | ||
| 121 | value = ((unsigned long)(*p++ & 0x3)) << 24; | ||
| 122 | value |= ((unsigned long)(*p++ & 0x3f)) << 18; | ||
| 123 | value |= ((unsigned long)(*p++ & 0x3f)) << 12; | ||
| 124 | value |= (*p++ & 0x3f) << 6; | ||
| 125 | value |= *p++ & 0x3f; | ||
| 126 | if(value < 0x200000) return -4; | ||
| 127 | ret = 5; | ||
| 128 | } else if((*p & 0xfe) == 0xfc) { | ||
| 129 | if(len < 6) return -1; | ||
| 130 | if( ((p[1] & 0xc0) != 0x80) | ||
| 131 | || ((p[2] & 0xc0) != 0x80) | ||
| 132 | || ((p[3] & 0xc0) != 0x80) | ||
| 133 | || ((p[4] & 0xc0) != 0x80) | ||
| 134 | || ((p[5] & 0xc0) != 0x80) ) return -3; | ||
| 135 | value = ((unsigned long)(*p++ & 0x1)) << 30; | ||
| 136 | value |= ((unsigned long)(*p++ & 0x3f)) << 24; | ||
| 137 | value |= ((unsigned long)(*p++ & 0x3f)) << 18; | ||
| 138 | value |= ((unsigned long)(*p++ & 0x3f)) << 12; | ||
| 139 | value |= (*p++ & 0x3f) << 6; | ||
| 140 | value |= *p++ & 0x3f; | ||
| 141 | if(value < 0x4000000) return -4; | ||
| 142 | ret = 6; | ||
| 143 | } else return -2; | ||
| 144 | *val = value; | ||
| 145 | return ret; | ||
| 146 | } | ||
| 147 | |||
| 148 | /* This takes a character 'value' and writes the UTF8 encoded value in | ||
| 149 | * 'str' where 'str' is a buffer containing 'len' characters. Returns | ||
| 150 | * the number of characters written or -1 if 'len' is too small. 'str' can | ||
| 151 | * be set to NULL in which case it just returns the number of characters. | ||
| 152 | * It will need at most 6 characters. | ||
| 153 | */ | ||
| 154 | |||
| 155 | int UTF8_putc(unsigned char *str, int len, unsigned long value) | ||
| 156 | { | ||
| 157 | if(!str) len = 6; /* Maximum we will need */ | ||
| 158 | else if(len <= 0) return -1; | ||
| 159 | if(value < 0x80) { | ||
| 160 | if(str) *str = (unsigned char)value; | ||
| 161 | return 1; | ||
| 162 | } | ||
| 163 | if(value < 0x800) { | ||
| 164 | if(len < 2) return -1; | ||
| 165 | if(str) { | ||
| 166 | *str++ = (unsigned char)(((value >> 6) & 0x1f) | 0xc0); | ||
| 167 | *str = (unsigned char)((value & 0x3f) | 0x80); | ||
| 80 | } | 168 | } |
| 81 | return(ret); | 169 | return 2; |
| 82 | } | 170 | } |
| 83 | 171 | if(value < 0x10000) { | |
| 172 | if(len < 3) return -1; | ||
| 173 | if(str) { | ||
| 174 | *str++ = (unsigned char)(((value >> 12) & 0xf) | 0xe0); | ||
| 175 | *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); | ||
| 176 | *str = (unsigned char)((value & 0x3f) | 0x80); | ||
| 177 | } | ||
| 178 | return 3; | ||
| 179 | } | ||
| 180 | if(value < 0x200000) { | ||
| 181 | if(len < 4) return -1; | ||
| 182 | if(str) { | ||
| 183 | *str++ = (unsigned char)(((value >> 18) & 0x7) | 0xf0); | ||
| 184 | *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); | ||
| 185 | *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); | ||
| 186 | *str = (unsigned char)((value & 0x3f) | 0x80); | ||
| 187 | } | ||
| 188 | return 4; | ||
| 189 | } | ||
| 190 | if(value < 0x4000000) { | ||
| 191 | if(len < 5) return -1; | ||
| 192 | if(str) { | ||
| 193 | *str++ = (unsigned char)(((value >> 24) & 0x3) | 0xf8); | ||
| 194 | *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); | ||
| 195 | *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); | ||
| 196 | *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); | ||
| 197 | *str = (unsigned char)((value & 0x3f) | 0x80); | ||
| 198 | } | ||
| 199 | return 5; | ||
| 200 | } | ||
| 201 | if(len < 6) return -1; | ||
| 202 | if(str) { | ||
| 203 | *str++ = (unsigned char)(((value >> 30) & 0x1) | 0xfc); | ||
| 204 | *str++ = (unsigned char)(((value >> 24) & 0x3f) | 0x80); | ||
| 205 | *str++ = (unsigned char)(((value >> 18) & 0x3f) | 0x80); | ||
| 206 | *str++ = (unsigned char)(((value >> 12) & 0x3f) | 0x80); | ||
| 207 | *str++ = (unsigned char)(((value >> 6) & 0x3f) | 0x80); | ||
| 208 | *str = (unsigned char)((value & 0x3f) | 0x80); | ||
| 209 | } | ||
| 210 | return 6; | ||
| 211 | } | ||
diff --git a/src/lib/libcrypto/asn1/a_verify.c b/src/lib/libcrypto/asn1/a_verify.c index 03fc63dbef..bf41de5146 100644 --- a/src/lib/libcrypto/asn1/a_verify.c +++ b/src/lib/libcrypto/asn1/a_verify.c | |||
| @@ -58,29 +58,30 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <sys/types.h> | ||
| 62 | #include <sys/stat.h> | ||
| 63 | 61 | ||
| 64 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 65 | #include "bn.h" | 63 | |
| 66 | #include "x509.h" | 64 | #ifndef NO_SYS_TYPES_H |
| 67 | #include "objects.h" | 65 | # include <sys/types.h> |
| 68 | #include "buffer.h" | 66 | #endif |
| 69 | #include "evp.h" | 67 | |
| 70 | #include "pem.h" | 68 | #include <openssl/bn.h> |
| 71 | 69 | #include <openssl/x509.h> | |
| 72 | int ASN1_verify(i2d,a,signature,data,pkey) | 70 | #include <openssl/objects.h> |
| 73 | int (*i2d)(); | 71 | #include <openssl/buffer.h> |
| 74 | X509_ALGOR *a; | 72 | #include <openssl/evp.h> |
| 75 | ASN1_BIT_STRING *signature; | 73 | |
| 76 | char *data; | 74 | #ifndef NO_ASN1_OLD |
| 77 | EVP_PKEY *pkey; | 75 | |
| 76 | int ASN1_verify(int (*i2d)(), X509_ALGOR *a, ASN1_BIT_STRING *signature, | ||
| 77 | char *data, EVP_PKEY *pkey) | ||
| 78 | { | 78 | { |
| 79 | EVP_MD_CTX ctx; | 79 | EVP_MD_CTX ctx; |
| 80 | EVP_MD *type; | 80 | const EVP_MD *type; |
| 81 | unsigned char *p,*buf_in=NULL; | 81 | unsigned char *p,*buf_in=NULL; |
| 82 | int ret= -1,i,inl; | 82 | int ret= -1,i,inl; |
| 83 | 83 | ||
| 84 | EVP_MD_CTX_init(&ctx); | ||
| 84 | i=OBJ_obj2nid(a->algorithm); | 85 | i=OBJ_obj2nid(a->algorithm); |
| 85 | type=EVP_get_digestbyname(OBJ_nid2sn(i)); | 86 | type=EVP_get_digestbyname(OBJ_nid2sn(i)); |
| 86 | if (type == NULL) | 87 | if (type == NULL) |
| @@ -90,7 +91,7 @@ EVP_PKEY *pkey; | |||
| 90 | } | 91 | } |
| 91 | 92 | ||
| 92 | inl=i2d(data,NULL); | 93 | inl=i2d(data,NULL); |
| 93 | buf_in=(unsigned char *)Malloc((unsigned int)inl); | 94 | buf_in=OPENSSL_malloc((unsigned int)inl); |
| 94 | if (buf_in == NULL) | 95 | if (buf_in == NULL) |
| 95 | { | 96 | { |
| 96 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); | 97 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); |
| @@ -99,11 +100,61 @@ EVP_PKEY *pkey; | |||
| 99 | p=buf_in; | 100 | p=buf_in; |
| 100 | 101 | ||
| 101 | i2d(data,&p); | 102 | i2d(data,&p); |
| 102 | EVP_VerifyInit(&ctx,type); | 103 | EVP_VerifyInit_ex(&ctx,type, NULL); |
| 104 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | ||
| 105 | |||
| 106 | memset(buf_in,0,(unsigned int)inl); | ||
| 107 | OPENSSL_free(buf_in); | ||
| 108 | |||
| 109 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | ||
| 110 | (unsigned int)signature->length,pkey) <= 0) | ||
| 111 | { | ||
| 112 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_EVP_LIB); | ||
| 113 | ret=0; | ||
| 114 | goto err; | ||
| 115 | } | ||
| 116 | /* we don't need to zero the 'ctx' because we just checked | ||
| 117 | * public information */ | ||
| 118 | /* memset(&ctx,0,sizeof(ctx)); */ | ||
| 119 | ret=1; | ||
| 120 | err: | ||
| 121 | EVP_MD_CTX_cleanup(&ctx); | ||
| 122 | return(ret); | ||
| 123 | } | ||
| 124 | |||
| 125 | #endif | ||
| 126 | |||
| 127 | |||
| 128 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *a, ASN1_BIT_STRING *signature, | ||
| 129 | void *asn, EVP_PKEY *pkey) | ||
| 130 | { | ||
| 131 | EVP_MD_CTX ctx; | ||
| 132 | const EVP_MD *type; | ||
| 133 | unsigned char *buf_in=NULL; | ||
| 134 | int ret= -1,i,inl; | ||
| 135 | |||
| 136 | EVP_MD_CTX_init(&ctx); | ||
| 137 | i=OBJ_obj2nid(a->algorithm); | ||
| 138 | type=EVP_get_digestbyname(OBJ_nid2sn(i)); | ||
| 139 | if (type == NULL) | ||
| 140 | { | ||
| 141 | ASN1err(ASN1_F_ASN1_VERIFY,ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); | ||
| 142 | goto err; | ||
| 143 | } | ||
| 144 | |||
| 145 | inl = ASN1_item_i2d(asn, &buf_in, it); | ||
| 146 | |||
| 147 | if (buf_in == NULL) | ||
| 148 | { | ||
| 149 | ASN1err(ASN1_F_ASN1_VERIFY,ERR_R_MALLOC_FAILURE); | ||
| 150 | goto err; | ||
| 151 | } | ||
| 152 | |||
| 153 | EVP_VerifyInit_ex(&ctx,type, NULL); | ||
| 103 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); | 154 | EVP_VerifyUpdate(&ctx,(unsigned char *)buf_in,inl); |
| 104 | 155 | ||
| 105 | memset(buf_in,0,(unsigned int)inl); | 156 | memset(buf_in,0,(unsigned int)inl); |
| 106 | Free((char *)buf_in); | 157 | OPENSSL_free(buf_in); |
| 107 | 158 | ||
| 108 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, | 159 | if (EVP_VerifyFinal(&ctx,(unsigned char *)signature->data, |
| 109 | (unsigned int)signature->length,pkey) <= 0) | 160 | (unsigned int)signature->length,pkey) <= 0) |
| @@ -117,5 +168,8 @@ EVP_PKEY *pkey; | |||
| 117 | /* memset(&ctx,0,sizeof(ctx)); */ | 168 | /* memset(&ctx,0,sizeof(ctx)); */ |
| 118 | ret=1; | 169 | ret=1; |
| 119 | err: | 170 | err: |
| 171 | EVP_MD_CTX_cleanup(&ctx); | ||
| 120 | return(ret); | 172 | return(ret); |
| 121 | } | 173 | } |
| 174 | |||
| 175 | |||
diff --git a/src/lib/libcrypto/asn1/asn1.h b/src/lib/libcrypto/asn1/asn1.h index 9793db365d..0d1713f8dd 100644 --- a/src/lib/libcrypto/asn1/asn1.h +++ b/src/lib/libcrypto/asn1/asn1.h | |||
| @@ -59,29 +59,49 @@ | |||
| 59 | #ifndef HEADER_ASN1_H | 59 | #ifndef HEADER_ASN1_H |
| 60 | #define HEADER_ASN1_H | 60 | #define HEADER_ASN1_H |
| 61 | 61 | ||
| 62 | #include <time.h> | ||
| 63 | #ifndef OPENSSL_NO_BIO | ||
| 64 | #include <openssl/bio.h> | ||
| 65 | #endif | ||
| 66 | #include <openssl/e_os2.h> | ||
| 67 | #include <openssl/bn.h> | ||
| 68 | #include <openssl/stack.h> | ||
| 69 | #include <openssl/safestack.h> | ||
| 70 | |||
| 71 | #include <openssl/symhacks.h> | ||
| 72 | |||
| 73 | #include <openssl/e_os2.h> | ||
| 74 | #include <openssl/ossl_typ.h> | ||
| 75 | |||
| 76 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | ||
| 77 | # undef OPENSSL_EXTERN | ||
| 78 | # define OPENSSL_EXTERN OPENSSL_EXPORT | ||
| 79 | #endif | ||
| 80 | |||
| 62 | #ifdef __cplusplus | 81 | #ifdef __cplusplus |
| 63 | extern "C" { | 82 | extern "C" { |
| 64 | #endif | 83 | #endif |
| 65 | 84 | ||
| 66 | #include <time.h> | ||
| 67 | #include "bn.h" | ||
| 68 | #include "stack.h" | ||
| 69 | |||
| 70 | #define V_ASN1_UNIVERSAL 0x00 | 85 | #define V_ASN1_UNIVERSAL 0x00 |
| 71 | #define V_ASN1_APPLICATION 0x40 | 86 | #define V_ASN1_APPLICATION 0x40 |
| 72 | #define V_ASN1_CONTEXT_SPECIFIC 0x80 | 87 | #define V_ASN1_CONTEXT_SPECIFIC 0x80 |
| 73 | #define V_ASN1_PRIVATE 0xc0 | 88 | #define V_ASN1_PRIVATE 0xc0 |
| 74 | 89 | ||
| 75 | #define V_ASN1_CONSTRUCTED 0x20 | 90 | #define V_ASN1_CONSTRUCTED 0x20 |
| 91 | #define V_ASN1_PRIMITIVE_TAG 0x1f | ||
| 76 | #define V_ASN1_PRIMATIVE_TAG 0x1f | 92 | #define V_ASN1_PRIMATIVE_TAG 0x1f |
| 77 | 93 | ||
| 78 | #define V_ASN1_APP_CHOOSE -2 /* let the recipent choose */ | 94 | #define V_ASN1_APP_CHOOSE -2 /* let the recipient choose */ |
| 95 | #define V_ASN1_OTHER -3 /* used in ASN1_TYPE */ | ||
| 96 | #define V_ASN1_ANY -4 /* used in ASN1 template code */ | ||
| 97 | |||
| 98 | #define V_ASN1_NEG 0x100 /* negative flag */ | ||
| 79 | 99 | ||
| 80 | #define V_ASN1_UNDEF -1 | 100 | #define V_ASN1_UNDEF -1 |
| 81 | #define V_ASN1_EOC 0 | 101 | #define V_ASN1_EOC 0 |
| 82 | #define V_ASN1_BOOLEAN 1 /**/ | 102 | #define V_ASN1_BOOLEAN 1 /**/ |
| 83 | #define V_ASN1_INTEGER 2 | 103 | #define V_ASN1_INTEGER 2 |
| 84 | #define V_ASN1_NEG_INTEGER (2+0x100) | 104 | #define V_ASN1_NEG_INTEGER (2 | V_ASN1_NEG) |
| 85 | #define V_ASN1_BIT_STRING 3 | 105 | #define V_ASN1_BIT_STRING 3 |
| 86 | #define V_ASN1_OCTET_STRING 4 | 106 | #define V_ASN1_OCTET_STRING 4 |
| 87 | #define V_ASN1_NULL 5 | 107 | #define V_ASN1_NULL 5 |
| @@ -89,7 +109,9 @@ extern "C" { | |||
| 89 | #define V_ASN1_OBJECT_DESCRIPTOR 7 | 109 | #define V_ASN1_OBJECT_DESCRIPTOR 7 |
| 90 | #define V_ASN1_EXTERNAL 8 | 110 | #define V_ASN1_EXTERNAL 8 |
| 91 | #define V_ASN1_REAL 9 | 111 | #define V_ASN1_REAL 9 |
| 92 | #define V_ASN1_ENUMERATED 10 /* microsoft weirdness */ | 112 | #define V_ASN1_ENUMERATED 10 |
| 113 | #define V_ASN1_NEG_ENUMERATED (10 | V_ASN1_NEG) | ||
| 114 | #define V_ASN1_UTF8STRING 12 | ||
| 93 | #define V_ASN1_SEQUENCE 16 | 115 | #define V_ASN1_SEQUENCE 16 |
| 94 | #define V_ASN1_SET 17 | 116 | #define V_ASN1_SET 17 |
| 95 | #define V_ASN1_NUMERICSTRING 18 /**/ | 117 | #define V_ASN1_NUMERICSTRING 18 /**/ |
| @@ -111,111 +133,33 @@ extern "C" { | |||
| 111 | #define B_ASN1_NUMERICSTRING 0x0001 | 133 | #define B_ASN1_NUMERICSTRING 0x0001 |
| 112 | #define B_ASN1_PRINTABLESTRING 0x0002 | 134 | #define B_ASN1_PRINTABLESTRING 0x0002 |
| 113 | #define B_ASN1_T61STRING 0x0004 | 135 | #define B_ASN1_T61STRING 0x0004 |
| 136 | #define B_ASN1_TELETEXSTRING 0x0008 | ||
| 114 | #define B_ASN1_VIDEOTEXSTRING 0x0008 | 137 | #define B_ASN1_VIDEOTEXSTRING 0x0008 |
| 115 | #define B_ASN1_IA5STRING 0x0010 | 138 | #define B_ASN1_IA5STRING 0x0010 |
| 116 | #define B_ASN1_GRAPHICSTRING 0x0020 | 139 | #define B_ASN1_GRAPHICSTRING 0x0020 |
| 117 | #define B_ASN1_ISO64STRING 0x0040 | 140 | #define B_ASN1_ISO64STRING 0x0040 |
| 141 | #define B_ASN1_VISIBLESTRING 0x0040 | ||
| 118 | #define B_ASN1_GENERALSTRING 0x0080 | 142 | #define B_ASN1_GENERALSTRING 0x0080 |
| 119 | #define B_ASN1_UNIVERSALSTRING 0x0100 | 143 | #define B_ASN1_UNIVERSALSTRING 0x0100 |
| 120 | #define B_ASN1_OCTET_STRING 0x0200 | 144 | #define B_ASN1_OCTET_STRING 0x0200 |
| 121 | #define B_ASN1_BIT_STRING 0x0400 | 145 | #define B_ASN1_BIT_STRING 0x0400 |
| 122 | #define B_ASN1_BMPSTRING 0x0800 | 146 | #define B_ASN1_BMPSTRING 0x0800 |
| 123 | #define B_ASN1_UNKNOWN 0x1000 | 147 | #define B_ASN1_UNKNOWN 0x1000 |
| 148 | #define B_ASN1_UTF8STRING 0x2000 | ||
| 149 | #define B_ASN1_UTCTIME 0x4000 | ||
| 150 | #define B_ASN1_GENERALIZEDTIME 0x8000 | ||
| 124 | 151 | ||
| 125 | #ifndef DEBUG | 152 | /* For use with ASN1_mbstring_copy() */ |
| 126 | 153 | #define MBSTRING_FLAG 0x1000 | |
| 127 | #define ASN1_INTEGER ASN1_STRING | 154 | #define MBSTRING_ASC (MBSTRING_FLAG|1) |
| 128 | #define ASN1_BIT_STRING ASN1_STRING | 155 | #define MBSTRING_BMP (MBSTRING_FLAG|2) |
| 129 | #define ASN1_OCTET_STRING ASN1_STRING | 156 | #define MBSTRING_UNIV (MBSTRING_FLAG|3) |
| 130 | #define ASN1_PRINTABLESTRING ASN1_STRING | 157 | #define MBSTRING_UTF8 (MBSTRING_FLAG|4) |
| 131 | #define ASN1_T61STRING ASN1_STRING | ||
| 132 | #define ASN1_IA5STRING ASN1_STRING | ||
| 133 | #define ASN1_UTCTIME ASN1_STRING | ||
| 134 | #define ASN1_GENERALIZEDTIME ASN1_STRING | ||
| 135 | #define ASN1_GENERALSTRING ASN1_STRING | ||
| 136 | #define ASN1_UNIVERSALSTRING ASN1_STRING | ||
| 137 | #define ASN1_BMPSTRING ASN1_STRING | ||
| 138 | |||
| 139 | #else | ||
| 140 | |||
| 141 | typedef struct asn1_integer_st | ||
| 142 | { | ||
| 143 | int length; | ||
| 144 | int type; | ||
| 145 | unsigned char *data; | ||
| 146 | } ASN1_INTEGER; | ||
| 147 | |||
| 148 | typedef struct asn1_bit_string_st | ||
| 149 | { | ||
| 150 | int length; | ||
| 151 | int type; | ||
| 152 | unsigned char *data; | ||
| 153 | } ASN1_BIT_STRING; | ||
| 154 | |||
| 155 | typedef struct asn1_octet_string_st | ||
| 156 | { | ||
| 157 | int length; | ||
| 158 | int type; | ||
| 159 | unsigned char *data; | ||
| 160 | } ASN1_OCTET_STRING; | ||
| 161 | |||
| 162 | typedef struct asn1_printablestring_st | ||
| 163 | { | ||
| 164 | int length; | ||
| 165 | int type; | ||
| 166 | unsigned char *data; | ||
| 167 | } ASN1_PRINTABLESTRING; | ||
| 168 | 158 | ||
| 169 | typedef struct asn1_t61string_st | 159 | struct X509_algor_st; |
| 170 | { | ||
| 171 | int length; | ||
| 172 | int type; | ||
| 173 | unsigned char *data; | ||
| 174 | } ASN1_T61STRING; | ||
| 175 | 160 | ||
| 176 | typedef struct asn1_ia5string_st | 161 | #define DECLARE_ASN1_SET_OF(type) /* filled in by mkstack.pl */ |
| 177 | { | 162 | #define IMPLEMENT_ASN1_SET_OF(type) /* nothing, no longer needed */ |
| 178 | int length; | ||
| 179 | int type; | ||
| 180 | unsigned char *data; | ||
| 181 | } ASN1_IA5STRING; | ||
| 182 | |||
| 183 | typedef struct asn1_generalstring_st | ||
| 184 | { | ||
| 185 | int length; | ||
| 186 | int type; | ||
| 187 | unsigned char *data; | ||
| 188 | } ASN1_GENERALSTRING; | ||
| 189 | |||
| 190 | typedef struct asn1_universalstring_st | ||
| 191 | { | ||
| 192 | int length; | ||
| 193 | int type; | ||
| 194 | unsigned char *data; | ||
| 195 | } ASN1_UNIVERSALSTRING; | ||
| 196 | |||
| 197 | typedef struct asn1_bmpstring_st | ||
| 198 | { | ||
| 199 | int length; | ||
| 200 | int type; | ||
| 201 | unsigned char *data; | ||
| 202 | } ASN1_BMPSTRING; | ||
| 203 | |||
| 204 | typedef struct asn1_utctime_st | ||
| 205 | { | ||
| 206 | int length; | ||
| 207 | int type; | ||
| 208 | unsigned char *data; | ||
| 209 | } ASN1_UTCTIME; | ||
| 210 | |||
| 211 | typedef struct asn1_generalizedtime_st | ||
| 212 | { | ||
| 213 | int length; | ||
| 214 | int type; | ||
| 215 | unsigned char *data; | ||
| 216 | } ASN1_GENERALIZEDTIME; | ||
| 217 | |||
| 218 | #endif | ||
| 219 | 163 | ||
| 220 | typedef struct asn1_ctx_st | 164 | typedef struct asn1_ctx_st |
| 221 | { | 165 | { |
| @@ -226,9 +170,10 @@ typedef struct asn1_ctx_st | |||
| 226 | int tag; /* tag from last 'get object' */ | 170 | int tag; /* tag from last 'get object' */ |
| 227 | int xclass; /* class from last 'get object' */ | 171 | int xclass; /* class from last 'get object' */ |
| 228 | long slen; /* length of last 'get object' */ | 172 | long slen; /* length of last 'get object' */ |
| 229 | unsigned char *max; /* largest value of p alowed */ | 173 | unsigned char *max; /* largest value of p allowed */ |
| 230 | unsigned char *q;/* temporary variable */ | 174 | unsigned char *q;/* temporary variable */ |
| 231 | unsigned char **pp;/* variable */ | 175 | unsigned char **pp;/* variable */ |
| 176 | int line; /* used in error processing */ | ||
| 232 | } ASN1_CTX; | 177 | } ASN1_CTX; |
| 233 | 178 | ||
| 234 | /* These are used internally in the ASN1_OBJECT to keep track of | 179 | /* These are used internally in the ASN1_OBJECT to keep track of |
| @@ -239,29 +184,274 @@ typedef struct asn1_ctx_st | |||
| 239 | #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ | 184 | #define ASN1_OBJECT_FLAG_DYNAMIC_DATA 0x08 /* internal use */ |
| 240 | typedef struct asn1_object_st | 185 | typedef struct asn1_object_st |
| 241 | { | 186 | { |
| 242 | char *sn,*ln; | 187 | const char *sn,*ln; |
| 243 | int nid; | 188 | int nid; |
| 244 | int length; | 189 | int length; |
| 245 | unsigned char *data; | 190 | unsigned char *data; |
| 246 | int flags; /* Should we free this one */ | 191 | int flags; /* Should we free this one */ |
| 247 | } ASN1_OBJECT; | 192 | } ASN1_OBJECT; |
| 248 | 193 | ||
| 194 | #define ASN1_STRING_FLAG_BITS_LEFT 0x08 /* Set if 0x07 has bits left value */ | ||
| 249 | /* This is the base type that holds just about everything :-) */ | 195 | /* This is the base type that holds just about everything :-) */ |
| 250 | typedef struct asn1_string_st | 196 | typedef struct asn1_string_st |
| 251 | { | 197 | { |
| 252 | int length; | 198 | int length; |
| 253 | int type; | 199 | int type; |
| 254 | unsigned char *data; | 200 | unsigned char *data; |
| 201 | /* The value of the following field depends on the type being | ||
| 202 | * held. It is mostly being used for BIT_STRING so if the | ||
| 203 | * input data has a non-zero 'unused bits' value, it will be | ||
| 204 | * handled correctly */ | ||
| 205 | long flags; | ||
| 255 | } ASN1_STRING; | 206 | } ASN1_STRING; |
| 256 | 207 | ||
| 208 | /* ASN1_ENCODING structure: this is used to save the received | ||
| 209 | * encoding of an ASN1 type. This is useful to get round | ||
| 210 | * problems with invalid encodings which can break signatures. | ||
| 211 | */ | ||
| 212 | |||
| 213 | typedef struct ASN1_ENCODING_st | ||
| 214 | { | ||
| 215 | unsigned char *enc; /* DER encoding */ | ||
| 216 | long len; /* Length of encoding */ | ||
| 217 | int modified; /* set to 1 if 'enc' is invalid */ | ||
| 218 | } ASN1_ENCODING; | ||
| 219 | |||
| 220 | /* Used with ASN1 LONG type: if a long is set to this it is omitted */ | ||
| 221 | #define ASN1_LONG_UNDEF 0x7fffffffL | ||
| 222 | |||
| 223 | #define STABLE_FLAGS_MALLOC 0x01 | ||
| 224 | #define STABLE_NO_MASK 0x02 | ||
| 225 | #define DIRSTRING_TYPE \ | ||
| 226 | (B_ASN1_PRINTABLESTRING|B_ASN1_T61STRING|B_ASN1_BMPSTRING|B_ASN1_UTF8STRING) | ||
| 227 | #define PKCS9STRING_TYPE (DIRSTRING_TYPE|B_ASN1_IA5STRING) | ||
| 228 | |||
| 229 | typedef struct asn1_string_table_st { | ||
| 230 | int nid; | ||
| 231 | long minsize; | ||
| 232 | long maxsize; | ||
| 233 | unsigned long mask; | ||
| 234 | unsigned long flags; | ||
| 235 | } ASN1_STRING_TABLE; | ||
| 236 | |||
| 237 | DECLARE_STACK_OF(ASN1_STRING_TABLE) | ||
| 238 | |||
| 239 | /* size limits: this stuff is taken straight from RFC2459 */ | ||
| 240 | |||
| 241 | #define ub_name 32768 | ||
| 242 | #define ub_common_name 64 | ||
| 243 | #define ub_locality_name 128 | ||
| 244 | #define ub_state_name 128 | ||
| 245 | #define ub_organization_name 64 | ||
| 246 | #define ub_organization_unit_name 64 | ||
| 247 | #define ub_title 64 | ||
| 248 | #define ub_email_address 128 | ||
| 249 | |||
| 250 | /* Declarations for template structures: for full definitions | ||
| 251 | * see asn1t.h | ||
| 252 | */ | ||
| 253 | typedef struct ASN1_TEMPLATE_st ASN1_TEMPLATE; | ||
| 254 | typedef struct ASN1_ITEM_st ASN1_ITEM; | ||
| 255 | typedef struct ASN1_TLC_st ASN1_TLC; | ||
| 256 | /* This is just an opaque pointer */ | ||
| 257 | typedef struct ASN1_VALUE_st ASN1_VALUE; | ||
| 258 | |||
| 259 | /* Declare ASN1 functions: the implement macro in in asn1t.h */ | ||
| 260 | |||
| 261 | #define DECLARE_ASN1_FUNCTIONS(type) DECLARE_ASN1_FUNCTIONS_name(type, type) | ||
| 262 | |||
| 263 | #define DECLARE_ASN1_FUNCTIONS_name(type, name) \ | ||
| 264 | type *name##_new(void); \ | ||
| 265 | void name##_free(type *a); \ | ||
| 266 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, name, name) | ||
| 267 | |||
| 268 | #define DECLARE_ASN1_FUNCTIONS_fname(type, itname, name) \ | ||
| 269 | type *name##_new(void); \ | ||
| 270 | void name##_free(type *a); \ | ||
| 271 | DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) | ||
| 272 | |||
| 273 | #define DECLARE_ASN1_ENCODE_FUNCTIONS(type, itname, name) \ | ||
| 274 | type *d2i_##name(type **a, unsigned char **in, long len); \ | ||
| 275 | int i2d_##name(type *a, unsigned char **out); \ | ||
| 276 | DECLARE_ASN1_ITEM(itname) | ||
| 277 | |||
| 278 | #define DECLARE_ASN1_ENCODE_FUNCTIONS_const(type, name) \ | ||
| 279 | type *d2i_##name(type **a, const unsigned char **in, long len); \ | ||
| 280 | int i2d_##name(const type *a, unsigned char **out); \ | ||
| 281 | DECLARE_ASN1_ITEM(name) | ||
| 282 | |||
| 283 | #define DECLARE_ASN1_FUNCTIONS_const(name) \ | ||
| 284 | name *name##_new(void); \ | ||
| 285 | void name##_free(name *a); | ||
| 286 | |||
| 287 | |||
| 288 | /* The following macros and typedefs allow an ASN1_ITEM | ||
| 289 | * to be embedded in a structure and referenced. Since | ||
| 290 | * the ASN1_ITEM pointers need to be globally accessible | ||
| 291 | * (possibly from shared libraries) they may exist in | ||
| 292 | * different forms. On platforms that support it the | ||
| 293 | * ASN1_ITEM structure itself will be globally exported. | ||
| 294 | * Other platforms will export a function that returns | ||
| 295 | * an ASN1_ITEM pointer. | ||
| 296 | * | ||
| 297 | * To handle both cases transparently the macros below | ||
| 298 | * should be used instead of hard coding an ASN1_ITEM | ||
| 299 | * pointer in a structure. | ||
| 300 | * | ||
| 301 | * The structure will look like this: | ||
| 302 | * | ||
| 303 | * typedef struct SOMETHING_st { | ||
| 304 | * ... | ||
| 305 | * ASN1_ITEM_EXP *iptr; | ||
| 306 | * ... | ||
| 307 | * } SOMETHING; | ||
| 308 | * | ||
| 309 | * It would be initialised as e.g.: | ||
| 310 | * | ||
| 311 | * SOMETHING somevar = {...,ASN1_ITEM_ref(X509),...}; | ||
| 312 | * | ||
| 313 | * and the actual pointer extracted with: | ||
| 314 | * | ||
| 315 | * const ASN1_ITEM *it = ASN1_ITEM_ptr(somevar.iptr); | ||
| 316 | * | ||
| 317 | * Finally an ASN1_ITEM pointer can be extracted from an | ||
| 318 | * appropriate reference with: ASN1_ITEM_rptr(X509). This | ||
| 319 | * would be used when a function takes an ASN1_ITEM * argument. | ||
| 320 | * | ||
| 321 | */ | ||
| 322 | |||
| 323 | #ifndef OPENSSL_EXPORT_VAR_AS_FUNCTION | ||
| 324 | |||
| 325 | /* ASN1_ITEM pointer exported type */ | ||
| 326 | typedef const ASN1_ITEM ASN1_ITEM_EXP; | ||
| 327 | |||
| 328 | /* Macro to obtain ASN1_ITEM pointer from exported type */ | ||
| 329 | #define ASN1_ITEM_ptr(iptr) (iptr) | ||
| 330 | |||
| 331 | /* Macro to include ASN1_ITEM pointer from base type */ | ||
| 332 | #define ASN1_ITEM_ref(iptr) (&(iptr##_it)) | ||
| 333 | |||
| 334 | #define ASN1_ITEM_rptr(ref) (&(ref##_it)) | ||
| 335 | |||
| 336 | #define DECLARE_ASN1_ITEM(name) \ | ||
| 337 | OPENSSL_EXTERN const ASN1_ITEM name##_it; | ||
| 338 | |||
| 339 | #else | ||
| 340 | |||
| 341 | /* Platforms that can't easily handle shared global variables are declared | ||
| 342 | * as functions returning ASN1_ITEM pointers. | ||
| 343 | */ | ||
| 344 | |||
| 345 | /* ASN1_ITEM pointer exported type */ | ||
| 346 | typedef const ASN1_ITEM * ASN1_ITEM_EXP(void); | ||
| 347 | |||
| 348 | /* Macro to obtain ASN1_ITEM pointer from exported type */ | ||
| 349 | #define ASN1_ITEM_ptr(iptr) (iptr()) | ||
| 350 | |||
| 351 | /* Macro to include ASN1_ITEM pointer from base type */ | ||
| 352 | #define ASN1_ITEM_ref(iptr) (iptr##_it) | ||
| 353 | |||
| 354 | #define ASN1_ITEM_rptr(ref) (ref##_it()) | ||
| 355 | |||
| 356 | #define DECLARE_ASN1_ITEM(name) \ | ||
| 357 | const ASN1_ITEM * name##_it(void); | ||
| 358 | |||
| 359 | #endif | ||
| 360 | |||
| 361 | /* Parameters used by ASN1_STRING_print_ex() */ | ||
| 362 | |||
| 363 | /* These determine which characters to escape: | ||
| 364 | * RFC2253 special characters, control characters and | ||
| 365 | * MSB set characters | ||
| 366 | */ | ||
| 367 | |||
| 368 | #define ASN1_STRFLGS_ESC_2253 1 | ||
| 369 | #define ASN1_STRFLGS_ESC_CTRL 2 | ||
| 370 | #define ASN1_STRFLGS_ESC_MSB 4 | ||
| 371 | |||
| 372 | |||
| 373 | /* This flag determines how we do escaping: normally | ||
| 374 | * RC2253 backslash only, set this to use backslash and | ||
| 375 | * quote. | ||
| 376 | */ | ||
| 377 | |||
| 378 | #define ASN1_STRFLGS_ESC_QUOTE 8 | ||
| 379 | |||
| 380 | |||
| 381 | /* These three flags are internal use only. */ | ||
| 382 | |||
| 383 | /* Character is a valid PrintableString character */ | ||
| 384 | #define CHARTYPE_PRINTABLESTRING 0x10 | ||
| 385 | /* Character needs escaping if it is the first character */ | ||
| 386 | #define CHARTYPE_FIRST_ESC_2253 0x20 | ||
| 387 | /* Character needs escaping if it is the last character */ | ||
| 388 | #define CHARTYPE_LAST_ESC_2253 0x40 | ||
| 389 | |||
| 390 | /* NB the internal flags are safely reused below by flags | ||
| 391 | * handled at the top level. | ||
| 392 | */ | ||
| 393 | |||
| 394 | /* If this is set we convert all character strings | ||
| 395 | * to UTF8 first | ||
| 396 | */ | ||
| 397 | |||
| 398 | #define ASN1_STRFLGS_UTF8_CONVERT 0x10 | ||
| 399 | |||
| 400 | /* If this is set we don't attempt to interpret content: | ||
| 401 | * just assume all strings are 1 byte per character. This | ||
| 402 | * will produce some pretty odd looking output! | ||
| 403 | */ | ||
| 404 | |||
| 405 | #define ASN1_STRFLGS_IGNORE_TYPE 0x20 | ||
| 406 | |||
| 407 | /* If this is set we include the string type in the output */ | ||
| 408 | #define ASN1_STRFLGS_SHOW_TYPE 0x40 | ||
| 409 | |||
| 410 | /* This determines which strings to display and which to | ||
| 411 | * 'dump' (hex dump of content octets or DER encoding). We can | ||
| 412 | * only dump non character strings or everything. If we | ||
| 413 | * don't dump 'unknown' they are interpreted as character | ||
| 414 | * strings with 1 octet per character and are subject to | ||
| 415 | * the usual escaping options. | ||
| 416 | */ | ||
| 417 | |||
| 418 | #define ASN1_STRFLGS_DUMP_ALL 0x80 | ||
| 419 | #define ASN1_STRFLGS_DUMP_UNKNOWN 0x100 | ||
| 420 | |||
| 421 | /* These determine what 'dumping' does, we can dump the | ||
| 422 | * content octets or the DER encoding: both use the | ||
| 423 | * RFC2253 #XXXXX notation. | ||
| 424 | */ | ||
| 425 | |||
| 426 | #define ASN1_STRFLGS_DUMP_DER 0x200 | ||
| 427 | |||
| 428 | /* All the string flags consistent with RFC2253, | ||
| 429 | * escaping control characters isn't essential in | ||
| 430 | * RFC2253 but it is advisable anyway. | ||
| 431 | */ | ||
| 432 | |||
| 433 | #define ASN1_STRFLGS_RFC2253 (ASN1_STRFLGS_ESC_2253 | \ | ||
| 434 | ASN1_STRFLGS_ESC_CTRL | \ | ||
| 435 | ASN1_STRFLGS_ESC_MSB | \ | ||
| 436 | ASN1_STRFLGS_UTF8_CONVERT | \ | ||
| 437 | ASN1_STRFLGS_DUMP_UNKNOWN | \ | ||
| 438 | ASN1_STRFLGS_DUMP_DER) | ||
| 439 | |||
| 440 | DECLARE_STACK_OF(ASN1_INTEGER) | ||
| 441 | DECLARE_ASN1_SET_OF(ASN1_INTEGER) | ||
| 442 | |||
| 443 | DECLARE_STACK_OF(ASN1_GENERALSTRING) | ||
| 444 | |||
| 257 | typedef struct asn1_type_st | 445 | typedef struct asn1_type_st |
| 258 | { | 446 | { |
| 259 | int type; | 447 | int type; |
| 260 | union { | 448 | union { |
| 261 | char *ptr; | 449 | char *ptr; |
| 450 | ASN1_BOOLEAN boolean; | ||
| 262 | ASN1_STRING * asn1_string; | 451 | ASN1_STRING * asn1_string; |
| 263 | ASN1_OBJECT * object; | 452 | ASN1_OBJECT * object; |
| 264 | ASN1_INTEGER * integer; | 453 | ASN1_INTEGER * integer; |
| 454 | ASN1_ENUMERATED * enumerated; | ||
| 265 | ASN1_BIT_STRING * bit_string; | 455 | ASN1_BIT_STRING * bit_string; |
| 266 | ASN1_OCTET_STRING * octet_string; | 456 | ASN1_OCTET_STRING * octet_string; |
| 267 | ASN1_PRINTABLESTRING * printablestring; | 457 | ASN1_PRINTABLESTRING * printablestring; |
| @@ -272,6 +462,8 @@ typedef struct asn1_type_st | |||
| 272 | ASN1_UNIVERSALSTRING * universalstring; | 462 | ASN1_UNIVERSALSTRING * universalstring; |
| 273 | ASN1_UTCTIME * utctime; | 463 | ASN1_UTCTIME * utctime; |
| 274 | ASN1_GENERALIZEDTIME * generalizedtime; | 464 | ASN1_GENERALIZEDTIME * generalizedtime; |
| 465 | ASN1_VISIBLESTRING * visiblestring; | ||
| 466 | ASN1_UTF8STRING * utf8string; | ||
| 275 | /* set and sequence are left complete and still | 467 | /* set and sequence are left complete and still |
| 276 | * contain the set or sequence bytes */ | 468 | * contain the set or sequence bytes */ |
| 277 | ASN1_STRING * set; | 469 | ASN1_STRING * set; |
| @@ -279,6 +471,9 @@ typedef struct asn1_type_st | |||
| 279 | } value; | 471 | } value; |
| 280 | } ASN1_TYPE; | 472 | } ASN1_TYPE; |
| 281 | 473 | ||
| 474 | DECLARE_STACK_OF(ASN1_TYPE) | ||
| 475 | DECLARE_ASN1_SET_OF(ASN1_TYPE) | ||
| 476 | |||
| 282 | typedef struct asn1_method_st | 477 | typedef struct asn1_method_st |
| 283 | { | 478 | { |
| 284 | int (*i2d)(); | 479 | int (*i2d)(); |
| @@ -295,64 +490,110 @@ typedef struct asn1_header_st | |||
| 295 | ASN1_METHOD *meth; | 490 | ASN1_METHOD *meth; |
| 296 | } ASN1_HEADER; | 491 | } ASN1_HEADER; |
| 297 | 492 | ||
| 298 | #define ASN1_STRING_length(x) ((x)->length) | 493 | /* This is used to contain a list of bit names */ |
| 299 | #define ASN1_STRING_type(x) ((x)->type) | 494 | typedef struct BIT_STRING_BITNAME_st { |
| 300 | #define ASN1_STRING_data(x) ((x)->data) | 495 | int bitnum; |
| 496 | const char *lname; | ||
| 497 | const char *sname; | ||
| 498 | } BIT_STRING_BITNAME; | ||
| 499 | |||
| 500 | |||
| 501 | #define M_ASN1_STRING_length(x) ((x)->length) | ||
| 502 | #define M_ASN1_STRING_length_set(x, n) ((x)->length = (n)) | ||
| 503 | #define M_ASN1_STRING_type(x) ((x)->type) | ||
| 504 | #define M_ASN1_STRING_data(x) ((x)->data) | ||
| 301 | 505 | ||
| 302 | /* Macros for string operations */ | 506 | /* Macros for string operations */ |
| 303 | #define ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ | 507 | #define M_ASN1_BIT_STRING_new() (ASN1_BIT_STRING *)\ |
| 304 | ASN1_STRING_type_new(V_ASN1_BIT_STRING) | 508 | ASN1_STRING_type_new(V_ASN1_BIT_STRING) |
| 305 | #define ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 509 | #define M_ASN1_BIT_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 306 | #define ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ | 510 | #define M_ASN1_BIT_STRING_dup(a) (ASN1_BIT_STRING *)\ |
| 307 | ASN1_STRING_dup((ASN1_STRING *)a) | 511 | ASN1_STRING_dup((ASN1_STRING *)a) |
| 308 | #define ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ | 512 | #define M_ASN1_BIT_STRING_cmp(a,b) ASN1_STRING_cmp(\ |
| 309 | (ASN1_STRING *)a,(ASN1_STRING *)b) | 513 | (ASN1_STRING *)a,(ASN1_STRING *)b) |
| 310 | #define ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) | 514 | #define M_ASN1_BIT_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) |
| 311 | /* i2d_ASN1_BIT_STRING() is a function */ | ||
| 312 | /* d2i_ASN1_BIT_STRING() is a function */ | ||
| 313 | 515 | ||
| 314 | #define ASN1_INTEGER_new() (ASN1_INTEGER *)\ | 516 | #define M_ASN1_INTEGER_new() (ASN1_INTEGER *)\ |
| 315 | ASN1_STRING_type_new(V_ASN1_INTEGER) | 517 | ASN1_STRING_type_new(V_ASN1_INTEGER) |
| 316 | #define ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 518 | #define M_ASN1_INTEGER_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 317 | #define ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) | 519 | #define M_ASN1_INTEGER_dup(a) (ASN1_INTEGER *)ASN1_STRING_dup((ASN1_STRING *)a) |
| 318 | #define ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ | 520 | #define M_ASN1_INTEGER_cmp(a,b) ASN1_STRING_cmp(\ |
| 521 | (ASN1_STRING *)a,(ASN1_STRING *)b) | ||
| 522 | |||
| 523 | #define M_ASN1_ENUMERATED_new() (ASN1_ENUMERATED *)\ | ||
| 524 | ASN1_STRING_type_new(V_ASN1_ENUMERATED) | ||
| 525 | #define M_ASN1_ENUMERATED_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 526 | #define M_ASN1_ENUMERATED_dup(a) (ASN1_ENUMERATED *)ASN1_STRING_dup((ASN1_STRING *)a) | ||
| 527 | #define M_ASN1_ENUMERATED_cmp(a,b) ASN1_STRING_cmp(\ | ||
| 319 | (ASN1_STRING *)a,(ASN1_STRING *)b) | 528 | (ASN1_STRING *)a,(ASN1_STRING *)b) |
| 320 | /* ASN1_INTEGER_set() is a function, also see BN_to_ASN1_INTEGER() */ | ||
| 321 | /* ASN1_INTEGER_get() is a function, also see ASN1_INTEGER_to_BN() */ | ||
| 322 | /* i2d_ASN1_INTEGER() is a function */ | ||
| 323 | /* d2i_ASN1_INTEGER() is a function */ | ||
| 324 | 529 | ||
| 325 | #define ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ | 530 | #define M_ASN1_OCTET_STRING_new() (ASN1_OCTET_STRING *)\ |
| 326 | ASN1_STRING_type_new(V_ASN1_OCTET_STRING) | 531 | ASN1_STRING_type_new(V_ASN1_OCTET_STRING) |
| 327 | #define ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 532 | #define M_ASN1_OCTET_STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 328 | #define ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ | 533 | #define M_ASN1_OCTET_STRING_dup(a) (ASN1_OCTET_STRING *)\ |
| 329 | ASN1_STRING_dup((ASN1_STRING *)a) | 534 | ASN1_STRING_dup((ASN1_STRING *)a) |
| 330 | #define ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ | 535 | #define M_ASN1_OCTET_STRING_cmp(a,b) ASN1_STRING_cmp(\ |
| 331 | (ASN1_STRING *)a,(ASN1_STRING *)b) | 536 | (ASN1_STRING *)a,(ASN1_STRING *)b) |
| 332 | #define ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) | 537 | #define M_ASN1_OCTET_STRING_set(a,b,c) ASN1_STRING_set((ASN1_STRING *)a,b,c) |
| 333 | #define ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) | 538 | #define M_ASN1_OCTET_STRING_print(a,b) ASN1_STRING_print(a,(ASN1_STRING *)b) |
| 334 | #define M_i2d_ASN1_OCTET_STRING(a,pp) \ | 539 | #define M_i2d_ASN1_OCTET_STRING(a,pp) \ |
| 335 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ | 540 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_OCTET_STRING,\ |
| 336 | V_ASN1_OCTET_STRING) | 541 | V_ASN1_UNIVERSAL) |
| 337 | /* d2i_ASN1_OCTET_STRING() is a function */ | ||
| 338 | 542 | ||
| 339 | #define ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) | 543 | #define B_ASN1_TIME \ |
| 340 | #define ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 544 | B_ASN1_UTCTIME | \ |
| 341 | #define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ | 545 | B_ASN1_GENERALIZEDTIME |
| 342 | pp,a->type,V_ASN1_UNIVERSAL) | 546 | |
| 343 | #define M_d2i_ASN1_PRINTABLE(a,pp,l) \ | 547 | #define B_ASN1_PRINTABLE \ |
| 344 | d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ | ||
| 345 | B_ASN1_PRINTABLESTRING| \ | 548 | B_ASN1_PRINTABLESTRING| \ |
| 346 | B_ASN1_T61STRING| \ | 549 | B_ASN1_T61STRING| \ |
| 347 | B_ASN1_IA5STRING| \ | 550 | B_ASN1_IA5STRING| \ |
| 348 | B_ASN1_BIT_STRING| \ | 551 | B_ASN1_BIT_STRING| \ |
| 349 | B_ASN1_UNIVERSALSTRING|\ | 552 | B_ASN1_UNIVERSALSTRING|\ |
| 350 | B_ASN1_BMPSTRING|\ | 553 | B_ASN1_BMPSTRING|\ |
| 351 | B_ASN1_UNKNOWN) | 554 | B_ASN1_UTF8STRING|\ |
| 555 | B_ASN1_UNKNOWN | ||
| 352 | 556 | ||
| 353 | #define ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING_STRING *)\ | 557 | #define B_ASN1_DIRECTORYSTRING \ |
| 558 | B_ASN1_PRINTABLESTRING| \ | ||
| 559 | B_ASN1_TELETEXSTRING|\ | ||
| 560 | B_ASN1_BMPSTRING|\ | ||
| 561 | B_ASN1_UNIVERSALSTRING|\ | ||
| 562 | B_ASN1_UTF8STRING | ||
| 563 | |||
| 564 | #define B_ASN1_DISPLAYTEXT \ | ||
| 565 | B_ASN1_IA5STRING| \ | ||
| 566 | B_ASN1_VISIBLESTRING| \ | ||
| 567 | B_ASN1_BMPSTRING|\ | ||
| 568 | B_ASN1_UTF8STRING | ||
| 569 | |||
| 570 | #define M_ASN1_PRINTABLE_new() ASN1_STRING_type_new(V_ASN1_T61STRING) | ||
| 571 | #define M_ASN1_PRINTABLE_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 572 | #define M_i2d_ASN1_PRINTABLE(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ | ||
| 573 | pp,a->type,V_ASN1_UNIVERSAL) | ||
| 574 | #define M_d2i_ASN1_PRINTABLE(a,pp,l) \ | ||
| 575 | d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ | ||
| 576 | B_ASN1_PRINTABLE) | ||
| 577 | |||
| 578 | #define M_DIRECTORYSTRING_new() ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) | ||
| 579 | #define M_DIRECTORYSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 580 | #define M_i2d_DIRECTORYSTRING(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ | ||
| 581 | pp,a->type,V_ASN1_UNIVERSAL) | ||
| 582 | #define M_d2i_DIRECTORYSTRING(a,pp,l) \ | ||
| 583 | d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ | ||
| 584 | B_ASN1_DIRECTORYSTRING) | ||
| 585 | |||
| 586 | #define M_DISPLAYTEXT_new() ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) | ||
| 587 | #define M_DISPLAYTEXT_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 588 | #define M_i2d_DISPLAYTEXT(a,pp) i2d_ASN1_bytes((ASN1_STRING *)a,\ | ||
| 589 | pp,a->type,V_ASN1_UNIVERSAL) | ||
| 590 | #define M_d2i_DISPLAYTEXT(a,pp,l) \ | ||
| 591 | d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l, \ | ||
| 592 | B_ASN1_DISPLAYTEXT) | ||
| 593 | |||
| 594 | #define M_ASN1_PRINTABLESTRING_new() (ASN1_PRINTABLESTRING *)\ | ||
| 354 | ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) | 595 | ASN1_STRING_type_new(V_ASN1_PRINTABLESTRING) |
| 355 | #define ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 596 | #define M_ASN1_PRINTABLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 356 | #define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ | 597 | #define M_i2d_ASN1_PRINTABLESTRING(a,pp) \ |
| 357 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ | 598 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_PRINTABLESTRING,\ |
| 358 | V_ASN1_UNIVERSAL) | 599 | V_ASN1_UNIVERSAL) |
| @@ -360,9 +601,9 @@ typedef struct asn1_header_st | |||
| 360 | (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ | 601 | (ASN1_PRINTABLESTRING *)d2i_ASN1_type_bytes\ |
| 361 | ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) | 602 | ((ASN1_STRING **)a,pp,l,B_ASN1_PRINTABLESTRING) |
| 362 | 603 | ||
| 363 | #define ASN1_T61STRING_new() (ASN1_T61STRING_STRING *)\ | 604 | #define M_ASN1_T61STRING_new() (ASN1_T61STRING *)\ |
| 364 | ASN1_STRING_type_new(V_ASN1_T61STRING) | 605 | ASN1_STRING_type_new(V_ASN1_T61STRING) |
| 365 | #define ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 606 | #define M_ASN1_T61STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 366 | #define M_i2d_ASN1_T61STRING(a,pp) \ | 607 | #define M_i2d_ASN1_T61STRING(a,pp) \ |
| 367 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ | 608 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_T61STRING,\ |
| 368 | V_ASN1_UNIVERSAL) | 609 | V_ASN1_UNIVERSAL) |
| @@ -370,9 +611,11 @@ typedef struct asn1_header_st | |||
| 370 | (ASN1_T61STRING *)d2i_ASN1_type_bytes\ | 611 | (ASN1_T61STRING *)d2i_ASN1_type_bytes\ |
| 371 | ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) | 612 | ((ASN1_STRING **)a,pp,l,B_ASN1_T61STRING) |
| 372 | 613 | ||
| 373 | #define ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ | 614 | #define M_ASN1_IA5STRING_new() (ASN1_IA5STRING *)\ |
| 374 | ASN1_STRING_type_new(V_ASN1_IA5STRING) | 615 | ASN1_STRING_type_new(V_ASN1_IA5STRING) |
| 375 | #define ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 616 | #define M_ASN1_IA5STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 617 | #define M_ASN1_IA5STRING_dup(a) \ | ||
| 618 | (ASN1_IA5STRING *)ASN1_STRING_dup((ASN1_STRING *)a) | ||
| 376 | #define M_i2d_ASN1_IA5STRING(a,pp) \ | 619 | #define M_i2d_ASN1_IA5STRING(a,pp) \ |
| 377 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ | 620 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_IA5STRING,\ |
| 378 | V_ASN1_UNIVERSAL) | 621 | V_ASN1_UNIVERSAL) |
| @@ -380,28 +623,25 @@ typedef struct asn1_header_st | |||
| 380 | (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ | 623 | (ASN1_IA5STRING *)d2i_ASN1_type_bytes((ASN1_STRING **)a,pp,l,\ |
| 381 | B_ASN1_IA5STRING) | 624 | B_ASN1_IA5STRING) |
| 382 | 625 | ||
| 383 | #define ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ | 626 | #define M_ASN1_UTCTIME_new() (ASN1_UTCTIME *)\ |
| 384 | ASN1_STRING_type_new(V_ASN1_UTCTIME) | 627 | ASN1_STRING_type_new(V_ASN1_UTCTIME) |
| 385 | #define ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 628 | #define M_ASN1_UTCTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 386 | #define ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) | 629 | #define M_ASN1_UTCTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup((ASN1_STRING *)a) |
| 387 | /* i2d_ASN1_UTCTIME() is a function */ | 630 | |
| 388 | /* d2i_ASN1_UTCTIME() is a function */ | 631 | #define M_ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ |
| 389 | /* ASN1_UTCTIME_set() is a function */ | ||
| 390 | /* ASN1_UTCTIME_check() is a function */ | ||
| 391 | |||
| 392 | #define ASN1_GENERALIZEDTIME_new() (ASN1_GENERALIZEDTIME *)\ | ||
| 393 | ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) | 632 | ASN1_STRING_type_new(V_ASN1_GENERALIZEDTIME) |
| 394 | #define ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 633 | #define M_ASN1_GENERALIZEDTIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 395 | #define ASN1_GENERALIZEDTIME_dup(a) (ASN1_UTCTIME *)ASN1_STRING_dup(\ | 634 | #define M_ASN1_GENERALIZEDTIME_dup(a) (ASN1_GENERALIZEDTIME *)ASN1_STRING_dup(\ |
| 396 | (ASN1_STRING *)a) | 635 | (ASN1_STRING *)a) |
| 397 | /* DOES NOT EXIST YET i2d_ASN1_GENERALIZEDTIME() is a function */ | ||
| 398 | /* DOES NOT EXIST YET d2i_ASN1_GENERALIZEDTIME() is a function */ | ||
| 399 | /* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_set() is a function */ | ||
| 400 | /* DOES NOT EXIST YET ASN1_GENERALIZEDTIME_check() is a function */ | ||
| 401 | 636 | ||
| 402 | #define ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ | 637 | #define M_ASN1_TIME_new() (ASN1_TIME *)\ |
| 638 | ASN1_STRING_type_new(V_ASN1_UTCTIME) | ||
| 639 | #define M_ASN1_TIME_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 640 | #define M_ASN1_TIME_dup(a) (ASN1_TIME *)ASN1_STRING_dup((ASN1_STRING *)a) | ||
| 641 | |||
| 642 | #define M_ASN1_GENERALSTRING_new() (ASN1_GENERALSTRING *)\ | ||
| 403 | ASN1_STRING_type_new(V_ASN1_GENERALSTRING) | 643 | ASN1_STRING_type_new(V_ASN1_GENERALSTRING) |
| 404 | #define ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 644 | #define M_ASN1_GENERALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 405 | #define M_i2d_ASN1_GENERALSTRING(a,pp) \ | 645 | #define M_i2d_ASN1_GENERALSTRING(a,pp) \ |
| 406 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ | 646 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_GENERALSTRING,\ |
| 407 | V_ASN1_UNIVERSAL) | 647 | V_ASN1_UNIVERSAL) |
| @@ -409,9 +649,9 @@ typedef struct asn1_header_st | |||
| 409 | (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ | 649 | (ASN1_GENERALSTRING *)d2i_ASN1_type_bytes\ |
| 410 | ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) | 650 | ((ASN1_STRING **)a,pp,l,B_ASN1_GENERALSTRING) |
| 411 | 651 | ||
| 412 | #define ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ | 652 | #define M_ASN1_UNIVERSALSTRING_new() (ASN1_UNIVERSALSTRING *)\ |
| 413 | ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) | 653 | ASN1_STRING_type_new(V_ASN1_UNIVERSALSTRING) |
| 414 | #define ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 654 | #define M_ASN1_UNIVERSALSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 415 | #define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ | 655 | #define M_i2d_ASN1_UNIVERSALSTRING(a,pp) \ |
| 416 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ | 656 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UNIVERSALSTRING,\ |
| 417 | V_ASN1_UNIVERSAL) | 657 | V_ASN1_UNIVERSAL) |
| @@ -419,9 +659,9 @@ typedef struct asn1_header_st | |||
| 419 | (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ | 659 | (ASN1_UNIVERSALSTRING *)d2i_ASN1_type_bytes\ |
| 420 | ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) | 660 | ((ASN1_STRING **)a,pp,l,B_ASN1_UNIVERSALSTRING) |
| 421 | 661 | ||
| 422 | #define ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ | 662 | #define M_ASN1_BMPSTRING_new() (ASN1_BMPSTRING *)\ |
| 423 | ASN1_STRING_type_new(V_ASN1_BMPSTRING) | 663 | ASN1_STRING_type_new(V_ASN1_BMPSTRING) |
| 424 | #define ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | 664 | #define M_ASN1_BMPSTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 425 | #define M_i2d_ASN1_BMPSTRING(a,pp) \ | 665 | #define M_i2d_ASN1_BMPSTRING(a,pp) \ |
| 426 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ | 666 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_BMPSTRING,\ |
| 427 | V_ASN1_UNIVERSAL) | 667 | V_ASN1_UNIVERSAL) |
| @@ -429,88 +669,164 @@ typedef struct asn1_header_st | |||
| 429 | (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ | 669 | (ASN1_BMPSTRING *)d2i_ASN1_type_bytes\ |
| 430 | ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) | 670 | ((ASN1_STRING **)a,pp,l,B_ASN1_BMPSTRING) |
| 431 | 671 | ||
| 432 | #ifndef NOPROTO | 672 | #define M_ASN1_VISIBLESTRING_new() (ASN1_VISIBLESTRING *)\ |
| 433 | ASN1_TYPE * ASN1_TYPE_new(void ); | 673 | ASN1_STRING_type_new(V_ASN1_VISIBLESTRING) |
| 434 | void ASN1_TYPE_free(ASN1_TYPE *a); | 674 | #define M_ASN1_VISIBLESTRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) |
| 435 | int i2d_ASN1_TYPE(ASN1_TYPE *a,unsigned char **pp); | 675 | #define M_i2d_ASN1_VISIBLESTRING(a,pp) \ |
| 436 | ASN1_TYPE * d2i_ASN1_TYPE(ASN1_TYPE **a,unsigned char **pp,long length); | 676 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_VISIBLESTRING,\ |
| 677 | V_ASN1_UNIVERSAL) | ||
| 678 | #define M_d2i_ASN1_VISIBLESTRING(a,pp,l) \ | ||
| 679 | (ASN1_VISIBLESTRING *)d2i_ASN1_type_bytes\ | ||
| 680 | ((ASN1_STRING **)a,pp,l,B_ASN1_VISIBLESTRING) | ||
| 681 | |||
| 682 | #define M_ASN1_UTF8STRING_new() (ASN1_UTF8STRING *)\ | ||
| 683 | ASN1_STRING_type_new(V_ASN1_UTF8STRING) | ||
| 684 | #define M_ASN1_UTF8STRING_free(a) ASN1_STRING_free((ASN1_STRING *)a) | ||
| 685 | #define M_i2d_ASN1_UTF8STRING(a,pp) \ | ||
| 686 | i2d_ASN1_bytes((ASN1_STRING *)a,pp,V_ASN1_UTF8STRING,\ | ||
| 687 | V_ASN1_UNIVERSAL) | ||
| 688 | #define M_d2i_ASN1_UTF8STRING(a,pp,l) \ | ||
| 689 | (ASN1_UTF8STRING *)d2i_ASN1_type_bytes\ | ||
| 690 | ((ASN1_STRING **)a,pp,l,B_ASN1_UTF8STRING) | ||
| 691 | |||
| 692 | /* for the is_set parameter to i2d_ASN1_SET */ | ||
| 693 | #define IS_SEQUENCE 0 | ||
| 694 | #define IS_SET 1 | ||
| 695 | |||
| 696 | DECLARE_ASN1_FUNCTIONS_fname(ASN1_TYPE, ASN1_ANY, ASN1_TYPE) | ||
| 697 | |||
| 437 | int ASN1_TYPE_get(ASN1_TYPE *a); | 698 | int ASN1_TYPE_get(ASN1_TYPE *a); |
| 438 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, char *value); | 699 | void ASN1_TYPE_set(ASN1_TYPE *a, int type, void *value); |
| 439 | 700 | ||
| 440 | ASN1_OBJECT * ASN1_OBJECT_new(void ); | 701 | ASN1_OBJECT * ASN1_OBJECT_new(void ); |
| 441 | void ASN1_OBJECT_free(ASN1_OBJECT *a); | 702 | void ASN1_OBJECT_free(ASN1_OBJECT *a); |
| 442 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); | 703 | int i2d_ASN1_OBJECT(ASN1_OBJECT *a,unsigned char **pp); |
| 704 | ASN1_OBJECT * c2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, | ||
| 705 | long length); | ||
| 443 | ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, | 706 | ASN1_OBJECT * d2i_ASN1_OBJECT(ASN1_OBJECT **a,unsigned char **pp, |
| 444 | long length); | 707 | long length); |
| 445 | 708 | ||
| 446 | ASN1_STRING * ASN1_STRING_new(void ); | 709 | DECLARE_ASN1_ITEM(ASN1_OBJECT) |
| 710 | |||
| 711 | DECLARE_STACK_OF(ASN1_OBJECT) | ||
| 712 | DECLARE_ASN1_SET_OF(ASN1_OBJECT) | ||
| 713 | |||
| 714 | ASN1_STRING * ASN1_STRING_new(void); | ||
| 447 | void ASN1_STRING_free(ASN1_STRING *a); | 715 | void ASN1_STRING_free(ASN1_STRING *a); |
| 448 | ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); | 716 | ASN1_STRING * ASN1_STRING_dup(ASN1_STRING *a); |
| 449 | ASN1_STRING * ASN1_STRING_type_new(int type ); | 717 | ASN1_STRING * ASN1_STRING_type_new(int type ); |
| 450 | int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); | 718 | int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b); |
| 451 | int ASN1_STRING_set(ASN1_STRING *str,unsigned char *data, int len); | 719 | /* Since this is used to store all sorts of things, via macros, for now, make |
| 452 | 720 | its data void * */ | |
| 453 | int i2d_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); | 721 | int ASN1_STRING_set(ASN1_STRING *str, const void *data, int len); |
| 454 | ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, | 722 | int ASN1_STRING_length(ASN1_STRING *x); |
| 723 | void ASN1_STRING_length_set(ASN1_STRING *x, int n); | ||
| 724 | int ASN1_STRING_type(ASN1_STRING *x); | ||
| 725 | unsigned char * ASN1_STRING_data(ASN1_STRING *x); | ||
| 726 | |||
| 727 | DECLARE_ASN1_FUNCTIONS(ASN1_BIT_STRING) | ||
| 728 | int i2c_ASN1_BIT_STRING(ASN1_BIT_STRING *a,unsigned char **pp); | ||
| 729 | ASN1_BIT_STRING *c2i_ASN1_BIT_STRING(ASN1_BIT_STRING **a,unsigned char **pp, | ||
| 455 | long length); | 730 | long length); |
| 731 | int ASN1_BIT_STRING_set(ASN1_BIT_STRING *a, unsigned char *d, | ||
| 732 | int length ); | ||
| 456 | int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); | 733 | int ASN1_BIT_STRING_set_bit(ASN1_BIT_STRING *a, int n, int value); |
| 457 | int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); | 734 | int ASN1_BIT_STRING_get_bit(ASN1_BIT_STRING *a, int n); |
| 458 | 735 | ||
| 736 | #ifndef OPENSSL_NO_BIO | ||
| 737 | int ASN1_BIT_STRING_name_print(BIO *out, ASN1_BIT_STRING *bs, | ||
| 738 | BIT_STRING_BITNAME *tbl, int indent); | ||
| 739 | #endif | ||
| 740 | int ASN1_BIT_STRING_num_asc(char *name, BIT_STRING_BITNAME *tbl); | ||
| 741 | int ASN1_BIT_STRING_set_asc(ASN1_BIT_STRING *bs, char *name, int value, | ||
| 742 | BIT_STRING_BITNAME *tbl); | ||
| 459 | 743 | ||
| 460 | int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); | 744 | int i2d_ASN1_BOOLEAN(int a,unsigned char **pp); |
| 461 | int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); | 745 | int d2i_ASN1_BOOLEAN(int *a,unsigned char **pp,long length); |
| 462 | 746 | ||
| 463 | int i2d_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); | 747 | DECLARE_ASN1_FUNCTIONS(ASN1_INTEGER) |
| 464 | ASN1_INTEGER *d2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, | 748 | int i2c_ASN1_INTEGER(ASN1_INTEGER *a,unsigned char **pp); |
| 749 | ASN1_INTEGER *c2i_ASN1_INTEGER(ASN1_INTEGER **a,unsigned char **pp, | ||
| 750 | long length); | ||
| 751 | ASN1_INTEGER *d2i_ASN1_UINTEGER(ASN1_INTEGER **a,unsigned char **pp, | ||
| 465 | long length); | 752 | long length); |
| 753 | ASN1_INTEGER * ASN1_INTEGER_dup(ASN1_INTEGER *x); | ||
| 754 | int ASN1_INTEGER_cmp(ASN1_INTEGER *x, ASN1_INTEGER *y); | ||
| 755 | |||
| 756 | DECLARE_ASN1_FUNCTIONS(ASN1_ENUMERATED) | ||
| 466 | 757 | ||
| 467 | int ASN1_UTCTIME_check(ASN1_UTCTIME *a); | 758 | int ASN1_UTCTIME_check(ASN1_UTCTIME *a); |
| 468 | ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); | 759 | ASN1_UTCTIME *ASN1_UTCTIME_set(ASN1_UTCTIME *s,time_t t); |
| 469 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); | 760 | int ASN1_UTCTIME_set_string(ASN1_UTCTIME *s, char *str); |
| 761 | int ASN1_UTCTIME_cmp_time_t(const ASN1_UTCTIME *s, time_t t); | ||
| 762 | #if 0 | ||
| 763 | time_t ASN1_UTCTIME_get(const ASN1_UTCTIME *s); | ||
| 764 | #endif | ||
| 470 | 765 | ||
| 471 | int i2d_ASN1_OCTET_STRING(ASN1_OCTET_STRING *a,unsigned char **pp); | 766 | int ASN1_GENERALIZEDTIME_check(ASN1_GENERALIZEDTIME *a); |
| 472 | ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(ASN1_OCTET_STRING **a, | 767 | ASN1_GENERALIZEDTIME *ASN1_GENERALIZEDTIME_set(ASN1_GENERALIZEDTIME *s,time_t t); |
| 473 | unsigned char **pp,long length); | 768 | int ASN1_GENERALIZEDTIME_set_string(ASN1_GENERALIZEDTIME *s, char *str); |
| 474 | 769 | ||
| 475 | int i2d_ASN1_PRINTABLE(ASN1_STRING *a,unsigned char **pp); | 770 | DECLARE_ASN1_FUNCTIONS(ASN1_OCTET_STRING) |
| 476 | ASN1_STRING *d2i_ASN1_PRINTABLE(ASN1_STRING **a, | 771 | ASN1_OCTET_STRING * ASN1_OCTET_STRING_dup(ASN1_OCTET_STRING *a); |
| 477 | unsigned char **pp, long l); | 772 | int ASN1_OCTET_STRING_cmp(ASN1_OCTET_STRING *a, ASN1_OCTET_STRING *b); |
| 478 | ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(ASN1_PRINTABLESTRING **a, | 773 | int ASN1_OCTET_STRING_set(ASN1_OCTET_STRING *str, unsigned char *data, int len); |
| 479 | unsigned char **pp, long l); | ||
| 480 | 774 | ||
| 481 | ASN1_T61STRING *d2i_ASN1_T61STRING(ASN1_T61STRING **a, | 775 | DECLARE_ASN1_FUNCTIONS(ASN1_VISIBLESTRING) |
| 482 | unsigned char **pp, long l); | 776 | DECLARE_ASN1_FUNCTIONS(ASN1_UTF8STRING) |
| 483 | int i2d_ASN1_IA5STRING(ASN1_IA5STRING *a,unsigned char **pp); | 777 | DECLARE_ASN1_FUNCTIONS(ASN1_NULL) |
| 484 | ASN1_IA5STRING *d2i_ASN1_IA5STRING(ASN1_IA5STRING **a, | 778 | DECLARE_ASN1_FUNCTIONS(ASN1_BMPSTRING) |
| 485 | unsigned char **pp, long l); | ||
| 486 | 779 | ||
| 487 | int i2d_ASN1_UTCTIME(ASN1_UTCTIME *a,unsigned char **pp); | 780 | int UTF8_getc(const unsigned char *str, int len, unsigned long *val); |
| 488 | ASN1_UTCTIME * d2i_ASN1_UTCTIME(ASN1_UTCTIME **a,unsigned char **pp, | 781 | int UTF8_putc(unsigned char *str, int len, unsigned long value); |
| 489 | long length); | 782 | |
| 783 | DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, ASN1_PRINTABLE) | ||
| 784 | |||
| 785 | DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DIRECTORYSTRING) | ||
| 786 | DECLARE_ASN1_FUNCTIONS_name(ASN1_STRING, DISPLAYTEXT) | ||
| 787 | DECLARE_ASN1_FUNCTIONS(ASN1_PRINTABLESTRING) | ||
| 788 | DECLARE_ASN1_FUNCTIONS(ASN1_T61STRING) | ||
| 789 | DECLARE_ASN1_FUNCTIONS(ASN1_IA5STRING) | ||
| 790 | DECLARE_ASN1_FUNCTIONS(ASN1_GENERALSTRING) | ||
| 791 | DECLARE_ASN1_FUNCTIONS(ASN1_UTCTIME) | ||
| 792 | DECLARE_ASN1_FUNCTIONS(ASN1_GENERALIZEDTIME) | ||
| 793 | DECLARE_ASN1_FUNCTIONS(ASN1_TIME) | ||
| 794 | |||
| 795 | ASN1_TIME *ASN1_TIME_set(ASN1_TIME *s,time_t t); | ||
| 796 | int ASN1_TIME_check(ASN1_TIME *t); | ||
| 797 | ASN1_GENERALIZEDTIME *ASN1_TIME_to_generalizedtime(ASN1_TIME *t, ASN1_GENERALIZEDTIME **out); | ||
| 490 | 798 | ||
| 491 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, | 799 | int i2d_ASN1_SET(STACK *a, unsigned char **pp, |
| 492 | int (*func)(), int ex_tag, int ex_class); | 800 | int (*func)(), int ex_tag, int ex_class, int is_set); |
| 493 | STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, | 801 | STACK * d2i_ASN1_SET(STACK **a, unsigned char **pp, long length, |
| 494 | char *(*func)(), int ex_tag, int ex_class); | 802 | char *(*func)(), void (*free_func)(void *), |
| 803 | int ex_tag, int ex_class); | ||
| 495 | 804 | ||
| 496 | #ifdef HEADER_BIO_H | 805 | #ifndef OPENSSL_NO_BIO |
| 497 | int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); | 806 | int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a); |
| 498 | int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); | 807 | int a2i_ASN1_INTEGER(BIO *bp,ASN1_INTEGER *bs,char *buf,int size); |
| 808 | int i2a_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *a); | ||
| 809 | int a2i_ASN1_ENUMERATED(BIO *bp,ASN1_ENUMERATED *bs,char *buf,int size); | ||
| 499 | int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); | 810 | int i2a_ASN1_OBJECT(BIO *bp,ASN1_OBJECT *a); |
| 500 | int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); | 811 | int a2i_ASN1_STRING(BIO *bp,ASN1_STRING *bs,char *buf,int size); |
| 501 | int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); | 812 | int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type); |
| 502 | #endif | 813 | #endif |
| 503 | int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); | 814 | int i2t_ASN1_OBJECT(char *buf,int buf_len,ASN1_OBJECT *a); |
| 504 | 815 | ||
| 505 | int a2d_ASN1_OBJECT(unsigned char *out,int olen, char *buf, int num); | 816 | int a2d_ASN1_OBJECT(unsigned char *out,int olen, const char *buf, int num); |
| 506 | ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, | 817 | ASN1_OBJECT *ASN1_OBJECT_create(int nid, unsigned char *data,int len, |
| 507 | char *sn, char *ln); | 818 | const char *sn, const char *ln); |
| 508 | 819 | ||
| 509 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); | 820 | int ASN1_INTEGER_set(ASN1_INTEGER *a, long v); |
| 510 | long ASN1_INTEGER_get(ASN1_INTEGER *a); | 821 | long ASN1_INTEGER_get(ASN1_INTEGER *a); |
| 511 | ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); | 822 | ASN1_INTEGER *BN_to_ASN1_INTEGER(BIGNUM *bn, ASN1_INTEGER *ai); |
| 512 | BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); | 823 | BIGNUM *ASN1_INTEGER_to_BN(ASN1_INTEGER *ai,BIGNUM *bn); |
| 513 | 824 | ||
| 825 | int ASN1_ENUMERATED_set(ASN1_ENUMERATED *a, long v); | ||
| 826 | long ASN1_ENUMERATED_get(ASN1_ENUMERATED *a); | ||
| 827 | ASN1_ENUMERATED *BN_to_ASN1_ENUMERATED(BIGNUM *bn, ASN1_ENUMERATED *ai); | ||
| 828 | BIGNUM *ASN1_ENUMERATED_to_BN(ASN1_ENUMERATED *ai,BIGNUM *bn); | ||
| 829 | |||
| 514 | /* General */ | 830 | /* General */ |
| 515 | /* given a string, return the correct type, max is the maximum length */ | 831 | /* given a string, return the correct type, max is the maximum length */ |
| 516 | int ASN1_PRINTABLE_type(unsigned char *s, int max); | 832 | int ASN1_PRINTABLE_type(unsigned char *s, int max); |
| @@ -518,6 +834,7 @@ int ASN1_PRINTABLE_type(unsigned char *s, int max); | |||
| 518 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); | 834 | int i2d_ASN1_bytes(ASN1_STRING *a, unsigned char **pp, int tag, int xclass); |
| 519 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, | 835 | ASN1_STRING *d2i_ASN1_bytes(ASN1_STRING **a, unsigned char **pp, |
| 520 | long length, int Ptag, int Pclass); | 836 | long length, int Ptag, int Pclass); |
| 837 | unsigned long ASN1_tag2bit(int tag); | ||
| 521 | /* type is one or more of the B_ASN1_ values. */ | 838 | /* type is one or more of the B_ASN1_ values. */ |
| 522 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, | 839 | ASN1_STRING *d2i_ASN1_type_bytes(ASN1_STRING **a,unsigned char **pp, |
| 523 | long length,int type); | 840 | long length,int type); |
| @@ -536,18 +853,32 @@ int ASN1_object_size(int constructed, int length, int tag); | |||
| 536 | /* Used to implement other functions */ | 853 | /* Used to implement other functions */ |
| 537 | char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); | 854 | char *ASN1_dup(int (*i2d)(),char *(*d2i)(),char *x); |
| 538 | 855 | ||
| 539 | #ifndef NO_FP_API | 856 | void *ASN1_item_dup(const ASN1_ITEM *it, void *x); |
| 857 | |||
| 858 | #ifndef OPENSSL_NO_FP_API | ||
| 540 | char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); | 859 | char *ASN1_d2i_fp(char *(*xnew)(),char *(*d2i)(),FILE *fp,unsigned char **x); |
| 860 | void *ASN1_item_d2i_fp(const ASN1_ITEM *it, FILE *in, void *x); | ||
| 541 | int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); | 861 | int ASN1_i2d_fp(int (*i2d)(),FILE *out,unsigned char *x); |
| 862 | int ASN1_item_i2d_fp(const ASN1_ITEM *it, FILE *out, void *x); | ||
| 863 | int ASN1_STRING_print_ex_fp(FILE *fp, ASN1_STRING *str, unsigned long flags); | ||
| 542 | #endif | 864 | #endif |
| 543 | 865 | ||
| 544 | #ifdef HEADER_BIO_H | 866 | int ASN1_STRING_to_UTF8(unsigned char **out, ASN1_STRING *in); |
| 867 | |||
| 868 | #ifndef OPENSSL_NO_BIO | ||
| 545 | char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); | 869 | char *ASN1_d2i_bio(char *(*xnew)(),char *(*d2i)(),BIO *bp,unsigned char **x); |
| 870 | void *ASN1_item_d2i_bio(const ASN1_ITEM *it, BIO *in, void *x); | ||
| 546 | int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); | 871 | int ASN1_i2d_bio(int (*i2d)(),BIO *out,unsigned char *x); |
| 872 | int ASN1_item_i2d_bio(const ASN1_ITEM *it, BIO *out, void *x); | ||
| 547 | int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); | 873 | int ASN1_UTCTIME_print(BIO *fp,ASN1_UTCTIME *a); |
| 874 | int ASN1_GENERALIZEDTIME_print(BIO *fp,ASN1_GENERALIZEDTIME *a); | ||
| 875 | int ASN1_TIME_print(BIO *fp,ASN1_TIME *a); | ||
| 548 | int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); | 876 | int ASN1_STRING_print(BIO *bp,ASN1_STRING *v); |
| 877 | int ASN1_STRING_print_ex(BIO *out, ASN1_STRING *str, unsigned long flags); | ||
| 549 | int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); | 878 | int ASN1_parse(BIO *bp,unsigned char *pp,long len,int indent); |
| 879 | int ASN1_parse_dump(BIO *bp,unsigned char *pp,long len,int indent,int dump); | ||
| 550 | #endif | 880 | #endif |
| 881 | const char *ASN1_tag2str(int tag); | ||
| 551 | 882 | ||
| 552 | /* Used to load and write netscape format cert/key */ | 883 | /* Used to load and write netscape format cert/key */ |
| 553 | int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); | 884 | int i2d_ASN1_HEADER(ASN1_HEADER *a,unsigned char **pp); |
| @@ -557,8 +888,6 @@ void ASN1_HEADER_free(ASN1_HEADER *a); | |||
| 557 | 888 | ||
| 558 | int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); | 889 | int ASN1_UNIVERSALSTRING_to_string(ASN1_UNIVERSALSTRING *s); |
| 559 | 890 | ||
| 560 | void ERR_load_ASN1_strings(void); | ||
| 561 | |||
| 562 | /* Not used that much at this point, except for the first two */ | 891 | /* Not used that much at this point, except for the first two */ |
| 563 | ASN1_METHOD *X509_asn1_meth(void); | 892 | ASN1_METHOD *X509_asn1_meth(void); |
| 564 | ASN1_METHOD *RSAPrivateKey_asn1_meth(void); | 893 | ASN1_METHOD *RSAPrivateKey_asn1_meth(void); |
| @@ -574,286 +903,201 @@ int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, | |||
| 574 | int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, | 903 | int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a,long *num, |
| 575 | unsigned char *data, int max_len); | 904 | unsigned char *data, int max_len); |
| 576 | 905 | ||
| 577 | #else | 906 | STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), |
| 578 | 907 | void (*free_func)(void *) ); | |
| 579 | ASN1_TYPE * ASN1_TYPE_new(); | 908 | unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, |
| 580 | void ASN1_TYPE_free(); | 909 | int *len ); |
| 581 | int i2d_ASN1_TYPE(); | 910 | void *ASN1_unpack_string(ASN1_STRING *oct, char *(*d2i)()); |
| 582 | ASN1_TYPE * d2i_ASN1_TYPE(); | 911 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it); |
| 583 | int ASN1_TYPE_get(); | 912 | ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_OCTET_STRING **oct); |
| 584 | void ASN1_TYPE_set(); | 913 | ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_OCTET_STRING **oct); |
| 585 | 914 | ||
| 586 | ASN1_OBJECT * ASN1_OBJECT_new(); | 915 | void ASN1_STRING_set_default_mask(unsigned long mask); |
| 587 | void ASN1_OBJECT_free(); | 916 | int ASN1_STRING_set_default_mask_asc(char *p); |
| 588 | int i2d_ASN1_OBJECT(); | 917 | unsigned long ASN1_STRING_get_default_mask(void); |
| 589 | ASN1_OBJECT * d2i_ASN1_OBJECT(); | 918 | int ASN1_mbstring_copy(ASN1_STRING **out, const unsigned char *in, int len, |
| 590 | ASN1_STRING * ASN1_STRING_new(); | 919 | int inform, unsigned long mask); |
| 591 | void ASN1_STRING_free(); | 920 | int ASN1_mbstring_ncopy(ASN1_STRING **out, const unsigned char *in, int len, |
| 592 | ASN1_STRING * ASN1_STRING_dup(); | 921 | int inform, unsigned long mask, |
| 593 | ASN1_STRING * ASN1_STRING_type_new(); | 922 | long minsize, long maxsize); |
| 594 | int ASN1_STRING_cmp(); | 923 | |
| 595 | int ASN1_STRING_set(); | 924 | ASN1_STRING *ASN1_STRING_set_by_NID(ASN1_STRING **out, |
| 596 | int i2d_ASN1_BIT_STRING(); | 925 | const unsigned char *in, int inlen, int inform, int nid); |
| 597 | ASN1_BIT_STRING *d2i_ASN1_BIT_STRING(); | 926 | ASN1_STRING_TABLE *ASN1_STRING_TABLE_get(int nid); |
| 598 | int ASN1_BIT_STRING_set_bit(); | 927 | int ASN1_STRING_TABLE_add(int, long, long, unsigned long, unsigned long); |
| 599 | int ASN1_BIT_STRING_get_bit(); | 928 | void ASN1_STRING_TABLE_cleanup(void); |
| 600 | int i2d_ASN1_BOOLEAN(); | 929 | |
| 601 | int d2i_ASN1_BOOLEAN(); | 930 | /* ASN1 template functions */ |
| 602 | int i2d_ASN1_INTEGER(); | 931 | |
| 603 | ASN1_INTEGER *d2i_ASN1_INTEGER(); | 932 | /* Old API compatible functions */ |
| 604 | int ASN1_UTCTIME_check(); | 933 | ASN1_VALUE *ASN1_item_new(const ASN1_ITEM *it); |
| 605 | ASN1_UTCTIME *ASN1_UTCTIME_set(); | 934 | void ASN1_item_free(ASN1_VALUE *val, const ASN1_ITEM *it); |
| 606 | int ASN1_UTCTIME_set_string(); | 935 | ASN1_VALUE * ASN1_item_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it); |
| 607 | int i2d_ASN1_OCTET_STRING(); | 936 | int ASN1_item_i2d(ASN1_VALUE *val, unsigned char **out, const ASN1_ITEM *it); |
| 608 | ASN1_OCTET_STRING *d2i_ASN1_OCTET_STRING(); | 937 | |
| 609 | int i2d_ASN1_PRINTABLE(); | 938 | void ASN1_add_oid_module(void); |
| 610 | ASN1_STRING *d2i_ASN1_PRINTABLE(); | ||
| 611 | ASN1_PRINTABLESTRING *d2i_ASN1_PRINTABLESTRING(); | ||
| 612 | ASN1_T61STRING *d2i_ASN1_T61STRING(); | ||
| 613 | int i2d_ASN1_IA5STRING(); | ||
| 614 | ASN1_IA5STRING *d2i_ASN1_IA5STRING(); | ||
| 615 | int i2d_ASN1_UTCTIME(); | ||
| 616 | ASN1_UTCTIME * d2i_ASN1_UTCTIME(); | ||
| 617 | int i2d_ASN1_SET(); | ||
| 618 | STACK * d2i_ASN1_SET(); | ||
| 619 | int a2d_ASN1_OBJECT(); | ||
| 620 | ASN1_OBJECT *ASN1_OBJECT_create(); | ||
| 621 | int ASN1_INTEGER_set(); | ||
| 622 | long ASN1_INTEGER_get(); | ||
| 623 | ASN1_INTEGER *BN_to_ASN1_INTEGER(); | ||
| 624 | BIGNUM *ASN1_INTEGER_to_BN(); | ||
| 625 | int ASN1_PRINTABLE_type(); | ||
| 626 | int i2d_ASN1_bytes(); | ||
| 627 | ASN1_STRING *d2i_ASN1_bytes(); | ||
| 628 | ASN1_STRING *d2i_ASN1_type_bytes(); | ||
| 629 | int asn1_Finish(); | ||
| 630 | int ASN1_get_object(); | ||
| 631 | int ASN1_check_infinite_end(); | ||
| 632 | void ASN1_put_object(); | ||
| 633 | int ASN1_object_size(); | ||
| 634 | char *ASN1_dup(); | ||
| 635 | #ifndef NO_FP_API | ||
| 636 | char *ASN1_d2i_fp(); | ||
| 637 | int ASN1_i2d_fp(); | ||
| 638 | #endif | ||
| 639 | |||
| 640 | char *ASN1_d2i_bio(); | ||
| 641 | int ASN1_i2d_bio(); | ||
| 642 | int ASN1_UTCTIME_print(); | ||
| 643 | int ASN1_STRING_print(); | ||
| 644 | int ASN1_parse(); | ||
| 645 | int i2a_ASN1_INTEGER(); | ||
| 646 | int a2i_ASN1_INTEGER(); | ||
| 647 | int i2a_ASN1_OBJECT(); | ||
| 648 | int i2t_ASN1_OBJECT(); | ||
| 649 | int a2i_ASN1_STRING(); | ||
| 650 | int i2a_ASN1_STRING(); | ||
| 651 | |||
| 652 | int i2d_ASN1_HEADER(); | ||
| 653 | ASN1_HEADER *d2i_ASN1_HEADER(); | ||
| 654 | ASN1_HEADER *ASN1_HEADER_new(); | ||
| 655 | void ASN1_HEADER_free(); | ||
| 656 | void ERR_load_ASN1_strings(); | ||
| 657 | ASN1_METHOD *X509_asn1_meth(); | ||
| 658 | ASN1_METHOD *RSAPrivateKey_asn1_meth(); | ||
| 659 | ASN1_METHOD *ASN1_IA5STRING_asn1_meth(); | ||
| 660 | ASN1_METHOD *ASN1_BIT_STRING_asn1_meth(); | ||
| 661 | |||
| 662 | int ASN1_UNIVERSALSTRING_to_string(); | ||
| 663 | |||
| 664 | int ASN1_TYPE_set_octetstring(); | ||
| 665 | int ASN1_TYPE_get_octetstring(); | ||
| 666 | int ASN1_TYPE_set_int_octetstring(); | ||
| 667 | int ASN1_TYPE_get_int_octetstring(); | ||
| 668 | |||
| 669 | #endif | ||
| 670 | 939 | ||
| 671 | /* BEGIN ERROR CODES */ | 940 | /* BEGIN ERROR CODES */ |
| 941 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 942 | * made after this point may be overwritten when the script is next run. | ||
| 943 | */ | ||
| 944 | void ERR_load_ASN1_strings(void); | ||
| 945 | |||
| 672 | /* Error codes for the ASN1 functions. */ | 946 | /* Error codes for the ASN1 functions. */ |
| 673 | 947 | ||
| 674 | /* Function codes. */ | 948 | /* Function codes. */ |
| 675 | #define ASN1_F_A2D_ASN1_OBJECT 100 | 949 | #define ASN1_F_A2D_ASN1_OBJECT 100 |
| 676 | #define ASN1_F_A2I_ASN1_INTEGER 101 | 950 | #define ASN1_F_A2I_ASN1_ENUMERATED 101 |
| 677 | #define ASN1_F_A2I_ASN1_STRING 102 | 951 | #define ASN1_F_A2I_ASN1_INTEGER 102 |
| 678 | #define ASN1_F_ASN1_COLLATE_PRIMATIVE 103 | 952 | #define ASN1_F_A2I_ASN1_STRING 103 |
| 679 | #define ASN1_F_ASN1_D2I_BIO 104 | 953 | #define ASN1_F_ASN1_CHECK_TLEN 104 |
| 680 | #define ASN1_F_ASN1_D2I_FP 105 | 954 | #define ASN1_F_ASN1_COLLATE_PRIMITIVE 105 |
| 681 | #define ASN1_F_ASN1_DUP 106 | 955 | #define ASN1_F_ASN1_COLLECT 106 |
| 682 | #define ASN1_F_ASN1_GET_OBJECT 107 | 956 | #define ASN1_F_ASN1_D2I_BIO 107 |
| 683 | #define ASN1_F_ASN1_HEADER_NEW 108 | 957 | #define ASN1_F_ASN1_D2I_EX_PRIMITIVE 108 |
| 684 | #define ASN1_F_ASN1_I2D_BIO 109 | 958 | #define ASN1_F_ASN1_D2I_FP 109 |
| 685 | #define ASN1_F_ASN1_I2D_FP 110 | 959 | #define ASN1_F_ASN1_DO_ADB 110 |
| 686 | #define ASN1_F_ASN1_INTEGER_SET 111 | 960 | #define ASN1_F_ASN1_DUP 111 |
| 687 | #define ASN1_F_ASN1_INTEGER_TO_BN 112 | 961 | #define ASN1_F_ASN1_ENUMERATED_SET 112 |
| 688 | #define ASN1_F_ASN1_OBJECT_NEW 113 | 962 | #define ASN1_F_ASN1_ENUMERATED_TO_BN 113 |
| 689 | #define ASN1_F_ASN1_SIGN 114 | 963 | #define ASN1_F_ASN1_GET_OBJECT 114 |
| 690 | #define ASN1_F_ASN1_STRING_NEW 115 | 964 | #define ASN1_F_ASN1_HEADER_NEW 115 |
| 691 | #define ASN1_F_ASN1_STRING_TYPE_NEW 116 | 965 | #define ASN1_F_ASN1_I2D_BIO 116 |
| 692 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 117 | 966 | #define ASN1_F_ASN1_I2D_FP 117 |
| 693 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 118 | 967 | #define ASN1_F_ASN1_INTEGER_SET 118 |
| 694 | #define ASN1_F_ASN1_TYPE_NEW 119 | 968 | #define ASN1_F_ASN1_INTEGER_TO_BN 119 |
| 695 | #define ASN1_F_ASN1_UTCTIME_NEW 120 | 969 | #define ASN1_F_ASN1_ITEM_EX_D2I 120 |
| 696 | #define ASN1_F_ASN1_VERIFY 121 | 970 | #define ASN1_F_ASN1_ITEM_NEW 121 |
| 697 | #define ASN1_F_BN_TO_ASN1_INTEGER 122 | 971 | #define ASN1_F_ASN1_MBSTRING_COPY 122 |
| 698 | #define ASN1_F_D2I_ASN1_BIT_STRING 123 | 972 | #define ASN1_F_ASN1_OBJECT_NEW 123 |
| 699 | #define ASN1_F_D2I_ASN1_BMPSTRING 124 | 973 | #define ASN1_F_ASN1_PACK_STRING 124 |
| 700 | #define ASN1_F_D2I_ASN1_BOOLEAN 125 | 974 | #define ASN1_F_ASN1_PBE_SET 125 |
| 701 | #define ASN1_F_D2I_ASN1_BYTES 126 | 975 | #define ASN1_F_ASN1_SEQ_PACK 126 |
| 702 | #define ASN1_F_D2I_ASN1_HEADER 127 | 976 | #define ASN1_F_ASN1_SEQ_UNPACK 127 |
| 703 | #define ASN1_F_D2I_ASN1_INTEGER 128 | 977 | #define ASN1_F_ASN1_SIGN 128 |
| 704 | #define ASN1_F_D2I_ASN1_OBJECT 129 | 978 | #define ASN1_F_ASN1_STRING_TABLE_ADD 129 |
| 705 | #define ASN1_F_D2I_ASN1_OCTET_STRING 130 | 979 | #define ASN1_F_ASN1_STRING_TYPE_NEW 130 |
| 706 | #define ASN1_F_D2I_ASN1_PRINT_TYPE 131 | 980 | #define ASN1_F_ASN1_TEMPLATE_D2I 131 |
| 707 | #define ASN1_F_D2I_ASN1_SET 132 | 981 | #define ASN1_F_ASN1_TEMPLATE_EX_D2I 132 |
| 708 | #define ASN1_F_D2I_ASN1_TYPE 133 | 982 | #define ASN1_F_ASN1_TEMPLATE_NEW 133 |
| 709 | #define ASN1_F_D2I_ASN1_TYPE_BYTES 134 | 983 | #define ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING 134 |
| 710 | #define ASN1_F_D2I_ASN1_UTCTIME 135 | 984 | #define ASN1_F_ASN1_TYPE_GET_OCTETSTRING 135 |
| 711 | #define ASN1_F_D2I_DHPARAMS 136 | 985 | #define ASN1_F_ASN1_UNPACK_STRING 136 |
| 712 | #define ASN1_F_D2I_DSAPARAMS 137 | 986 | #define ASN1_F_ASN1_VERIFY 137 |
| 713 | #define ASN1_F_D2I_DSAPRIVATEKEY 138 | 987 | #define ASN1_F_BN_TO_ASN1_ENUMERATED 138 |
| 714 | #define ASN1_F_D2I_DSAPUBLICKEY 139 | 988 | #define ASN1_F_BN_TO_ASN1_INTEGER 139 |
| 715 | #define ASN1_F_D2I_NETSCAPE_PKEY 140 | 989 | #define ASN1_F_COLLECT_DATA 140 |
| 716 | #define ASN1_F_D2I_NETSCAPE_RSA 141 | 990 | #define ASN1_F_D2I_ASN1_BIT_STRING 141 |
| 717 | #define ASN1_F_D2I_NETSCAPE_RSA_2 142 | 991 | #define ASN1_F_D2I_ASN1_BOOLEAN 142 |
| 718 | #define ASN1_F_D2I_NETSCAPE_SPKAC 143 | 992 | #define ASN1_F_D2I_ASN1_BYTES 143 |
| 719 | #define ASN1_F_D2I_NETSCAPE_SPKI 144 | 993 | #define ASN1_F_D2I_ASN1_GENERALIZEDTIME 144 |
| 720 | #define ASN1_F_D2I_PKCS7 145 | 994 | #define ASN1_F_D2I_ASN1_HEADER 145 |
| 721 | #define ASN1_F_D2I_PKCS7_DIGEST 146 | 995 | #define ASN1_F_D2I_ASN1_INTEGER 146 |
| 722 | #define ASN1_F_D2I_PKCS7_ENCRYPT 147 | 996 | #define ASN1_F_D2I_ASN1_OBJECT 147 |
| 723 | #define ASN1_F_D2I_PKCS7_ENC_CONTENT 148 | 997 | #define ASN1_F_D2I_ASN1_SET 148 |
| 724 | #define ASN1_F_D2I_PKCS7_ENVELOPE 149 | 998 | #define ASN1_F_D2I_ASN1_TYPE_BYTES 149 |
| 725 | #define ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL 150 | 999 | #define ASN1_F_D2I_ASN1_UINTEGER 150 |
| 726 | #define ASN1_F_D2I_PKCS7_RECIP_INFO 151 | 1000 | #define ASN1_F_D2I_ASN1_UTCTIME 151 |
| 727 | #define ASN1_F_D2I_PKCS7_SIGNED 152 | 1001 | #define ASN1_F_D2I_NETSCAPE_RSA 152 |
| 728 | #define ASN1_F_D2I_PKCS7_SIGNER_INFO 153 | 1002 | #define ASN1_F_D2I_NETSCAPE_RSA_2 153 |
| 729 | #define ASN1_F_D2I_PKCS7_SIGN_ENVELOPE 154 | 1003 | #define ASN1_F_D2I_PRIVATEKEY 154 |
| 730 | #define ASN1_F_D2I_PRIVATEKEY 155 | 1004 | #define ASN1_F_D2I_PUBLICKEY 155 |
| 731 | #define ASN1_F_D2I_PUBLICKEY 156 | 1005 | #define ASN1_F_D2I_X509 156 |
| 732 | #define ASN1_F_D2I_RSAPRIVATEKEY 157 | 1006 | #define ASN1_F_D2I_X509_CINF 157 |
| 733 | #define ASN1_F_D2I_RSAPUBLICKEY 158 | 1007 | #define ASN1_F_D2I_X509_NAME 158 |
| 734 | #define ASN1_F_D2I_X509 159 | 1008 | #define ASN1_F_D2I_X509_PKEY 159 |
| 735 | #define ASN1_F_D2I_X509_ALGOR 160 | 1009 | #define ASN1_F_I2D_ASN1_TIME 160 |
| 736 | #define ASN1_F_D2I_X509_ATTRIBUTE 161 | 1010 | #define ASN1_F_I2D_DSA_PUBKEY 161 |
| 737 | #define ASN1_F_D2I_X509_CINF 162 | 1011 | #define ASN1_F_I2D_NETSCAPE_RSA 162 |
| 738 | #define ASN1_F_D2I_X509_CRL 163 | 1012 | #define ASN1_F_I2D_PRIVATEKEY 163 |
| 739 | #define ASN1_F_D2I_X509_CRL_INFO 164 | 1013 | #define ASN1_F_I2D_PUBLICKEY 164 |
| 740 | #define ASN1_F_D2I_X509_EXTENSION 165 | 1014 | #define ASN1_F_I2D_RSA_PUBKEY 165 |
| 741 | #define ASN1_F_D2I_X509_KEY 166 | 1015 | #define ASN1_F_LONG_C2I 166 |
| 742 | #define ASN1_F_D2I_X509_NAME 167 | 1016 | #define ASN1_F_OID_MODULE_INIT 174 |
| 743 | #define ASN1_F_D2I_X509_NAME_ENTRY 168 | 1017 | #define ASN1_F_PKCS5_PBE2_SET 167 |
| 744 | #define ASN1_F_D2I_X509_PKEY 169 | 1018 | #define ASN1_F_X509_CINF_NEW 168 |
| 745 | #define ASN1_F_D2I_X509_PUBKEY 170 | 1019 | #define ASN1_F_X509_CRL_ADD0_REVOKED 169 |
| 746 | #define ASN1_F_D2I_X509_REQ 171 | 1020 | #define ASN1_F_X509_INFO_NEW 170 |
| 747 | #define ASN1_F_D2I_X509_REQ_INFO 172 | 1021 | #define ASN1_F_X509_NAME_NEW 171 |
| 748 | #define ASN1_F_D2I_X509_REVOKED 173 | 1022 | #define ASN1_F_X509_NEW 172 |
| 749 | #define ASN1_F_D2I_X509_SIG 174 | 1023 | #define ASN1_F_X509_PKEY_NEW 173 |
| 750 | #define ASN1_F_D2I_X509_VAL 175 | ||
| 751 | #define ASN1_F_I2D_ASN1_HEADER 176 | ||
| 752 | #define ASN1_F_I2D_DHPARAMS 177 | ||
| 753 | #define ASN1_F_I2D_DSAPARAMS 178 | ||
| 754 | #define ASN1_F_I2D_DSAPRIVATEKEY 179 | ||
| 755 | #define ASN1_F_I2D_DSAPUBLICKEY 180 | ||
| 756 | #define ASN1_F_I2D_NETSCAPE_RSA 181 | ||
| 757 | #define ASN1_F_I2D_PKCS7 182 | ||
| 758 | #define ASN1_F_I2D_PRIVATEKEY 183 | ||
| 759 | #define ASN1_F_I2D_PUBLICKEY 184 | ||
| 760 | #define ASN1_F_I2D_RSAPRIVATEKEY 185 | ||
| 761 | #define ASN1_F_I2D_RSAPUBLICKEY 186 | ||
| 762 | #define ASN1_F_I2D_X509_ATTRIBUTE 187 | ||
| 763 | #define ASN1_F_I2T_ASN1_OBJECT 188 | ||
| 764 | #define ASN1_F_NETSCAPE_PKEY_NEW 189 | ||
| 765 | #define ASN1_F_NETSCAPE_SPKAC_NEW 190 | ||
| 766 | #define ASN1_F_NETSCAPE_SPKI_NEW 191 | ||
| 767 | #define ASN1_F_PKCS7_DIGEST_NEW 192 | ||
| 768 | #define ASN1_F_PKCS7_ENCRYPT_NEW 193 | ||
| 769 | #define ASN1_F_PKCS7_ENC_CONTENT_NEW 194 | ||
| 770 | #define ASN1_F_PKCS7_ENVELOPE_NEW 195 | ||
| 771 | #define ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW 196 | ||
| 772 | #define ASN1_F_PKCS7_NEW 197 | ||
| 773 | #define ASN1_F_PKCS7_RECIP_INFO_NEW 198 | ||
| 774 | #define ASN1_F_PKCS7_SIGNED_NEW 199 | ||
| 775 | #define ASN1_F_PKCS7_SIGNER_INFO_NEW 200 | ||
| 776 | #define ASN1_F_PKCS7_SIGN_ENVELOPE_NEW 201 | ||
| 777 | #define ASN1_F_X509_ALGOR_NEW 202 | ||
| 778 | #define ASN1_F_X509_ATTRIBUTE_NEW 203 | ||
| 779 | #define ASN1_F_X509_CINF_NEW 204 | ||
| 780 | #define ASN1_F_X509_CRL_INFO_NEW 205 | ||
| 781 | #define ASN1_F_X509_CRL_NEW 206 | ||
| 782 | #define ASN1_F_X509_DHPARAMS_NEW 207 | ||
| 783 | #define ASN1_F_X509_EXTENSION_NEW 208 | ||
| 784 | #define ASN1_F_X509_INFO_NEW 209 | ||
| 785 | #define ASN1_F_X509_KEY_NEW 210 | ||
| 786 | #define ASN1_F_X509_NAME_ENTRY_NEW 211 | ||
| 787 | #define ASN1_F_X509_NAME_NEW 212 | ||
| 788 | #define ASN1_F_X509_NEW 213 | ||
| 789 | #define ASN1_F_X509_PKEY_NEW 214 | ||
| 790 | #define ASN1_F_X509_PUBKEY_NEW 215 | ||
| 791 | #define ASN1_F_X509_REQ_INFO_NEW 216 | ||
| 792 | #define ASN1_F_X509_REQ_NEW 217 | ||
| 793 | #define ASN1_F_X509_REVOKED_NEW 218 | ||
| 794 | #define ASN1_F_X509_SIG_NEW 219 | ||
| 795 | #define ASN1_F_X509_VAL_FREE 220 | ||
| 796 | #define ASN1_F_X509_VAL_NEW 221 | ||
| 797 | 1024 | ||
| 798 | /* Reason codes. */ | 1025 | /* Reason codes. */ |
| 799 | #define ASN1_R_BAD_CLASS 100 | 1026 | #define ASN1_R_ADDING_OBJECT 171 |
| 800 | #define ASN1_R_BAD_GET_OBJECT 101 | 1027 | #define ASN1_R_AUX_ERROR 100 |
| 1028 | #define ASN1_R_BAD_CLASS 101 | ||
| 801 | #define ASN1_R_BAD_OBJECT_HEADER 102 | 1029 | #define ASN1_R_BAD_OBJECT_HEADER 102 |
| 802 | #define ASN1_R_BAD_PASSWORD_READ 103 | 1030 | #define ASN1_R_BAD_PASSWORD_READ 103 |
| 803 | #define ASN1_R_BAD_PKCS7_CONTENT 104 | 1031 | #define ASN1_R_BAD_TAG 104 |
| 804 | #define ASN1_R_BAD_PKCS7_TYPE 105 | 1032 | #define ASN1_R_BN_LIB 105 |
| 805 | #define ASN1_R_BAD_TAG 106 | 1033 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 106 |
| 806 | #define ASN1_R_BAD_TYPE 107 | 1034 | #define ASN1_R_BUFFER_TOO_SMALL 107 |
| 807 | #define ASN1_R_BN_LIB 108 | 1035 | #define ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 108 |
| 808 | #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 109 | 1036 | #define ASN1_R_DATA_IS_WRONG 109 |
| 809 | #define ASN1_R_BUFFER_TOO_SMALL 110 | 1037 | #define ASN1_R_DECODE_ERROR 110 |
| 810 | #define ASN1_R_DATA_IS_WRONG 111 | 1038 | #define ASN1_R_DECODING_ERROR 111 |
| 811 | #define ASN1_R_DECODING_ERROR 112 | 1039 | #define ASN1_R_ENCODE_ERROR 112 |
| 812 | #define ASN1_R_ERROR_STACK 113 | 1040 | #define ASN1_R_ERROR_LOADING_SECTION 172 |
| 813 | #define ASN1_R_EXPECTING_AN_INTEGER 114 | 1041 | #define ASN1_R_ERROR_PARSING_SET_ELEMENT 113 |
| 814 | #define ASN1_R_EXPECTING_AN_OBJECT 115 | 1042 | #define ASN1_R_ERROR_SETTING_CIPHER_PARAMS 114 |
| 815 | #define ASN1_R_EXPECTING_AN_OCTET_STRING 116 | 1043 | #define ASN1_R_EXPECTING_AN_INTEGER 115 |
| 816 | #define ASN1_R_EXPECTING_A_BIT_STRING 117 | 1044 | #define ASN1_R_EXPECTING_AN_OBJECT 116 |
| 817 | #define ASN1_R_EXPECTING_A_BOOLEAN 118 | 1045 | #define ASN1_R_EXPECTING_A_BOOLEAN 117 |
| 818 | #define ASN1_R_EXPECTING_A_SEQUENCE 119 | 1046 | #define ASN1_R_EXPECTING_A_TIME 118 |
| 819 | #define ASN1_R_EXPECTING_A_UTCTIME 120 | 1047 | #define ASN1_R_EXPLICIT_LENGTH_MISMATCH 119 |
| 820 | #define ASN1_R_FIRST_NUM_TOO_LARGE 121 | 1048 | #define ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED 120 |
| 821 | #define ASN1_R_HEADER_TOO_LONG 122 | 1049 | #define ASN1_R_FIELD_MISSING 121 |
| 822 | #define ASN1_R_INVALID_DIGIT 123 | 1050 | #define ASN1_R_FIRST_NUM_TOO_LARGE 122 |
| 823 | #define ASN1_R_INVALID_SEPARATOR 124 | 1051 | #define ASN1_R_HEADER_TOO_LONG 123 |
| 824 | #define ASN1_R_INVALID_TIME_FORMAT 125 | 1052 | #define ASN1_R_ILLEGAL_CHARACTERS 124 |
| 825 | #define ASN1_R_IV_TOO_LARGE 126 | 1053 | #define ASN1_R_ILLEGAL_NULL 125 |
| 826 | #define ASN1_R_LENGTH_ERROR 127 | 1054 | #define ASN1_R_ILLEGAL_OPTIONAL_ANY 126 |
| 827 | #define ASN1_R_LENGTH_MISMATCH 128 | 1055 | #define ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE 170 |
| 828 | #define ASN1_R_MISSING_EOS 129 | 1056 | #define ASN1_R_ILLEGAL_TAGGED_ANY 127 |
| 829 | #define ASN1_R_MISSING_SECOND_NUMBER 130 | 1057 | #define ASN1_R_INTEGER_TOO_LARGE_FOR_LONG 128 |
| 830 | #define ASN1_R_NON_HEX_CHARACTERS 131 | 1058 | #define ASN1_R_INVALID_BMPSTRING_LENGTH 129 |
| 831 | #define ASN1_R_NOT_ENOUGH_DATA 132 | 1059 | #define ASN1_R_INVALID_DIGIT 130 |
| 832 | #define ASN1_R_ODD_NUMBER_OF_CHARS 133 | 1060 | #define ASN1_R_INVALID_SEPARATOR 131 |
| 833 | #define ASN1_R_PARSING 134 | 1061 | #define ASN1_R_INVALID_TIME_FORMAT 132 |
| 834 | #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 135 | 1062 | #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 133 |
| 835 | #define ASN1_R_SECOND_NUMBER_TOO_LARGE 136 | 1063 | #define ASN1_R_INVALID_UTF8STRING 134 |
| 836 | #define ASN1_R_SHORT_LINE 137 | 1064 | #define ASN1_R_IV_TOO_LARGE 135 |
| 837 | #define ASN1_R_STRING_TOO_SHORT 138 | 1065 | #define ASN1_R_LENGTH_ERROR 136 |
| 838 | #define ASN1_R_TAG_VALUE_TOO_HIGH 139 | 1066 | #define ASN1_R_MISSING_EOC 137 |
| 839 | #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 140 | 1067 | #define ASN1_R_MISSING_SECOND_NUMBER 138 |
| 840 | #define ASN1_R_TOO_LONG 141 | 1068 | #define ASN1_R_MSTRING_NOT_UNIVERSAL 139 |
| 841 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 142 | 1069 | #define ASN1_R_MSTRING_WRONG_TAG 140 |
| 842 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 143 | 1070 | #define ASN1_R_NON_HEX_CHARACTERS 141 |
| 843 | #define ASN1_R_UNKNOWN_ATTRIBUTE_TYPE 144 | 1071 | #define ASN1_R_NOT_ENOUGH_DATA 142 |
| 844 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 145 | 1072 | #define ASN1_R_NO_MATCHING_CHOICE_TYPE 143 |
| 845 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 146 | 1073 | #define ASN1_R_NULL_IS_WRONG_LENGTH 144 |
| 846 | #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 147 | 1074 | #define ASN1_R_ODD_NUMBER_OF_CHARS 145 |
| 847 | #define ASN1_R_UNSUPPORTED_CIPHER 148 | 1075 | #define ASN1_R_PRIVATE_KEY_HEADER_MISSING 146 |
| 848 | #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 149 | 1076 | #define ASN1_R_SECOND_NUMBER_TOO_LARGE 147 |
| 849 | #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 150 | 1077 | #define ASN1_R_SEQUENCE_LENGTH_MISMATCH 148 |
| 850 | #define ASN1_R_UTCTIME_TOO_LONG 151 | 1078 | #define ASN1_R_SEQUENCE_NOT_CONSTRUCTED 149 |
| 851 | #define ASN1_R_WRONG_PRINTABLE_TYPE 152 | 1079 | #define ASN1_R_SHORT_LINE 150 |
| 852 | #define ASN1_R_WRONG_TAG 153 | 1080 | #define ASN1_R_STRING_TOO_LONG 151 |
| 853 | #define ASN1_R_WRONG_TYPE 154 | 1081 | #define ASN1_R_STRING_TOO_SHORT 152 |
| 854 | 1082 | #define ASN1_R_TAG_VALUE_TOO_HIGH 153 | |
| 1083 | #define ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 154 | ||
| 1084 | #define ASN1_R_TOO_LONG 155 | ||
| 1085 | #define ASN1_R_TYPE_NOT_CONSTRUCTED 156 | ||
| 1086 | #define ASN1_R_UNABLE_TO_DECODE_RSA_KEY 157 | ||
| 1087 | #define ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY 158 | ||
| 1088 | #define ASN1_R_UNEXPECTED_EOC 159 | ||
| 1089 | #define ASN1_R_UNKNOWN_FORMAT 160 | ||
| 1090 | #define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 161 | ||
| 1091 | #define ASN1_R_UNKNOWN_OBJECT_TYPE 162 | ||
| 1092 | #define ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE 163 | ||
| 1093 | #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 164 | ||
| 1094 | #define ASN1_R_UNSUPPORTED_CIPHER 165 | ||
| 1095 | #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 166 | ||
| 1096 | #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 167 | ||
| 1097 | #define ASN1_R_WRONG_TAG 168 | ||
| 1098 | #define ASN1_R_WRONG_TYPE 169 | ||
| 1099 | |||
| 855 | #ifdef __cplusplus | 1100 | #ifdef __cplusplus |
| 856 | } | 1101 | } |
| 857 | #endif | 1102 | #endif |
| 858 | #endif | 1103 | #endif |
| 859 | |||
diff --git a/src/lib/libcrypto/asn1/asn1_err.c b/src/lib/libcrypto/asn1/asn1_err.c index 03c2858e7d..c4c3d2a91d 100644 --- a/src/lib/libcrypto/asn1/asn1_err.c +++ b/src/lib/libcrypto/asn1/asn1_err.c | |||
| @@ -1,263 +1,237 @@ | |||
| 1 | /* lib/asn1/asn1_err.c */ | 1 | /* crypto/asn1/asn1_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "asn1.h" | 63 | #include <openssl/asn1.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA ASN1_str_functs[]= | 67 | static ERR_STRING_DATA ASN1_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, | 69 | {ERR_PACK(0,ASN1_F_A2D_ASN1_OBJECT,0), "a2d_ASN1_OBJECT"}, |
| 70 | {ERR_PACK(0,ASN1_F_A2I_ASN1_ENUMERATED,0), "a2i_ASN1_ENUMERATED"}, | ||
| 67 | {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, | 71 | {ERR_PACK(0,ASN1_F_A2I_ASN1_INTEGER,0), "a2i_ASN1_INTEGER"}, |
| 68 | {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, | 72 | {ERR_PACK(0,ASN1_F_A2I_ASN1_STRING,0), "a2i_ASN1_STRING"}, |
| 69 | {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMATIVE,0), "ASN1_COLLATE_PRIMATIVE"}, | 73 | {ERR_PACK(0,ASN1_F_ASN1_CHECK_TLEN,0), "ASN1_CHECK_TLEN"}, |
| 74 | {ERR_PACK(0,ASN1_F_ASN1_COLLATE_PRIMITIVE,0), "ASN1_COLLATE_PRIMITIVE"}, | ||
| 75 | {ERR_PACK(0,ASN1_F_ASN1_COLLECT,0), "ASN1_COLLECT"}, | ||
| 70 | {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, | 76 | {ERR_PACK(0,ASN1_F_ASN1_D2I_BIO,0), "ASN1_d2i_bio"}, |
| 77 | {ERR_PACK(0,ASN1_F_ASN1_D2I_EX_PRIMITIVE,0), "ASN1_D2I_EX_PRIMITIVE"}, | ||
| 71 | {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, | 78 | {ERR_PACK(0,ASN1_F_ASN1_D2I_FP,0), "ASN1_d2i_fp"}, |
| 79 | {ERR_PACK(0,ASN1_F_ASN1_DO_ADB,0), "ASN1_DO_ADB"}, | ||
| 72 | {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, | 80 | {ERR_PACK(0,ASN1_F_ASN1_DUP,0), "ASN1_dup"}, |
| 81 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_SET,0), "ASN1_ENUMERATED_set"}, | ||
| 82 | {ERR_PACK(0,ASN1_F_ASN1_ENUMERATED_TO_BN,0), "ASN1_ENUMERATED_to_BN"}, | ||
| 73 | {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, | 83 | {ERR_PACK(0,ASN1_F_ASN1_GET_OBJECT,0), "ASN1_get_object"}, |
| 74 | {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, | 84 | {ERR_PACK(0,ASN1_F_ASN1_HEADER_NEW,0), "ASN1_HEADER_new"}, |
| 75 | {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, | 85 | {ERR_PACK(0,ASN1_F_ASN1_I2D_BIO,0), "ASN1_i2d_bio"}, |
| 76 | {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, | 86 | {ERR_PACK(0,ASN1_F_ASN1_I2D_FP,0), "ASN1_i2d_fp"}, |
| 77 | {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, | 87 | {ERR_PACK(0,ASN1_F_ASN1_INTEGER_SET,0), "ASN1_INTEGER_set"}, |
| 78 | {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, | 88 | {ERR_PACK(0,ASN1_F_ASN1_INTEGER_TO_BN,0), "ASN1_INTEGER_to_BN"}, |
| 89 | {ERR_PACK(0,ASN1_F_ASN1_ITEM_EX_D2I,0), "ASN1_ITEM_EX_D2I"}, | ||
| 90 | {ERR_PACK(0,ASN1_F_ASN1_ITEM_NEW,0), "ASN1_item_new"}, | ||
| 91 | {ERR_PACK(0,ASN1_F_ASN1_MBSTRING_COPY,0), "ASN1_mbstring_copy"}, | ||
| 79 | {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, | 92 | {ERR_PACK(0,ASN1_F_ASN1_OBJECT_NEW,0), "ASN1_OBJECT_new"}, |
| 80 | {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_SIGN"}, | 93 | {ERR_PACK(0,ASN1_F_ASN1_PACK_STRING,0), "ASN1_pack_string"}, |
| 81 | {ERR_PACK(0,ASN1_F_ASN1_STRING_NEW,0), "ASN1_STRING_new"}, | 94 | {ERR_PACK(0,ASN1_F_ASN1_PBE_SET,0), "ASN1_PBE_SET"}, |
| 95 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_PACK,0), "ASN1_seq_pack"}, | ||
| 96 | {ERR_PACK(0,ASN1_F_ASN1_SEQ_UNPACK,0), "ASN1_seq_unpack"}, | ||
| 97 | {ERR_PACK(0,ASN1_F_ASN1_SIGN,0), "ASN1_sign"}, | ||
| 98 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TABLE_ADD,0), "ASN1_STRING_TABLE_add"}, | ||
| 82 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, | 99 | {ERR_PACK(0,ASN1_F_ASN1_STRING_TYPE_NEW,0), "ASN1_STRING_type_new"}, |
| 100 | {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_D2I,0), "ASN1_TEMPLATE_D2I"}, | ||
| 101 | {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_EX_D2I,0), "ASN1_TEMPLATE_EX_D2I"}, | ||
| 102 | {ERR_PACK(0,ASN1_F_ASN1_TEMPLATE_NEW,0), "ASN1_TEMPLATE_NEW"}, | ||
| 83 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, | 103 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,0), "ASN1_TYPE_get_int_octetstring"}, |
| 84 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, | 104 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_GET_OCTETSTRING,0), "ASN1_TYPE_get_octetstring"}, |
| 85 | {ERR_PACK(0,ASN1_F_ASN1_TYPE_NEW,0), "ASN1_TYPE_new"}, | 105 | {ERR_PACK(0,ASN1_F_ASN1_UNPACK_STRING,0), "ASN1_unpack_string"}, |
| 86 | {ERR_PACK(0,ASN1_F_ASN1_UTCTIME_NEW,0), "ASN1_UTCTIME_NEW"}, | 106 | {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_verify"}, |
| 87 | {ERR_PACK(0,ASN1_F_ASN1_VERIFY,0), "ASN1_VERIFY"}, | 107 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_ENUMERATED,0), "BN_to_ASN1_ENUMERATED"}, |
| 88 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, | 108 | {ERR_PACK(0,ASN1_F_BN_TO_ASN1_INTEGER,0), "BN_to_ASN1_INTEGER"}, |
| 89 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "d2i_ASN1_BIT_STRING"}, | 109 | {ERR_PACK(0,ASN1_F_COLLECT_DATA,0), "COLLECT_DATA"}, |
| 90 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BMPSTRING,0), "D2I_ASN1_BMPSTRING"}, | 110 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BIT_STRING,0), "D2I_ASN1_BIT_STRING"}, |
| 91 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, | 111 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BOOLEAN,0), "d2i_ASN1_BOOLEAN"}, |
| 92 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, | 112 | {ERR_PACK(0,ASN1_F_D2I_ASN1_BYTES,0), "d2i_ASN1_bytes"}, |
| 113 | {ERR_PACK(0,ASN1_F_D2I_ASN1_GENERALIZEDTIME,0), "D2I_ASN1_GENERALIZEDTIME"}, | ||
| 93 | {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, | 114 | {ERR_PACK(0,ASN1_F_D2I_ASN1_HEADER,0), "d2i_ASN1_HEADER"}, |
| 94 | {ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "d2i_ASN1_INTEGER"}, | 115 | {ERR_PACK(0,ASN1_F_D2I_ASN1_INTEGER,0), "D2I_ASN1_INTEGER"}, |
| 95 | {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, | 116 | {ERR_PACK(0,ASN1_F_D2I_ASN1_OBJECT,0), "d2i_ASN1_OBJECT"}, |
| 96 | {ERR_PACK(0,ASN1_F_D2I_ASN1_OCTET_STRING,0), "d2i_ASN1_OCTET_STRING"}, | ||
| 97 | {ERR_PACK(0,ASN1_F_D2I_ASN1_PRINT_TYPE,0), "D2I_ASN1_PRINT_TYPE"}, | ||
| 98 | {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, | 117 | {ERR_PACK(0,ASN1_F_D2I_ASN1_SET,0), "d2i_ASN1_SET"}, |
| 99 | {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE,0), "d2i_ASN1_TYPE"}, | ||
| 100 | {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, | 118 | {ERR_PACK(0,ASN1_F_D2I_ASN1_TYPE_BYTES,0), "d2i_ASN1_type_bytes"}, |
| 101 | {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "d2i_ASN1_UTCTIME"}, | 119 | {ERR_PACK(0,ASN1_F_D2I_ASN1_UINTEGER,0), "d2i_ASN1_UINTEGER"}, |
| 102 | {ERR_PACK(0,ASN1_F_D2I_DHPARAMS,0), "D2I_DHPARAMS"}, | 120 | {ERR_PACK(0,ASN1_F_D2I_ASN1_UTCTIME,0), "D2I_ASN1_UTCTIME"}, |
| 103 | {ERR_PACK(0,ASN1_F_D2I_DSAPARAMS,0), "D2I_DSAPARAMS"}, | 121 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "d2i_Netscape_RSA"}, |
| 104 | {ERR_PACK(0,ASN1_F_D2I_DSAPRIVATEKEY,0), "D2I_DSAPRIVATEKEY"}, | ||
| 105 | {ERR_PACK(0,ASN1_F_D2I_DSAPUBLICKEY,0), "D2I_DSAPUBLICKEY"}, | ||
| 106 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_PKEY,0), "D2I_NETSCAPE_PKEY"}, | ||
| 107 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA,0), "D2I_NETSCAPE_RSA"}, | ||
| 108 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, | 122 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_RSA_2,0), "D2I_NETSCAPE_RSA_2"}, |
| 109 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKAC,0), "D2I_NETSCAPE_SPKAC"}, | 123 | {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "d2i_PrivateKey"}, |
| 110 | {ERR_PACK(0,ASN1_F_D2I_NETSCAPE_SPKI,0), "D2I_NETSCAPE_SPKI"}, | 124 | {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "d2i_PublicKey"}, |
| 111 | {ERR_PACK(0,ASN1_F_D2I_PKCS7,0), "D2I_PKCS7"}, | ||
| 112 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_DIGEST,0), "D2I_PKCS7_DIGEST"}, | ||
| 113 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENCRYPT,0), "D2I_PKCS7_ENCRYPT"}, | ||
| 114 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENC_CONTENT,0), "D2I_PKCS7_ENC_CONTENT"}, | ||
| 115 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_ENVELOPE,0), "D2I_PKCS7_ENVELOPE"}, | ||
| 116 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_ISSUER_AND_SERIAL,0), "D2I_PKCS7_ISSUER_AND_SERIAL"}, | ||
| 117 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_RECIP_INFO,0), "D2I_PKCS7_RECIP_INFO"}, | ||
| 118 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNED,0), "D2I_PKCS7_SIGNED"}, | ||
| 119 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGNER_INFO,0), "D2I_PKCS7_SIGNER_INFO"}, | ||
| 120 | {ERR_PACK(0,ASN1_F_D2I_PKCS7_SIGN_ENVELOPE,0), "D2I_PKCS7_SIGN_ENVELOPE"}, | ||
| 121 | {ERR_PACK(0,ASN1_F_D2I_PRIVATEKEY,0), "D2I_PRIVATEKEY"}, | ||
| 122 | {ERR_PACK(0,ASN1_F_D2I_PUBLICKEY,0), "D2I_PUBLICKEY"}, | ||
| 123 | {ERR_PACK(0,ASN1_F_D2I_RSAPRIVATEKEY,0), "D2I_RSAPRIVATEKEY"}, | ||
| 124 | {ERR_PACK(0,ASN1_F_D2I_RSAPUBLICKEY,0), "D2I_RSAPUBLICKEY"}, | ||
| 125 | {ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, | 125 | {ERR_PACK(0,ASN1_F_D2I_X509,0), "D2I_X509"}, |
| 126 | {ERR_PACK(0,ASN1_F_D2I_X509_ALGOR,0), "D2I_X509_ALGOR"}, | ||
| 127 | {ERR_PACK(0,ASN1_F_D2I_X509_ATTRIBUTE,0), "D2I_X509_ATTRIBUTE"}, | ||
| 128 | {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, | 126 | {ERR_PACK(0,ASN1_F_D2I_X509_CINF,0), "D2I_X509_CINF"}, |
| 129 | {ERR_PACK(0,ASN1_F_D2I_X509_CRL,0), "D2I_X509_CRL"}, | ||
| 130 | {ERR_PACK(0,ASN1_F_D2I_X509_CRL_INFO,0), "D2I_X509_CRL_INFO"}, | ||
| 131 | {ERR_PACK(0,ASN1_F_D2I_X509_EXTENSION,0), "D2I_X509_EXTENSION"}, | ||
| 132 | {ERR_PACK(0,ASN1_F_D2I_X509_KEY,0), "D2I_X509_KEY"}, | ||
| 133 | {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, | 127 | {ERR_PACK(0,ASN1_F_D2I_X509_NAME,0), "D2I_X509_NAME"}, |
| 134 | {ERR_PACK(0,ASN1_F_D2I_X509_NAME_ENTRY,0), "D2I_X509_NAME_ENTRY"}, | 128 | {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "d2i_X509_PKEY"}, |
| 135 | {ERR_PACK(0,ASN1_F_D2I_X509_PKEY,0), "D2I_X509_PKEY"}, | 129 | {ERR_PACK(0,ASN1_F_I2D_ASN1_TIME,0), "I2D_ASN1_TIME"}, |
| 136 | {ERR_PACK(0,ASN1_F_D2I_X509_PUBKEY,0), "D2I_X509_PUBKEY"}, | 130 | {ERR_PACK(0,ASN1_F_I2D_DSA_PUBKEY,0), "i2d_DSA_PUBKEY"}, |
| 137 | {ERR_PACK(0,ASN1_F_D2I_X509_REQ,0), "D2I_X509_REQ"}, | 131 | {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "i2d_Netscape_RSA"}, |
| 138 | {ERR_PACK(0,ASN1_F_D2I_X509_REQ_INFO,0), "D2I_X509_REQ_INFO"}, | 132 | {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "i2d_PrivateKey"}, |
| 139 | {ERR_PACK(0,ASN1_F_D2I_X509_REVOKED,0), "D2I_X509_REVOKED"}, | 133 | {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "i2d_PublicKey"}, |
| 140 | {ERR_PACK(0,ASN1_F_D2I_X509_SIG,0), "D2I_X509_SIG"}, | 134 | {ERR_PACK(0,ASN1_F_I2D_RSA_PUBKEY,0), "i2d_RSA_PUBKEY"}, |
| 141 | {ERR_PACK(0,ASN1_F_D2I_X509_VAL,0), "D2I_X509_VAL"}, | 135 | {ERR_PACK(0,ASN1_F_LONG_C2I,0), "LONG_C2I"}, |
| 142 | {ERR_PACK(0,ASN1_F_I2D_ASN1_HEADER,0), "i2d_ASN1_HEADER"}, | 136 | {ERR_PACK(0,ASN1_F_OID_MODULE_INIT,0), "OID_MODULE_INIT"}, |
| 143 | {ERR_PACK(0,ASN1_F_I2D_DHPARAMS,0), "I2D_DHPARAMS"}, | 137 | {ERR_PACK(0,ASN1_F_PKCS5_PBE2_SET,0), "PKCS5_pbe2_set"}, |
| 144 | {ERR_PACK(0,ASN1_F_I2D_DSAPARAMS,0), "I2D_DSAPARAMS"}, | ||
| 145 | {ERR_PACK(0,ASN1_F_I2D_DSAPRIVATEKEY,0), "I2D_DSAPRIVATEKEY"}, | ||
| 146 | {ERR_PACK(0,ASN1_F_I2D_DSAPUBLICKEY,0), "I2D_DSAPUBLICKEY"}, | ||
| 147 | {ERR_PACK(0,ASN1_F_I2D_NETSCAPE_RSA,0), "I2D_NETSCAPE_RSA"}, | ||
| 148 | {ERR_PACK(0,ASN1_F_I2D_PKCS7,0), "I2D_PKCS7"}, | ||
| 149 | {ERR_PACK(0,ASN1_F_I2D_PRIVATEKEY,0), "I2D_PRIVATEKEY"}, | ||
| 150 | {ERR_PACK(0,ASN1_F_I2D_PUBLICKEY,0), "I2D_PUBLICKEY"}, | ||
| 151 | {ERR_PACK(0,ASN1_F_I2D_RSAPRIVATEKEY,0), "I2D_RSAPRIVATEKEY"}, | ||
| 152 | {ERR_PACK(0,ASN1_F_I2D_RSAPUBLICKEY,0), "I2D_RSAPUBLICKEY"}, | ||
| 153 | {ERR_PACK(0,ASN1_F_I2D_X509_ATTRIBUTE,0), "I2D_X509_ATTRIBUTE"}, | ||
| 154 | {ERR_PACK(0,ASN1_F_I2T_ASN1_OBJECT,0), "i2t_ASN1_OBJECT"}, | ||
| 155 | {ERR_PACK(0,ASN1_F_NETSCAPE_PKEY_NEW,0), "NETSCAPE_PKEY_NEW"}, | ||
| 156 | {ERR_PACK(0,ASN1_F_NETSCAPE_SPKAC_NEW,0), "NETSCAPE_SPKAC_NEW"}, | ||
| 157 | {ERR_PACK(0,ASN1_F_NETSCAPE_SPKI_NEW,0), "NETSCAPE_SPKI_NEW"}, | ||
| 158 | {ERR_PACK(0,ASN1_F_PKCS7_DIGEST_NEW,0), "PKCS7_DIGEST_NEW"}, | ||
| 159 | {ERR_PACK(0,ASN1_F_PKCS7_ENCRYPT_NEW,0), "PKCS7_ENCRYPT_NEW"}, | ||
| 160 | {ERR_PACK(0,ASN1_F_PKCS7_ENC_CONTENT_NEW,0), "PKCS7_ENC_CONTENT_NEW"}, | ||
| 161 | {ERR_PACK(0,ASN1_F_PKCS7_ENVELOPE_NEW,0), "PKCS7_ENVELOPE_NEW"}, | ||
| 162 | {ERR_PACK(0,ASN1_F_PKCS7_ISSUER_AND_SERIAL_NEW,0), "PKCS7_ISSUER_AND_SERIAL_NEW"}, | ||
| 163 | {ERR_PACK(0,ASN1_F_PKCS7_NEW,0), "PKCS7_NEW"}, | ||
| 164 | {ERR_PACK(0,ASN1_F_PKCS7_RECIP_INFO_NEW,0), "PKCS7_RECIP_INFO_NEW"}, | ||
| 165 | {ERR_PACK(0,ASN1_F_PKCS7_SIGNED_NEW,0), "PKCS7_SIGNED_NEW"}, | ||
| 166 | {ERR_PACK(0,ASN1_F_PKCS7_SIGNER_INFO_NEW,0), "PKCS7_SIGNER_INFO_NEW"}, | ||
| 167 | {ERR_PACK(0,ASN1_F_PKCS7_SIGN_ENVELOPE_NEW,0), "PKCS7_SIGN_ENVELOPE_NEW"}, | ||
| 168 | {ERR_PACK(0,ASN1_F_X509_ALGOR_NEW,0), "X509_ALGOR_NEW"}, | ||
| 169 | {ERR_PACK(0,ASN1_F_X509_ATTRIBUTE_NEW,0), "X509_ATTRIBUTE_NEW"}, | ||
| 170 | {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, | 138 | {ERR_PACK(0,ASN1_F_X509_CINF_NEW,0), "X509_CINF_NEW"}, |
| 171 | {ERR_PACK(0,ASN1_F_X509_CRL_INFO_NEW,0), "X509_CRL_INFO_NEW"}, | 139 | {ERR_PACK(0,ASN1_F_X509_CRL_ADD0_REVOKED,0), "X509_CRL_add0_revoked"}, |
| 172 | {ERR_PACK(0,ASN1_F_X509_CRL_NEW,0), "X509_CRL_NEW"}, | 140 | {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_new"}, |
| 173 | {ERR_PACK(0,ASN1_F_X509_DHPARAMS_NEW,0), "X509_DHPARAMS_NEW"}, | ||
| 174 | {ERR_PACK(0,ASN1_F_X509_EXTENSION_NEW,0), "X509_EXTENSION_NEW"}, | ||
| 175 | {ERR_PACK(0,ASN1_F_X509_INFO_NEW,0), "X509_INFO_NEW"}, | ||
| 176 | {ERR_PACK(0,ASN1_F_X509_KEY_NEW,0), "X509_KEY_NEW"}, | ||
| 177 | {ERR_PACK(0,ASN1_F_X509_NAME_ENTRY_NEW,0), "X509_NAME_ENTRY_NEW"}, | ||
| 178 | {ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, | 141 | {ERR_PACK(0,ASN1_F_X509_NAME_NEW,0), "X509_NAME_NEW"}, |
| 179 | {ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, | 142 | {ERR_PACK(0,ASN1_F_X509_NEW,0), "X509_NEW"}, |
| 180 | {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_NEW"}, | 143 | {ERR_PACK(0,ASN1_F_X509_PKEY_NEW,0), "X509_PKEY_new"}, |
| 181 | {ERR_PACK(0,ASN1_F_X509_PUBKEY_NEW,0), "X509_PUBKEY_NEW"}, | 144 | {0,NULL} |
| 182 | {ERR_PACK(0,ASN1_F_X509_REQ_INFO_NEW,0), "X509_REQ_INFO_NEW"}, | ||
| 183 | {ERR_PACK(0,ASN1_F_X509_REQ_NEW,0), "X509_REQ_NEW"}, | ||
| 184 | {ERR_PACK(0,ASN1_F_X509_REVOKED_NEW,0), "X509_REVOKED_NEW"}, | ||
| 185 | {ERR_PACK(0,ASN1_F_X509_SIG_NEW,0), "X509_SIG_NEW"}, | ||
| 186 | {ERR_PACK(0,ASN1_F_X509_VAL_FREE,0), "X509_VAL_FREE"}, | ||
| 187 | {ERR_PACK(0,ASN1_F_X509_VAL_NEW,0), "X509_VAL_NEW"}, | ||
| 188 | {0,NULL}, | ||
| 189 | }; | 145 | }; |
| 190 | 146 | ||
| 191 | static ERR_STRING_DATA ASN1_str_reasons[]= | 147 | static ERR_STRING_DATA ASN1_str_reasons[]= |
| 192 | { | 148 | { |
| 149 | {ASN1_R_ADDING_OBJECT ,"adding object"}, | ||
| 150 | {ASN1_R_AUX_ERROR ,"aux error"}, | ||
| 193 | {ASN1_R_BAD_CLASS ,"bad class"}, | 151 | {ASN1_R_BAD_CLASS ,"bad class"}, |
| 194 | {ASN1_R_BAD_GET_OBJECT ,"bad get object"}, | ||
| 195 | {ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, | 152 | {ASN1_R_BAD_OBJECT_HEADER ,"bad object header"}, |
| 196 | {ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, | 153 | {ASN1_R_BAD_PASSWORD_READ ,"bad password read"}, |
| 197 | {ASN1_R_BAD_PKCS7_CONTENT ,"bad pkcs7 content"}, | ||
| 198 | {ASN1_R_BAD_PKCS7_TYPE ,"bad pkcs7 type"}, | ||
| 199 | {ASN1_R_BAD_TAG ,"bad tag"}, | 154 | {ASN1_R_BAD_TAG ,"bad tag"}, |
| 200 | {ASN1_R_BAD_TYPE ,"bad type"}, | ||
| 201 | {ASN1_R_BN_LIB ,"bn lib"}, | 155 | {ASN1_R_BN_LIB ,"bn lib"}, |
| 202 | {ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, | 156 | {ASN1_R_BOOLEAN_IS_WRONG_LENGTH ,"boolean is wrong length"}, |
| 203 | {ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, | 157 | {ASN1_R_BUFFER_TOO_SMALL ,"buffer too small"}, |
| 158 | {ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, | ||
| 204 | {ASN1_R_DATA_IS_WRONG ,"data is wrong"}, | 159 | {ASN1_R_DATA_IS_WRONG ,"data is wrong"}, |
| 160 | {ASN1_R_DECODE_ERROR ,"decode error"}, | ||
| 205 | {ASN1_R_DECODING_ERROR ,"decoding error"}, | 161 | {ASN1_R_DECODING_ERROR ,"decoding error"}, |
| 206 | {ASN1_R_ERROR_STACK ,"error stack"}, | 162 | {ASN1_R_ENCODE_ERROR ,"encode error"}, |
| 163 | {ASN1_R_ERROR_LOADING_SECTION ,"error loading section"}, | ||
| 164 | {ASN1_R_ERROR_PARSING_SET_ELEMENT ,"error parsing set element"}, | ||
| 165 | {ASN1_R_ERROR_SETTING_CIPHER_PARAMS ,"error setting cipher params"}, | ||
| 207 | {ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, | 166 | {ASN1_R_EXPECTING_AN_INTEGER ,"expecting an integer"}, |
| 208 | {ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, | 167 | {ASN1_R_EXPECTING_AN_OBJECT ,"expecting an object"}, |
| 209 | {ASN1_R_EXPECTING_AN_OCTET_STRING ,"expecting an octet string"}, | ||
| 210 | {ASN1_R_EXPECTING_A_BIT_STRING ,"expecting a bit string"}, | ||
| 211 | {ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, | 168 | {ASN1_R_EXPECTING_A_BOOLEAN ,"expecting a boolean"}, |
| 212 | {ASN1_R_EXPECTING_A_SEQUENCE ,"expecting a sequence"}, | 169 | {ASN1_R_EXPECTING_A_TIME ,"expecting a time"}, |
| 213 | {ASN1_R_EXPECTING_A_UTCTIME ,"expecting a utctime"}, | 170 | {ASN1_R_EXPLICIT_LENGTH_MISMATCH ,"explicit length mismatch"}, |
| 171 | {ASN1_R_EXPLICIT_TAG_NOT_CONSTRUCTED ,"explicit tag not constructed"}, | ||
| 172 | {ASN1_R_FIELD_MISSING ,"field missing"}, | ||
| 214 | {ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, | 173 | {ASN1_R_FIRST_NUM_TOO_LARGE ,"first num too large"}, |
| 215 | {ASN1_R_HEADER_TOO_LONG ,"header too long"}, | 174 | {ASN1_R_HEADER_TOO_LONG ,"header too long"}, |
| 175 | {ASN1_R_ILLEGAL_CHARACTERS ,"illegal characters"}, | ||
| 176 | {ASN1_R_ILLEGAL_NULL ,"illegal null"}, | ||
| 177 | {ASN1_R_ILLEGAL_OPTIONAL_ANY ,"illegal optional any"}, | ||
| 178 | {ASN1_R_ILLEGAL_OPTIONS_ON_ITEM_TEMPLATE ,"illegal options on item template"}, | ||
| 179 | {ASN1_R_ILLEGAL_TAGGED_ANY ,"illegal tagged any"}, | ||
| 180 | {ASN1_R_INTEGER_TOO_LARGE_FOR_LONG ,"integer too large for long"}, | ||
| 181 | {ASN1_R_INVALID_BMPSTRING_LENGTH ,"invalid bmpstring length"}, | ||
| 216 | {ASN1_R_INVALID_DIGIT ,"invalid digit"}, | 182 | {ASN1_R_INVALID_DIGIT ,"invalid digit"}, |
| 217 | {ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, | 183 | {ASN1_R_INVALID_SEPARATOR ,"invalid separator"}, |
| 218 | {ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, | 184 | {ASN1_R_INVALID_TIME_FORMAT ,"invalid time format"}, |
| 185 | {ASN1_R_INVALID_UNIVERSALSTRING_LENGTH ,"invalid universalstring length"}, | ||
| 186 | {ASN1_R_INVALID_UTF8STRING ,"invalid utf8string"}, | ||
| 219 | {ASN1_R_IV_TOO_LARGE ,"iv too large"}, | 187 | {ASN1_R_IV_TOO_LARGE ,"iv too large"}, |
| 220 | {ASN1_R_LENGTH_ERROR ,"length error"}, | 188 | {ASN1_R_LENGTH_ERROR ,"length error"}, |
| 221 | {ASN1_R_LENGTH_MISMATCH ,"length mismatch"}, | 189 | {ASN1_R_MISSING_EOC ,"missing eoc"}, |
| 222 | {ASN1_R_MISSING_EOS ,"missing eos"}, | ||
| 223 | {ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, | 190 | {ASN1_R_MISSING_SECOND_NUMBER ,"missing second number"}, |
| 191 | {ASN1_R_MSTRING_NOT_UNIVERSAL ,"mstring not universal"}, | ||
| 192 | {ASN1_R_MSTRING_WRONG_TAG ,"mstring wrong tag"}, | ||
| 224 | {ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, | 193 | {ASN1_R_NON_HEX_CHARACTERS ,"non hex characters"}, |
| 225 | {ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, | 194 | {ASN1_R_NOT_ENOUGH_DATA ,"not enough data"}, |
| 195 | {ASN1_R_NO_MATCHING_CHOICE_TYPE ,"no matching choice type"}, | ||
| 196 | {ASN1_R_NULL_IS_WRONG_LENGTH ,"null is wrong length"}, | ||
| 226 | {ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, | 197 | {ASN1_R_ODD_NUMBER_OF_CHARS ,"odd number of chars"}, |
| 227 | {ASN1_R_PARSING ,"parsing"}, | ||
| 228 | {ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, | 198 | {ASN1_R_PRIVATE_KEY_HEADER_MISSING ,"private key header missing"}, |
| 229 | {ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, | 199 | {ASN1_R_SECOND_NUMBER_TOO_LARGE ,"second number too large"}, |
| 200 | {ASN1_R_SEQUENCE_LENGTH_MISMATCH ,"sequence length mismatch"}, | ||
| 201 | {ASN1_R_SEQUENCE_NOT_CONSTRUCTED ,"sequence not constructed"}, | ||
| 230 | {ASN1_R_SHORT_LINE ,"short line"}, | 202 | {ASN1_R_SHORT_LINE ,"short line"}, |
| 203 | {ASN1_R_STRING_TOO_LONG ,"string too long"}, | ||
| 231 | {ASN1_R_STRING_TOO_SHORT ,"string too short"}, | 204 | {ASN1_R_STRING_TOO_SHORT ,"string too short"}, |
| 232 | {ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, | 205 | {ASN1_R_TAG_VALUE_TOO_HIGH ,"tag value too high"}, |
| 233 | {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, | 206 | {ASN1_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, |
| 234 | {ASN1_R_TOO_LONG ,"too long"}, | 207 | {ASN1_R_TOO_LONG ,"too long"}, |
| 208 | {ASN1_R_TYPE_NOT_CONSTRUCTED ,"type not constructed"}, | ||
| 235 | {ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, | 209 | {ASN1_R_UNABLE_TO_DECODE_RSA_KEY ,"unable to decode rsa key"}, |
| 236 | {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, | 210 | {ASN1_R_UNABLE_TO_DECODE_RSA_PRIVATE_KEY ,"unable to decode rsa private key"}, |
| 237 | {ASN1_R_UNKNOWN_ATTRIBUTE_TYPE ,"unknown attribute type"}, | 211 | {ASN1_R_UNEXPECTED_EOC ,"unexpected eoc"}, |
| 212 | {ASN1_R_UNKNOWN_FORMAT ,"unknown format"}, | ||
| 238 | {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, | 213 | {ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM ,"unknown message digest algorithm"}, |
| 239 | {ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, | 214 | {ASN1_R_UNKNOWN_OBJECT_TYPE ,"unknown object type"}, |
| 240 | {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, | 215 | {ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE ,"unknown public key type"}, |
| 216 | {ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE ,"unsupported any defined by type"}, | ||
| 241 | {ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, | 217 | {ASN1_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, |
| 242 | {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, | 218 | {ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM ,"unsupported encryption algorithm"}, |
| 243 | {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, | 219 | {ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE ,"unsupported public key type"}, |
| 244 | {ASN1_R_UTCTIME_TOO_LONG ,"utctime too long"}, | ||
| 245 | {ASN1_R_WRONG_PRINTABLE_TYPE ,"wrong printable type"}, | ||
| 246 | {ASN1_R_WRONG_TAG ,"wrong tag"}, | 220 | {ASN1_R_WRONG_TAG ,"wrong tag"}, |
| 247 | {ASN1_R_WRONG_TYPE ,"wrong type"}, | 221 | {ASN1_R_WRONG_TYPE ,"wrong type"}, |
| 248 | {0,NULL}, | 222 | {0,NULL} |
| 249 | }; | 223 | }; |
| 250 | 224 | ||
| 251 | #endif | 225 | #endif |
| 252 | 226 | ||
| 253 | void ERR_load_ASN1_strings() | 227 | void ERR_load_ASN1_strings(void) |
| 254 | { | 228 | { |
| 255 | static int init=1; | 229 | static int init=1; |
| 256 | 230 | ||
| 257 | if (init); | 231 | if (init) |
| 258 | {; | 232 | { |
| 259 | init=0; | 233 | init=0; |
| 260 | #ifndef NO_ERR | 234 | #ifndef OPENSSL_NO_ERR |
| 261 | ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); | 235 | ERR_load_strings(ERR_LIB_ASN1,ASN1_str_functs); |
| 262 | ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); | 236 | ERR_load_strings(ERR_LIB_ASN1,ASN1_str_reasons); |
| 263 | #endif | 237 | #endif |
diff --git a/src/lib/libcrypto/asn1/asn1_lib.c b/src/lib/libcrypto/asn1/asn1_lib.c index ff30b25836..830ff2af3c 100644 --- a/src/lib/libcrypto/asn1/asn1_lib.c +++ b/src/lib/libcrypto/asn1/asn1_lib.c | |||
| @@ -58,22 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | #include "asn1_mac.h" | ||
| 63 | 62 | ||
| 64 | #ifndef NOPROTO | ||
| 65 | static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); | 63 | static int asn1_get_length(unsigned char **pp,int *inf,long *rl,int max); |
| 66 | static void asn1_put_length(unsigned char **pp, int length); | 64 | static void asn1_put_length(unsigned char **pp, int length); |
| 67 | #else | 65 | const char *ASN1_version="ASN.1" OPENSSL_VERSION_PTEXT; |
| 68 | static int asn1_get_length(); | ||
| 69 | static void asn1_put_length(); | ||
| 70 | #endif | ||
| 71 | |||
| 72 | char *ASN1_version="ASN1 part of SSLeay 0.9.0b 29-Jun-1998"; | ||
| 73 | 66 | ||
| 74 | int ASN1_check_infinite_end(p,len) | 67 | int ASN1_check_infinite_end(unsigned char **p, long len) |
| 75 | unsigned char **p; | ||
| 76 | long len; | ||
| 77 | { | 68 | { |
| 78 | /* If there is 0 or 1 byte left, the length check should pick | 69 | /* If there is 0 or 1 byte left, the length check should pick |
| 79 | * things up */ | 70 | * things up */ |
| @@ -88,12 +79,8 @@ long len; | |||
| 88 | } | 79 | } |
| 89 | 80 | ||
| 90 | 81 | ||
| 91 | int ASN1_get_object(pp, plength, ptag, pclass, omax) | 82 | int ASN1_get_object(unsigned char **pp, long *plength, int *ptag, int *pclass, |
| 92 | unsigned char **pp; | 83 | long omax) |
| 93 | long *plength; | ||
| 94 | int *ptag; | ||
| 95 | int *pclass; | ||
| 96 | long omax; | ||
| 97 | { | 84 | { |
| 98 | int i,ret; | 85 | int i,ret; |
| 99 | long l; | 86 | long l; |
| @@ -104,8 +91,8 @@ long omax; | |||
| 104 | if (!max) goto err; | 91 | if (!max) goto err; |
| 105 | ret=(*p&V_ASN1_CONSTRUCTED); | 92 | ret=(*p&V_ASN1_CONSTRUCTED); |
| 106 | xclass=(*p&V_ASN1_PRIVATE); | 93 | xclass=(*p&V_ASN1_PRIVATE); |
| 107 | i= *p&V_ASN1_PRIMATIVE_TAG; | 94 | i= *p&V_ASN1_PRIMITIVE_TAG; |
| 108 | if (i == V_ASN1_PRIMATIVE_TAG) | 95 | if (i == V_ASN1_PRIMITIVE_TAG) |
| 109 | { /* high-tag */ | 96 | { /* high-tag */ |
| 110 | p++; | 97 | p++; |
| 111 | if (--max == 0) goto err; | 98 | if (--max == 0) goto err; |
| @@ -130,11 +117,13 @@ long omax; | |||
| 130 | *pclass=xclass; | 117 | *pclass=xclass; |
| 131 | if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; | 118 | if (!asn1_get_length(&p,&inf,plength,(int)max)) goto err; |
| 132 | 119 | ||
| 133 | #ifdef undef | 120 | #if 0 |
| 134 | fprintf(stderr,"p=%d + *plength=%d > omax=%d + *pp=%d (%d > %d)\n", | 121 | fprintf(stderr,"p=%d + *plength=%ld > omax=%ld + *pp=%d (%d > %d)\n", |
| 135 | p,*plength,omax,*pp,(p+ *plength),omax+ *pp); | 122 | (int)p,*plength,omax,(int)*pp,(int)(p+ *plength), |
| 123 | (int)(omax+ *pp)); | ||
| 136 | 124 | ||
| 137 | #endif | 125 | #endif |
| 126 | #if 0 | ||
| 138 | if ((p+ *plength) > (omax+ *pp)) | 127 | if ((p+ *plength) > (omax+ *pp)) |
| 139 | { | 128 | { |
| 140 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); | 129 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_TOO_LONG); |
| @@ -142,18 +131,15 @@ long omax; | |||
| 142 | * the values are set correctly */ | 131 | * the values are set correctly */ |
| 143 | ret|=0x80; | 132 | ret|=0x80; |
| 144 | } | 133 | } |
| 134 | #endif | ||
| 145 | *pp=p; | 135 | *pp=p; |
| 146 | return(ret+inf); | 136 | return(ret|inf); |
| 147 | err: | 137 | err: |
| 148 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); | 138 | ASN1err(ASN1_F_ASN1_GET_OBJECT,ASN1_R_HEADER_TOO_LONG); |
| 149 | return(0x80); | 139 | return(0x80); |
| 150 | } | 140 | } |
| 151 | 141 | ||
| 152 | static int asn1_get_length(pp,inf,rl,max) | 142 | static int asn1_get_length(unsigned char **pp, int *inf, long *rl, int max) |
| 153 | unsigned char **pp; | ||
| 154 | int *inf; | ||
| 155 | long *rl; | ||
| 156 | int max; | ||
| 157 | { | 143 | { |
| 158 | unsigned char *p= *pp; | 144 | unsigned char *p= *pp; |
| 159 | long ret=0; | 145 | long ret=0; |
| @@ -189,30 +175,29 @@ int max; | |||
| 189 | } | 175 | } |
| 190 | 176 | ||
| 191 | /* class 0 is constructed | 177 | /* class 0 is constructed |
| 192 | * constructed == 2 for indefinitle length constructed */ | 178 | * constructed == 2 for indefinite length constructed */ |
| 193 | void ASN1_put_object(pp,constructed,length,tag,xclass) | 179 | void ASN1_put_object(unsigned char **pp, int constructed, int length, int tag, |
| 194 | unsigned char **pp; | 180 | int xclass) |
| 195 | int constructed; | ||
| 196 | int length; | ||
| 197 | int tag; | ||
| 198 | int xclass; | ||
| 199 | { | 181 | { |
| 200 | unsigned char *p= *pp; | 182 | unsigned char *p= *pp; |
| 201 | int i; | 183 | int i, ttag; |
| 202 | 184 | ||
| 203 | i=(constructed)?V_ASN1_CONSTRUCTED:0; | 185 | i=(constructed)?V_ASN1_CONSTRUCTED:0; |
| 204 | i|=(xclass&V_ASN1_PRIVATE); | 186 | i|=(xclass&V_ASN1_PRIVATE); |
| 205 | if (tag < 31) | 187 | if (tag < 31) |
| 206 | *(p++)=i|(tag&V_ASN1_PRIMATIVE_TAG); | 188 | *(p++)=i|(tag&V_ASN1_PRIMITIVE_TAG); |
| 207 | else | 189 | else |
| 208 | { | 190 | { |
| 209 | *(p++)=i|V_ASN1_PRIMATIVE_TAG; | 191 | *(p++)=i|V_ASN1_PRIMITIVE_TAG; |
| 210 | while (tag > 0x7f) | 192 | for(i = 0, ttag = tag; ttag > 0; i++) ttag >>=7; |
| 193 | ttag = i; | ||
| 194 | while(i-- > 0) | ||
| 211 | { | 195 | { |
| 212 | *(p++)=(tag&0x7f)|0x80; | 196 | p[i] = tag & 0x7f; |
| 213 | tag>>=7; | 197 | if(i != (ttag - 1)) p[i] |= 0x80; |
| 198 | tag >>= 7; | ||
| 214 | } | 199 | } |
| 215 | *(p++)=(tag&0x7f); | 200 | p += ttag; |
| 216 | } | 201 | } |
| 217 | if ((constructed == 2) && (length == 0)) | 202 | if ((constructed == 2) && (length == 0)) |
| 218 | *(p++)=0x80; /* der_put_length would output 0 instead */ | 203 | *(p++)=0x80; /* der_put_length would output 0 instead */ |
| @@ -221,9 +206,7 @@ int xclass; | |||
| 221 | *pp=p; | 206 | *pp=p; |
| 222 | } | 207 | } |
| 223 | 208 | ||
| 224 | static void asn1_put_length(pp, length) | 209 | static void asn1_put_length(unsigned char **pp, int length) |
| 225 | unsigned char **pp; | ||
| 226 | int length; | ||
| 227 | { | 210 | { |
| 228 | unsigned char *p= *pp; | 211 | unsigned char *p= *pp; |
| 229 | int i,l; | 212 | int i,l; |
| @@ -246,10 +229,7 @@ int length; | |||
| 246 | *pp=p; | 229 | *pp=p; |
| 247 | } | 230 | } |
| 248 | 231 | ||
| 249 | int ASN1_object_size(constructed, length, tag) | 232 | int ASN1_object_size(int constructed, int length, int tag) |
| 250 | int constructed; | ||
| 251 | int length; | ||
| 252 | int tag; | ||
| 253 | { | 233 | { |
| 254 | int ret; | 234 | int ret; |
| 255 | 235 | ||
| @@ -277,29 +257,26 @@ int tag; | |||
| 277 | return(ret); | 257 | return(ret); |
| 278 | } | 258 | } |
| 279 | 259 | ||
| 280 | int asn1_Finish(c) | 260 | int asn1_Finish(ASN1_CTX *c) |
| 281 | ASN1_CTX *c; | ||
| 282 | { | 261 | { |
| 283 | if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) | 262 | if ((c->inf == (1|V_ASN1_CONSTRUCTED)) && (!c->eos)) |
| 284 | { | 263 | { |
| 285 | if (!ASN1_check_infinite_end(&c->p,c->slen)) | 264 | if (!ASN1_check_infinite_end(&c->p,c->slen)) |
| 286 | { | 265 | { |
| 287 | c->error=ASN1_R_MISSING_EOS; | 266 | c->error=ERR_R_MISSING_ASN1_EOS; |
| 288 | return(0); | 267 | return(0); |
| 289 | } | 268 | } |
| 290 | } | 269 | } |
| 291 | if ( ((c->slen != 0) && !(c->inf & 1)) || | 270 | if ( ((c->slen != 0) && !(c->inf & 1)) || |
| 292 | ((c->slen < 0) && (c->inf & 1))) | 271 | ((c->slen < 0) && (c->inf & 1))) |
| 293 | { | 272 | { |
| 294 | c->error=ASN1_R_LENGTH_MISMATCH; | 273 | c->error=ERR_R_ASN1_LENGTH_MISMATCH; |
| 295 | return(0); | 274 | return(0); |
| 296 | } | 275 | } |
| 297 | return(1); | 276 | return(1); |
| 298 | } | 277 | } |
| 299 | 278 | ||
| 300 | int asn1_GetSequence(c,length) | 279 | int asn1_GetSequence(ASN1_CTX *c, long *length) |
| 301 | ASN1_CTX *c; | ||
| 302 | long *length; | ||
| 303 | { | 280 | { |
| 304 | unsigned char *q; | 281 | unsigned char *q; |
| 305 | 282 | ||
| @@ -308,18 +285,18 @@ long *length; | |||
| 308 | *length); | 285 | *length); |
| 309 | if (c->inf & 0x80) | 286 | if (c->inf & 0x80) |
| 310 | { | 287 | { |
| 311 | c->error=ASN1_R_BAD_GET_OBJECT; | 288 | c->error=ERR_R_BAD_GET_ASN1_OBJECT_CALL; |
| 312 | return(0); | 289 | return(0); |
| 313 | } | 290 | } |
| 314 | if (c->tag != V_ASN1_SEQUENCE) | 291 | if (c->tag != V_ASN1_SEQUENCE) |
| 315 | { | 292 | { |
| 316 | c->error=ASN1_R_EXPECTING_A_SEQUENCE; | 293 | c->error=ERR_R_EXPECTING_AN_ASN1_SEQUENCE; |
| 317 | return(0); | 294 | return(0); |
| 318 | } | 295 | } |
| 319 | (*length)-=(c->p-q); | 296 | (*length)-=(c->p-q); |
| 320 | if (c->max && (*length < 0)) | 297 | if (c->max && (*length < 0)) |
| 321 | { | 298 | { |
| 322 | c->error=ASN1_R_LENGTH_MISMATCH; | 299 | c->error=ERR_R_ASN1_LENGTH_MISMATCH; |
| 323 | return(0); | 300 | return(0); |
| 324 | } | 301 | } |
| 325 | if (c->inf == (1|V_ASN1_CONSTRUCTED)) | 302 | if (c->inf == (1|V_ASN1_CONSTRUCTED)) |
| @@ -328,8 +305,7 @@ long *length; | |||
| 328 | return(1); | 305 | return(1); |
| 329 | } | 306 | } |
| 330 | 307 | ||
| 331 | ASN1_STRING *ASN1_STRING_dup(str) | 308 | ASN1_STRING *ASN1_STRING_dup(ASN1_STRING *str) |
| 332 | ASN1_STRING *str; | ||
| 333 | { | 309 | { |
| 334 | ASN1_STRING *ret; | 310 | ASN1_STRING *ret; |
| 335 | 311 | ||
| @@ -341,34 +317,33 @@ ASN1_STRING *str; | |||
| 341 | ASN1_STRING_free(ret); | 317 | ASN1_STRING_free(ret); |
| 342 | return(NULL); | 318 | return(NULL); |
| 343 | } | 319 | } |
| 320 | ret->flags = str->flags; | ||
| 344 | return(ret); | 321 | return(ret); |
| 345 | } | 322 | } |
| 346 | 323 | ||
| 347 | int ASN1_STRING_set(str,data,len) | 324 | int ASN1_STRING_set(ASN1_STRING *str, const void *_data, int len) |
| 348 | ASN1_STRING *str; | ||
| 349 | unsigned char *data; | ||
| 350 | int len; | ||
| 351 | { | 325 | { |
| 352 | char *c; | 326 | unsigned char *c; |
| 327 | const char *data=_data; | ||
| 353 | 328 | ||
| 354 | if (len < 0) | 329 | if (len < 0) |
| 355 | { | 330 | { |
| 356 | if (data == NULL) | 331 | if (data == NULL) |
| 357 | return(0); | 332 | return(0); |
| 358 | else | 333 | else |
| 359 | len=strlen((char *)data); | 334 | len=strlen(data); |
| 360 | } | 335 | } |
| 361 | if ((str->length < len) || (str->data == NULL)) | 336 | if ((str->length < len) || (str->data == NULL)) |
| 362 | { | 337 | { |
| 363 | c=(char *)str->data; | 338 | c=str->data; |
| 364 | if (c == NULL) | 339 | if (c == NULL) |
| 365 | str->data=(unsigned char *)Malloc(len+1); | 340 | str->data=OPENSSL_malloc(len+1); |
| 366 | else | 341 | else |
| 367 | str->data=(unsigned char *)Realloc(c,len+1); | 342 | str->data=OPENSSL_realloc(c,len+1); |
| 368 | 343 | ||
| 369 | if (str->data == NULL) | 344 | if (str->data == NULL) |
| 370 | { | 345 | { |
| 371 | str->data=(unsigned char *)c; | 346 | str->data=c; |
| 372 | return(0); | 347 | return(0); |
| 373 | } | 348 | } |
| 374 | } | 349 | } |
| @@ -376,24 +351,23 @@ int len; | |||
| 376 | if (data != NULL) | 351 | if (data != NULL) |
| 377 | { | 352 | { |
| 378 | memcpy(str->data,data,len); | 353 | memcpy(str->data,data,len); |
| 379 | /* an alowance for strings :-) */ | 354 | /* an allowance for strings :-) */ |
| 380 | str->data[len]='\0'; | 355 | str->data[len]='\0'; |
| 381 | } | 356 | } |
| 382 | return(1); | 357 | return(1); |
| 383 | } | 358 | } |
| 384 | 359 | ||
| 385 | ASN1_STRING *ASN1_STRING_new() | 360 | ASN1_STRING *ASN1_STRING_new(void) |
| 386 | { | 361 | { |
| 387 | return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); | 362 | return(ASN1_STRING_type_new(V_ASN1_OCTET_STRING)); |
| 388 | } | 363 | } |
| 389 | 364 | ||
| 390 | 365 | ||
| 391 | ASN1_STRING *ASN1_STRING_type_new(type) | 366 | ASN1_STRING *ASN1_STRING_type_new(int type) |
| 392 | int type; | ||
| 393 | { | 367 | { |
| 394 | ASN1_STRING *ret; | 368 | ASN1_STRING *ret; |
| 395 | 369 | ||
| 396 | ret=(ASN1_STRING *)Malloc(sizeof(ASN1_STRING)); | 370 | ret=(ASN1_STRING *)OPENSSL_malloc(sizeof(ASN1_STRING)); |
| 397 | if (ret == NULL) | 371 | if (ret == NULL) |
| 398 | { | 372 | { |
| 399 | ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); | 373 | ASN1err(ASN1_F_ASN1_STRING_TYPE_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -402,19 +376,18 @@ int type; | |||
| 402 | ret->length=0; | 376 | ret->length=0; |
| 403 | ret->type=type; | 377 | ret->type=type; |
| 404 | ret->data=NULL; | 378 | ret->data=NULL; |
| 379 | ret->flags=0; | ||
| 405 | return(ret); | 380 | return(ret); |
| 406 | } | 381 | } |
| 407 | 382 | ||
| 408 | void ASN1_STRING_free(a) | 383 | void ASN1_STRING_free(ASN1_STRING *a) |
| 409 | ASN1_STRING *a; | ||
| 410 | { | 384 | { |
| 411 | if (a == NULL) return; | 385 | if (a == NULL) return; |
| 412 | if (a->data != NULL) Free((char *)a->data); | 386 | if (a->data != NULL) OPENSSL_free(a->data); |
| 413 | Free((char *)a); | 387 | OPENSSL_free(a); |
| 414 | } | 388 | } |
| 415 | 389 | ||
| 416 | int ASN1_STRING_cmp(a,b) | 390 | int ASN1_STRING_cmp(ASN1_STRING *a, ASN1_STRING *b) |
| 417 | ASN1_STRING *a,*b; | ||
| 418 | { | 391 | { |
| 419 | int i; | 392 | int i; |
| 420 | 393 | ||
| @@ -431,9 +404,7 @@ ASN1_STRING *a,*b; | |||
| 431 | return(i); | 404 | return(i); |
| 432 | } | 405 | } |
| 433 | 406 | ||
| 434 | void asn1_add_error(address,offset) | 407 | void asn1_add_error(unsigned char *address, int offset) |
| 435 | unsigned char *address; | ||
| 436 | int offset; | ||
| 437 | { | 408 | { |
| 438 | char buf1[16],buf2[16]; | 409 | char buf1[16],buf2[16]; |
| 439 | 410 | ||
| @@ -442,3 +413,14 @@ int offset; | |||
| 442 | ERR_add_error_data(4,"address=",buf1," offset=",buf2); | 413 | ERR_add_error_data(4,"address=",buf1," offset=",buf2); |
| 443 | } | 414 | } |
| 444 | 415 | ||
| 416 | int ASN1_STRING_length(ASN1_STRING *x) | ||
| 417 | { return M_ASN1_STRING_length(x); } | ||
| 418 | |||
| 419 | void ASN1_STRING_length_set(ASN1_STRING *x, int len) | ||
| 420 | { M_ASN1_STRING_length_set(x, len); return; } | ||
| 421 | |||
| 422 | int ASN1_STRING_type(ASN1_STRING *x) | ||
| 423 | { return M_ASN1_STRING_type(x); } | ||
| 424 | |||
| 425 | unsigned char * ASN1_STRING_data(ASN1_STRING *x) | ||
| 426 | { return M_ASN1_STRING_data(x); } | ||
diff --git a/src/lib/libcrypto/asn1/asn1_mac.h b/src/lib/libcrypto/asn1/asn1_mac.h index 4fba70e4bb..a48649ceeb 100644 --- a/src/lib/libcrypto/asn1/asn1_mac.h +++ b/src/lib/libcrypto/asn1/asn1_mac.h | |||
| @@ -59,52 +59,84 @@ | |||
| 59 | #ifndef HEADER_ASN1_MAC_H | 59 | #ifndef HEADER_ASN1_MAC_H |
| 60 | #define HEADER_ASN1_MAC_H | 60 | #define HEADER_ASN1_MAC_H |
| 61 | 61 | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 66 | #include "asn1.h" | 68 | #ifndef ASN1_MAC_ERR_LIB |
| 67 | #include "x509.h" | 69 | #define ASN1_MAC_ERR_LIB ERR_LIB_ASN1 |
| 68 | #include "pkcs7.h" | 70 | #endif |
| 71 | |||
| 72 | #define ASN1_MAC_H_err(f,r,line) \ | ||
| 73 | ERR_PUT_error(ASN1_MAC_ERR_LIB,(f),(r),__FILE__,(line)) | ||
| 69 | 74 | ||
| 70 | #define M_ASN1_D2I_vars(a,type,func) \ | 75 | #define M_ASN1_D2I_vars(a,type,func) \ |
| 71 | ASN1_CTX c; \ | 76 | ASN1_CTX c; \ |
| 72 | type ret=NULL; \ | 77 | type ret=NULL; \ |
| 73 | \ | 78 | \ |
| 74 | c.pp=pp; \ | 79 | c.pp=(unsigned char **)pp; \ |
| 75 | c.error=ASN1_R_ERROR_STACK; \ | 80 | c.q= *(unsigned char **)pp; \ |
| 81 | c.error=ERR_R_NESTED_ASN1_ERROR; \ | ||
| 76 | if ((a == NULL) || ((*a) == NULL)) \ | 82 | if ((a == NULL) || ((*a) == NULL)) \ |
| 77 | { if ((ret=(type)func()) == NULL) goto err; } \ | 83 | { if ((ret=(type)func()) == NULL) \ |
| 84 | { c.line=__LINE__; goto err; } } \ | ||
| 78 | else ret=(*a); | 85 | else ret=(*a); |
| 79 | 86 | ||
| 80 | #define M_ASN1_D2I_Init() \ | 87 | #define M_ASN1_D2I_Init() \ |
| 81 | c.p= *pp; \ | 88 | c.p= *(unsigned char **)pp; \ |
| 82 | c.max=(length == 0)?0:(c.p+length); | 89 | c.max=(length == 0)?0:(c.p+length); |
| 83 | 90 | ||
| 84 | #define M_ASN1_D2I_Finish_2(a) \ | 91 | #define M_ASN1_D2I_Finish_2(a) \ |
| 85 | if (!asn1_Finish(&c)) goto err; \ | 92 | if (!asn1_Finish(&c)) \ |
| 86 | *pp=c.p; \ | 93 | { c.line=__LINE__; goto err; } \ |
| 94 | *(unsigned char **)pp=c.p; \ | ||
| 87 | if (a != NULL) (*a)=ret; \ | 95 | if (a != NULL) (*a)=ret; \ |
| 88 | return(ret); | 96 | return(ret); |
| 89 | 97 | ||
| 90 | #define M_ASN1_D2I_Finish(a,func,e) \ | 98 | #define M_ASN1_D2I_Finish(a,func,e) \ |
| 91 | M_ASN1_D2I_Finish_2(a); \ | 99 | M_ASN1_D2I_Finish_2(a); \ |
| 92 | err:\ | 100 | err:\ |
| 93 | ASN1err((e),c.error); \ | 101 | ASN1_MAC_H_err((e),c.error,c.line); \ |
| 94 | asn1_add_error(*pp,(int)(c.q- *pp)); \ | 102 | asn1_add_error(*(unsigned char **)pp,(int)(c.q- *pp)); \ |
| 95 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ | 103 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ |
| 96 | return(NULL) | 104 | return(NULL) |
| 97 | 105 | ||
| 98 | #define M_ASN1_D2I_start_sequence() \ | 106 | #define M_ASN1_D2I_start_sequence() \ |
| 99 | if (!asn1_GetSequence(&c,&length)) goto err; | 107 | if (!asn1_GetSequence(&c,&length)) \ |
| 108 | { c.line=__LINE__; goto err; } | ||
| 109 | /* Begin reading ASN1 without a surrounding sequence */ | ||
| 110 | #define M_ASN1_D2I_begin() \ | ||
| 111 | c.slen = length; | ||
| 112 | |||
| 113 | /* End reading ASN1 with no check on length */ | ||
| 114 | #define M_ASN1_D2I_Finish_nolen(a, func, e) \ | ||
| 115 | *pp=c.p; \ | ||
| 116 | if (a != NULL) (*a)=ret; \ | ||
| 117 | return(ret); \ | ||
| 118 | err:\ | ||
| 119 | ASN1_MAC_H_err((e),c.error,c.line); \ | ||
| 120 | asn1_add_error(*pp,(int)(c.q- *pp)); \ | ||
| 121 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) func(ret); \ | ||
| 122 | return(NULL) | ||
| 100 | 123 | ||
| 101 | #define M_ASN1_D2I_end_sequence() \ | 124 | #define M_ASN1_D2I_end_sequence() \ |
| 102 | (((c.inf&1) == 0)?(c.slen <= 0): \ | 125 | (((c.inf&1) == 0)?(c.slen <= 0): \ |
| 103 | (c.eos=ASN1_check_infinite_end(&c.p,c.slen))) | 126 | (c.eos=ASN1_check_infinite_end(&c.p,c.slen))) |
| 104 | 127 | ||
| 128 | /* Don't use this with d2i_ASN1_BOOLEAN() */ | ||
| 105 | #define M_ASN1_D2I_get(b,func) \ | 129 | #define M_ASN1_D2I_get(b,func) \ |
| 106 | c.q=c.p; \ | 130 | c.q=c.p; \ |
| 107 | if (func(&(b),&c.p,c.slen) == NULL) goto err; \ | 131 | if (func(&(b),&c.p,c.slen) == NULL) \ |
| 132 | {c.line=__LINE__; goto err; } \ | ||
| 133 | c.slen-=(c.p-c.q); | ||
| 134 | |||
| 135 | /* use this instead () */ | ||
| 136 | #define M_ASN1_D2I_get_int(b,func) \ | ||
| 137 | c.q=c.p; \ | ||
| 138 | if (func(&(b),&c.p,c.slen) < 0) \ | ||
| 139 | {c.line=__LINE__; goto err; } \ | ||
| 108 | c.slen-=(c.p-c.q); | 140 | c.slen-=(c.p-c.q); |
| 109 | 141 | ||
| 110 | #define M_ASN1_D2I_get_opt(b,func,type) \ | 142 | #define M_ASN1_D2I_get_opt(b,func,type) \ |
| @@ -114,49 +146,118 @@ err:\ | |||
| 114 | M_ASN1_D2I_get(b,func); \ | 146 | M_ASN1_D2I_get(b,func); \ |
| 115 | } | 147 | } |
| 116 | 148 | ||
| 149 | #define M_ASN1_D2I_get_imp(b,func, type) \ | ||
| 150 | M_ASN1_next=(_tmp& V_ASN1_CONSTRUCTED)|type; \ | ||
| 151 | c.q=c.p; \ | ||
| 152 | if (func(&(b),&c.p,c.slen) == NULL) \ | ||
| 153 | {c.line=__LINE__; M_ASN1_next_prev = _tmp; goto err; } \ | ||
| 154 | c.slen-=(c.p-c.q);\ | ||
| 155 | M_ASN1_next_prev=_tmp; | ||
| 156 | |||
| 117 | #define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ | 157 | #define M_ASN1_D2I_get_IMP_opt(b,func,tag,type) \ |
| 118 | if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ | 158 | if ((c.slen != 0) && ((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == \ |
| 119 | (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ | 159 | (V_ASN1_CONTEXT_SPECIFIC|(tag)))) \ |
| 120 | { \ | 160 | { \ |
| 121 | unsigned char tmp; \ | 161 | unsigned char _tmp = M_ASN1_next; \ |
| 122 | tmp=M_ASN1_next; \ | 162 | M_ASN1_D2I_get_imp(b,func, type);\ |
| 123 | M_ASN1_next=(tmp& ~V_ASN1_PRIMATIVE_TAG)|type; \ | ||
| 124 | M_ASN1_D2I_get(b,func); \ | ||
| 125 | M_ASN1_next_prev=tmp; \ | ||
| 126 | } | 163 | } |
| 127 | 164 | ||
| 128 | #define M_ASN1_D2I_get_set(r,func) \ | 165 | #define M_ASN1_D2I_get_set(r,func,free_func) \ |
| 129 | M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SET,V_ASN1_UNIVERSAL); | 166 | M_ASN1_D2I_get_imp_set(r,func,free_func, \ |
| 167 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
| 168 | |||
| 169 | #define M_ASN1_D2I_get_set_type(type,r,func,free_func) \ | ||
| 170 | M_ASN1_D2I_get_imp_set_type(type,r,func,free_func, \ | ||
| 171 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
| 172 | |||
| 173 | #define M_ASN1_D2I_get_set_opt(r,func,free_func) \ | ||
| 174 | if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ | ||
| 175 | V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ | ||
| 176 | { M_ASN1_D2I_get_set(r,func,free_func); } | ||
| 177 | |||
| 178 | #define M_ASN1_D2I_get_set_opt_type(type,r,func,free_func) \ | ||
| 179 | if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ | ||
| 180 | V_ASN1_CONSTRUCTED|V_ASN1_SET)))\ | ||
| 181 | { M_ASN1_D2I_get_set_type(type,r,func,free_func); } | ||
| 182 | |||
| 183 | #define M_ASN1_I2D_len_SET_opt(a,f) \ | ||
| 184 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 185 | M_ASN1_I2D_len_SET(a,f); | ||
| 186 | |||
| 187 | #define M_ASN1_I2D_put_SET_opt(a,f) \ | ||
| 188 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 189 | M_ASN1_I2D_put_SET(a,f); | ||
| 190 | |||
| 191 | #define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ | ||
| 192 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 193 | M_ASN1_I2D_put_SEQUENCE(a,f); | ||
| 130 | 194 | ||
| 131 | #define M_ASN1_D2I_get_IMP_set_opt(b,func,tag) \ | 195 | #define M_ASN1_I2D_put_SEQUENCE_opt_type(type,a,f) \ |
| 196 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 197 | M_ASN1_I2D_put_SEQUENCE_type(type,a,f); | ||
| 198 | |||
| 199 | #define M_ASN1_D2I_get_IMP_set_opt(b,func,free_func,tag) \ | ||
| 132 | if ((c.slen != 0) && \ | 200 | if ((c.slen != 0) && \ |
| 133 | (M_ASN1_next == \ | 201 | (M_ASN1_next == \ |
| 134 | (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ | 202 | (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ |
| 135 | { \ | 203 | { \ |
| 136 | M_ASN1_D2I_get_imp_set(b,func,tag,V_ASN1_CONTEXT_SPECIFIC); \ | 204 | M_ASN1_D2I_get_imp_set(b,func,free_func,\ |
| 205 | tag,V_ASN1_CONTEXT_SPECIFIC); \ | ||
| 137 | } | 206 | } |
| 138 | 207 | ||
| 139 | #define M_ASN1_D2I_get_seq(r,func) \ | 208 | #define M_ASN1_D2I_get_IMP_set_opt_type(type,b,func,free_func,tag) \ |
| 140 | M_ASN1_D2I_get_imp_set(r,func,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | 209 | if ((c.slen != 0) && \ |
| 210 | (M_ASN1_next == \ | ||
| 211 | (V_ASN1_CONTEXT_SPECIFIC|V_ASN1_CONSTRUCTED|(tag))))\ | ||
| 212 | { \ | ||
| 213 | M_ASN1_D2I_get_imp_set_type(type,b,func,free_func,\ | ||
| 214 | tag,V_ASN1_CONTEXT_SPECIFIC); \ | ||
| 215 | } | ||
| 216 | |||
| 217 | #define M_ASN1_D2I_get_seq(r,func,free_func) \ | ||
| 218 | M_ASN1_D2I_get_imp_set(r,func,free_func,\ | ||
| 219 | V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | ||
| 220 | |||
| 221 | #define M_ASN1_D2I_get_seq_type(type,r,func,free_func) \ | ||
| 222 | M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ | ||
| 223 | V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL) | ||
| 141 | 224 | ||
| 142 | #define M_ASN1_D2I_get_seq_opt(r,func) \ | 225 | #define M_ASN1_D2I_get_seq_opt(r,func,free_func) \ |
| 143 | if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ | 226 | if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ |
| 144 | V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ | 227 | V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ |
| 145 | { M_ASN1_D2I_get_seq(r,func); } | 228 | { M_ASN1_D2I_get_seq(r,func,free_func); } |
| 146 | 229 | ||
| 147 | #define M_ASN1_D2I_get_IMP_set(r,func,x) \ | 230 | #define M_ASN1_D2I_get_seq_opt_type(type,r,func,free_func) \ |
| 148 | M_ASN1_D2I_get_imp_set(r,func,x,V_ASN1_CONTEXT_SPECIFIC); | 231 | if ((c.slen != 0) && (M_ASN1_next == (V_ASN1_UNIVERSAL| \ |
| 232 | V_ASN1_CONSTRUCTED|V_ASN1_SEQUENCE)))\ | ||
| 233 | { M_ASN1_D2I_get_seq_type(type,r,func,free_func); } | ||
| 234 | |||
| 235 | #define M_ASN1_D2I_get_IMP_set(r,func,free_func,x) \ | ||
| 236 | M_ASN1_D2I_get_imp_set(r,func,free_func,\ | ||
| 237 | x,V_ASN1_CONTEXT_SPECIFIC); | ||
| 238 | |||
| 239 | #define M_ASN1_D2I_get_IMP_set_type(type,r,func,free_func,x) \ | ||
| 240 | M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,\ | ||
| 241 | x,V_ASN1_CONTEXT_SPECIFIC); | ||
| 242 | |||
| 243 | #define M_ASN1_D2I_get_imp_set(r,func,free_func,a,b) \ | ||
| 244 | c.q=c.p; \ | ||
| 245 | if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,\ | ||
| 246 | (void (*)())free_func,a,b) == NULL) \ | ||
| 247 | { c.line=__LINE__; goto err; } \ | ||
| 248 | c.slen-=(c.p-c.q); | ||
| 149 | 249 | ||
| 150 | #define M_ASN1_D2I_get_imp_set(r,func,a,b) \ | 250 | #define M_ASN1_D2I_get_imp_set_type(type,r,func,free_func,a,b) \ |
| 151 | c.q=c.p; \ | 251 | c.q=c.p; \ |
| 152 | if (d2i_ASN1_SET(&(r),&c.p,c.slen,(char *(*)())func,a,b) == NULL) \ | 252 | if (d2i_ASN1_SET_OF_##type(&(r),&c.p,c.slen,func,\ |
| 153 | goto err; \ | 253 | free_func,a,b) == NULL) \ |
| 254 | { c.line=__LINE__; goto err; } \ | ||
| 154 | c.slen-=(c.p-c.q); | 255 | c.slen-=(c.p-c.q); |
| 155 | 256 | ||
| 156 | #define M_ASN1_D2I_get_set_strings(r,func,a,b) \ | 257 | #define M_ASN1_D2I_get_set_strings(r,func,a,b) \ |
| 157 | c.q=c.p; \ | 258 | c.q=c.p; \ |
| 158 | if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ | 259 | if (d2i_ASN1_STRING_SET(&(r),&c.p,c.slen,a,b) == NULL) \ |
| 159 | goto err; \ | 260 | { c.line=__LINE__; goto err; } \ |
| 160 | c.slen-=(c.p-c.q); | 261 | c.slen-=(c.p-c.q); |
| 161 | 262 | ||
| 162 | #define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ | 263 | #define M_ASN1_D2I_get_EXP_opt(r,func,tag) \ |
| @@ -169,13 +270,22 @@ err:\ | |||
| 169 | c.q=c.p; \ | 270 | c.q=c.p; \ |
| 170 | Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ | 271 | Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ |
| 171 | if (Tinf & 0x80) \ | 272 | if (Tinf & 0x80) \ |
| 172 | { c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \ | 273 | { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ |
| 274 | c.line=__LINE__; goto err; } \ | ||
| 275 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ | ||
| 276 | Tlen = c.slen - (c.p - c.q) - 2; \ | ||
| 173 | if (func(&(r),&c.p,Tlen) == NULL) \ | 277 | if (func(&(r),&c.p,Tlen) == NULL) \ |
| 174 | goto err; \ | 278 | { c.line=__LINE__; goto err; } \ |
| 279 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ | ||
| 280 | Tlen = c.slen - (c.p - c.q); \ | ||
| 281 | if(!ASN1_check_infinite_end(&c.p, Tlen)) \ | ||
| 282 | { c.error=ERR_R_MISSING_ASN1_EOS; \ | ||
| 283 | c.line=__LINE__; goto err; } \ | ||
| 284 | }\ | ||
| 175 | c.slen-=(c.p-c.q); \ | 285 | c.slen-=(c.p-c.q); \ |
| 176 | } | 286 | } |
| 177 | 287 | ||
| 178 | #define M_ASN1_D2I_get_EXP_set_opt(r,func,tag,b) \ | 288 | #define M_ASN1_D2I_get_EXP_set_opt(r,func,free_func,tag,b) \ |
| 179 | if ((c.slen != 0) && (M_ASN1_next == \ | 289 | if ((c.slen != 0) && (M_ASN1_next == \ |
| 180 | (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ | 290 | (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ |
| 181 | { \ | 291 | { \ |
| @@ -185,24 +295,61 @@ err:\ | |||
| 185 | c.q=c.p; \ | 295 | c.q=c.p; \ |
| 186 | Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ | 296 | Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ |
| 187 | if (Tinf & 0x80) \ | 297 | if (Tinf & 0x80) \ |
| 188 | { c.error=ASN1_R_BAD_OBJECT_HEADER; goto err; } \ | 298 | { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ |
| 299 | c.line=__LINE__; goto err; } \ | ||
| 300 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ | ||
| 301 | Tlen = c.slen - (c.p - c.q) - 2; \ | ||
| 189 | if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ | 302 | if (d2i_ASN1_SET(&(r),&c.p,Tlen,(char *(*)())func, \ |
| 303 | (void (*)())free_func, \ | ||
| 190 | b,V_ASN1_UNIVERSAL) == NULL) \ | 304 | b,V_ASN1_UNIVERSAL) == NULL) \ |
| 191 | goto err; \ | 305 | { c.line=__LINE__; goto err; } \ |
| 306 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ | ||
| 307 | Tlen = c.slen - (c.p - c.q); \ | ||
| 308 | if(!ASN1_check_infinite_end(&c.p, Tlen)) \ | ||
| 309 | { c.error=ERR_R_MISSING_ASN1_EOS; \ | ||
| 310 | c.line=__LINE__; goto err; } \ | ||
| 311 | }\ | ||
| 312 | c.slen-=(c.p-c.q); \ | ||
| 313 | } | ||
| 314 | |||
| 315 | #define M_ASN1_D2I_get_EXP_set_opt_type(type,r,func,free_func,tag,b) \ | ||
| 316 | if ((c.slen != 0) && (M_ASN1_next == \ | ||
| 317 | (V_ASN1_CONSTRUCTED|V_ASN1_CONTEXT_SPECIFIC|tag))) \ | ||
| 318 | { \ | ||
| 319 | int Tinf,Ttag,Tclass; \ | ||
| 320 | long Tlen; \ | ||
| 321 | \ | ||
| 322 | c.q=c.p; \ | ||
| 323 | Tinf=ASN1_get_object(&c.p,&Tlen,&Ttag,&Tclass,c.slen); \ | ||
| 324 | if (Tinf & 0x80) \ | ||
| 325 | { c.error=ERR_R_BAD_ASN1_OBJECT_HEADER; \ | ||
| 326 | c.line=__LINE__; goto err; } \ | ||
| 327 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) \ | ||
| 328 | Tlen = c.slen - (c.p - c.q) - 2; \ | ||
| 329 | if (d2i_ASN1_SET_OF_##type(&(r),&c.p,Tlen,func, \ | ||
| 330 | free_func,b,V_ASN1_UNIVERSAL) == NULL) \ | ||
| 331 | { c.line=__LINE__; goto err; } \ | ||
| 332 | if (Tinf == (V_ASN1_CONSTRUCTED+1)) { \ | ||
| 333 | Tlen = c.slen - (c.p - c.q); \ | ||
| 334 | if(!ASN1_check_infinite_end(&c.p, Tlen)) \ | ||
| 335 | { c.error=ERR_R_MISSING_ASN1_EOS; \ | ||
| 336 | c.line=__LINE__; goto err; } \ | ||
| 337 | }\ | ||
| 192 | c.slen-=(c.p-c.q); \ | 338 | c.slen-=(c.p-c.q); \ |
| 193 | } | 339 | } |
| 194 | 340 | ||
| 195 | /* New macros */ | 341 | /* New macros */ |
| 196 | #define M_ASN1_New_Malloc(ret,type) \ | 342 | #define M_ASN1_New_Malloc(ret,type) \ |
| 197 | if ((ret=(type *)Malloc(sizeof(type))) == NULL) goto err2; | 343 | if ((ret=(type *)OPENSSL_malloc(sizeof(type))) == NULL) \ |
| 344 | { c.line=__LINE__; goto err2; } | ||
| 198 | 345 | ||
| 199 | #define M_ASN1_New(arg,func) \ | 346 | #define M_ASN1_New(arg,func) \ |
| 200 | if (((arg)=func()) == NULL) return(NULL) | 347 | if (((arg)=func()) == NULL) return(NULL) |
| 201 | 348 | ||
| 202 | #define M_ASN1_New_Error(a) \ | 349 | #define M_ASN1_New_Error(a) \ |
| 203 | /* err: ASN1err((a),ASN1_R_ERROR_STACK); \ | 350 | /* err: ASN1_MAC_H_err((a),ERR_R_NESTED_ASN1_ERROR,c.line); \ |
| 204 | return(NULL);*/ \ | 351 | return(NULL);*/ \ |
| 205 | err2: ASN1err((a),ERR_R_MALLOC_FAILURE); \ | 352 | err2: ASN1_MAC_H_err((a),ERR_R_MALLOC_FAILURE,c.line); \ |
| 206 | return(NULL) | 353 | return(NULL) |
| 207 | 354 | ||
| 208 | 355 | ||
| @@ -220,21 +367,59 @@ err:\ | |||
| 220 | #define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) | 367 | #define M_ASN1_I2D_len_IMP_opt(a,f) if (a != NULL) M_ASN1_I2D_len(a,f) |
| 221 | 368 | ||
| 222 | #define M_ASN1_I2D_len_SET(a,f) \ | 369 | #define M_ASN1_I2D_len_SET(a,f) \ |
| 223 | ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL); | 370 | ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET); |
| 371 | |||
| 372 | #define M_ASN1_I2D_len_SET_type(type,a,f) \ | ||
| 373 | ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SET, \ | ||
| 374 | V_ASN1_UNIVERSAL,IS_SET); | ||
| 375 | |||
| 376 | #define M_ASN1_I2D_len_SEQUENCE(a,f) \ | ||
| 377 | ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ | ||
| 378 | IS_SEQUENCE); | ||
| 224 | 379 | ||
| 225 | #define M_ASN1_I2D_len_SEQ(a,f) \ | 380 | #define M_ASN1_I2D_len_SEQUENCE_type(type,a,f) \ |
| 226 | ret+=i2d_ASN1_SET(a,NULL,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | 381 | ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,V_ASN1_SEQUENCE, \ |
| 382 | V_ASN1_UNIVERSAL,IS_SEQUENCE) | ||
| 227 | 383 | ||
| 228 | #define M_ASN1_I2D_len_SEQ_opt(a,f) \ | 384 | #define M_ASN1_I2D_len_SEQUENCE_opt(a,f) \ |
| 229 | if ((a != NULL) && (sk_num(a) != 0)) \ | 385 | if ((a != NULL) && (sk_num(a) != 0)) \ |
| 230 | M_ASN1_I2D_len_SEQ(a,f); | 386 | M_ASN1_I2D_len_SEQUENCE(a,f); |
| 231 | 387 | ||
| 232 | #define M_ASN1_I2D_len_IMP_set(a,f,x) \ | 388 | #define M_ASN1_I2D_len_SEQUENCE_opt_type(type,a,f) \ |
| 233 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC); | 389 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ |
| 390 | M_ASN1_I2D_len_SEQUENCE_type(type,a,f); | ||
| 234 | 391 | ||
| 235 | #define M_ASN1_I2D_len_IMP_set_opt(a,f,x) \ | 392 | #define M_ASN1_I2D_len_IMP_SET(a,f,x) \ |
| 393 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET); | ||
| 394 | |||
| 395 | #define M_ASN1_I2D_len_IMP_SET_type(type,a,f,x) \ | ||
| 396 | ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ | ||
| 397 | V_ASN1_CONTEXT_SPECIFIC,IS_SET); | ||
| 398 | |||
| 399 | #define M_ASN1_I2D_len_IMP_SET_opt(a,f,x) \ | ||
| 400 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 401 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ | ||
| 402 | IS_SET); | ||
| 403 | |||
| 404 | #define M_ASN1_I2D_len_IMP_SET_opt_type(type,a,f,x) \ | ||
| 405 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 406 | ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ | ||
| 407 | V_ASN1_CONTEXT_SPECIFIC,IS_SET); | ||
| 408 | |||
| 409 | #define M_ASN1_I2D_len_IMP_SEQUENCE(a,f,x) \ | ||
| 410 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ | ||
| 411 | IS_SEQUENCE); | ||
| 412 | |||
| 413 | #define M_ASN1_I2D_len_IMP_SEQUENCE_opt(a,f,x) \ | ||
| 236 | if ((a != NULL) && (sk_num(a) != 0)) \ | 414 | if ((a != NULL) && (sk_num(a) != 0)) \ |
| 237 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC); | 415 | ret+=i2d_ASN1_SET(a,NULL,f,x,V_ASN1_CONTEXT_SPECIFIC, \ |
| 416 | IS_SEQUENCE); | ||
| 417 | |||
| 418 | #define M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(type,a,f,x) \ | ||
| 419 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 420 | ret+=i2d_ASN1_SET_OF_##type(a,NULL,f,x, \ | ||
| 421 | V_ASN1_CONTEXT_SPECIFIC, \ | ||
| 422 | IS_SEQUENCE); | ||
| 238 | 423 | ||
| 239 | #define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ | 424 | #define M_ASN1_I2D_len_EXP_opt(a,f,mtag,v) \ |
| 240 | if (a != NULL)\ | 425 | if (a != NULL)\ |
| @@ -243,10 +428,27 @@ err:\ | |||
| 243 | ret+=ASN1_object_size(1,v,mtag); \ | 428 | ret+=ASN1_object_size(1,v,mtag); \ |
| 244 | } | 429 | } |
| 245 | 430 | ||
| 246 | #define M_ASN1_I2D_len_EXP_set_opt(a,f,mtag,tag,v) \ | 431 | #define M_ASN1_I2D_len_EXP_SET_opt(a,f,mtag,tag,v) \ |
| 432 | if ((a != NULL) && (sk_num(a) != 0))\ | ||
| 433 | { \ | ||
| 434 | v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ | ||
| 435 | ret+=ASN1_object_size(1,v,mtag); \ | ||
| 436 | } | ||
| 437 | |||
| 438 | #define M_ASN1_I2D_len_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ | ||
| 247 | if ((a != NULL) && (sk_num(a) != 0))\ | 439 | if ((a != NULL) && (sk_num(a) != 0))\ |
| 248 | { \ | 440 | { \ |
| 249 | v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL); \ | 441 | v=i2d_ASN1_SET(a,NULL,f,tag,V_ASN1_UNIVERSAL, \ |
| 442 | IS_SEQUENCE); \ | ||
| 443 | ret+=ASN1_object_size(1,v,mtag); \ | ||
| 444 | } | ||
| 445 | |||
| 446 | #define M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ | ||
| 447 | if ((a != NULL) && (sk_##type##_num(a) != 0))\ | ||
| 448 | { \ | ||
| 449 | v=i2d_ASN1_SET_OF_##type(a,NULL,f,tag, \ | ||
| 450 | V_ASN1_UNIVERSAL, \ | ||
| 451 | IS_SEQUENCE); \ | ||
| 250 | ret+=ASN1_object_size(1,v,mtag); \ | 452 | ret+=ASN1_object_size(1,v,mtag); \ |
| 251 | } | 453 | } |
| 252 | 454 | ||
| @@ -262,20 +464,48 @@ err:\ | |||
| 262 | } | 464 | } |
| 263 | 465 | ||
| 264 | #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ | 466 | #define M_ASN1_I2D_put_SET(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SET,\ |
| 265 | V_ASN1_UNIVERSAL) | 467 | V_ASN1_UNIVERSAL,IS_SET) |
| 266 | #define M_ASN1_I2D_put_IMP_set(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ | 468 | #define M_ASN1_I2D_put_SET_type(type,a,f) \ |
| 267 | V_ASN1_CONTEXT_SPECIFIC) | 469 | i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SET,V_ASN1_UNIVERSAL,IS_SET) |
| 268 | 470 | #define M_ASN1_I2D_put_IMP_SET(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ | |
| 269 | #define M_ASN1_I2D_put_SEQ(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ | 471 | V_ASN1_CONTEXT_SPECIFIC,IS_SET) |
| 270 | V_ASN1_UNIVERSAL) | 472 | #define M_ASN1_I2D_put_IMP_SET_type(type,a,f,x) \ |
| 473 | i2d_ASN1_SET_OF_##type(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC,IS_SET) | ||
| 474 | #define M_ASN1_I2D_put_IMP_SEQUENCE(a,f,x) i2d_ASN1_SET(a,&p,f,x,\ | ||
| 475 | V_ASN1_CONTEXT_SPECIFIC,IS_SEQUENCE) | ||
| 476 | |||
| 477 | #define M_ASN1_I2D_put_SEQUENCE(a,f) i2d_ASN1_SET(a,&p,f,V_ASN1_SEQUENCE,\ | ||
| 478 | V_ASN1_UNIVERSAL,IS_SEQUENCE) | ||
| 479 | |||
| 480 | #define M_ASN1_I2D_put_SEQUENCE_type(type,a,f) \ | ||
| 481 | i2d_ASN1_SET_OF_##type(a,&p,f,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, \ | ||
| 482 | IS_SEQUENCE) | ||
| 483 | |||
| 484 | #define M_ASN1_I2D_put_SEQUENCE_opt(a,f) \ | ||
| 485 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 486 | M_ASN1_I2D_put_SEQUENCE(a,f); | ||
| 271 | 487 | ||
| 272 | #define M_ASN1_I2D_put_SEQ_opt(a,f) \ | 488 | #define M_ASN1_I2D_put_IMP_SET_opt(a,f,x) \ |
| 273 | if ((a != NULL) && (sk_num(a) != 0)) \ | 489 | if ((a != NULL) && (sk_num(a) != 0)) \ |
| 274 | M_ASN1_I2D_put_SEQ(a,f); | 490 | { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ |
| 491 | IS_SET); } | ||
| 492 | |||
| 493 | #define M_ASN1_I2D_put_IMP_SET_opt_type(type,a,f,x) \ | ||
| 494 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 495 | { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ | ||
| 496 | V_ASN1_CONTEXT_SPECIFIC, \ | ||
| 497 | IS_SET); } | ||
| 275 | 498 | ||
| 276 | #define M_ASN1_I2D_put_IMP_set_opt(a,f,x) \ | 499 | #define M_ASN1_I2D_put_IMP_SEQUENCE_opt(a,f,x) \ |
| 277 | if ((a != NULL) && (sk_num(a) != 0)) \ | 500 | if ((a != NULL) && (sk_num(a) != 0)) \ |
| 278 | { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC); } | 501 | { i2d_ASN1_SET(a,&p,f,x,V_ASN1_CONTEXT_SPECIFIC, \ |
| 502 | IS_SEQUENCE); } | ||
| 503 | |||
| 504 | #define M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(type,a,f,x) \ | ||
| 505 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 506 | { i2d_ASN1_SET_OF_##type(a,&p,f,x, \ | ||
| 507 | V_ASN1_CONTEXT_SPECIFIC, \ | ||
| 508 | IS_SEQUENCE); } | ||
| 279 | 509 | ||
| 280 | #define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ | 510 | #define M_ASN1_I2D_put_EXP_opt(a,f,tag,v) \ |
| 281 | if (a != NULL) \ | 511 | if (a != NULL) \ |
| @@ -284,11 +514,26 @@ err:\ | |||
| 284 | f(a,&p); \ | 514 | f(a,&p); \ |
| 285 | } | 515 | } |
| 286 | 516 | ||
| 287 | #define M_ASN1_I2D_put_EXP_set_opt(a,f,mtag,tag,v) \ | 517 | #define M_ASN1_I2D_put_EXP_SET_opt(a,f,mtag,tag,v) \ |
| 288 | if ((a != NULL) && (sk_num(a) != 0)) \ | 518 | if ((a != NULL) && (sk_num(a) != 0)) \ |
| 289 | { \ | 519 | { \ |
| 290 | ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ | 520 | ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ |
| 291 | i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL); \ | 521 | i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SET); \ |
| 522 | } | ||
| 523 | |||
| 524 | #define M_ASN1_I2D_put_EXP_SEQUENCE_opt(a,f,mtag,tag,v) \ | ||
| 525 | if ((a != NULL) && (sk_num(a) != 0)) \ | ||
| 526 | { \ | ||
| 527 | ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ | ||
| 528 | i2d_ASN1_SET(a,&p,f,tag,V_ASN1_UNIVERSAL,IS_SEQUENCE); \ | ||
| 529 | } | ||
| 530 | |||
| 531 | #define M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(type,a,f,mtag,tag,v) \ | ||
| 532 | if ((a != NULL) && (sk_##type##_num(a) != 0)) \ | ||
| 533 | { \ | ||
| 534 | ASN1_put_object(&p,1,v,mtag,V_ASN1_CONTEXT_SPECIFIC); \ | ||
| 535 | i2d_ASN1_SET_OF_##type(a,&p,f,tag,V_ASN1_UNIVERSAL, \ | ||
| 536 | IS_SEQUENCE); \ | ||
| 292 | } | 537 | } |
| 293 | 538 | ||
| 294 | #define M_ASN1_I2D_seq_total() \ | 539 | #define M_ASN1_I2D_seq_total() \ |
| @@ -306,14 +551,8 @@ err:\ | |||
| 306 | #define M_ASN1_I2D_finish() *pp=p; \ | 551 | #define M_ASN1_I2D_finish() *pp=p; \ |
| 307 | return(r); | 552 | return(r); |
| 308 | 553 | ||
| 309 | #ifndef NOPROTO | ||
| 310 | int asn1_GetSequence(ASN1_CTX *c, long *length); | 554 | int asn1_GetSequence(ASN1_CTX *c, long *length); |
| 311 | void asn1_add_error(unsigned char *address,int offset); | 555 | void asn1_add_error(unsigned char *address,int offset); |
| 312 | #else | ||
| 313 | int asn1_GetSequence(); | ||
| 314 | void asn1_add_error(); | ||
| 315 | #endif | ||
| 316 | |||
| 317 | #ifdef __cplusplus | 556 | #ifdef __cplusplus |
| 318 | } | 557 | } |
| 319 | #endif | 558 | #endif |
diff --git a/src/lib/libcrypto/asn1/asn1_par.c b/src/lib/libcrypto/asn1/asn1_par.c index 3906227d21..facfdd27fc 100644 --- a/src/lib/libcrypto/asn1/asn1_par.c +++ b/src/lib/libcrypto/asn1/asn1_par.c | |||
| @@ -58,30 +58,21 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/asn1.h> |
| 64 | 64 | ||
| 65 | #ifndef NOPROTO | ||
| 66 | static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, | 65 | static int asn1_print_info(BIO *bp, int tag, int xclass,int constructed, |
| 67 | int indent); | 66 | int indent); |
| 68 | static int asn1_parse2(BIO *bp, unsigned char **pp, long length, | 67 | static int asn1_parse2(BIO *bp, unsigned char **pp, long length, |
| 69 | int offset, int depth, int indent); | 68 | int offset, int depth, int indent, int dump); |
| 70 | #else | 69 | static int asn1_print_info(BIO *bp, int tag, int xclass, int constructed, |
| 71 | static int asn1_print_info(); | 70 | int indent) |
| 72 | static int asn1_parse2(); | ||
| 73 | #endif | ||
| 74 | |||
| 75 | static int asn1_print_info(bp, tag, xclass, constructed,indent) | ||
| 76 | BIO *bp; | ||
| 77 | int tag; | ||
| 78 | int xclass; | ||
| 79 | int constructed; | ||
| 80 | int indent; | ||
| 81 | { | 71 | { |
| 82 | static char *fmt="%-18s"; | 72 | static const char fmt[]="%-18s"; |
| 83 | static char *fmt2="%2d %-15s"; | 73 | static const char fmt2[]="%2d %-15s"; |
| 84 | char *p,str[128],*p2=NULL; | 74 | char str[128]; |
| 75 | const char *p,*p2=NULL; | ||
| 85 | 76 | ||
| 86 | if (constructed & V_ASN1_CONSTRUCTED) | 77 | if (constructed & V_ASN1_CONSTRUCTED) |
| 87 | p="cons: "; | 78 | p="cons: "; |
| @@ -102,53 +93,8 @@ int indent; | |||
| 102 | sprintf(str,"cont [ %d ]",tag); | 93 | sprintf(str,"cont [ %d ]",tag); |
| 103 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) | 94 | else if ((xclass & V_ASN1_APPLICATION) == V_ASN1_APPLICATION) |
| 104 | sprintf(str,"appl [ %d ]",tag); | 95 | sprintf(str,"appl [ %d ]",tag); |
| 105 | else if ((tag == V_ASN1_EOC) /* && (xclass == V_ASN1_UNIVERSAL) */) | 96 | else p = ASN1_tag2str(tag); |
| 106 | p="EOC"; | ||
| 107 | else if (tag == V_ASN1_BOOLEAN) | ||
| 108 | p="BOOLEAN"; | ||
| 109 | else if (tag == V_ASN1_INTEGER) | ||
| 110 | p="INTEGER"; | ||
| 111 | else if (tag == V_ASN1_BIT_STRING) | ||
| 112 | p="BIT STRING"; | ||
| 113 | else if (tag == V_ASN1_OCTET_STRING) | ||
| 114 | p="OCTET STRING"; | ||
| 115 | else if (tag == V_ASN1_NULL) | ||
| 116 | p="NULL"; | ||
| 117 | else if (tag == V_ASN1_OBJECT) | ||
| 118 | p="OBJECT"; | ||
| 119 | else if (tag == V_ASN1_SEQUENCE) | ||
| 120 | p="SEQUENCE"; | ||
| 121 | else if (tag == V_ASN1_SET) | ||
| 122 | p="SET"; | ||
| 123 | else if (tag == V_ASN1_PRINTABLESTRING) | ||
| 124 | p="PRINTABLESTRING"; | ||
| 125 | else if (tag == V_ASN1_T61STRING) | ||
| 126 | p="T61STRING"; | ||
| 127 | else if (tag == V_ASN1_IA5STRING) | ||
| 128 | p="IA5STRING"; | ||
| 129 | else if (tag == V_ASN1_UTCTIME) | ||
| 130 | p="UTCTIME"; | ||
| 131 | 97 | ||
| 132 | /* extras */ | ||
| 133 | else if (tag == V_ASN1_NUMERICSTRING) | ||
| 134 | p="NUMERICSTRING"; | ||
| 135 | else if (tag == V_ASN1_VIDEOTEXSTRING) | ||
| 136 | p="VIDEOTEXSTRING"; | ||
| 137 | else if (tag == V_ASN1_GENERALIZEDTIME) | ||
| 138 | p="GENERALIZEDTIME"; | ||
| 139 | else if (tag == V_ASN1_GRAPHICSTRING) | ||
| 140 | p="GRAPHICSTRING"; | ||
| 141 | else if (tag == V_ASN1_ISO64STRING) | ||
| 142 | p="ISO64STRING"; | ||
| 143 | else if (tag == V_ASN1_GENERALSTRING) | ||
| 144 | p="GENERALSTRING"; | ||
| 145 | else if (tag == V_ASN1_UNIVERSALSTRING) | ||
| 146 | p="UNIVERSALSTRING"; | ||
| 147 | else if (tag == V_ASN1_BMPSTRING) | ||
| 148 | p="BMPSTRING"; | ||
| 149 | else | ||
| 150 | p2="(unknown)"; | ||
| 151 | |||
| 152 | if (p2 != NULL) | 98 | if (p2 != NULL) |
| 153 | { | 99 | { |
| 154 | if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; | 100 | if (BIO_printf(bp,fmt2,tag,p2) <= 0) goto err; |
| @@ -162,22 +108,18 @@ err: | |||
| 162 | return(0); | 108 | return(0); |
| 163 | } | 109 | } |
| 164 | 110 | ||
| 165 | int ASN1_parse(bp, pp, len, indent) | 111 | int ASN1_parse(BIO *bp, unsigned char *pp, long len, int indent) |
| 166 | BIO *bp; | 112 | { |
| 167 | unsigned char *pp; | 113 | return(asn1_parse2(bp,&pp,len,0,0,indent,0)); |
| 168 | long len; | 114 | } |
| 169 | int indent; | 115 | |
| 116 | int ASN1_parse_dump(BIO *bp, unsigned char *pp, long len, int indent, int dump) | ||
| 170 | { | 117 | { |
| 171 | return(asn1_parse2(bp,&pp,len,0,0,indent)); | 118 | return(asn1_parse2(bp,&pp,len,0,0,indent,dump)); |
| 172 | } | 119 | } |
| 173 | 120 | ||
| 174 | static int asn1_parse2(bp, pp, length, offset, depth, indent) | 121 | static int asn1_parse2(BIO *bp, unsigned char **pp, long length, int offset, |
| 175 | BIO *bp; | 122 | int depth, int indent, int dump) |
| 176 | unsigned char **pp; | ||
| 177 | long length; | ||
| 178 | int offset; | ||
| 179 | int depth; | ||
| 180 | int indent; | ||
| 181 | { | 123 | { |
| 182 | unsigned char *p,*ep,*tot,*op,*opp; | 124 | unsigned char *p,*ep,*tot,*op,*opp; |
| 183 | long len; | 125 | long len; |
| @@ -186,7 +128,13 @@ int indent; | |||
| 186 | ASN1_OBJECT *o=NULL; | 128 | ASN1_OBJECT *o=NULL; |
| 187 | ASN1_OCTET_STRING *os=NULL; | 129 | ASN1_OCTET_STRING *os=NULL; |
| 188 | /* ASN1_BMPSTRING *bmp=NULL;*/ | 130 | /* ASN1_BMPSTRING *bmp=NULL;*/ |
| 131 | int dump_indent; | ||
| 189 | 132 | ||
| 133 | #if 0 | ||
| 134 | dump_indent = indent; | ||
| 135 | #else | ||
| 136 | dump_indent = 6; /* Because we know BIO_dump_indent() */ | ||
| 137 | #endif | ||
| 190 | p= *pp; | 138 | p= *pp; |
| 191 | tot=p+length; | 139 | tot=p+length; |
| 192 | op=p-1; | 140 | op=p-1; |
| @@ -241,7 +189,7 @@ int indent; | |||
| 241 | { | 189 | { |
| 242 | r=asn1_parse2(bp,&p,(long)(tot-p), | 190 | r=asn1_parse2(bp,&p,(long)(tot-p), |
| 243 | offset+(p - *pp),depth+1, | 191 | offset+(p - *pp),depth+1, |
| 244 | indent); | 192 | indent,dump); |
| 245 | if (r == 0) { ret=0; goto end; } | 193 | if (r == 0) { ret=0; goto end; } |
| 246 | if ((r == 2) || (p >= tot)) break; | 194 | if ((r == 2) || (p >= tot)) break; |
| 247 | } | 195 | } |
| @@ -251,7 +199,7 @@ int indent; | |||
| 251 | { | 199 | { |
| 252 | r=asn1_parse2(bp,&p,(long)len, | 200 | r=asn1_parse2(bp,&p,(long)len, |
| 253 | offset+(p - *pp),depth+1, | 201 | offset+(p - *pp),depth+1, |
| 254 | indent); | 202 | indent,dump); |
| 255 | if (r == 0) { ret=0; goto end; } | 203 | if (r == 0) { ret=0; goto end; } |
| 256 | } | 204 | } |
| 257 | } | 205 | } |
| @@ -266,7 +214,9 @@ int indent; | |||
| 266 | if ( (tag == V_ASN1_PRINTABLESTRING) || | 214 | if ( (tag == V_ASN1_PRINTABLESTRING) || |
| 267 | (tag == V_ASN1_T61STRING) || | 215 | (tag == V_ASN1_T61STRING) || |
| 268 | (tag == V_ASN1_IA5STRING) || | 216 | (tag == V_ASN1_IA5STRING) || |
| 269 | (tag == V_ASN1_UTCTIME)) | 217 | (tag == V_ASN1_VISIBLESTRING) || |
| 218 | (tag == V_ASN1_UTCTIME) || | ||
| 219 | (tag == V_ASN1_GENERALIZEDTIME)) | ||
| 270 | { | 220 | { |
| 271 | if (BIO_write(bp,":",1) <= 0) goto end; | 221 | if (BIO_write(bp,":",1) <= 0) goto end; |
| 272 | if ((len > 0) && | 222 | if ((len > 0) && |
| @@ -334,7 +284,21 @@ int indent; | |||
| 334 | os->length) <= 0) | 284 | os->length) <= 0) |
| 335 | goto end; | 285 | goto end; |
| 336 | } | 286 | } |
| 337 | ASN1_OCTET_STRING_free(os); | 287 | if (!printable && (os->length > 0) |
| 288 | && dump) | ||
| 289 | { | ||
| 290 | if (!nl) | ||
| 291 | { | ||
| 292 | if (BIO_write(bp,"\n",1) <= 0) | ||
| 293 | goto end; | ||
| 294 | } | ||
| 295 | if (BIO_dump_indent(bp,(char *)opp, | ||
| 296 | ((dump == -1 || dump > os->length)?os->length:dump), | ||
| 297 | dump_indent) <= 0) | ||
| 298 | goto end; | ||
| 299 | nl=1; | ||
| 300 | } | ||
| 301 | M_ASN1_OCTET_STRING_free(os); | ||
| 338 | os=NULL; | 302 | os=NULL; |
| 339 | } | 303 | } |
| 340 | } | 304 | } |
| @@ -368,7 +332,52 @@ int indent; | |||
| 368 | if (BIO_write(bp,"BAD INTEGER",11) <= 0) | 332 | if (BIO_write(bp,"BAD INTEGER",11) <= 0) |
| 369 | goto end; | 333 | goto end; |
| 370 | } | 334 | } |
| 371 | ASN1_INTEGER_free(bs); | 335 | M_ASN1_INTEGER_free(bs); |
| 336 | } | ||
| 337 | else if (tag == V_ASN1_ENUMERATED) | ||
| 338 | { | ||
| 339 | ASN1_ENUMERATED *bs; | ||
| 340 | int i; | ||
| 341 | |||
| 342 | opp=op; | ||
| 343 | bs=d2i_ASN1_ENUMERATED(NULL,&opp,len+hl); | ||
| 344 | if (bs != NULL) | ||
| 345 | { | ||
| 346 | if (BIO_write(bp,":",1) <= 0) goto end; | ||
| 347 | if (bs->type == V_ASN1_NEG_ENUMERATED) | ||
| 348 | if (BIO_write(bp,"-",1) <= 0) | ||
| 349 | goto end; | ||
| 350 | for (i=0; i<bs->length; i++) | ||
| 351 | { | ||
| 352 | if (BIO_printf(bp,"%02X", | ||
| 353 | bs->data[i]) <= 0) | ||
| 354 | goto end; | ||
| 355 | } | ||
| 356 | if (bs->length == 0) | ||
| 357 | { | ||
| 358 | if (BIO_write(bp,"00",2) <= 0) | ||
| 359 | goto end; | ||
| 360 | } | ||
| 361 | } | ||
| 362 | else | ||
| 363 | { | ||
| 364 | if (BIO_write(bp,"BAD ENUMERATED",11) <= 0) | ||
| 365 | goto end; | ||
| 366 | } | ||
| 367 | M_ASN1_ENUMERATED_free(bs); | ||
| 368 | } | ||
| 369 | else if (len > 0 && dump) | ||
| 370 | { | ||
| 371 | if (!nl) | ||
| 372 | { | ||
| 373 | if (BIO_write(bp,"\n",1) <= 0) | ||
| 374 | goto end; | ||
| 375 | } | ||
| 376 | if (BIO_dump_indent(bp,(char *)p, | ||
| 377 | ((dump == -1 || dump > len)?len:dump), | ||
| 378 | dump_indent) <= 0) | ||
| 379 | goto end; | ||
| 380 | nl=1; | ||
| 372 | } | 381 | } |
| 373 | 382 | ||
| 374 | if (!nl) | 383 | if (!nl) |
| @@ -387,7 +396,28 @@ int indent; | |||
| 387 | ret=1; | 396 | ret=1; |
| 388 | end: | 397 | end: |
| 389 | if (o != NULL) ASN1_OBJECT_free(o); | 398 | if (o != NULL) ASN1_OBJECT_free(o); |
| 390 | if (os != NULL) ASN1_OCTET_STRING_free(os); | 399 | if (os != NULL) M_ASN1_OCTET_STRING_free(os); |
| 391 | *pp=p; | 400 | *pp=p; |
| 392 | return(ret); | 401 | return(ret); |
| 393 | } | 402 | } |
| 403 | |||
| 404 | const char *ASN1_tag2str(int tag) | ||
| 405 | { | ||
| 406 | const static char *tag2str[] = { | ||
| 407 | "EOC", "BOOLEAN", "INTEGER", "BIT STRING", "OCTET STRING", /* 0-4 */ | ||
| 408 | "NULL", "OBJECT", "OBJECT DESCRIPTOR", "EXTERNAL", "REAL", /* 5-9 */ | ||
| 409 | "ENUMERATED", "<ASN1 11>", "UTF8STRING", "<ASN1 13>", /* 10-13 */ | ||
| 410 | "<ASN1 14>", "<ASN1 15>", "SEQUENCE", "SET", /* 15-17 */ | ||
| 411 | "NUMERICSTRING", "PRINTABLESTRING", "T61STRING", /* 18-20 */ | ||
| 412 | "VIDEOTEXSTRING", "IA5STRING", "UTCTIME","GENERALIZEDTIME", /* 21-24 */ | ||
| 413 | "GRAPHICSTRING", "VISIBLESTRING", "GENERALSTRING", /* 25-27 */ | ||
| 414 | "UNIVERSALSTRING", "<ASN1 29>", "BMPSTRING" /* 28-30 */ | ||
| 415 | }; | ||
| 416 | |||
| 417 | if((tag == V_ASN1_NEG_INTEGER) || (tag == V_ASN1_NEG_ENUMERATED)) | ||
| 418 | tag &= ~0x100; | ||
| 419 | |||
| 420 | if(tag < 0 || tag > 30) return "(unknown)"; | ||
| 421 | return tag2str[tag]; | ||
| 422 | } | ||
| 423 | |||
diff --git a/src/lib/libcrypto/asn1/asn_pack.c b/src/lib/libcrypto/asn1/asn_pack.c index 662a2626a1..e6051db2dc 100644 --- a/src/lib/libcrypto/asn1/asn_pack.c +++ b/src/lib/libcrypto/asn1/asn_pack.c | |||
| @@ -60,12 +60,14 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | 62 | ||
| 63 | #ifndef NO_ASN1_OLD | ||
| 64 | |||
| 63 | /* ASN1 packing and unpacking functions */ | 65 | /* ASN1 packing and unpacking functions */ |
| 64 | 66 | ||
| 65 | /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ | 67 | /* Turn an ASN1 encoded SEQUENCE OF into a STACK of structures */ |
| 66 | 68 | ||
| 67 | STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), | 69 | STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), |
| 68 | void (*free_func)()) | 70 | void (*free_func)(void *)) |
| 69 | { | 71 | { |
| 70 | STACK *sk; | 72 | STACK *sk; |
| 71 | unsigned char *pbuf; | 73 | unsigned char *pbuf; |
| @@ -77,7 +79,7 @@ STACK *ASN1_seq_unpack(unsigned char *buf, int len, char *(*d2i)(), | |||
| 77 | } | 79 | } |
| 78 | 80 | ||
| 79 | /* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a | 81 | /* Turn a STACK structures into an ASN1 encoded SEQUENCE OF structure in a |
| 80 | * Malloc'ed buffer | 82 | * OPENSSL_malloc'ed buffer |
| 81 | */ | 83 | */ |
| 82 | 84 | ||
| 83 | unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, | 85 | unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, |
| @@ -90,7 +92,7 @@ unsigned char *ASN1_seq_pack(STACK *safes, int (*i2d)(), unsigned char **buf, | |||
| 90 | ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); | 92 | ASN1err(ASN1_F_ASN1_SEQ_PACK,ASN1_R_ENCODE_ERROR); |
| 91 | return NULL; | 93 | return NULL; |
| 92 | } | 94 | } |
| 93 | if (!(safe = Malloc (safelen))) { | 95 | if (!(safe = OPENSSL_malloc (safelen))) { |
| 94 | ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); | 96 | ASN1err(ASN1_F_ASN1_SEQ_PACK,ERR_R_MALLOC_FAILURE); |
| 95 | return NULL; | 97 | return NULL; |
| 96 | } | 98 | } |
| @@ -117,7 +119,7 @@ void *ASN1_unpack_string (ASN1_STRING *oct, char *(*d2i)()) | |||
| 117 | 119 | ||
| 118 | /* Pack an ASN1 object into an ASN1_STRING */ | 120 | /* Pack an ASN1 object into an ASN1_STRING */ |
| 119 | 121 | ||
| 120 | ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct) | 122 | ASN1_STRING *ASN1_pack_string(void *obj, int (*i2d)(), ASN1_STRING **oct) |
| 121 | { | 123 | { |
| 122 | unsigned char *p; | 124 | unsigned char *p; |
| 123 | ASN1_STRING *octmp; | 125 | ASN1_STRING *octmp; |
| @@ -134,7 +136,7 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct) | |||
| 134 | ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); | 136 | ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); |
| 135 | return NULL; | 137 | return NULL; |
| 136 | } | 138 | } |
| 137 | if (!(p = Malloc (octmp->length))) { | 139 | if (!(p = OPENSSL_malloc (octmp->length))) { |
| 138 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); | 140 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); |
| 139 | return NULL; | 141 | return NULL; |
| 140 | } | 142 | } |
| @@ -143,3 +145,47 @@ ASN1_STRING *ASN1_pack_string (void *obj, int (*i2d)(), ASN1_STRING **oct) | |||
| 143 | return octmp; | 145 | return octmp; |
| 144 | } | 146 | } |
| 145 | 147 | ||
| 148 | #endif | ||
| 149 | |||
| 150 | /* ASN1_ITEM versions of the above */ | ||
| 151 | |||
| 152 | ASN1_STRING *ASN1_item_pack(void *obj, const ASN1_ITEM *it, ASN1_STRING **oct) | ||
| 153 | { | ||
| 154 | ASN1_STRING *octmp; | ||
| 155 | |||
| 156 | if (!oct || !*oct) { | ||
| 157 | if (!(octmp = ASN1_STRING_new ())) { | ||
| 158 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); | ||
| 159 | return NULL; | ||
| 160 | } | ||
| 161 | if (oct) *oct = octmp; | ||
| 162 | } else octmp = *oct; | ||
| 163 | |||
| 164 | if(octmp->data) { | ||
| 165 | OPENSSL_free(octmp->data); | ||
| 166 | octmp->data = NULL; | ||
| 167 | } | ||
| 168 | |||
| 169 | if (!(octmp->length = ASN1_item_i2d(obj, &octmp->data, it))) { | ||
| 170 | ASN1err(ASN1_F_ASN1_PACK_STRING,ASN1_R_ENCODE_ERROR); | ||
| 171 | return NULL; | ||
| 172 | } | ||
| 173 | if (!octmp->data) { | ||
| 174 | ASN1err(ASN1_F_ASN1_PACK_STRING,ERR_R_MALLOC_FAILURE); | ||
| 175 | return NULL; | ||
| 176 | } | ||
| 177 | return octmp; | ||
| 178 | } | ||
| 179 | |||
| 180 | /* Extract an ASN1 object from an ASN1_STRING */ | ||
| 181 | |||
| 182 | void *ASN1_item_unpack(ASN1_STRING *oct, const ASN1_ITEM *it) | ||
| 183 | { | ||
| 184 | unsigned char *p; | ||
| 185 | void *ret; | ||
| 186 | |||
| 187 | p = oct->data; | ||
| 188 | if(!(ret = ASN1_item_d2i(NULL, &p, oct->length, it))) | ||
| 189 | ASN1err(ASN1_F_ASN1_UNPACK_STRING,ASN1_R_DECODE_ERROR); | ||
| 190 | return ret; | ||
| 191 | } | ||
diff --git a/src/lib/libcrypto/asn1/d2i_pr.c b/src/lib/libcrypto/asn1/d2i_pr.c index b9eaa9629b..2e7d96af90 100644 --- a/src/lib/libcrypto/asn1/d2i_pr.c +++ b/src/lib/libcrypto/asn1/d2i_pr.c | |||
| @@ -58,16 +58,19 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/asn1.h> |
| 65 | #ifndef OPENSSL_NO_RSA | ||
| 66 | #include <openssl/rsa.h> | ||
| 67 | #endif | ||
| 68 | #ifndef OPENSSL_NO_DSA | ||
| 69 | #include <openssl/dsa.h> | ||
| 70 | #endif | ||
| 65 | 71 | ||
| 66 | EVP_PKEY *d2i_PrivateKey(type,a,pp,length) | 72 | EVP_PKEY *d2i_PrivateKey(int type, EVP_PKEY **a, unsigned char **pp, |
| 67 | int type; | 73 | long length) |
| 68 | EVP_PKEY **a; | ||
| 69 | unsigned char **pp; | ||
| 70 | long length; | ||
| 71 | { | 74 | { |
| 72 | EVP_PKEY *ret; | 75 | EVP_PKEY *ret; |
| 73 | 76 | ||
| @@ -85,18 +88,20 @@ long length; | |||
| 85 | ret->type=EVP_PKEY_type(type); | 88 | ret->type=EVP_PKEY_type(type); |
| 86 | switch (ret->type) | 89 | switch (ret->type) |
| 87 | { | 90 | { |
| 88 | #ifndef NO_RSA | 91 | #ifndef OPENSSL_NO_RSA |
| 89 | case EVP_PKEY_RSA: | 92 | case EVP_PKEY_RSA: |
| 90 | if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL,pp,length)) == NULL) | 93 | if ((ret->pkey.rsa=d2i_RSAPrivateKey(NULL, |
| 94 | (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ | ||
| 91 | { | 95 | { |
| 92 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); | 96 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); |
| 93 | goto err; | 97 | goto err; |
| 94 | } | 98 | } |
| 95 | break; | 99 | break; |
| 96 | #endif | 100 | #endif |
| 97 | #ifndef NO_DSA | 101 | #ifndef OPENSSL_NO_DSA |
| 98 | case EVP_PKEY_DSA: | 102 | case EVP_PKEY_DSA: |
| 99 | if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL,pp,length)) == NULL) | 103 | if ((ret->pkey.dsa=d2i_DSAPrivateKey(NULL, |
| 104 | (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ | ||
| 100 | { | 105 | { |
| 101 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); | 106 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ERR_R_ASN1_LIB); |
| 102 | goto err; | 107 | goto err; |
| @@ -106,7 +111,7 @@ long length; | |||
| 106 | default: | 111 | default: |
| 107 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); | 112 | ASN1err(ASN1_F_D2I_PRIVATEKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); |
| 108 | goto err; | 113 | goto err; |
| 109 | break; | 114 | /* break; */ |
| 110 | } | 115 | } |
| 111 | if (a != NULL) (*a)=ret; | 116 | if (a != NULL) (*a)=ret; |
| 112 | return(ret); | 117 | return(ret); |
| @@ -115,3 +120,26 @@ err: | |||
| 115 | return(NULL); | 120 | return(NULL); |
| 116 | } | 121 | } |
| 117 | 122 | ||
| 123 | /* This works like d2i_PrivateKey() except it automatically works out the type */ | ||
| 124 | |||
| 125 | EVP_PKEY *d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | ||
| 126 | long length) | ||
| 127 | { | ||
| 128 | STACK_OF(ASN1_TYPE) *inkey; | ||
| 129 | unsigned char *p; | ||
| 130 | int keytype; | ||
| 131 | p = *pp; | ||
| 132 | /* Dirty trick: read in the ASN1 data into a STACK_OF(ASN1_TYPE): | ||
| 133 | * by analyzing it we can determine the passed structure: this | ||
| 134 | * assumes the input is surrounded by an ASN1 SEQUENCE. | ||
| 135 | */ | ||
| 136 | inkey = d2i_ASN1_SET_OF_ASN1_TYPE(NULL, &p, length, d2i_ASN1_TYPE, | ||
| 137 | ASN1_TYPE_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 138 | /* Since we only need to discern "traditional format" RSA and DSA | ||
| 139 | * keys we can just count the elements. | ||
| 140 | */ | ||
| 141 | if(sk_ASN1_TYPE_num(inkey) == 6) keytype = EVP_PKEY_DSA; | ||
| 142 | else keytype = EVP_PKEY_RSA; | ||
| 143 | sk_ASN1_TYPE_pop_free(inkey, ASN1_TYPE_free); | ||
| 144 | return d2i_PrivateKey(keytype, a, pp, length); | ||
| 145 | } | ||
diff --git a/src/lib/libcrypto/asn1/d2i_pu.c b/src/lib/libcrypto/asn1/d2i_pu.c index 5d6192f1e5..71f2eb361b 100644 --- a/src/lib/libcrypto/asn1/d2i_pu.c +++ b/src/lib/libcrypto/asn1/d2i_pu.c | |||
| @@ -58,16 +58,19 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/asn1.h> |
| 65 | #ifndef OPENSSL_NO_RSA | ||
| 66 | #include <openssl/rsa.h> | ||
| 67 | #endif | ||
| 68 | #ifndef OPENSSL_NO_DSA | ||
| 69 | #include <openssl/dsa.h> | ||
| 70 | #endif | ||
| 65 | 71 | ||
| 66 | EVP_PKEY *d2i_PublicKey(type,a,pp,length) | 72 | EVP_PKEY *d2i_PublicKey(int type, EVP_PKEY **a, unsigned char **pp, |
| 67 | int type; | 73 | long length) |
| 68 | EVP_PKEY **a; | ||
| 69 | unsigned char **pp; | ||
| 70 | long length; | ||
| 71 | { | 74 | { |
| 72 | EVP_PKEY *ret; | 75 | EVP_PKEY *ret; |
| 73 | 76 | ||
| @@ -85,18 +88,20 @@ long length; | |||
| 85 | ret->type=EVP_PKEY_type(type); | 88 | ret->type=EVP_PKEY_type(type); |
| 86 | switch (ret->type) | 89 | switch (ret->type) |
| 87 | { | 90 | { |
| 88 | #ifndef NO_RSA | 91 | #ifndef OPENSSL_NO_RSA |
| 89 | case EVP_PKEY_RSA: | 92 | case EVP_PKEY_RSA: |
| 90 | if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL,pp,length)) == NULL) | 93 | if ((ret->pkey.rsa=d2i_RSAPublicKey(NULL, |
| 94 | (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ | ||
| 91 | { | 95 | { |
| 92 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); | 96 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); |
| 93 | goto err; | 97 | goto err; |
| 94 | } | 98 | } |
| 95 | break; | 99 | break; |
| 96 | #endif | 100 | #endif |
| 97 | #ifndef NO_DSA | 101 | #ifndef OPENSSL_NO_DSA |
| 98 | case EVP_PKEY_DSA: | 102 | case EVP_PKEY_DSA: |
| 99 | if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL,pp,length)) == NULL) | 103 | if ((ret->pkey.dsa=d2i_DSAPublicKey(NULL, |
| 104 | (const unsigned char **)pp,length)) == NULL) /* TMP UGLY CAST */ | ||
| 100 | { | 105 | { |
| 101 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); | 106 | ASN1err(ASN1_F_D2I_PUBLICKEY,ERR_R_ASN1_LIB); |
| 102 | goto err; | 107 | goto err; |
| @@ -106,7 +111,7 @@ long length; | |||
| 106 | default: | 111 | default: |
| 107 | ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); | 112 | ASN1err(ASN1_F_D2I_PUBLICKEY,ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE); |
| 108 | goto err; | 113 | goto err; |
| 109 | break; | 114 | /* break; */ |
| 110 | } | 115 | } |
| 111 | if (a != NULL) (*a)=ret; | 116 | if (a != NULL) (*a)=ret; |
| 112 | return(ret); | 117 | return(ret); |
diff --git a/src/lib/libcrypto/asn1/evp_asn1.c b/src/lib/libcrypto/asn1/evp_asn1.c index ebe34a3362..3506005a71 100644 --- a/src/lib/libcrypto/asn1/evp_asn1.c +++ b/src/lib/libcrypto/asn1/evp_asn1.c | |||
| @@ -58,26 +58,22 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1_mac.h> |
| 63 | 63 | ||
| 64 | int ASN1_TYPE_set_octetstring(a,data,len) | 64 | int ASN1_TYPE_set_octetstring(ASN1_TYPE *a, unsigned char *data, int len) |
| 65 | ASN1_TYPE *a; | ||
| 66 | unsigned char *data; | ||
| 67 | int len; | ||
| 68 | { | 65 | { |
| 69 | ASN1_STRING *os; | 66 | ASN1_STRING *os; |
| 70 | 67 | ||
| 71 | if ((os=ASN1_OCTET_STRING_new()) == NULL) return(0); | 68 | if ((os=M_ASN1_OCTET_STRING_new()) == NULL) return(0); |
| 72 | if (!ASN1_OCTET_STRING_set(os,data,len)) return(0); | 69 | if (!M_ASN1_OCTET_STRING_set(os,data,len)) return(0); |
| 73 | ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,(char *)os); | 70 | ASN1_TYPE_set(a,V_ASN1_OCTET_STRING,os); |
| 74 | return(1); | 71 | return(1); |
| 75 | } | 72 | } |
| 76 | 73 | ||
| 77 | int ASN1_TYPE_get_octetstring(a,data,max_len) | 74 | /* int max_len: for returned value */ |
| 78 | ASN1_TYPE *a; | 75 | int ASN1_TYPE_get_octetstring(ASN1_TYPE *a, unsigned char *data, |
| 79 | unsigned char *data; | 76 | int max_len) |
| 80 | int max_len; /* for returned value */ | ||
| 81 | { | 77 | { |
| 82 | int ret,num; | 78 | int ret,num; |
| 83 | unsigned char *p; | 79 | unsigned char *p; |
| @@ -87,8 +83,8 @@ int max_len; /* for returned value */ | |||
| 87 | ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG); | 83 | ASN1err(ASN1_F_ASN1_TYPE_GET_OCTETSTRING,ASN1_R_DATA_IS_WRONG); |
| 88 | return(-1); | 84 | return(-1); |
| 89 | } | 85 | } |
| 90 | p=ASN1_STRING_data(a->value.octet_string); | 86 | p=M_ASN1_STRING_data(a->value.octet_string); |
| 91 | ret=ASN1_STRING_length(a->value.octet_string); | 87 | ret=M_ASN1_STRING_length(a->value.octet_string); |
| 92 | if (ret < max_len) | 88 | if (ret < max_len) |
| 93 | num=ret; | 89 | num=ret; |
| 94 | else | 90 | else |
| @@ -97,11 +93,8 @@ int max_len; /* for returned value */ | |||
| 97 | return(ret); | 93 | return(ret); |
| 98 | } | 94 | } |
| 99 | 95 | ||
| 100 | int ASN1_TYPE_set_int_octetstring(a,num,data,len) | 96 | int ASN1_TYPE_set_int_octetstring(ASN1_TYPE *a, long num, unsigned char *data, |
| 101 | ASN1_TYPE *a; | 97 | int len) |
| 102 | long num; | ||
| 103 | unsigned char *data; | ||
| 104 | int len; | ||
| 105 | { | 98 | { |
| 106 | int n,size; | 99 | int n,size; |
| 107 | ASN1_OCTET_STRING os,*osp; | 100 | ASN1_OCTET_STRING os,*osp; |
| @@ -124,23 +117,22 @@ int len; | |||
| 124 | /* Grow the 'string' */ | 117 | /* Grow the 'string' */ |
| 125 | ASN1_STRING_set(osp,NULL,size); | 118 | ASN1_STRING_set(osp,NULL,size); |
| 126 | 119 | ||
| 127 | ASN1_STRING_length(osp)=size; | 120 | M_ASN1_STRING_length_set(osp, size); |
| 128 | p=ASN1_STRING_data(osp); | 121 | p=M_ASN1_STRING_data(osp); |
| 129 | 122 | ||
| 130 | ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | 123 | ASN1_put_object(&p,1,n,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); |
| 131 | i2d_ASN1_INTEGER(&in,&p); | 124 | i2d_ASN1_INTEGER(&in,&p); |
| 132 | M_i2d_ASN1_OCTET_STRING(&os,&p); | 125 | M_i2d_ASN1_OCTET_STRING(&os,&p); |
| 133 | 126 | ||
| 134 | ASN1_TYPE_set(a,V_ASN1_SEQUENCE,(char *)osp); | 127 | ASN1_TYPE_set(a,V_ASN1_SEQUENCE,osp); |
| 135 | return(1); | 128 | return(1); |
| 136 | } | 129 | } |
| 137 | 130 | ||
| 138 | /* we return the actual length... */ | 131 | /* we return the actual length..., num may be missing, in which |
| 139 | int ASN1_TYPE_get_int_octetstring(a,num,data,max_len) | 132 | * case, set it to zero */ |
| 140 | ASN1_TYPE *a; | 133 | /* int max_len: for returned value */ |
| 141 | long *num; | 134 | int ASN1_TYPE_get_int_octetstring(ASN1_TYPE *a, long *num, unsigned char *data, |
| 142 | unsigned char *data; | 135 | int max_len) |
| 143 | int max_len; /* for returned value */ | ||
| 144 | { | 136 | { |
| 145 | int ret= -1,n; | 137 | int ret= -1,n; |
| 146 | ASN1_INTEGER *ai=NULL; | 138 | ASN1_INTEGER *ai=NULL; |
| @@ -153,8 +145,8 @@ int max_len; /* for returned value */ | |||
| 153 | { | 145 | { |
| 154 | goto err; | 146 | goto err; |
| 155 | } | 147 | } |
| 156 | p=ASN1_STRING_data(a->value.sequence); | 148 | p=M_ASN1_STRING_data(a->value.sequence); |
| 157 | length=ASN1_STRING_length(a->value.sequence); | 149 | length=M_ASN1_STRING_length(a->value.sequence); |
| 158 | 150 | ||
| 159 | c.pp= &p; | 151 | c.pp= &p; |
| 160 | c.p=p; | 152 | c.p=p; |
| @@ -173,21 +165,21 @@ int max_len; /* for returned value */ | |||
| 173 | if (num != NULL) | 165 | if (num != NULL) |
| 174 | *num=ASN1_INTEGER_get(ai); | 166 | *num=ASN1_INTEGER_get(ai); |
| 175 | 167 | ||
| 176 | ret=ASN1_STRING_length(os); | 168 | ret=M_ASN1_STRING_length(os); |
| 177 | if (max_len > ret) | 169 | if (max_len > ret) |
| 178 | n=ret; | 170 | n=ret; |
| 179 | else | 171 | else |
| 180 | n=max_len; | 172 | n=max_len; |
| 181 | 173 | ||
| 182 | if (data != NULL) | 174 | if (data != NULL) |
| 183 | memcpy(data,ASN1_STRING_data(os),n); | 175 | memcpy(data,M_ASN1_STRING_data(os),n); |
| 184 | if (0) | 176 | if (0) |
| 185 | { | 177 | { |
| 186 | err: | 178 | err: |
| 187 | ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG); | 179 | ASN1err(ASN1_F_ASN1_TYPE_GET_INT_OCTETSTRING,ASN1_R_DATA_IS_WRONG); |
| 188 | } | 180 | } |
| 189 | if (os != NULL) ASN1_OCTET_STRING_free(os); | 181 | if (os != NULL) M_ASN1_OCTET_STRING_free(os); |
| 190 | if (ai != NULL) ASN1_INTEGER_free(ai); | 182 | if (ai != NULL) M_ASN1_INTEGER_free(ai); |
| 191 | return(ret); | 183 | return(ret); |
| 192 | } | 184 | } |
| 193 | 185 | ||
diff --git a/src/lib/libcrypto/asn1/f_enum.c b/src/lib/libcrypto/asn1/f_enum.c index 3bcceecdb8..56e3cc8df2 100644 --- a/src/lib/libcrypto/asn1/f_enum.c +++ b/src/lib/libcrypto/asn1/f_enum.c | |||
| @@ -153,15 +153,15 @@ int a2i_ASN1_ENUMERATED(BIO *bp, ASN1_ENUMERATED *bs, char *buf, int size) | |||
| 153 | if (num+i > slen) | 153 | if (num+i > slen) |
| 154 | { | 154 | { |
| 155 | if (s == NULL) | 155 | if (s == NULL) |
| 156 | sp=(unsigned char *)Malloc( | 156 | sp=(unsigned char *)OPENSSL_malloc( |
| 157 | (unsigned int)num+i*2); | 157 | (unsigned int)num+i*2); |
| 158 | else | 158 | else |
| 159 | sp=(unsigned char *)Realloc(s, | 159 | sp=(unsigned char *)OPENSSL_realloc(s, |
| 160 | (unsigned int)num+i*2); | 160 | (unsigned int)num+i*2); |
| 161 | if (sp == NULL) | 161 | if (sp == NULL) |
| 162 | { | 162 | { |
| 163 | ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); | 163 | ASN1err(ASN1_F_A2I_ASN1_ENUMERATED,ERR_R_MALLOC_FAILURE); |
| 164 | if (s != NULL) Free((char *)s); | 164 | if (s != NULL) OPENSSL_free(s); |
| 165 | goto err; | 165 | goto err; |
| 166 | } | 166 | } |
| 167 | s=sp; | 167 | s=sp; |
diff --git a/src/lib/libcrypto/asn1/f_int.c b/src/lib/libcrypto/asn1/f_int.c index 4817c45cb7..48cc3bfb90 100644 --- a/src/lib/libcrypto/asn1/f_int.c +++ b/src/lib/libcrypto/asn1/f_int.c | |||
| @@ -58,23 +58,27 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/asn1.h> |
| 63 | 63 | ||
| 64 | int i2a_ASN1_INTEGER(bp, a) | 64 | int i2a_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *a) |
| 65 | BIO *bp; | ||
| 66 | ASN1_INTEGER *a; | ||
| 67 | { | 65 | { |
| 68 | int i,n=0; | 66 | int i,n=0; |
| 69 | static char *h="0123456789ABCDEF"; | 67 | static const char *h="0123456789ABCDEF"; |
| 70 | char buf[2]; | 68 | char buf[2]; |
| 71 | 69 | ||
| 72 | if (a == NULL) return(0); | 70 | if (a == NULL) return(0); |
| 73 | 71 | ||
| 72 | if (a->type & V_ASN1_NEG) | ||
| 73 | { | ||
| 74 | if (BIO_write(bp, "-", 1) != 1) goto err; | ||
| 75 | n = 1; | ||
| 76 | } | ||
| 77 | |||
| 74 | if (a->length == 0) | 78 | if (a->length == 0) |
| 75 | { | 79 | { |
| 76 | if (BIO_write(bp,"00",2) != 2) goto err; | 80 | if (BIO_write(bp,"00",2) != 2) goto err; |
| 77 | n=2; | 81 | n += 2; |
| 78 | } | 82 | } |
| 79 | else | 83 | else |
| 80 | { | 84 | { |
| @@ -96,11 +100,7 @@ err: | |||
| 96 | return(-1); | 100 | return(-1); |
| 97 | } | 101 | } |
| 98 | 102 | ||
| 99 | int a2i_ASN1_INTEGER(bp,bs,buf,size) | 103 | int a2i_ASN1_INTEGER(BIO *bp, ASN1_INTEGER *bs, char *buf, int size) |
| 100 | BIO *bp; | ||
| 101 | ASN1_INTEGER *bs; | ||
| 102 | char *buf; | ||
| 103 | int size; | ||
| 104 | { | 104 | { |
| 105 | int ret=0; | 105 | int ret=0; |
| 106 | int i,j,k,m,n,again,bufsize; | 106 | int i,j,k,m,n,again,bufsize; |
| @@ -123,9 +123,18 @@ int size; | |||
| 123 | 123 | ||
| 124 | for (j=0; j<i; j++) | 124 | for (j=0; j<i; j++) |
| 125 | { | 125 | { |
| 126 | #ifndef CHARSET_EBCDIC | ||
| 126 | if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || | 127 | if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || |
| 127 | ((buf[j] >= 'a') && (buf[j] <= 'f')) || | 128 | ((buf[j] >= 'a') && (buf[j] <= 'f')) || |
| 128 | ((buf[j] >= 'A') && (buf[j] <= 'F')))) | 129 | ((buf[j] >= 'A') && (buf[j] <= 'F')))) |
| 130 | #else | ||
| 131 | /* This #ifdef is not strictly necessary, since | ||
| 132 | * the characters A...F a...f 0...9 are contiguous | ||
| 133 | * (yes, even in EBCDIC - but not the whole alphabet). | ||
| 134 | * Nevertheless, isxdigit() is faster. | ||
| 135 | */ | ||
| 136 | if (!isxdigit(buf[j])) | ||
| 137 | #endif | ||
| 129 | { | 138 | { |
| 130 | i=j; | 139 | i=j; |
| 131 | break; | 140 | break; |
| @@ -157,15 +166,15 @@ int size; | |||
| 157 | if (num+i > slen) | 166 | if (num+i > slen) |
| 158 | { | 167 | { |
| 159 | if (s == NULL) | 168 | if (s == NULL) |
| 160 | sp=(unsigned char *)Malloc( | 169 | sp=(unsigned char *)OPENSSL_malloc( |
| 161 | (unsigned int)num+i*2); | 170 | (unsigned int)num+i*2); |
| 162 | else | 171 | else |
| 163 | sp=(unsigned char *)Realloc(s, | 172 | sp=(unsigned char *)OPENSSL_realloc(s, |
| 164 | (unsigned int)num+i*2); | 173 | (unsigned int)num+i*2); |
| 165 | if (sp == NULL) | 174 | if (sp == NULL) |
| 166 | { | 175 | { |
| 167 | ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); | 176 | ASN1err(ASN1_F_A2I_ASN1_INTEGER,ERR_R_MALLOC_FAILURE); |
| 168 | if (s != NULL) Free((char *)s); | 177 | if (s != NULL) OPENSSL_free(s); |
| 169 | goto err; | 178 | goto err; |
| 170 | } | 179 | } |
| 171 | s=sp; | 180 | s=sp; |
diff --git a/src/lib/libcrypto/asn1/f_string.c b/src/lib/libcrypto/asn1/f_string.c index ab2837824e..968698a798 100644 --- a/src/lib/libcrypto/asn1/f_string.c +++ b/src/lib/libcrypto/asn1/f_string.c | |||
| @@ -58,16 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/asn1.h> |
| 63 | 63 | ||
| 64 | int i2a_ASN1_STRING(bp, a, type) | 64 | int i2a_ASN1_STRING(BIO *bp, ASN1_STRING *a, int type) |
| 65 | BIO *bp; | ||
| 66 | ASN1_STRING *a; | ||
| 67 | int type; | ||
| 68 | { | 65 | { |
| 69 | int i,n=0; | 66 | int i,n=0; |
| 70 | static char *h="0123456789ABCDEF"; | 67 | static const char *h="0123456789ABCDEF"; |
| 71 | char buf[2]; | 68 | char buf[2]; |
| 72 | 69 | ||
| 73 | if (a == NULL) return(0); | 70 | if (a == NULL) return(0); |
| @@ -97,11 +94,7 @@ err: | |||
| 97 | return(-1); | 94 | return(-1); |
| 98 | } | 95 | } |
| 99 | 96 | ||
| 100 | int a2i_ASN1_STRING(bp,bs,buf,size) | 97 | int a2i_ASN1_STRING(BIO *bp, ASN1_STRING *bs, char *buf, int size) |
| 101 | BIO *bp; | ||
| 102 | ASN1_STRING *bs; | ||
| 103 | char *buf; | ||
| 104 | int size; | ||
| 105 | { | 98 | { |
| 106 | int ret=0; | 99 | int ret=0; |
| 107 | int i,j,k,m,n,again,bufsize; | 100 | int i,j,k,m,n,again,bufsize; |
| @@ -130,9 +123,18 @@ int size; | |||
| 130 | 123 | ||
| 131 | for (j=i-1; j>0; j--) | 124 | for (j=i-1; j>0; j--) |
| 132 | { | 125 | { |
| 126 | #ifndef CHARSET_EBCDIC | ||
| 133 | if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || | 127 | if (!( ((buf[j] >= '0') && (buf[j] <= '9')) || |
| 134 | ((buf[j] >= 'a') && (buf[j] <= 'f')) || | 128 | ((buf[j] >= 'a') && (buf[j] <= 'f')) || |
| 135 | ((buf[j] >= 'A') && (buf[j] <= 'F')))) | 129 | ((buf[j] >= 'A') && (buf[j] <= 'F')))) |
| 130 | #else | ||
| 131 | /* This #ifdef is not strictly necessary, since | ||
| 132 | * the characters A...F a...f 0...9 are contiguous | ||
| 133 | * (yes, even in EBCDIC - but not the whole alphabet). | ||
| 134 | * Nevertheless, isxdigit() is faster. | ||
| 135 | */ | ||
| 136 | if (!isxdigit(buf[j])) | ||
| 137 | #endif | ||
| 136 | { | 138 | { |
| 137 | i=j; | 139 | i=j; |
| 138 | break; | 140 | break; |
| @@ -156,15 +158,15 @@ int size; | |||
| 156 | if (num+i > slen) | 158 | if (num+i > slen) |
| 157 | { | 159 | { |
| 158 | if (s == NULL) | 160 | if (s == NULL) |
| 159 | sp=(unsigned char *)Malloc( | 161 | sp=(unsigned char *)OPENSSL_malloc( |
| 160 | (unsigned int)num+i*2); | 162 | (unsigned int)num+i*2); |
| 161 | else | 163 | else |
| 162 | sp=(unsigned char *)Realloc(s, | 164 | sp=(unsigned char *)OPENSSL_realloc(s, |
| 163 | (unsigned int)num+i*2); | 165 | (unsigned int)num+i*2); |
| 164 | if (sp == NULL) | 166 | if (sp == NULL) |
| 165 | { | 167 | { |
| 166 | ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE); | 168 | ASN1err(ASN1_F_A2I_ASN1_STRING,ERR_R_MALLOC_FAILURE); |
| 167 | if (s != NULL) Free((char *)s); | 169 | if (s != NULL) OPENSSL_free(s); |
| 168 | goto err; | 170 | goto err; |
| 169 | } | 171 | } |
| 170 | s=sp; | 172 | s=sp; |
diff --git a/src/lib/libcrypto/asn1/i2d_pr.c b/src/lib/libcrypto/asn1/i2d_pr.c index b6b821d73c..1e951ae01d 100644 --- a/src/lib/libcrypto/asn1/i2d_pr.c +++ b/src/lib/libcrypto/asn1/i2d_pr.c | |||
| @@ -58,22 +58,26 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #ifndef OPENSSL_NO_RSA | ||
| 65 | #include <openssl/rsa.h> | ||
| 66 | #endif | ||
| 67 | #ifndef OPENSSL_NO_DSA | ||
| 68 | #include <openssl/dsa.h> | ||
| 69 | #endif | ||
| 64 | 70 | ||
| 65 | int i2d_PrivateKey(a,pp) | 71 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp) |
| 66 | EVP_PKEY *a; | ||
| 67 | unsigned char **pp; | ||
| 68 | { | 72 | { |
| 69 | #ifndef NO_RSA | 73 | #ifndef OPENSSL_NO_RSA |
| 70 | if (a->type == EVP_PKEY_RSA) | 74 | if (a->type == EVP_PKEY_RSA) |
| 71 | { | 75 | { |
| 72 | return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); | 76 | return(i2d_RSAPrivateKey(a->pkey.rsa,pp)); |
| 73 | } | 77 | } |
| 74 | else | 78 | else |
| 75 | #endif | 79 | #endif |
| 76 | #ifndef NO_DSA | 80 | #ifndef OPENSSL_NO_DSA |
| 77 | if (a->type == EVP_PKEY_DSA) | 81 | if (a->type == EVP_PKEY_DSA) |
| 78 | { | 82 | { |
| 79 | return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); | 83 | return(i2d_DSAPrivateKey(a->pkey.dsa,pp)); |
diff --git a/src/lib/libcrypto/asn1/i2d_pu.c b/src/lib/libcrypto/asn1/i2d_pu.c index 1b854252b7..013d19bbf4 100644 --- a/src/lib/libcrypto/asn1/i2d_pu.c +++ b/src/lib/libcrypto/asn1/i2d_pu.c | |||
| @@ -58,21 +58,25 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #ifndef OPENSSL_NO_RSA | ||
| 65 | #include <openssl/rsa.h> | ||
| 66 | #endif | ||
| 67 | #ifndef OPENSSL_NO_DSA | ||
| 68 | #include <openssl/dsa.h> | ||
| 69 | #endif | ||
| 64 | 70 | ||
| 65 | int i2d_PublicKey(a,pp) | 71 | int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp) |
| 66 | EVP_PKEY *a; | ||
| 67 | unsigned char **pp; | ||
| 68 | { | 72 | { |
| 69 | switch (a->type) | 73 | switch (a->type) |
| 70 | { | 74 | { |
| 71 | #ifndef NO_RSA | 75 | #ifndef OPENSSL_NO_RSA |
| 72 | case EVP_PKEY_RSA: | 76 | case EVP_PKEY_RSA: |
| 73 | return(i2d_RSAPublicKey(a->pkey.rsa,pp)); | 77 | return(i2d_RSAPublicKey(a->pkey.rsa,pp)); |
| 74 | #endif | 78 | #endif |
| 75 | #ifndef NO_DSA | 79 | #ifndef OPENSSL_NO_DSA |
| 76 | case EVP_PKEY_DSA: | 80 | case EVP_PKEY_DSA: |
| 77 | return(i2d_DSAPublicKey(a->pkey.dsa,pp)); | 81 | return(i2d_DSAPublicKey(a->pkey.dsa,pp)); |
| 78 | #endif | 82 | #endif |
diff --git a/src/lib/libcrypto/asn1/n_pkey.c b/src/lib/libcrypto/asn1/n_pkey.c index 5110c91bec..49f80fffd2 100644 --- a/src/lib/libcrypto/asn1/n_pkey.c +++ b/src/lib/libcrypto/asn1/n_pkey.c | |||
| @@ -56,118 +56,134 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RSA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 63 | #include "asn1_mac.h" | 64 | #include <openssl/asn1t.h> |
| 64 | #include "evp.h" | 65 | #include <openssl/asn1_mac.h> |
| 65 | #include "x509.h" | 66 | #include <openssl/evp.h> |
| 67 | #include <openssl/x509.h> | ||
| 66 | 68 | ||
| 67 | 69 | ||
| 68 | #ifndef NO_RC4 | 70 | #ifndef OPENSSL_NO_RC4 |
| 69 | 71 | ||
| 70 | typedef struct netscape_pkey_st | 72 | typedef struct netscape_pkey_st |
| 71 | { | 73 | { |
| 72 | ASN1_INTEGER *version; | 74 | long version; |
| 73 | X509_ALGOR *algor; | 75 | X509_ALGOR *algor; |
| 74 | ASN1_OCTET_STRING *private_key; | 76 | ASN1_OCTET_STRING *private_key; |
| 75 | } NETSCAPE_PKEY; | 77 | } NETSCAPE_PKEY; |
| 76 | 78 | ||
| 77 | /* | 79 | typedef struct netscape_encrypted_pkey_st |
| 78 | * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_LENGTH_MISMATCH); | 80 | { |
| 79 | * ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); | 81 | ASN1_OCTET_STRING *os; |
| 80 | * ASN1err(ASN1_F_D2I_NETSCAPE_PKEY,ASN1_R_DECODING_ERROR); | 82 | /* This is the same structure as DigestInfo so use it: |
| 81 | * ASN1err(ASN1_F_NETSCAPE_PKEY_NEW,ASN1_R_DECODING_ERROR); | 83 | * although this isn't really anything to do with |
| 82 | */ | 84 | * digests. |
| 83 | #ifndef NOPROTO | 85 | */ |
| 84 | static int i2d_NETSCAPE_PKEY(NETSCAPE_PKEY *a, unsigned char **pp); | 86 | X509_SIG *enckey; |
| 85 | static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(NETSCAPE_PKEY **a,unsigned char **pp, long length); | 87 | } NETSCAPE_ENCRYPTED_PKEY; |
| 86 | static NETSCAPE_PKEY *NETSCAPE_PKEY_new(void); | 88 | |
| 87 | static void NETSCAPE_PKEY_free(NETSCAPE_PKEY *); | 89 | |
| 88 | #else | 90 | ASN1_BROKEN_SEQUENCE(NETSCAPE_ENCRYPTED_PKEY) = { |
| 89 | static int i2d_NETSCAPE_PKEY(); | 91 | ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, os, ASN1_OCTET_STRING), |
| 90 | static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(); | 92 | ASN1_SIMPLE(NETSCAPE_ENCRYPTED_PKEY, enckey, X509_SIG) |
| 91 | static NETSCAPE_PKEY *NETSCAPE_PKEY_new(); | 93 | } ASN1_BROKEN_SEQUENCE_END(NETSCAPE_ENCRYPTED_PKEY) |
| 92 | static void NETSCAPE_PKEY_free(); | 94 | |
| 93 | #endif | 95 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_ENCRYPTED_PKEY) |
| 96 | |||
| 97 | ASN1_SEQUENCE(NETSCAPE_PKEY) = { | ||
| 98 | ASN1_SIMPLE(NETSCAPE_PKEY, version, LONG), | ||
| 99 | ASN1_SIMPLE(NETSCAPE_PKEY, algor, X509_ALGOR), | ||
| 100 | ASN1_SIMPLE(NETSCAPE_PKEY, private_key, ASN1_OCTET_STRING) | ||
| 101 | } ASN1_SEQUENCE_END(NETSCAPE_PKEY) | ||
| 102 | |||
| 103 | IMPLEMENT_ASN1_FUNCTIONS_const(NETSCAPE_PKEY) | ||
| 104 | |||
| 105 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, | ||
| 106 | int (*cb)(), int sgckey); | ||
| 94 | 107 | ||
| 95 | int i2d_Netscape_RSA(a,pp,cb) | 108 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()) |
| 96 | RSA *a; | 109 | { |
| 97 | unsigned char **pp; | 110 | return i2d_RSA_NET(a, pp, cb, 0); |
| 98 | int (*cb)(); | 111 | } |
| 112 | |||
| 113 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey) | ||
| 99 | { | 114 | { |
| 100 | int i,j,l[6]; | 115 | int i, j, ret = 0; |
| 101 | NETSCAPE_PKEY *pkey; | 116 | int rsalen, pkeylen, olen; |
| 117 | NETSCAPE_PKEY *pkey = NULL; | ||
| 118 | NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; | ||
| 102 | unsigned char buf[256],*zz; | 119 | unsigned char buf[256],*zz; |
| 103 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 120 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 104 | EVP_CIPHER_CTX ctx; | 121 | EVP_CIPHER_CTX ctx; |
| 105 | X509_ALGOR *alg=NULL; | ||
| 106 | ASN1_OCTET_STRING os,os2; | ||
| 107 | M_ASN1_I2D_vars(a); | ||
| 108 | 122 | ||
| 109 | if (a == NULL) return(0); | 123 | if (a == NULL) return(0); |
| 110 | 124 | ||
| 111 | #ifdef WIN32 | ||
| 112 | r=r; /* shut the damn compiler up :-) */ | ||
| 113 | #endif | ||
| 114 | |||
| 115 | os.data=os2.data=NULL; | ||
| 116 | if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; | 125 | if ((pkey=NETSCAPE_PKEY_new()) == NULL) goto err; |
| 117 | if (!ASN1_INTEGER_set(pkey->version,0)) goto err; | 126 | if ((enckey=NETSCAPE_ENCRYPTED_PKEY_new()) == NULL) goto err; |
| 127 | pkey->version = 0; | ||
| 118 | 128 | ||
| 119 | if (pkey->algor->algorithm != NULL) | ||
| 120 | ASN1_OBJECT_free(pkey->algor->algorithm); | ||
| 121 | pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); | 129 | pkey->algor->algorithm=OBJ_nid2obj(NID_rsaEncryption); |
| 122 | if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; | 130 | if ((pkey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; |
| 123 | pkey->algor->parameter->type=V_ASN1_NULL; | 131 | pkey->algor->parameter->type=V_ASN1_NULL; |
| 124 | 132 | ||
| 125 | l[0]=i2d_RSAPrivateKey(a,NULL); | 133 | rsalen = i2d_RSAPrivateKey(a, NULL); |
| 126 | pkey->private_key->length=l[0]; | 134 | |
| 135 | /* Fake some octet strings just for the initial length | ||
| 136 | * calculation. | ||
| 137 | */ | ||
| 127 | 138 | ||
| 128 | os2.length=i2d_NETSCAPE_PKEY(pkey,NULL); | 139 | pkey->private_key->length=rsalen; |
| 129 | l[1]=i2d_ASN1_OCTET_STRING(&os2,NULL); | ||
| 130 | 140 | ||
| 131 | if ((alg=X509_ALGOR_new()) == NULL) goto err; | 141 | pkeylen=i2d_NETSCAPE_PKEY(pkey,NULL); |
| 132 | if (alg->algorithm != NULL) | ||
| 133 | ASN1_OBJECT_free(alg->algorithm); | ||
| 134 | alg->algorithm=OBJ_nid2obj(NID_rc4); | ||
| 135 | if ((alg->parameter=ASN1_TYPE_new()) == NULL) goto err; | ||
| 136 | alg->parameter->type=V_ASN1_NULL; | ||
| 137 | 142 | ||
| 138 | l[2]=i2d_X509_ALGOR(alg,NULL); | 143 | enckey->enckey->digest->length = pkeylen; |
| 139 | l[3]=ASN1_object_size(1,l[2]+l[1],V_ASN1_SEQUENCE); | ||
| 140 | 144 | ||
| 141 | os.data=(unsigned char *)"private-key"; | 145 | enckey->os->length = 11; /* "private-key" */ |
| 142 | os.length=11; | ||
| 143 | l[4]=i2d_ASN1_OCTET_STRING(&os,NULL); | ||
| 144 | 146 | ||
| 145 | l[5]=ASN1_object_size(1,l[4]+l[3],V_ASN1_SEQUENCE); | 147 | enckey->enckey->algor->algorithm=OBJ_nid2obj(NID_rc4); |
| 148 | if ((enckey->enckey->algor->parameter=ASN1_TYPE_new()) == NULL) goto err; | ||
| 149 | enckey->enckey->algor->parameter->type=V_ASN1_NULL; | ||
| 146 | 150 | ||
| 147 | if (pp == NULL) | 151 | if (pp == NULL) |
| 148 | { | 152 | { |
| 149 | if (pkey != NULL) NETSCAPE_PKEY_free(pkey); | 153 | olen = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, NULL); |
| 150 | if (alg != NULL) X509_ALGOR_free(alg); | 154 | NETSCAPE_PKEY_free(pkey); |
| 151 | return(l[5]); | 155 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); |
| 156 | return olen; | ||
| 152 | } | 157 | } |
| 153 | 158 | ||
| 154 | if (pkey->private_key->data != NULL) | 159 | |
| 155 | Free((char *)pkey->private_key->data); | 160 | /* Since its RC4 encrypted length is actual length */ |
| 156 | if ((pkey->private_key->data=(unsigned char *)Malloc(l[0])) == NULL) | 161 | if ((zz=(unsigned char *)OPENSSL_malloc(rsalen)) == NULL) |
| 157 | { | 162 | { |
| 158 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | 163 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); |
| 159 | goto err; | 164 | goto err; |
| 160 | } | 165 | } |
| 161 | zz=pkey->private_key->data; | 166 | |
| 167 | pkey->private_key->data = zz; | ||
| 168 | /* Write out private key encoding */ | ||
| 162 | i2d_RSAPrivateKey(a,&zz); | 169 | i2d_RSAPrivateKey(a,&zz); |
| 163 | 170 | ||
| 164 | if ((os2.data=(unsigned char *)Malloc(os2.length)) == NULL) | 171 | if ((zz=OPENSSL_malloc(pkeylen)) == NULL) |
| 165 | { | 172 | { |
| 166 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | 173 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); |
| 167 | goto err; | 174 | goto err; |
| 168 | } | 175 | } |
| 169 | zz=os2.data; | 176 | |
| 177 | if (!ASN1_STRING_set(enckey->os, "private-key", -1)) | ||
| 178 | { | ||
| 179 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ERR_R_MALLOC_FAILURE); | ||
| 180 | goto err; | ||
| 181 | } | ||
| 182 | enckey->enckey->digest->data = zz; | ||
| 170 | i2d_NETSCAPE_PKEY(pkey,&zz); | 183 | i2d_NETSCAPE_PKEY(pkey,&zz); |
| 184 | |||
| 185 | /* Wipe the private key encoding */ | ||
| 186 | memset(pkey->private_key->data, 0, rsalen); | ||
| 171 | 187 | ||
| 172 | if (cb == NULL) | 188 | if (cb == NULL) |
| 173 | cb=EVP_read_pw_string; | 189 | cb=EVP_read_pw_string; |
| @@ -177,92 +193,88 @@ int (*cb)(); | |||
| 177 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); | 193 | ASN1err(ASN1_F_I2D_NETSCAPE_RSA,ASN1_R_BAD_PASSWORD_READ); |
| 178 | goto err; | 194 | goto err; |
| 179 | } | 195 | } |
| 180 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf, | 196 | i = strlen((char *)buf); |
| 181 | strlen((char *)buf),1,key,NULL); | 197 | /* If the key is used for SGC the algorithm is modified a little. */ |
| 198 | if(sgckey) { | ||
| 199 | EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); | ||
| 200 | memcpy(buf + 16, "SGCKEYSALT", 10); | ||
| 201 | i = 26; | ||
| 202 | } | ||
| 203 | |||
| 204 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); | ||
| 182 | memset(buf,0,256); | 205 | memset(buf,0,256); |
| 183 | 206 | ||
| 207 | /* Encrypt private key in place */ | ||
| 208 | zz = enckey->enckey->digest->data; | ||
| 184 | EVP_CIPHER_CTX_init(&ctx); | 209 | EVP_CIPHER_CTX_init(&ctx); |
| 185 | EVP_EncryptInit(&ctx,EVP_rc4(),key,NULL); | 210 | EVP_EncryptInit_ex(&ctx,EVP_rc4(),NULL,key,NULL); |
| 186 | EVP_EncryptUpdate(&ctx,os2.data,&i,os2.data,os2.length); | 211 | EVP_EncryptUpdate(&ctx,zz,&i,zz,pkeylen); |
| 187 | EVP_EncryptFinal(&ctx,&(os2.data[i]),&j); | 212 | EVP_EncryptFinal_ex(&ctx,zz + i,&j); |
| 188 | EVP_CIPHER_CTX_cleanup(&ctx); | 213 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 189 | 214 | ||
| 190 | p= *pp; | 215 | ret = i2d_NETSCAPE_ENCRYPTED_PKEY(enckey, pp); |
| 191 | ASN1_put_object(&p,1,l[4]+l[3],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | ||
| 192 | i2d_ASN1_OCTET_STRING(&os,&p); | ||
| 193 | ASN1_put_object(&p,1,l[2]+l[1],V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | ||
| 194 | i2d_X509_ALGOR(alg,&p); | ||
| 195 | i2d_ASN1_OCTET_STRING(&os2,&p); | ||
| 196 | ret=l[5]; | ||
| 197 | err: | 216 | err: |
| 198 | if (os2.data != NULL) Free((char *)os2.data); | 217 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); |
| 199 | if (alg != NULL) X509_ALGOR_free(alg); | 218 | NETSCAPE_PKEY_free(pkey); |
| 200 | if (pkey != NULL) NETSCAPE_PKEY_free(pkey); | ||
| 201 | r=r; | ||
| 202 | return(ret); | 219 | return(ret); |
| 203 | } | 220 | } |
| 204 | 221 | ||
| 205 | RSA *d2i_Netscape_RSA(a,pp,length,cb) | 222 | |
| 206 | RSA **a; | 223 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()) |
| 207 | unsigned char **pp; | 224 | { |
| 208 | long length; | 225 | return d2i_RSA_NET(a, pp, length, cb, 0); |
| 209 | int (*cb)(); | 226 | } |
| 227 | |||
| 228 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey) | ||
| 210 | { | 229 | { |
| 211 | RSA *ret=NULL; | 230 | RSA *ret=NULL; |
| 212 | ASN1_OCTET_STRING *os=NULL; | 231 | const unsigned char *p, *kp; |
| 213 | ASN1_CTX c; | 232 | NETSCAPE_ENCRYPTED_PKEY *enckey = NULL; |
| 233 | |||
| 234 | p = *pp; | ||
| 214 | 235 | ||
| 215 | c.pp=pp; | 236 | enckey = d2i_NETSCAPE_ENCRYPTED_PKEY(NULL, &p, length); |
| 216 | c.error=ASN1_R_DECODING_ERROR; | 237 | if(!enckey) { |
| 238 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_DECODING_ERROR); | ||
| 239 | return NULL; | ||
| 240 | } | ||
| 217 | 241 | ||
| 218 | M_ASN1_D2I_Init(); | 242 | if ((enckey->os->length != 11) || (strncmp("private-key", |
| 219 | M_ASN1_D2I_start_sequence(); | 243 | (char *)enckey->os->data,11) != 0)) |
| 220 | M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING); | ||
| 221 | if ((os->length != 11) || (strncmp("private-key", | ||
| 222 | (char *)os->data,os->length) != 0)) | ||
| 223 | { | 244 | { |
| 224 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); | 245 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA,ASN1_R_PRIVATE_KEY_HEADER_MISSING); |
| 225 | ASN1_BIT_STRING_free(os); | 246 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); |
| 226 | goto err; | 247 | return NULL; |
| 227 | } | 248 | } |
| 228 | ASN1_BIT_STRING_free(os); | 249 | if (OBJ_obj2nid(enckey->enckey->algor->algorithm) != NID_rc4) |
| 229 | c.q=c.p; | 250 | { |
| 230 | if ((ret=d2i_Netscape_RSA_2(a,&c.p,c.slen,cb)) == NULL) goto err; | 251 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); |
| 231 | c.slen-=(c.p-c.q); | 252 | goto err; |
| 253 | } | ||
| 254 | kp = enckey->enckey->digest->data; | ||
| 255 | if (cb == NULL) | ||
| 256 | cb=EVP_read_pw_string; | ||
| 257 | if ((ret=d2i_RSA_NET_2(a, enckey->enckey->digest,cb, sgckey)) == NULL) goto err; | ||
| 258 | |||
| 259 | *pp = p; | ||
| 260 | |||
| 261 | err: | ||
| 262 | NETSCAPE_ENCRYPTED_PKEY_free(enckey); | ||
| 263 | return ret; | ||
| 232 | 264 | ||
| 233 | M_ASN1_D2I_Finish(a,RSA_free,ASN1_F_D2I_NETSCAPE_RSA); | ||
| 234 | } | 265 | } |
| 235 | 266 | ||
| 236 | RSA *d2i_Netscape_RSA_2(a,pp,length,cb) | 267 | static RSA *d2i_RSA_NET_2(RSA **a, ASN1_OCTET_STRING *os, |
| 237 | RSA **a; | 268 | int (*cb)(), int sgckey) |
| 238 | unsigned char **pp; | ||
| 239 | long length; | ||
| 240 | int (*cb)(); | ||
| 241 | { | 269 | { |
| 242 | NETSCAPE_PKEY *pkey=NULL; | 270 | NETSCAPE_PKEY *pkey=NULL; |
| 243 | RSA *ret=NULL; | 271 | RSA *ret=NULL; |
| 244 | int i,j; | 272 | int i,j; |
| 245 | unsigned char buf[256],*zz; | 273 | unsigned char buf[256]; |
| 274 | const unsigned char *zz; | ||
| 246 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 275 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 247 | EVP_CIPHER_CTX ctx; | 276 | EVP_CIPHER_CTX ctx; |
| 248 | X509_ALGOR *alg=NULL; | ||
| 249 | ASN1_OCTET_STRING *os=NULL; | ||
| 250 | ASN1_CTX c; | ||
| 251 | |||
| 252 | c.error=ASN1_R_ERROR_STACK; | ||
| 253 | c.pp=pp; | ||
| 254 | 277 | ||
| 255 | M_ASN1_D2I_Init(); | ||
| 256 | M_ASN1_D2I_start_sequence(); | ||
| 257 | M_ASN1_D2I_get(alg,d2i_X509_ALGOR); | ||
| 258 | if (OBJ_obj2nid(alg->algorithm) != NID_rc4) | ||
| 259 | { | ||
| 260 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM); | ||
| 261 | goto err; | ||
| 262 | } | ||
| 263 | M_ASN1_D2I_get(os,d2i_ASN1_OCTET_STRING); | ||
| 264 | if (cb == NULL) | ||
| 265 | cb=EVP_read_pw_string; | ||
| 266 | i=cb(buf,256,"Enter Private Key password:",0); | 278 | i=cb(buf,256,"Enter Private Key password:",0); |
| 267 | if (i != 0) | 279 | if (i != 0) |
| 268 | { | 280 | { |
| @@ -270,14 +282,20 @@ int (*cb)(); | |||
| 270 | goto err; | 282 | goto err; |
| 271 | } | 283 | } |
| 272 | 284 | ||
| 273 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf, | 285 | i = strlen((char *)buf); |
| 274 | strlen((char *)buf),1,key,NULL); | 286 | if(sgckey){ |
| 287 | EVP_Digest(buf, i, buf, NULL, EVP_md5(), NULL); | ||
| 288 | memcpy(buf + 16, "SGCKEYSALT", 10); | ||
| 289 | i = 26; | ||
| 290 | } | ||
| 291 | |||
| 292 | EVP_BytesToKey(EVP_rc4(),EVP_md5(),NULL,buf,i,1,key,NULL); | ||
| 275 | memset(buf,0,256); | 293 | memset(buf,0,256); |
| 276 | 294 | ||
| 277 | EVP_CIPHER_CTX_init(&ctx); | 295 | EVP_CIPHER_CTX_init(&ctx); |
| 278 | EVP_DecryptInit(&ctx,EVP_rc4(),key,NULL); | 296 | EVP_DecryptInit_ex(&ctx,EVP_rc4(),NULL, key,NULL); |
| 279 | EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); | 297 | EVP_DecryptUpdate(&ctx,os->data,&i,os->data,os->length); |
| 280 | EVP_DecryptFinal(&ctx,&(os->data[i]),&j); | 298 | EVP_DecryptFinal_ex(&ctx,&(os->data[i]),&j); |
| 281 | EVP_CIPHER_CTX_cleanup(&ctx); | 299 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 282 | os->length=i+j; | 300 | os->length=i+j; |
| 283 | 301 | ||
| @@ -295,71 +313,17 @@ int (*cb)(); | |||
| 295 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); | 313 | ASN1err(ASN1_F_D2I_NETSCAPE_RSA_2,ASN1_R_UNABLE_TO_DECODE_RSA_KEY); |
| 296 | goto err; | 314 | goto err; |
| 297 | } | 315 | } |
| 298 | if (!asn1_Finish(&c)) goto err; | ||
| 299 | *pp=c.p; | ||
| 300 | err: | 316 | err: |
| 301 | if (pkey != NULL) NETSCAPE_PKEY_free(pkey); | 317 | NETSCAPE_PKEY_free(pkey); |
| 302 | if (os != NULL) ASN1_BIT_STRING_free(os); | ||
| 303 | if (alg != NULL) X509_ALGOR_free(alg); | ||
| 304 | return(ret); | 318 | return(ret); |
| 305 | } | 319 | } |
| 306 | 320 | ||
| 307 | static int i2d_NETSCAPE_PKEY(a,pp) | 321 | #endif /* OPENSSL_NO_RC4 */ |
| 308 | NETSCAPE_PKEY *a; | ||
| 309 | unsigned char **pp; | ||
| 310 | { | ||
| 311 | M_ASN1_I2D_vars(a); | ||
| 312 | |||
| 313 | |||
| 314 | M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER); | ||
| 315 | M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR); | ||
| 316 | M_ASN1_I2D_len(a->private_key, i2d_ASN1_OCTET_STRING); | ||
| 317 | |||
| 318 | M_ASN1_I2D_seq_total(); | ||
| 319 | |||
| 320 | M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER); | ||
| 321 | M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR); | ||
| 322 | M_ASN1_I2D_put(a->private_key, i2d_ASN1_OCTET_STRING); | ||
| 323 | |||
| 324 | M_ASN1_I2D_finish(); | ||
| 325 | } | ||
| 326 | |||
| 327 | static NETSCAPE_PKEY *d2i_NETSCAPE_PKEY(a,pp,length) | ||
| 328 | NETSCAPE_PKEY **a; | ||
| 329 | unsigned char **pp; | ||
| 330 | long length; | ||
| 331 | { | ||
| 332 | M_ASN1_D2I_vars(a,NETSCAPE_PKEY *,NETSCAPE_PKEY_new); | ||
| 333 | |||
| 334 | M_ASN1_D2I_Init(); | ||
| 335 | M_ASN1_D2I_start_sequence(); | ||
| 336 | M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER); | ||
| 337 | M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR); | ||
| 338 | M_ASN1_D2I_get(ret->private_key,d2i_ASN1_OCTET_STRING); | ||
| 339 | M_ASN1_D2I_Finish(a,NETSCAPE_PKEY_free,ASN1_F_D2I_NETSCAPE_PKEY); | ||
| 340 | } | ||
| 341 | |||
| 342 | static NETSCAPE_PKEY *NETSCAPE_PKEY_new() | ||
| 343 | { | ||
| 344 | NETSCAPE_PKEY *ret=NULL; | ||
| 345 | |||
| 346 | M_ASN1_New_Malloc(ret,NETSCAPE_PKEY); | ||
| 347 | M_ASN1_New(ret->version,ASN1_INTEGER_new); | ||
| 348 | M_ASN1_New(ret->algor,X509_ALGOR_new); | ||
| 349 | M_ASN1_New(ret->private_key,ASN1_OCTET_STRING_new); | ||
| 350 | return(ret); | ||
| 351 | M_ASN1_New_Error(ASN1_F_NETSCAPE_PKEY_NEW); | ||
| 352 | } | ||
| 353 | 322 | ||
| 354 | static void NETSCAPE_PKEY_free(a) | 323 | #else /* !OPENSSL_NO_RSA */ |
| 355 | NETSCAPE_PKEY *a; | ||
| 356 | { | ||
| 357 | if (a == NULL) return; | ||
| 358 | ASN1_INTEGER_free(a->version); | ||
| 359 | X509_ALGOR_free(a->algor); | ||
| 360 | ASN1_OCTET_STRING_free(a->private_key); | ||
| 361 | Free((char *)a); | ||
| 362 | } | ||
| 363 | 324 | ||
| 364 | #endif /* NO_RC4 */ | 325 | # if PEDANTIC |
| 326 | static void *dummy=&dummy; | ||
| 327 | # endif | ||
| 365 | 328 | ||
| 329 | #endif | ||
diff --git a/src/lib/libcrypto/asn1/nsseq.c b/src/lib/libcrypto/asn1/nsseq.c index 417d024b81..50e2d4d07a 100644 --- a/src/lib/libcrypto/asn1/nsseq.c +++ b/src/lib/libcrypto/asn1/nsseq.c | |||
| @@ -58,61 +58,25 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <openssl/asn1_mac.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/err.h> | ||
| 63 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 64 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 65 | 64 | ||
| 66 | /* Netscape certificate sequence structure */ | 65 | static int nsseq_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 67 | |||
| 68 | int i2d_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE *a, unsigned char **pp) | ||
| 69 | { | 66 | { |
| 70 | int v = 0; | 67 | if(operation == ASN1_OP_NEW_POST) { |
| 71 | M_ASN1_I2D_vars(a); | 68 | NETSCAPE_CERT_SEQUENCE *nsseq; |
| 72 | M_ASN1_I2D_len (a->type, i2d_ASN1_OBJECT); | 69 | nsseq = (NETSCAPE_CERT_SEQUENCE *)*pval; |
| 73 | M_ASN1_I2D_len_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0, | 70 | nsseq->type = OBJ_nid2obj(NID_netscape_cert_sequence); |
| 74 | V_ASN1_SEQUENCE,v); | 71 | } |
| 75 | 72 | return 1; | |
| 76 | M_ASN1_I2D_seq_total(); | ||
| 77 | |||
| 78 | M_ASN1_I2D_put (a->type, i2d_ASN1_OBJECT); | ||
| 79 | M_ASN1_I2D_put_EXP_SEQUENCE_opt_type(X509,a->certs,i2d_X509,0, | ||
| 80 | V_ASN1_SEQUENCE,v); | ||
| 81 | |||
| 82 | M_ASN1_I2D_finish(); | ||
| 83 | } | 73 | } |
| 84 | 74 | ||
| 85 | NETSCAPE_CERT_SEQUENCE *NETSCAPE_CERT_SEQUENCE_new(void) | 75 | /* Netscape certificate sequence structure */ |
| 86 | { | ||
| 87 | NETSCAPE_CERT_SEQUENCE *ret=NULL; | ||
| 88 | ASN1_CTX c; | ||
| 89 | M_ASN1_New_Malloc(ret, NETSCAPE_CERT_SEQUENCE); | ||
| 90 | /* Note hardcoded object type */ | ||
| 91 | ret->type = OBJ_nid2obj(NID_netscape_cert_sequence); | ||
| 92 | ret->certs = NULL; | ||
| 93 | return (ret); | ||
| 94 | M_ASN1_New_Error(ASN1_F_NETSCAPE_CERT_SEQUENCE_NEW); | ||
| 95 | } | ||
| 96 | 76 | ||
| 97 | NETSCAPE_CERT_SEQUENCE *d2i_NETSCAPE_CERT_SEQUENCE(NETSCAPE_CERT_SEQUENCE **a, | 77 | ASN1_SEQUENCE_cb(NETSCAPE_CERT_SEQUENCE, nsseq_cb) = { |
| 98 | unsigned char **pp, long length) | 78 | ASN1_SIMPLE(NETSCAPE_CERT_SEQUENCE, type, ASN1_OBJECT), |
| 99 | { | 79 | ASN1_EXP_SEQUENCE_OF_OPT(NETSCAPE_CERT_SEQUENCE, certs, X509, 0) |
| 100 | M_ASN1_D2I_vars(a,NETSCAPE_CERT_SEQUENCE *, | 80 | } ASN1_SEQUENCE_END_cb(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) |
| 101 | NETSCAPE_CERT_SEQUENCE_new); | ||
| 102 | M_ASN1_D2I_Init(); | ||
| 103 | M_ASN1_D2I_start_sequence(); | ||
| 104 | M_ASN1_D2I_get (ret->type, d2i_ASN1_OBJECT); | ||
| 105 | M_ASN1_D2I_get_EXP_set_opt_type(X509,ret->certs,d2i_X509,X509_free,0, | ||
| 106 | V_ASN1_SEQUENCE); | ||
| 107 | M_ASN1_D2I_Finish(a, NETSCAPE_CERT_SEQUENCE_free, | ||
| 108 | ASN1_F_D2I_NETSCAPE_CERT_SEQUENCE); | ||
| 109 | } | ||
| 110 | 81 | ||
| 111 | void NETSCAPE_CERT_SEQUENCE_free (NETSCAPE_CERT_SEQUENCE *a) | 82 | IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) |
| 112 | { | ||
| 113 | if (a == NULL) return; | ||
| 114 | ASN1_OBJECT_free(a->type); | ||
| 115 | if(a->certs) | ||
| 116 | sk_X509_pop_free(a->certs, X509_free); | ||
| 117 | Free (a); | ||
| 118 | } | ||
diff --git a/src/lib/libcrypto/asn1/p5_pbe.c b/src/lib/libcrypto/asn1/p5_pbe.c index b831836e7b..891150638e 100644 --- a/src/lib/libcrypto/asn1/p5_pbe.c +++ b/src/lib/libcrypto/asn1/p5_pbe.c | |||
| @@ -58,53 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1_mac.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | /* PKCS#5 password based encryption structure */ | 65 | /* PKCS#5 password based encryption structure */ |
| 66 | 66 | ||
| 67 | int i2d_PBEPARAM(PBEPARAM *a, unsigned char **pp) | 67 | ASN1_SEQUENCE(PBEPARAM) = { |
| 68 | { | 68 | ASN1_SIMPLE(PBEPARAM, salt, ASN1_OCTET_STRING), |
| 69 | M_ASN1_I2D_vars(a); | 69 | ASN1_SIMPLE(PBEPARAM, iter, ASN1_INTEGER) |
| 70 | M_ASN1_I2D_len (a->salt, i2d_ASN1_OCTET_STRING); | 70 | } ASN1_SEQUENCE_END(PBEPARAM) |
| 71 | M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER); | ||
| 72 | |||
| 73 | M_ASN1_I2D_seq_total (); | ||
| 74 | 71 | ||
| 75 | M_ASN1_I2D_put (a->salt, i2d_ASN1_OCTET_STRING); | 72 | IMPLEMENT_ASN1_FUNCTIONS(PBEPARAM) |
| 76 | M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER); | ||
| 77 | M_ASN1_I2D_finish(); | ||
| 78 | } | ||
| 79 | |||
| 80 | PBEPARAM *PBEPARAM_new(void) | ||
| 81 | { | ||
| 82 | PBEPARAM *ret=NULL; | ||
| 83 | ASN1_CTX c; | ||
| 84 | M_ASN1_New_Malloc(ret, PBEPARAM); | ||
| 85 | M_ASN1_New(ret->iter,ASN1_INTEGER_new); | ||
| 86 | M_ASN1_New(ret->salt,ASN1_OCTET_STRING_new); | ||
| 87 | return (ret); | ||
| 88 | M_ASN1_New_Error(ASN1_F_PBEPARAM_NEW); | ||
| 89 | } | ||
| 90 | |||
| 91 | PBEPARAM *d2i_PBEPARAM(PBEPARAM **a, unsigned char **pp, long length) | ||
| 92 | { | ||
| 93 | M_ASN1_D2I_vars(a,PBEPARAM *,PBEPARAM_new); | ||
| 94 | M_ASN1_D2I_Init(); | ||
| 95 | M_ASN1_D2I_start_sequence(); | ||
| 96 | M_ASN1_D2I_get (ret->salt, d2i_ASN1_OCTET_STRING); | ||
| 97 | M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER); | ||
| 98 | M_ASN1_D2I_Finish(a, PBEPARAM_free, ASN1_F_D2I_PBEPARAM); | ||
| 99 | } | ||
| 100 | |||
| 101 | void PBEPARAM_free (PBEPARAM *a) | ||
| 102 | { | ||
| 103 | if(a==NULL) return; | ||
| 104 | ASN1_OCTET_STRING_free(a->salt); | ||
| 105 | ASN1_INTEGER_free (a->iter); | ||
| 106 | Free ((char *)a); | ||
| 107 | } | ||
| 108 | 73 | ||
| 109 | /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ | 74 | /* Return an algorithm identifier for a PKCS#5 PBE algorithm */ |
| 110 | 75 | ||
| @@ -123,13 +88,14 @@ X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, | |||
| 123 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | 88 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; |
| 124 | ASN1_INTEGER_set (pbe->iter, iter); | 89 | ASN1_INTEGER_set (pbe->iter, iter); |
| 125 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | 90 | if (!saltlen) saltlen = PKCS5_SALT_LEN; |
| 126 | if (!(pbe->salt->data = Malloc (saltlen))) { | 91 | if (!(pbe->salt->data = OPENSSL_malloc (saltlen))) { |
| 127 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 92 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); |
| 128 | return NULL; | 93 | return NULL; |
| 129 | } | 94 | } |
| 130 | pbe->salt->length = saltlen; | 95 | pbe->salt->length = saltlen; |
| 131 | if (salt) memcpy (pbe->salt->data, salt, saltlen); | 96 | if (salt) memcpy (pbe->salt->data, salt, saltlen); |
| 132 | else RAND_bytes (pbe->salt->data, saltlen); | 97 | else if (RAND_pseudo_bytes (pbe->salt->data, saltlen) < 0) |
| 98 | return NULL; | ||
| 133 | 99 | ||
| 134 | if (!(astype = ASN1_TYPE_new())) { | 100 | if (!(astype = ASN1_TYPE_new())) { |
| 135 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); | 101 | ASN1err(ASN1_F_ASN1_PBE_SET,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/asn1/p5_pbev2.c b/src/lib/libcrypto/asn1/p5_pbev2.c index 09f4bf6112..91e1c8987d 100644 --- a/src/lib/libcrypto/asn1/p5_pbev2.c +++ b/src/lib/libcrypto/asn1/p5_pbev2.c | |||
| @@ -58,108 +58,27 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1_mac.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | /* PKCS#5 v2.0 password based encryption structures */ | 65 | /* PKCS#5 v2.0 password based encryption structures */ |
| 66 | 66 | ||
| 67 | int i2d_PBE2PARAM(PBE2PARAM *a, unsigned char **pp) | 67 | ASN1_SEQUENCE(PBE2PARAM) = { |
| 68 | { | 68 | ASN1_SIMPLE(PBE2PARAM, keyfunc, X509_ALGOR), |
| 69 | M_ASN1_I2D_vars(a); | 69 | ASN1_SIMPLE(PBE2PARAM, encryption, X509_ALGOR) |
| 70 | M_ASN1_I2D_len (a->keyfunc, i2d_X509_ALGOR); | 70 | } ASN1_SEQUENCE_END(PBE2PARAM) |
| 71 | M_ASN1_I2D_len (a->encryption, i2d_X509_ALGOR); | ||
| 72 | |||
| 73 | M_ASN1_I2D_seq_total (); | ||
| 74 | |||
| 75 | M_ASN1_I2D_put (a->keyfunc, i2d_X509_ALGOR); | ||
| 76 | M_ASN1_I2D_put (a->encryption, i2d_X509_ALGOR); | ||
| 77 | |||
| 78 | M_ASN1_I2D_finish(); | ||
| 79 | } | ||
| 80 | |||
| 81 | PBE2PARAM *PBE2PARAM_new(void) | ||
| 82 | { | ||
| 83 | PBE2PARAM *ret=NULL; | ||
| 84 | ASN1_CTX c; | ||
| 85 | M_ASN1_New_Malloc(ret, PBE2PARAM); | ||
| 86 | M_ASN1_New(ret->keyfunc,X509_ALGOR_new); | ||
| 87 | M_ASN1_New(ret->encryption,X509_ALGOR_new); | ||
| 88 | return (ret); | ||
| 89 | M_ASN1_New_Error(ASN1_F_PBE2PARAM_NEW); | ||
| 90 | } | ||
| 91 | |||
| 92 | PBE2PARAM *d2i_PBE2PARAM(PBE2PARAM **a, unsigned char **pp, long length) | ||
| 93 | { | ||
| 94 | M_ASN1_D2I_vars(a,PBE2PARAM *,PBE2PARAM_new); | ||
| 95 | M_ASN1_D2I_Init(); | ||
| 96 | M_ASN1_D2I_start_sequence(); | ||
| 97 | M_ASN1_D2I_get (ret->keyfunc, d2i_X509_ALGOR); | ||
| 98 | M_ASN1_D2I_get (ret->encryption, d2i_X509_ALGOR); | ||
| 99 | M_ASN1_D2I_Finish(a, PBE2PARAM_free, ASN1_F_D2I_PBE2PARAM); | ||
| 100 | } | ||
| 101 | 71 | ||
| 102 | void PBE2PARAM_free (PBE2PARAM *a) | 72 | IMPLEMENT_ASN1_FUNCTIONS(PBE2PARAM) |
| 103 | { | ||
| 104 | if(a==NULL) return; | ||
| 105 | X509_ALGOR_free(a->keyfunc); | ||
| 106 | X509_ALGOR_free(a->encryption); | ||
| 107 | Free ((char *)a); | ||
| 108 | } | ||
| 109 | 73 | ||
| 110 | int i2d_PBKDF2PARAM(PBKDF2PARAM *a, unsigned char **pp) | 74 | ASN1_SEQUENCE(PBKDF2PARAM) = { |
| 111 | { | 75 | ASN1_SIMPLE(PBKDF2PARAM, salt, ASN1_ANY), |
| 112 | M_ASN1_I2D_vars(a); | 76 | ASN1_SIMPLE(PBKDF2PARAM, iter, ASN1_INTEGER), |
| 113 | M_ASN1_I2D_len (a->salt, i2d_ASN1_TYPE); | 77 | ASN1_OPT(PBKDF2PARAM, keylength, ASN1_INTEGER), |
| 114 | M_ASN1_I2D_len (a->iter, i2d_ASN1_INTEGER); | 78 | ASN1_OPT(PBKDF2PARAM, prf, X509_ALGOR) |
| 115 | M_ASN1_I2D_len (a->keylength, i2d_ASN1_INTEGER); | 79 | } ASN1_SEQUENCE_END(PBKDF2PARAM) |
| 116 | M_ASN1_I2D_len (a->prf, i2d_X509_ALGOR); | ||
| 117 | 80 | ||
| 118 | M_ASN1_I2D_seq_total (); | 81 | IMPLEMENT_ASN1_FUNCTIONS(PBKDF2PARAM) |
| 119 | |||
| 120 | M_ASN1_I2D_put (a->salt, i2d_ASN1_TYPE); | ||
| 121 | M_ASN1_I2D_put (a->iter, i2d_ASN1_INTEGER); | ||
| 122 | M_ASN1_I2D_put (a->keylength, i2d_ASN1_INTEGER); | ||
| 123 | M_ASN1_I2D_put (a->prf, i2d_X509_ALGOR); | ||
| 124 | |||
| 125 | M_ASN1_I2D_finish(); | ||
| 126 | } | ||
| 127 | |||
| 128 | PBKDF2PARAM *PBKDF2PARAM_new(void) | ||
| 129 | { | ||
| 130 | PBKDF2PARAM *ret=NULL; | ||
| 131 | ASN1_CTX c; | ||
| 132 | M_ASN1_New_Malloc(ret, PBKDF2PARAM); | ||
| 133 | M_ASN1_New(ret->salt, ASN1_TYPE_new); | ||
| 134 | M_ASN1_New(ret->iter, ASN1_INTEGER_new); | ||
| 135 | ret->keylength = NULL; | ||
| 136 | ret->prf = NULL; | ||
| 137 | return (ret); | ||
| 138 | M_ASN1_New_Error(ASN1_F_PBKDF2PARAM_NEW); | ||
| 139 | } | ||
| 140 | |||
| 141 | PBKDF2PARAM *d2i_PBKDF2PARAM(PBKDF2PARAM **a, unsigned char **pp, | ||
| 142 | long length) | ||
| 143 | { | ||
| 144 | M_ASN1_D2I_vars(a,PBKDF2PARAM *,PBKDF2PARAM_new); | ||
| 145 | M_ASN1_D2I_Init(); | ||
| 146 | M_ASN1_D2I_start_sequence(); | ||
| 147 | M_ASN1_D2I_get (ret->salt, d2i_ASN1_TYPE); | ||
| 148 | M_ASN1_D2I_get (ret->iter, d2i_ASN1_INTEGER); | ||
| 149 | M_ASN1_D2I_get_opt (ret->keylength, d2i_ASN1_INTEGER, V_ASN1_INTEGER); | ||
| 150 | M_ASN1_D2I_get_opt (ret->prf, d2i_X509_ALGOR, V_ASN1_SEQUENCE); | ||
| 151 | M_ASN1_D2I_Finish(a, PBKDF2PARAM_free, ASN1_F_D2I_PBKDF2PARAM); | ||
| 152 | } | ||
| 153 | |||
| 154 | void PBKDF2PARAM_free (PBKDF2PARAM *a) | ||
| 155 | { | ||
| 156 | if(a==NULL) return; | ||
| 157 | ASN1_TYPE_free(a->salt); | ||
| 158 | ASN1_INTEGER_free(a->iter); | ||
| 159 | ASN1_INTEGER_free(a->keylength); | ||
| 160 | X509_ALGOR_free(a->prf); | ||
| 161 | Free ((char *)a); | ||
| 162 | } | ||
| 163 | 82 | ||
| 164 | /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: | 83 | /* Return an algorithm identifier for a PKCS#5 v2.0 PBE algorithm: |
| 165 | * yes I know this is horrible! | 84 | * yes I know this is horrible! |
| @@ -175,22 +94,32 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 175 | PBKDF2PARAM *kdf = NULL; | 94 | PBKDF2PARAM *kdf = NULL; |
| 176 | PBE2PARAM *pbe2 = NULL; | 95 | PBE2PARAM *pbe2 = NULL; |
| 177 | ASN1_OCTET_STRING *osalt = NULL; | 96 | ASN1_OCTET_STRING *osalt = NULL; |
| 97 | ASN1_OBJECT *obj; | ||
| 98 | |||
| 99 | alg_nid = EVP_CIPHER_type(cipher); | ||
| 100 | if(alg_nid == NID_undef) { | ||
| 101 | ASN1err(ASN1_F_PKCS5_PBE2_SET, | ||
| 102 | ASN1_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); | ||
| 103 | goto err; | ||
| 104 | } | ||
| 105 | obj = OBJ_nid2obj(alg_nid); | ||
| 178 | 106 | ||
| 179 | if(!(pbe2 = PBE2PARAM_new())) goto merr; | 107 | if(!(pbe2 = PBE2PARAM_new())) goto merr; |
| 180 | 108 | ||
| 181 | /* Setup the AlgorithmIdentifier for the encryption scheme */ | 109 | /* Setup the AlgorithmIdentifier for the encryption scheme */ |
| 182 | scheme = pbe2->encryption; | 110 | scheme = pbe2->encryption; |
| 183 | 111 | ||
| 184 | alg_nid = EVP_CIPHER_type(cipher); | 112 | scheme->algorithm = obj; |
| 185 | |||
| 186 | scheme->algorithm = OBJ_nid2obj(alg_nid); | ||
| 187 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; | 113 | if(!(scheme->parameter = ASN1_TYPE_new())) goto merr; |
| 188 | 114 | ||
| 189 | /* Create random IV */ | 115 | /* Create random IV */ |
| 190 | RAND_bytes(iv, EVP_CIPHER_iv_length(cipher)); | 116 | if (RAND_pseudo_bytes(iv, EVP_CIPHER_iv_length(cipher)) < 0) |
| 117 | goto err; | ||
| 118 | |||
| 119 | EVP_CIPHER_CTX_init(&ctx); | ||
| 191 | 120 | ||
| 192 | /* Dummy cipherinit to just setup the IV */ | 121 | /* Dummy cipherinit to just setup the IV */ |
| 193 | EVP_CipherInit(&ctx, cipher, NULL, iv, 0); | 122 | EVP_CipherInit_ex(&ctx, cipher, NULL, NULL, iv, 0); |
| 194 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { | 123 | if(EVP_CIPHER_param_to_asn1(&ctx, scheme->parameter) < 0) { |
| 195 | ASN1err(ASN1_F_PKCS5_PBE2_SET, | 124 | ASN1err(ASN1_F_PKCS5_PBE2_SET, |
| 196 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); | 125 | ASN1_R_ERROR_SETTING_CIPHER_PARAMS); |
| @@ -199,13 +128,13 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 199 | EVP_CIPHER_CTX_cleanup(&ctx); | 128 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 200 | 129 | ||
| 201 | if(!(kdf = PBKDF2PARAM_new())) goto merr; | 130 | if(!(kdf = PBKDF2PARAM_new())) goto merr; |
| 202 | if(!(osalt = ASN1_OCTET_STRING_new())) goto merr; | 131 | if(!(osalt = M_ASN1_OCTET_STRING_new())) goto merr; |
| 203 | 132 | ||
| 204 | if (!saltlen) saltlen = PKCS5_SALT_LEN; | 133 | if (!saltlen) saltlen = PKCS5_SALT_LEN; |
| 205 | if (!(osalt->data = Malloc (saltlen))) goto merr; | 134 | if (!(osalt->data = OPENSSL_malloc (saltlen))) goto merr; |
| 206 | osalt->length = saltlen; | 135 | osalt->length = saltlen; |
| 207 | if (salt) memcpy (osalt->data, salt, saltlen); | 136 | if (salt) memcpy (osalt->data, salt, saltlen); |
| 208 | else RAND_bytes (osalt->data, saltlen); | 137 | else if (RAND_pseudo_bytes (osalt->data, saltlen) < 0) goto merr; |
| 209 | 138 | ||
| 210 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; | 139 | if(iter <= 0) iter = PKCS5_DEFAULT_ITER; |
| 211 | if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; | 140 | if(!ASN1_INTEGER_set(kdf->iter, iter)) goto merr; |
| @@ -218,7 +147,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 218 | /* If its RC2 then we'd better setup the key length */ | 147 | /* If its RC2 then we'd better setup the key length */ |
| 219 | 148 | ||
| 220 | if(alg_nid == NID_rc2_cbc) { | 149 | if(alg_nid == NID_rc2_cbc) { |
| 221 | if(!(kdf->keylength = ASN1_INTEGER_new())) goto merr; | 150 | if(!(kdf->keylength = M_ASN1_INTEGER_new())) goto merr; |
| 222 | if(!ASN1_INTEGER_set (kdf->keylength, | 151 | if(!ASN1_INTEGER_set (kdf->keylength, |
| 223 | EVP_CIPHER_key_length(cipher))) goto merr; | 152 | EVP_CIPHER_key_length(cipher))) goto merr; |
| 224 | } | 153 | } |
| @@ -264,7 +193,7 @@ X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | |||
| 264 | err: | 193 | err: |
| 265 | PBE2PARAM_free(pbe2); | 194 | PBE2PARAM_free(pbe2); |
| 266 | /* Note 'scheme' is freed as part of pbe2 */ | 195 | /* Note 'scheme' is freed as part of pbe2 */ |
| 267 | ASN1_OCTET_STRING_free(osalt); | 196 | M_ASN1_OCTET_STRING_free(osalt); |
| 268 | PBKDF2PARAM_free(kdf); | 197 | PBKDF2PARAM_free(kdf); |
| 269 | X509_ALGOR_free(kalg); | 198 | X509_ALGOR_free(kalg); |
| 270 | X509_ALGOR_free(ret); | 199 | X509_ALGOR_free(ret); |
diff --git a/src/lib/libcrypto/asn1/p8_pkey.c b/src/lib/libcrypto/asn1/p8_pkey.c index aa9a4f6c96..b634d5bc85 100644 --- a/src/lib/libcrypto/asn1/p8_pkey.c +++ b/src/lib/libcrypto/asn1/p8_pkey.c | |||
| @@ -58,72 +58,27 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1_mac.h> | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | int i2d_PKCS8_PRIV_KEY_INFO (PKCS8_PRIV_KEY_INFO *a, unsigned char **pp) | 64 | /* Minor tweak to operation: zero private key data */ |
| 65 | static int pkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | ||
| 65 | { | 66 | { |
| 66 | 67 | /* Since the structure must still be valid use ASN1_OP_FREE_PRE */ | |
| 67 | M_ASN1_I2D_vars(a); | 68 | if(operation == ASN1_OP_FREE_PRE) { |
| 68 | 69 | PKCS8_PRIV_KEY_INFO *key = (PKCS8_PRIV_KEY_INFO *)*pval; | |
| 69 | M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER); | 70 | if (key->pkey->value.octet_string) |
| 70 | M_ASN1_I2D_len (a->pkeyalg, i2d_X509_ALGOR); | 71 | memset(key->pkey->value.octet_string->data, |
| 71 | M_ASN1_I2D_len (a->pkey, i2d_ASN1_TYPE); | 72 | 0, key->pkey->value.octet_string->length); |
| 72 | M_ASN1_I2D_len_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes, | 73 | } |
| 73 | i2d_X509_ATTRIBUTE, 0); | 74 | return 1; |
| 74 | |||
| 75 | M_ASN1_I2D_seq_total (); | ||
| 76 | |||
| 77 | M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER); | ||
| 78 | M_ASN1_I2D_put (a->pkeyalg, i2d_X509_ALGOR); | ||
| 79 | M_ASN1_I2D_put (a->pkey, i2d_ASN1_TYPE); | ||
| 80 | M_ASN1_I2D_put_IMP_SET_opt_type (X509_ATTRIBUTE, a->attributes, | ||
| 81 | i2d_X509_ATTRIBUTE, 0); | ||
| 82 | |||
| 83 | M_ASN1_I2D_finish(); | ||
| 84 | } | 75 | } |
| 85 | 76 | ||
| 86 | PKCS8_PRIV_KEY_INFO *PKCS8_PRIV_KEY_INFO_new(void) | 77 | ASN1_SEQUENCE_cb(PKCS8_PRIV_KEY_INFO, pkey_cb) = { |
| 87 | { | 78 | ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, version, ASN1_INTEGER), |
| 88 | PKCS8_PRIV_KEY_INFO *ret=NULL; | 79 | ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkeyalg, X509_ALGOR), |
| 89 | ASN1_CTX c; | 80 | ASN1_SIMPLE(PKCS8_PRIV_KEY_INFO, pkey, ASN1_ANY), |
| 90 | M_ASN1_New_Malloc(ret, PKCS8_PRIV_KEY_INFO); | 81 | ASN1_IMP_SET_OF_OPT(PKCS8_PRIV_KEY_INFO, attributes, X509_ATTRIBUTE, 0) |
| 91 | M_ASN1_New (ret->version, ASN1_INTEGER_new); | 82 | } ASN1_SEQUENCE_END_cb(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) |
| 92 | M_ASN1_New (ret->pkeyalg, X509_ALGOR_new); | ||
| 93 | M_ASN1_New (ret->pkey, ASN1_TYPE_new); | ||
| 94 | ret->attributes = NULL; | ||
| 95 | ret->broken = PKCS8_OK; | ||
| 96 | return (ret); | ||
| 97 | M_ASN1_New_Error(ASN1_F_PKCS8_PRIV_KEY_INFO_NEW); | ||
| 98 | } | ||
| 99 | 83 | ||
| 100 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO(PKCS8_PRIV_KEY_INFO **a, | 84 | IMPLEMENT_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) |
| 101 | unsigned char **pp, long length) | ||
| 102 | { | ||
| 103 | M_ASN1_D2I_vars(a,PKCS8_PRIV_KEY_INFO *,PKCS8_PRIV_KEY_INFO_new); | ||
| 104 | M_ASN1_D2I_Init(); | ||
| 105 | M_ASN1_D2I_start_sequence(); | ||
| 106 | M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER); | ||
| 107 | M_ASN1_D2I_get (ret->pkeyalg, d2i_X509_ALGOR); | ||
| 108 | M_ASN1_D2I_get (ret->pkey, d2i_ASN1_TYPE); | ||
| 109 | M_ASN1_D2I_get_IMP_set_opt_type(X509_ATTRIBUTE, ret->attributes, | ||
| 110 | d2i_X509_ATTRIBUTE, | ||
| 111 | X509_ATTRIBUTE_free, 0); | ||
| 112 | if (ASN1_TYPE_get(ret->pkey) == V_ASN1_SEQUENCE) | ||
| 113 | ret->broken = PKCS8_NO_OCTET; | ||
| 114 | M_ASN1_D2I_Finish(a, PKCS8_PRIV_KEY_INFO_free, ASN1_F_D2I_PKCS8_PRIV_KEY_INFO); | ||
| 115 | } | ||
| 116 | |||
| 117 | void PKCS8_PRIV_KEY_INFO_free (PKCS8_PRIV_KEY_INFO *a) | ||
| 118 | { | ||
| 119 | if (a == NULL) return; | ||
| 120 | ASN1_INTEGER_free (a->version); | ||
| 121 | X509_ALGOR_free(a->pkeyalg); | ||
| 122 | /* Clear sensitive data */ | ||
| 123 | if (a->pkey->value.octet_string) | ||
| 124 | memset (a->pkey->value.octet_string->data, | ||
| 125 | 0, a->pkey->value.octet_string->length); | ||
| 126 | ASN1_TYPE_free (a->pkey); | ||
| 127 | sk_X509_ATTRIBUTE_pop_free (a->attributes, X509_ATTRIBUTE_free); | ||
| 128 | Free (a); | ||
| 129 | } | ||
diff --git a/src/lib/libcrypto/asn1/t_crl.c b/src/lib/libcrypto/asn1/t_crl.c index c2e447ce6f..60db305756 100644 --- a/src/lib/libcrypto/asn1/t_crl.c +++ b/src/lib/libcrypto/asn1/t_crl.c | |||
| @@ -64,8 +64,7 @@ | |||
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | 66 | ||
| 67 | static void ext_print(BIO *out, X509_EXTENSION *ex); | 67 | #ifndef OPENSSL_NO_FP_API |
| 68 | #ifndef NO_FP_API | ||
| 69 | int X509_CRL_print_fp(FILE *fp, X509_CRL *x) | 68 | int X509_CRL_print_fp(FILE *fp, X509_CRL *x) |
| 70 | { | 69 | { |
| 71 | BIO *b; | 70 | BIO *b; |
| @@ -86,11 +85,10 @@ int X509_CRL_print_fp(FILE *fp, X509_CRL *x) | |||
| 86 | int X509_CRL_print(BIO *out, X509_CRL *x) | 85 | int X509_CRL_print(BIO *out, X509_CRL *x) |
| 87 | { | 86 | { |
| 88 | char buf[256]; | 87 | char buf[256]; |
| 89 | unsigned char *s; | ||
| 90 | STACK_OF(X509_REVOKED) *rev; | 88 | STACK_OF(X509_REVOKED) *rev; |
| 91 | X509_REVOKED *r; | 89 | X509_REVOKED *r; |
| 92 | long l; | 90 | long l; |
| 93 | int i, j, n; | 91 | int i, n; |
| 94 | 92 | ||
| 95 | BIO_printf(out, "Certificate Revocation List (CRL):\n"); | 93 | BIO_printf(out, "Certificate Revocation List (CRL):\n"); |
| 96 | l = X509_CRL_get_version(x); | 94 | l = X509_CRL_get_version(x); |
| @@ -109,15 +107,12 @@ int X509_CRL_print(BIO *out, X509_CRL *x) | |||
| 109 | BIO_printf(out,"\n"); | 107 | BIO_printf(out,"\n"); |
| 110 | 108 | ||
| 111 | n=X509_CRL_get_ext_count(x); | 109 | n=X509_CRL_get_ext_count(x); |
| 112 | if (n > 0) { | 110 | X509V3_extensions_print(out, "CRL extensions", |
| 113 | BIO_printf(out,"%8sCRL extensions:\n",""); | 111 | x->crl->extensions, 0, 8); |
| 114 | for (i=0; i<n; i++) ext_print(out, X509_CRL_get_ext(x, i)); | ||
| 115 | } | ||
| 116 | |||
| 117 | 112 | ||
| 118 | rev = X509_CRL_get_REVOKED(x); | 113 | rev = X509_CRL_get_REVOKED(x); |
| 119 | 114 | ||
| 120 | if(sk_X509_REVOKED_num(rev)) | 115 | if(sk_X509_REVOKED_num(rev) > 0) |
| 121 | BIO_printf(out, "Revoked Certificates:\n"); | 116 | BIO_printf(out, "Revoked Certificates:\n"); |
| 122 | else BIO_printf(out, "No Revoked Certificates.\n"); | 117 | else BIO_printf(out, "No Revoked Certificates.\n"); |
| 123 | 118 | ||
| @@ -128,39 +123,11 @@ int X509_CRL_print(BIO *out, X509_CRL *x) | |||
| 128 | BIO_printf(out,"\n Revocation Date: ",""); | 123 | BIO_printf(out,"\n Revocation Date: ",""); |
| 129 | ASN1_TIME_print(out,r->revocationDate); | 124 | ASN1_TIME_print(out,r->revocationDate); |
| 130 | BIO_printf(out,"\n"); | 125 | BIO_printf(out,"\n"); |
| 131 | for(j = 0; j < X509_REVOKED_get_ext_count(r); j++) | 126 | X509V3_extensions_print(out, "CRL entry extensions", |
| 132 | ext_print(out, X509_REVOKED_get_ext(r, j)); | 127 | r->extensions, 0, 8); |
| 133 | } | ||
| 134 | |||
| 135 | i=OBJ_obj2nid(x->sig_alg->algorithm); | ||
| 136 | BIO_printf(out," Signature Algorithm: %s", | ||
| 137 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); | ||
| 138 | |||
| 139 | s = x->signature->data; | ||
| 140 | n = x->signature->length; | ||
| 141 | for (i=0; i<n; i++, s++) | ||
| 142 | { | ||
| 143 | if ((i%18) == 0) BIO_write(out,"\n ",9); | ||
| 144 | BIO_printf(out,"%02x%s",*s, ((i+1) == n)?"":":"); | ||
| 145 | } | 128 | } |
| 146 | BIO_write(out,"\n",1); | 129 | X509_signature_print(out, x->sig_alg, x->signature); |
| 147 | 130 | ||
| 148 | return 1; | 131 | return 1; |
| 149 | 132 | ||
| 150 | } | 133 | } |
| 151 | |||
| 152 | static void ext_print(BIO *out, X509_EXTENSION *ex) | ||
| 153 | { | ||
| 154 | ASN1_OBJECT *obj; | ||
| 155 | int j; | ||
| 156 | BIO_printf(out,"%12s",""); | ||
| 157 | obj=X509_EXTENSION_get_object(ex); | ||
| 158 | i2a_ASN1_OBJECT(out,obj); | ||
| 159 | j=X509_EXTENSION_get_critical(ex); | ||
| 160 | BIO_printf(out, ": %s\n", j ? "critical":"",""); | ||
| 161 | if(!X509V3_EXT_print(out, ex, 0, 16)) { | ||
| 162 | BIO_printf(out, "%16s", ""); | ||
| 163 | ASN1_OCTET_STRING_print(out,ex->value); | ||
| 164 | } | ||
| 165 | BIO_write(out,"\n",1); | ||
| 166 | } | ||
diff --git a/src/lib/libcrypto/asn1/t_pkey.c b/src/lib/libcrypto/asn1/t_pkey.c index bc518d59a2..8060115202 100644 --- a/src/lib/libcrypto/asn1/t_pkey.c +++ b/src/lib/libcrypto/asn1/t_pkey.c | |||
| @@ -58,35 +58,23 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "bn.h" | 62 | #include <openssl/bn.h> |
| 63 | #ifndef NO_RSA | 63 | #ifndef OPENSSL_NO_RSA |
| 64 | #include "rsa.h" | 64 | #include <openssl/rsa.h> |
| 65 | #endif | 65 | #endif |
| 66 | #ifndef NO_DH | 66 | #ifndef OPENSSL_NO_DH |
| 67 | #include "dh.h" | 67 | #include <openssl/dh.h> |
| 68 | #endif | 68 | #endif |
| 69 | #ifndef NO_DSA | 69 | #ifndef OPENSSL_NO_DSA |
| 70 | #include "dsa.h" | 70 | #include <openssl/dsa.h> |
| 71 | #endif | 71 | #endif |
| 72 | 72 | ||
| 73 | /* DHerr(DH_F_DHPARAMS_PRINT,ERR_R_MALLOC_FAILURE); | 73 | static int print(BIO *fp,const char *str,BIGNUM *num, |
| 74 | * DSAerr(DSA_F_DSAPARAMS_PRINT,ERR_R_MALLOC_FAILURE); | ||
| 75 | */ | ||
| 76 | |||
| 77 | #ifndef NOPROTO | ||
| 78 | static int print(BIO *fp,char *str,BIGNUM *num, | ||
| 79 | unsigned char *buf,int off); | 74 | unsigned char *buf,int off); |
| 80 | #else | 75 | #ifndef OPENSSL_NO_RSA |
| 81 | static int print(); | 76 | #ifndef OPENSSL_NO_FP_API |
| 82 | #endif | 77 | int RSA_print_fp(FILE *fp, const RSA *x, int off) |
| 83 | |||
| 84 | #ifndef NO_RSA | ||
| 85 | #ifndef NO_FP_API | ||
| 86 | int RSA_print_fp(fp,x,off) | ||
| 87 | FILE *fp; | ||
| 88 | RSA *x; | ||
| 89 | int off; | ||
| 90 | { | 78 | { |
| 91 | BIO *b; | 79 | BIO *b; |
| 92 | int ret; | 80 | int ret; |
| @@ -103,17 +91,15 @@ int off; | |||
| 103 | } | 91 | } |
| 104 | #endif | 92 | #endif |
| 105 | 93 | ||
| 106 | int RSA_print(bp,x,off) | 94 | int RSA_print(BIO *bp, const RSA *x, int off) |
| 107 | BIO *bp; | ||
| 108 | RSA *x; | ||
| 109 | int off; | ||
| 110 | { | 95 | { |
| 111 | char str[128],*s; | 96 | char str[128]; |
| 97 | const char *s; | ||
| 112 | unsigned char *m=NULL; | 98 | unsigned char *m=NULL; |
| 113 | int i,ret=0; | 99 | int i,ret=0; |
| 114 | 100 | ||
| 115 | i=RSA_size(x); | 101 | i=RSA_size(x); |
| 116 | m=(unsigned char *)Malloc((unsigned int)i+10); | 102 | m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); |
| 117 | if (m == NULL) | 103 | if (m == NULL) |
| 118 | { | 104 | { |
| 119 | RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); | 105 | RSAerr(RSA_F_RSA_PRINT,ERR_R_MALLOC_FAILURE); |
| @@ -147,17 +133,14 @@ int off; | |||
| 147 | if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; | 133 | if (!print(bp,"coefficient:",x->iqmp,m,off)) goto err; |
| 148 | ret=1; | 134 | ret=1; |
| 149 | err: | 135 | err: |
| 150 | if (m != NULL) Free((char *)m); | 136 | if (m != NULL) OPENSSL_free(m); |
| 151 | return(ret); | 137 | return(ret); |
| 152 | } | 138 | } |
| 153 | #endif /* NO_RSA */ | 139 | #endif /* OPENSSL_NO_RSA */ |
| 154 | 140 | ||
| 155 | #ifndef NO_DSA | 141 | #ifndef OPENSSL_NO_DSA |
| 156 | #ifndef NO_FP_API | 142 | #ifndef OPENSSL_NO_FP_API |
| 157 | int DSA_print_fp(fp,x,off) | 143 | int DSA_print_fp(FILE *fp, const DSA *x, int off) |
| 158 | FILE *fp; | ||
| 159 | DSA *x; | ||
| 160 | int off; | ||
| 161 | { | 144 | { |
| 162 | BIO *b; | 145 | BIO *b; |
| 163 | int ret; | 146 | int ret; |
| @@ -174,10 +157,7 @@ int off; | |||
| 174 | } | 157 | } |
| 175 | #endif | 158 | #endif |
| 176 | 159 | ||
| 177 | int DSA_print(bp,x,off) | 160 | int DSA_print(BIO *bp, const DSA *x, int off) |
| 178 | BIO *bp; | ||
| 179 | DSA *x; | ||
| 180 | int off; | ||
| 181 | { | 161 | { |
| 182 | char str[128]; | 162 | char str[128]; |
| 183 | unsigned char *m=NULL; | 163 | unsigned char *m=NULL; |
| @@ -196,7 +176,7 @@ int off; | |||
| 196 | i=BN_num_bytes(bn)*2; | 176 | i=BN_num_bytes(bn)*2; |
| 197 | else | 177 | else |
| 198 | i=256; | 178 | i=256; |
| 199 | m=(unsigned char *)Malloc((unsigned int)i+10); | 179 | m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); |
| 200 | if (m == NULL) | 180 | if (m == NULL) |
| 201 | { | 181 | { |
| 202 | DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); | 182 | DSAerr(DSA_F_DSA_PRINT,ERR_R_MALLOC_FAILURE); |
| @@ -224,20 +204,17 @@ int off; | |||
| 224 | if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; | 204 | if ((x->g != NULL) && !print(bp,"G: ",x->g,m,off)) goto err; |
| 225 | ret=1; | 205 | ret=1; |
| 226 | err: | 206 | err: |
| 227 | if (m != NULL) Free((char *)m); | 207 | if (m != NULL) OPENSSL_free(m); |
| 228 | return(ret); | 208 | return(ret); |
| 229 | } | 209 | } |
| 230 | #endif /* !NO_DSA */ | 210 | #endif /* !OPENSSL_NO_DSA */ |
| 231 | 211 | ||
| 232 | static int print(bp,number,num,buf,off) | 212 | static int print(BIO *bp, const char *number, BIGNUM *num, unsigned char *buf, |
| 233 | BIO *bp; | 213 | int off) |
| 234 | char *number; | ||
| 235 | BIGNUM *num; | ||
| 236 | unsigned char *buf; | ||
| 237 | int off; | ||
| 238 | { | 214 | { |
| 239 | int n,i; | 215 | int n,i; |
| 240 | char str[128],*neg; | 216 | char str[128]; |
| 217 | const char *neg; | ||
| 241 | 218 | ||
| 242 | if (num == NULL) return(1); | 219 | if (num == NULL) return(1); |
| 243 | neg=(num->neg)?"-":""; | 220 | neg=(num->neg)?"-":""; |
| @@ -282,11 +259,9 @@ int off; | |||
| 282 | return(1); | 259 | return(1); |
| 283 | } | 260 | } |
| 284 | 261 | ||
| 285 | #ifndef NO_DH | 262 | #ifndef OPENSSL_NO_DH |
| 286 | #ifndef NO_FP_API | 263 | #ifndef OPENSSL_NO_FP_API |
| 287 | int DHparams_print_fp(fp,x) | 264 | int DHparams_print_fp(FILE *fp, const DH *x) |
| 288 | FILE *fp; | ||
| 289 | DH *x; | ||
| 290 | { | 265 | { |
| 291 | BIO *b; | 266 | BIO *b; |
| 292 | int ret; | 267 | int ret; |
| @@ -303,15 +278,13 @@ DH *x; | |||
| 303 | } | 278 | } |
| 304 | #endif | 279 | #endif |
| 305 | 280 | ||
| 306 | int DHparams_print(bp,x) | 281 | int DHparams_print(BIO *bp, const DH *x) |
| 307 | BIO *bp; | ||
| 308 | DH *x; | ||
| 309 | { | 282 | { |
| 310 | unsigned char *m=NULL; | 283 | unsigned char *m=NULL; |
| 311 | int reason=ERR_R_BUF_LIB,i,ret=0; | 284 | int reason=ERR_R_BUF_LIB,i,ret=0; |
| 312 | 285 | ||
| 313 | i=BN_num_bytes(x->p); | 286 | i=BN_num_bytes(x->p); |
| 314 | m=(unsigned char *)Malloc((unsigned int)i+10); | 287 | m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); |
| 315 | if (m == NULL) | 288 | if (m == NULL) |
| 316 | { | 289 | { |
| 317 | reason=ERR_R_MALLOC_FAILURE; | 290 | reason=ERR_R_MALLOC_FAILURE; |
| @@ -325,7 +298,7 @@ DH *x; | |||
| 325 | if (!print(bp,"generator:",x->g,m,4)) goto err; | 298 | if (!print(bp,"generator:",x->g,m,4)) goto err; |
| 326 | if (x->length != 0) | 299 | if (x->length != 0) |
| 327 | { | 300 | { |
| 328 | if (BIO_printf(bp," recomented-private-length: %d bits\n", | 301 | if (BIO_printf(bp," recommended-private-length: %d bits\n", |
| 329 | (int)x->length) <= 0) goto err; | 302 | (int)x->length) <= 0) goto err; |
| 330 | } | 303 | } |
| 331 | ret=1; | 304 | ret=1; |
| @@ -334,16 +307,14 @@ DH *x; | |||
| 334 | err: | 307 | err: |
| 335 | DHerr(DH_F_DHPARAMS_PRINT,reason); | 308 | DHerr(DH_F_DHPARAMS_PRINT,reason); |
| 336 | } | 309 | } |
| 337 | if (m != NULL) Free((char *)m); | 310 | if (m != NULL) OPENSSL_free(m); |
| 338 | return(ret); | 311 | return(ret); |
| 339 | } | 312 | } |
| 340 | #endif | 313 | #endif |
| 341 | 314 | ||
| 342 | #ifndef NO_DSA | 315 | #ifndef OPENSSL_NO_DSA |
| 343 | #ifndef NO_FP_API | 316 | #ifndef OPENSSL_NO_FP_API |
| 344 | int DSAparams_print_fp(fp,x) | 317 | int DSAparams_print_fp(FILE *fp, const DSA *x) |
| 345 | FILE *fp; | ||
| 346 | DSA *x; | ||
| 347 | { | 318 | { |
| 348 | BIO *b; | 319 | BIO *b; |
| 349 | int ret; | 320 | int ret; |
| @@ -360,15 +331,13 @@ DSA *x; | |||
| 360 | } | 331 | } |
| 361 | #endif | 332 | #endif |
| 362 | 333 | ||
| 363 | int DSAparams_print(bp,x) | 334 | int DSAparams_print(BIO *bp, const DSA *x) |
| 364 | BIO *bp; | ||
| 365 | DSA *x; | ||
| 366 | { | 335 | { |
| 367 | unsigned char *m=NULL; | 336 | unsigned char *m=NULL; |
| 368 | int reason=ERR_R_BUF_LIB,i,ret=0; | 337 | int reason=ERR_R_BUF_LIB,i,ret=0; |
| 369 | 338 | ||
| 370 | i=BN_num_bytes(x->p); | 339 | i=BN_num_bytes(x->p); |
| 371 | m=(unsigned char *)Malloc((unsigned int)i+10); | 340 | m=(unsigned char *)OPENSSL_malloc((unsigned int)i+10); |
| 372 | if (m == NULL) | 341 | if (m == NULL) |
| 373 | { | 342 | { |
| 374 | reason=ERR_R_MALLOC_FAILURE; | 343 | reason=ERR_R_MALLOC_FAILURE; |
| @@ -383,10 +352,10 @@ DSA *x; | |||
| 383 | if (!print(bp,"g:",x->g,m,4)) goto err; | 352 | if (!print(bp,"g:",x->g,m,4)) goto err; |
| 384 | ret=1; | 353 | ret=1; |
| 385 | err: | 354 | err: |
| 386 | if (m != NULL) Free((char *)m); | 355 | if (m != NULL) OPENSSL_free(m); |
| 387 | DSAerr(DSA_F_DSAPARAMS_PRINT,reason); | 356 | DSAerr(DSA_F_DSAPARAMS_PRINT,reason); |
| 388 | return(ret); | 357 | return(ret); |
| 389 | } | 358 | } |
| 390 | 359 | ||
| 391 | #endif /* !NO_DSA */ | 360 | #endif /* !OPENSSL_NO_DSA */ |
| 392 | 361 | ||
diff --git a/src/lib/libcrypto/asn1/t_req.c b/src/lib/libcrypto/asn1/t_req.c index 7df749a48f..848c29a2dd 100644 --- a/src/lib/libcrypto/asn1/t_req.c +++ b/src/lib/libcrypto/asn1/t_req.c | |||
| @@ -58,15 +58,14 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "bn.h" | 62 | #include <openssl/bn.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/x509v3.h> | ||
| 65 | 66 | ||
| 66 | #ifndef NO_FP_API | 67 | #ifndef OPENSSL_NO_FP_API |
| 67 | int X509_REQ_print_fp(fp,x) | 68 | int X509_REQ_print_fp(FILE *fp, X509_REQ *x) |
| 68 | FILE *fp; | ||
| 69 | X509_REQ *x; | ||
| 70 | { | 69 | { |
| 71 | BIO *b; | 70 | BIO *b; |
| 72 | int ret; | 71 | int ret; |
| @@ -83,16 +82,15 @@ X509_REQ *x; | |||
| 83 | } | 82 | } |
| 84 | #endif | 83 | #endif |
| 85 | 84 | ||
| 86 | int X509_REQ_print(bp,x) | 85 | int X509_REQ_print(BIO *bp, X509_REQ *x) |
| 87 | BIO *bp; | ||
| 88 | X509_REQ *x; | ||
| 89 | { | 86 | { |
| 90 | unsigned long l; | 87 | unsigned long l; |
| 91 | int i,n; | 88 | int i; |
| 92 | char *s,*neg; | 89 | const char *neg; |
| 93 | X509_REQ_INFO *ri; | 90 | X509_REQ_INFO *ri; |
| 94 | EVP_PKEY *pkey; | 91 | EVP_PKEY *pkey; |
| 95 | STACK *sk; | 92 | STACK_OF(X509_ATTRIBUTE) *sk; |
| 93 | STACK_OF(X509_EXTENSION) *exts; | ||
| 96 | char str[128]; | 94 | char str[128]; |
| 97 | 95 | ||
| 98 | ri=x->req_info; | 96 | ri=x->req_info; |
| @@ -119,8 +117,8 @@ X509_REQ *x; | |||
| 119 | if (BIO_puts(bp,str) <= 0) goto err; | 117 | if (BIO_puts(bp,str) <= 0) goto err; |
| 120 | 118 | ||
| 121 | pkey=X509_REQ_get_pubkey(x); | 119 | pkey=X509_REQ_get_pubkey(x); |
| 122 | #ifndef NO_RSA | 120 | #ifndef OPENSSL_NO_RSA |
| 123 | if (pkey->type == EVP_PKEY_RSA) | 121 | if (pkey != NULL && pkey->type == EVP_PKEY_RSA) |
| 124 | { | 122 | { |
| 125 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", | 123 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", |
| 126 | BN_num_bits(pkey->pkey.rsa->n)); | 124 | BN_num_bits(pkey->pkey.rsa->n)); |
| @@ -128,8 +126,8 @@ X509_REQ *x; | |||
| 128 | } | 126 | } |
| 129 | else | 127 | else |
| 130 | #endif | 128 | #endif |
| 131 | #ifndef NO_DSA | 129 | #ifndef OPENSSL_NO_DSA |
| 132 | if (pkey->type == EVP_PKEY_DSA) | 130 | if (pkey != NULL && pkey->type == EVP_PKEY_DSA) |
| 133 | { | 131 | { |
| 134 | BIO_printf(bp,"%12sDSA Public Key:\n",""); | 132 | BIO_printf(bp,"%12sDSA Public Key:\n",""); |
| 135 | DSA_print(bp,pkey->pkey.dsa,16); | 133 | DSA_print(bp,pkey->pkey.dsa,16); |
| @@ -138,22 +136,22 @@ X509_REQ *x; | |||
| 138 | #endif | 136 | #endif |
| 139 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | 137 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); |
| 140 | 138 | ||
| 139 | if (pkey != NULL) | ||
| 140 | EVP_PKEY_free(pkey); | ||
| 141 | |||
| 141 | /* may not be */ | 142 | /* may not be */ |
| 142 | sprintf(str,"%8sAttributes:\n",""); | 143 | sprintf(str,"%8sAttributes:\n",""); |
| 143 | if (BIO_puts(bp,str) <= 0) goto err; | 144 | if (BIO_puts(bp,str) <= 0) goto err; |
| 144 | 145 | ||
| 145 | sk=x->req_info->attributes; | 146 | sk=x->req_info->attributes; |
| 146 | if ((sk == NULL) || (sk_num(sk) == 0)) | 147 | if (sk_X509_ATTRIBUTE_num(sk) == 0) |
| 147 | { | 148 | { |
| 148 | if (!x->req_info->req_kludge) | 149 | sprintf(str,"%12sa0:00\n",""); |
| 149 | { | 150 | if (BIO_puts(bp,str) <= 0) goto err; |
| 150 | sprintf(str,"%12sa0:00\n",""); | ||
| 151 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 152 | } | ||
| 153 | } | 151 | } |
| 154 | else | 152 | else |
| 155 | { | 153 | { |
| 156 | for (i=0; i<sk_num(sk); i++) | 154 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) |
| 157 | { | 155 | { |
| 158 | ASN1_TYPE *at; | 156 | ASN1_TYPE *at; |
| 159 | X509_ATTRIBUTE *a; | 157 | X509_ATTRIBUTE *a; |
| @@ -161,26 +159,29 @@ X509_REQ *x; | |||
| 161 | ASN1_TYPE *t; | 159 | ASN1_TYPE *t; |
| 162 | int j,type=0,count=1,ii=0; | 160 | int j,type=0,count=1,ii=0; |
| 163 | 161 | ||
| 164 | a=(X509_ATTRIBUTE *)sk_value(sk,i); | 162 | a=sk_X509_ATTRIBUTE_value(sk,i); |
| 163 | if(X509_REQ_extension_nid(OBJ_obj2nid(a->object))) | ||
| 164 | continue; | ||
| 165 | sprintf(str,"%12s",""); | 165 | sprintf(str,"%12s",""); |
| 166 | if (BIO_puts(bp,str) <= 0) goto err; | 166 | if (BIO_puts(bp,str) <= 0) goto err; |
| 167 | if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) | 167 | if ((j=i2a_ASN1_OBJECT(bp,a->object)) > 0) |
| 168 | 168 | { | |
| 169 | if (a->set) | 169 | if (a->single) |
| 170 | { | ||
| 171 | t=a->value.single; | ||
| 172 | type=t->type; | ||
| 173 | bs=t->value.bit_string; | ||
| 174 | } | ||
| 175 | else | ||
| 170 | { | 176 | { |
| 171 | ii=0; | 177 | ii=0; |
| 172 | count=sk_num(a->value.set); | 178 | count=sk_ASN1_TYPE_num(a->value.set); |
| 173 | get_next: | 179 | get_next: |
| 174 | at=(ASN1_TYPE *)sk_value(a->value.set,ii); | 180 | at=sk_ASN1_TYPE_value(a->value.set,ii); |
| 175 | type=at->type; | 181 | type=at->type; |
| 176 | bs=at->value.asn1_string; | 182 | bs=at->value.asn1_string; |
| 177 | } | 183 | } |
| 178 | else | 184 | } |
| 179 | { | ||
| 180 | t=a->value.single; | ||
| 181 | type=t->type; | ||
| 182 | bs=t->value.bit_string; | ||
| 183 | } | ||
| 184 | for (j=25-j; j>0; j--) | 185 | for (j=25-j; j>0; j--) |
| 185 | if (BIO_write(bp," ",1) != 1) goto err; | 186 | if (BIO_write(bp," ",1) != 1) goto err; |
| 186 | if (BIO_puts(bp,":") <= 0) goto err; | 187 | if (BIO_puts(bp,":") <= 0) goto err; |
| @@ -201,24 +202,31 @@ get_next: | |||
| 201 | } | 202 | } |
| 202 | } | 203 | } |
| 203 | 204 | ||
| 204 | i=OBJ_obj2nid(x->sig_alg->algorithm); | 205 | exts = X509_REQ_get_extensions(x); |
| 205 | sprintf(str,"%4sSignature Algorithm: %s","", | 206 | if(exts) { |
| 206 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)); | 207 | BIO_printf(bp,"%8sRequested Extensions:\n",""); |
| 207 | if (BIO_puts(bp,str) <= 0) goto err; | 208 | for (i=0; i<sk_X509_EXTENSION_num(exts); i++) { |
| 208 | 209 | ASN1_OBJECT *obj; | |
| 209 | n=x->signature->length; | 210 | X509_EXTENSION *ex; |
| 210 | s=(char *)x->signature->data; | 211 | int j; |
| 211 | for (i=0; i<n; i++) | 212 | ex=sk_X509_EXTENSION_value(exts, i); |
| 212 | { | 213 | if (BIO_printf(bp,"%12s","") <= 0) goto err; |
| 213 | if ((i%18) == 0) | 214 | obj=X509_EXTENSION_get_object(ex); |
| 214 | { | 215 | i2a_ASN1_OBJECT(bp,obj); |
| 215 | sprintf(str,"\n%8s",""); | 216 | j=X509_EXTENSION_get_critical(ex); |
| 216 | if (BIO_puts(bp,str) <= 0) goto err; | 217 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) |
| 218 | goto err; | ||
| 219 | if(!X509V3_EXT_print(bp, ex, 0, 16)) { | ||
| 220 | BIO_printf(bp, "%16s", ""); | ||
| 221 | M_ASN1_OCTET_STRING_print(bp,ex->value); | ||
| 217 | } | 222 | } |
| 218 | sprintf(str,"%02x%s",(unsigned char)s[i],((i+1) == n)?"":":"); | 223 | if (BIO_write(bp,"\n",1) <= 0) goto err; |
| 219 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 220 | } | 224 | } |
| 221 | if (BIO_puts(bp,"\n") <= 0) goto err; | 225 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); |
| 226 | } | ||
| 227 | |||
| 228 | if(!X509_signature_print(bp, x->sig_alg, x->signature)) goto err; | ||
| 229 | |||
| 222 | return(1); | 230 | return(1); |
| 223 | err: | 231 | err: |
| 224 | X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); | 232 | X509err(X509_F_X509_REQ_PRINT,ERR_R_BUF_LIB); |
diff --git a/src/lib/libcrypto/asn1/t_spki.c b/src/lib/libcrypto/asn1/t_spki.c index d708434fca..5abfbc815e 100644 --- a/src/lib/libcrypto/asn1/t_spki.c +++ b/src/lib/libcrypto/asn1/t_spki.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509.h> | 61 | #include <openssl/x509.h> |
| 62 | #include <openssl/asn1_mac.h> | 62 | #include <openssl/asn1.h> |
| 63 | 63 | ||
| 64 | /* Print out an SPKI */ | 64 | /* Print out an SPKI */ |
| 65 | 65 | ||
| @@ -76,7 +76,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) | |||
| 76 | pkey = X509_PUBKEY_get(spki->spkac->pubkey); | 76 | pkey = X509_PUBKEY_get(spki->spkac->pubkey); |
| 77 | if(!pkey) BIO_printf(out, " Unable to load public key\n"); | 77 | if(!pkey) BIO_printf(out, " Unable to load public key\n"); |
| 78 | else { | 78 | else { |
| 79 | #ifndef NO_RSA | 79 | #ifndef OPENSSL_NO_RSA |
| 80 | if (pkey->type == EVP_PKEY_RSA) | 80 | if (pkey->type == EVP_PKEY_RSA) |
| 81 | { | 81 | { |
| 82 | BIO_printf(out," RSA Public Key: (%d bit)\n", | 82 | BIO_printf(out," RSA Public Key: (%d bit)\n", |
| @@ -85,7 +85,7 @@ int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki) | |||
| 85 | } | 85 | } |
| 86 | else | 86 | else |
| 87 | #endif | 87 | #endif |
| 88 | #ifndef NO_DSA | 88 | #ifndef OPENSSL_NO_DSA |
| 89 | if (pkey->type == EVP_PKEY_DSA) | 89 | if (pkey->type == EVP_PKEY_DSA) |
| 90 | { | 90 | { |
| 91 | BIO_printf(out," DSA Public Key:\n"); | 91 | BIO_printf(out," DSA Public Key:\n"); |
diff --git a/src/lib/libcrypto/asn1/t_x509.c b/src/lib/libcrypto/asn1/t_x509.c index b10fbbb992..5de4833ed0 100644 --- a/src/lib/libcrypto/asn1/t_x509.c +++ b/src/lib/libcrypto/asn1/t_x509.c | |||
| @@ -58,21 +58,25 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "bn.h" | 62 | #include <openssl/bn.h> |
| 63 | #ifndef NO_RSA | 63 | #ifndef OPENSSL_NO_RSA |
| 64 | #include "rsa.h" | 64 | #include <openssl/rsa.h> |
| 65 | #endif | 65 | #endif |
| 66 | #ifndef NO_DSA | 66 | #ifndef OPENSSL_NO_DSA |
| 67 | #include "dsa.h" | 67 | #include <openssl/dsa.h> |
| 68 | #endif | 68 | #endif |
| 69 | #include "objects.h" | 69 | #include <openssl/objects.h> |
| 70 | #include "x509.h" | 70 | #include <openssl/x509.h> |
| 71 | #include <openssl/x509v3.h> | ||
| 71 | 72 | ||
| 72 | #ifndef NO_FP_API | 73 | #ifndef OPENSSL_NO_FP_API |
| 73 | int X509_print_fp(fp,x) | 74 | int X509_print_fp(FILE *fp, X509 *x) |
| 74 | FILE *fp; | 75 | { |
| 75 | X509 *x; | 76 | return X509_print_ex_fp(fp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); |
| 77 | } | ||
| 78 | |||
| 79 | int X509_print_ex_fp(FILE *fp, X509 *x, unsigned long nmflag, unsigned long cflag) | ||
| 76 | { | 80 | { |
| 77 | BIO *b; | 81 | BIO *b; |
| 78 | int ret; | 82 | int ret; |
| @@ -83,179 +87,238 @@ X509 *x; | |||
| 83 | return(0); | 87 | return(0); |
| 84 | } | 88 | } |
| 85 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 89 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 86 | ret=X509_print(b, x); | 90 | ret=X509_print_ex(b, x, nmflag, cflag); |
| 87 | BIO_free(b); | 91 | BIO_free(b); |
| 88 | return(ret); | 92 | return(ret); |
| 89 | } | 93 | } |
| 90 | #endif | 94 | #endif |
| 91 | 95 | ||
| 92 | int X509_print(bp,x) | 96 | int X509_print(BIO *bp, X509 *x) |
| 93 | BIO *bp; | 97 | { |
| 94 | X509 *x; | 98 | return X509_print_ex(bp, x, XN_FLAG_COMPAT, X509_FLAG_COMPAT); |
| 99 | } | ||
| 100 | |||
| 101 | int X509_print_ex(BIO *bp, X509 *x, unsigned long nmflags, unsigned long cflag) | ||
| 95 | { | 102 | { |
| 96 | long l; | 103 | long l; |
| 97 | int ret=0,i,j,n; | 104 | int ret=0,i; |
| 98 | char *m=NULL,*s; | 105 | char *m=NULL,mlch = ' '; |
| 106 | int nmindent = 0; | ||
| 99 | X509_CINF *ci; | 107 | X509_CINF *ci; |
| 100 | ASN1_INTEGER *bs; | 108 | ASN1_INTEGER *bs; |
| 101 | EVP_PKEY *pkey=NULL; | 109 | EVP_PKEY *pkey=NULL; |
| 102 | char *neg; | 110 | const char *neg; |
| 103 | X509_EXTENSION *ex; | ||
| 104 | ASN1_STRING *str=NULL; | 111 | ASN1_STRING *str=NULL; |
| 105 | 112 | ||
| 113 | if((nmflags & XN_FLAG_SEP_MASK) == XN_FLAG_SEP_MULTILINE) { | ||
| 114 | mlch = '\n'; | ||
| 115 | nmindent = 12; | ||
| 116 | } | ||
| 117 | |||
| 118 | if(nmflags == X509_FLAG_COMPAT) | ||
| 119 | nmindent = 16; | ||
| 120 | |||
| 106 | ci=x->cert_info; | 121 | ci=x->cert_info; |
| 107 | if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; | 122 | if(!(cflag & X509_FLAG_NO_HEADER)) |
| 108 | if (BIO_write(bp," Data:\n",10) <= 0) goto err; | ||
| 109 | l=X509_get_version(x); | ||
| 110 | if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; | ||
| 111 | if (BIO_write(bp," Serial Number:",22) <= 0) goto err; | ||
| 112 | |||
| 113 | bs=X509_get_serialNumber(x); | ||
| 114 | if (bs->length <= 4) | ||
| 115 | { | 123 | { |
| 116 | l=ASN1_INTEGER_get(bs); | 124 | if (BIO_write(bp,"Certificate:\n",13) <= 0) goto err; |
| 117 | if (l < 0) | 125 | if (BIO_write(bp," Data:\n",10) <= 0) goto err; |
| 118 | { | ||
| 119 | l= -l; | ||
| 120 | neg="-"; | ||
| 121 | } | ||
| 122 | else | ||
| 123 | neg=""; | ||
| 124 | if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) | ||
| 125 | goto err; | ||
| 126 | } | 126 | } |
| 127 | else | 127 | if(!(cflag & X509_FLAG_NO_VERSION)) |
| 128 | { | ||
| 129 | l=X509_get_version(x); | ||
| 130 | if (BIO_printf(bp,"%8sVersion: %lu (0x%lx)\n","",l+1,l) <= 0) goto err; | ||
| 131 | } | ||
| 132 | if(!(cflag & X509_FLAG_NO_SERIAL)) | ||
| 128 | { | 133 | { |
| 129 | neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; | ||
| 130 | if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; | ||
| 131 | 134 | ||
| 132 | for (i=0; i<bs->length; i++) | 135 | if (BIO_write(bp," Serial Number:",22) <= 0) goto err; |
| 136 | |||
| 137 | bs=X509_get_serialNumber(x); | ||
| 138 | if (bs->length <= 4) | ||
| 133 | { | 139 | { |
| 134 | if (BIO_printf(bp,"%02x%c",bs->data[i], | 140 | l=ASN1_INTEGER_get(bs); |
| 135 | ((i+1 == bs->length)?'\n':':')) <= 0) | 141 | if (l < 0) |
| 142 | { | ||
| 143 | l= -l; | ||
| 144 | neg="-"; | ||
| 145 | } | ||
| 146 | else | ||
| 147 | neg=""; | ||
| 148 | if (BIO_printf(bp," %s%lu (%s0x%lx)\n",neg,l,neg,l) <= 0) | ||
| 136 | goto err; | 149 | goto err; |
| 137 | } | 150 | } |
| 138 | } | 151 | else |
| 152 | { | ||
| 153 | neg=(bs->type == V_ASN1_NEG_INTEGER)?" (Negative)":""; | ||
| 154 | if (BIO_printf(bp,"\n%12s%s","",neg) <= 0) goto err; | ||
| 139 | 155 | ||
| 140 | i=OBJ_obj2nid(ci->signature->algorithm); | 156 | for (i=0; i<bs->length; i++) |
| 141 | if (BIO_printf(bp,"%8sSignature Algorithm: %s\n","", | 157 | { |
| 142 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) | 158 | if (BIO_printf(bp,"%02x%c",bs->data[i], |
| 143 | goto err; | 159 | ((i+1 == bs->length)?'\n':':')) <= 0) |
| 160 | goto err; | ||
| 161 | } | ||
| 162 | } | ||
| 144 | 163 | ||
| 145 | if (BIO_write(bp," Issuer: ",16) <= 0) goto err; | 164 | } |
| 146 | if (!X509_NAME_print(bp,X509_get_issuer_name(x),16)) goto err; | ||
| 147 | if (BIO_write(bp,"\n Validity\n",18) <= 0) goto err; | ||
| 148 | if (BIO_write(bp," Not Before: ",24) <= 0) goto err; | ||
| 149 | if (!ASN1_UTCTIME_print(bp,X509_get_notBefore(x))) goto err; | ||
| 150 | if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; | ||
| 151 | if (!ASN1_UTCTIME_print(bp,X509_get_notAfter(x))) goto err; | ||
| 152 | if (BIO_write(bp,"\n Subject: ",18) <= 0) goto err; | ||
| 153 | if (!X509_NAME_print(bp,X509_get_subject_name(x),16)) goto err; | ||
| 154 | if (BIO_write(bp,"\n Subject Public Key Info:\n",34) <= 0) | ||
| 155 | goto err; | ||
| 156 | i=OBJ_obj2nid(ci->key->algor->algorithm); | ||
| 157 | if (BIO_printf(bp,"%12sPublic Key Algorithm: %s\n","", | ||
| 158 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; | ||
| 159 | 165 | ||
| 160 | pkey=X509_get_pubkey(x); | 166 | if(!(cflag & X509_FLAG_NO_SIGNAME)) |
| 161 | #ifndef NO_RSA | ||
| 162 | if (pkey->type == EVP_PKEY_RSA) | ||
| 163 | { | 167 | { |
| 164 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", | 168 | if (BIO_printf(bp,"%8sSignature Algorithm: ","") <= 0) |
| 165 | BN_num_bits(pkey->pkey.rsa->n)); | 169 | goto err; |
| 166 | RSA_print(bp,pkey->pkey.rsa,16); | 170 | if (i2a_ASN1_OBJECT(bp, ci->signature->algorithm) <= 0) |
| 171 | goto err; | ||
| 172 | if (BIO_puts(bp, "\n") <= 0) | ||
| 173 | goto err; | ||
| 167 | } | 174 | } |
| 168 | else | 175 | |
| 169 | #endif | 176 | if(!(cflag & X509_FLAG_NO_ISSUER)) |
| 170 | #ifndef NO_DSA | ||
| 171 | if (pkey->type == EVP_PKEY_DSA) | ||
| 172 | { | 177 | { |
| 173 | BIO_printf(bp,"%12sDSA Public Key:\n",""); | 178 | if (BIO_printf(bp," Issuer:%c",mlch) <= 0) goto err; |
| 174 | DSA_print(bp,pkey->pkey.dsa,16); | 179 | if (X509_NAME_print_ex(bp,X509_get_issuer_name(x),nmindent, nmflags) < 0) goto err; |
| 180 | if (BIO_write(bp,"\n",1) <= 0) goto err; | ||
| 175 | } | 181 | } |
| 176 | else | 182 | if(!(cflag & X509_FLAG_NO_VALIDITY)) |
| 177 | #endif | ||
| 178 | BIO_printf(bp,"%12sDSA Public Key:\n",""); | ||
| 179 | |||
| 180 | n=X509_get_ext_count(x); | ||
| 181 | if (n > 0) | ||
| 182 | { | 183 | { |
| 183 | BIO_printf(bp,"%8sX509v3 extensions:\n",""); | 184 | if (BIO_write(bp," Validity\n",17) <= 0) goto err; |
| 184 | for (i=0; i<n; i++) | 185 | if (BIO_write(bp," Not Before: ",24) <= 0) goto err; |
| 185 | { | 186 | if (!ASN1_TIME_print(bp,X509_get_notBefore(x))) goto err; |
| 186 | int data_type,pack_type; | 187 | if (BIO_write(bp,"\n Not After : ",25) <= 0) goto err; |
| 187 | ASN1_OBJECT *obj; | 188 | if (!ASN1_TIME_print(bp,X509_get_notAfter(x))) goto err; |
| 188 | 189 | if (BIO_write(bp,"\n",1) <= 0) goto err; | |
| 189 | ex=X509_get_ext(x,i); | 190 | } |
| 190 | if (BIO_printf(bp,"%12s","") <= 0) goto err; | 191 | if(!(cflag & X509_FLAG_NO_SUBJECT)) |
| 191 | obj=X509_EXTENSION_get_object(ex); | 192 | { |
| 192 | i2a_ASN1_OBJECT(bp,obj); | 193 | if (BIO_printf(bp," Subject:%c",mlch) <= 0) goto err; |
| 193 | j=X509_EXTENSION_get_critical(ex); | 194 | if (X509_NAME_print_ex(bp,X509_get_subject_name(x),nmindent, nmflags) < 0) goto err; |
| 194 | if (BIO_printf(bp,": %s\n%16s",j?"critical":"","") <= 0) | 195 | if (BIO_write(bp,"\n",1) <= 0) goto err; |
| 195 | goto err; | 196 | } |
| 197 | if(!(cflag & X509_FLAG_NO_PUBKEY)) | ||
| 198 | { | ||
| 199 | if (BIO_write(bp," Subject Public Key Info:\n",33) <= 0) | ||
| 200 | goto err; | ||
| 201 | if (BIO_printf(bp,"%12sPublic Key Algorithm: ","") <= 0) | ||
| 202 | goto err; | ||
| 203 | if (i2a_ASN1_OBJECT(bp, ci->key->algor->algorithm) <= 0) | ||
| 204 | goto err; | ||
| 205 | if (BIO_puts(bp, "\n") <= 0) | ||
| 206 | goto err; | ||
| 196 | 207 | ||
| 197 | pack_type=X509v3_pack_type_by_OBJ(obj); | 208 | pkey=X509_get_pubkey(x); |
| 198 | data_type=X509v3_data_type_by_OBJ(obj); | 209 | if (pkey == NULL) |
| 199 | 210 | { | |
| 200 | if (pack_type == X509_EXT_PACK_STRING) | 211 | BIO_printf(bp,"%12sUnable to load Public Key\n",""); |
| 201 | { | 212 | ERR_print_errors(bp); |
| 202 | if (X509v3_unpack_string( | 213 | } |
| 203 | &str,data_type, | 214 | else |
| 204 | X509_EXTENSION_get_data(ex)) == NULL) | 215 | #ifndef OPENSSL_NO_RSA |
| 205 | { | 216 | if (pkey->type == EVP_PKEY_RSA) |
| 206 | /* hmm... */ | 217 | { |
| 207 | goto err; | 218 | BIO_printf(bp,"%12sRSA Public Key: (%d bit)\n","", |
| 208 | } | 219 | BN_num_bits(pkey->pkey.rsa->n)); |
| 209 | if ( (data_type == V_ASN1_IA5STRING) || | 220 | RSA_print(bp,pkey->pkey.rsa,16); |
| 210 | (data_type == V_ASN1_PRINTABLESTRING) || | 221 | } |
| 211 | (data_type == V_ASN1_T61STRING)) | 222 | else |
| 212 | { | 223 | #endif |
| 213 | if (BIO_write(bp,(char *)str->data, | 224 | #ifndef OPENSSL_NO_DSA |
| 214 | str->length) <= 0) | 225 | if (pkey->type == EVP_PKEY_DSA) |
| 215 | goto err; | 226 | { |
| 216 | } | 227 | BIO_printf(bp,"%12sDSA Public Key:\n",""); |
| 217 | else if (data_type == V_ASN1_BIT_STRING) | 228 | DSA_print(bp,pkey->pkey.dsa,16); |
| 218 | { | ||
| 219 | BIO_printf(bp,"0x"); | ||
| 220 | for (j=0; j<str->length; j++) | ||
| 221 | { | ||
| 222 | BIO_printf(bp,"%02X", | ||
| 223 | str->data[j]); | ||
| 224 | } | ||
| 225 | } | ||
| 226 | } | ||
| 227 | else | ||
| 228 | { | ||
| 229 | ASN1_OCTET_STRING_print(bp,ex->value); | ||
| 230 | } | ||
| 231 | if (BIO_write(bp,"\n",1) <= 0) goto err; | ||
| 232 | } | 229 | } |
| 230 | else | ||
| 231 | #endif | ||
| 232 | BIO_printf(bp,"%12sUnknown Public Key:\n",""); | ||
| 233 | |||
| 234 | EVP_PKEY_free(pkey); | ||
| 233 | } | 235 | } |
| 234 | 236 | ||
| 235 | i=OBJ_obj2nid(x->sig_alg->algorithm); | 237 | if (!(cflag & X509_FLAG_NO_EXTENSIONS)) |
| 236 | if (BIO_printf(bp,"%4sSignature Algorithm: %s","", | 238 | X509V3_extensions_print(bp, "X509v3 extensions", |
| 237 | (i == NID_undef)?"UNKNOWN":OBJ_nid2ln(i)) <= 0) goto err; | 239 | ci->extensions, cflag, 8); |
| 238 | 240 | ||
| 239 | n=x->signature->length; | 241 | if(!(cflag & X509_FLAG_NO_SIGDUMP)) |
| 240 | s=(char *)x->signature->data; | ||
| 241 | for (i=0; i<n; i++) | ||
| 242 | { | 242 | { |
| 243 | if ((i%18) == 0) | 243 | if(X509_signature_print(bp, x->sig_alg, x->signature) <= 0) goto err; |
| 244 | if (BIO_write(bp,"\n ",9) <= 0) goto err; | 244 | } |
| 245 | if (BIO_printf(bp,"%02x%s",(unsigned char)s[i], | 245 | if(!(cflag & X509_FLAG_NO_AUX)) |
| 246 | ((i+1) == n)?"":":") <= 0) goto err; | 246 | { |
| 247 | if (!X509_CERT_AUX_print(bp, x->aux, 0)) goto err; | ||
| 247 | } | 248 | } |
| 248 | if (BIO_write(bp,"\n",1) != 1) goto err; | ||
| 249 | ret=1; | 249 | ret=1; |
| 250 | err: | 250 | err: |
| 251 | if (str != NULL) ASN1_STRING_free(str); | 251 | if (str != NULL) ASN1_STRING_free(str); |
| 252 | if (m != NULL) Free((char *)m); | 252 | if (m != NULL) OPENSSL_free(m); |
| 253 | return(ret); | 253 | return(ret); |
| 254 | } | 254 | } |
| 255 | 255 | ||
| 256 | int ASN1_STRING_print(bp,v) | 256 | int X509_ocspid_print (BIO *bp, X509 *x) |
| 257 | BIO *bp; | 257 | { |
| 258 | ASN1_STRING *v; | 258 | unsigned char *der=NULL ; |
| 259 | unsigned char *dertmp; | ||
| 260 | int derlen; | ||
| 261 | int i; | ||
| 262 | unsigned char SHA1md[SHA_DIGEST_LENGTH]; | ||
| 263 | |||
| 264 | /* display the hash of the subject as it would appear | ||
| 265 | in OCSP requests */ | ||
| 266 | if (BIO_printf(bp," Subject OCSP hash: ") <= 0) | ||
| 267 | goto err; | ||
| 268 | derlen = i2d_X509_NAME(x->cert_info->subject, NULL); | ||
| 269 | if ((der = dertmp = (unsigned char *)OPENSSL_malloc (derlen)) == NULL) | ||
| 270 | goto err; | ||
| 271 | i2d_X509_NAME(x->cert_info->subject, &dertmp); | ||
| 272 | |||
| 273 | EVP_Digest(der, derlen, SHA1md, NULL, EVP_sha1(), NULL); | ||
| 274 | for (i=0; i < SHA_DIGEST_LENGTH; i++) | ||
| 275 | { | ||
| 276 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) goto err; | ||
| 277 | } | ||
| 278 | OPENSSL_free (der); | ||
| 279 | der=NULL; | ||
| 280 | |||
| 281 | /* display the hash of the public key as it would appear | ||
| 282 | in OCSP requests */ | ||
| 283 | if (BIO_printf(bp,"\n Public key OCSP hash: ") <= 0) | ||
| 284 | goto err; | ||
| 285 | |||
| 286 | EVP_Digest(x->cert_info->key->public_key->data, | ||
| 287 | x->cert_info->key->public_key->length, SHA1md, NULL, EVP_sha1(), NULL); | ||
| 288 | for (i=0; i < SHA_DIGEST_LENGTH; i++) | ||
| 289 | { | ||
| 290 | if (BIO_printf(bp,"%02X",SHA1md[i]) <= 0) | ||
| 291 | goto err; | ||
| 292 | } | ||
| 293 | BIO_printf(bp,"\n"); | ||
| 294 | |||
| 295 | return (1); | ||
| 296 | err: | ||
| 297 | if (der != NULL) OPENSSL_free(der); | ||
| 298 | return(0); | ||
| 299 | } | ||
| 300 | |||
| 301 | int X509_signature_print(BIO *bp, X509_ALGOR *sigalg, ASN1_STRING *sig) | ||
| 302 | { | ||
| 303 | unsigned char *s; | ||
| 304 | int i, n; | ||
| 305 | if (BIO_puts(bp," Signature Algorithm: ") <= 0) return 0; | ||
| 306 | if (i2a_ASN1_OBJECT(bp, sigalg->algorithm) <= 0) return 0; | ||
| 307 | |||
| 308 | n=sig->length; | ||
| 309 | s=sig->data; | ||
| 310 | for (i=0; i<n; i++) | ||
| 311 | { | ||
| 312 | if ((i%18) == 0) | ||
| 313 | if (BIO_write(bp,"\n ",9) <= 0) return 0; | ||
| 314 | if (BIO_printf(bp,"%02x%s",s[i], | ||
| 315 | ((i+1) == n)?"":":") <= 0) return 0; | ||
| 316 | } | ||
| 317 | if (BIO_write(bp,"\n",1) != 1) return 0; | ||
| 318 | return 1; | ||
| 319 | } | ||
| 320 | |||
| 321 | int ASN1_STRING_print(BIO *bp, ASN1_STRING *v) | ||
| 259 | { | 322 | { |
| 260 | int i,n; | 323 | int i,n; |
| 261 | char buf[80],*p;; | 324 | char buf[80],*p;; |
| @@ -284,15 +347,59 @@ ASN1_STRING *v; | |||
| 284 | return(1); | 347 | return(1); |
| 285 | } | 348 | } |
| 286 | 349 | ||
| 287 | int ASN1_UTCTIME_print(bp,tm) | 350 | int ASN1_TIME_print(BIO *bp, ASN1_TIME *tm) |
| 288 | BIO *bp; | 351 | { |
| 289 | ASN1_UTCTIME *tm; | 352 | if(tm->type == V_ASN1_UTCTIME) return ASN1_UTCTIME_print(bp, tm); |
| 353 | if(tm->type == V_ASN1_GENERALIZEDTIME) | ||
| 354 | return ASN1_GENERALIZEDTIME_print(bp, tm); | ||
| 355 | BIO_write(bp,"Bad time value",14); | ||
| 356 | return(0); | ||
| 357 | } | ||
| 358 | |||
| 359 | static const char *mon[12]= | ||
| 360 | { | ||
| 361 | "Jan","Feb","Mar","Apr","May","Jun", | ||
| 362 | "Jul","Aug","Sep","Oct","Nov","Dec" | ||
| 363 | }; | ||
| 364 | |||
| 365 | int ASN1_GENERALIZEDTIME_print(BIO *bp, ASN1_GENERALIZEDTIME *tm) | ||
| 366 | { | ||
| 367 | char *v; | ||
| 368 | int gmt=0; | ||
| 369 | int i; | ||
| 370 | int y=0,M=0,d=0,h=0,m=0,s=0; | ||
| 371 | |||
| 372 | i=tm->length; | ||
| 373 | v=(char *)tm->data; | ||
| 374 | |||
| 375 | if (i < 12) goto err; | ||
| 376 | if (v[i-1] == 'Z') gmt=1; | ||
| 377 | for (i=0; i<12; i++) | ||
| 378 | if ((v[i] > '9') || (v[i] < '0')) goto err; | ||
| 379 | y= (v[0]-'0')*1000+(v[1]-'0')*100 + (v[2]-'0')*10+(v[3]-'0'); | ||
| 380 | M= (v[4]-'0')*10+(v[5]-'0'); | ||
| 381 | if ((M > 12) || (M < 1)) goto err; | ||
| 382 | d= (v[6]-'0')*10+(v[7]-'0'); | ||
| 383 | h= (v[8]-'0')*10+(v[9]-'0'); | ||
| 384 | m= (v[10]-'0')*10+(v[11]-'0'); | ||
| 385 | if ( (v[12] >= '0') && (v[12] <= '9') && | ||
| 386 | (v[13] >= '0') && (v[13] <= '9')) | ||
| 387 | s= (v[12]-'0')*10+(v[13]-'0'); | ||
| 388 | |||
| 389 | if (BIO_printf(bp,"%s %2d %02d:%02d:%02d %d%s", | ||
| 390 | mon[M-1],d,h,m,s,y,(gmt)?" GMT":"") <= 0) | ||
| 391 | return(0); | ||
| 392 | else | ||
| 393 | return(1); | ||
| 394 | err: | ||
| 395 | BIO_write(bp,"Bad time value",14); | ||
| 396 | return(0); | ||
| 397 | } | ||
| 398 | |||
| 399 | int ASN1_UTCTIME_print(BIO *bp, ASN1_UTCTIME *tm) | ||
| 290 | { | 400 | { |
| 291 | char *v; | 401 | char *v; |
| 292 | int gmt=0; | 402 | int gmt=0; |
| 293 | static char *mon[12]={ | ||
| 294 | "Jan","Feb","Mar","Apr","May","Jun", | ||
| 295 | "Jul","Aug","Sep","Oct","Nov","Dec"}; | ||
| 296 | int i; | 403 | int i; |
| 297 | int y=0,M=0,d=0,h=0,m=0,s=0; | 404 | int y=0,M=0,d=0,h=0,m=0,s=0; |
| 298 | 405 | ||
| @@ -324,10 +431,7 @@ err: | |||
| 324 | return(0); | 431 | return(0); |
| 325 | } | 432 | } |
| 326 | 433 | ||
| 327 | int X509_NAME_print(bp,name,obase) | 434 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase) |
| 328 | BIO *bp; | ||
| 329 | X509_NAME *name; | ||
| 330 | int obase; | ||
| 331 | { | 435 | { |
| 332 | char *s,*c; | 436 | char *s,*c; |
| 333 | int ret=0,l,ll,i,first=1; | 437 | int ret=0,l,ll,i,first=1; |
| @@ -336,12 +440,15 @@ int obase; | |||
| 336 | ll=80-2-obase; | 440 | ll=80-2-obase; |
| 337 | 441 | ||
| 338 | s=X509_NAME_oneline(name,buf,256); | 442 | s=X509_NAME_oneline(name,buf,256); |
| 443 | if (!*s) | ||
| 444 | return 1; | ||
| 339 | s++; /* skip the first slash */ | 445 | s++; /* skip the first slash */ |
| 340 | 446 | ||
| 341 | l=ll; | 447 | l=ll; |
| 342 | c=s; | 448 | c=s; |
| 343 | for (;;) | 449 | for (;;) |
| 344 | { | 450 | { |
| 451 | #ifndef CHARSET_EBCDIC | ||
| 345 | if ( ((*s == '/') && | 452 | if ( ((*s == '/') && |
| 346 | ((s[1] >= 'A') && (s[1] <= 'Z') && ( | 453 | ((s[1] >= 'A') && (s[1] <= 'Z') && ( |
| 347 | (s[2] == '=') || | 454 | (s[2] == '=') || |
| @@ -349,6 +456,15 @@ int obase; | |||
| 349 | (s[3] == '=')) | 456 | (s[3] == '=')) |
| 350 | ))) || | 457 | ))) || |
| 351 | (*s == '\0')) | 458 | (*s == '\0')) |
| 459 | #else | ||
| 460 | if ( ((*s == '/') && | ||
| 461 | (isupper(s[1]) && ( | ||
| 462 | (s[2] == '=') || | ||
| 463 | (isupper(s[2]) && | ||
| 464 | (s[3] == '=')) | ||
| 465 | ))) || | ||
| 466 | (*s == '\0')) | ||
| 467 | #endif | ||
| 352 | { | 468 | { |
| 353 | if ((l <= 0) && !first) | 469 | if ((l <= 0) && !first) |
| 354 | { | 470 | { |
diff --git a/src/lib/libcrypto/asn1/t_x509a.c b/src/lib/libcrypto/asn1/t_x509a.c index a18ebb586c..7d4a6e6084 100644 --- a/src/lib/libcrypto/asn1/t_x509a.c +++ b/src/lib/libcrypto/asn1/t_x509a.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/asn1_mac.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | /* X509_CERT_AUX and string set routines | 65 | /* X509_CERT_AUX and string set routines |
| @@ -98,5 +98,13 @@ int X509_CERT_AUX_print(BIO *out, X509_CERT_AUX *aux, int indent) | |||
| 98 | } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); | 98 | } else BIO_printf(out, "%*sNo Rejected Uses.\n", indent, ""); |
| 99 | if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", | 99 | if(aux->alias) BIO_printf(out, "%*sAlias: %s\n", indent, "", |
| 100 | aux->alias->data); | 100 | aux->alias->data); |
| 101 | if(aux->keyid) { | ||
| 102 | BIO_printf(out, "%*sKey Id: ", indent, ""); | ||
| 103 | for(i = 0; i < aux->keyid->length; i++) | ||
| 104 | BIO_printf(out, "%s%02X", | ||
| 105 | i ? ":" : "", | ||
| 106 | aux->keyid->data[i]); | ||
| 107 | BIO_write(out,"\n",1); | ||
| 108 | } | ||
| 101 | return 1; | 109 | return 1; |
| 102 | } | 110 | } |
diff --git a/src/lib/libcrypto/asn1/x_algor.c b/src/lib/libcrypto/asn1/x_algor.c index 0ed2c87b64..00b9ea54a1 100644 --- a/src/lib/libcrypto/asn1/x_algor.c +++ b/src/lib/libcrypto/asn1/x_algor.c | |||
| @@ -1,126 +1,73 @@ | |||
| 1 | /* crypto/asn1/x_algor.c */ | 1 | /* x_algor.c */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * All rights reserved. | 3 | * project 2000. |
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | ||
| 4 | * | 7 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 10 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 11 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 16 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 17 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 18 | * distribution. |
| 32 | * must display the following acknowledgement: | 19 | * |
| 33 | * "This product includes cryptographic software written by | 20 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 21 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 22 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 24 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 26 | * endorse or promote products derived from this software without |
| 40 | * | 27 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 28 | * licensing@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 29 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 30 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 31 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 32 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 33 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 34 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 35 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 36 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 38 | * |
| 52 | * | 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 57 | */ | 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 58 | 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 59 | #include <stdio.h> | 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 60 | #include "cryptlib.h" | 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 61 | #include "asn1_mac.h" | 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 62 | 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | |
| 63 | /* | 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. |
| 64 | * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH); | 51 | * ==================================================================== |
| 65 | * ASN1err(ASN1_F_X509_ALGOR_NEW,ASN1_R_EXPECTING_A_SEQUENCE); | 52 | * |
| 66 | * ASN1err(ASN1_F_D2I_X509_ALGOR,ASN1_R_LENGTH_MISMATCH); | 53 | * This product includes cryptographic software written by Eric Young |
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 67 | */ | 57 | */ |
| 68 | 58 | ||
| 69 | int i2d_X509_ALGOR(a,pp) | 59 | #include <stddef.h> |
| 70 | X509_ALGOR *a; | 60 | #include <openssl/x509.h> |
| 71 | unsigned char **pp; | 61 | #include <openssl/asn1.h> |
| 72 | { | 62 | #include <openssl/asn1t.h> |
| 73 | M_ASN1_I2D_vars(a); | ||
| 74 | |||
| 75 | M_ASN1_I2D_len(a->algorithm,i2d_ASN1_OBJECT); | ||
| 76 | if (a->parameter != NULL) | ||
| 77 | { M_ASN1_I2D_len(a->parameter,i2d_ASN1_TYPE); } | ||
| 78 | |||
| 79 | M_ASN1_I2D_seq_total(); | ||
| 80 | M_ASN1_I2D_put(a->algorithm,i2d_ASN1_OBJECT); | ||
| 81 | if (a->parameter != NULL) | ||
| 82 | { M_ASN1_I2D_put(a->parameter,i2d_ASN1_TYPE); } | ||
| 83 | |||
| 84 | M_ASN1_I2D_finish(); | ||
| 85 | } | ||
| 86 | |||
| 87 | X509_ALGOR *d2i_X509_ALGOR(a,pp,length) | ||
| 88 | X509_ALGOR **a; | ||
| 89 | unsigned char **pp; | ||
| 90 | long length; | ||
| 91 | { | ||
| 92 | M_ASN1_D2I_vars(a,X509_ALGOR *,X509_ALGOR_new); | ||
| 93 | |||
| 94 | M_ASN1_D2I_Init(); | ||
| 95 | M_ASN1_D2I_start_sequence(); | ||
| 96 | M_ASN1_D2I_get(ret->algorithm,d2i_ASN1_OBJECT); | ||
| 97 | if (!M_ASN1_D2I_end_sequence()) | ||
| 98 | { M_ASN1_D2I_get(ret->parameter,d2i_ASN1_TYPE); } | ||
| 99 | else | ||
| 100 | { | ||
| 101 | ASN1_TYPE_free(ret->parameter); | ||
| 102 | ret->parameter=NULL; | ||
| 103 | } | ||
| 104 | M_ASN1_D2I_Finish(a,X509_ALGOR_free,ASN1_F_D2I_X509_ALGOR); | ||
| 105 | } | ||
| 106 | |||
| 107 | X509_ALGOR *X509_ALGOR_new() | ||
| 108 | { | ||
| 109 | X509_ALGOR *ret=NULL; | ||
| 110 | 63 | ||
| 111 | M_ASN1_New_Malloc(ret,X509_ALGOR); | 64 | ASN1_SEQUENCE(X509_ALGOR) = { |
| 112 | M_ASN1_New(ret->algorithm,ASN1_OBJECT_new); | 65 | ASN1_SIMPLE(X509_ALGOR, algorithm, ASN1_OBJECT), |
| 113 | ret->parameter=NULL; | 66 | ASN1_OPT(X509_ALGOR, parameter, ASN1_ANY) |
| 114 | return(ret); | 67 | } ASN1_SEQUENCE_END(X509_ALGOR) |
| 115 | M_ASN1_New_Error(ASN1_F_X509_ALGOR_NEW); | ||
| 116 | } | ||
| 117 | 68 | ||
| 118 | void X509_ALGOR_free(a) | 69 | IMPLEMENT_ASN1_FUNCTIONS(X509_ALGOR) |
| 119 | X509_ALGOR *a; | 70 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ALGOR) |
| 120 | { | ||
| 121 | if (a == NULL) return; | ||
| 122 | ASN1_OBJECT_free(a->algorithm); | ||
| 123 | ASN1_TYPE_free(a->parameter); | ||
| 124 | Free((char *)a); | ||
| 125 | } | ||
| 126 | 71 | ||
| 72 | IMPLEMENT_STACK_OF(X509_ALGOR) | ||
| 73 | IMPLEMENT_ASN1_SET_OF(X509_ALGOR) | ||
diff --git a/src/lib/libcrypto/asn1/x_attrib.c b/src/lib/libcrypto/asn1/x_attrib.c index e52ced8627..1e3713f18f 100644 --- a/src/lib/libcrypto/asn1/x_attrib.c +++ b/src/lib/libcrypto/asn1/x_attrib.c | |||
| @@ -58,95 +58,61 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "objects.h" | 61 | #include <openssl/objects.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/x509.h> | ||
| 63 | 64 | ||
| 64 | /* | 65 | /* X509_ATTRIBUTE: this has the following form: |
| 65 | * ASN1err(ASN1_F_D2I_X509_ATTRIBUTE,ASN1_R_LENGTH_MISMATCH); | 66 | * |
| 66 | * ASN1err(ASN1_F_X509_ATTRIBUTE_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE); | 67 | * typedef struct x509_attributes_st |
| 67 | * ASN1err(ASN1_F_I2D_X509_ATTRIBUTE,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE); | 68 | * { |
| 69 | * ASN1_OBJECT *object; | ||
| 70 | * int single; | ||
| 71 | * union { | ||
| 72 | * char *ptr; | ||
| 73 | * STACK_OF(ASN1_TYPE) *set; | ||
| 74 | * ASN1_TYPE *single; | ||
| 75 | * } value; | ||
| 76 | * } X509_ATTRIBUTE; | ||
| 77 | * | ||
| 78 | * this needs some extra thought because the CHOICE type is | ||
| 79 | * merged with the main structure and because the value can | ||
| 80 | * be anything at all we *must* try the SET OF first because | ||
| 81 | * the ASN1_ANY type will swallow anything including the whole | ||
| 82 | * SET OF structure. | ||
| 68 | */ | 83 | */ |
| 69 | 84 | ||
| 70 | /* sequence */ | 85 | ASN1_CHOICE(X509_ATTRIBUTE_SET) = { |
| 71 | int i2d_X509_ATTRIBUTE(a,pp) | 86 | ASN1_SET_OF(X509_ATTRIBUTE, value.set, ASN1_ANY), |
| 72 | X509_ATTRIBUTE *a; | 87 | ASN1_SIMPLE(X509_ATTRIBUTE, value.single, ASN1_ANY) |
| 73 | unsigned char **pp; | 88 | } ASN1_CHOICE_END_selector(X509_ATTRIBUTE, X509_ATTRIBUTE_SET, single) |
| 74 | { | ||
| 75 | int k=0; | ||
| 76 | int r=0,ret=0; | ||
| 77 | unsigned char **p=NULL; | ||
| 78 | |||
| 79 | if (a == NULL) return(0); | ||
| 80 | 89 | ||
| 81 | p=NULL; | 90 | ASN1_SEQUENCE(X509_ATTRIBUTE) = { |
| 82 | for (;;) | 91 | ASN1_SIMPLE(X509_ATTRIBUTE, object, ASN1_OBJECT), |
| 83 | { | 92 | /* CHOICE type merged with parent */ |
| 84 | if (k) | 93 | ASN1_EX_COMBINE(0, 0, X509_ATTRIBUTE_SET) |
| 85 | { | 94 | } ASN1_SEQUENCE_END(X509_ATTRIBUTE) |
| 86 | r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); | ||
| 87 | if (pp == NULL) return(r); | ||
| 88 | p=pp; | ||
| 89 | ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE, | ||
| 90 | V_ASN1_UNIVERSAL); | ||
| 91 | } | ||
| 92 | 95 | ||
| 93 | ret+=i2d_ASN1_OBJECT(a->object,p); | 96 | IMPLEMENT_ASN1_FUNCTIONS(X509_ATTRIBUTE) |
| 94 | if (a->set) | 97 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_ATTRIBUTE) |
| 95 | ret+=i2d_ASN1_SET(a->value.set,p,i2d_ASN1_TYPE, | ||
| 96 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
| 97 | else | ||
| 98 | ret+=i2d_ASN1_TYPE(a->value.single,p); | ||
| 99 | if (k++) return(r); | ||
| 100 | } | ||
| 101 | } | ||
| 102 | 98 | ||
| 103 | X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(a,pp,length) | 99 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value) |
| 104 | X509_ATTRIBUTE **a; | ||
| 105 | unsigned char **pp; | ||
| 106 | long length; | ||
| 107 | { | ||
| 108 | M_ASN1_D2I_vars(a,X509_ATTRIBUTE *,X509_ATTRIBUTE_new); | ||
| 109 | |||
| 110 | M_ASN1_D2I_Init(); | ||
| 111 | M_ASN1_D2I_start_sequence(); | ||
| 112 | M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT); | ||
| 113 | |||
| 114 | if ((c.slen != 0) && | ||
| 115 | (M_ASN1_next == (V_ASN1_CONSTRUCTED|V_ASN1_UNIVERSAL|V_ASN1_SET))) | ||
| 116 | { | ||
| 117 | ret->set=1; | ||
| 118 | M_ASN1_D2I_get_set(ret->value.set,d2i_ASN1_TYPE); | ||
| 119 | } | ||
| 120 | else | ||
| 121 | { | ||
| 122 | ret->set=0; | ||
| 123 | M_ASN1_D2I_get(ret->value.single,d2i_ASN1_TYPE); | ||
| 124 | } | ||
| 125 | |||
| 126 | M_ASN1_D2I_Finish(a,X509_ATTRIBUTE_free,ASN1_F_D2I_X509_ATTRIBUTE); | ||
| 127 | } | ||
| 128 | |||
| 129 | X509_ATTRIBUTE *X509_ATTRIBUTE_new() | ||
| 130 | { | 100 | { |
| 131 | X509_ATTRIBUTE *ret=NULL; | 101 | X509_ATTRIBUTE *ret=NULL; |
| 102 | ASN1_TYPE *val=NULL; | ||
| 103 | |||
| 104 | if ((ret=X509_ATTRIBUTE_new()) == NULL) | ||
| 105 | return(NULL); | ||
| 106 | ret->object=OBJ_nid2obj(nid); | ||
| 107 | ret->single=0; | ||
| 108 | if ((ret->value.set=sk_ASN1_TYPE_new_null()) == NULL) goto err; | ||
| 109 | if ((val=ASN1_TYPE_new()) == NULL) goto err; | ||
| 110 | if (!sk_ASN1_TYPE_push(ret->value.set,val)) goto err; | ||
| 132 | 111 | ||
| 133 | M_ASN1_New_Malloc(ret,X509_ATTRIBUTE); | 112 | ASN1_TYPE_set(val,atrtype,value); |
| 134 | M_ASN1_New(ret->object,ASN1_OBJECT_new); | ||
| 135 | ret->set=0; | ||
| 136 | ret->value.ptr=NULL; | ||
| 137 | return(ret); | 113 | return(ret); |
| 138 | M_ASN1_New_Error(ASN1_F_X509_ATTRIBUTE_NEW); | 114 | err: |
| 115 | if (ret != NULL) X509_ATTRIBUTE_free(ret); | ||
| 116 | if (val != NULL) ASN1_TYPE_free(val); | ||
| 117 | return(NULL); | ||
| 139 | } | 118 | } |
| 140 | |||
| 141 | void X509_ATTRIBUTE_free(a) | ||
| 142 | X509_ATTRIBUTE *a; | ||
| 143 | { | ||
| 144 | if (a == NULL) return; | ||
| 145 | ASN1_OBJECT_free(a->object); | ||
| 146 | if (a->set) | ||
| 147 | sk_pop_free(a->value.set,ASN1_TYPE_free); | ||
| 148 | else | ||
| 149 | ASN1_TYPE_free(a->value.single); | ||
| 150 | Free((char *)a); | ||
| 151 | } | ||
| 152 | |||
diff --git a/src/lib/libcrypto/asn1/x_crl.c b/src/lib/libcrypto/asn1/x_crl.c index 13acdab427..11fce96825 100644 --- a/src/lib/libcrypto/asn1/x_crl.c +++ b/src/lib/libcrypto/asn1/x_crl.c | |||
| @@ -58,296 +58,105 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1t.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | /* | 64 | static int X509_REVOKED_cmp(const X509_REVOKED * const *a, |
| 65 | * ASN1err(ASN1_F_D2I_X509_CRL,ASN1_R_LENGTH_MISMATCH); | 65 | const X509_REVOKED * const *b); |
| 66 | * ASN1err(ASN1_F_D2I_X509_CRL_INFO,ASN1_R_EXPECTING_A_SEQUENCE); | 66 | static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, |
| 67 | * ASN1err(ASN1_F_D2I_X509_REVOKED,ASN1_R_LENGTH_MISMATCH); | 67 | const X509_REVOKED * const *b); |
| 68 | * ASN1err(ASN1_F_X509_CRL_NEW,ASN1_R_LENGTH_MISMATCH); | 68 | |
| 69 | * ASN1err(ASN1_F_X509_CRL_INFO_NEW,ASN1_R_EXPECTING_A_SEQUENCE); | 69 | ASN1_SEQUENCE(X509_REVOKED) = { |
| 70 | * ASN1err(ASN1_F_X509_REVOKED_NEW,ASN1_R_LENGTH_MISMATCH); | 70 | ASN1_SIMPLE(X509_REVOKED,serialNumber, ASN1_INTEGER), |
| 71 | ASN1_SIMPLE(X509_REVOKED,revocationDate, ASN1_TIME), | ||
| 72 | ASN1_SEQUENCE_OF_OPT(X509_REVOKED,extensions, X509_EXTENSION) | ||
| 73 | } ASN1_SEQUENCE_END(X509_REVOKED) | ||
| 74 | |||
| 75 | /* The X509_CRL_INFO structure needs a bit of customisation. This is actually | ||
| 76 | * mirroring the old behaviour: its purpose is to allow the use of | ||
| 77 | * sk_X509_REVOKED_find to lookup revoked certificates. Unfortunately | ||
| 78 | * this will zap the original order and the signature so we keep a copy | ||
| 79 | * of the original positions and reorder appropriately before encoding. | ||
| 80 | * | ||
| 81 | * Might want to see if there's a better way of doing this later... | ||
| 71 | */ | 82 | */ |
| 72 | 83 | static int crl_inf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | |
| 73 | #ifndef NOPROTO | 84 | { |
| 74 | static int X509_REVOKED_cmp(X509_REVOKED **a,X509_REVOKED **b); | 85 | X509_CRL_INFO *a = (X509_CRL_INFO *)*pval; |
| 75 | static int X509_REVOKED_seq_cmp(X509_REVOKED **a,X509_REVOKED **b); | ||
| 76 | #else | ||
| 77 | static int X509_REVOKED_cmp(); | ||
| 78 | static int X509_REVOKED_seq_cmp(); | ||
| 79 | #endif | ||
| 80 | |||
| 81 | int i2d_X509_REVOKED(a,pp) | ||
| 82 | X509_REVOKED *a; | ||
| 83 | unsigned char **pp; | ||
| 84 | { | ||
| 85 | M_ASN1_I2D_vars(a); | ||
| 86 | |||
| 87 | M_ASN1_I2D_len(a->serialNumber,i2d_ASN1_INTEGER); | ||
| 88 | M_ASN1_I2D_len(a->revocationDate,i2d_ASN1_UTCTIME); | ||
| 89 | M_ASN1_I2D_len_SEQ_opt(a->extensions,i2d_X509_EXTENSION); | ||
| 90 | |||
| 91 | M_ASN1_I2D_seq_total(); | ||
| 92 | |||
| 93 | M_ASN1_I2D_put(a->serialNumber,i2d_ASN1_INTEGER); | ||
| 94 | M_ASN1_I2D_put(a->revocationDate,i2d_ASN1_UTCTIME); | ||
| 95 | M_ASN1_I2D_put_SEQ_opt(a->extensions,i2d_X509_EXTENSION); | ||
| 96 | |||
| 97 | M_ASN1_I2D_finish(); | ||
| 98 | } | ||
| 99 | |||
| 100 | X509_REVOKED *d2i_X509_REVOKED(a,pp,length) | ||
| 101 | X509_REVOKED **a; | ||
| 102 | unsigned char **pp; | ||
| 103 | long length; | ||
| 104 | { | ||
| 105 | M_ASN1_D2I_vars(a,X509_REVOKED *,X509_REVOKED_new); | ||
| 106 | |||
| 107 | M_ASN1_D2I_Init(); | ||
| 108 | M_ASN1_D2I_start_sequence(); | ||
| 109 | M_ASN1_D2I_get(ret->serialNumber,d2i_ASN1_INTEGER); | ||
| 110 | M_ASN1_D2I_get(ret->revocationDate,d2i_ASN1_UTCTIME); | ||
| 111 | M_ASN1_D2I_get_seq_opt(ret->extensions,d2i_X509_EXTENSION); | ||
| 112 | M_ASN1_D2I_Finish(a,X509_REVOKED_free,ASN1_F_D2I_X509_REVOKED); | ||
| 113 | } | ||
| 114 | |||
| 115 | int i2d_X509_CRL_INFO(a,pp) | ||
| 116 | X509_CRL_INFO *a; | ||
| 117 | unsigned char **pp; | ||
| 118 | { | ||
| 119 | int v1=0; | ||
| 120 | long l=0; | ||
| 121 | M_ASN1_I2D_vars(a); | ||
| 122 | |||
| 123 | if (sk_num(a->revoked) != 0) | ||
| 124 | qsort((char *)a->revoked->data,sk_num(a->revoked), | ||
| 125 | sizeof(X509_REVOKED *),(int (*)(P_CC_CC))X509_REVOKED_seq_cmp); | ||
| 126 | if ((a->version != NULL) && ((l=ASN1_INTEGER_get(a->version)) != 0)) | ||
| 127 | { | ||
| 128 | M_ASN1_I2D_len(a->version,i2d_ASN1_INTEGER); | ||
| 129 | } | ||
| 130 | M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR); | ||
| 131 | M_ASN1_I2D_len(a->issuer,i2d_X509_NAME); | ||
| 132 | M_ASN1_I2D_len(a->lastUpdate,i2d_ASN1_UTCTIME); | ||
| 133 | if (a->nextUpdate != NULL) | ||
| 134 | { M_ASN1_I2D_len(a->nextUpdate,i2d_ASN1_UTCTIME); } | ||
| 135 | M_ASN1_I2D_len_SEQ_opt(a->revoked,i2d_X509_REVOKED); | ||
| 136 | M_ASN1_I2D_len_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0, | ||
| 137 | V_ASN1_SEQUENCE,v1); | ||
| 138 | |||
| 139 | M_ASN1_I2D_seq_total(); | ||
| 140 | |||
| 141 | if ((a->version != NULL) && (l != 0)) | ||
| 142 | { | ||
| 143 | M_ASN1_I2D_put(a->version,i2d_ASN1_INTEGER); | ||
| 144 | } | ||
| 145 | M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR); | ||
| 146 | M_ASN1_I2D_put(a->issuer,i2d_X509_NAME); | ||
| 147 | M_ASN1_I2D_put(a->lastUpdate,i2d_ASN1_UTCTIME); | ||
| 148 | if (a->nextUpdate != NULL) | ||
| 149 | { M_ASN1_I2D_put(a->nextUpdate,i2d_ASN1_UTCTIME); } | ||
| 150 | M_ASN1_I2D_put_SEQ_opt(a->revoked,i2d_X509_REVOKED); | ||
| 151 | M_ASN1_I2D_put_EXP_set_opt(a->extensions,i2d_X509_EXTENSION,0, | ||
| 152 | V_ASN1_SEQUENCE,v1); | ||
| 153 | |||
| 154 | M_ASN1_I2D_finish(); | ||
| 155 | } | ||
| 156 | |||
| 157 | X509_CRL_INFO *d2i_X509_CRL_INFO(a,pp,length) | ||
| 158 | X509_CRL_INFO **a; | ||
| 159 | unsigned char **pp; | ||
| 160 | long length; | ||
| 161 | { | ||
| 162 | int i,ver=0; | ||
| 163 | M_ASN1_D2I_vars(a,X509_CRL_INFO *,X509_CRL_INFO_new); | ||
| 164 | |||
| 165 | |||
| 166 | M_ASN1_D2I_Init(); | ||
| 167 | M_ASN1_D2I_start_sequence(); | ||
| 168 | M_ASN1_D2I_get_opt(ret->version,d2i_ASN1_INTEGER,V_ASN1_INTEGER); | ||
| 169 | if (ret->version != NULL) | ||
| 170 | ver=ret->version->data[0]; | ||
| 171 | |||
| 172 | if ((ver == 0) && (ret->version != NULL)) | ||
| 173 | { | ||
| 174 | ASN1_INTEGER_free(ret->version); | ||
| 175 | ret->version=NULL; | ||
| 176 | } | ||
| 177 | M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); | ||
| 178 | M_ASN1_D2I_get(ret->issuer,d2i_X509_NAME); | ||
| 179 | M_ASN1_D2I_get(ret->lastUpdate,d2i_ASN1_UTCTIME); | ||
| 180 | M_ASN1_D2I_get_opt(ret->nextUpdate,d2i_ASN1_UTCTIME,V_ASN1_UTCTIME); | ||
| 181 | if (ret->revoked != NULL) | ||
| 182 | { | ||
| 183 | while (sk_num(ret->revoked)) | ||
| 184 | X509_REVOKED_free((X509_REVOKED *)sk_pop(ret->revoked)); | ||
| 185 | } | ||
| 186 | M_ASN1_D2I_get_seq_opt(ret->revoked,d2i_X509_REVOKED); | ||
| 187 | |||
| 188 | if (ret->revoked != NULL) | ||
| 189 | { | ||
| 190 | for (i=0; i<sk_num(ret->revoked); i++) | ||
| 191 | { | ||
| 192 | ((X509_REVOKED *)sk_value(ret->revoked,i))->sequence=i; | ||
| 193 | } | ||
| 194 | } | ||
| 195 | |||
| 196 | if (ver >= 1) | ||
| 197 | { | ||
| 198 | if (ret->extensions != NULL) | ||
| 199 | { | ||
| 200 | while (sk_num(ret->extensions)) | ||
| 201 | X509_EXTENSION_free((X509_EXTENSION *) | ||
| 202 | sk_pop(ret->extensions)); | ||
| 203 | } | ||
| 204 | |||
| 205 | M_ASN1_D2I_get_EXP_set_opt(ret->extensions,d2i_X509_EXTENSION, | ||
| 206 | 0,V_ASN1_SEQUENCE); | ||
| 207 | } | ||
| 208 | |||
| 209 | M_ASN1_D2I_Finish(a,X509_CRL_INFO_free,ASN1_F_D2I_X509_CRL_INFO); | ||
| 210 | } | ||
| 211 | |||
| 212 | int i2d_X509_CRL(a,pp) | ||
| 213 | X509_CRL *a; | ||
| 214 | unsigned char **pp; | ||
| 215 | { | ||
| 216 | M_ASN1_I2D_vars(a); | ||
| 217 | |||
| 218 | M_ASN1_I2D_len(a->crl,i2d_X509_CRL_INFO); | ||
| 219 | M_ASN1_I2D_len(a->sig_alg,i2d_X509_ALGOR); | ||
| 220 | M_ASN1_I2D_len(a->signature,i2d_ASN1_BIT_STRING); | ||
| 221 | |||
| 222 | M_ASN1_I2D_seq_total(); | ||
| 223 | |||
| 224 | M_ASN1_I2D_put(a->crl,i2d_X509_CRL_INFO); | ||
| 225 | M_ASN1_I2D_put(a->sig_alg,i2d_X509_ALGOR); | ||
| 226 | M_ASN1_I2D_put(a->signature,i2d_ASN1_BIT_STRING); | ||
| 227 | |||
| 228 | M_ASN1_I2D_finish(); | ||
| 229 | } | ||
| 230 | |||
| 231 | X509_CRL *d2i_X509_CRL(a,pp,length) | ||
| 232 | X509_CRL **a; | ||
| 233 | unsigned char **pp; | ||
| 234 | long length; | ||
| 235 | { | ||
| 236 | M_ASN1_D2I_vars(a,X509_CRL *,X509_CRL_new); | ||
| 237 | |||
| 238 | M_ASN1_D2I_Init(); | ||
| 239 | M_ASN1_D2I_start_sequence(); | ||
| 240 | M_ASN1_D2I_get(ret->crl,d2i_X509_CRL_INFO); | ||
| 241 | M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); | ||
| 242 | M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); | ||
| 243 | |||
| 244 | M_ASN1_D2I_Finish(a,X509_CRL_free,ASN1_F_D2I_X509_CRL); | ||
| 245 | } | ||
| 246 | |||
| 247 | |||
| 248 | X509_REVOKED *X509_REVOKED_new() | ||
| 249 | { | ||
| 250 | X509_REVOKED *ret=NULL; | ||
| 251 | |||
| 252 | M_ASN1_New_Malloc(ret,X509_REVOKED); | ||
| 253 | M_ASN1_New(ret->serialNumber,ASN1_INTEGER_new); | ||
| 254 | M_ASN1_New(ret->revocationDate,ASN1_UTCTIME_new); | ||
| 255 | ret->extensions=NULL; | ||
| 256 | return(ret); | ||
| 257 | M_ASN1_New_Error(ASN1_F_X509_REVOKED_NEW); | ||
| 258 | } | ||
| 259 | |||
| 260 | X509_CRL_INFO *X509_CRL_INFO_new() | ||
| 261 | { | ||
| 262 | X509_CRL_INFO *ret=NULL; | ||
| 263 | |||
| 264 | M_ASN1_New_Malloc(ret,X509_CRL_INFO); | ||
| 265 | ret->version=NULL; | ||
| 266 | M_ASN1_New(ret->sig_alg,X509_ALGOR_new); | ||
| 267 | M_ASN1_New(ret->issuer,X509_NAME_new); | ||
| 268 | M_ASN1_New(ret->lastUpdate,ASN1_UTCTIME_new); | ||
| 269 | ret->nextUpdate=NULL; | ||
| 270 | M_ASN1_New(ret->revoked,sk_new_null); | ||
| 271 | M_ASN1_New(ret->extensions,sk_new_null); | ||
| 272 | ret->revoked->comp=(int (*)())X509_REVOKED_cmp; | ||
| 273 | return(ret); | ||
| 274 | M_ASN1_New_Error(ASN1_F_X509_CRL_INFO_NEW); | ||
| 275 | } | ||
| 276 | |||
| 277 | X509_CRL *X509_CRL_new() | ||
| 278 | { | ||
| 279 | X509_CRL *ret=NULL; | ||
| 280 | |||
| 281 | M_ASN1_New_Malloc(ret,X509_CRL); | ||
| 282 | ret->references=1; | ||
| 283 | M_ASN1_New(ret->crl,X509_CRL_INFO_new); | ||
| 284 | M_ASN1_New(ret->sig_alg,X509_ALGOR_new); | ||
| 285 | M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); | ||
| 286 | return(ret); | ||
| 287 | M_ASN1_New_Error(ASN1_F_X509_CRL_NEW); | ||
| 288 | } | ||
| 289 | |||
| 290 | void X509_REVOKED_free(a) | ||
| 291 | X509_REVOKED *a; | ||
| 292 | { | ||
| 293 | if (a == NULL) return; | ||
| 294 | ASN1_INTEGER_free(a->serialNumber); | ||
| 295 | ASN1_UTCTIME_free(a->revocationDate); | ||
| 296 | sk_pop_free(a->extensions,X509_EXTENSION_free); | ||
| 297 | Free((char *)a); | ||
| 298 | } | ||
| 299 | |||
| 300 | void X509_CRL_INFO_free(a) | ||
| 301 | X509_CRL_INFO *a; | ||
| 302 | { | ||
| 303 | if (a == NULL) return; | ||
| 304 | ASN1_INTEGER_free(a->version); | ||
| 305 | X509_ALGOR_free(a->sig_alg); | ||
| 306 | X509_NAME_free(a->issuer); | ||
| 307 | ASN1_UTCTIME_free(a->lastUpdate); | ||
| 308 | if (a->nextUpdate) | ||
| 309 | ASN1_UTCTIME_free(a->nextUpdate); | ||
| 310 | sk_pop_free(a->revoked,X509_REVOKED_free); | ||
| 311 | sk_pop_free(a->extensions,X509_EXTENSION_free); | ||
| 312 | Free((char *)a); | ||
| 313 | } | ||
| 314 | |||
| 315 | void X509_CRL_free(a) | ||
| 316 | X509_CRL *a; | ||
| 317 | { | ||
| 318 | int i; | 86 | int i; |
| 319 | 87 | int (*old_cmp)(const X509_REVOKED * const *, | |
| 320 | if (a == NULL) return; | 88 | const X509_REVOKED * const *); |
| 321 | 89 | ||
| 322 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_CRL); | 90 | if(!a || !a->revoked) return 1; |
| 323 | #ifdef REF_PRINT | 91 | switch(operation) { |
| 324 | REF_PRINT("X509_CRL",a); | 92 | |
| 325 | #endif | 93 | /* Save original order */ |
| 326 | if (i > 0) return; | 94 | case ASN1_OP_D2I_POST: |
| 327 | #ifdef REF_CHECK | 95 | for (i=0; i<sk_X509_REVOKED_num(a->revoked); i++) |
| 328 | if (i < 0) | 96 | sk_X509_REVOKED_value(a->revoked,i)->sequence=i; |
| 329 | { | 97 | sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_cmp); |
| 330 | fprintf(stderr,"X509_CRL_free, bad reference count\n"); | 98 | break; |
| 331 | abort(); | 99 | |
| 332 | } | 100 | /* Restore original order */ |
| 333 | #endif | 101 | case ASN1_OP_I2D_PRE: |
| 334 | 102 | old_cmp=sk_X509_REVOKED_set_cmp_func(a->revoked,X509_REVOKED_seq_cmp); | |
| 335 | X509_CRL_INFO_free(a->crl); | 103 | sk_X509_REVOKED_sort(a->revoked); |
| 336 | X509_ALGOR_free(a->sig_alg); | 104 | sk_X509_REVOKED_set_cmp_func(a->revoked,old_cmp); |
| 337 | ASN1_BIT_STRING_free(a->signature); | 105 | break; |
| 338 | Free((char *)a); | ||
| 339 | } | 106 | } |
| 340 | 107 | return 1; | |
| 341 | static int X509_REVOKED_cmp(a,b) | 108 | } |
| 342 | X509_REVOKED **a,**b; | 109 | |
| 110 | |||
| 111 | ASN1_SEQUENCE_cb(X509_CRL_INFO, crl_inf_cb) = { | ||
| 112 | ASN1_OPT(X509_CRL_INFO, version, ASN1_INTEGER), | ||
| 113 | ASN1_SIMPLE(X509_CRL_INFO, sig_alg, X509_ALGOR), | ||
| 114 | ASN1_SIMPLE(X509_CRL_INFO, issuer, X509_NAME), | ||
| 115 | ASN1_SIMPLE(X509_CRL_INFO, lastUpdate, ASN1_TIME), | ||
| 116 | ASN1_OPT(X509_CRL_INFO, nextUpdate, ASN1_TIME), | ||
| 117 | ASN1_SEQUENCE_OF_OPT(X509_CRL_INFO, revoked, X509_REVOKED), | ||
| 118 | ASN1_EXP_SEQUENCE_OF_OPT(X509_CRL_INFO, extensions, X509_EXTENSION, 0) | ||
| 119 | } ASN1_SEQUENCE_END_cb(X509_CRL_INFO, X509_CRL_INFO) | ||
| 120 | |||
| 121 | ASN1_SEQUENCE_ref(X509_CRL, 0, CRYPTO_LOCK_X509_CRL) = { | ||
| 122 | ASN1_SIMPLE(X509_CRL, crl, X509_CRL_INFO), | ||
| 123 | ASN1_SIMPLE(X509_CRL, sig_alg, X509_ALGOR), | ||
| 124 | ASN1_SIMPLE(X509_CRL, signature, ASN1_BIT_STRING) | ||
| 125 | } ASN1_SEQUENCE_END_ref(X509_CRL, X509_CRL) | ||
| 126 | |||
| 127 | IMPLEMENT_ASN1_FUNCTIONS(X509_REVOKED) | ||
| 128 | IMPLEMENT_ASN1_FUNCTIONS(X509_CRL_INFO) | ||
| 129 | IMPLEMENT_ASN1_FUNCTIONS(X509_CRL) | ||
| 130 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_CRL) | ||
| 131 | |||
| 132 | static int X509_REVOKED_cmp(const X509_REVOKED * const *a, | ||
| 133 | const X509_REVOKED * const *b) | ||
| 343 | { | 134 | { |
| 344 | return(ASN1_STRING_cmp( | 135 | return(ASN1_STRING_cmp( |
| 345 | (ASN1_STRING *)(*a)->serialNumber, | 136 | (ASN1_STRING *)(*a)->serialNumber, |
| 346 | (ASN1_STRING *)(*b)->serialNumber)); | 137 | (ASN1_STRING *)(*b)->serialNumber)); |
| 347 | } | 138 | } |
| 348 | 139 | ||
| 349 | static int X509_REVOKED_seq_cmp(a,b) | 140 | static int X509_REVOKED_seq_cmp(const X509_REVOKED * const *a, |
| 350 | X509_REVOKED **a,**b; | 141 | const X509_REVOKED * const *b) |
| 351 | { | 142 | { |
| 352 | return((*a)->sequence-(*b)->sequence); | 143 | return((*a)->sequence-(*b)->sequence); |
| 353 | } | 144 | } |
| 145 | |||
| 146 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev) | ||
| 147 | { | ||
| 148 | X509_CRL_INFO *inf; | ||
| 149 | inf = crl->crl; | ||
| 150 | if(!inf->revoked) | ||
| 151 | inf->revoked = sk_X509_REVOKED_new(X509_REVOKED_cmp); | ||
| 152 | if(!inf->revoked || !sk_X509_REVOKED_push(inf->revoked, rev)) { | ||
| 153 | ASN1err(ASN1_F_X509_CRL_ADD0_REVOKED, ERR_R_MALLOC_FAILURE); | ||
| 154 | return 0; | ||
| 155 | } | ||
| 156 | return 1; | ||
| 157 | } | ||
| 158 | |||
| 159 | IMPLEMENT_STACK_OF(X509_REVOKED) | ||
| 160 | IMPLEMENT_ASN1_SET_OF(X509_REVOKED) | ||
| 161 | IMPLEMENT_STACK_OF(X509_CRL) | ||
| 162 | IMPLEMENT_ASN1_SET_OF(X509_CRL) | ||
diff --git a/src/lib/libcrypto/asn1/x_exten.c b/src/lib/libcrypto/asn1/x_exten.c index 54ffe2f00b..702421b6c8 100644 --- a/src/lib/libcrypto/asn1/x_exten.c +++ b/src/lib/libcrypto/asn1/x_exten.c | |||
| @@ -1,156 +1,71 @@ | |||
| 1 | /* crypto/asn1/x_exten.c */ | 1 | /* x_exten.c */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * All rights reserved. | 3 | * project 2000. |
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | ||
| 4 | * | 7 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 10 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 11 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 16 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 17 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 18 | * distribution. |
| 32 | * must display the following acknowledgement: | 19 | * |
| 33 | * "This product includes cryptographic software written by | 20 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 21 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 22 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 24 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 26 | * endorse or promote products derived from this software without |
| 40 | * | 27 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 28 | * licensing@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 29 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 30 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 31 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 32 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 33 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 34 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 35 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 36 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 38 | * |
| 52 | * | 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 57 | */ | 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT |
| 58 | 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | |
| 59 | #include <stdio.h> | 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) |
| 60 | #include "cryptlib.h" | 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, |
| 61 | #include "objects.h" | 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) |
| 62 | #include "asn1_mac.h" | 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED |
| 63 | 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | |
| 64 | /* | 51 | * ==================================================================== |
| 65 | * ASN1err(ASN1_F_D2I_X509_EXTENSION,ASN1_R_LENGTH_MISMATCH); | 52 | * |
| 66 | * ASN1err(ASN1_F_X509_EXTENSION_NEW,ASN1_R_LENGTH_MISMATCH); | 53 | * This product includes cryptographic software written by Eric Young |
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 67 | */ | 57 | */ |
| 68 | 58 | ||
| 69 | int i2d_X509_EXTENSION(a,pp) | 59 | #include <stddef.h> |
| 70 | X509_EXTENSION *a; | 60 | #include <openssl/x509.h> |
| 71 | unsigned char **pp; | 61 | #include <openssl/asn1.h> |
| 72 | { | 62 | #include <openssl/asn1t.h> |
| 73 | int k=0; | ||
| 74 | int r=0,ret=0; | ||
| 75 | unsigned char **p=NULL; | ||
| 76 | |||
| 77 | if (a == NULL) return(0); | ||
| 78 | |||
| 79 | p=NULL; | ||
| 80 | for (;;) | ||
| 81 | { | ||
| 82 | if (k) | ||
| 83 | { | ||
| 84 | r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); | ||
| 85 | if (pp == NULL) return(r); | ||
| 86 | p=pp; | ||
| 87 | ASN1_put_object(p,1,ret,V_ASN1_SEQUENCE, | ||
| 88 | V_ASN1_UNIVERSAL); | ||
| 89 | } | ||
| 90 | |||
| 91 | ret+=i2d_ASN1_OBJECT(a->object,p); | ||
| 92 | if ((a->critical) || a->netscape_hack) | ||
| 93 | ret+=i2d_ASN1_BOOLEAN(a->critical,p); | ||
| 94 | ret+=i2d_ASN1_OCTET_STRING(a->value,p); | ||
| 95 | if (k++) return(r); | ||
| 96 | } | ||
| 97 | } | ||
| 98 | |||
| 99 | X509_EXTENSION *d2i_X509_EXTENSION(a,pp,length) | ||
| 100 | X509_EXTENSION **a; | ||
| 101 | unsigned char **pp; | ||
| 102 | long length; | ||
| 103 | { | ||
| 104 | int i; | ||
| 105 | M_ASN1_D2I_vars(a,X509_EXTENSION *,X509_EXTENSION_new); | ||
| 106 | |||
| 107 | M_ASN1_D2I_Init(); | ||
| 108 | M_ASN1_D2I_start_sequence(); | ||
| 109 | M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT); | ||
| 110 | |||
| 111 | if ((ret->argp != NULL) && (ret->ex_free != NULL)) | ||
| 112 | ret->ex_free(ret); | ||
| 113 | ret->argl=0; | ||
| 114 | ret->argp=NULL; | ||
| 115 | ret->netscape_hack=0; | ||
| 116 | if ((c.slen != 0) && | ||
| 117 | (M_ASN1_next == (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN))) | ||
| 118 | { | ||
| 119 | c.q=c.p; | ||
| 120 | if (d2i_ASN1_BOOLEAN(&i,&c.p,c.slen) < 0) goto err; | ||
| 121 | ret->critical=i; | ||
| 122 | c.slen-=(c.p-c.q); | ||
| 123 | if (ret->critical == 0) ret->netscape_hack=1; | ||
| 124 | } | ||
| 125 | M_ASN1_D2I_get(ret->value,d2i_ASN1_OCTET_STRING); | ||
| 126 | |||
| 127 | M_ASN1_D2I_Finish(a,X509_EXTENSION_free,ASN1_F_D2I_X509_EXTENSION); | ||
| 128 | } | ||
| 129 | |||
| 130 | X509_EXTENSION *X509_EXTENSION_new() | ||
| 131 | { | ||
| 132 | X509_EXTENSION *ret=NULL; | ||
| 133 | 63 | ||
| 134 | M_ASN1_New_Malloc(ret,X509_EXTENSION); | 64 | ASN1_SEQUENCE(X509_EXTENSION) = { |
| 135 | M_ASN1_New(ret->object,ASN1_OBJECT_new); | 65 | ASN1_SIMPLE(X509_EXTENSION, object, ASN1_OBJECT), |
| 136 | M_ASN1_New(ret->value,ASN1_OCTET_STRING_new); | 66 | ASN1_OPT(X509_EXTENSION, critical, ASN1_BOOLEAN), |
| 137 | ret->critical=0; | 67 | ASN1_SIMPLE(X509_EXTENSION, value, ASN1_OCTET_STRING) |
| 138 | ret->netscape_hack=0; | 68 | } ASN1_SEQUENCE_END(X509_EXTENSION) |
| 139 | ret->argl=0L; | ||
| 140 | ret->argp=NULL; | ||
| 141 | ret->ex_free=NULL; | ||
| 142 | return(ret); | ||
| 143 | M_ASN1_New_Error(ASN1_F_X509_EXTENSION_NEW); | ||
| 144 | } | ||
| 145 | |||
| 146 | void X509_EXTENSION_free(a) | ||
| 147 | X509_EXTENSION *a; | ||
| 148 | { | ||
| 149 | if (a == NULL) return; | ||
| 150 | if ((a->argp != NULL) && (a->ex_free != NULL)) | ||
| 151 | a->ex_free(a); | ||
| 152 | ASN1_OBJECT_free(a->object); | ||
| 153 | ASN1_OCTET_STRING_free(a->value); | ||
| 154 | Free((char *)a); | ||
| 155 | } | ||
| 156 | 69 | ||
| 70 | IMPLEMENT_ASN1_FUNCTIONS(X509_EXTENSION) | ||
| 71 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_EXTENSION) | ||
diff --git a/src/lib/libcrypto/asn1/x_info.c b/src/lib/libcrypto/asn1/x_info.c index b55f0ce77a..d44f6cdb01 100644 --- a/src/lib/libcrypto/asn1/x_info.c +++ b/src/lib/libcrypto/asn1/x_info.c | |||
| @@ -58,15 +58,15 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | X509_INFO *X509_INFO_new() | 65 | X509_INFO *X509_INFO_new(void) |
| 66 | { | 66 | { |
| 67 | X509_INFO *ret=NULL; | 67 | X509_INFO *ret=NULL; |
| 68 | 68 | ||
| 69 | ret=(X509_INFO *)Malloc(sizeof(X509_INFO)); | 69 | ret=(X509_INFO *)OPENSSL_malloc(sizeof(X509_INFO)); |
| 70 | if (ret == NULL) | 70 | if (ret == NULL) |
| 71 | { | 71 | { |
| 72 | ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE); | 72 | ASN1err(ASN1_F_X509_INFO_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -84,8 +84,7 @@ X509_INFO *X509_INFO_new() | |||
| 84 | return(ret); | 84 | return(ret); |
| 85 | } | 85 | } |
| 86 | 86 | ||
| 87 | void X509_INFO_free(x) | 87 | void X509_INFO_free(X509_INFO *x) |
| 88 | X509_INFO *x; | ||
| 89 | { | 88 | { |
| 90 | int i; | 89 | int i; |
| 91 | 90 | ||
| @@ -107,5 +106,9 @@ X509_INFO *x; | |||
| 107 | if (x->x509 != NULL) X509_free(x->x509); | 106 | if (x->x509 != NULL) X509_free(x->x509); |
| 108 | if (x->crl != NULL) X509_CRL_free(x->crl); | 107 | if (x->crl != NULL) X509_CRL_free(x->crl); |
| 109 | if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); | 108 | if (x->x_pkey != NULL) X509_PKEY_free(x->x_pkey); |
| 110 | Free((char *)x); | 109 | if (x->enc_data != NULL) OPENSSL_free(x->enc_data); |
| 110 | OPENSSL_free(x); | ||
| 111 | } | 111 | } |
| 112 | |||
| 113 | IMPLEMENT_STACK_OF(X509_INFO) | ||
| 114 | |||
diff --git a/src/lib/libcrypto/asn1/x_long.c b/src/lib/libcrypto/asn1/x_long.c index c5f25956cb..c04b192794 100644 --- a/src/lib/libcrypto/asn1/x_long.c +++ b/src/lib/libcrypto/asn1/x_long.c | |||
| @@ -104,12 +104,7 @@ static int long_i2c(ASN1_VALUE **pval, unsigned char *cont, int *putype, const A | |||
| 104 | long ltmp; | 104 | long ltmp; |
| 105 | unsigned long utmp; | 105 | unsigned long utmp; |
| 106 | int clen, pad, i; | 106 | int clen, pad, i; |
| 107 | /* this exists to bypass broken gcc optimization */ | 107 | ltmp = *(long *)pval; |
| 108 | char *cp = (char *)pval; | ||
| 109 | |||
| 110 | /* use memcpy, because we may not be long aligned */ | ||
| 111 | memcpy(<mp, cp, sizeof(long)); | ||
| 112 | |||
| 113 | if(ltmp == it->size) return -1; | 108 | if(ltmp == it->size) return -1; |
| 114 | /* Convert the long to positive: we subtract one if negative so | 109 | /* Convert the long to positive: we subtract one if negative so |
| 115 | * we can cleanly handle the padding if only the MSB of the leading | 110 | * we can cleanly handle the padding if only the MSB of the leading |
| @@ -141,7 +136,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, | |||
| 141 | int neg, i; | 136 | int neg, i; |
| 142 | long ltmp; | 137 | long ltmp; |
| 143 | unsigned long utmp = 0; | 138 | unsigned long utmp = 0; |
| 144 | char *cp = (char *)pval; | ||
| 145 | if(len > sizeof(long)) { | 139 | if(len > sizeof(long)) { |
| 146 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); | 140 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); |
| 147 | return 0; | 141 | return 0; |
| @@ -164,6 +158,6 @@ static int long_c2i(ASN1_VALUE **pval, unsigned char *cont, int len, int utype, | |||
| 164 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); | 158 | ASN1err(ASN1_F_LONG_C2I, ASN1_R_INTEGER_TOO_LARGE_FOR_LONG); |
| 165 | return 0; | 159 | return 0; |
| 166 | } | 160 | } |
| 167 | memcpy(cp, <mp, sizeof(long)); | 161 | *(long *)pval = ltmp; |
| 168 | return 1; | 162 | return 1; |
| 169 | } | 163 | } |
diff --git a/src/lib/libcrypto/asn1/x_name.c b/src/lib/libcrypto/asn1/x_name.c index 28b9c34b58..caece0f158 100644 --- a/src/lib/libcrypto/asn1/x_name.c +++ b/src/lib/libcrypto/asn1/x_name.c | |||
| @@ -58,228 +58,203 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "objects.h" | 61 | #include <openssl/asn1t.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | /* | 64 | static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, |
| 65 | * ASN1err(ASN1_F_D2I_X509_NAME,ASN1_R_LENGTH_MISMATCH); | 65 | int tag, int aclass, char opt, ASN1_TLC *ctx); |
| 66 | * ASN1err(ASN1_F_X509_NAME_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE); | ||
| 67 | * ASN1err(ASN1_F_D2I_X509_NAME_ENTRY,ASN1_R_LENGTH_MISMATCH); | ||
| 68 | * ASN1err(ASN1_F_X509_NAME_ENTRY_NEW,ASN1_R_UNKNOWN_ATTRIBUTE_TYPE); | ||
| 69 | */ | ||
| 70 | |||
| 71 | #ifndef NOPROTO | ||
| 72 | static int i2d_X509_NAME_entries(X509_NAME *a); | ||
| 73 | #else | ||
| 74 | static int i2d_X509_NAME_entries(); | ||
| 75 | #endif | ||
| 76 | |||
| 77 | int i2d_X509_NAME_ENTRY(a,pp) | ||
| 78 | X509_NAME_ENTRY *a; | ||
| 79 | unsigned char **pp; | ||
| 80 | { | ||
| 81 | M_ASN1_I2D_vars(a); | ||
| 82 | |||
| 83 | M_ASN1_I2D_len(a->object,i2d_ASN1_OBJECT); | ||
| 84 | M_ASN1_I2D_len(a->value,i2d_ASN1_PRINTABLE); | ||
| 85 | |||
| 86 | M_ASN1_I2D_seq_total(); | ||
| 87 | |||
| 88 | M_ASN1_I2D_put(a->object,i2d_ASN1_OBJECT); | ||
| 89 | M_ASN1_I2D_put(a->value,i2d_ASN1_PRINTABLE); | ||
| 90 | |||
| 91 | M_ASN1_I2D_finish(); | ||
| 92 | } | ||
| 93 | 66 | ||
| 94 | X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(a,pp,length) | 67 | static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass); |
| 95 | X509_NAME_ENTRY **a; | 68 | static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it); |
| 96 | unsigned char **pp; | 69 | static void x509_name_ex_free(ASN1_VALUE **val, const ASN1_ITEM *it); |
| 97 | long length; | ||
| 98 | { | ||
| 99 | M_ASN1_D2I_vars(a,X509_NAME_ENTRY *,X509_NAME_ENTRY_new); | ||
| 100 | 70 | ||
| 101 | M_ASN1_D2I_Init(); | 71 | static int x509_name_encode(X509_NAME *a); |
| 102 | M_ASN1_D2I_start_sequence(); | ||
| 103 | M_ASN1_D2I_get(ret->object,d2i_ASN1_OBJECT); | ||
| 104 | M_ASN1_D2I_get(ret->value,d2i_ASN1_PRINTABLE); | ||
| 105 | ret->set=0; | ||
| 106 | M_ASN1_D2I_Finish(a,X509_NAME_ENTRY_free,ASN1_F_D2I_X509_NAME_ENTRY); | ||
| 107 | } | ||
| 108 | 72 | ||
| 109 | int i2d_X509_NAME(a,pp) | 73 | ASN1_SEQUENCE(X509_NAME_ENTRY) = { |
| 110 | X509_NAME *a; | 74 | ASN1_SIMPLE(X509_NAME_ENTRY, object, ASN1_OBJECT), |
| 111 | unsigned char **pp; | 75 | ASN1_SIMPLE(X509_NAME_ENTRY, value, ASN1_PRINTABLE) |
| 112 | { | 76 | } ASN1_SEQUENCE_END(X509_NAME_ENTRY) |
| 113 | int ret; | ||
| 114 | 77 | ||
| 115 | if (a == NULL) return(0); | 78 | IMPLEMENT_ASN1_FUNCTIONS(X509_NAME_ENTRY) |
| 116 | if (a->modified) | 79 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME_ENTRY) |
| 117 | { | ||
| 118 | ret=i2d_X509_NAME_entries(a); | ||
| 119 | if (ret < 0) return(ret); | ||
| 120 | } | ||
| 121 | 80 | ||
| 122 | ret=a->bytes->length; | 81 | /* For the "Name" type we need a SEQUENCE OF { SET OF X509_NAME_ENTRY } |
| 123 | if (pp != NULL) | 82 | * so declare two template wrappers for this |
| 124 | { | 83 | */ |
| 125 | memcpy(*pp,a->bytes->data,ret); | ||
| 126 | *pp+=ret; | ||
| 127 | } | ||
| 128 | return(ret); | ||
| 129 | } | ||
| 130 | |||
| 131 | static int i2d_X509_NAME_entries(a) | ||
| 132 | X509_NAME *a; | ||
| 133 | { | ||
| 134 | X509_NAME_ENTRY *ne,*fe=NULL; | ||
| 135 | STACK *sk; | ||
| 136 | BUF_MEM *buf=NULL; | ||
| 137 | int set=0,r,ret=0; | ||
| 138 | int i; | ||
| 139 | unsigned char *p; | ||
| 140 | int size=0; | ||
| 141 | |||
| 142 | sk=a->entries; | ||
| 143 | for (i=0; i<sk_num(sk); i++) | ||
| 144 | { | ||
| 145 | ne=(X509_NAME_ENTRY *)sk_value(sk,i); | ||
| 146 | if (fe == NULL) | ||
| 147 | { | ||
| 148 | fe=ne; | ||
| 149 | size=0; | ||
| 150 | } | ||
| 151 | |||
| 152 | if (ne->set != set) | ||
| 153 | { | ||
| 154 | ret+=ASN1_object_size(1,size,V_ASN1_SET); | ||
| 155 | fe->size=size; | ||
| 156 | fe=ne; | ||
| 157 | size=0; | ||
| 158 | set=ne->set; | ||
| 159 | } | ||
| 160 | size+=i2d_X509_NAME_ENTRY(ne,NULL); | ||
| 161 | } | ||
| 162 | 84 | ||
| 163 | ret+=ASN1_object_size(1,size,V_ASN1_SET); | 85 | ASN1_ITEM_TEMPLATE(X509_NAME_ENTRIES) = |
| 164 | if (fe != NULL) | 86 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SET_OF, 0, RDNS, X509_NAME_ENTRY) |
| 165 | fe->size=size; | 87 | ASN1_ITEM_TEMPLATE_END(X509_NAME_ENTRIES) |
| 166 | 88 | ||
| 167 | r=ASN1_object_size(1,ret,V_ASN1_SEQUENCE); | 89 | ASN1_ITEM_TEMPLATE(X509_NAME_INTERNAL) = |
| 90 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, Name, X509_NAME_ENTRIES) | ||
| 91 | ASN1_ITEM_TEMPLATE_END(X509_NAME_INTERNAL) | ||
| 168 | 92 | ||
| 169 | buf=a->bytes; | 93 | /* Normally that's where it would end: we'd have two nested STACK structures |
| 170 | if (!BUF_MEM_grow(buf,r)) goto err; | 94 | * representing the ASN1. Unfortunately X509_NAME uses a completely different |
| 171 | p=(unsigned char *)buf->data; | 95 | * form and caches encodings so we have to process the internal form and convert |
| 96 | * to the external form. | ||
| 97 | */ | ||
| 172 | 98 | ||
| 173 | ASN1_put_object(&p,1,ret,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | 99 | const ASN1_EXTERN_FUNCS x509_name_ff = { |
| 100 | NULL, | ||
| 101 | x509_name_ex_new, | ||
| 102 | x509_name_ex_free, | ||
| 103 | 0, /* Default clear behaviour is OK */ | ||
| 104 | x509_name_ex_d2i, | ||
| 105 | x509_name_ex_i2d | ||
| 106 | }; | ||
| 107 | |||
| 108 | IMPLEMENT_EXTERN_ASN1(X509_NAME, V_ASN1_SEQUENCE, x509_name_ff) | ||
| 109 | |||
| 110 | IMPLEMENT_ASN1_FUNCTIONS(X509_NAME) | ||
| 111 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_NAME) | ||
| 112 | |||
| 113 | static int x509_name_ex_new(ASN1_VALUE **val, const ASN1_ITEM *it) | ||
| 114 | { | ||
| 115 | X509_NAME *ret = NULL; | ||
| 116 | ret = OPENSSL_malloc(sizeof(X509_NAME)); | ||
| 117 | if(!ret) goto memerr; | ||
| 118 | if ((ret->entries=sk_X509_NAME_ENTRY_new_null()) == NULL) | ||
| 119 | goto memerr; | ||
| 120 | if((ret->bytes = BUF_MEM_new()) == NULL) goto memerr; | ||
| 121 | ret->modified=1; | ||
| 122 | *val = (ASN1_VALUE *)ret; | ||
| 123 | return 1; | ||
| 174 | 124 | ||
| 175 | set= -1; | 125 | memerr: |
| 176 | for (i=0; i<sk_num(sk); i++) | 126 | ASN1err(ASN1_F_X509_NAME_NEW, ERR_R_MALLOC_FAILURE); |
| 127 | if (ret) | ||
| 177 | { | 128 | { |
| 178 | ne=(X509_NAME_ENTRY *)sk_value(sk,i); | 129 | if (ret->entries) |
| 179 | if (set != ne->set) | 130 | sk_X509_NAME_ENTRY_free(ret->entries); |
| 180 | { | 131 | OPENSSL_free(ret); |
| 181 | set=ne->set; | ||
| 182 | ASN1_put_object(&p,1,ne->size, | ||
| 183 | V_ASN1_SET,V_ASN1_UNIVERSAL); | ||
| 184 | } | ||
| 185 | i2d_X509_NAME_ENTRY(ne,&p); | ||
| 186 | } | 132 | } |
| 187 | a->modified=0; | 133 | return 0; |
| 188 | return(r); | 134 | } |
| 189 | err: | ||
| 190 | return(-1); | ||
| 191 | } | ||
| 192 | 135 | ||
| 193 | X509_NAME *d2i_X509_NAME(a,pp,length) | 136 | static void x509_name_ex_free(ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 194 | X509_NAME **a; | 137 | { |
| 195 | unsigned char **pp; | 138 | X509_NAME *a; |
| 196 | long length; | 139 | if(!pval || !*pval) |
| 197 | { | 140 | return; |
| 198 | int set=0,i; | 141 | a = (X509_NAME *)*pval; |
| 199 | int idx=0; | ||
| 200 | unsigned char *orig; | ||
| 201 | M_ASN1_D2I_vars(a,X509_NAME *,X509_NAME_new); | ||
| 202 | 142 | ||
| 203 | orig= *pp; | 143 | BUF_MEM_free(a->bytes); |
| 204 | if (sk_num(ret->entries) > 0) | 144 | sk_X509_NAME_ENTRY_pop_free(a->entries,X509_NAME_ENTRY_free); |
| 205 | { | 145 | OPENSSL_free(a); |
| 206 | while (sk_num(ret->entries) > 0) | 146 | *pval = NULL; |
| 207 | X509_NAME_ENTRY_free((X509_NAME_ENTRY *) | 147 | } |
| 208 | sk_pop(ret->entries)); | 148 | |
| 209 | } | 149 | /* Used with sk_pop_free() to free up the internal representation. |
| 150 | * NB: we only free the STACK and not its contents because it is | ||
| 151 | * already present in the X509_NAME structure. | ||
| 152 | */ | ||
| 210 | 153 | ||
| 211 | M_ASN1_D2I_Init(); | 154 | static void sk_internal_free(void *a) |
| 212 | M_ASN1_D2I_start_sequence(); | 155 | { |
| 213 | for (;;) | 156 | sk_free(a); |
| 214 | { | 157 | } |
| 215 | if (M_ASN1_D2I_end_sequence()) break; | 158 | |
| 216 | M_ASN1_D2I_get_set(ret->entries,d2i_X509_NAME_ENTRY); | 159 | static int x509_name_ex_d2i(ASN1_VALUE **val, unsigned char **in, long len, const ASN1_ITEM *it, |
| 217 | for (; idx < sk_num(ret->entries); idx++) | 160 | int tag, int aclass, char opt, ASN1_TLC *ctx) |
| 218 | { | 161 | { |
| 219 | ((X509_NAME_ENTRY *)sk_value(ret->entries,idx))->set= | 162 | unsigned char *p = *in, *q; |
| 220 | set; | 163 | STACK *intname = NULL; |
| 221 | } | 164 | int i, j, ret; |
| 222 | set++; | 165 | X509_NAME *nm = NULL; |
| 166 | STACK_OF(X509_NAME_ENTRY) *entries; | ||
| 167 | X509_NAME_ENTRY *entry; | ||
| 168 | q = p; | ||
| 169 | |||
| 170 | /* Get internal representation of Name */ | ||
| 171 | ret = ASN1_item_ex_d2i((ASN1_VALUE **)&intname, &p, len, ASN1_ITEM_rptr(X509_NAME_INTERNAL), | ||
| 172 | tag, aclass, opt, ctx); | ||
| 173 | |||
| 174 | if(ret <= 0) return ret; | ||
| 175 | |||
| 176 | if(*val) x509_name_ex_free(val, NULL); | ||
| 177 | if(!x509_name_ex_new((ASN1_VALUE **)&nm, NULL)) goto err; | ||
| 178 | /* We've decoded it: now cache encoding */ | ||
| 179 | if(!BUF_MEM_grow(nm->bytes, p - q)) goto err; | ||
| 180 | memcpy(nm->bytes->data, q, p - q); | ||
| 181 | |||
| 182 | /* Convert internal representation to X509_NAME structure */ | ||
| 183 | for(i = 0; i < sk_num(intname); i++) { | ||
| 184 | entries = (STACK_OF(X509_NAME_ENTRY) *)sk_value(intname, i); | ||
| 185 | for(j = 0; j < sk_X509_NAME_ENTRY_num(entries); j++) { | ||
| 186 | entry = sk_X509_NAME_ENTRY_value(entries, j); | ||
| 187 | entry->set = i; | ||
| 188 | if(!sk_X509_NAME_ENTRY_push(nm->entries, entry)) | ||
| 189 | goto err; | ||
| 223 | } | 190 | } |
| 224 | 191 | sk_X509_NAME_ENTRY_free(entries); | |
| 225 | i=(int)(c.p-orig); | ||
| 226 | if (!BUF_MEM_grow(ret->bytes,i)) goto err; | ||
| 227 | memcpy(ret->bytes->data,orig,i); | ||
| 228 | ret->bytes->length=i; | ||
| 229 | ret->modified=0; | ||
| 230 | |||
| 231 | M_ASN1_D2I_Finish(a,X509_NAME_free,ASN1_F_D2I_X509_NAME); | ||
| 232 | } | 192 | } |
| 233 | 193 | sk_free(intname); | |
| 234 | X509_NAME *X509_NAME_new() | 194 | nm->modified = 0; |
| 235 | { | 195 | *val = (ASN1_VALUE *)nm; |
| 236 | X509_NAME *ret=NULL; | 196 | *in = p; |
| 237 | 197 | return ret; | |
| 238 | M_ASN1_New_Malloc(ret,X509_NAME); | 198 | err: |
| 239 | if ((ret->entries=sk_new(NULL)) == NULL) goto err2; | 199 | ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_NESTED_ASN1_ERROR); |
| 240 | M_ASN1_New(ret->bytes,BUF_MEM_new); | 200 | return 0; |
| 241 | ret->modified=1; | 201 | } |
| 242 | return(ret); | 202 | |
| 243 | M_ASN1_New_Error(ASN1_F_X509_NAME_NEW); | 203 | static int x509_name_ex_i2d(ASN1_VALUE **val, unsigned char **out, const ASN1_ITEM *it, int tag, int aclass) |
| 204 | { | ||
| 205 | int ret; | ||
| 206 | X509_NAME *a = (X509_NAME *)*val; | ||
| 207 | if(a->modified) { | ||
| 208 | ret = x509_name_encode((X509_NAME *)a); | ||
| 209 | if(ret < 0) return ret; | ||
| 244 | } | 210 | } |
| 245 | 211 | ret = a->bytes->length; | |
| 246 | X509_NAME_ENTRY *X509_NAME_ENTRY_new() | 212 | if(out != NULL) { |
| 247 | { | 213 | memcpy(*out,a->bytes->data,ret); |
| 248 | X509_NAME_ENTRY *ret=NULL; | 214 | *out+=ret; |
| 249 | |||
| 250 | M_ASN1_New_Malloc(ret,X509_NAME_ENTRY); | ||
| 251 | /* M_ASN1_New(ret->object,ASN1_OBJECT_new);*/ | ||
| 252 | ret->object=NULL; | ||
| 253 | ret->set=0; | ||
| 254 | M_ASN1_New(ret->value,ASN1_STRING_new); | ||
| 255 | return(ret); | ||
| 256 | M_ASN1_New_Error(ASN1_F_X509_NAME_ENTRY_NEW); | ||
| 257 | } | 215 | } |
| 216 | return ret; | ||
| 217 | } | ||
| 258 | 218 | ||
| 259 | void X509_NAME_free(a) | 219 | static int x509_name_encode(X509_NAME *a) |
| 260 | X509_NAME *a; | 220 | { |
| 261 | { | 221 | STACK *intname = NULL; |
| 262 | BUF_MEM_free(a->bytes); | 222 | int len; |
| 263 | sk_pop_free(a->entries,X509_NAME_ENTRY_free); | 223 | unsigned char *p; |
| 264 | Free((char *)a); | 224 | STACK_OF(X509_NAME_ENTRY) *entries = NULL; |
| 265 | } | 225 | X509_NAME_ENTRY *entry; |
| 266 | 226 | int i, set = -1; | |
| 267 | void X509_NAME_ENTRY_free(a) | 227 | intname = sk_new_null(); |
| 268 | X509_NAME_ENTRY *a; | 228 | if(!intname) goto memerr; |
| 269 | { | 229 | for(i = 0; i < sk_X509_NAME_ENTRY_num(a->entries); i++) { |
| 270 | if (a == NULL) return; | 230 | entry = sk_X509_NAME_ENTRY_value(a->entries, i); |
| 271 | ASN1_OBJECT_free(a->object); | 231 | if(entry->set != set) { |
| 272 | ASN1_BIT_STRING_free(a->value); | 232 | entries = sk_X509_NAME_ENTRY_new_null(); |
| 273 | Free((char *)a); | 233 | if(!entries) goto memerr; |
| 234 | if(!sk_push(intname, (char *)entries)) goto memerr; | ||
| 235 | set = entry->set; | ||
| 236 | } | ||
| 237 | if(!sk_X509_NAME_ENTRY_push(entries, entry)) goto memerr; | ||
| 274 | } | 238 | } |
| 275 | 239 | len = ASN1_item_ex_i2d((ASN1_VALUE **)&intname, NULL, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); | |
| 276 | int X509_NAME_set(xn,name) | 240 | if (!BUF_MEM_grow(a->bytes,len)) goto memerr; |
| 277 | X509_NAME **xn; | 241 | p=(unsigned char *)a->bytes->data; |
| 278 | X509_NAME *name; | 242 | ASN1_item_ex_i2d((ASN1_VALUE **)&intname, &p, ASN1_ITEM_rptr(X509_NAME_INTERNAL), -1, -1); |
| 243 | sk_pop_free(intname, sk_internal_free); | ||
| 244 | a->modified = 0; | ||
| 245 | return len; | ||
| 246 | memerr: | ||
| 247 | sk_pop_free(intname, sk_internal_free); | ||
| 248 | ASN1err(ASN1_F_D2I_X509_NAME, ERR_R_MALLOC_FAILURE); | ||
| 249 | return -1; | ||
| 250 | } | ||
| 251 | |||
| 252 | |||
| 253 | int X509_NAME_set(X509_NAME **xn, X509_NAME *name) | ||
| 279 | { | 254 | { |
| 280 | X509_NAME *in; | 255 | X509_NAME *in; |
| 281 | 256 | ||
| 282 | if (*xn == NULL) return(0); | 257 | if (!xn || !name) return(0); |
| 283 | 258 | ||
| 284 | if (*xn != name) | 259 | if (*xn != name) |
| 285 | { | 260 | { |
| @@ -293,3 +268,5 @@ X509_NAME *name; | |||
| 293 | return(*xn != NULL); | 268 | return(*xn != NULL); |
| 294 | } | 269 | } |
| 295 | 270 | ||
| 271 | IMPLEMENT_STACK_OF(X509_NAME_ENTRY) | ||
| 272 | IMPLEMENT_ASN1_SET_OF(X509_NAME_ENTRY) | ||
diff --git a/src/lib/libcrypto/asn1/x_pkey.c b/src/lib/libcrypto/asn1/x_pkey.c index 1d4d926129..f1c6221ac3 100644 --- a/src/lib/libcrypto/asn1/x_pkey.c +++ b/src/lib/libcrypto/asn1/x_pkey.c | |||
| @@ -58,25 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "asn1_mac.h" | 63 | #include <openssl/asn1_mac.h> |
| 64 | 64 | #include <openssl/x509.h> | |
| 65 | /* ASN1err(ASN1_F_D2I_X509_PKEY,ASN1_R_UNSUPPORTED_CIPHER); */ | ||
| 66 | /* ASN1err(ASN1_F_X509_PKEY_NEW,ASN1_R_IV_TOO_LARGE); */ | ||
| 67 | 65 | ||
| 68 | /* need to implement */ | 66 | /* need to implement */ |
| 69 | int i2d_X509_PKEY(a,pp) | 67 | int i2d_X509_PKEY(X509_PKEY *a, unsigned char **pp) |
| 70 | X509_PKEY *a; | ||
| 71 | unsigned char **pp; | ||
| 72 | { | 68 | { |
| 73 | return(0); | 69 | return(0); |
| 74 | } | 70 | } |
| 75 | 71 | ||
| 76 | X509_PKEY *d2i_X509_PKEY(a,pp,length) | 72 | X509_PKEY *d2i_X509_PKEY(X509_PKEY **a, unsigned char **pp, long length) |
| 77 | X509_PKEY **a; | ||
| 78 | unsigned char **pp; | ||
| 79 | long length; | ||
| 80 | { | 73 | { |
| 81 | int i; | 74 | int i; |
| 82 | M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); | 75 | M_ASN1_D2I_vars(a,X509_PKEY *,X509_PKEY_new); |
| @@ -91,6 +84,7 @@ long length; | |||
| 91 | if (ret->cipher.cipher == NULL) | 84 | if (ret->cipher.cipher == NULL) |
| 92 | { | 85 | { |
| 93 | c.error=ASN1_R_UNSUPPORTED_CIPHER; | 86 | c.error=ASN1_R_UNSUPPORTED_CIPHER; |
| 87 | c.line=__LINE__; | ||
| 94 | goto err; | 88 | goto err; |
| 95 | } | 89 | } |
| 96 | if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) | 90 | if (ret->enc_algor->parameter->type == V_ASN1_OCTET_STRING) |
| @@ -99,6 +93,7 @@ long length; | |||
| 99 | if (i > EVP_MAX_IV_LENGTH) | 93 | if (i > EVP_MAX_IV_LENGTH) |
| 100 | { | 94 | { |
| 101 | c.error=ASN1_R_IV_TOO_LARGE; | 95 | c.error=ASN1_R_IV_TOO_LARGE; |
| 96 | c.line=__LINE__; | ||
| 102 | goto err; | 97 | goto err; |
| 103 | } | 98 | } |
| 104 | memcpy(ret->cipher.iv, | 99 | memcpy(ret->cipher.iv, |
| @@ -109,14 +104,15 @@ long length; | |||
| 109 | M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY); | 104 | M_ASN1_D2I_Finish(a,X509_PKEY_free,ASN1_F_D2I_X509_PKEY); |
| 110 | } | 105 | } |
| 111 | 106 | ||
| 112 | X509_PKEY *X509_PKEY_new() | 107 | X509_PKEY *X509_PKEY_new(void) |
| 113 | { | 108 | { |
| 114 | X509_PKEY *ret=NULL; | 109 | X509_PKEY *ret=NULL; |
| 110 | ASN1_CTX c; | ||
| 115 | 111 | ||
| 116 | M_ASN1_New_Malloc(ret,X509_PKEY); | 112 | M_ASN1_New_Malloc(ret,X509_PKEY); |
| 117 | ret->version=0; | 113 | ret->version=0; |
| 118 | M_ASN1_New(ret->enc_algor,X509_ALGOR_new); | 114 | M_ASN1_New(ret->enc_algor,X509_ALGOR_new); |
| 119 | M_ASN1_New(ret->enc_pkey,ASN1_OCTET_STRING_new); | 115 | M_ASN1_New(ret->enc_pkey,M_ASN1_OCTET_STRING_new); |
| 120 | ret->dec_pkey=NULL; | 116 | ret->dec_pkey=NULL; |
| 121 | ret->key_length=0; | 117 | ret->key_length=0; |
| 122 | ret->key_data=NULL; | 118 | ret->key_data=NULL; |
| @@ -128,8 +124,7 @@ X509_PKEY *X509_PKEY_new() | |||
| 128 | M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); | 124 | M_ASN1_New_Error(ASN1_F_X509_PKEY_NEW); |
| 129 | } | 125 | } |
| 130 | 126 | ||
| 131 | void X509_PKEY_free(x) | 127 | void X509_PKEY_free(X509_PKEY *x) |
| 132 | X509_PKEY *x; | ||
| 133 | { | 128 | { |
| 134 | int i; | 129 | int i; |
| 135 | 130 | ||
| @@ -149,8 +144,8 @@ X509_PKEY *x; | |||
| 149 | #endif | 144 | #endif |
| 150 | 145 | ||
| 151 | if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); | 146 | if (x->enc_algor != NULL) X509_ALGOR_free(x->enc_algor); |
| 152 | if (x->enc_pkey != NULL) ASN1_OCTET_STRING_free(x->enc_pkey); | 147 | if (x->enc_pkey != NULL) M_ASN1_OCTET_STRING_free(x->enc_pkey); |
| 153 | if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); | 148 | if (x->dec_pkey != NULL)EVP_PKEY_free(x->dec_pkey); |
| 154 | if ((x->key_data != NULL) && (x->key_free)) Free((char *)x->key_data); | 149 | if ((x->key_data != NULL) && (x->key_free)) OPENSSL_free(x->key_data); |
| 155 | Free((char *)(char *)x); | 150 | OPENSSL_free(x); |
| 156 | } | 151 | } |
diff --git a/src/lib/libcrypto/asn1/x_pubkey.c b/src/lib/libcrypto/asn1/x_pubkey.c index a309cf74a7..d958540120 100644 --- a/src/lib/libcrypto/asn1/x_pubkey.c +++ b/src/lib/libcrypto/asn1/x_pubkey.c | |||
| @@ -58,80 +58,33 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | ||
| 62 | 63 | ||
| 63 | /* | 64 | /* Minor tweak to operation: free up EVP_PKEY */ |
| 64 | * ASN1err(ASN1_F_D2I_X509_PUBKEY,ASN1_R_LENGTH_MISMATCH); | 65 | static int pubkey_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 65 | * ASN1err(ASN1_F_X509_PUBKEY_NEW,ASN1_R_LENGTH_MISMATCH); | 66 | { |
| 66 | */ | 67 | if(operation == ASN1_OP_FREE_POST) { |
| 67 | 68 | X509_PUBKEY *pubkey = (X509_PUBKEY *)*pval; | |
| 68 | int i2d_X509_PUBKEY(a,pp) | 69 | EVP_PKEY_free(pubkey->pkey); |
| 69 | X509_PUBKEY *a; | ||
| 70 | unsigned char **pp; | ||
| 71 | { | ||
| 72 | M_ASN1_I2D_vars(a); | ||
| 73 | |||
| 74 | M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR); | ||
| 75 | M_ASN1_I2D_len(a->public_key, i2d_ASN1_BIT_STRING); | ||
| 76 | |||
| 77 | M_ASN1_I2D_seq_total(); | ||
| 78 | |||
| 79 | M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR); | ||
| 80 | M_ASN1_I2D_put(a->public_key, i2d_ASN1_BIT_STRING); | ||
| 81 | |||
| 82 | M_ASN1_I2D_finish(); | ||
| 83 | } | ||
| 84 | |||
| 85 | X509_PUBKEY *d2i_X509_PUBKEY(a,pp,length) | ||
| 86 | X509_PUBKEY **a; | ||
| 87 | unsigned char **pp; | ||
| 88 | long length; | ||
| 89 | { | ||
| 90 | M_ASN1_D2I_vars(a,X509_PUBKEY *,X509_PUBKEY_new); | ||
| 91 | |||
| 92 | M_ASN1_D2I_Init(); | ||
| 93 | M_ASN1_D2I_start_sequence(); | ||
| 94 | M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR); | ||
| 95 | M_ASN1_D2I_get(ret->public_key,d2i_ASN1_BIT_STRING); | ||
| 96 | if (ret->pkey != NULL) | ||
| 97 | { | ||
| 98 | EVP_PKEY_free(ret->pkey); | ||
| 99 | ret->pkey=NULL; | ||
| 100 | } | ||
| 101 | M_ASN1_D2I_Finish(a,X509_PUBKEY_free,ASN1_F_D2I_X509_PUBKEY); | ||
| 102 | } | 70 | } |
| 71 | return 1; | ||
| 72 | } | ||
| 103 | 73 | ||
| 104 | X509_PUBKEY *X509_PUBKEY_new() | 74 | ASN1_SEQUENCE_cb(X509_PUBKEY, pubkey_cb) = { |
| 105 | { | 75 | ASN1_SIMPLE(X509_PUBKEY, algor, X509_ALGOR), |
| 106 | X509_PUBKEY *ret=NULL; | 76 | ASN1_SIMPLE(X509_PUBKEY, public_key, ASN1_BIT_STRING) |
| 107 | 77 | } ASN1_SEQUENCE_END_cb(X509_PUBKEY, X509_PUBKEY) | |
| 108 | M_ASN1_New_Malloc(ret,X509_PUBKEY); | ||
| 109 | M_ASN1_New(ret->algor,X509_ALGOR_new); | ||
| 110 | M_ASN1_New(ret->public_key,ASN1_BIT_STRING_new); | ||
| 111 | ret->pkey=NULL; | ||
| 112 | return(ret); | ||
| 113 | M_ASN1_New_Error(ASN1_F_X509_PUBKEY_NEW); | ||
| 114 | } | ||
| 115 | 78 | ||
| 116 | void X509_PUBKEY_free(a) | 79 | IMPLEMENT_ASN1_FUNCTIONS(X509_PUBKEY) |
| 117 | X509_PUBKEY *a; | ||
| 118 | { | ||
| 119 | if (a == NULL) return; | ||
| 120 | X509_ALGOR_free(a->algor); | ||
| 121 | ASN1_BIT_STRING_free(a->public_key); | ||
| 122 | if (a->pkey != NULL) EVP_PKEY_free(a->pkey); | ||
| 123 | Free((char *)a); | ||
| 124 | } | ||
| 125 | 80 | ||
| 126 | int X509_PUBKEY_set(x,pkey) | 81 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey) |
| 127 | X509_PUBKEY **x; | ||
| 128 | EVP_PKEY *pkey; | ||
| 129 | { | 82 | { |
| 130 | int ok=0; | 83 | int ok=0; |
| 131 | X509_PUBKEY *pk; | 84 | X509_PUBKEY *pk; |
| 132 | X509_ALGOR *a; | 85 | X509_ALGOR *a; |
| 133 | ASN1_OBJECT *o; | 86 | ASN1_OBJECT *o; |
| 134 | unsigned char *s,*p; | 87 | unsigned char *s,*p = NULL; |
| 135 | int i; | 88 | int i; |
| 136 | 89 | ||
| 137 | if (x == NULL) return(0); | 90 | if (x == NULL) return(0); |
| @@ -156,7 +109,7 @@ EVP_PKEY *pkey; | |||
| 156 | } | 109 | } |
| 157 | } | 110 | } |
| 158 | else | 111 | else |
| 159 | #ifndef NO_DSA | 112 | #ifndef OPENSSL_NO_DSA |
| 160 | if (pkey->type == EVP_PKEY_DSA) | 113 | if (pkey->type == EVP_PKEY_DSA) |
| 161 | { | 114 | { |
| 162 | unsigned char *pp; | 115 | unsigned char *pp; |
| @@ -166,14 +119,14 @@ EVP_PKEY *pkey; | |||
| 166 | dsa->write_params=0; | 119 | dsa->write_params=0; |
| 167 | ASN1_TYPE_free(a->parameter); | 120 | ASN1_TYPE_free(a->parameter); |
| 168 | i=i2d_DSAparams(dsa,NULL); | 121 | i=i2d_DSAparams(dsa,NULL); |
| 169 | p=(unsigned char *)Malloc(i); | 122 | if ((p=(unsigned char *)OPENSSL_malloc(i)) == NULL) goto err; |
| 170 | pp=p; | 123 | pp=p; |
| 171 | i2d_DSAparams(dsa,&pp); | 124 | i2d_DSAparams(dsa,&pp); |
| 172 | a->parameter=ASN1_TYPE_new(); | 125 | a->parameter=ASN1_TYPE_new(); |
| 173 | a->parameter->type=V_ASN1_SEQUENCE; | 126 | a->parameter->type=V_ASN1_SEQUENCE; |
| 174 | a->parameter->value.sequence=ASN1_STRING_new(); | 127 | a->parameter->value.sequence=ASN1_STRING_new(); |
| 175 | ASN1_STRING_set(a->parameter->value.sequence,p,i); | 128 | ASN1_STRING_set(a->parameter->value.sequence,p,i); |
| 176 | Free(p); | 129 | OPENSSL_free(p); |
| 177 | } | 130 | } |
| 178 | else | 131 | else |
| 179 | #endif | 132 | #endif |
| @@ -182,15 +135,25 @@ EVP_PKEY *pkey; | |||
| 182 | goto err; | 135 | goto err; |
| 183 | } | 136 | } |
| 184 | 137 | ||
| 185 | i=i2d_PublicKey(pkey,NULL); | 138 | if ((i=i2d_PublicKey(pkey,NULL)) <= 0) goto err; |
| 186 | if ((s=(unsigned char *)Malloc(i+1)) == NULL) goto err; | 139 | if ((s=(unsigned char *)OPENSSL_malloc(i+1)) == NULL) |
| 140 | { | ||
| 141 | X509err(X509_F_X509_PUBKEY_SET,ERR_R_MALLOC_FAILURE); | ||
| 142 | goto err; | ||
| 143 | } | ||
| 187 | p=s; | 144 | p=s; |
| 188 | i2d_PublicKey(pkey,&p); | 145 | i2d_PublicKey(pkey,&p); |
| 189 | if (!ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; | 146 | if (!M_ASN1_BIT_STRING_set(pk->public_key,s,i)) goto err; |
| 190 | Free(s); | 147 | /* Set number of unused bits to zero */ |
| 148 | pk->public_key->flags&= ~(ASN1_STRING_FLAG_BITS_LEFT|0x07); | ||
| 149 | pk->public_key->flags|=ASN1_STRING_FLAG_BITS_LEFT; | ||
| 150 | |||
| 151 | OPENSSL_free(s); | ||
| 191 | 152 | ||
| 153 | #if 0 | ||
| 192 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 154 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); |
| 193 | pk->pkey=pkey; | 155 | pk->pkey=pkey; |
| 156 | #endif | ||
| 194 | 157 | ||
| 195 | if (*x != NULL) | 158 | if (*x != NULL) |
| 196 | X509_PUBKEY_free(*x); | 159 | X509_PUBKEY_free(*x); |
| @@ -204,20 +167,24 @@ err: | |||
| 204 | return(ok); | 167 | return(ok); |
| 205 | } | 168 | } |
| 206 | 169 | ||
| 207 | EVP_PKEY *X509_PUBKEY_get(key) | 170 | EVP_PKEY *X509_PUBKEY_get(X509_PUBKEY *key) |
| 208 | X509_PUBKEY *key; | ||
| 209 | { | 171 | { |
| 210 | EVP_PKEY *ret=NULL; | 172 | EVP_PKEY *ret=NULL; |
| 211 | long j; | 173 | long j; |
| 212 | int type; | 174 | int type; |
| 213 | unsigned char *p; | 175 | unsigned char *p; |
| 214 | #ifndef NO_DSA | 176 | #ifndef OPENSSL_NO_DSA |
| 177 | const unsigned char *cp; | ||
| 215 | X509_ALGOR *a; | 178 | X509_ALGOR *a; |
| 216 | #endif | 179 | #endif |
| 217 | 180 | ||
| 218 | if (key == NULL) goto err; | 181 | if (key == NULL) goto err; |
| 219 | 182 | ||
| 220 | if (key->pkey != NULL) return(key->pkey); | 183 | if (key->pkey != NULL) |
| 184 | { | ||
| 185 | CRYPTO_add(&key->pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | ||
| 186 | return(key->pkey); | ||
| 187 | } | ||
| 221 | 188 | ||
| 222 | if (key->public_key == NULL) goto err; | 189 | if (key->public_key == NULL) goto err; |
| 223 | 190 | ||
| @@ -231,22 +198,23 @@ X509_PUBKEY *key; | |||
| 231 | } | 198 | } |
| 232 | ret->save_parameters=0; | 199 | ret->save_parameters=0; |
| 233 | 200 | ||
| 234 | #ifndef NO_DSA | 201 | #ifndef OPENSSL_NO_DSA |
| 235 | a=key->algor; | 202 | a=key->algor; |
| 236 | if (ret->type == EVP_PKEY_DSA) | 203 | if (ret->type == EVP_PKEY_DSA) |
| 237 | { | 204 | { |
| 238 | if (a->parameter->type == V_ASN1_SEQUENCE) | 205 | if (a->parameter && (a->parameter->type == V_ASN1_SEQUENCE)) |
| 239 | { | 206 | { |
| 240 | ret->pkey.dsa->write_params=0; | 207 | ret->pkey.dsa->write_params=0; |
| 241 | p=a->parameter->value.sequence->data; | 208 | cp=p=a->parameter->value.sequence->data; |
| 242 | j=a->parameter->value.sequence->length; | 209 | j=a->parameter->value.sequence->length; |
| 243 | if (!d2i_DSAparams(&ret->pkey.dsa,&p,(long)j)) | 210 | if (!d2i_DSAparams(&ret->pkey.dsa,&cp,(long)j)) |
| 244 | goto err; | 211 | goto err; |
| 245 | } | 212 | } |
| 246 | ret->save_parameters=1; | 213 | ret->save_parameters=1; |
| 247 | } | 214 | } |
| 248 | #endif | 215 | #endif |
| 249 | key->pkey=ret; | 216 | key->pkey=ret; |
| 217 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_EVP_PKEY); | ||
| 250 | return(ret); | 218 | return(ret); |
| 251 | err: | 219 | err: |
| 252 | if (ret != NULL) | 220 | if (ret != NULL) |
| @@ -254,3 +222,113 @@ err: | |||
| 254 | return(NULL); | 222 | return(NULL); |
| 255 | } | 223 | } |
| 256 | 224 | ||
| 225 | /* Now two pseudo ASN1 routines that take an EVP_PKEY structure | ||
| 226 | * and encode or decode as X509_PUBKEY | ||
| 227 | */ | ||
| 228 | |||
| 229 | EVP_PKEY *d2i_PUBKEY(EVP_PKEY **a, unsigned char **pp, | ||
| 230 | long length) | ||
| 231 | { | ||
| 232 | X509_PUBKEY *xpk; | ||
| 233 | EVP_PKEY *pktmp; | ||
| 234 | xpk = d2i_X509_PUBKEY(NULL, pp, length); | ||
| 235 | if(!xpk) return NULL; | ||
| 236 | pktmp = X509_PUBKEY_get(xpk); | ||
| 237 | X509_PUBKEY_free(xpk); | ||
| 238 | if(!pktmp) return NULL; | ||
| 239 | if(a) { | ||
| 240 | EVP_PKEY_free(*a); | ||
| 241 | *a = pktmp; | ||
| 242 | } | ||
| 243 | return pktmp; | ||
| 244 | } | ||
| 245 | |||
| 246 | int i2d_PUBKEY(EVP_PKEY *a, unsigned char **pp) | ||
| 247 | { | ||
| 248 | X509_PUBKEY *xpk=NULL; | ||
| 249 | int ret; | ||
| 250 | if(!a) return 0; | ||
| 251 | if(!X509_PUBKEY_set(&xpk, a)) return 0; | ||
| 252 | ret = i2d_X509_PUBKEY(xpk, pp); | ||
| 253 | X509_PUBKEY_free(xpk); | ||
| 254 | return ret; | ||
| 255 | } | ||
| 256 | |||
| 257 | /* The following are equivalents but which return RSA and DSA | ||
| 258 | * keys | ||
| 259 | */ | ||
| 260 | #ifndef OPENSSL_NO_RSA | ||
| 261 | RSA *d2i_RSA_PUBKEY(RSA **a, unsigned char **pp, | ||
| 262 | long length) | ||
| 263 | { | ||
| 264 | EVP_PKEY *pkey; | ||
| 265 | RSA *key; | ||
| 266 | unsigned char *q; | ||
| 267 | q = *pp; | ||
| 268 | pkey = d2i_PUBKEY(NULL, &q, length); | ||
| 269 | if(!pkey) return NULL; | ||
| 270 | key = EVP_PKEY_get1_RSA(pkey); | ||
| 271 | EVP_PKEY_free(pkey); | ||
| 272 | if(!key) return NULL; | ||
| 273 | *pp = q; | ||
| 274 | if(a) { | ||
| 275 | RSA_free(*a); | ||
| 276 | *a = key; | ||
| 277 | } | ||
| 278 | return key; | ||
| 279 | } | ||
| 280 | |||
| 281 | int i2d_RSA_PUBKEY(RSA *a, unsigned char **pp) | ||
| 282 | { | ||
| 283 | EVP_PKEY *pktmp; | ||
| 284 | int ret; | ||
| 285 | if(!a) return 0; | ||
| 286 | pktmp = EVP_PKEY_new(); | ||
| 287 | if(!pktmp) { | ||
| 288 | ASN1err(ASN1_F_I2D_RSA_PUBKEY, ERR_R_MALLOC_FAILURE); | ||
| 289 | return 0; | ||
| 290 | } | ||
| 291 | EVP_PKEY_set1_RSA(pktmp, a); | ||
| 292 | ret = i2d_PUBKEY(pktmp, pp); | ||
| 293 | EVP_PKEY_free(pktmp); | ||
| 294 | return ret; | ||
| 295 | } | ||
| 296 | #endif | ||
| 297 | |||
| 298 | #ifndef OPENSSL_NO_DSA | ||
| 299 | DSA *d2i_DSA_PUBKEY(DSA **a, unsigned char **pp, | ||
| 300 | long length) | ||
| 301 | { | ||
| 302 | EVP_PKEY *pkey; | ||
| 303 | DSA *key; | ||
| 304 | unsigned char *q; | ||
| 305 | q = *pp; | ||
| 306 | pkey = d2i_PUBKEY(NULL, &q, length); | ||
| 307 | if(!pkey) return NULL; | ||
| 308 | key = EVP_PKEY_get1_DSA(pkey); | ||
| 309 | EVP_PKEY_free(pkey); | ||
| 310 | if(!key) return NULL; | ||
| 311 | *pp = q; | ||
| 312 | if(a) { | ||
| 313 | DSA_free(*a); | ||
| 314 | *a = key; | ||
| 315 | } | ||
| 316 | return key; | ||
| 317 | } | ||
| 318 | |||
| 319 | int i2d_DSA_PUBKEY(DSA *a, unsigned char **pp) | ||
| 320 | { | ||
| 321 | EVP_PKEY *pktmp; | ||
| 322 | int ret; | ||
| 323 | if(!a) return 0; | ||
| 324 | pktmp = EVP_PKEY_new(); | ||
| 325 | if(!pktmp) { | ||
| 326 | ASN1err(ASN1_F_I2D_DSA_PUBKEY, ERR_R_MALLOC_FAILURE); | ||
| 327 | return 0; | ||
| 328 | } | ||
| 329 | EVP_PKEY_set1_DSA(pktmp, a); | ||
| 330 | ret = i2d_PUBKEY(pktmp, pp); | ||
| 331 | EVP_PKEY_free(pktmp); | ||
| 332 | return ret; | ||
| 333 | } | ||
| 334 | #endif | ||
diff --git a/src/lib/libcrypto/asn1/x_req.c b/src/lib/libcrypto/asn1/x_req.c index ff0be13d37..b3f18ebc12 100644 --- a/src/lib/libcrypto/asn1/x_req.c +++ b/src/lib/libcrypto/asn1/x_req.c | |||
| @@ -58,190 +58,55 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1t.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | /* | 64 | /* X509_REQ_INFO is handled in an unusual way to get round |
| 65 | * ASN1err(ASN1_F_D2I_X509_REQ,ASN1_R_LENGTH_MISMATCH); | 65 | * invalid encodings. Some broken certificate requests don't |
| 66 | * ASN1err(ASN1_F_D2I_X509_REQ_INFO,ASN1_R_LENGTH_MISMATCH); | 66 | * encode the attributes field if it is empty. This is in |
| 67 | * ASN1err(ASN1_F_X509_REQ_NEW,ASN1_R_LENGTH_MISMATCH); | 67 | * violation of PKCS#10 but we need to tolerate it. We do |
| 68 | * ASN1err(ASN1_F_X509_REQ_INFO_NEW,ASN1_R_LENGTH_MISMATCH); | 68 | * this by making the attributes field OPTIONAL then using |
| 69 | * the callback to initialise it to an empty STACK. | ||
| 70 | * | ||
| 71 | * This means that the field will be correctly encoded unless | ||
| 72 | * we NULL out the field. | ||
| 73 | * | ||
| 74 | * As a result we no longer need the req_kludge field because | ||
| 75 | * the information is now contained in the attributes field: | ||
| 76 | * 1. If it is NULL then it's the invalid omission. | ||
| 77 | * 2. If it is empty it is the correct encoding. | ||
| 78 | * 3. If it is not empty then some attributes are present. | ||
| 79 | * | ||
| 69 | */ | 80 | */ |
| 70 | 81 | ||
| 71 | int i2d_X509_REQ_INFO(a,pp) | 82 | static int rinf_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) |
| 72 | X509_REQ_INFO *a; | 83 | { |
| 73 | unsigned char **pp; | 84 | X509_REQ_INFO *rinf = (X509_REQ_INFO *)*pval; |
| 74 | { | ||
| 75 | M_ASN1_I2D_vars(a); | ||
| 76 | |||
| 77 | M_ASN1_I2D_len(a->version, i2d_ASN1_INTEGER); | ||
| 78 | M_ASN1_I2D_len(a->subject, i2d_X509_NAME); | ||
| 79 | M_ASN1_I2D_len(a->pubkey, i2d_X509_PUBKEY); | ||
| 80 | |||
| 81 | /* this is a *nasty* hack reported to be required to | ||
| 82 | * allow some CA Software to accept the cert request. | ||
| 83 | * It is not following the PKCS standards ... | ||
| 84 | * PKCS#10 pg 5 | ||
| 85 | * attributes [0] IMPLICIT Attibutes | ||
| 86 | * NOTE: no OPTIONAL ... so it *must* be there | ||
| 87 | */ | ||
| 88 | if (a->req_kludge) | ||
| 89 | { | ||
| 90 | M_ASN1_I2D_len_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0); | ||
| 91 | } | ||
| 92 | else | ||
| 93 | { | ||
| 94 | M_ASN1_I2D_len_IMP_set(a->attributes, i2d_X509_ATTRIBUTE,0); | ||
| 95 | } | ||
| 96 | |||
| 97 | M_ASN1_I2D_seq_total(); | ||
| 98 | M_ASN1_I2D_put(a->version, i2d_ASN1_INTEGER); | ||
| 99 | M_ASN1_I2D_put(a->subject, i2d_X509_NAME); | ||
| 100 | M_ASN1_I2D_put(a->pubkey, i2d_X509_PUBKEY); | ||
| 101 | |||
| 102 | /* this is a *nasty* hack reported to be required by some CA's. | ||
| 103 | * It is not following the PKCS standards ... | ||
| 104 | * PKCS#10 pg 5 | ||
| 105 | * attributes [0] IMPLICIT Attibutes | ||
| 106 | * NOTE: no OPTIONAL ... so it *must* be there | ||
| 107 | */ | ||
| 108 | if (a->req_kludge) | ||
| 109 | { | ||
| 110 | M_ASN1_I2D_put_IMP_set_opt(a->attributes,i2d_X509_ATTRIBUTE,0); | ||
| 111 | } | ||
| 112 | else | ||
| 113 | { | ||
| 114 | M_ASN1_I2D_put_IMP_set(a->attributes,i2d_X509_ATTRIBUTE,0); | ||
| 115 | } | ||
| 116 | 85 | ||
| 117 | M_ASN1_I2D_finish(); | 86 | if(operation == ASN1_OP_NEW_POST) { |
| 87 | rinf->attributes = sk_X509_ATTRIBUTE_new_null(); | ||
| 88 | if(!rinf->attributes) return 0; | ||
| 118 | } | 89 | } |
| 119 | 90 | return 1; | |
| 120 | X509_REQ_INFO *d2i_X509_REQ_INFO(a,pp,length) | 91 | } |
| 121 | X509_REQ_INFO **a; | 92 | |
| 122 | unsigned char **pp; | 93 | ASN1_SEQUENCE_enc(X509_REQ_INFO, enc, rinf_cb) = { |
| 123 | long length; | 94 | ASN1_SIMPLE(X509_REQ_INFO, version, ASN1_INTEGER), |
| 124 | { | 95 | ASN1_SIMPLE(X509_REQ_INFO, subject, X509_NAME), |
| 125 | M_ASN1_D2I_vars(a,X509_REQ_INFO *,X509_REQ_INFO_new); | 96 | ASN1_SIMPLE(X509_REQ_INFO, pubkey, X509_PUBKEY), |
| 126 | 97 | /* This isn't really OPTIONAL but it gets round invalid | |
| 127 | M_ASN1_D2I_Init(); | 98 | * encodings |
| 128 | M_ASN1_D2I_start_sequence(); | ||
| 129 | M_ASN1_D2I_get(ret->version,d2i_ASN1_INTEGER); | ||
| 130 | M_ASN1_D2I_get(ret->subject,d2i_X509_NAME); | ||
| 131 | M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY); | ||
| 132 | |||
| 133 | /* this is a *nasty* hack to allow for some CA's that | ||
| 134 | * have been reported as requiring it. | ||
| 135 | * It is not following the PKCS standards ... | ||
| 136 | * PKCS#10 pg 5 | ||
| 137 | * attributes [0] IMPLICIT Attibutes | ||
| 138 | * NOTE: no OPTIONAL ... so it *must* be there | ||
| 139 | */ | 99 | */ |
| 140 | if (asn1_Finish(&c)) | 100 | ASN1_IMP_SET_OF_OPT(X509_REQ_INFO, attributes, X509_ATTRIBUTE, 0) |
| 141 | ret->req_kludge=1; | 101 | } ASN1_SEQUENCE_END_enc(X509_REQ_INFO, X509_REQ_INFO) |
| 142 | else | ||
| 143 | { | ||
| 144 | M_ASN1_D2I_get_IMP_set(ret->attributes,d2i_X509_ATTRIBUTE,0); | ||
| 145 | } | ||
| 146 | |||
| 147 | M_ASN1_D2I_Finish(a,X509_REQ_INFO_free,ASN1_F_D2I_X509_REQ_INFO); | ||
| 148 | } | ||
| 149 | |||
| 150 | X509_REQ_INFO *X509_REQ_INFO_new() | ||
| 151 | { | ||
| 152 | X509_REQ_INFO *ret=NULL; | ||
| 153 | 102 | ||
| 154 | M_ASN1_New_Malloc(ret,X509_REQ_INFO); | 103 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ_INFO) |
| 155 | M_ASN1_New(ret->version,ASN1_INTEGER_new); | ||
| 156 | M_ASN1_New(ret->subject,X509_NAME_new); | ||
| 157 | M_ASN1_New(ret->pubkey,X509_PUBKEY_new); | ||
| 158 | M_ASN1_New(ret->attributes,sk_new_null); | ||
| 159 | ret->req_kludge=0; | ||
| 160 | return(ret); | ||
| 161 | M_ASN1_New_Error(ASN1_F_X509_REQ_INFO_NEW); | ||
| 162 | } | ||
| 163 | |||
| 164 | void X509_REQ_INFO_free(a) | ||
| 165 | X509_REQ_INFO *a; | ||
| 166 | { | ||
| 167 | if (a == NULL) return; | ||
| 168 | ASN1_INTEGER_free(a->version); | ||
| 169 | X509_NAME_free(a->subject); | ||
| 170 | X509_PUBKEY_free(a->pubkey); | ||
| 171 | sk_pop_free(a->attributes,X509_ATTRIBUTE_free); | ||
| 172 | Free((char *)a); | ||
| 173 | } | ||
| 174 | |||
| 175 | int i2d_X509_REQ(a,pp) | ||
| 176 | X509_REQ *a; | ||
| 177 | unsigned char **pp; | ||
| 178 | { | ||
| 179 | M_ASN1_I2D_vars(a); | ||
| 180 | M_ASN1_I2D_len(a->req_info, i2d_X509_REQ_INFO); | ||
| 181 | M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); | ||
| 182 | M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); | ||
| 183 | |||
| 184 | M_ASN1_I2D_seq_total(); | ||
| 185 | |||
| 186 | M_ASN1_I2D_put(a->req_info, i2d_X509_REQ_INFO); | ||
| 187 | M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); | ||
| 188 | M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); | ||
| 189 | |||
| 190 | M_ASN1_I2D_finish(); | ||
| 191 | } | ||
| 192 | |||
| 193 | X509_REQ *d2i_X509_REQ(a,pp,length) | ||
| 194 | X509_REQ **a; | ||
| 195 | unsigned char **pp; | ||
| 196 | long length; | ||
| 197 | { | ||
| 198 | M_ASN1_D2I_vars(a,X509_REQ *,X509_REQ_new); | ||
| 199 | |||
| 200 | M_ASN1_D2I_Init(); | ||
| 201 | M_ASN1_D2I_start_sequence(); | ||
| 202 | M_ASN1_D2I_get(ret->req_info,d2i_X509_REQ_INFO); | ||
| 203 | M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); | ||
| 204 | M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); | ||
| 205 | M_ASN1_D2I_Finish(a,X509_REQ_free,ASN1_F_D2I_X509_REQ); | ||
| 206 | } | ||
| 207 | |||
| 208 | X509_REQ *X509_REQ_new() | ||
| 209 | { | ||
| 210 | X509_REQ *ret=NULL; | ||
| 211 | |||
| 212 | M_ASN1_New_Malloc(ret,X509_REQ); | ||
| 213 | ret->references=1; | ||
| 214 | M_ASN1_New(ret->req_info,X509_REQ_INFO_new); | ||
| 215 | M_ASN1_New(ret->sig_alg,X509_ALGOR_new); | ||
| 216 | M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); | ||
| 217 | return(ret); | ||
| 218 | M_ASN1_New_Error(ASN1_F_X509_REQ_NEW); | ||
| 219 | } | ||
| 220 | |||
| 221 | void X509_REQ_free(a) | ||
| 222 | X509_REQ *a; | ||
| 223 | { | ||
| 224 | int i; | ||
| 225 | |||
| 226 | if (a == NULL) return; | ||
| 227 | |||
| 228 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509_REQ); | ||
| 229 | #ifdef REF_PRINT | ||
| 230 | REF_PRINT("X509_REQ",a); | ||
| 231 | #endif | ||
| 232 | if (i > 0) return; | ||
| 233 | #ifdef REF_CHECK | ||
| 234 | if (i < 0) | ||
| 235 | { | ||
| 236 | fprintf(stderr,"X509_REQ_free, bad reference count\n"); | ||
| 237 | abort(); | ||
| 238 | } | ||
| 239 | #endif | ||
| 240 | |||
| 241 | X509_REQ_INFO_free(a->req_info); | ||
| 242 | X509_ALGOR_free(a->sig_alg); | ||
| 243 | ASN1_BIT_STRING_free(a->signature); | ||
| 244 | Free((char *)a); | ||
| 245 | } | ||
| 246 | 104 | ||
| 105 | ASN1_SEQUENCE_ref(X509_REQ, 0, CRYPTO_LOCK_X509_INFO) = { | ||
| 106 | ASN1_SIMPLE(X509_REQ, req_info, X509_REQ_INFO), | ||
| 107 | ASN1_SIMPLE(X509_REQ, sig_alg, X509_ALGOR), | ||
| 108 | ASN1_SIMPLE(X509_REQ, signature, ASN1_BIT_STRING) | ||
| 109 | } ASN1_SEQUENCE_END_ref(X509_REQ, X509_REQ) | ||
| 247 | 110 | ||
| 111 | IMPLEMENT_ASN1_FUNCTIONS(X509_REQ) | ||
| 112 | IMPLEMENT_ASN1_DUP_FUNCTION(X509_REQ) | ||
diff --git a/src/lib/libcrypto/asn1/x_sig.c b/src/lib/libcrypto/asn1/x_sig.c index f0a2e4c27a..42efa86c1c 100644 --- a/src/lib/libcrypto/asn1/x_sig.c +++ b/src/lib/libcrypto/asn1/x_sig.c | |||
| @@ -58,62 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1t.h> |
| 62 | 62 | #include <openssl/x509.h> | |
| 63 | /* | ||
| 64 | * ASN1err(ASN1_F_D2I_X509_SIG,ASN1_R_LENGTH_MISMATCH); | ||
| 65 | * ASN1err(ASN1_F_X509_SIG_NEW,ASN1_R_LENGTH_MISMATCH); | ||
| 66 | */ | ||
| 67 | |||
| 68 | int i2d_X509_SIG(a,pp) | ||
| 69 | X509_SIG *a; | ||
| 70 | unsigned char **pp; | ||
| 71 | { | ||
| 72 | M_ASN1_I2D_vars(a); | ||
| 73 | |||
| 74 | M_ASN1_I2D_len(a->algor, i2d_X509_ALGOR); | ||
| 75 | M_ASN1_I2D_len(a->digest, i2d_ASN1_OCTET_STRING); | ||
| 76 | |||
| 77 | M_ASN1_I2D_seq_total(); | ||
| 78 | |||
| 79 | M_ASN1_I2D_put(a->algor, i2d_X509_ALGOR); | ||
| 80 | M_ASN1_I2D_put(a->digest, i2d_ASN1_OCTET_STRING); | ||
| 81 | |||
| 82 | M_ASN1_I2D_finish(); | ||
| 83 | } | ||
| 84 | |||
| 85 | X509_SIG *d2i_X509_SIG(a,pp,length) | ||
| 86 | X509_SIG **a; | ||
| 87 | unsigned char **pp; | ||
| 88 | long length; | ||
| 89 | { | ||
| 90 | M_ASN1_D2I_vars(a,X509_SIG *,X509_SIG_new); | ||
| 91 | |||
| 92 | M_ASN1_D2I_Init(); | ||
| 93 | M_ASN1_D2I_start_sequence(); | ||
| 94 | M_ASN1_D2I_get(ret->algor,d2i_X509_ALGOR); | ||
| 95 | M_ASN1_D2I_get(ret->digest,d2i_ASN1_OCTET_STRING); | ||
| 96 | M_ASN1_D2I_Finish(a,X509_SIG_free,ASN1_F_D2I_X509_SIG); | ||
| 97 | } | ||
| 98 | |||
| 99 | X509_SIG *X509_SIG_new() | ||
| 100 | { | ||
| 101 | X509_SIG *ret=NULL; | ||
| 102 | |||
| 103 | M_ASN1_New_Malloc(ret,X509_SIG); | ||
| 104 | M_ASN1_New(ret->algor,X509_ALGOR_new); | ||
| 105 | M_ASN1_New(ret->digest,ASN1_OCTET_STRING_new); | ||
| 106 | return(ret); | ||
| 107 | M_ASN1_New_Error(ASN1_F_X509_SIG_NEW); | ||
| 108 | } | ||
| 109 | |||
| 110 | void X509_SIG_free(a) | ||
| 111 | X509_SIG *a; | ||
| 112 | { | ||
| 113 | if (a == NULL) return; | ||
| 114 | X509_ALGOR_free(a->algor); | ||
| 115 | ASN1_OCTET_STRING_free(a->digest); | ||
| 116 | Free((char *)a); | ||
| 117 | } | ||
| 118 | 63 | ||
| 64 | ASN1_SEQUENCE(X509_SIG) = { | ||
| 65 | ASN1_SIMPLE(X509_SIG, algor, X509_ALGOR), | ||
| 66 | ASN1_SIMPLE(X509_SIG, digest, ASN1_OCTET_STRING) | ||
| 67 | } ASN1_SEQUENCE_END(X509_SIG) | ||
| 119 | 68 | ||
| 69 | IMPLEMENT_ASN1_FUNCTIONS(X509_SIG) | ||
diff --git a/src/lib/libcrypto/asn1/x_spki.c b/src/lib/libcrypto/asn1/x_spki.c index 4a80df44b8..2aece077c5 100644 --- a/src/lib/libcrypto/asn1/x_spki.c +++ b/src/lib/libcrypto/asn1/x_spki.c | |||
| @@ -57,125 +57,25 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* This module was send to me my Pat Richards <patr@x509.com> who | 59 | /* This module was send to me my Pat Richards <patr@x509.com> who |
| 60 | * wrote it. It is under my Copyright with his permision | 60 | * wrote it. It is under my Copyright with his permission |
| 61 | */ | 61 | */ |
| 62 | 62 | ||
| 63 | #include <stdio.h> | 63 | #include <stdio.h> |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include "asn1_mac.h" | 66 | #include <openssl/asn1t.h> |
| 67 | 67 | ||
| 68 | /* | 68 | ASN1_SEQUENCE(NETSCAPE_SPKAC) = { |
| 69 | * ASN1err(ASN1_F_D2I_NETSCAPE_SPKAC,ASN1_R_LENGTH_MISMATCH); | 69 | ASN1_SIMPLE(NETSCAPE_SPKAC, pubkey, X509_PUBKEY), |
| 70 | * ASN1err(ASN1_F_NETSCAPE_SPKAC_NEW,ASN1_R_LENGTH_MISMATCH); | 70 | ASN1_SIMPLE(NETSCAPE_SPKAC, challenge, ASN1_IA5STRING) |
| 71 | * ASN1err(ASN1_F_D2I_NETSCAPE_SPKI,ASN1_R_LENGTH_MISMATCH); | 71 | } ASN1_SEQUENCE_END(NETSCAPE_SPKAC) |
| 72 | * ASN1err(ASN1_F_NETSCAPE_SPKI_NEW,ASN1_R_LENGTH_MISMATCH); | ||
| 73 | */ | ||
| 74 | |||
| 75 | int i2d_NETSCAPE_SPKAC(a,pp) | ||
| 76 | NETSCAPE_SPKAC *a; | ||
| 77 | unsigned char **pp; | ||
| 78 | { | ||
| 79 | M_ASN1_I2D_vars(a); | ||
| 80 | |||
| 81 | M_ASN1_I2D_len(a->pubkey, i2d_X509_PUBKEY); | ||
| 82 | M_ASN1_I2D_len(a->challenge, i2d_ASN1_IA5STRING); | ||
| 83 | |||
| 84 | M_ASN1_I2D_seq_total(); | ||
| 85 | |||
| 86 | M_ASN1_I2D_put(a->pubkey, i2d_X509_PUBKEY); | ||
| 87 | M_ASN1_I2D_put(a->challenge, i2d_ASN1_IA5STRING); | ||
| 88 | |||
| 89 | M_ASN1_I2D_finish(); | ||
| 90 | } | ||
| 91 | |||
| 92 | NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(a,pp,length) | ||
| 93 | NETSCAPE_SPKAC **a; | ||
| 94 | unsigned char **pp; | ||
| 95 | long length; | ||
| 96 | { | ||
| 97 | M_ASN1_D2I_vars(a,NETSCAPE_SPKAC *,NETSCAPE_SPKAC_new); | ||
| 98 | |||
| 99 | M_ASN1_D2I_Init(); | ||
| 100 | M_ASN1_D2I_start_sequence(); | ||
| 101 | M_ASN1_D2I_get(ret->pubkey,d2i_X509_PUBKEY); | ||
| 102 | M_ASN1_D2I_get(ret->challenge,d2i_ASN1_IA5STRING); | ||
| 103 | M_ASN1_D2I_Finish(a,NETSCAPE_SPKAC_free,ASN1_F_D2I_NETSCAPE_SPKAC); | ||
| 104 | } | ||
| 105 | |||
| 106 | NETSCAPE_SPKAC *NETSCAPE_SPKAC_new() | ||
| 107 | { | ||
| 108 | NETSCAPE_SPKAC *ret=NULL; | ||
| 109 | |||
| 110 | M_ASN1_New_Malloc(ret,NETSCAPE_SPKAC); | ||
| 111 | M_ASN1_New(ret->pubkey,X509_PUBKEY_new); | ||
| 112 | M_ASN1_New(ret->challenge,ASN1_IA5STRING_new); | ||
| 113 | return(ret); | ||
| 114 | M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKAC_NEW); | ||
| 115 | } | ||
| 116 | |||
| 117 | void NETSCAPE_SPKAC_free(a) | ||
| 118 | NETSCAPE_SPKAC *a; | ||
| 119 | { | ||
| 120 | if (a == NULL) return; | ||
| 121 | X509_PUBKEY_free(a->pubkey); | ||
| 122 | ASN1_IA5STRING_free(a->challenge); | ||
| 123 | Free((char *)a); | ||
| 124 | } | ||
| 125 | |||
| 126 | int i2d_NETSCAPE_SPKI(a,pp) | ||
| 127 | NETSCAPE_SPKI *a; | ||
| 128 | unsigned char **pp; | ||
| 129 | { | ||
| 130 | M_ASN1_I2D_vars(a); | ||
| 131 | |||
| 132 | M_ASN1_I2D_len(a->spkac, i2d_NETSCAPE_SPKAC); | ||
| 133 | M_ASN1_I2D_len(a->sig_algor, i2d_X509_ALGOR); | ||
| 134 | M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); | ||
| 135 | |||
| 136 | M_ASN1_I2D_seq_total(); | ||
| 137 | |||
| 138 | M_ASN1_I2D_put(a->spkac, i2d_NETSCAPE_SPKAC); | ||
| 139 | M_ASN1_I2D_put(a->sig_algor, i2d_X509_ALGOR); | ||
| 140 | M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); | ||
| 141 | |||
| 142 | M_ASN1_I2D_finish(); | ||
| 143 | } | ||
| 144 | |||
| 145 | NETSCAPE_SPKI *d2i_NETSCAPE_SPKI(a,pp,length) | ||
| 146 | NETSCAPE_SPKI **a; | ||
| 147 | unsigned char **pp; | ||
| 148 | long length; | ||
| 149 | { | ||
| 150 | M_ASN1_D2I_vars(a,NETSCAPE_SPKI *,NETSCAPE_SPKI_new); | ||
| 151 | |||
| 152 | M_ASN1_D2I_Init(); | ||
| 153 | M_ASN1_D2I_start_sequence(); | ||
| 154 | M_ASN1_D2I_get(ret->spkac,d2i_NETSCAPE_SPKAC); | ||
| 155 | M_ASN1_D2I_get(ret->sig_algor,d2i_X509_ALGOR); | ||
| 156 | M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); | ||
| 157 | M_ASN1_D2I_Finish(a,NETSCAPE_SPKI_free,ASN1_F_D2I_NETSCAPE_SPKI); | ||
| 158 | } | ||
| 159 | |||
| 160 | NETSCAPE_SPKI *NETSCAPE_SPKI_new() | ||
| 161 | { | ||
| 162 | NETSCAPE_SPKI *ret=NULL; | ||
| 163 | 72 | ||
| 164 | M_ASN1_New_Malloc(ret,NETSCAPE_SPKI); | 73 | IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKAC) |
| 165 | M_ASN1_New(ret->spkac,NETSCAPE_SPKAC_new); | ||
| 166 | M_ASN1_New(ret->sig_algor,X509_ALGOR_new); | ||
| 167 | M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); | ||
| 168 | return(ret); | ||
| 169 | M_ASN1_New_Error(ASN1_F_NETSCAPE_SPKI_NEW); | ||
| 170 | } | ||
| 171 | 74 | ||
| 172 | void NETSCAPE_SPKI_free(a) | 75 | ASN1_SEQUENCE(NETSCAPE_SPKI) = { |
| 173 | NETSCAPE_SPKI *a; | 76 | ASN1_SIMPLE(NETSCAPE_SPKI, spkac, NETSCAPE_SPKAC), |
| 174 | { | 77 | ASN1_SIMPLE(NETSCAPE_SPKI, sig_algor, X509_ALGOR), |
| 175 | if (a == NULL) return; | 78 | ASN1_SIMPLE(NETSCAPE_SPKI, signature, ASN1_BIT_STRING) |
| 176 | NETSCAPE_SPKAC_free(a->spkac); | 79 | } ASN1_SEQUENCE_END(NETSCAPE_SPKI) |
| 177 | X509_ALGOR_free(a->sig_algor); | ||
| 178 | ASN1_BIT_STRING_free(a->signature); | ||
| 179 | Free((char *)a); | ||
| 180 | } | ||
| 181 | 80 | ||
| 81 | IMPLEMENT_ASN1_FUNCTIONS(NETSCAPE_SPKI) | ||
diff --git a/src/lib/libcrypto/asn1/x_val.c b/src/lib/libcrypto/asn1/x_val.c index a9c390f88c..dc17c67758 100644 --- a/src/lib/libcrypto/asn1/x_val.c +++ b/src/lib/libcrypto/asn1/x_val.c | |||
| @@ -58,61 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1t.h> |
| 62 | #include <openssl/x509.h> | ||
| 62 | 63 | ||
| 63 | /* ASN1err(ASN1_F_X509_VAL_NEW,ERR_R_MALLOC_FAILURE); | 64 | ASN1_SEQUENCE(X509_VAL) = { |
| 64 | * ASN1err(ASN1_F_X509_VAL_FREE,ERR_R_MALLOC_FAILURE); | 65 | ASN1_SIMPLE(X509_VAL, notBefore, ASN1_TIME), |
| 65 | * ASN1err(ASN1_F_D2I_X509_VAL,ERR_R_MALLOC_FAILURE); | 66 | ASN1_SIMPLE(X509_VAL, notAfter, ASN1_TIME) |
| 66 | */ | 67 | } ASN1_SEQUENCE_END(X509_VAL) |
| 67 | |||
| 68 | int i2d_X509_VAL(a,pp) | ||
| 69 | X509_VAL *a; | ||
| 70 | unsigned char **pp; | ||
| 71 | { | ||
| 72 | M_ASN1_I2D_vars(a); | ||
| 73 | |||
| 74 | M_ASN1_I2D_len(a->notBefore,i2d_ASN1_UTCTIME); | ||
| 75 | M_ASN1_I2D_len(a->notAfter,i2d_ASN1_UTCTIME); | ||
| 76 | |||
| 77 | M_ASN1_I2D_seq_total(); | ||
| 78 | |||
| 79 | M_ASN1_I2D_put(a->notBefore,i2d_ASN1_UTCTIME); | ||
| 80 | M_ASN1_I2D_put(a->notAfter,i2d_ASN1_UTCTIME); | ||
| 81 | |||
| 82 | M_ASN1_I2D_finish(); | ||
| 83 | } | ||
| 84 | |||
| 85 | X509_VAL *d2i_X509_VAL(a,pp,length) | ||
| 86 | X509_VAL **a; | ||
| 87 | unsigned char **pp; | ||
| 88 | long length; | ||
| 89 | { | ||
| 90 | M_ASN1_D2I_vars(a,X509_VAL *,X509_VAL_new); | ||
| 91 | |||
| 92 | M_ASN1_D2I_Init(); | ||
| 93 | M_ASN1_D2I_start_sequence(); | ||
| 94 | M_ASN1_D2I_get(ret->notBefore,d2i_ASN1_UTCTIME); | ||
| 95 | M_ASN1_D2I_get(ret->notAfter,d2i_ASN1_UTCTIME); | ||
| 96 | M_ASN1_D2I_Finish(a,X509_VAL_free,ASN1_F_D2I_X509_VAL); | ||
| 97 | } | ||
| 98 | |||
| 99 | X509_VAL *X509_VAL_new() | ||
| 100 | { | ||
| 101 | X509_VAL *ret=NULL; | ||
| 102 | |||
| 103 | M_ASN1_New_Malloc(ret,X509_VAL); | ||
| 104 | M_ASN1_New(ret->notBefore,ASN1_UTCTIME_new); | ||
| 105 | M_ASN1_New(ret->notAfter,ASN1_UTCTIME_new); | ||
| 106 | return(ret); | ||
| 107 | M_ASN1_New_Error(ASN1_F_X509_VAL_NEW); | ||
| 108 | } | ||
| 109 | |||
| 110 | void X509_VAL_free(a) | ||
| 111 | X509_VAL *a; | ||
| 112 | { | ||
| 113 | if (a == NULL) return; | ||
| 114 | ASN1_UTCTIME_free(a->notBefore); | ||
| 115 | ASN1_UTCTIME_free(a->notAfter); | ||
| 116 | Free((char *)a); | ||
| 117 | } | ||
| 118 | 68 | ||
| 69 | IMPLEMENT_ASN1_FUNCTIONS(X509_VAL) | ||
diff --git a/src/lib/libcrypto/asn1/x_x509.c b/src/lib/libcrypto/asn1/x_x509.c index bc466ce0f6..b50167ce43 100644 --- a/src/lib/libcrypto/asn1/x_x509.c +++ b/src/lib/libcrypto/asn1/x_x509.c | |||
| @@ -58,13 +58,72 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "asn1_mac.h" | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/x509.h> | ||
| 64 | #include <openssl/x509v3.h> | ||
| 65 | |||
| 66 | ASN1_SEQUENCE(X509_CINF) = { | ||
| 67 | ASN1_EXP_OPT(X509_CINF, version, ASN1_INTEGER, 0), | ||
| 68 | ASN1_SIMPLE(X509_CINF, serialNumber, ASN1_INTEGER), | ||
| 69 | ASN1_SIMPLE(X509_CINF, signature, X509_ALGOR), | ||
| 70 | ASN1_SIMPLE(X509_CINF, issuer, X509_NAME), | ||
| 71 | ASN1_SIMPLE(X509_CINF, validity, X509_VAL), | ||
| 72 | ASN1_SIMPLE(X509_CINF, subject, X509_NAME), | ||
| 73 | ASN1_SIMPLE(X509_CINF, key, X509_PUBKEY), | ||
| 74 | ASN1_IMP_OPT(X509_CINF, issuerUID, ASN1_BIT_STRING, 1), | ||
| 75 | ASN1_IMP_OPT(X509_CINF, subjectUID, ASN1_BIT_STRING, 2), | ||
| 76 | ASN1_EXP_SEQUENCE_OF_OPT(X509_CINF, extensions, X509_EXTENSION, 3) | ||
| 77 | } ASN1_SEQUENCE_END(X509_CINF) | ||
| 78 | |||
| 79 | IMPLEMENT_ASN1_FUNCTIONS(X509_CINF) | ||
| 80 | /* X509 top level structure needs a bit of customisation */ | ||
| 81 | |||
| 82 | static int x509_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | ||
| 83 | { | ||
| 84 | X509 *ret = (X509 *)*pval; | ||
| 85 | |||
| 86 | switch(operation) { | ||
| 87 | |||
| 88 | case ASN1_OP_NEW_POST: | ||
| 89 | ret->valid=0; | ||
| 90 | ret->name = NULL; | ||
| 91 | ret->ex_flags = 0; | ||
| 92 | ret->ex_pathlen = -1; | ||
| 93 | ret->skid = NULL; | ||
| 94 | ret->akid = NULL; | ||
| 95 | ret->aux = NULL; | ||
| 96 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); | ||
| 97 | break; | ||
| 98 | |||
| 99 | case ASN1_OP_D2I_POST: | ||
| 100 | if (ret->name != NULL) OPENSSL_free(ret->name); | ||
| 101 | ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); | ||
| 102 | break; | ||
| 103 | |||
| 104 | case ASN1_OP_FREE_POST: | ||
| 105 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509, ret, &ret->ex_data); | ||
| 106 | X509_CERT_AUX_free(ret->aux); | ||
| 107 | ASN1_OCTET_STRING_free(ret->skid); | ||
| 108 | AUTHORITY_KEYID_free(ret->akid); | ||
| 109 | |||
| 110 | if (ret->name != NULL) OPENSSL_free(ret->name); | ||
| 111 | break; | ||
| 63 | 112 | ||
| 64 | /* | 113 | } |
| 65 | * ASN1err(ASN1_F_D2I_X509,ASN1_R_LENGTH_MISMATCH); | 114 | |
| 66 | * ASN1err(ASN1_F_X509_NEW,ASN1_R_BAD_GET_OBJECT); | 115 | return 1; |
| 67 | */ | 116 | |
| 117 | } | ||
| 118 | |||
| 119 | ASN1_SEQUENCE_ref(X509, x509_cb, CRYPTO_LOCK_X509) = { | ||
| 120 | ASN1_SIMPLE(X509, cert_info, X509_CINF), | ||
| 121 | ASN1_SIMPLE(X509, sig_alg, X509_ALGOR), | ||
| 122 | ASN1_SIMPLE(X509, signature, ASN1_BIT_STRING) | ||
| 123 | } ASN1_SEQUENCE_END_ref(X509, X509) | ||
| 124 | |||
| 125 | IMPLEMENT_ASN1_FUNCTIONS(X509) | ||
| 126 | IMPLEMENT_ASN1_DUP_FUNCTION(X509) | ||
| 68 | 127 | ||
| 69 | static ASN1_METHOD meth={ | 128 | static ASN1_METHOD meth={ |
| 70 | (int (*)()) i2d_X509, | 129 | (int (*)()) i2d_X509, |
| @@ -72,87 +131,59 @@ static ASN1_METHOD meth={ | |||
| 72 | (char *(*)())X509_new, | 131 | (char *(*)())X509_new, |
| 73 | (void (*)()) X509_free}; | 132 | (void (*)()) X509_free}; |
| 74 | 133 | ||
| 75 | ASN1_METHOD *X509_asn1_meth() | 134 | ASN1_METHOD *X509_asn1_meth(void) |
| 76 | { | 135 | { |
| 77 | return(&meth); | 136 | return(&meth); |
| 78 | } | 137 | } |
| 79 | 138 | ||
| 80 | int i2d_X509(a,pp) | 139 | int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 81 | X509 *a; | 140 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 82 | unsigned char **pp; | 141 | { |
| 83 | { | 142 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509, argl, argp, |
| 84 | M_ASN1_I2D_vars(a); | 143 | new_func, dup_func, free_func); |
| 85 | 144 | } | |
| 86 | M_ASN1_I2D_len(a->cert_info, i2d_X509_CINF); | ||
| 87 | M_ASN1_I2D_len(a->sig_alg, i2d_X509_ALGOR); | ||
| 88 | M_ASN1_I2D_len(a->signature, i2d_ASN1_BIT_STRING); | ||
| 89 | |||
| 90 | M_ASN1_I2D_seq_total(); | ||
| 91 | 145 | ||
| 92 | M_ASN1_I2D_put(a->cert_info, i2d_X509_CINF); | 146 | int X509_set_ex_data(X509 *r, int idx, void *arg) |
| 93 | M_ASN1_I2D_put(a->sig_alg, i2d_X509_ALGOR); | ||
| 94 | M_ASN1_I2D_put(a->signature, i2d_ASN1_BIT_STRING); | ||
| 95 | |||
| 96 | M_ASN1_I2D_finish(); | ||
| 97 | } | ||
| 98 | |||
| 99 | X509 *d2i_X509(a,pp,length) | ||
| 100 | X509 **a; | ||
| 101 | unsigned char **pp; | ||
| 102 | long length; | ||
| 103 | { | 147 | { |
| 104 | M_ASN1_D2I_vars(a,X509 *,X509_new); | 148 | return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); |
| 105 | |||
| 106 | M_ASN1_D2I_Init(); | ||
| 107 | M_ASN1_D2I_start_sequence(); | ||
| 108 | M_ASN1_D2I_get(ret->cert_info,d2i_X509_CINF); | ||
| 109 | M_ASN1_D2I_get(ret->sig_alg,d2i_X509_ALGOR); | ||
| 110 | M_ASN1_D2I_get(ret->signature,d2i_ASN1_BIT_STRING); | ||
| 111 | if (ret->name != NULL) Free(ret->name); | ||
| 112 | ret->name=X509_NAME_oneline(ret->cert_info->subject,NULL,0); | ||
| 113 | |||
| 114 | M_ASN1_D2I_Finish(a,X509_free,ASN1_F_D2I_X509); | ||
| 115 | } | 149 | } |
| 116 | 150 | ||
| 117 | X509 *X509_new() | 151 | void *X509_get_ex_data(X509 *r, int idx) |
| 118 | { | 152 | { |
| 119 | X509 *ret=NULL; | 153 | return(CRYPTO_get_ex_data(&r->ex_data,idx)); |
| 120 | |||
| 121 | M_ASN1_New_Malloc(ret,X509); | ||
| 122 | ret->references=1; | ||
| 123 | ret->valid=0; | ||
| 124 | ret->name=NULL; | ||
| 125 | M_ASN1_New(ret->cert_info,X509_CINF_new); | ||
| 126 | M_ASN1_New(ret->sig_alg,X509_ALGOR_new); | ||
| 127 | M_ASN1_New(ret->signature,ASN1_BIT_STRING_new); | ||
| 128 | return(ret); | ||
| 129 | M_ASN1_New_Error(ASN1_F_X509_NEW); | ||
| 130 | } | 154 | } |
| 131 | 155 | ||
| 132 | void X509_free(a) | 156 | /* X509_AUX ASN1 routines. X509_AUX is the name given to |
| 133 | X509 *a; | 157 | * a certificate with extra info tagged on the end. Since these |
| 134 | { | 158 | * functions set how a certificate is trusted they should only |
| 135 | int i; | 159 | * be used when the certificate comes from a reliable source |
| 136 | 160 | * such as local storage. | |
| 137 | if (a == NULL) return; | 161 | * |
| 138 | 162 | */ | |
| 139 | i=CRYPTO_add(&a->references,-1,CRYPTO_LOCK_X509); | ||
| 140 | #ifdef REF_PRINT | ||
| 141 | REF_PRINT("X509",a); | ||
| 142 | #endif | ||
| 143 | if (i > 0) return; | ||
| 144 | #ifdef REF_CHECK | ||
| 145 | if (i < 0) | ||
| 146 | { | ||
| 147 | fprintf(stderr,"X509_free, bad reference count\n"); | ||
| 148 | abort(); | ||
| 149 | } | ||
| 150 | #endif | ||
| 151 | |||
| 152 | X509_CINF_free(a->cert_info); | ||
| 153 | X509_ALGOR_free(a->sig_alg); | ||
| 154 | ASN1_BIT_STRING_free(a->signature); | ||
| 155 | if (a->name != NULL) Free(a->name); | ||
| 156 | Free((char *)a); | ||
| 157 | } | ||
| 158 | 163 | ||
| 164 | X509 *d2i_X509_AUX(X509 **a, unsigned char **pp, long length) | ||
| 165 | { | ||
| 166 | unsigned char *q; | ||
| 167 | X509 *ret; | ||
| 168 | /* Save start position */ | ||
| 169 | q = *pp; | ||
| 170 | ret = d2i_X509(a, pp, length); | ||
| 171 | /* If certificate unreadable then forget it */ | ||
| 172 | if(!ret) return NULL; | ||
| 173 | /* update length */ | ||
| 174 | length -= *pp - q; | ||
| 175 | if(!length) return ret; | ||
| 176 | if(!d2i_X509_CERT_AUX(&ret->aux, pp, length)) goto err; | ||
| 177 | return ret; | ||
| 178 | err: | ||
| 179 | X509_free(ret); | ||
| 180 | return NULL; | ||
| 181 | } | ||
| 182 | |||
| 183 | int i2d_X509_AUX(X509 *a, unsigned char **pp) | ||
| 184 | { | ||
| 185 | int length; | ||
| 186 | length = i2d_X509(a, pp); | ||
| 187 | if(a) length += i2d_X509_CERT_AUX(a->aux, pp); | ||
| 188 | return length; | ||
| 189 | } | ||
diff --git a/src/lib/libcrypto/asn1/x_x509a.c b/src/lib/libcrypto/asn1/x_x509a.c index b9987ea968..f244768b7e 100644 --- a/src/lib/libcrypto/asn1/x_x509a.c +++ b/src/lib/libcrypto/asn1/x_x509a.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/evp.h> | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/asn1_mac.h> | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/x509.h> | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | /* X509_CERT_AUX routines. These are used to encode additional | 65 | /* X509_CERT_AUX routines. These are used to encode additional |
| @@ -71,72 +71,15 @@ | |||
| 71 | 71 | ||
| 72 | static X509_CERT_AUX *aux_get(X509 *x); | 72 | static X509_CERT_AUX *aux_get(X509 *x); |
| 73 | 73 | ||
| 74 | X509_CERT_AUX *d2i_X509_CERT_AUX(X509_CERT_AUX **a, unsigned char **pp, long length) | 74 | ASN1_SEQUENCE(X509_CERT_AUX) = { |
| 75 | { | 75 | ASN1_SEQUENCE_OF_OPT(X509_CERT_AUX, trust, ASN1_OBJECT), |
| 76 | M_ASN1_D2I_vars(a, X509_CERT_AUX *, X509_CERT_AUX_new); | 76 | ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, reject, ASN1_OBJECT, 0), |
| 77 | 77 | ASN1_OPT(X509_CERT_AUX, alias, ASN1_UTF8STRING), | |
| 78 | M_ASN1_D2I_Init(); | 78 | ASN1_OPT(X509_CERT_AUX, keyid, ASN1_OCTET_STRING), |
| 79 | M_ASN1_D2I_start_sequence(); | 79 | ASN1_IMP_SEQUENCE_OF_OPT(X509_CERT_AUX, other, X509_ALGOR, 1) |
| 80 | 80 | } ASN1_SEQUENCE_END(X509_CERT_AUX) | |
| 81 | M_ASN1_D2I_get_seq_opt_type(ASN1_OBJECT, ret->trust, | ||
| 82 | d2i_ASN1_OBJECT, ASN1_OBJECT_free); | ||
| 83 | M_ASN1_D2I_get_IMP_set_opt_type(ASN1_OBJECT, ret->reject, | ||
| 84 | d2i_ASN1_OBJECT, ASN1_OBJECT_free, 0); | ||
| 85 | M_ASN1_D2I_get_opt(ret->alias, d2i_ASN1_UTF8STRING, V_ASN1_UTF8STRING); | ||
| 86 | M_ASN1_D2I_get_opt(ret->keyid, d2i_ASN1_OCTET_STRING, V_ASN1_OCTET_STRING); | ||
| 87 | M_ASN1_D2I_get_IMP_set_opt_type(X509_ALGOR, ret->other, | ||
| 88 | d2i_X509_ALGOR, X509_ALGOR_free, 1); | ||
| 89 | |||
| 90 | M_ASN1_D2I_Finish(a, X509_CERT_AUX_free, ASN1_F_D2I_X509_CERT_AUX); | ||
| 91 | } | ||
| 92 | |||
| 93 | X509_CERT_AUX *X509_CERT_AUX_new() | ||
| 94 | { | ||
| 95 | X509_CERT_AUX *ret = NULL; | ||
| 96 | ASN1_CTX c; | ||
| 97 | M_ASN1_New_Malloc(ret, X509_CERT_AUX); | ||
| 98 | ret->trust = NULL; | ||
| 99 | ret->reject = NULL; | ||
| 100 | ret->alias = NULL; | ||
| 101 | ret->keyid = NULL; | ||
| 102 | ret->other = NULL; | ||
| 103 | return(ret); | ||
| 104 | M_ASN1_New_Error(ASN1_F_X509_CERT_AUX_NEW); | ||
| 105 | } | ||
| 106 | |||
| 107 | void X509_CERT_AUX_free(X509_CERT_AUX *a) | ||
| 108 | { | ||
| 109 | if(a == NULL) return; | ||
| 110 | sk_ASN1_OBJECT_pop_free(a->trust, ASN1_OBJECT_free); | ||
| 111 | sk_ASN1_OBJECT_pop_free(a->reject, ASN1_OBJECT_free); | ||
| 112 | ASN1_UTF8STRING_free(a->alias); | ||
| 113 | ASN1_OCTET_STRING_free(a->keyid); | ||
| 114 | sk_X509_ALGOR_pop_free(a->other, X509_ALGOR_free); | ||
| 115 | Free(a); | ||
| 116 | } | ||
| 117 | |||
| 118 | int i2d_X509_CERT_AUX(X509_CERT_AUX *a, unsigned char **pp) | ||
| 119 | { | ||
| 120 | M_ASN1_I2D_vars(a); | ||
| 121 | 81 | ||
| 122 | M_ASN1_I2D_len_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); | 82 | IMPLEMENT_ASN1_FUNCTIONS(X509_CERT_AUX) |
| 123 | M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); | ||
| 124 | |||
| 125 | M_ASN1_I2D_len(a->alias, i2d_ASN1_UTF8STRING); | ||
| 126 | M_ASN1_I2D_len(a->keyid, i2d_ASN1_OCTET_STRING); | ||
| 127 | M_ASN1_I2D_len_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); | ||
| 128 | |||
| 129 | M_ASN1_I2D_seq_total(); | ||
| 130 | |||
| 131 | M_ASN1_I2D_put_SEQUENCE_opt_type(ASN1_OBJECT, a->trust, i2d_ASN1_OBJECT); | ||
| 132 | M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(ASN1_OBJECT, a->reject, i2d_ASN1_OBJECT, 0); | ||
| 133 | |||
| 134 | M_ASN1_I2D_put(a->alias, i2d_ASN1_UTF8STRING); | ||
| 135 | M_ASN1_I2D_put(a->keyid, i2d_ASN1_OCTET_STRING); | ||
| 136 | M_ASN1_I2D_put_IMP_SEQUENCE_opt_type(X509_ALGOR, a->other, i2d_X509_ALGOR, 1); | ||
| 137 | |||
| 138 | M_ASN1_I2D_finish(); | ||
| 139 | } | ||
| 140 | 83 | ||
| 141 | static X509_CERT_AUX *aux_get(X509 *x) | 84 | static X509_CERT_AUX *aux_get(X509 *x) |
| 142 | { | 85 | { |
| @@ -153,6 +96,14 @@ int X509_alias_set1(X509 *x, unsigned char *name, int len) | |||
| 153 | return ASN1_STRING_set(aux->alias, name, len); | 96 | return ASN1_STRING_set(aux->alias, name, len); |
| 154 | } | 97 | } |
| 155 | 98 | ||
| 99 | int X509_keyid_set1(X509 *x, unsigned char *id, int len) | ||
| 100 | { | ||
| 101 | X509_CERT_AUX *aux; | ||
| 102 | if(!(aux = aux_get(x))) return 0; | ||
| 103 | if(!aux->keyid && !(aux->keyid = ASN1_OCTET_STRING_new())) return 0; | ||
| 104 | return ASN1_STRING_set(aux->keyid, id, len); | ||
| 105 | } | ||
| 106 | |||
| 156 | unsigned char *X509_alias_get0(X509 *x, int *len) | 107 | unsigned char *X509_alias_get0(X509 *x, int *len) |
| 157 | { | 108 | { |
| 158 | if(!x->aux || !x->aux->alias) return NULL; | 109 | if(!x->aux || !x->aux->alias) return NULL; |
diff --git a/src/lib/libcrypto/bf/asm/bf-586.pl b/src/lib/libcrypto/bf/asm/bf-586.pl index 5c7ab14ab0..b556642c94 100644 --- a/src/lib/libcrypto/bf/asm/bf-586.pl +++ b/src/lib/libcrypto/bf/asm/bf-586.pl | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | push(@INC,"perlasm","../../perlasm"); | 3 | push(@INC,"perlasm","../../perlasm"); |
| 4 | require "x86asm.pl"; | 4 | require "x86asm.pl"; |
| 5 | require "cbc.pl"; | 5 | require "cbc.pl"; |
| 6 | 6 | ||
| 7 | &asm_init($ARGV[0],"bf-586.pl"); | 7 | &asm_init($ARGV[0],"bf-586.pl",$ARGV[$#ARGV] eq "386"); |
| 8 | 8 | ||
| 9 | $BF_ROUNDS=16; | 9 | $BF_ROUNDS=16; |
| 10 | $BF_OFF=($BF_ROUNDS+2)*4; | 10 | $BF_OFF=($BF_ROUNDS+2)*4; |
diff --git a/src/lib/libcrypto/bf/bf_cbc.c b/src/lib/libcrypto/bf/bf_cbc.c index e0fa9ad763..f949629dc6 100644 --- a/src/lib/libcrypto/bf/bf_cbc.c +++ b/src/lib/libcrypto/bf/bf_cbc.c | |||
| @@ -56,16 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "blowfish.h" | 59 | #include <openssl/blowfish.h> |
| 60 | #include "bf_locl.h" | 60 | #include "bf_locl.h" |
| 61 | 61 | ||
| 62 | void BF_cbc_encrypt(in, out, length, ks, iv, encrypt) | 62 | void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 63 | unsigned char *in; | 63 | const BF_KEY *schedule, unsigned char *ivec, int encrypt) |
| 64 | unsigned char *out; | ||
| 65 | long length; | ||
| 66 | BF_KEY *ks; | ||
| 67 | unsigned char *iv; | ||
| 68 | int encrypt; | ||
| 69 | { | 64 | { |
| 70 | register BF_LONG tin0,tin1; | 65 | register BF_LONG tin0,tin1; |
| 71 | register BF_LONG tout0,tout1,xor0,xor1; | 66 | register BF_LONG tout0,tout1,xor0,xor1; |
| @@ -74,9 +69,9 @@ int encrypt; | |||
| 74 | 69 | ||
| 75 | if (encrypt) | 70 | if (encrypt) |
| 76 | { | 71 | { |
| 77 | n2l(iv,tout0); | 72 | n2l(ivec,tout0); |
| 78 | n2l(iv,tout1); | 73 | n2l(ivec,tout1); |
| 79 | iv-=8; | 74 | ivec-=8; |
| 80 | for (l-=8; l>=0; l-=8) | 75 | for (l-=8; l>=0; l-=8) |
| 81 | { | 76 | { |
| 82 | n2l(in,tin0); | 77 | n2l(in,tin0); |
| @@ -85,7 +80,7 @@ int encrypt; | |||
| 85 | tin1^=tout1; | 80 | tin1^=tout1; |
| 86 | tin[0]=tin0; | 81 | tin[0]=tin0; |
| 87 | tin[1]=tin1; | 82 | tin[1]=tin1; |
| 88 | BF_encrypt(tin,ks); | 83 | BF_encrypt(tin,schedule); |
| 89 | tout0=tin[0]; | 84 | tout0=tin[0]; |
| 90 | tout1=tin[1]; | 85 | tout1=tin[1]; |
| 91 | l2n(tout0,out); | 86 | l2n(tout0,out); |
| @@ -98,27 +93,27 @@ int encrypt; | |||
| 98 | tin1^=tout1; | 93 | tin1^=tout1; |
| 99 | tin[0]=tin0; | 94 | tin[0]=tin0; |
| 100 | tin[1]=tin1; | 95 | tin[1]=tin1; |
| 101 | BF_encrypt(tin,ks); | 96 | BF_encrypt(tin,schedule); |
| 102 | tout0=tin[0]; | 97 | tout0=tin[0]; |
| 103 | tout1=tin[1]; | 98 | tout1=tin[1]; |
| 104 | l2n(tout0,out); | 99 | l2n(tout0,out); |
| 105 | l2n(tout1,out); | 100 | l2n(tout1,out); |
| 106 | } | 101 | } |
| 107 | l2n(tout0,iv); | 102 | l2n(tout0,ivec); |
| 108 | l2n(tout1,iv); | 103 | l2n(tout1,ivec); |
| 109 | } | 104 | } |
| 110 | else | 105 | else |
| 111 | { | 106 | { |
| 112 | n2l(iv,xor0); | 107 | n2l(ivec,xor0); |
| 113 | n2l(iv,xor1); | 108 | n2l(ivec,xor1); |
| 114 | iv-=8; | 109 | ivec-=8; |
| 115 | for (l-=8; l>=0; l-=8) | 110 | for (l-=8; l>=0; l-=8) |
| 116 | { | 111 | { |
| 117 | n2l(in,tin0); | 112 | n2l(in,tin0); |
| 118 | n2l(in,tin1); | 113 | n2l(in,tin1); |
| 119 | tin[0]=tin0; | 114 | tin[0]=tin0; |
| 120 | tin[1]=tin1; | 115 | tin[1]=tin1; |
| 121 | BF_decrypt(tin,ks); | 116 | BF_decrypt(tin,schedule); |
| 122 | tout0=tin[0]^xor0; | 117 | tout0=tin[0]^xor0; |
| 123 | tout1=tin[1]^xor1; | 118 | tout1=tin[1]^xor1; |
| 124 | l2n(tout0,out); | 119 | l2n(tout0,out); |
| @@ -132,15 +127,15 @@ int encrypt; | |||
| 132 | n2l(in,tin1); | 127 | n2l(in,tin1); |
| 133 | tin[0]=tin0; | 128 | tin[0]=tin0; |
| 134 | tin[1]=tin1; | 129 | tin[1]=tin1; |
| 135 | BF_decrypt(tin,ks); | 130 | BF_decrypt(tin,schedule); |
| 136 | tout0=tin[0]^xor0; | 131 | tout0=tin[0]^xor0; |
| 137 | tout1=tin[1]^xor1; | 132 | tout1=tin[1]^xor1; |
| 138 | l2nn(tout0,tout1,out,l+8); | 133 | l2nn(tout0,tout1,out,l+8); |
| 139 | xor0=tin0; | 134 | xor0=tin0; |
| 140 | xor1=tin1; | 135 | xor1=tin1; |
| 141 | } | 136 | } |
| 142 | l2n(xor0,iv); | 137 | l2n(xor0,ivec); |
| 143 | l2n(xor1,iv); | 138 | l2n(xor1,ivec); |
| 144 | } | 139 | } |
| 145 | tin0=tin1=tout0=tout1=xor0=xor1=0; | 140 | tin0=tin1=tout0=tout1=xor0=xor1=0; |
| 146 | tin[0]=tin[1]=0; | 141 | tin[0]=tin[1]=0; |
diff --git a/src/lib/libcrypto/bf/bf_cfb64.c b/src/lib/libcrypto/bf/bf_cfb64.c index f9c66e7ced..6451c8d407 100644 --- a/src/lib/libcrypto/bf/bf_cfb64.c +++ b/src/lib/libcrypto/bf/bf_cfb64.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "blowfish.h" | 59 | #include <openssl/blowfish.h> |
| 60 | #include "bf_locl.h" | 60 | #include "bf_locl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit cfb mode is being | 62 | /* The input and output encrypted as though 64bit cfb mode is being |
| @@ -64,14 +64,8 @@ | |||
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | 66 | ||
| 67 | void BF_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) | 67 | void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 68 | unsigned char *in; | 68 | const BF_KEY *schedule, unsigned char *ivec, int *num, int encrypt) |
| 69 | unsigned char *out; | ||
| 70 | long length; | ||
| 71 | BF_KEY *schedule; | ||
| 72 | unsigned char *ivec; | ||
| 73 | int *num; | ||
| 74 | int encrypt; | ||
| 75 | { | 69 | { |
| 76 | register BF_LONG v0,v1,t; | 70 | register BF_LONG v0,v1,t; |
| 77 | register int n= *num; | 71 | register int n= *num; |
diff --git a/src/lib/libcrypto/bf/bf_ecb.c b/src/lib/libcrypto/bf/bf_ecb.c index 6d16360bd9..341991636f 100644 --- a/src/lib/libcrypto/bf/bf_ecb.c +++ b/src/lib/libcrypto/bf/bf_ecb.c | |||
| @@ -56,17 +56,18 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "blowfish.h" | 59 | #include <openssl/blowfish.h> |
| 60 | #include "bf_locl.h" | 60 | #include "bf_locl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' | 63 | /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' |
| 63 | * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, | 64 | * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, |
| 64 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) | 65 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) |
| 65 | */ | 66 | */ |
| 66 | 67 | ||
| 67 | char *BF_version="BlowFish part of SSLeay 0.9.0b 29-Jun-1998"; | 68 | const char *BF_version="Blowfish" OPENSSL_VERSION_PTEXT; |
| 68 | 69 | ||
| 69 | char *BF_options() | 70 | const char *BF_options(void) |
| 70 | { | 71 | { |
| 71 | #ifdef BF_PTR | 72 | #ifdef BF_PTR |
| 72 | return("blowfish(ptr)"); | 73 | return("blowfish(ptr)"); |
| @@ -77,20 +78,17 @@ char *BF_options() | |||
| 77 | #endif | 78 | #endif |
| 78 | } | 79 | } |
| 79 | 80 | ||
| 80 | void BF_ecb_encrypt(in, out, ks, encrypt) | 81 | void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 81 | unsigned char *in; | 82 | const BF_KEY *key, int encrypt) |
| 82 | unsigned char *out; | ||
| 83 | BF_KEY *ks; | ||
| 84 | int encrypt; | ||
| 85 | { | 83 | { |
| 86 | BF_LONG l,d[2]; | 84 | BF_LONG l,d[2]; |
| 87 | 85 | ||
| 88 | n2l(in,l); d[0]=l; | 86 | n2l(in,l); d[0]=l; |
| 89 | n2l(in,l); d[1]=l; | 87 | n2l(in,l); d[1]=l; |
| 90 | if (encrypt) | 88 | if (encrypt) |
| 91 | BF_encrypt(d,ks); | 89 | BF_encrypt(d,key); |
| 92 | else | 90 | else |
| 93 | BF_decrypt(d,ks); | 91 | BF_decrypt(d,key); |
| 94 | l=d[0]; l2n(l,out); | 92 | l=d[0]; l2n(l,out); |
| 95 | l=d[1]; l2n(l,out); | 93 | l=d[1]; l2n(l,out); |
| 96 | l=d[0]=d[1]=0; | 94 | l=d[0]=d[1]=0; |
diff --git a/src/lib/libcrypto/bf/bf_enc.c b/src/lib/libcrypto/bf/bf_enc.c index 66a8604c59..b380acf959 100644 --- a/src/lib/libcrypto/bf/bf_enc.c +++ b/src/lib/libcrypto/bf/bf_enc.c | |||
| @@ -56,24 +56,24 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "blowfish.h" | 59 | #include <openssl/blowfish.h> |
| 60 | #include "bf_locl.h" | 60 | #include "bf_locl.h" |
| 61 | 61 | ||
| 62 | /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' | 62 | /* Blowfish as implemented from 'Blowfish: Springer-Verlag paper' |
| 63 | * (From LECTURE NOTES IN COIMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, | 63 | * (From LECTURE NOTES IN COMPUTER SCIENCE 809, FAST SOFTWARE ENCRYPTION, |
| 64 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) | 64 | * CAMBRIDGE SECURITY WORKSHOP, CAMBRIDGE, U.K., DECEMBER 9-11, 1993) |
| 65 | */ | 65 | */ |
| 66 | 66 | ||
| 67 | #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) | 67 | #if (BF_ROUNDS != 16) && (BF_ROUNDS != 20) |
| 68 | If you set BF_ROUNDS to some value other than 16 or 20, you will have | 68 | #error If you set BF_ROUNDS to some value other than 16 or 20, you will have \ |
| 69 | to modify the code. | 69 | to modify the code. |
| 70 | #endif | 70 | #endif |
| 71 | 71 | ||
| 72 | void BF_encrypt(data,key) | 72 | void BF_encrypt(BF_LONG *data, const BF_KEY *key) |
| 73 | BF_LONG *data; | ||
| 74 | BF_KEY *key; | ||
| 75 | { | 73 | { |
| 76 | register BF_LONG l,r,*p,*s; | 74 | #ifndef BF_PTR2 |
| 75 | register BF_LONG l,r; | ||
| 76 | const register BF_LONG *p,*s; | ||
| 77 | 77 | ||
| 78 | p=key->P; | 78 | p=key->P; |
| 79 | s= &(key->S[0]); | 79 | s= &(key->S[0]); |
| @@ -107,15 +107,50 @@ BF_KEY *key; | |||
| 107 | 107 | ||
| 108 | data[1]=l&0xffffffffL; | 108 | data[1]=l&0xffffffffL; |
| 109 | data[0]=r&0xffffffffL; | 109 | data[0]=r&0xffffffffL; |
| 110 | #else | ||
| 111 | register BF_LONG l,r,t,*k; | ||
| 112 | |||
| 113 | l=data[0]; | ||
| 114 | r=data[1]; | ||
| 115 | k=(BF_LONG*)key; | ||
| 116 | |||
| 117 | l^=k[0]; | ||
| 118 | BF_ENC(r,l,k, 1); | ||
| 119 | BF_ENC(l,r,k, 2); | ||
| 120 | BF_ENC(r,l,k, 3); | ||
| 121 | BF_ENC(l,r,k, 4); | ||
| 122 | BF_ENC(r,l,k, 5); | ||
| 123 | BF_ENC(l,r,k, 6); | ||
| 124 | BF_ENC(r,l,k, 7); | ||
| 125 | BF_ENC(l,r,k, 8); | ||
| 126 | BF_ENC(r,l,k, 9); | ||
| 127 | BF_ENC(l,r,k,10); | ||
| 128 | BF_ENC(r,l,k,11); | ||
| 129 | BF_ENC(l,r,k,12); | ||
| 130 | BF_ENC(r,l,k,13); | ||
| 131 | BF_ENC(l,r,k,14); | ||
| 132 | BF_ENC(r,l,k,15); | ||
| 133 | BF_ENC(l,r,k,16); | ||
| 134 | #if BF_ROUNDS == 20 | ||
| 135 | BF_ENC(r,l,k,17); | ||
| 136 | BF_ENC(l,r,k,18); | ||
| 137 | BF_ENC(r,l,k,19); | ||
| 138 | BF_ENC(l,r,k,20); | ||
| 139 | #endif | ||
| 140 | r^=k[BF_ROUNDS+1]; | ||
| 141 | |||
| 142 | data[1]=l&0xffffffffL; | ||
| 143 | data[0]=r&0xffffffffL; | ||
| 144 | #endif | ||
| 110 | } | 145 | } |
| 111 | 146 | ||
| 112 | #ifndef BF_DEFAULT_OPTIONS | 147 | #ifndef BF_DEFAULT_OPTIONS |
| 113 | 148 | ||
| 114 | void BF_decrypt(data,key) | 149 | void BF_decrypt(BF_LONG *data, const BF_KEY *key) |
| 115 | BF_LONG *data; | ||
| 116 | BF_KEY *key; | ||
| 117 | { | 150 | { |
| 118 | register BF_LONG l,r,*p,*s; | 151 | #ifndef BF_PTR2 |
| 152 | register BF_LONG l,r; | ||
| 153 | const register BF_LONG *p,*s; | ||
| 119 | 154 | ||
| 120 | p=key->P; | 155 | p=key->P; |
| 121 | s= &(key->S[0]); | 156 | s= &(key->S[0]); |
| @@ -149,15 +184,45 @@ BF_KEY *key; | |||
| 149 | 184 | ||
| 150 | data[1]=l&0xffffffffL; | 185 | data[1]=l&0xffffffffL; |
| 151 | data[0]=r&0xffffffffL; | 186 | data[0]=r&0xffffffffL; |
| 187 | #else | ||
| 188 | register BF_LONG l,r,t,*k; | ||
| 189 | |||
| 190 | l=data[0]; | ||
| 191 | r=data[1]; | ||
| 192 | k=(BF_LONG *)key; | ||
| 193 | |||
| 194 | l^=k[BF_ROUNDS+1]; | ||
| 195 | #if BF_ROUNDS == 20 | ||
| 196 | BF_ENC(r,l,k,20); | ||
| 197 | BF_ENC(l,r,k,19); | ||
| 198 | BF_ENC(r,l,k,18); | ||
| 199 | BF_ENC(l,r,k,17); | ||
| 200 | #endif | ||
| 201 | BF_ENC(r,l,k,16); | ||
| 202 | BF_ENC(l,r,k,15); | ||
| 203 | BF_ENC(r,l,k,14); | ||
| 204 | BF_ENC(l,r,k,13); | ||
| 205 | BF_ENC(r,l,k,12); | ||
| 206 | BF_ENC(l,r,k,11); | ||
| 207 | BF_ENC(r,l,k,10); | ||
| 208 | BF_ENC(l,r,k, 9); | ||
| 209 | BF_ENC(r,l,k, 8); | ||
| 210 | BF_ENC(l,r,k, 7); | ||
| 211 | BF_ENC(r,l,k, 6); | ||
| 212 | BF_ENC(l,r,k, 5); | ||
| 213 | BF_ENC(r,l,k, 4); | ||
| 214 | BF_ENC(l,r,k, 3); | ||
| 215 | BF_ENC(r,l,k, 2); | ||
| 216 | BF_ENC(l,r,k, 1); | ||
| 217 | r^=k[0]; | ||
| 218 | |||
| 219 | data[1]=l&0xffffffffL; | ||
| 220 | data[0]=r&0xffffffffL; | ||
| 221 | #endif | ||
| 152 | } | 222 | } |
| 153 | 223 | ||
| 154 | void BF_cbc_encrypt(in, out, length, ks, iv, encrypt) | 224 | void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 155 | unsigned char *in; | 225 | const BF_KEY *schedule, unsigned char *ivec, int encrypt) |
| 156 | unsigned char *out; | ||
| 157 | long length; | ||
| 158 | BF_KEY *ks; | ||
| 159 | unsigned char *iv; | ||
| 160 | int encrypt; | ||
| 161 | { | 226 | { |
| 162 | register BF_LONG tin0,tin1; | 227 | register BF_LONG tin0,tin1; |
| 163 | register BF_LONG tout0,tout1,xor0,xor1; | 228 | register BF_LONG tout0,tout1,xor0,xor1; |
| @@ -166,9 +231,9 @@ int encrypt; | |||
| 166 | 231 | ||
| 167 | if (encrypt) | 232 | if (encrypt) |
| 168 | { | 233 | { |
| 169 | n2l(iv,tout0); | 234 | n2l(ivec,tout0); |
| 170 | n2l(iv,tout1); | 235 | n2l(ivec,tout1); |
| 171 | iv-=8; | 236 | ivec-=8; |
| 172 | for (l-=8; l>=0; l-=8) | 237 | for (l-=8; l>=0; l-=8) |
| 173 | { | 238 | { |
| 174 | n2l(in,tin0); | 239 | n2l(in,tin0); |
| @@ -177,7 +242,7 @@ int encrypt; | |||
| 177 | tin1^=tout1; | 242 | tin1^=tout1; |
| 178 | tin[0]=tin0; | 243 | tin[0]=tin0; |
| 179 | tin[1]=tin1; | 244 | tin[1]=tin1; |
| 180 | BF_encrypt(tin,ks); | 245 | BF_encrypt(tin,schedule); |
| 181 | tout0=tin[0]; | 246 | tout0=tin[0]; |
| 182 | tout1=tin[1]; | 247 | tout1=tin[1]; |
| 183 | l2n(tout0,out); | 248 | l2n(tout0,out); |
| @@ -190,27 +255,27 @@ int encrypt; | |||
| 190 | tin1^=tout1; | 255 | tin1^=tout1; |
| 191 | tin[0]=tin0; | 256 | tin[0]=tin0; |
| 192 | tin[1]=tin1; | 257 | tin[1]=tin1; |
| 193 | BF_encrypt(tin,ks); | 258 | BF_encrypt(tin,schedule); |
| 194 | tout0=tin[0]; | 259 | tout0=tin[0]; |
| 195 | tout1=tin[1]; | 260 | tout1=tin[1]; |
| 196 | l2n(tout0,out); | 261 | l2n(tout0,out); |
| 197 | l2n(tout1,out); | 262 | l2n(tout1,out); |
| 198 | } | 263 | } |
| 199 | l2n(tout0,iv); | 264 | l2n(tout0,ivec); |
| 200 | l2n(tout1,iv); | 265 | l2n(tout1,ivec); |
| 201 | } | 266 | } |
| 202 | else | 267 | else |
| 203 | { | 268 | { |
| 204 | n2l(iv,xor0); | 269 | n2l(ivec,xor0); |
| 205 | n2l(iv,xor1); | 270 | n2l(ivec,xor1); |
| 206 | iv-=8; | 271 | ivec-=8; |
| 207 | for (l-=8; l>=0; l-=8) | 272 | for (l-=8; l>=0; l-=8) |
| 208 | { | 273 | { |
| 209 | n2l(in,tin0); | 274 | n2l(in,tin0); |
| 210 | n2l(in,tin1); | 275 | n2l(in,tin1); |
| 211 | tin[0]=tin0; | 276 | tin[0]=tin0; |
| 212 | tin[1]=tin1; | 277 | tin[1]=tin1; |
| 213 | BF_decrypt(tin,ks); | 278 | BF_decrypt(tin,schedule); |
| 214 | tout0=tin[0]^xor0; | 279 | tout0=tin[0]^xor0; |
| 215 | tout1=tin[1]^xor1; | 280 | tout1=tin[1]^xor1; |
| 216 | l2n(tout0,out); | 281 | l2n(tout0,out); |
| @@ -224,15 +289,15 @@ int encrypt; | |||
| 224 | n2l(in,tin1); | 289 | n2l(in,tin1); |
| 225 | tin[0]=tin0; | 290 | tin[0]=tin0; |
| 226 | tin[1]=tin1; | 291 | tin[1]=tin1; |
| 227 | BF_decrypt(tin,ks); | 292 | BF_decrypt(tin,schedule); |
| 228 | tout0=tin[0]^xor0; | 293 | tout0=tin[0]^xor0; |
| 229 | tout1=tin[1]^xor1; | 294 | tout1=tin[1]^xor1; |
| 230 | l2nn(tout0,tout1,out,l+8); | 295 | l2nn(tout0,tout1,out,l+8); |
| 231 | xor0=tin0; | 296 | xor0=tin0; |
| 232 | xor1=tin1; | 297 | xor1=tin1; |
| 233 | } | 298 | } |
| 234 | l2n(xor0,iv); | 299 | l2n(xor0,ivec); |
| 235 | l2n(xor1,iv); | 300 | l2n(xor1,ivec); |
| 236 | } | 301 | } |
| 237 | tin0=tin1=tout0=tout1=xor0=xor1=0; | 302 | tin0=tin1=tout0=tout1=xor0=xor1=0; |
| 238 | tin[0]=tin[1]=0; | 303 | tin[0]=tin[1]=0; |
diff --git a/src/lib/libcrypto/bf/bf_locl.h b/src/lib/libcrypto/bf/bf_locl.h index 05756b5d3b..cc7c3ec992 100644 --- a/src/lib/libcrypto/bf/bf_locl.h +++ b/src/lib/libcrypto/bf/bf_locl.h | |||
| @@ -148,7 +148,7 @@ | |||
| 148 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | 148 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ |
| 149 | *((c)++)=(unsigned char)(((l) )&0xff)) | 149 | *((c)++)=(unsigned char)(((l) )&0xff)) |
| 150 | 150 | ||
| 151 | /* This is actually a big endian algorithm, the most significate byte | 151 | /* This is actually a big endian algorithm, the most significant byte |
| 152 | * is used to lookup array 0 */ | 152 | * is used to lookup array 0 */ |
| 153 | 153 | ||
| 154 | #if defined(BF_PTR2) | 154 | #if defined(BF_PTR2) |
| @@ -183,8 +183,8 @@ | |||
| 183 | 183 | ||
| 184 | /* | 184 | /* |
| 185 | * This is normally very good on RISC platforms where normally you | 185 | * This is normally very good on RISC platforms where normally you |
| 186 | * have to explicitely "multiplicate" array index by sizeof(BF_LONG) | 186 | * have to explicitly "multiply" array index by sizeof(BF_LONG) |
| 187 | * in order to caclulate the effective address. This implementation | 187 | * in order to calculate the effective address. This implementation |
| 188 | * excuses CPU from this extra work. Power[PC] uses should have most | 188 | * excuses CPU from this extra work. Power[PC] uses should have most |
| 189 | * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely | 189 | * fun as (R>>BF_i)&BF_M gets folded into a single instruction, namely |
| 190 | * rlwinm. So let'em double-check if their compiler does it. | 190 | * rlwinm. So let'em double-check if their compiler does it. |
diff --git a/src/lib/libcrypto/bf/bf_ofb64.c b/src/lib/libcrypto/bf/bf_ofb64.c index 5d844ac760..f2a9ff6e41 100644 --- a/src/lib/libcrypto/bf/bf_ofb64.c +++ b/src/lib/libcrypto/bf/bf_ofb64.c | |||
| @@ -56,20 +56,15 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "blowfish.h" | 59 | #include <openssl/blowfish.h> |
| 60 | #include "bf_locl.h" | 60 | #include "bf_locl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit ofb mode is being | 62 | /* The input and output encrypted as though 64bit ofb mode is being |
| 63 | * used. The extra state information to record how much of the | 63 | * used. The extra state information to record how much of the |
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | void BF_ofb64_encrypt(in, out, length, schedule, ivec, num) | 66 | void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 67 | unsigned char *in; | 67 | const BF_KEY *schedule, unsigned char *ivec, int *num) |
| 68 | unsigned char *out; | ||
| 69 | long length; | ||
| 70 | BF_KEY *schedule; | ||
| 71 | unsigned char *ivec; | ||
| 72 | int *num; | ||
| 73 | { | 68 | { |
| 74 | register BF_LONG v0,v1,t; | 69 | register BF_LONG v0,v1,t; |
| 75 | register int n= *num; | 70 | register int n= *num; |
diff --git a/src/lib/libcrypto/bf/bf_pi.h b/src/lib/libcrypto/bf/bf_pi.h index 417b935538..9949513c68 100644 --- a/src/lib/libcrypto/bf/bf_pi.h +++ b/src/lib/libcrypto/bf/bf_pi.h | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | static BF_KEY bf_init= { | 59 | static const BF_KEY bf_init= { |
| 60 | { | 60 | { |
| 61 | 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, | 61 | 0x243f6a88L, 0x85a308d3L, 0x13198a2eL, 0x03707344L, |
| 62 | 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, | 62 | 0xa4093822L, 0x299f31d0L, 0x082efa98L, 0xec4e6c89L, |
diff --git a/src/lib/libcrypto/bf/bf_skey.c b/src/lib/libcrypto/bf/bf_skey.c index 86574c0acc..3673cdee6e 100644 --- a/src/lib/libcrypto/bf/bf_skey.c +++ b/src/lib/libcrypto/bf/bf_skey.c | |||
| @@ -58,21 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "blowfish.h" | 61 | #include <openssl/blowfish.h> |
| 62 | #include "bf_locl.h" | 62 | #include "bf_locl.h" |
| 63 | #include "bf_pi.h" | 63 | #include "bf_pi.h" |
| 64 | 64 | ||
| 65 | void BF_set_key(key,len,data) | 65 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data) |
| 66 | BF_KEY *key; | ||
| 67 | int len; | ||
| 68 | unsigned char *data; | ||
| 69 | { | 66 | { |
| 70 | int i; | 67 | int i; |
| 71 | BF_LONG *p,ri,in[2]; | 68 | BF_LONG *p,ri,in[2]; |
| 72 | unsigned char *d,*end; | 69 | const unsigned char *d,*end; |
| 73 | 70 | ||
| 74 | 71 | ||
| 75 | memcpy((char *)key,(char *)&bf_init,sizeof(BF_KEY)); | 72 | memcpy(key,&bf_init,sizeof(BF_KEY)); |
| 76 | p=key->P; | 73 | p=key->P; |
| 77 | 74 | ||
| 78 | if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; | 75 | if (len > ((BF_ROUNDS+2)*4)) len=(BF_ROUNDS+2)*4; |
diff --git a/src/lib/libcrypto/bf/blowfish.h b/src/lib/libcrypto/bf/blowfish.h index c4a8085a29..cd49e85ab2 100644 --- a/src/lib/libcrypto/bf/blowfish.h +++ b/src/lib/libcrypto/bf/blowfish.h | |||
| @@ -59,18 +59,41 @@ | |||
| 59 | #ifndef HEADER_BLOWFISH_H | 59 | #ifndef HEADER_BLOWFISH_H |
| 60 | #define HEADER_BLOWFISH_H | 60 | #define HEADER_BLOWFISH_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 68 | #ifdef OPENSSL_NO_BF | ||
| 69 | #error BF is disabled. | ||
| 70 | #endif | ||
| 71 | |||
| 66 | #define BF_ENCRYPT 1 | 72 | #define BF_ENCRYPT 1 |
| 67 | #define BF_DECRYPT 0 | 73 | #define BF_DECRYPT 0 |
| 68 | 74 | ||
| 69 | /* If you make this 'unsigned int' the pointer variants will work on | 75 | /* |
| 70 | * the Alpha, otherwise they will not. Strangly using the '8 byte' | 76 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
| 71 | * BF_LONG and the default 'non-pointer' inner loop is the best configuration | 77 | * ! BF_LONG has to be at least 32 bits wide. If it's wider, then ! |
| 72 | * for the Alpha */ | 78 | * ! BF_LONG_LOG2 has to be defined along. ! |
| 79 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| 80 | */ | ||
| 81 | |||
| 82 | #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) | ||
| 83 | #define BF_LONG unsigned long | ||
| 84 | #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) | ||
| 73 | #define BF_LONG unsigned long | 85 | #define BF_LONG unsigned long |
| 86 | #define BF_LONG_LOG2 3 | ||
| 87 | /* | ||
| 88 | * _CRAY note. I could declare short, but I have no idea what impact | ||
| 89 | * does it have on performance on none-T3E machines. I could declare | ||
| 90 | * int, but at least on C90 sizeof(int) can be chosen at compile time. | ||
| 91 | * So I've chosen long... | ||
| 92 | * <appro@fy.chalmers.se> | ||
| 93 | */ | ||
| 94 | #else | ||
| 95 | #define BF_LONG unsigned int | ||
| 96 | #endif | ||
| 74 | 97 | ||
| 75 | #define BF_ROUNDS 16 | 98 | #define BF_ROUNDS 16 |
| 76 | #define BF_BLOCK 8 | 99 | #define BF_BLOCK 8 |
| @@ -81,33 +104,21 @@ typedef struct bf_key_st | |||
| 81 | BF_LONG S[4*256]; | 104 | BF_LONG S[4*256]; |
| 82 | } BF_KEY; | 105 | } BF_KEY; |
| 83 | 106 | ||
| 84 | #ifndef NOPROTO | ||
| 85 | 107 | ||
| 86 | void BF_set_key(BF_KEY *key, int len, unsigned char *data); | 108 | void BF_set_key(BF_KEY *key, int len, const unsigned char *data); |
| 87 | void BF_ecb_encrypt(unsigned char *in,unsigned char *out,BF_KEY *key, | ||
| 88 | int enc); | ||
| 89 | void BF_encrypt(BF_LONG *data,BF_KEY *key); | ||
| 90 | void BF_decrypt(BF_LONG *data,BF_KEY *key); | ||
| 91 | void BF_cbc_encrypt(unsigned char *in, unsigned char *out, long length, | ||
| 92 | BF_KEY *ks, unsigned char *iv, int enc); | ||
| 93 | void BF_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | ||
| 94 | BF_KEY *schedule, unsigned char *ivec, int *num, int enc); | ||
| 95 | void BF_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, | ||
| 96 | BF_KEY *schedule, unsigned char *ivec, int *num); | ||
| 97 | char *BF_options(void); | ||
| 98 | 109 | ||
| 99 | #else | 110 | void BF_encrypt(BF_LONG *data,const BF_KEY *key); |
| 100 | 111 | void BF_decrypt(BF_LONG *data,const BF_KEY *key); | |
| 101 | void BF_set_key(); | ||
| 102 | void BF_ecb_encrypt(); | ||
| 103 | void BF_encrypt(); | ||
| 104 | void BF_decrypt(); | ||
| 105 | void BF_cbc_encrypt(); | ||
| 106 | void BF_cfb64_encrypt(); | ||
| 107 | void BF_ofb64_encrypt(); | ||
| 108 | char *BF_options(); | ||
| 109 | 112 | ||
| 110 | #endif | 113 | void BF_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 114 | const BF_KEY *key, int enc); | ||
| 115 | void BF_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, | ||
| 116 | const BF_KEY *schedule, unsigned char *ivec, int enc); | ||
| 117 | void BF_cfb64_encrypt(const unsigned char *in, unsigned char *out, long length, | ||
| 118 | const BF_KEY *schedule, unsigned char *ivec, int *num, int enc); | ||
| 119 | void BF_ofb64_encrypt(const unsigned char *in, unsigned char *out, long length, | ||
| 120 | const BF_KEY *schedule, unsigned char *ivec, int *num); | ||
| 121 | const char *BF_options(void); | ||
| 111 | 122 | ||
| 112 | #ifdef __cplusplus | 123 | #ifdef __cplusplus |
| 113 | } | 124 | } |
diff --git a/src/lib/libcrypto/bio/b_dump.c b/src/lib/libcrypto/bio/b_dump.c index db84ad3d47..8397cfab6a 100644 --- a/src/lib/libcrypto/bio/b_dump.c +++ b/src/lib/libcrypto/bio/b_dump.c | |||
| @@ -62,64 +62,91 @@ | |||
| 62 | 62 | ||
| 63 | #include <stdio.h> | 63 | #include <stdio.h> |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include "bio.h" | 65 | #include <openssl/bio.h> |
| 66 | 66 | ||
| 67 | #define TRUNCATE | 67 | #define TRUNCATE |
| 68 | #define DUMP_WIDTH 16 | 68 | #define DUMP_WIDTH 16 |
| 69 | #define DUMP_WIDTH_LESS_INDENT(i) (DUMP_WIDTH-((i-(i>6?6:i)+3)/4)) | ||
| 69 | 70 | ||
| 70 | int BIO_dump(bio,s,len) | 71 | int BIO_dump(BIO *bio, const char *s, int len) |
| 71 | BIO *bio; | 72 | { |
| 72 | char *s; | 73 | return BIO_dump_indent(bio, s, len, 0); |
| 73 | int len; | 74 | } |
| 74 | { | ||
| 75 | int ret=0; | ||
| 76 | char buf[160+1],tmp[20]; | ||
| 77 | int i,j,rows,trunc; | ||
| 78 | unsigned char ch; | ||
| 79 | |||
| 80 | trunc=0; | ||
| 81 | 75 | ||
| 76 | int BIO_dump_indent(BIO *bio, const char *s, int len, int indent) | ||
| 77 | { | ||
| 78 | int ret=0; | ||
| 79 | char buf[288+1],tmp[20],str[128+1]; | ||
| 80 | int i,j,rows,trunc; | ||
| 81 | unsigned char ch; | ||
| 82 | int dump_width; | ||
| 83 | |||
| 84 | trunc=0; | ||
| 85 | |||
| 82 | #ifdef TRUNCATE | 86 | #ifdef TRUNCATE |
| 83 | for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) | 87 | for(; (len > 0) && ((s[len-1] == ' ') || (s[len-1] == '\0')); len--) |
| 84 | trunc++; | 88 | trunc++; |
| 85 | #endif | 89 | #endif |
| 86 | 90 | ||
| 87 | rows=(len/DUMP_WIDTH); | 91 | if (indent < 0) |
| 88 | if ((rows*DUMP_WIDTH)<len) | 92 | indent = 0; |
| 89 | rows++; | 93 | if (indent) |
| 90 | for(i=0;i<rows;i++) { | 94 | { |
| 91 | buf[0]='\0'; /* start with empty string */ | 95 | if (indent > 128) indent=128; |
| 92 | sprintf(tmp,"%04x - ",i*DUMP_WIDTH); | 96 | memset(str,' ',indent); |
| 93 | strcpy(buf,tmp); | 97 | } |
| 94 | for(j=0;j<DUMP_WIDTH;j++) { | 98 | str[indent]='\0'; |
| 95 | if (((i*DUMP_WIDTH)+j)>=len) { | 99 | |
| 96 | strcat(buf," "); | 100 | dump_width=DUMP_WIDTH_LESS_INDENT(indent); |
| 97 | } else { | 101 | rows=(len/dump_width); |
| 98 | ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff; | 102 | if ((rows*dump_width)<len) |
| 99 | sprintf(tmp,"%02x%c",ch,j==7?'-':' '); | 103 | rows++; |
| 100 | strcat(buf,tmp); | 104 | for(i=0;i<rows;i++) |
| 101 | } | 105 | { |
| 102 | } | 106 | buf[0]='\0'; /* start with empty string */ |
| 103 | strcat(buf," "); | 107 | strcpy(buf,str); |
| 104 | for(j=0;j<DUMP_WIDTH;j++) { | 108 | sprintf(tmp,"%04x - ",i*dump_width); |
| 105 | if (((i*DUMP_WIDTH)+j)>=len) | 109 | strcat(buf,tmp); |
| 106 | break; | 110 | for(j=0;j<dump_width;j++) |
| 107 | ch=((unsigned char)*((char *)(s)+i*DUMP_WIDTH+j)) & 0xff; | 111 | { |
| 108 | sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); | 112 | if (((i*dump_width)+j)>=len) |
| 109 | strcat(buf,tmp); | 113 | { |
| 110 | } | 114 | strcat(buf," "); |
| 111 | strcat(buf,"\n"); | 115 | } |
| 112 | /* if this is the last call then update the ddt_dump thing so that | 116 | else |
| 113 | * we will move the selection point in the debug window | 117 | { |
| 114 | */ | 118 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; |
| 115 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | 119 | sprintf(tmp,"%02x%c",ch,j==7?'-':' '); |
| 116 | } | 120 | strcat(buf,tmp); |
| 121 | } | ||
| 122 | } | ||
| 123 | strcat(buf," "); | ||
| 124 | for(j=0;j<dump_width;j++) | ||
| 125 | { | ||
| 126 | if (((i*dump_width)+j)>=len) | ||
| 127 | break; | ||
| 128 | ch=((unsigned char)*(s+i*dump_width+j)) & 0xff; | ||
| 129 | #ifndef CHARSET_EBCDIC | ||
| 130 | sprintf(tmp,"%c",((ch>=' ')&&(ch<='~'))?ch:'.'); | ||
| 131 | #else | ||
| 132 | sprintf(tmp,"%c",((ch>=os_toascii[' '])&&(ch<=os_toascii['~'])) | ||
| 133 | ? os_toebcdic[ch] | ||
| 134 | : '.'); | ||
| 135 | #endif | ||
| 136 | strcat(buf,tmp); | ||
| 137 | } | ||
| 138 | strcat(buf,"\n"); | ||
| 139 | /* if this is the last call then update the ddt_dump thing so that | ||
| 140 | * we will move the selection point in the debug window | ||
| 141 | */ | ||
| 142 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | ||
| 143 | } | ||
| 117 | #ifdef TRUNCATE | 144 | #ifdef TRUNCATE |
| 118 | if (trunc > 0) { | 145 | if (trunc > 0) |
| 119 | sprintf(buf,"%04x - <SPACES/NULS>\n",len+trunc); | 146 | { |
| 120 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); | 147 | sprintf(buf,"%s%04x - <SPACES/NULS>\n",str,len+trunc); |
| 121 | } | 148 | ret+=BIO_write(bio,(char *)buf,strlen(buf)); |
| 149 | } | ||
| 122 | #endif | 150 | #endif |
| 123 | return(ret); | 151 | return(ret); |
| 124 | } | 152 | } |
| 125 | |||
diff --git a/src/lib/libcrypto/bio/b_print.c b/src/lib/libcrypto/bio/b_print.c index cdadeb839a..3ce1290772 100644 --- a/src/lib/libcrypto/bio/b_print.c +++ b/src/lib/libcrypto/bio/b_print.c | |||
| @@ -56,37 +56,774 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* disable assert() unless BIO_DEBUG has been defined */ | ||
| 60 | #ifndef BIO_DEBUG | ||
| 61 | # ifndef NDEBUG | ||
| 62 | # define NDEBUG | ||
| 63 | # endif | ||
| 64 | #endif | ||
| 65 | |||
| 59 | /* | 66 | /* |
| 60 | * Stolen from tjh's ssl/ssl_trc.c stuff. | 67 | * Stolen from tjh's ssl/ssl_trc.c stuff. |
| 61 | */ | 68 | */ |
| 62 | 69 | ||
| 63 | #include <stdio.h> | 70 | #include <stdio.h> |
| 71 | #include <string.h> | ||
| 72 | #include <ctype.h> | ||
| 73 | #include <assert.h> | ||
| 74 | #include <limits.h> | ||
| 64 | #include "cryptlib.h" | 75 | #include "cryptlib.h" |
| 65 | #include "bio.h" | 76 | #ifndef NO_SYS_TYPES_H |
| 77 | #include <sys/types.h> | ||
| 78 | #endif | ||
| 79 | #include <openssl/bn.h> /* To get BN_LLONG properly defined */ | ||
| 80 | #include <openssl/bio.h> | ||
| 81 | |||
| 82 | #ifdef BN_LLONG | ||
| 83 | # ifndef HAVE_LONG_LONG | ||
| 84 | # define HAVE_LONG_LONG 1 | ||
| 85 | # endif | ||
| 86 | #endif | ||
| 87 | |||
| 88 | /***************************************************************************/ | ||
| 89 | |||
| 90 | /* | ||
| 91 | * Copyright Patrick Powell 1995 | ||
| 92 | * This code is based on code written by Patrick Powell <papowell@astart.com> | ||
| 93 | * It may be used for any purpose as long as this notice remains intact | ||
| 94 | * on all source code distributions. | ||
| 95 | */ | ||
| 96 | |||
| 97 | /* | ||
| 98 | * This code contains numerious changes and enhancements which were | ||
| 99 | * made by lots of contributors over the last years to Patrick Powell's | ||
| 100 | * original code: | ||
| 101 | * | ||
| 102 | * o Patrick Powell <papowell@astart.com> (1995) | ||
| 103 | * o Brandon Long <blong@fiction.net> (1996, for Mutt) | ||
| 104 | * o Thomas Roessler <roessler@guug.de> (1998, for Mutt) | ||
| 105 | * o Michael Elkins <me@cs.hmc.edu> (1998, for Mutt) | ||
| 106 | * o Andrew Tridgell <tridge@samba.org> (1998, for Samba) | ||
| 107 | * o Luke Mewburn <lukem@netbsd.org> (1999, for LukemFTP) | ||
| 108 | * o Ralf S. Engelschall <rse@engelschall.com> (1999, for Pth) | ||
| 109 | * o ... (for OpenSSL) | ||
| 110 | */ | ||
| 111 | |||
| 112 | #if HAVE_LONG_DOUBLE | ||
| 113 | #define LDOUBLE long double | ||
| 114 | #else | ||
| 115 | #define LDOUBLE double | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #if HAVE_LONG_LONG | ||
| 119 | # if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) | ||
| 120 | # define LLONG _int64 | ||
| 121 | # else | ||
| 122 | # define LLONG long long | ||
| 123 | # endif | ||
| 124 | #else | ||
| 125 | #define LLONG long | ||
| 126 | #endif | ||
| 127 | |||
| 128 | static void fmtstr (char **, char **, size_t *, size_t *, | ||
| 129 | const char *, int, int, int); | ||
| 130 | static void fmtint (char **, char **, size_t *, size_t *, | ||
| 131 | LLONG, int, int, int, int); | ||
| 132 | static void fmtfp (char **, char **, size_t *, size_t *, | ||
| 133 | LDOUBLE, int, int, int); | ||
| 134 | static void doapr_outch (char **, char **, size_t *, size_t *, int); | ||
| 135 | static void _dopr(char **sbuffer, char **buffer, | ||
| 136 | size_t *maxlen, size_t *retlen, int *truncated, | ||
| 137 | const char *format, va_list args); | ||
| 138 | |||
| 139 | /* format read states */ | ||
| 140 | #define DP_S_DEFAULT 0 | ||
| 141 | #define DP_S_FLAGS 1 | ||
| 142 | #define DP_S_MIN 2 | ||
| 143 | #define DP_S_DOT 3 | ||
| 144 | #define DP_S_MAX 4 | ||
| 145 | #define DP_S_MOD 5 | ||
| 146 | #define DP_S_CONV 6 | ||
| 147 | #define DP_S_DONE 7 | ||
| 148 | |||
| 149 | /* format flags - Bits */ | ||
| 150 | #define DP_F_MINUS (1 << 0) | ||
| 151 | #define DP_F_PLUS (1 << 1) | ||
| 152 | #define DP_F_SPACE (1 << 2) | ||
| 153 | #define DP_F_NUM (1 << 3) | ||
| 154 | #define DP_F_ZERO (1 << 4) | ||
| 155 | #define DP_F_UP (1 << 5) | ||
| 156 | #define DP_F_UNSIGNED (1 << 6) | ||
| 157 | |||
| 158 | /* conversion flags */ | ||
| 159 | #define DP_C_SHORT 1 | ||
| 160 | #define DP_C_LONG 2 | ||
| 161 | #define DP_C_LDOUBLE 3 | ||
| 162 | #define DP_C_LLONG 4 | ||
| 163 | |||
| 164 | /* some handy macros */ | ||
| 165 | #define char_to_int(p) (p - '0') | ||
| 166 | #define OSSL_MAX(p,q) ((p >= q) ? p : q) | ||
| 167 | |||
| 168 | static void | ||
| 169 | _dopr( | ||
| 170 | char **sbuffer, | ||
| 171 | char **buffer, | ||
| 172 | size_t *maxlen, | ||
| 173 | size_t *retlen, | ||
| 174 | int *truncated, | ||
| 175 | const char *format, | ||
| 176 | va_list args) | ||
| 177 | { | ||
| 178 | char ch; | ||
| 179 | LLONG value; | ||
| 180 | LDOUBLE fvalue; | ||
| 181 | char *strvalue; | ||
| 182 | int min; | ||
| 183 | int max; | ||
| 184 | int state; | ||
| 185 | int flags; | ||
| 186 | int cflags; | ||
| 187 | size_t currlen; | ||
| 188 | |||
| 189 | state = DP_S_DEFAULT; | ||
| 190 | flags = currlen = cflags = min = 0; | ||
| 191 | max = -1; | ||
| 192 | ch = *format++; | ||
| 193 | |||
| 194 | while (state != DP_S_DONE) { | ||
| 195 | if (ch == '\0' || (buffer == NULL && currlen >= *maxlen)) | ||
| 196 | state = DP_S_DONE; | ||
| 197 | |||
| 198 | switch (state) { | ||
| 199 | case DP_S_DEFAULT: | ||
| 200 | if (ch == '%') | ||
| 201 | state = DP_S_FLAGS; | ||
| 202 | else | ||
| 203 | doapr_outch(sbuffer,buffer, &currlen, maxlen, ch); | ||
| 204 | ch = *format++; | ||
| 205 | break; | ||
| 206 | case DP_S_FLAGS: | ||
| 207 | switch (ch) { | ||
| 208 | case '-': | ||
| 209 | flags |= DP_F_MINUS; | ||
| 210 | ch = *format++; | ||
| 211 | break; | ||
| 212 | case '+': | ||
| 213 | flags |= DP_F_PLUS; | ||
| 214 | ch = *format++; | ||
| 215 | break; | ||
| 216 | case ' ': | ||
| 217 | flags |= DP_F_SPACE; | ||
| 218 | ch = *format++; | ||
| 219 | break; | ||
| 220 | case '#': | ||
| 221 | flags |= DP_F_NUM; | ||
| 222 | ch = *format++; | ||
| 223 | break; | ||
| 224 | case '0': | ||
| 225 | flags |= DP_F_ZERO; | ||
| 226 | ch = *format++; | ||
| 227 | break; | ||
| 228 | default: | ||
| 229 | state = DP_S_MIN; | ||
| 230 | break; | ||
| 231 | } | ||
| 232 | break; | ||
| 233 | case DP_S_MIN: | ||
| 234 | if (isdigit((unsigned char)ch)) { | ||
| 235 | min = 10 * min + char_to_int(ch); | ||
| 236 | ch = *format++; | ||
| 237 | } else if (ch == '*') { | ||
| 238 | min = va_arg(args, int); | ||
| 239 | ch = *format++; | ||
| 240 | state = DP_S_DOT; | ||
| 241 | } else | ||
| 242 | state = DP_S_DOT; | ||
| 243 | break; | ||
| 244 | case DP_S_DOT: | ||
| 245 | if (ch == '.') { | ||
| 246 | state = DP_S_MAX; | ||
| 247 | ch = *format++; | ||
| 248 | } else | ||
| 249 | state = DP_S_MOD; | ||
| 250 | break; | ||
| 251 | case DP_S_MAX: | ||
| 252 | if (isdigit((unsigned char)ch)) { | ||
| 253 | if (max < 0) | ||
| 254 | max = 0; | ||
| 255 | max = 10 * max + char_to_int(ch); | ||
| 256 | ch = *format++; | ||
| 257 | } else if (ch == '*') { | ||
| 258 | max = va_arg(args, int); | ||
| 259 | ch = *format++; | ||
| 260 | state = DP_S_MOD; | ||
| 261 | } else | ||
| 262 | state = DP_S_MOD; | ||
| 263 | break; | ||
| 264 | case DP_S_MOD: | ||
| 265 | switch (ch) { | ||
| 266 | case 'h': | ||
| 267 | cflags = DP_C_SHORT; | ||
| 268 | ch = *format++; | ||
| 269 | break; | ||
| 270 | case 'l': | ||
| 271 | if (*format == 'l') { | ||
| 272 | cflags = DP_C_LLONG; | ||
| 273 | format++; | ||
| 274 | } else | ||
| 275 | cflags = DP_C_LONG; | ||
| 276 | ch = *format++; | ||
| 277 | break; | ||
| 278 | case 'q': | ||
| 279 | cflags = DP_C_LLONG; | ||
| 280 | ch = *format++; | ||
| 281 | break; | ||
| 282 | case 'L': | ||
| 283 | cflags = DP_C_LDOUBLE; | ||
| 284 | ch = *format++; | ||
| 285 | break; | ||
| 286 | default: | ||
| 287 | break; | ||
| 288 | } | ||
| 289 | state = DP_S_CONV; | ||
| 290 | break; | ||
| 291 | case DP_S_CONV: | ||
| 292 | switch (ch) { | ||
| 293 | case 'd': | ||
| 294 | case 'i': | ||
| 295 | switch (cflags) { | ||
| 296 | case DP_C_SHORT: | ||
| 297 | value = (short int)va_arg(args, int); | ||
| 298 | break; | ||
| 299 | case DP_C_LONG: | ||
| 300 | value = va_arg(args, long int); | ||
| 301 | break; | ||
| 302 | case DP_C_LLONG: | ||
| 303 | value = va_arg(args, LLONG); | ||
| 304 | break; | ||
| 305 | default: | ||
| 306 | value = va_arg(args, int); | ||
| 307 | break; | ||
| 308 | } | ||
| 309 | fmtint(sbuffer, buffer, &currlen, maxlen, | ||
| 310 | value, 10, min, max, flags); | ||
| 311 | break; | ||
| 312 | case 'X': | ||
| 313 | flags |= DP_F_UP; | ||
| 314 | /* FALLTHROUGH */ | ||
| 315 | case 'x': | ||
| 316 | case 'o': | ||
| 317 | case 'u': | ||
| 318 | flags |= DP_F_UNSIGNED; | ||
| 319 | switch (cflags) { | ||
| 320 | case DP_C_SHORT: | ||
| 321 | value = (unsigned short int)va_arg(args, unsigned int); | ||
| 322 | break; | ||
| 323 | case DP_C_LONG: | ||
| 324 | value = (LLONG) va_arg(args, | ||
| 325 | unsigned long int); | ||
| 326 | break; | ||
| 327 | case DP_C_LLONG: | ||
| 328 | value = va_arg(args, unsigned LLONG); | ||
| 329 | break; | ||
| 330 | default: | ||
| 331 | value = (LLONG) va_arg(args, | ||
| 332 | unsigned int); | ||
| 333 | break; | ||
| 334 | } | ||
| 335 | fmtint(sbuffer, buffer, &currlen, maxlen, value, | ||
| 336 | ch == 'o' ? 8 : (ch == 'u' ? 10 : 16), | ||
| 337 | min, max, flags); | ||
| 338 | break; | ||
| 339 | case 'f': | ||
| 340 | if (cflags == DP_C_LDOUBLE) | ||
| 341 | fvalue = va_arg(args, LDOUBLE); | ||
| 342 | else | ||
| 343 | fvalue = va_arg(args, double); | ||
| 344 | fmtfp(sbuffer, buffer, &currlen, maxlen, | ||
| 345 | fvalue, min, max, flags); | ||
| 346 | break; | ||
| 347 | case 'E': | ||
| 348 | flags |= DP_F_UP; | ||
| 349 | case 'e': | ||
| 350 | if (cflags == DP_C_LDOUBLE) | ||
| 351 | fvalue = va_arg(args, LDOUBLE); | ||
| 352 | else | ||
| 353 | fvalue = va_arg(args, double); | ||
| 354 | break; | ||
| 355 | case 'G': | ||
| 356 | flags |= DP_F_UP; | ||
| 357 | case 'g': | ||
| 358 | if (cflags == DP_C_LDOUBLE) | ||
| 359 | fvalue = va_arg(args, LDOUBLE); | ||
| 360 | else | ||
| 361 | fvalue = va_arg(args, double); | ||
| 362 | break; | ||
| 363 | case 'c': | ||
| 364 | doapr_outch(sbuffer, buffer, &currlen, maxlen, | ||
| 365 | va_arg(args, int)); | ||
| 366 | break; | ||
| 367 | case 's': | ||
| 368 | strvalue = va_arg(args, char *); | ||
| 369 | if (max < 0) { | ||
| 370 | if (buffer) | ||
| 371 | max = INT_MAX; | ||
| 372 | else | ||
| 373 | max = *maxlen; | ||
| 374 | } | ||
| 375 | fmtstr(sbuffer, buffer, &currlen, maxlen, strvalue, | ||
| 376 | flags, min, max); | ||
| 377 | break; | ||
| 378 | case 'p': | ||
| 379 | value = (long)va_arg(args, void *); | ||
| 380 | fmtint(sbuffer, buffer, &currlen, maxlen, | ||
| 381 | value, 16, min, max, flags); | ||
| 382 | break; | ||
| 383 | case 'n': /* XXX */ | ||
| 384 | if (cflags == DP_C_SHORT) { | ||
| 385 | short int *num; | ||
| 386 | num = va_arg(args, short int *); | ||
| 387 | *num = currlen; | ||
| 388 | } else if (cflags == DP_C_LONG) { /* XXX */ | ||
| 389 | long int *num; | ||
| 390 | num = va_arg(args, long int *); | ||
| 391 | *num = (long int) currlen; | ||
| 392 | } else if (cflags == DP_C_LLONG) { /* XXX */ | ||
| 393 | LLONG *num; | ||
| 394 | num = va_arg(args, LLONG *); | ||
| 395 | *num = (LLONG) currlen; | ||
| 396 | } else { | ||
| 397 | int *num; | ||
| 398 | num = va_arg(args, int *); | ||
| 399 | *num = currlen; | ||
| 400 | } | ||
| 401 | break; | ||
| 402 | case '%': | ||
| 403 | doapr_outch(sbuffer, buffer, &currlen, maxlen, ch); | ||
| 404 | break; | ||
| 405 | case 'w': | ||
| 406 | /* not supported yet, treat as next char */ | ||
| 407 | ch = *format++; | ||
| 408 | break; | ||
| 409 | default: | ||
| 410 | /* unknown, skip */ | ||
| 411 | break; | ||
| 412 | } | ||
| 413 | ch = *format++; | ||
| 414 | state = DP_S_DEFAULT; | ||
| 415 | flags = cflags = min = 0; | ||
| 416 | max = -1; | ||
| 417 | break; | ||
| 418 | case DP_S_DONE: | ||
| 419 | break; | ||
| 420 | default: | ||
| 421 | break; | ||
| 422 | } | ||
| 423 | } | ||
| 424 | *truncated = (currlen > *maxlen - 1); | ||
| 425 | if (*truncated) | ||
| 426 | currlen = *maxlen - 1; | ||
| 427 | doapr_outch(sbuffer, buffer, &currlen, maxlen, '\0'); | ||
| 428 | *retlen = currlen - 1; | ||
| 429 | return; | ||
| 430 | } | ||
| 431 | |||
| 432 | static void | ||
| 433 | fmtstr( | ||
| 434 | char **sbuffer, | ||
| 435 | char **buffer, | ||
| 436 | size_t *currlen, | ||
| 437 | size_t *maxlen, | ||
| 438 | const char *value, | ||
| 439 | int flags, | ||
| 440 | int min, | ||
| 441 | int max) | ||
| 442 | { | ||
| 443 | int padlen, strln; | ||
| 444 | int cnt = 0; | ||
| 445 | |||
| 446 | if (value == 0) | ||
| 447 | value = "<NULL>"; | ||
| 448 | for (strln = 0; value[strln]; ++strln) | ||
| 449 | ; | ||
| 450 | padlen = min - strln; | ||
| 451 | if (padlen < 0) | ||
| 452 | padlen = 0; | ||
| 453 | if (flags & DP_F_MINUS) | ||
| 454 | padlen = -padlen; | ||
| 455 | |||
| 456 | while ((padlen > 0) && (cnt < max)) { | ||
| 457 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 458 | --padlen; | ||
| 459 | ++cnt; | ||
| 460 | } | ||
| 461 | while (*value && (cnt < max)) { | ||
| 462 | doapr_outch(sbuffer, buffer, currlen, maxlen, *value++); | ||
| 463 | ++cnt; | ||
| 464 | } | ||
| 465 | while ((padlen < 0) && (cnt < max)) { | ||
| 466 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 467 | ++padlen; | ||
| 468 | ++cnt; | ||
| 469 | } | ||
| 470 | } | ||
| 471 | |||
| 472 | static void | ||
| 473 | fmtint( | ||
| 474 | char **sbuffer, | ||
| 475 | char **buffer, | ||
| 476 | size_t *currlen, | ||
| 477 | size_t *maxlen, | ||
| 478 | LLONG value, | ||
| 479 | int base, | ||
| 480 | int min, | ||
| 481 | int max, | ||
| 482 | int flags) | ||
| 483 | { | ||
| 484 | int signvalue = 0; | ||
| 485 | unsigned LLONG uvalue; | ||
| 486 | char convert[20]; | ||
| 487 | int place = 0; | ||
| 488 | int spadlen = 0; | ||
| 489 | int zpadlen = 0; | ||
| 490 | int caps = 0; | ||
| 491 | |||
| 492 | if (max < 0) | ||
| 493 | max = 0; | ||
| 494 | uvalue = value; | ||
| 495 | if (!(flags & DP_F_UNSIGNED)) { | ||
| 496 | if (value < 0) { | ||
| 497 | signvalue = '-'; | ||
| 498 | uvalue = -value; | ||
| 499 | } else if (flags & DP_F_PLUS) | ||
| 500 | signvalue = '+'; | ||
| 501 | else if (flags & DP_F_SPACE) | ||
| 502 | signvalue = ' '; | ||
| 503 | } | ||
| 504 | if (flags & DP_F_UP) | ||
| 505 | caps = 1; | ||
| 506 | do { | ||
| 507 | convert[place++] = | ||
| 508 | (caps ? "0123456789ABCDEF" : "0123456789abcdef") | ||
| 509 | [uvalue % (unsigned) base]; | ||
| 510 | uvalue = (uvalue / (unsigned) base); | ||
| 511 | } while (uvalue && (place < 20)); | ||
| 512 | if (place == 20) | ||
| 513 | place--; | ||
| 514 | convert[place] = 0; | ||
| 515 | |||
| 516 | zpadlen = max - place; | ||
| 517 | spadlen = min - OSSL_MAX(max, place) - (signvalue ? 1 : 0); | ||
| 518 | if (zpadlen < 0) | ||
| 519 | zpadlen = 0; | ||
| 520 | if (spadlen < 0) | ||
| 521 | spadlen = 0; | ||
| 522 | if (flags & DP_F_ZERO) { | ||
| 523 | zpadlen = OSSL_MAX(zpadlen, spadlen); | ||
| 524 | spadlen = 0; | ||
| 525 | } | ||
| 526 | if (flags & DP_F_MINUS) | ||
| 527 | spadlen = -spadlen; | ||
| 528 | |||
| 529 | /* spaces */ | ||
| 530 | while (spadlen > 0) { | ||
| 531 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 532 | --spadlen; | ||
| 533 | } | ||
| 534 | |||
| 535 | /* sign */ | ||
| 536 | if (signvalue) | ||
| 537 | doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); | ||
| 538 | |||
| 539 | /* zeros */ | ||
| 540 | if (zpadlen > 0) { | ||
| 541 | while (zpadlen > 0) { | ||
| 542 | doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); | ||
| 543 | --zpadlen; | ||
| 544 | } | ||
| 545 | } | ||
| 546 | /* digits */ | ||
| 547 | while (place > 0) | ||
| 548 | doapr_outch(sbuffer, buffer, currlen, maxlen, convert[--place]); | ||
| 549 | |||
| 550 | /* left justified spaces */ | ||
| 551 | while (spadlen < 0) { | ||
| 552 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 553 | ++spadlen; | ||
| 554 | } | ||
| 555 | return; | ||
| 556 | } | ||
| 557 | |||
| 558 | static LDOUBLE | ||
| 559 | abs_val(LDOUBLE value) | ||
| 560 | { | ||
| 561 | LDOUBLE result = value; | ||
| 562 | if (value < 0) | ||
| 563 | result = -value; | ||
| 564 | return result; | ||
| 565 | } | ||
| 566 | |||
| 567 | static LDOUBLE | ||
| 568 | pow10(int exp) | ||
| 569 | { | ||
| 570 | LDOUBLE result = 1; | ||
| 571 | while (exp) { | ||
| 572 | result *= 10; | ||
| 573 | exp--; | ||
| 574 | } | ||
| 575 | return result; | ||
| 576 | } | ||
| 577 | |||
| 578 | static long | ||
| 579 | roundv(LDOUBLE value) | ||
| 580 | { | ||
| 581 | long intpart; | ||
| 582 | intpart = (long) value; | ||
| 583 | value = value - intpart; | ||
| 584 | if (value >= 0.5) | ||
| 585 | intpart++; | ||
| 586 | return intpart; | ||
| 587 | } | ||
| 588 | |||
| 589 | static void | ||
| 590 | fmtfp( | ||
| 591 | char **sbuffer, | ||
| 592 | char **buffer, | ||
| 593 | size_t *currlen, | ||
| 594 | size_t *maxlen, | ||
| 595 | LDOUBLE fvalue, | ||
| 596 | int min, | ||
| 597 | int max, | ||
| 598 | int flags) | ||
| 599 | { | ||
| 600 | int signvalue = 0; | ||
| 601 | LDOUBLE ufvalue; | ||
| 602 | char iconvert[20]; | ||
| 603 | char fconvert[20]; | ||
| 604 | int iplace = 0; | ||
| 605 | int fplace = 0; | ||
| 606 | int padlen = 0; | ||
| 607 | int zpadlen = 0; | ||
| 608 | int caps = 0; | ||
| 609 | long intpart; | ||
| 610 | long fracpart; | ||
| 611 | |||
| 612 | if (max < 0) | ||
| 613 | max = 6; | ||
| 614 | ufvalue = abs_val(fvalue); | ||
| 615 | if (fvalue < 0) | ||
| 616 | signvalue = '-'; | ||
| 617 | else if (flags & DP_F_PLUS) | ||
| 618 | signvalue = '+'; | ||
| 619 | else if (flags & DP_F_SPACE) | ||
| 620 | signvalue = ' '; | ||
| 66 | 621 | ||
| 67 | int BIO_printf ( VAR_PLIST( BIO *, bio ) ) | 622 | intpart = (long)ufvalue; |
| 68 | VAR_ALIST | 623 | |
| 624 | /* sorry, we only support 9 digits past the decimal because of our | ||
| 625 | conversion method */ | ||
| 626 | if (max > 9) | ||
| 627 | max = 9; | ||
| 628 | |||
| 629 | /* we "cheat" by converting the fractional part to integer by | ||
| 630 | multiplying by a factor of 10 */ | ||
| 631 | fracpart = roundv((pow10(max)) * (ufvalue - intpart)); | ||
| 632 | |||
| 633 | if (fracpart >= pow10(max)) { | ||
| 634 | intpart++; | ||
| 635 | fracpart -= (long)pow10(max); | ||
| 636 | } | ||
| 637 | |||
| 638 | /* convert integer part */ | ||
| 639 | do { | ||
| 640 | iconvert[iplace++] = | ||
| 641 | (caps ? "0123456789ABCDEF" | ||
| 642 | : "0123456789abcdef")[intpart % 10]; | ||
| 643 | intpart = (intpart / 10); | ||
| 644 | } while (intpart && (iplace < 20)); | ||
| 645 | if (iplace == 20) | ||
| 646 | iplace--; | ||
| 647 | iconvert[iplace] = 0; | ||
| 648 | |||
| 649 | /* convert fractional part */ | ||
| 650 | do { | ||
| 651 | fconvert[fplace++] = | ||
| 652 | (caps ? "0123456789ABCDEF" | ||
| 653 | : "0123456789abcdef")[fracpart % 10]; | ||
| 654 | fracpart = (fracpart / 10); | ||
| 655 | } while (fplace < max); | ||
| 656 | if (fplace == 20) | ||
| 657 | fplace--; | ||
| 658 | fconvert[fplace] = 0; | ||
| 659 | |||
| 660 | /* -1 for decimal point, another -1 if we are printing a sign */ | ||
| 661 | padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); | ||
| 662 | zpadlen = max - fplace; | ||
| 663 | if (zpadlen < 0) | ||
| 664 | zpadlen = 0; | ||
| 665 | if (padlen < 0) | ||
| 666 | padlen = 0; | ||
| 667 | if (flags & DP_F_MINUS) | ||
| 668 | padlen = -padlen; | ||
| 669 | |||
| 670 | if ((flags & DP_F_ZERO) && (padlen > 0)) { | ||
| 671 | if (signvalue) { | ||
| 672 | doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); | ||
| 673 | --padlen; | ||
| 674 | signvalue = 0; | ||
| 675 | } | ||
| 676 | while (padlen > 0) { | ||
| 677 | doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); | ||
| 678 | --padlen; | ||
| 679 | } | ||
| 680 | } | ||
| 681 | while (padlen > 0) { | ||
| 682 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 683 | --padlen; | ||
| 684 | } | ||
| 685 | if (signvalue) | ||
| 686 | doapr_outch(sbuffer, buffer, currlen, maxlen, signvalue); | ||
| 687 | |||
| 688 | while (iplace > 0) | ||
| 689 | doapr_outch(sbuffer, buffer, currlen, maxlen, iconvert[--iplace]); | ||
| 690 | |||
| 691 | /* | ||
| 692 | * Decimal point. This should probably use locale to find the correct | ||
| 693 | * char to print out. | ||
| 694 | */ | ||
| 695 | if (max > 0) { | ||
| 696 | doapr_outch(sbuffer, buffer, currlen, maxlen, '.'); | ||
| 697 | |||
| 698 | while (fplace > 0) | ||
| 699 | doapr_outch(sbuffer, buffer, currlen, maxlen, fconvert[--fplace]); | ||
| 700 | } | ||
| 701 | while (zpadlen > 0) { | ||
| 702 | doapr_outch(sbuffer, buffer, currlen, maxlen, '0'); | ||
| 703 | --zpadlen; | ||
| 704 | } | ||
| 705 | |||
| 706 | while (padlen < 0) { | ||
| 707 | doapr_outch(sbuffer, buffer, currlen, maxlen, ' '); | ||
| 708 | ++padlen; | ||
| 709 | } | ||
| 710 | } | ||
| 711 | |||
| 712 | static void | ||
| 713 | doapr_outch( | ||
| 714 | char **sbuffer, | ||
| 715 | char **buffer, | ||
| 716 | size_t *currlen, | ||
| 717 | size_t *maxlen, | ||
| 718 | int c) | ||
| 719 | { | ||
| 720 | /* If we haven't at least one buffer, someone has doe a big booboo */ | ||
| 721 | assert(*sbuffer != NULL || buffer != NULL); | ||
| 722 | |||
| 723 | if (buffer) { | ||
| 724 | while (*currlen >= *maxlen) { | ||
| 725 | if (*buffer == NULL) { | ||
| 726 | if (*maxlen == 0) | ||
| 727 | *maxlen = 1024; | ||
| 728 | *buffer = OPENSSL_malloc(*maxlen); | ||
| 729 | if (*currlen > 0) { | ||
| 730 | assert(*sbuffer != NULL); | ||
| 731 | memcpy(*buffer, *sbuffer, *currlen); | ||
| 732 | } | ||
| 733 | *sbuffer = NULL; | ||
| 734 | } else { | ||
| 735 | *maxlen += 1024; | ||
| 736 | *buffer = OPENSSL_realloc(*buffer, *maxlen); | ||
| 737 | } | ||
| 738 | } | ||
| 739 | /* What to do if *buffer is NULL? */ | ||
| 740 | assert(*sbuffer != NULL || *buffer != NULL); | ||
| 741 | } | ||
| 742 | |||
| 743 | if (*currlen < *maxlen) { | ||
| 744 | if (*sbuffer) | ||
| 745 | (*sbuffer)[(*currlen)++] = (char)c; | ||
| 746 | else | ||
| 747 | (*buffer)[(*currlen)++] = (char)c; | ||
| 748 | } | ||
| 749 | |||
| 750 | return; | ||
| 751 | } | ||
| 752 | |||
| 753 | /***************************************************************************/ | ||
| 754 | |||
| 755 | int BIO_printf (BIO *bio, const char *format, ...) | ||
| 69 | { | 756 | { |
| 70 | VAR_BDEFN(args, BIO *, bio); | 757 | va_list args; |
| 71 | char *format; | ||
| 72 | int ret; | 758 | int ret; |
| 73 | MS_STATIC char hugebuf[1024*2]; /* 10k in one chunk is the limit */ | ||
| 74 | 759 | ||
| 75 | VAR_INIT(args, BIO *, bio); | 760 | va_start(args, format); |
| 76 | VAR_ARG(args, char *, format); | ||
| 77 | 761 | ||
| 78 | hugebuf[0]='\0'; | 762 | ret = BIO_vprintf(bio, format, args); |
| 79 | 763 | ||
| 80 | /* no-one uses _doprnt anymore and it appears to be broken under SunOS 4.1.4 */ | 764 | va_end(args); |
| 81 | #if 0 && defined(sun) && !defined(VAR_ANSI) /**/ | 765 | return(ret); |
| 82 | _doprnt(hugebuf,format,args); | 766 | } |
| 83 | #else /* !sun */ | ||
| 84 | vsprintf(hugebuf,format,args); | ||
| 85 | #endif /* sun */ | ||
| 86 | 767 | ||
| 87 | ret=BIO_write(bio,hugebuf,strlen(hugebuf)); | 768 | int BIO_vprintf (BIO *bio, const char *format, va_list args) |
| 769 | { | ||
| 770 | int ret; | ||
| 771 | size_t retlen; | ||
| 772 | char hugebuf[1024*2]; /* Was previously 10k, which is unreasonable | ||
| 773 | in small-stack environments, like threads | ||
| 774 | or DOS programs. */ | ||
| 775 | char *hugebufp = hugebuf; | ||
| 776 | size_t hugebufsize = sizeof(hugebuf); | ||
| 777 | char *dynbuf = NULL; | ||
| 778 | int ignored; | ||
| 88 | 779 | ||
| 89 | VAR_END( args ); | 780 | dynbuf = NULL; |
| 781 | CRYPTO_push_info("doapr()"); | ||
| 782 | _dopr(&hugebufp, &dynbuf, &hugebufsize, | ||
| 783 | &retlen, &ignored, format, args); | ||
| 784 | if (dynbuf) | ||
| 785 | { | ||
| 786 | ret=BIO_write(bio, dynbuf, (int)retlen); | ||
| 787 | OPENSSL_free(dynbuf); | ||
| 788 | } | ||
| 789 | else | ||
| 790 | { | ||
| 791 | ret=BIO_write(bio, hugebuf, (int)retlen); | ||
| 792 | } | ||
| 793 | CRYPTO_pop_info(); | ||
| 90 | return(ret); | 794 | return(ret); |
| 91 | } | 795 | } |
| 92 | 796 | ||
| 797 | /* As snprintf is not available everywhere, we provide our own implementation. | ||
| 798 | * This function has nothing to do with BIOs, but it's closely related | ||
| 799 | * to BIO_printf, and we need *some* name prefix ... | ||
| 800 | * (XXX the function should be renamed, but to what?) */ | ||
| 801 | int BIO_snprintf(char *buf, size_t n, const char *format, ...) | ||
| 802 | { | ||
| 803 | va_list args; | ||
| 804 | int ret; | ||
| 805 | |||
| 806 | va_start(args, format); | ||
| 807 | |||
| 808 | ret = BIO_vsnprintf(buf, n, format, args); | ||
| 809 | |||
| 810 | va_end(args); | ||
| 811 | return(ret); | ||
| 812 | } | ||
| 813 | |||
| 814 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args) | ||
| 815 | { | ||
| 816 | size_t retlen; | ||
| 817 | int truncated; | ||
| 818 | |||
| 819 | _dopr(&buf, NULL, &n, &retlen, &truncated, format, args); | ||
| 820 | |||
| 821 | if (truncated) | ||
| 822 | /* In case of truncation, return -1 like traditional snprintf. | ||
| 823 | * (Current drafts for ISO/IEC 9899 say snprintf should return | ||
| 824 | * the number of characters that would have been written, | ||
| 825 | * had the buffer been large enough.) */ | ||
| 826 | return -1; | ||
| 827 | else | ||
| 828 | return (retlen <= INT_MAX) ? retlen : -1; | ||
| 829 | } | ||
diff --git a/src/lib/libcrypto/bio/b_sock.c b/src/lib/libcrypto/bio/b_sock.c index a45909527c..dcaef68ea7 100644 --- a/src/lib/libcrypto/bio/b_sock.c +++ b/src/lib/libcrypto/bio/b_sock.c | |||
| @@ -56,32 +56,30 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_SOCK | 59 | #ifndef OPENSSL_NO_SOCK |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <stdlib.h> | 62 | #include <stdlib.h> |
| 63 | #include <errno.h> | 63 | #include <errno.h> |
| 64 | #define USE_SOCKETS | 64 | #define USE_SOCKETS |
| 65 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 66 | #include "bio.h" | 66 | #include <openssl/bio.h> |
| 67 | 67 | ||
| 68 | /* BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */ | 68 | #ifdef OPENSSL_SYS_WIN16 |
| 69 | |||
| 70 | #ifdef WIN16 | ||
| 71 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 69 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| 72 | #else | 70 | #else |
| 73 | #define SOCKET_PROTOCOL IPPROTO_TCP | 71 | #define SOCKET_PROTOCOL IPPROTO_TCP |
| 74 | #endif | 72 | #endif |
| 75 | 73 | ||
| 76 | #ifdef SO_MAXCONN | 74 | #ifdef SO_MAXCONN |
| 77 | #define MAX_LISTEN SOMAXCONN | ||
| 78 | #elif defined(SO_MAXCONN) | ||
| 79 | #define MAX_LISTEN SO_MAXCONN | 75 | #define MAX_LISTEN SO_MAXCONN |
| 76 | #elif defined(SOMAXCONN) | ||
| 77 | #define MAX_LISTEN SOMAXCONN | ||
| 80 | #else | 78 | #else |
| 81 | #define MAX_LISTEN 32 | 79 | #define MAX_LISTEN 32 |
| 82 | #endif | 80 | #endif |
| 83 | 81 | ||
| 84 | #ifdef WINDOWS | 82 | #ifdef OPENSSL_SYS_WINDOWS |
| 85 | static int wsa_init_done=0; | 83 | static int wsa_init_done=0; |
| 86 | #endif | 84 | #endif |
| 87 | 85 | ||
| @@ -96,59 +94,67 @@ static struct ghbn_cache_st | |||
| 96 | unsigned long order; | 94 | unsigned long order; |
| 97 | } ghbn_cache[GHBN_NUM]; | 95 | } ghbn_cache[GHBN_NUM]; |
| 98 | 96 | ||
| 99 | #ifndef NOPROTO | 97 | static int get_ip(const char *str,unsigned char *ip); |
| 100 | static int get_ip(char *str,unsigned char *ip); | 98 | #if 0 |
| 101 | static void ghbn_free(struct hostent *a); | 99 | static void ghbn_free(struct hostent *a); |
| 102 | static struct hostent *ghbn_dup(struct hostent *a); | 100 | static struct hostent *ghbn_dup(struct hostent *a); |
| 103 | #else | ||
| 104 | static int get_ip(); | ||
| 105 | static void ghbn_free(); | ||
| 106 | static struct hostent *ghbn_dup(); | ||
| 107 | #endif | 101 | #endif |
| 108 | 102 | int BIO_get_host_ip(const char *str, unsigned char *ip) | |
| 109 | int BIO_get_host_ip(str,ip) | ||
| 110 | char *str; | ||
| 111 | unsigned char *ip; | ||
| 112 | { | 103 | { |
| 113 | int i; | 104 | int i; |
| 105 | int err = 1; | ||
| 106 | int locked = 0; | ||
| 114 | struct hostent *he; | 107 | struct hostent *he; |
| 115 | 108 | ||
| 116 | i=get_ip(str,ip); | 109 | i=get_ip(str,ip); |
| 117 | if (i > 0) return(1); | ||
| 118 | if (i < 0) | 110 | if (i < 0) |
| 119 | { | 111 | { |
| 120 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS); | 112 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_INVALID_IP_ADDRESS); |
| 121 | ERR_add_error_data(2,"host=",str); | 113 | goto err; |
| 122 | return(0); | ||
| 123 | } | 114 | } |
| 124 | else | ||
| 125 | { /* do a gethostbyname */ | ||
| 126 | if (!BIO_sock_init()) return(0); | ||
| 127 | 115 | ||
| 128 | he=BIO_gethostbyname(str); | 116 | /* At this point, we have something that is most probably correct |
| 129 | if (he == NULL) | 117 | in some way, so let's init the socket. */ |
| 130 | { | 118 | if (BIO_sock_init() != 1) |
| 131 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP); | 119 | return 0; /* don't generate another error code here */ |
| 132 | ERR_add_error_data(2,"host=",str); | ||
| 133 | return(0); | ||
| 134 | } | ||
| 135 | 120 | ||
| 136 | /* cast to short because of win16 winsock definition */ | 121 | /* If the string actually contained an IP address, we need not do |
| 137 | if ((short)he->h_addrtype != AF_INET) | 122 | anything more */ |
| 138 | { | 123 | if (i > 0) return(1); |
| 139 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); | 124 | |
| 140 | ERR_add_error_data(2,"host=",str); | 125 | /* do a gethostbyname */ |
| 141 | return(0); | 126 | CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); |
| 142 | } | 127 | locked = 1; |
| 143 | for (i=0; i<4; i++) | 128 | he=BIO_gethostbyname(str); |
| 144 | ip[i]=he->h_addr_list[0][i]; | 129 | if (he == NULL) |
| 130 | { | ||
| 131 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_BAD_HOSTNAME_LOOKUP); | ||
| 132 | goto err; | ||
| 145 | } | 133 | } |
| 146 | return(1); | 134 | |
| 135 | /* cast to short because of win16 winsock definition */ | ||
| 136 | if ((short)he->h_addrtype != AF_INET) | ||
| 137 | { | ||
| 138 | BIOerr(BIO_F_BIO_GET_HOST_IP,BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET); | ||
| 139 | goto err; | ||
| 140 | } | ||
| 141 | for (i=0; i<4; i++) | ||
| 142 | ip[i]=he->h_addr_list[0][i]; | ||
| 143 | err = 0; | ||
| 144 | |||
| 145 | err: | ||
| 146 | if (locked) | ||
| 147 | CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); | ||
| 148 | if (err) | ||
| 149 | { | ||
| 150 | ERR_add_error_data(2,"host=",str); | ||
| 151 | return 0; | ||
| 152 | } | ||
| 153 | else | ||
| 154 | return 1; | ||
| 147 | } | 155 | } |
| 148 | 156 | ||
| 149 | int BIO_get_port(str,port_ptr) | 157 | int BIO_get_port(const char *str, unsigned short *port_ptr) |
| 150 | char *str; | ||
| 151 | short *port_ptr; | ||
| 152 | { | 158 | { |
| 153 | int i; | 159 | int i; |
| 154 | struct servent *s; | 160 | struct servent *s; |
| @@ -163,8 +169,19 @@ short *port_ptr; | |||
| 163 | *port_ptr=(unsigned short)i; | 169 | *port_ptr=(unsigned short)i; |
| 164 | else | 170 | else |
| 165 | { | 171 | { |
| 166 | s=getservbyname(str,"tcp"); | 172 | CRYPTO_w_lock(CRYPTO_LOCK_GETSERVBYNAME); |
| 167 | if (s == NULL) | 173 | /* Note: under VMS with SOCKETSHR, it seems like the first |
| 174 | * parameter is 'char *', instead of 'const char *' | ||
| 175 | */ | ||
| 176 | s=getservbyname( | ||
| 177 | #ifndef CONST_STRICT | ||
| 178 | (char *) | ||
| 179 | #endif | ||
| 180 | str,"tcp"); | ||
| 181 | if(s != NULL) | ||
| 182 | *port_ptr=ntohs((unsigned short)s->s_port); | ||
| 183 | CRYPTO_w_unlock(CRYPTO_LOCK_GETSERVBYNAME); | ||
| 184 | if(s == NULL) | ||
| 168 | { | 185 | { |
| 169 | if (strcmp(str,"http") == 0) | 186 | if (strcmp(str,"http") == 0) |
| 170 | *port_ptr=80; | 187 | *port_ptr=80; |
| @@ -190,31 +207,30 @@ short *port_ptr; | |||
| 190 | ERR_add_error_data(3,"service='",str,"'"); | 207 | ERR_add_error_data(3,"service='",str,"'"); |
| 191 | return(0); | 208 | return(0); |
| 192 | } | 209 | } |
| 193 | return(1); | ||
| 194 | } | 210 | } |
| 195 | *port_ptr=htons((unsigned short)s->s_port); | ||
| 196 | } | 211 | } |
| 197 | return(1); | 212 | return(1); |
| 198 | } | 213 | } |
| 199 | 214 | ||
| 200 | int BIO_sock_error(sock) | 215 | int BIO_sock_error(int sock) |
| 201 | int sock; | ||
| 202 | { | 216 | { |
| 203 | int j,i,size; | 217 | int j,i; |
| 218 | int size; | ||
| 204 | 219 | ||
| 205 | size=sizeof(int); | 220 | size=sizeof(int); |
| 206 | 221 | /* Note: under Windows the third parameter is of type (char *) | |
| 207 | i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(char *)&j,&size); | 222 | * whereas under other systems it is (void *) if you don't have |
| 223 | * a cast it will choke the compiler: if you do have a cast then | ||
| 224 | * you can either go for (char *) or (void *). | ||
| 225 | */ | ||
| 226 | i=getsockopt(sock,SOL_SOCKET,SO_ERROR,(void *)&j,(void *)&size); | ||
| 208 | if (i < 0) | 227 | if (i < 0) |
| 209 | return(1); | 228 | return(1); |
| 210 | else | 229 | else |
| 211 | return(j); | 230 | return(j); |
| 212 | } | 231 | } |
| 213 | 232 | ||
| 214 | long BIO_ghbn_ctrl(cmd,iarg,parg) | 233 | long BIO_ghbn_ctrl(int cmd, int iarg, char *parg) |
| 215 | int cmd; | ||
| 216 | int iarg; | ||
| 217 | char *parg; | ||
| 218 | { | 234 | { |
| 219 | int i; | 235 | int i; |
| 220 | char **p; | 236 | char **p; |
| @@ -223,13 +239,13 @@ char *parg; | |||
| 223 | { | 239 | { |
| 224 | case BIO_GHBN_CTRL_HITS: | 240 | case BIO_GHBN_CTRL_HITS: |
| 225 | return(BIO_ghbn_hits); | 241 | return(BIO_ghbn_hits); |
| 226 | break; | 242 | /* break; */ |
| 227 | case BIO_GHBN_CTRL_MISSES: | 243 | case BIO_GHBN_CTRL_MISSES: |
| 228 | return(BIO_ghbn_miss); | 244 | return(BIO_ghbn_miss); |
| 229 | break; | 245 | /* break; */ |
| 230 | case BIO_GHBN_CTRL_CACHE_SIZE: | 246 | case BIO_GHBN_CTRL_CACHE_SIZE: |
| 231 | return(GHBN_NUM); | 247 | return(GHBN_NUM); |
| 232 | break; | 248 | /* break; */ |
| 233 | case BIO_GHBN_CTRL_GET_ENTRY: | 249 | case BIO_GHBN_CTRL_GET_ENTRY: |
| 234 | if ((iarg >= 0) && (iarg <GHBN_NUM) && | 250 | if ((iarg >= 0) && (iarg <GHBN_NUM) && |
| 235 | (ghbn_cache[iarg].order > 0)) | 251 | (ghbn_cache[iarg].order > 0)) |
| @@ -241,7 +257,7 @@ char *parg; | |||
| 241 | return(1); | 257 | return(1); |
| 242 | } | 258 | } |
| 243 | return(0); | 259 | return(0); |
| 244 | break; | 260 | /* break; */ |
| 245 | case BIO_GHBN_CTRL_FLUSH: | 261 | case BIO_GHBN_CTRL_FLUSH: |
| 246 | for (i=0; i<GHBN_NUM; i++) | 262 | for (i=0; i<GHBN_NUM; i++) |
| 247 | ghbn_cache[i].order=0; | 263 | ghbn_cache[i].order=0; |
| @@ -252,85 +268,105 @@ char *parg; | |||
| 252 | return(1); | 268 | return(1); |
| 253 | } | 269 | } |
| 254 | 270 | ||
| 255 | static struct hostent *ghbn_dup(a) | 271 | #if 0 |
| 256 | struct hostent *a; | 272 | static struct hostent *ghbn_dup(struct hostent *a) |
| 257 | { | 273 | { |
| 258 | struct hostent *ret; | 274 | struct hostent *ret; |
| 259 | int i,j; | 275 | int i,j; |
| 260 | 276 | ||
| 261 | ret=(struct hostent *)malloc(sizeof(struct hostent)); | 277 | MemCheck_off(); |
| 278 | ret=(struct hostent *)OPENSSL_malloc(sizeof(struct hostent)); | ||
| 262 | if (ret == NULL) return(NULL); | 279 | if (ret == NULL) return(NULL); |
| 263 | memset(ret,0,sizeof(struct hostent)); | 280 | memset(ret,0,sizeof(struct hostent)); |
| 264 | 281 | ||
| 265 | for (i=0; a->h_aliases[i] != NULL; i++) | 282 | for (i=0; a->h_aliases[i] != NULL; i++) |
| 266 | ; | 283 | ; |
| 267 | i++; | 284 | i++; |
| 268 | ret->h_aliases=(char **)malloc(sizeof(char *)*i); | 285 | ret->h_aliases = (char **)OPENSSL_malloc(i*sizeof(char *)); |
| 269 | memset(ret->h_aliases,0,sizeof(char *)*i); | 286 | if (ret->h_aliases == NULL) |
| 270 | if (ret == NULL) goto err; | 287 | goto err; |
| 288 | memset(ret->h_aliases, 0, i*sizeof(char *)); | ||
| 271 | 289 | ||
| 272 | for (i=0; a->h_addr_list[i] != NULL; i++) | 290 | for (i=0; a->h_addr_list[i] != NULL; i++) |
| 273 | ; | 291 | ; |
| 274 | i++; | 292 | i++; |
| 275 | ret->h_addr_list=(char **)malloc(sizeof(char *)*i); | 293 | ret->h_addr_list=(char **)OPENSSL_malloc(i*sizeof(char *)); |
| 276 | memset(ret->h_addr_list,0,sizeof(char *)*i); | 294 | if (ret->h_addr_list == NULL) |
| 277 | if (ret->h_addr_list == NULL) goto err; | 295 | goto err; |
| 296 | memset(ret->h_addr_list, 0, i*sizeof(char *)); | ||
| 278 | 297 | ||
| 279 | j=strlen(a->h_name)+1; | 298 | j=strlen(a->h_name)+1; |
| 280 | if ((ret->h_name=malloc(j)) == NULL) goto err; | 299 | if ((ret->h_name=OPENSSL_malloc(j)) == NULL) goto err; |
| 281 | memcpy((char *)ret->h_name,a->h_name,j); | 300 | memcpy((char *)ret->h_name,a->h_name,j); |
| 282 | for (i=0; a->h_aliases[i] != NULL; i++) | 301 | for (i=0; a->h_aliases[i] != NULL; i++) |
| 283 | { | 302 | { |
| 284 | j=strlen(a->h_aliases[i])+1; | 303 | j=strlen(a->h_aliases[i])+1; |
| 285 | if ((ret->h_aliases[i]=malloc(j)) == NULL) goto err; | 304 | if ((ret->h_aliases[i]=OPENSSL_malloc(j)) == NULL) goto err; |
| 286 | memcpy(ret->h_aliases[i],a->h_aliases[i],j); | 305 | memcpy(ret->h_aliases[i],a->h_aliases[i],j); |
| 287 | } | 306 | } |
| 288 | ret->h_length=a->h_length; | 307 | ret->h_length=a->h_length; |
| 289 | ret->h_addrtype=a->h_addrtype; | 308 | ret->h_addrtype=a->h_addrtype; |
| 290 | for (i=0; a->h_addr_list[i] != NULL; i++) | 309 | for (i=0; a->h_addr_list[i] != NULL; i++) |
| 291 | { | 310 | { |
| 292 | if ((ret->h_addr_list[i]=malloc(a->h_length)) == NULL) | 311 | if ((ret->h_addr_list[i]=OPENSSL_malloc(a->h_length)) == NULL) |
| 293 | goto err; | 312 | goto err; |
| 294 | memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length); | 313 | memcpy(ret->h_addr_list[i],a->h_addr_list[i],a->h_length); |
| 295 | } | 314 | } |
| 296 | return(ret); | 315 | if (0) |
| 316 | { | ||
| 297 | err: | 317 | err: |
| 298 | if (ret != NULL) | 318 | if (ret != NULL) |
| 299 | ghbn_free(ret); | 319 | ghbn_free(ret); |
| 300 | return(NULL); | 320 | ret=NULL; |
| 321 | } | ||
| 322 | MemCheck_on(); | ||
| 323 | return(ret); | ||
| 301 | } | 324 | } |
| 302 | 325 | ||
| 303 | static void ghbn_free(a) | 326 | static void ghbn_free(struct hostent *a) |
| 304 | struct hostent *a; | ||
| 305 | { | 327 | { |
| 306 | int i; | 328 | int i; |
| 307 | 329 | ||
| 330 | if(a == NULL) | ||
| 331 | return; | ||
| 332 | |||
| 308 | if (a->h_aliases != NULL) | 333 | if (a->h_aliases != NULL) |
| 309 | { | 334 | { |
| 310 | for (i=0; a->h_aliases[i] != NULL; i++) | 335 | for (i=0; a->h_aliases[i] != NULL; i++) |
| 311 | free(a->h_aliases[i]); | 336 | OPENSSL_free(a->h_aliases[i]); |
| 312 | free(a->h_aliases); | 337 | OPENSSL_free(a->h_aliases); |
| 313 | } | 338 | } |
| 314 | if (a->h_addr_list != NULL) | 339 | if (a->h_addr_list != NULL) |
| 315 | { | 340 | { |
| 316 | for (i=0; a->h_addr_list[i] != NULL; i++) | 341 | for (i=0; a->h_addr_list[i] != NULL; i++) |
| 317 | free(a->h_addr_list[i]); | 342 | OPENSSL_free(a->h_addr_list[i]); |
| 318 | free(a->h_addr_list); | 343 | OPENSSL_free(a->h_addr_list); |
| 319 | } | 344 | } |
| 320 | if (a->h_name != NULL) free((char *)a->h_name); | 345 | if (a->h_name != NULL) OPENSSL_free(a->h_name); |
| 321 | free(a); | 346 | OPENSSL_free(a); |
| 322 | } | 347 | } |
| 323 | 348 | ||
| 324 | struct hostent *BIO_gethostbyname(name) | 349 | #endif |
| 325 | char *name; | 350 | |
| 351 | struct hostent *BIO_gethostbyname(const char *name) | ||
| 326 | { | 352 | { |
| 353 | #if 1 | ||
| 354 | /* Caching gethostbyname() results forever is wrong, | ||
| 355 | * so we have to let the true gethostbyname() worry about this */ | ||
| 356 | return gethostbyname(name); | ||
| 357 | #else | ||
| 327 | struct hostent *ret; | 358 | struct hostent *ret; |
| 328 | int i,lowi=0,j; | 359 | int i,lowi=0,j; |
| 329 | unsigned long low= (unsigned long)-1; | 360 | unsigned long low= (unsigned long)-1; |
| 330 | 361 | ||
| 331 | /* return(gethostbyname(name)); */ | ||
| 332 | 362 | ||
| 333 | CRYPTO_w_lock(CRYPTO_LOCK_BIO_GETHOSTBYNAME); | 363 | # if 0 |
| 364 | /* It doesn't make sense to use locking here: The function interface | ||
| 365 | * is not thread-safe, because threads can never be sure when | ||
| 366 | * some other thread destroys the data they were given a pointer to. | ||
| 367 | */ | ||
| 368 | CRYPTO_w_lock(CRYPTO_LOCK_GETHOSTBYNAME); | ||
| 369 | # endif | ||
| 334 | j=strlen(name); | 370 | j=strlen(name); |
| 335 | if (j < 128) | 371 | if (j < 128) |
| 336 | { | 372 | { |
| @@ -354,17 +390,39 @@ char *name; | |||
| 354 | if (i == GHBN_NUM) /* no hit*/ | 390 | if (i == GHBN_NUM) /* no hit*/ |
| 355 | { | 391 | { |
| 356 | BIO_ghbn_miss++; | 392 | BIO_ghbn_miss++; |
| 357 | ret=gethostbyname(name); | 393 | /* Note: under VMS with SOCKETSHR, it seems like the first |
| 358 | 394 | * parameter is 'char *', instead of 'const char *' | |
| 359 | if (ret == NULL) return(NULL); | 395 | */ |
| 360 | if (j > 128) return(ret); /* too big to cache */ | 396 | ret=gethostbyname( |
| 397 | # ifndef CONST_STRICT | ||
| 398 | (char *) | ||
| 399 | # endif | ||
| 400 | name); | ||
| 401 | |||
| 402 | if (ret == NULL) | ||
| 403 | goto end; | ||
| 404 | if (j > 128) /* too big to cache */ | ||
| 405 | { | ||
| 406 | # if 0 | ||
| 407 | /* If we were trying to make this function thread-safe (which | ||
| 408 | * is bound to fail), we'd have to give up in this case | ||
| 409 | * (or allocate more memory). */ | ||
| 410 | ret = NULL; | ||
| 411 | # endif | ||
| 412 | goto end; | ||
| 413 | } | ||
| 361 | 414 | ||
| 362 | /* else add to cache */ | 415 | /* else add to cache */ |
| 363 | if (ghbn_cache[lowi].ent != NULL) | 416 | if (ghbn_cache[lowi].ent != NULL) |
| 364 | ghbn_free(ghbn_cache[lowi].ent); | 417 | ghbn_free(ghbn_cache[lowi].ent); /* XXX not thread-safe */ |
| 418 | ghbn_cache[lowi].name[0] = '\0'; | ||
| 365 | 419 | ||
| 420 | if((ret=ghbn_cache[lowi].ent=ghbn_dup(ret)) == NULL) | ||
| 421 | { | ||
| 422 | BIOerr(BIO_F_BIO_GETHOSTBYNAME,ERR_R_MALLOC_FAILURE); | ||
| 423 | goto end; | ||
| 424 | } | ||
| 366 | strncpy(ghbn_cache[lowi].name,name,128); | 425 | strncpy(ghbn_cache[lowi].name,name,128); |
| 367 | ghbn_cache[lowi].ent=ghbn_dup(ret); | ||
| 368 | ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits; | 426 | ghbn_cache[lowi].order=BIO_ghbn_miss+BIO_ghbn_hits; |
| 369 | } | 427 | } |
| 370 | else | 428 | else |
| @@ -373,13 +431,18 @@ char *name; | |||
| 373 | ret= ghbn_cache[i].ent; | 431 | ret= ghbn_cache[i].ent; |
| 374 | ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits; | 432 | ghbn_cache[i].order=BIO_ghbn_miss+BIO_ghbn_hits; |
| 375 | } | 433 | } |
| 376 | CRYPTO_w_unlock(CRYPTO_LOCK_BIO_GETHOSTBYNAME); | 434 | end: |
| 435 | # if 0 | ||
| 436 | CRYPTO_w_unlock(CRYPTO_LOCK_GETHOSTBYNAME); | ||
| 437 | # endif | ||
| 377 | return(ret); | 438 | return(ret); |
| 439 | #endif | ||
| 378 | } | 440 | } |
| 379 | 441 | ||
| 380 | int BIO_sock_init() | 442 | |
| 443 | int BIO_sock_init(void) | ||
| 381 | { | 444 | { |
| 382 | #ifdef WINDOWS | 445 | #ifdef OPENSSL_SYS_WINDOWS |
| 383 | static struct WSAData wsa_state; | 446 | static struct WSAData wsa_state; |
| 384 | 447 | ||
| 385 | if (!wsa_init_done) | 448 | if (!wsa_init_done) |
| @@ -399,13 +462,13 @@ int BIO_sock_init() | |||
| 399 | return(-1); | 462 | return(-1); |
| 400 | } | 463 | } |
| 401 | } | 464 | } |
| 402 | #endif /* WINDOWS */ | 465 | #endif /* OPENSSL_SYS_WINDOWS */ |
| 403 | return(1); | 466 | return(1); |
| 404 | } | 467 | } |
| 405 | 468 | ||
| 406 | void BIO_sock_cleanup() | 469 | void BIO_sock_cleanup(void) |
| 407 | { | 470 | { |
| 408 | #ifdef WINDOWS | 471 | #ifdef OPENSSL_SYS_WINDOWS |
| 409 | if (wsa_init_done) | 472 | if (wsa_init_done) |
| 410 | { | 473 | { |
| 411 | wsa_init_done=0; | 474 | wsa_init_done=0; |
| @@ -415,10 +478,9 @@ void BIO_sock_cleanup() | |||
| 415 | #endif | 478 | #endif |
| 416 | } | 479 | } |
| 417 | 480 | ||
| 418 | int BIO_socket_ioctl(fd,type,arg) | 481 | #if !defined(OPENSSL_SYS_VMS) || __VMS_VER >= 70000000 |
| 419 | int fd; | 482 | |
| 420 | long type; | 483 | int BIO_socket_ioctl(int fd, long type, unsigned long *arg) |
| 421 | unsigned long *arg; | ||
| 422 | { | 484 | { |
| 423 | int i; | 485 | int i; |
| 424 | 486 | ||
| @@ -427,12 +489,11 @@ unsigned long *arg; | |||
| 427 | SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); | 489 | SYSerr(SYS_F_IOCTLSOCKET,get_last_socket_error()); |
| 428 | return(i); | 490 | return(i); |
| 429 | } | 491 | } |
| 492 | #endif /* __VMS_VER */ | ||
| 430 | 493 | ||
| 431 | /* The reason I have implemented this instead of using sscanf is because | 494 | /* The reason I have implemented this instead of using sscanf is because |
| 432 | * Visual C 1.52c gives an unresolved external when linking a DLL :-( */ | 495 | * Visual C 1.52c gives an unresolved external when linking a DLL :-( */ |
| 433 | static int get_ip(str,ip) | 496 | static int get_ip(const char *str, unsigned char ip[4]) |
| 434 | char *str; | ||
| 435 | unsigned char ip[4]; | ||
| 436 | { | 497 | { |
| 437 | unsigned int tmp[4]; | 498 | unsigned int tmp[4]; |
| 438 | int num=0,c,ok=0; | 499 | int num=0,c,ok=0; |
| @@ -446,16 +507,16 @@ unsigned char ip[4]; | |||
| 446 | { | 507 | { |
| 447 | ok=1; | 508 | ok=1; |
| 448 | tmp[num]=tmp[num]*10+c-'0'; | 509 | tmp[num]=tmp[num]*10+c-'0'; |
| 449 | if (tmp[num] > 255) return(-1); | 510 | if (tmp[num] > 255) return(0); |
| 450 | } | 511 | } |
| 451 | else if (c == '.') | 512 | else if (c == '.') |
| 452 | { | 513 | { |
| 453 | if (!ok) return(-1); | 514 | if (!ok) return(-1); |
| 454 | if (num == 3) break; | 515 | if (num == 3) return(0); |
| 455 | num++; | 516 | num++; |
| 456 | ok=0; | 517 | ok=0; |
| 457 | } | 518 | } |
| 458 | else if ((num == 3) && ok) | 519 | else if (c == '\0' && (num == 3) && ok) |
| 459 | break; | 520 | break; |
| 460 | else | 521 | else |
| 461 | return(0); | 522 | return(0); |
| @@ -467,18 +528,19 @@ unsigned char ip[4]; | |||
| 467 | return(1); | 528 | return(1); |
| 468 | } | 529 | } |
| 469 | 530 | ||
| 470 | int BIO_get_accept_socket(host) | 531 | int BIO_get_accept_socket(char *host, int bind_mode) |
| 471 | char *host; | ||
| 472 | { | 532 | { |
| 473 | int ret=0; | 533 | int ret=0; |
| 474 | struct sockaddr_in server; | 534 | struct sockaddr_in server,client; |
| 475 | int s= -1; | 535 | int s=INVALID_SOCKET,cs; |
| 476 | unsigned char ip[4]; | 536 | unsigned char ip[4]; |
| 477 | short port; | 537 | unsigned short port; |
| 478 | char *str,*h,*p,*e; | 538 | char *str=NULL,*e; |
| 539 | const char *h,*p; | ||
| 479 | unsigned long l; | 540 | unsigned long l; |
| 541 | int err_num; | ||
| 480 | 542 | ||
| 481 | if (!BIO_sock_init()) return(INVALID_SOCKET); | 543 | if (BIO_sock_init() != 1) return(INVALID_SOCKET); |
| 482 | 544 | ||
| 483 | if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); | 545 | if ((str=BUF_strdup(host)) == NULL) return(INVALID_SOCKET); |
| 484 | 546 | ||
| @@ -504,25 +566,26 @@ char *host; | |||
| 504 | h="*"; | 566 | h="*"; |
| 505 | } | 567 | } |
| 506 | 568 | ||
| 507 | if (!BIO_get_port(p,&port)) return(INVALID_SOCKET); | 569 | if (!BIO_get_port(p,&port)) goto err; |
| 508 | 570 | ||
| 509 | memset((char *)&server,0,sizeof(server)); | 571 | memset((char *)&server,0,sizeof(server)); |
| 510 | server.sin_family=AF_INET; | 572 | server.sin_family=AF_INET; |
| 511 | server.sin_port=htons((unsigned short)port); | 573 | server.sin_port=htons(port); |
| 512 | 574 | ||
| 513 | if (strcmp(h,"*") == 0) | 575 | if (strcmp(h,"*") == 0) |
| 514 | server.sin_addr.s_addr=INADDR_ANY; | 576 | server.sin_addr.s_addr=INADDR_ANY; |
| 515 | else | 577 | else |
| 516 | { | 578 | { |
| 517 | if (!BIO_get_host_ip(h,&(ip[0]))) return(INVALID_SOCKET); | 579 | if (!BIO_get_host_ip(h,&(ip[0]))) goto err; |
| 518 | l=(unsigned long) | 580 | l=(unsigned long) |
| 519 | ((unsigned long)ip[0]<<24L)| | 581 | ((unsigned long)ip[0]<<24L)| |
| 520 | ((unsigned long)ip[0]<<16L)| | 582 | ((unsigned long)ip[1]<<16L)| |
| 521 | ((unsigned long)ip[0]<< 8L)| | 583 | ((unsigned long)ip[2]<< 8L)| |
| 522 | ((unsigned long)ip[0]); | 584 | ((unsigned long)ip[3]); |
| 523 | server.sin_addr.s_addr=htonl(l); | 585 | server.sin_addr.s_addr=htonl(l); |
| 524 | } | 586 | } |
| 525 | 587 | ||
| 588 | again: | ||
| 526 | s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); | 589 | s=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); |
| 527 | if (s == INVALID_SOCKET) | 590 | if (s == INVALID_SOCKET) |
| 528 | { | 591 | { |
| @@ -531,9 +594,45 @@ char *host; | |||
| 531 | BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET); | 594 | BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_CREATE_SOCKET); |
| 532 | goto err; | 595 | goto err; |
| 533 | } | 596 | } |
| 597 | |||
| 598 | #ifdef SO_REUSEADDR | ||
| 599 | if (bind_mode == BIO_BIND_REUSEADDR) | ||
| 600 | { | ||
| 601 | int i=1; | ||
| 602 | |||
| 603 | ret=setsockopt(s,SOL_SOCKET,SO_REUSEADDR,(char *)&i,sizeof(i)); | ||
| 604 | bind_mode=BIO_BIND_NORMAL; | ||
| 605 | } | ||
| 606 | #endif | ||
| 534 | if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) | 607 | if (bind(s,(struct sockaddr *)&server,sizeof(server)) == -1) |
| 535 | { | 608 | { |
| 536 | SYSerr(SYS_F_BIND,get_last_socket_error()); | 609 | #ifdef SO_REUSEADDR |
| 610 | err_num=get_last_socket_error(); | ||
| 611 | if ((bind_mode == BIO_BIND_REUSEADDR_IF_UNUSED) && | ||
| 612 | (err_num == EADDRINUSE)) | ||
| 613 | { | ||
| 614 | memcpy((char *)&client,(char *)&server,sizeof(server)); | ||
| 615 | if (strcmp(h,"*") == 0) | ||
| 616 | client.sin_addr.s_addr=htonl(0x7F000001); | ||
| 617 | cs=socket(AF_INET,SOCK_STREAM,SOCKET_PROTOCOL); | ||
| 618 | if (cs != INVALID_SOCKET) | ||
| 619 | { | ||
| 620 | int ii; | ||
| 621 | ii=connect(cs,(struct sockaddr *)&client, | ||
| 622 | sizeof(client)); | ||
| 623 | closesocket(cs); | ||
| 624 | if (ii == INVALID_SOCKET) | ||
| 625 | { | ||
| 626 | bind_mode=BIO_BIND_REUSEADDR; | ||
| 627 | closesocket(s); | ||
| 628 | goto again; | ||
| 629 | } | ||
| 630 | /* else error */ | ||
| 631 | } | ||
| 632 | /* else error */ | ||
| 633 | } | ||
| 634 | #endif | ||
| 635 | SYSerr(SYS_F_BIND,err_num); | ||
| 537 | ERR_add_error_data(3,"port='",host,"'"); | 636 | ERR_add_error_data(3,"port='",host,"'"); |
| 538 | BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET); | 637 | BIOerr(BIO_F_BIO_GET_ACCEPT_SOCKET,BIO_R_UNABLE_TO_BIND_SOCKET); |
| 539 | goto err; | 638 | goto err; |
| @@ -547,35 +646,35 @@ char *host; | |||
| 547 | } | 646 | } |
| 548 | ret=1; | 647 | ret=1; |
| 549 | err: | 648 | err: |
| 550 | if (str != NULL) Free(str); | 649 | if (str != NULL) OPENSSL_free(str); |
| 551 | if ((ret == 0) && (s != INVALID_SOCKET)) | 650 | if ((ret == 0) && (s != INVALID_SOCKET)) |
| 552 | { | 651 | { |
| 553 | #ifdef WINDOWS | ||
| 554 | closesocket(s); | 652 | closesocket(s); |
| 555 | #else | ||
| 556 | close(s); | ||
| 557 | #endif | ||
| 558 | s= INVALID_SOCKET; | 653 | s= INVALID_SOCKET; |
| 559 | } | 654 | } |
| 560 | return(s); | 655 | return(s); |
| 561 | } | 656 | } |
| 562 | 657 | ||
| 563 | int BIO_accept(sock,addr) | 658 | int BIO_accept(int sock, char **addr) |
| 564 | int sock; | ||
| 565 | char **addr; | ||
| 566 | { | 659 | { |
| 567 | int ret=INVALID_SOCKET; | 660 | int ret=INVALID_SOCKET; |
| 568 | static struct sockaddr_in from; | 661 | static struct sockaddr_in from; |
| 569 | unsigned long l; | 662 | unsigned long l; |
| 570 | short port; | 663 | unsigned short port; |
| 571 | int len; | 664 | int len; |
| 572 | char *p; | 665 | char *p; |
| 573 | 666 | ||
| 574 | memset((char *)&from,0,sizeof(from)); | 667 | memset((char *)&from,0,sizeof(from)); |
| 575 | len=sizeof(from); | 668 | len=sizeof(from); |
| 576 | ret=accept(sock,(struct sockaddr *)&from,&len); | 669 | /* Note: under VMS with SOCKETSHR the fourth parameter is currently |
| 670 | * of type (int *) whereas under other systems it is (void *) if | ||
| 671 | * you don't have a cast it will choke the compiler: if you do | ||
| 672 | * have a cast then you can either go for (int *) or (void *). | ||
| 673 | */ | ||
| 674 | ret=accept(sock,(struct sockaddr *)&from,(void *)&len); | ||
| 577 | if (ret == INVALID_SOCKET) | 675 | if (ret == INVALID_SOCKET) |
| 578 | { | 676 | { |
| 677 | if(BIO_sock_should_retry(ret)) return -2; | ||
| 579 | SYSerr(SYS_F_ACCEPT,get_last_socket_error()); | 678 | SYSerr(SYS_F_ACCEPT,get_last_socket_error()); |
| 580 | BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR); | 679 | BIOerr(BIO_F_BIO_ACCEPT,BIO_R_ACCEPT_ERROR); |
| 581 | goto end; | 680 | goto end; |
| @@ -587,7 +686,7 @@ char **addr; | |||
| 587 | port=ntohs(from.sin_port); | 686 | port=ntohs(from.sin_port); |
| 588 | if (*addr == NULL) | 687 | if (*addr == NULL) |
| 589 | { | 688 | { |
| 590 | if ((p=Malloc(24)) == NULL) | 689 | if ((p=OPENSSL_malloc(24)) == NULL) |
| 591 | { | 690 | { |
| 592 | BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE); | 691 | BIOerr(BIO_F_BIO_ACCEPT,ERR_R_MALLOC_FAILURE); |
| 593 | goto end; | 692 | goto end; |
| @@ -604,9 +703,7 @@ end: | |||
| 604 | return(ret); | 703 | return(ret); |
| 605 | } | 704 | } |
| 606 | 705 | ||
| 607 | int BIO_set_tcp_ndelay(s,on) | 706 | int BIO_set_tcp_ndelay(int s, int on) |
| 608 | int s; | ||
| 609 | int on; | ||
| 610 | { | 707 | { |
| 611 | int ret=0; | 708 | int ret=0; |
| 612 | #if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) | 709 | #if defined(TCP_NODELAY) && (defined(IPPROTO_TCP) || defined(SOL_TCP)) |
| @@ -626,3 +723,14 @@ int on; | |||
| 626 | } | 723 | } |
| 627 | #endif | 724 | #endif |
| 628 | 725 | ||
| 726 | int BIO_socket_nbio(int s, int mode) | ||
| 727 | { | ||
| 728 | int ret= -1; | ||
| 729 | unsigned long l; | ||
| 730 | |||
| 731 | l=mode; | ||
| 732 | #ifdef FIONBIO | ||
| 733 | ret=BIO_socket_ioctl(s,FIONBIO,&l); | ||
| 734 | #endif | ||
| 735 | return(ret == 0); | ||
| 736 | } | ||
diff --git a/src/lib/libcrypto/bio/bf_buff.c b/src/lib/libcrypto/bio/bf_buff.c index 7912b88473..6ccda06596 100644 --- a/src/lib/libcrypto/bio/bf_buff.c +++ b/src/lib/libcrypto/bio/bf_buff.c | |||
| @@ -59,28 +59,17 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bio.h" | 62 | #include <openssl/bio.h> |
| 63 | #include "evp.h" | 63 | |
| 64 | 64 | static int buffer_write(BIO *h, const char *buf,int num); | |
| 65 | #ifndef NOPROTO | 65 | static int buffer_read(BIO *h, char *buf, int size); |
| 66 | static int buffer_write(BIO *h,char *buf,int num); | 66 | static int buffer_puts(BIO *h, const char *str); |
| 67 | static int buffer_read(BIO *h,char *buf,int size); | 67 | static int buffer_gets(BIO *h, char *str, int size); |
| 68 | static int buffer_puts(BIO *h,char *str); | 68 | static long buffer_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 69 | static int buffer_gets(BIO *h,char *str,int size); | ||
| 70 | static long buffer_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 71 | static int buffer_new(BIO *h); | 69 | static int buffer_new(BIO *h); |
| 72 | static int buffer_free(BIO *data); | 70 | static int buffer_free(BIO *data); |
| 73 | #else | 71 | static long buffer_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); |
| 74 | static int buffer_write(); | 72 | #define DEFAULT_BUFFER_SIZE 4096 |
| 75 | static int buffer_read(); | ||
| 76 | static int buffer_puts(); | ||
| 77 | static int buffer_gets(); | ||
| 78 | static long buffer_ctrl(); | ||
| 79 | static int buffer_new(); | ||
| 80 | static int buffer_free(); | ||
| 81 | #endif | ||
| 82 | |||
| 83 | #define DEFAULT_BUFFER_SIZE 1024 | ||
| 84 | 73 | ||
| 85 | static BIO_METHOD methods_buffer= | 74 | static BIO_METHOD methods_buffer= |
| 86 | { | 75 | { |
| @@ -93,24 +82,24 @@ static BIO_METHOD methods_buffer= | |||
| 93 | buffer_ctrl, | 82 | buffer_ctrl, |
| 94 | buffer_new, | 83 | buffer_new, |
| 95 | buffer_free, | 84 | buffer_free, |
| 85 | buffer_callback_ctrl, | ||
| 96 | }; | 86 | }; |
| 97 | 87 | ||
| 98 | BIO_METHOD *BIO_f_buffer() | 88 | BIO_METHOD *BIO_f_buffer(void) |
| 99 | { | 89 | { |
| 100 | return(&methods_buffer); | 90 | return(&methods_buffer); |
| 101 | } | 91 | } |
| 102 | 92 | ||
| 103 | static int buffer_new(bi) | 93 | static int buffer_new(BIO *bi) |
| 104 | BIO *bi; | ||
| 105 | { | 94 | { |
| 106 | BIO_F_BUFFER_CTX *ctx; | 95 | BIO_F_BUFFER_CTX *ctx; |
| 107 | 96 | ||
| 108 | ctx=(BIO_F_BUFFER_CTX *)Malloc(sizeof(BIO_F_BUFFER_CTX)); | 97 | ctx=(BIO_F_BUFFER_CTX *)OPENSSL_malloc(sizeof(BIO_F_BUFFER_CTX)); |
| 109 | if (ctx == NULL) return(0); | 98 | if (ctx == NULL) return(0); |
| 110 | ctx->ibuf=(char *)Malloc(DEFAULT_BUFFER_SIZE); | 99 | ctx->ibuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); |
| 111 | if (ctx->ibuf == NULL) { Free(ctx); return(0); } | 100 | if (ctx->ibuf == NULL) { OPENSSL_free(ctx); return(0); } |
| 112 | ctx->obuf=(char *)Malloc(DEFAULT_BUFFER_SIZE); | 101 | ctx->obuf=(char *)OPENSSL_malloc(DEFAULT_BUFFER_SIZE); |
| 113 | if (ctx->obuf == NULL) { Free(ctx->ibuf); Free(ctx); return(0); } | 102 | if (ctx->obuf == NULL) { OPENSSL_free(ctx->ibuf); OPENSSL_free(ctx); return(0); } |
| 114 | ctx->ibuf_size=DEFAULT_BUFFER_SIZE; | 103 | ctx->ibuf_size=DEFAULT_BUFFER_SIZE; |
| 115 | ctx->obuf_size=DEFAULT_BUFFER_SIZE; | 104 | ctx->obuf_size=DEFAULT_BUFFER_SIZE; |
| 116 | ctx->ibuf_len=0; | 105 | ctx->ibuf_len=0; |
| @@ -124,26 +113,22 @@ BIO *bi; | |||
| 124 | return(1); | 113 | return(1); |
| 125 | } | 114 | } |
| 126 | 115 | ||
| 127 | static int buffer_free(a) | 116 | static int buffer_free(BIO *a) |
| 128 | BIO *a; | ||
| 129 | { | 117 | { |
| 130 | BIO_F_BUFFER_CTX *b; | 118 | BIO_F_BUFFER_CTX *b; |
| 131 | 119 | ||
| 132 | if (a == NULL) return(0); | 120 | if (a == NULL) return(0); |
| 133 | b=(BIO_F_BUFFER_CTX *)a->ptr; | 121 | b=(BIO_F_BUFFER_CTX *)a->ptr; |
| 134 | if (b->ibuf != NULL) Free(b->ibuf); | 122 | if (b->ibuf != NULL) OPENSSL_free(b->ibuf); |
| 135 | if (b->obuf != NULL) Free(b->obuf); | 123 | if (b->obuf != NULL) OPENSSL_free(b->obuf); |
| 136 | Free(a->ptr); | 124 | OPENSSL_free(a->ptr); |
| 137 | a->ptr=NULL; | 125 | a->ptr=NULL; |
| 138 | a->init=0; | 126 | a->init=0; |
| 139 | a->flags=0; | 127 | a->flags=0; |
| 140 | return(1); | 128 | return(1); |
| 141 | } | 129 | } |
| 142 | 130 | ||
| 143 | static int buffer_read(b,out,outl) | 131 | static int buffer_read(BIO *b, char *out, int outl) |
| 144 | BIO *b; | ||
| 145 | char *out; | ||
| 146 | int outl; | ||
| 147 | { | 132 | { |
| 148 | int i,num=0; | 133 | int i,num=0; |
| 149 | BIO_F_BUFFER_CTX *ctx; | 134 | BIO_F_BUFFER_CTX *ctx; |
| @@ -209,10 +194,7 @@ start: | |||
| 209 | goto start; | 194 | goto start; |
| 210 | } | 195 | } |
| 211 | 196 | ||
| 212 | static int buffer_write(b,in,inl) | 197 | static int buffer_write(BIO *b, const char *in, int inl) |
| 213 | BIO *b; | ||
| 214 | char *in; | ||
| 215 | int inl; | ||
| 216 | { | 198 | { |
| 217 | int i,num=0; | 199 | int i,num=0; |
| 218 | BIO_F_BUFFER_CTX *ctx; | 200 | BIO_F_BUFFER_CTX *ctx; |
| @@ -285,11 +267,7 @@ start: | |||
| 285 | goto start; | 267 | goto start; |
| 286 | } | 268 | } |
| 287 | 269 | ||
| 288 | static long buffer_ctrl(b,cmd,num,ptr) | 270 | static long buffer_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 289 | BIO *b; | ||
| 290 | int cmd; | ||
| 291 | long num; | ||
| 292 | char *ptr; | ||
| 293 | { | 271 | { |
| 294 | BIO *dbio; | 272 | BIO *dbio; |
| 295 | BIO_F_BUFFER_CTX *ctx; | 273 | BIO_F_BUFFER_CTX *ctx; |
| @@ -307,6 +285,7 @@ char *ptr; | |||
| 307 | ctx->ibuf_len=0; | 285 | ctx->ibuf_len=0; |
| 308 | ctx->obuf_off=0; | 286 | ctx->obuf_off=0; |
| 309 | ctx->obuf_len=0; | 287 | ctx->obuf_len=0; |
| 288 | if (b->next_bio == NULL) return(0); | ||
| 310 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 289 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 311 | break; | 290 | break; |
| 312 | case BIO_CTRL_INFO: | 291 | case BIO_CTRL_INFO: |
| @@ -323,19 +302,25 @@ char *ptr; | |||
| 323 | case BIO_CTRL_WPENDING: | 302 | case BIO_CTRL_WPENDING: |
| 324 | ret=(long)ctx->obuf_len; | 303 | ret=(long)ctx->obuf_len; |
| 325 | if (ret == 0) | 304 | if (ret == 0) |
| 305 | { | ||
| 306 | if (b->next_bio == NULL) return(0); | ||
| 326 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 307 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 308 | } | ||
| 327 | break; | 309 | break; |
| 328 | case BIO_CTRL_PENDING: | 310 | case BIO_CTRL_PENDING: |
| 329 | ret=(long)ctx->ibuf_len; | 311 | ret=(long)ctx->ibuf_len; |
| 330 | if (ret == 0) | 312 | if (ret == 0) |
| 313 | { | ||
| 314 | if (b->next_bio == NULL) return(0); | ||
| 331 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 315 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 316 | } | ||
| 332 | break; | 317 | break; |
| 333 | case BIO_C_SET_BUFF_READ_DATA: | 318 | case BIO_C_SET_BUFF_READ_DATA: |
| 334 | if (num > ctx->ibuf_size) | 319 | if (num > ctx->ibuf_size) |
| 335 | { | 320 | { |
| 336 | p1=Malloc((int)num); | 321 | p1=OPENSSL_malloc((int)num); |
| 337 | if (p1 == NULL) goto malloc_error; | 322 | if (p1 == NULL) goto malloc_error; |
| 338 | if (ctx->ibuf != NULL) Free(ctx->ibuf); | 323 | if (ctx->ibuf != NULL) OPENSSL_free(ctx->ibuf); |
| 339 | ctx->ibuf=p1; | 324 | ctx->ibuf=p1; |
| 340 | } | 325 | } |
| 341 | ctx->ibuf_off=0; | 326 | ctx->ibuf_off=0; |
| @@ -367,21 +352,21 @@ char *ptr; | |||
| 367 | p2=ctx->obuf; | 352 | p2=ctx->obuf; |
| 368 | if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) | 353 | if ((ibs > DEFAULT_BUFFER_SIZE) && (ibs != ctx->ibuf_size)) |
| 369 | { | 354 | { |
| 370 | p1=(char *)Malloc((int)num); | 355 | p1=(char *)OPENSSL_malloc((int)num); |
| 371 | if (p1 == NULL) goto malloc_error; | 356 | if (p1 == NULL) goto malloc_error; |
| 372 | } | 357 | } |
| 373 | if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) | 358 | if ((obs > DEFAULT_BUFFER_SIZE) && (obs != ctx->obuf_size)) |
| 374 | { | 359 | { |
| 375 | p2=(char *)Malloc((int)num); | 360 | p2=(char *)OPENSSL_malloc((int)num); |
| 376 | if (p2 == NULL) | 361 | if (p2 == NULL) |
| 377 | { | 362 | { |
| 378 | if (p1 != ctx->ibuf) Free(p1); | 363 | if (p1 != ctx->ibuf) OPENSSL_free(p1); |
| 379 | goto malloc_error; | 364 | goto malloc_error; |
| 380 | } | 365 | } |
| 381 | } | 366 | } |
| 382 | if (ctx->ibuf != p1) | 367 | if (ctx->ibuf != p1) |
| 383 | { | 368 | { |
| 384 | Free(ctx->ibuf); | 369 | OPENSSL_free(ctx->ibuf); |
| 385 | ctx->ibuf=p1; | 370 | ctx->ibuf=p1; |
| 386 | ctx->ibuf_off=0; | 371 | ctx->ibuf_off=0; |
| 387 | ctx->ibuf_len=0; | 372 | ctx->ibuf_len=0; |
| @@ -389,7 +374,7 @@ char *ptr; | |||
| 389 | } | 374 | } |
| 390 | if (ctx->obuf != p2) | 375 | if (ctx->obuf != p2) |
| 391 | { | 376 | { |
| 392 | Free(ctx->obuf); | 377 | OPENSSL_free(ctx->obuf); |
| 393 | ctx->obuf=p2; | 378 | ctx->obuf=p2; |
| 394 | ctx->obuf_off=0; | 379 | ctx->obuf_off=0; |
| 395 | ctx->obuf_len=0; | 380 | ctx->obuf_len=0; |
| @@ -397,12 +382,14 @@ char *ptr; | |||
| 397 | } | 382 | } |
| 398 | break; | 383 | break; |
| 399 | case BIO_C_DO_STATE_MACHINE: | 384 | case BIO_C_DO_STATE_MACHINE: |
| 385 | if (b->next_bio == NULL) return(0); | ||
| 400 | BIO_clear_retry_flags(b); | 386 | BIO_clear_retry_flags(b); |
| 401 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 387 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 402 | BIO_copy_next_retry(b); | 388 | BIO_copy_next_retry(b); |
| 403 | break; | 389 | break; |
| 404 | 390 | ||
| 405 | case BIO_CTRL_FLUSH: | 391 | case BIO_CTRL_FLUSH: |
| 392 | if (b->next_bio == NULL) return(0); | ||
| 406 | if (ctx->obuf_len <= 0) | 393 | if (ctx->obuf_len <= 0) |
| 407 | { | 394 | { |
| 408 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 395 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| @@ -432,6 +419,7 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_ | |||
| 432 | break; | 419 | break; |
| 433 | } | 420 | } |
| 434 | } | 421 | } |
| 422 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | ||
| 435 | break; | 423 | break; |
| 436 | case BIO_CTRL_DUP: | 424 | case BIO_CTRL_DUP: |
| 437 | dbio=(BIO *)ptr; | 425 | dbio=(BIO *)ptr; |
| @@ -440,6 +428,7 @@ fprintf(stderr,"FLUSH [%3d] %3d -> %3d\n",ctx->obuf_off,ctx->obuf_len-ctx->obuf_ | |||
| 440 | ret=0; | 428 | ret=0; |
| 441 | break; | 429 | break; |
| 442 | default: | 430 | default: |
| 431 | if (b->next_bio == NULL) return(0); | ||
| 443 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 432 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 444 | break; | 433 | break; |
| 445 | } | 434 | } |
| @@ -449,10 +438,21 @@ malloc_error: | |||
| 449 | return(0); | 438 | return(0); |
| 450 | } | 439 | } |
| 451 | 440 | ||
| 452 | static int buffer_gets(b,buf,size) | 441 | static long buffer_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 453 | BIO *b; | 442 | { |
| 454 | char *buf; | 443 | long ret=1; |
| 455 | int size; | 444 | |
| 445 | if (b->next_bio == NULL) return(0); | ||
| 446 | switch (cmd) | ||
| 447 | { | ||
| 448 | default: | ||
| 449 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 450 | break; | ||
| 451 | } | ||
| 452 | return(ret); | ||
| 453 | } | ||
| 454 | |||
| 455 | static int buffer_gets(BIO *b, char *buf, int size) | ||
| 456 | { | 456 | { |
| 457 | BIO_F_BUFFER_CTX *ctx; | 457 | BIO_F_BUFFER_CTX *ctx; |
| 458 | int num=0,i,flag; | 458 | int num=0,i,flag; |
| @@ -503,10 +503,8 @@ int size; | |||
| 503 | } | 503 | } |
| 504 | } | 504 | } |
| 505 | 505 | ||
| 506 | static int buffer_puts(b,str) | 506 | static int buffer_puts(BIO *b, const char *str) |
| 507 | BIO *b; | ||
| 508 | char *str; | ||
| 509 | { | 507 | { |
| 510 | return(BIO_write(b,str,strlen(str))); | 508 | return(buffer_write(b,str,strlen(str))); |
| 511 | } | 509 | } |
| 512 | 510 | ||
diff --git a/src/lib/libcrypto/bio/bf_lbuf.c b/src/lib/libcrypto/bio/bf_lbuf.c index 7bcf8ed941..ec0f7eb0b7 100644 --- a/src/lib/libcrypto/bio/bf_lbuf.c +++ b/src/lib/libcrypto/bio/bf_lbuf.c | |||
| @@ -200,7 +200,7 @@ static int linebuffer_write(BIO *b, const char *in, int inl) | |||
| 200 | } | 200 | } |
| 201 | } | 201 | } |
| 202 | 202 | ||
| 203 | #ifdef DEBUG | 203 | #if 0 |
| 204 | BIO_write(b->next_bio, "<*<", 3); | 204 | BIO_write(b->next_bio, "<*<", 3); |
| 205 | #endif | 205 | #endif |
| 206 | i=BIO_write(b->next_bio, | 206 | i=BIO_write(b->next_bio, |
| @@ -210,13 +210,13 @@ BIO_write(b->next_bio, "<*<", 3); | |||
| 210 | ctx->obuf_len = orig_olen; | 210 | ctx->obuf_len = orig_olen; |
| 211 | BIO_copy_next_retry(b); | 211 | BIO_copy_next_retry(b); |
| 212 | 212 | ||
| 213 | #ifdef DEBUG | 213 | #if 0 |
| 214 | BIO_write(b->next_bio, ">*>", 3); | 214 | BIO_write(b->next_bio, ">*>", 3); |
| 215 | #endif | 215 | #endif |
| 216 | if (i < 0) return((num > 0)?num:i); | 216 | if (i < 0) return((num > 0)?num:i); |
| 217 | if (i == 0) return(num); | 217 | if (i == 0) return(num); |
| 218 | } | 218 | } |
| 219 | #ifdef DEBUG | 219 | #if 0 |
| 220 | BIO_write(b->next_bio, ">*>", 3); | 220 | BIO_write(b->next_bio, ">*>", 3); |
| 221 | #endif | 221 | #endif |
| 222 | if (i < ctx->obuf_len) | 222 | if (i < ctx->obuf_len) |
| @@ -229,20 +229,20 @@ BIO_write(b->next_bio, ">*>", 3); | |||
| 229 | buffer if a NL was found and there is anything to write. */ | 229 | buffer if a NL was found and there is anything to write. */ |
| 230 | if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) | 230 | if ((foundnl || p - in > ctx->obuf_size) && p - in > 0) |
| 231 | { | 231 | { |
| 232 | #ifdef DEBUG | 232 | #if 0 |
| 233 | BIO_write(b->next_bio, "<*<", 3); | 233 | BIO_write(b->next_bio, "<*<", 3); |
| 234 | #endif | 234 | #endif |
| 235 | i=BIO_write(b->next_bio,in,p - in); | 235 | i=BIO_write(b->next_bio,in,p - in); |
| 236 | if (i <= 0) | 236 | if (i <= 0) |
| 237 | { | 237 | { |
| 238 | BIO_copy_next_retry(b); | 238 | BIO_copy_next_retry(b); |
| 239 | #ifdef DEBUG | 239 | #if 0 |
| 240 | BIO_write(b->next_bio, ">*>", 3); | 240 | BIO_write(b->next_bio, ">*>", 3); |
| 241 | #endif | 241 | #endif |
| 242 | if (i < 0) return((num > 0)?num:i); | 242 | if (i < 0) return((num > 0)?num:i); |
| 243 | if (i == 0) return(num); | 243 | if (i == 0) return(num); |
| 244 | } | 244 | } |
| 245 | #ifdef DEBUG | 245 | #if 0 |
| 246 | BIO_write(b->next_bio, ">*>", 3); | 246 | BIO_write(b->next_bio, ">*>", 3); |
| 247 | #endif | 247 | #endif |
| 248 | num+=i; | 248 | num+=i; |
diff --git a/src/lib/libcrypto/bio/bf_nbio.c b/src/lib/libcrypto/bio/bf_nbio.c index 034b3024df..1ce2bfacc0 100644 --- a/src/lib/libcrypto/bio/bf_nbio.c +++ b/src/lib/libcrypto/bio/bf_nbio.c | |||
| @@ -59,31 +59,20 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "rand.h" | 62 | #include <openssl/rand.h> |
| 63 | #include "bio.h" | 63 | #include <openssl/bio.h> |
| 64 | #include "evp.h" | ||
| 65 | 64 | ||
| 66 | /* BIO_put and BIO_get both add to the digest, | 65 | /* BIO_put and BIO_get both add to the digest, |
| 67 | * BIO_gets returns the digest */ | 66 | * BIO_gets returns the digest */ |
| 68 | 67 | ||
| 69 | #ifndef NOPROTO | 68 | static int nbiof_write(BIO *h,const char *buf,int num); |
| 70 | static int nbiof_write(BIO *h,char *buf,int num); | ||
| 71 | static int nbiof_read(BIO *h,char *buf,int size); | 69 | static int nbiof_read(BIO *h,char *buf,int size); |
| 72 | static int nbiof_puts(BIO *h,char *str); | 70 | static int nbiof_puts(BIO *h,const char *str); |
| 73 | static int nbiof_gets(BIO *h,char *str,int size); | 71 | static int nbiof_gets(BIO *h,char *str,int size); |
| 74 | static long nbiof_ctrl(BIO *h,int cmd,long arg1,char *arg2); | 72 | static long nbiof_ctrl(BIO *h,int cmd,long arg1,void *arg2); |
| 75 | static int nbiof_new(BIO *h); | 73 | static int nbiof_new(BIO *h); |
| 76 | static int nbiof_free(BIO *data); | 74 | static int nbiof_free(BIO *data); |
| 77 | #else | 75 | static long nbiof_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); |
| 78 | static int nbiof_write(); | ||
| 79 | static int nbiof_read(); | ||
| 80 | static int nbiof_puts(); | ||
| 81 | static int nbiof_gets(); | ||
| 82 | static long nbiof_ctrl(); | ||
| 83 | static int nbiof_new(); | ||
| 84 | static int nbiof_free(); | ||
| 85 | #endif | ||
| 86 | |||
| 87 | typedef struct nbio_test_st | 76 | typedef struct nbio_test_st |
| 88 | { | 77 | { |
| 89 | /* only set if we sent a 'should retry' error */ | 78 | /* only set if we sent a 'should retry' error */ |
| @@ -102,19 +91,19 @@ static BIO_METHOD methods_nbiof= | |||
| 102 | nbiof_ctrl, | 91 | nbiof_ctrl, |
| 103 | nbiof_new, | 92 | nbiof_new, |
| 104 | nbiof_free, | 93 | nbiof_free, |
| 94 | nbiof_callback_ctrl, | ||
| 105 | }; | 95 | }; |
| 106 | 96 | ||
| 107 | BIO_METHOD *BIO_f_nbio_test() | 97 | BIO_METHOD *BIO_f_nbio_test(void) |
| 108 | { | 98 | { |
| 109 | return(&methods_nbiof); | 99 | return(&methods_nbiof); |
| 110 | } | 100 | } |
| 111 | 101 | ||
| 112 | static int nbiof_new(bi) | 102 | static int nbiof_new(BIO *bi) |
| 113 | BIO *bi; | ||
| 114 | { | 103 | { |
| 115 | NBIO_TEST *nt; | 104 | NBIO_TEST *nt; |
| 116 | 105 | ||
| 117 | nt=(NBIO_TEST *)Malloc(sizeof(NBIO_TEST)); | 106 | if (!(nt=(NBIO_TEST *)OPENSSL_malloc(sizeof(NBIO_TEST)))) return(0); |
| 118 | nt->lrn= -1; | 107 | nt->lrn= -1; |
| 119 | nt->lwn= -1; | 108 | nt->lwn= -1; |
| 120 | bi->ptr=(char *)nt; | 109 | bi->ptr=(char *)nt; |
| @@ -123,22 +112,18 @@ BIO *bi; | |||
| 123 | return(1); | 112 | return(1); |
| 124 | } | 113 | } |
| 125 | 114 | ||
| 126 | static int nbiof_free(a) | 115 | static int nbiof_free(BIO *a) |
| 127 | BIO *a; | ||
| 128 | { | 116 | { |
| 129 | if (a == NULL) return(0); | 117 | if (a == NULL) return(0); |
| 130 | if (a->ptr != NULL) | 118 | if (a->ptr != NULL) |
| 131 | Free(a->ptr); | 119 | OPENSSL_free(a->ptr); |
| 132 | a->ptr=NULL; | 120 | a->ptr=NULL; |
| 133 | a->init=0; | 121 | a->init=0; |
| 134 | a->flags=0; | 122 | a->flags=0; |
| 135 | return(1); | 123 | return(1); |
| 136 | } | 124 | } |
| 137 | 125 | ||
| 138 | static int nbiof_read(b,out,outl) | 126 | static int nbiof_read(BIO *b, char *out, int outl) |
| 139 | BIO *b; | ||
| 140 | char *out; | ||
| 141 | int outl; | ||
| 142 | { | 127 | { |
| 143 | NBIO_TEST *nt; | 128 | NBIO_TEST *nt; |
| 144 | int ret=0; | 129 | int ret=0; |
| @@ -153,7 +138,7 @@ int outl; | |||
| 153 | 138 | ||
| 154 | BIO_clear_retry_flags(b); | 139 | BIO_clear_retry_flags(b); |
| 155 | #if 0 | 140 | #if 0 |
| 156 | RAND_bytes(&n,1); | 141 | RAND_pseudo_bytes(&n,1); |
| 157 | num=(n&0x07); | 142 | num=(n&0x07); |
| 158 | 143 | ||
| 159 | if (outl > num) outl=num; | 144 | if (outl > num) outl=num; |
| @@ -173,10 +158,7 @@ int outl; | |||
| 173 | return(ret); | 158 | return(ret); |
| 174 | } | 159 | } |
| 175 | 160 | ||
| 176 | static int nbiof_write(b,in,inl) | 161 | static int nbiof_write(BIO *b, const char *in, int inl) |
| 177 | BIO *b; | ||
| 178 | char *in; | ||
| 179 | int inl; | ||
| 180 | { | 162 | { |
| 181 | NBIO_TEST *nt; | 163 | NBIO_TEST *nt; |
| 182 | int ret=0; | 164 | int ret=0; |
| @@ -197,7 +179,7 @@ int inl; | |||
| 197 | } | 179 | } |
| 198 | else | 180 | else |
| 199 | { | 181 | { |
| 200 | RAND_bytes(&n,1); | 182 | RAND_pseudo_bytes(&n,1); |
| 201 | num=(n&7); | 183 | num=(n&7); |
| 202 | } | 184 | } |
| 203 | 185 | ||
| @@ -221,11 +203,7 @@ int inl; | |||
| 221 | return(ret); | 203 | return(ret); |
| 222 | } | 204 | } |
| 223 | 205 | ||
| 224 | static long nbiof_ctrl(b,cmd,num,ptr) | 206 | static long nbiof_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 225 | BIO *b; | ||
| 226 | int cmd; | ||
| 227 | long num; | ||
| 228 | char *ptr; | ||
| 229 | { | 207 | { |
| 230 | long ret; | 208 | long ret; |
| 231 | 209 | ||
| @@ -247,19 +225,28 @@ char *ptr; | |||
| 247 | return(ret); | 225 | return(ret); |
| 248 | } | 226 | } |
| 249 | 227 | ||
| 250 | static int nbiof_gets(bp,buf,size) | 228 | static long nbiof_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 251 | BIO *bp; | 229 | { |
| 252 | char *buf; | 230 | long ret=1; |
| 253 | int size; | 231 | |
| 232 | if (b->next_bio == NULL) return(0); | ||
| 233 | switch (cmd) | ||
| 234 | { | ||
| 235 | default: | ||
| 236 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 237 | break; | ||
| 238 | } | ||
| 239 | return(ret); | ||
| 240 | } | ||
| 241 | |||
| 242 | static int nbiof_gets(BIO *bp, char *buf, int size) | ||
| 254 | { | 243 | { |
| 255 | if (bp->next_bio == NULL) return(0); | 244 | if (bp->next_bio == NULL) return(0); |
| 256 | return(BIO_gets(bp->next_bio,buf,size)); | 245 | return(BIO_gets(bp->next_bio,buf,size)); |
| 257 | } | 246 | } |
| 258 | 247 | ||
| 259 | 248 | ||
| 260 | static int nbiof_puts(bp,str) | 249 | static int nbiof_puts(BIO *bp, const char *str) |
| 261 | BIO *bp; | ||
| 262 | char *str; | ||
| 263 | { | 250 | { |
| 264 | if (bp->next_bio == NULL) return(0); | 251 | if (bp->next_bio == NULL) return(0); |
| 265 | return(BIO_puts(bp->next_bio,str)); | 252 | return(BIO_puts(bp->next_bio,str)); |
diff --git a/src/lib/libcrypto/bio/bf_null.c b/src/lib/libcrypto/bio/bf_null.c index a47a65741a..c1bf39a904 100644 --- a/src/lib/libcrypto/bio/bf_null.c +++ b/src/lib/libcrypto/bio/bf_null.c | |||
| @@ -59,30 +59,19 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bio.h" | 62 | #include <openssl/bio.h> |
| 63 | #include "evp.h" | ||
| 64 | 63 | ||
| 65 | /* BIO_put and BIO_get both add to the digest, | 64 | /* BIO_put and BIO_get both add to the digest, |
| 66 | * BIO_gets returns the digest */ | 65 | * BIO_gets returns the digest */ |
| 67 | 66 | ||
| 68 | #ifndef NOPROTO | 67 | static int nullf_write(BIO *h, const char *buf, int num); |
| 69 | static int nullf_write(BIO *h,char *buf,int num); | 68 | static int nullf_read(BIO *h, char *buf, int size); |
| 70 | static int nullf_read(BIO *h,char *buf,int size); | 69 | static int nullf_puts(BIO *h, const char *str); |
| 71 | static int nullf_puts(BIO *h,char *str); | 70 | static int nullf_gets(BIO *h, char *str, int size); |
| 72 | static int nullf_gets(BIO *h,char *str,int size); | 71 | static long nullf_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 73 | static long nullf_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 74 | static int nullf_new(BIO *h); | 72 | static int nullf_new(BIO *h); |
| 75 | static int nullf_free(BIO *data); | 73 | static int nullf_free(BIO *data); |
| 76 | #else | 74 | static long nullf_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); |
| 77 | static int nullf_write(); | ||
| 78 | static int nullf_read(); | ||
| 79 | static int nullf_puts(); | ||
| 80 | static int nullf_gets(); | ||
| 81 | static long nullf_ctrl(); | ||
| 82 | static int nullf_new(); | ||
| 83 | static int nullf_free(); | ||
| 84 | #endif | ||
| 85 | |||
| 86 | static BIO_METHOD methods_nullf= | 75 | static BIO_METHOD methods_nullf= |
| 87 | { | 76 | { |
| 88 | BIO_TYPE_NULL_FILTER, | 77 | BIO_TYPE_NULL_FILTER, |
| @@ -94,15 +83,15 @@ static BIO_METHOD methods_nullf= | |||
| 94 | nullf_ctrl, | 83 | nullf_ctrl, |
| 95 | nullf_new, | 84 | nullf_new, |
| 96 | nullf_free, | 85 | nullf_free, |
| 86 | nullf_callback_ctrl, | ||
| 97 | }; | 87 | }; |
| 98 | 88 | ||
| 99 | BIO_METHOD *BIO_f_null() | 89 | BIO_METHOD *BIO_f_null(void) |
| 100 | { | 90 | { |
| 101 | return(&methods_nullf); | 91 | return(&methods_nullf); |
| 102 | } | 92 | } |
| 103 | 93 | ||
| 104 | static int nullf_new(bi) | 94 | static int nullf_new(BIO *bi) |
| 105 | BIO *bi; | ||
| 106 | { | 95 | { |
| 107 | bi->init=1; | 96 | bi->init=1; |
| 108 | bi->ptr=NULL; | 97 | bi->ptr=NULL; |
| @@ -110,8 +99,7 @@ BIO *bi; | |||
| 110 | return(1); | 99 | return(1); |
| 111 | } | 100 | } |
| 112 | 101 | ||
| 113 | static int nullf_free(a) | 102 | static int nullf_free(BIO *a) |
| 114 | BIO *a; | ||
| 115 | { | 103 | { |
| 116 | if (a == NULL) return(0); | 104 | if (a == NULL) return(0); |
| 117 | /* a->ptr=NULL; | 105 | /* a->ptr=NULL; |
| @@ -120,10 +108,7 @@ BIO *a; | |||
| 120 | return(1); | 108 | return(1); |
| 121 | } | 109 | } |
| 122 | 110 | ||
| 123 | static int nullf_read(b,out,outl) | 111 | static int nullf_read(BIO *b, char *out, int outl) |
| 124 | BIO *b; | ||
| 125 | char *out; | ||
| 126 | int outl; | ||
| 127 | { | 112 | { |
| 128 | int ret=0; | 113 | int ret=0; |
| 129 | 114 | ||
| @@ -135,10 +120,7 @@ int outl; | |||
| 135 | return(ret); | 120 | return(ret); |
| 136 | } | 121 | } |
| 137 | 122 | ||
| 138 | static int nullf_write(b,in,inl) | 123 | static int nullf_write(BIO *b, const char *in, int inl) |
| 139 | BIO *b; | ||
| 140 | char *in; | ||
| 141 | int inl; | ||
| 142 | { | 124 | { |
| 143 | int ret=0; | 125 | int ret=0; |
| 144 | 126 | ||
| @@ -150,11 +132,7 @@ int inl; | |||
| 150 | return(ret); | 132 | return(ret); |
| 151 | } | 133 | } |
| 152 | 134 | ||
| 153 | static long nullf_ctrl(b,cmd,num,ptr) | 135 | static long nullf_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 154 | BIO *b; | ||
| 155 | int cmd; | ||
| 156 | long num; | ||
| 157 | char *ptr; | ||
| 158 | { | 136 | { |
| 159 | long ret; | 137 | long ret; |
| 160 | 138 | ||
| @@ -175,19 +153,28 @@ char *ptr; | |||
| 175 | return(ret); | 153 | return(ret); |
| 176 | } | 154 | } |
| 177 | 155 | ||
| 178 | static int nullf_gets(bp,buf,size) | 156 | static long nullf_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 179 | BIO *bp; | 157 | { |
| 180 | char *buf; | 158 | long ret=1; |
| 181 | int size; | 159 | |
| 160 | if (b->next_bio == NULL) return(0); | ||
| 161 | switch (cmd) | ||
| 162 | { | ||
| 163 | default: | ||
| 164 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 165 | break; | ||
| 166 | } | ||
| 167 | return(ret); | ||
| 168 | } | ||
| 169 | |||
| 170 | static int nullf_gets(BIO *bp, char *buf, int size) | ||
| 182 | { | 171 | { |
| 183 | if (bp->next_bio == NULL) return(0); | 172 | if (bp->next_bio == NULL) return(0); |
| 184 | return(BIO_gets(bp->next_bio,buf,size)); | 173 | return(BIO_gets(bp->next_bio,buf,size)); |
| 185 | } | 174 | } |
| 186 | 175 | ||
| 187 | 176 | ||
| 188 | static int nullf_puts(bp,str) | 177 | static int nullf_puts(BIO *bp, const char *str) |
| 189 | BIO *bp; | ||
| 190 | char *str; | ||
| 191 | { | 178 | { |
| 192 | if (bp->next_bio == NULL) return(0); | 179 | if (bp->next_bio == NULL) return(0); |
| 193 | return(BIO_puts(bp->next_bio,str)); | 180 | return(BIO_puts(bp->next_bio,str)); |
diff --git a/src/lib/libcrypto/bio/bio.h b/src/lib/libcrypto/bio/bio.h index 300b330e00..b122c7069d 100644 --- a/src/lib/libcrypto/bio/bio.h +++ b/src/lib/libcrypto/bio/bio.h | |||
| @@ -59,12 +59,18 @@ | |||
| 59 | #ifndef HEADER_BIO_H | 59 | #ifndef HEADER_BIO_H |
| 60 | #define HEADER_BIO_H | 60 | #define HEADER_BIO_H |
| 61 | 61 | ||
| 62 | #ifndef OPENSSL_NO_FP_API | ||
| 63 | # include <stdio.h> | ||
| 64 | #endif | ||
| 65 | #include <stdarg.h> | ||
| 66 | |||
| 67 | #include <openssl/crypto.h> | ||
| 68 | #include <openssl/e_os2.h> | ||
| 69 | |||
| 62 | #ifdef __cplusplus | 70 | #ifdef __cplusplus |
| 63 | extern "C" { | 71 | extern "C" { |
| 64 | #endif | 72 | #endif |
| 65 | 73 | ||
| 66 | #include "crypto.h" | ||
| 67 | |||
| 68 | /* These are the 'types' of BIOs */ | 74 | /* These are the 'types' of BIOs */ |
| 69 | #define BIO_TYPE_NONE 0 | 75 | #define BIO_TYPE_NONE 0 |
| 70 | #define BIO_TYPE_MEM (1|0x0400) | 76 | #define BIO_TYPE_MEM (1|0x0400) |
| @@ -74,7 +80,7 @@ extern "C" { | |||
| 74 | #define BIO_TYPE_SOCKET (5|0x0400|0x0100) | 80 | #define BIO_TYPE_SOCKET (5|0x0400|0x0100) |
| 75 | #define BIO_TYPE_NULL (6|0x0400) | 81 | #define BIO_TYPE_NULL (6|0x0400) |
| 76 | #define BIO_TYPE_SSL (7|0x0200) | 82 | #define BIO_TYPE_SSL (7|0x0200) |
| 77 | #define BIO_TYPE_MD (8|0x0200) /* pasive filter */ | 83 | #define BIO_TYPE_MD (8|0x0200) /* passive filter */ |
| 78 | #define BIO_TYPE_BUFFER (9|0x0200) /* filter */ | 84 | #define BIO_TYPE_BUFFER (9|0x0200) /* filter */ |
| 79 | #define BIO_TYPE_CIPHER (10|0x0200) /* filter */ | 85 | #define BIO_TYPE_CIPHER (10|0x0200) /* filter */ |
| 80 | #define BIO_TYPE_BASE64 (11|0x0200) /* filter */ | 86 | #define BIO_TYPE_BASE64 (11|0x0200) /* filter */ |
| @@ -84,6 +90,9 @@ extern "C" { | |||
| 84 | #define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ | 90 | #define BIO_TYPE_PROXY_SERVER (15|0x0200) /* server proxy BIO */ |
| 85 | #define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ | 91 | #define BIO_TYPE_NBIO_TEST (16|0x0200) /* server proxy BIO */ |
| 86 | #define BIO_TYPE_NULL_FILTER (17|0x0200) | 92 | #define BIO_TYPE_NULL_FILTER (17|0x0200) |
| 93 | #define BIO_TYPE_BER (18|0x0200) /* BER -> bin filter */ | ||
| 94 | #define BIO_TYPE_BIO (19|0x0400) /* (half a) BIO pair */ | ||
| 95 | #define BIO_TYPE_LINEBUFFER (20|0x0200) /* filter */ | ||
| 87 | 96 | ||
| 88 | #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ | 97 | #define BIO_TYPE_DESCRIPTOR 0x0100 /* socket, fd, connect or accept */ |
| 89 | #define BIO_TYPE_FILTER 0x0200 | 98 | #define BIO_TYPE_FILTER 0x0200 |
| @@ -143,6 +152,11 @@ extern "C" { | |||
| 143 | 152 | ||
| 144 | #define BIO_FLAGS_BASE64_NO_NL 0x100 | 153 | #define BIO_FLAGS_BASE64_NO_NL 0x100 |
| 145 | 154 | ||
| 155 | /* This is used with memory BIOs: it means we shouldn't free up or change the | ||
| 156 | * data in any way. | ||
| 157 | */ | ||
| 158 | #define BIO_FLAGS_MEM_RDONLY 0x200 | ||
| 159 | |||
| 146 | #define BIO_set_flags(b,f) ((b)->flags|=(f)) | 160 | #define BIO_set_flags(b,f) ((b)->flags|=(f)) |
| 147 | #define BIO_get_flags(b) ((b)->flags) | 161 | #define BIO_get_flags(b) ((b)->flags) |
| 148 | #define BIO_set_retry_special(b) \ | 162 | #define BIO_set_retry_special(b) \ |
| @@ -159,14 +173,14 @@ extern "C" { | |||
| 159 | #define BIO_get_retry_flags(b) \ | 173 | #define BIO_get_retry_flags(b) \ |
| 160 | ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) | 174 | ((b)->flags&(BIO_FLAGS_RWS|BIO_FLAGS_SHOULD_RETRY)) |
| 161 | 175 | ||
| 162 | /* These shouldbe used by the application to tell why we should retry */ | 176 | /* These should be used by the application to tell why we should retry */ |
| 163 | #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) | 177 | #define BIO_should_read(a) ((a)->flags & BIO_FLAGS_READ) |
| 164 | #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) | 178 | #define BIO_should_write(a) ((a)->flags & BIO_FLAGS_WRITE) |
| 165 | #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) | 179 | #define BIO_should_io_special(a) ((a)->flags & BIO_FLAGS_IO_SPECIAL) |
| 166 | #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) | 180 | #define BIO_retry_type(a) ((a)->flags & BIO_FLAGS_RWS) |
| 167 | #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) | 181 | #define BIO_should_retry(a) ((a)->flags & BIO_FLAGS_SHOULD_RETRY) |
| 168 | 182 | ||
| 169 | /* The next two are used in conjunction with the | 183 | /* The next three are used in conjunction with the |
| 170 | * BIO_should_io_special() condition. After this returns true, | 184 | * BIO_should_io_special() condition. After this returns true, |
| 171 | * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO | 185 | * BIO *BIO_get_retry_BIO(BIO *bio, int *reason); will walk the BIO |
| 172 | * stack and return the 'reason' for the special and the offending BIO. | 186 | * stack and return the 'reason' for the special and the offending BIO. |
| @@ -175,6 +189,8 @@ extern "C" { | |||
| 175 | #define BIO_RR_SSL_X509_LOOKUP 0x01 | 189 | #define BIO_RR_SSL_X509_LOOKUP 0x01 |
| 176 | /* Returned from the connect BIO when a connect would have blocked */ | 190 | /* Returned from the connect BIO when a connect would have blocked */ |
| 177 | #define BIO_RR_CONNECT 0x02 | 191 | #define BIO_RR_CONNECT 0x02 |
| 192 | /* Returned from the accept BIO when an accept would have blocked */ | ||
| 193 | #define BIO_RR_ACCEPT 0x03 | ||
| 178 | 194 | ||
| 179 | /* These are passed by the BIO callback */ | 195 | /* These are passed by the BIO callback */ |
| 180 | #define BIO_CB_FREE 0x01 | 196 | #define BIO_CB_FREE 0x01 |
| @@ -198,24 +214,29 @@ extern "C" { | |||
| 198 | #define BIO_method_name(b) ((b)->method->name) | 214 | #define BIO_method_name(b) ((b)->method->name) |
| 199 | #define BIO_method_type(b) ((b)->method->type) | 215 | #define BIO_method_type(b) ((b)->method->type) |
| 200 | 216 | ||
| 201 | #ifndef WIN16 | 217 | typedef struct bio_st BIO; |
| 218 | |||
| 219 | typedef void bio_info_cb(struct bio_st *, int, const char *, int, long, long); | ||
| 220 | |||
| 221 | #ifndef OPENSSL_SYS_WIN16 | ||
| 202 | typedef struct bio_method_st | 222 | typedef struct bio_method_st |
| 203 | { | 223 | { |
| 204 | int type; | 224 | int type; |
| 205 | char *name; | 225 | const char *name; |
| 206 | int (*bwrite)(); | 226 | int (*bwrite)(BIO *, const char *, int); |
| 207 | int (*bread)(); | 227 | int (*bread)(BIO *, char *, int); |
| 208 | int (*bputs)(); | 228 | int (*bputs)(BIO *, const char *); |
| 209 | int (*bgets)(); | 229 | int (*bgets)(BIO *, char *, int); |
| 210 | long (*ctrl)(); | 230 | long (*ctrl)(BIO *, int, long, void *); |
| 211 | int (*create)(); | 231 | int (*create)(BIO *); |
| 212 | int (*destroy)(); | 232 | int (*destroy)(BIO *); |
| 233 | long (*callback_ctrl)(BIO *, int, bio_info_cb *); | ||
| 213 | } BIO_METHOD; | 234 | } BIO_METHOD; |
| 214 | #else | 235 | #else |
| 215 | typedef struct bio_method_st | 236 | typedef struct bio_method_st |
| 216 | { | 237 | { |
| 217 | int type; | 238 | int type; |
| 218 | char *name; | 239 | const char *name; |
| 219 | int (_far *bwrite)(); | 240 | int (_far *bwrite)(); |
| 220 | int (_far *bread)(); | 241 | int (_far *bread)(); |
| 221 | int (_far *bputs)(); | 242 | int (_far *bputs)(); |
| @@ -223,18 +244,15 @@ typedef struct bio_method_st | |||
| 223 | long (_far *ctrl)(); | 244 | long (_far *ctrl)(); |
| 224 | int (_far *create)(); | 245 | int (_far *create)(); |
| 225 | int (_far *destroy)(); | 246 | int (_far *destroy)(); |
| 247 | long (_fat *callback_ctrl)(); | ||
| 226 | } BIO_METHOD; | 248 | } BIO_METHOD; |
| 227 | #endif | 249 | #endif |
| 228 | 250 | ||
| 229 | typedef struct bio_st | 251 | struct bio_st |
| 230 | { | 252 | { |
| 231 | BIO_METHOD *method; | 253 | BIO_METHOD *method; |
| 232 | #ifndef NOPROTO | ||
| 233 | /* bio, mode, argp, argi, argl, ret */ | 254 | /* bio, mode, argp, argi, argl, ret */ |
| 234 | long (*callback)(struct bio_st *,int,char *,int, long,long); | 255 | long (*callback)(struct bio_st *,int,const char *,int, long,long); |
| 235 | #else | ||
| 236 | long (*callback)(); | ||
| 237 | #endif | ||
| 238 | char *cb_arg; /* first argument for the callback */ | 256 | char *cb_arg; /* first argument for the callback */ |
| 239 | 257 | ||
| 240 | int init; | 258 | int init; |
| @@ -242,7 +260,7 @@ typedef struct bio_st | |||
| 242 | int flags; /* extra storage */ | 260 | int flags; /* extra storage */ |
| 243 | int retry_reason; | 261 | int retry_reason; |
| 244 | int num; | 262 | int num; |
| 245 | char *ptr; | 263 | void *ptr; |
| 246 | struct bio_st *next_bio; /* used by filter BIOs */ | 264 | struct bio_st *next_bio; /* used by filter BIOs */ |
| 247 | struct bio_st *prev_bio; /* used by filter BIOs */ | 265 | struct bio_st *prev_bio; /* used by filter BIOs */ |
| 248 | int references; | 266 | int references; |
| @@ -250,7 +268,9 @@ typedef struct bio_st | |||
| 250 | unsigned long num_write; | 268 | unsigned long num_write; |
| 251 | 269 | ||
| 252 | CRYPTO_EX_DATA ex_data; | 270 | CRYPTO_EX_DATA ex_data; |
| 253 | } BIO; | 271 | }; |
| 272 | |||
| 273 | DECLARE_STACK_OF(BIO) | ||
| 254 | 274 | ||
| 255 | typedef struct bio_f_buffer_ctx_struct | 275 | typedef struct bio_f_buffer_ctx_struct |
| 256 | { | 276 | { |
| @@ -276,10 +296,7 @@ typedef struct bio_f_buffer_ctx_struct | |||
| 276 | #define BIO_CONN_S_OK 6 | 296 | #define BIO_CONN_S_OK 6 |
| 277 | #define BIO_CONN_S_BLOCKED_CONNECT 7 | 297 | #define BIO_CONN_S_BLOCKED_CONNECT 7 |
| 278 | #define BIO_CONN_S_NBIO 8 | 298 | #define BIO_CONN_S_NBIO 8 |
| 279 | #define BIO_CONN_get_param_hostname BIO_ctrl | 299 | /*#define BIO_CONN_get_param_hostname BIO_ctrl */ |
| 280 | |||
| 281 | #define BIO_number_read(b) ((b)->num_read) | ||
| 282 | #define BIO_number_written(b) ((b)->num_write) | ||
| 283 | 300 | ||
| 284 | #define BIO_C_SET_CONNECT 100 | 301 | #define BIO_C_SET_CONNECT 100 |
| 285 | #define BIO_C_DO_STATE_MACHINE 101 | 302 | #define BIO_C_DO_STATE_MACHINE 101 |
| @@ -309,26 +326,42 @@ typedef struct bio_f_buffer_ctx_struct | |||
| 309 | #define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 | 326 | #define BIO_C_SET_SSL_RENEGOTIATE_BYTES 125 |
| 310 | #define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 | 327 | #define BIO_C_GET_SSL_NUM_RENEGOTIATES 126 |
| 311 | #define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 | 328 | #define BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT 127 |
| 312 | 329 | #define BIO_C_FILE_SEEK 128 | |
| 313 | #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,(char *)arg) | 330 | #define BIO_C_GET_CIPHER_CTX 129 |
| 331 | #define BIO_C_SET_BUF_MEM_EOF_RETURN 130/*return end of input value*/ | ||
| 332 | #define BIO_C_SET_BIND_MODE 131 | ||
| 333 | #define BIO_C_GET_BIND_MODE 132 | ||
| 334 | #define BIO_C_FILE_TELL 133 | ||
| 335 | #define BIO_C_GET_SOCKS 134 | ||
| 336 | #define BIO_C_SET_SOCKS 135 | ||
| 337 | |||
| 338 | #define BIO_C_SET_WRITE_BUF_SIZE 136/* for BIO_s_bio */ | ||
| 339 | #define BIO_C_GET_WRITE_BUF_SIZE 137 | ||
| 340 | #define BIO_C_MAKE_BIO_PAIR 138 | ||
| 341 | #define BIO_C_DESTROY_BIO_PAIR 139 | ||
| 342 | #define BIO_C_GET_WRITE_GUARANTEE 140 | ||
| 343 | #define BIO_C_GET_READ_REQUEST 141 | ||
| 344 | #define BIO_C_SHUTDOWN_WR 142 | ||
| 345 | #define BIO_C_NREAD0 143 | ||
| 346 | #define BIO_C_NREAD 144 | ||
| 347 | #define BIO_C_NWRITE0 145 | ||
| 348 | #define BIO_C_NWRITE 146 | ||
| 349 | #define BIO_C_RESET_READ_REQUEST 147 | ||
| 350 | |||
| 351 | |||
| 352 | #define BIO_set_app_data(s,arg) BIO_set_ex_data(s,0,arg) | ||
| 314 | #define BIO_get_app_data(s) BIO_get_ex_data(s,0) | 353 | #define BIO_get_app_data(s) BIO_get_ex_data(s,0) |
| 315 | 354 | ||
| 316 | int BIO_get_ex_num(BIO *bio); | 355 | /* BIO_s_connect() and BIO_s_socks4a_connect() */ |
| 317 | int BIO_set_ex_data(BIO *bio,int idx,char *data); | ||
| 318 | char *BIO_get_ex_data(BIO *bio,int idx); | ||
| 319 | void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); | ||
| 320 | int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | ||
| 321 | int (*dup_func)(), void (*free_func)()); | ||
| 322 | |||
| 323 | /* BIO_s_connect_socket() */ | ||
| 324 | #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) | 356 | #define BIO_set_conn_hostname(b,name) BIO_ctrl(b,BIO_C_SET_CONNECT,0,(char *)name) |
| 325 | #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) | 357 | #define BIO_set_conn_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,1,(char *)port) |
| 326 | #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) | 358 | #define BIO_set_conn_ip(b,ip) BIO_ctrl(b,BIO_C_SET_CONNECT,2,(char *)ip) |
| 327 | #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) | 359 | #define BIO_set_conn_int_port(b,port) BIO_ctrl(b,BIO_C_SET_CONNECT,3,(char *)port) |
| 328 | #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) | 360 | #define BIO_get_conn_hostname(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,0) |
| 329 | #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) | 361 | #define BIO_get_conn_port(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,1) |
| 330 | #define BIO_get_conn_ip(b,ip) BIO_ptr_ctrl(b,BIO_C_SET_CONNECT,2) | 362 | #define BIO_get_conn_ip(b) BIO_ptr_ctrl(b,BIO_C_GET_CONNECT,2) |
| 331 | #define BIO_get_conn_int port(b,port) BIO_int_ctrl(b,BIO_C_SET_CONNECT,3,port) | 363 | #define BIO_get_conn_int_port(b) BIO_int_ctrl(b,BIO_C_GET_CONNECT,3) |
| 364 | |||
| 332 | 365 | ||
| 333 | #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) | 366 | #define BIO_set_nbio(b,n) BIO_ctrl(b,BIO_C_SET_NBIO,(n),NULL) |
| 334 | 367 | ||
| @@ -339,6 +372,12 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | |||
| 339 | #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) | 372 | #define BIO_set_nbio_accept(b,n) BIO_ctrl(b,BIO_C_SET_ACCEPT,1,(n)?"a":NULL) |
| 340 | #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) | 373 | #define BIO_set_accept_bios(b,bio) BIO_ctrl(b,BIO_C_SET_ACCEPT,2,(char *)bio) |
| 341 | 374 | ||
| 375 | #define BIO_BIND_NORMAL 0 | ||
| 376 | #define BIO_BIND_REUSEADDR_IF_UNUSED 1 | ||
| 377 | #define BIO_BIND_REUSEADDR 2 | ||
| 378 | #define BIO_set_bind_mode(b,mode) BIO_ctrl(b,BIO_C_SET_BIND_MODE,mode,NULL) | ||
| 379 | #define BIO_get_bind_mode(b,mode) BIO_ctrl(b,BIO_C_GET_BIND_MODE,0,NULL) | ||
| 380 | |||
| 342 | #define BIO_do_connect(b) BIO_do_handshake(b) | 381 | #define BIO_do_connect(b) BIO_do_handshake(b) |
| 343 | #define BIO_do_accept(b) BIO_do_handshake(b) | 382 | #define BIO_do_accept(b) BIO_do_handshake(b) |
| 344 | #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) | 383 | #define BIO_do_handshake(b) BIO_ctrl(b,BIO_C_DO_STATE_MACHINE,0,NULL) |
| @@ -349,7 +388,7 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | |||
| 349 | /* BIO_set_nbio(b,n) */ | 388 | /* BIO_set_nbio(b,n) */ |
| 350 | #define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) | 389 | #define BIO_set_filter_bio(b,s) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,2,(char *)(s)) |
| 351 | /* BIO *BIO_get_filter_bio(BIO *bio); */ | 390 | /* BIO *BIO_get_filter_bio(BIO *bio); */ |
| 352 | #define BIO_set_proxy_cb(b,cb) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(char *)(cb)) | 391 | #define BIO_set_proxy_cb(b,cb) BIO_callback_ctrl(b,BIO_C_SET_PROXY_PARAM,3,(void *(*cb)())) |
| 353 | #define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) | 392 | #define BIO_set_proxy_header(b,sk) BIO_ctrl(b,BIO_C_SET_PROXY_PARAM,4,(char *)sk) |
| 354 | #define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) | 393 | #define BIO_set_no_connect_return(b,bool) BIO_int_ctrl(b,BIO_C_SET_PROXY_PARAM,5,bool) |
| 355 | 394 | ||
| @@ -364,12 +403,26 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | |||
| 364 | #define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) | 403 | #define BIO_set_fp(b,fp,c) BIO_ctrl(b,BIO_C_SET_FILE_PTR,c,(char *)fp) |
| 365 | #define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) | 404 | #define BIO_get_fp(b,fpp) BIO_ctrl(b,BIO_C_GET_FILE_PTR,0,(char *)fpp) |
| 366 | 405 | ||
| 406 | #define BIO_seek(b,ofs) (int)BIO_ctrl(b,BIO_C_FILE_SEEK,ofs,NULL) | ||
| 407 | #define BIO_tell(b) (int)BIO_ctrl(b,BIO_C_FILE_TELL,0,NULL) | ||
| 408 | |||
| 409 | /* name is cast to lose const, but might be better to route through a function | ||
| 410 | so we can do it safely */ | ||
| 411 | #ifdef CONST_STRICT | ||
| 412 | /* If you are wondering why this isn't defined, its because CONST_STRICT is | ||
| 413 | * purely a compile-time kludge to allow const to be checked. | ||
| 414 | */ | ||
| 415 | int BIO_read_filename(BIO *b,const char *name); | ||
| 416 | #else | ||
| 367 | #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ | 417 | #define BIO_read_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ |
| 368 | BIO_CLOSE|BIO_FP_READ,name) | 418 | BIO_CLOSE|BIO_FP_READ,(char *)name) |
| 419 | #endif | ||
| 369 | #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ | 420 | #define BIO_write_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ |
| 370 | BIO_CLOSE|BIO_FP_WRITE,name) | 421 | BIO_CLOSE|BIO_FP_WRITE,name) |
| 371 | #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ | 422 | #define BIO_append_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ |
| 372 | BIO_CLOSE|BIO_FP_APPEND,name) | 423 | BIO_CLOSE|BIO_FP_APPEND,name) |
| 424 | #define BIO_rw_filename(b,name) BIO_ctrl(b,BIO_C_SET_FILENAME, \ | ||
| 425 | BIO_CLOSE|BIO_FP_READ|BIO_FP_WRITE,name) | ||
| 373 | 426 | ||
| 374 | /* WARNING WARNING, this ups the reference count on the read bio of the | 427 | /* WARNING WARNING, this ups the reference count on the read bio of the |
| 375 | * SSL structure. This is because the ssl read BIO is now pointed to by | 428 | * SSL structure. This is because the ssl read BIO is now pointed to by |
| @@ -381,15 +434,18 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | |||
| 381 | #define BIO_set_ssl_renegotiate_bytes(b,num) \ | 434 | #define BIO_set_ssl_renegotiate_bytes(b,num) \ |
| 382 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); | 435 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_BYTES,num,NULL); |
| 383 | #define BIO_get_num_renegotiates(b) \ | 436 | #define BIO_get_num_renegotiates(b) \ |
| 384 | BIO_ctrl(b,BIO_C_SET_SSL_NUM_RENEGOTIATES,0,NULL); | 437 | BIO_ctrl(b,BIO_C_GET_SSL_NUM_RENEGOTIATES,0,NULL); |
| 385 | #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ | 438 | #define BIO_set_ssl_renegotiate_timeout(b,seconds) \ |
| 386 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); | 439 | BIO_ctrl(b,BIO_C_SET_SSL_RENEGOTIATE_TIMEOUT,seconds,NULL); |
| 387 | 440 | ||
| 388 | /* defined in evp.h */ | 441 | /* defined in evp.h */ |
| 389 | /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ | 442 | /* #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,1,(char *)md) */ |
| 390 | 443 | ||
| 444 | #define BIO_get_mem_data(b,pp) BIO_ctrl(b,BIO_CTRL_INFO,0,(char *)pp) | ||
| 391 | #define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) | 445 | #define BIO_set_mem_buf(b,bm,c) BIO_ctrl(b,BIO_C_SET_BUF_MEM,c,(char *)bm) |
| 392 | #define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) | 446 | #define BIO_get_mem_ptr(b,pp) BIO_ctrl(b,BIO_C_GET_BUF_MEM_PTR,0,(char *)pp) |
| 447 | #define BIO_set_mem_eof_return(b,v) \ | ||
| 448 | BIO_ctrl(b,BIO_C_SET_BUF_MEM_EOF_RETURN,v,NULL) | ||
| 393 | 449 | ||
| 394 | /* For the BIO_f_buffer() type */ | 450 | /* For the BIO_f_buffer() type */ |
| 395 | #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) | 451 | #define BIO_get_buffer_num_lines(b) BIO_ctrl(b,BIO_C_GET_BUFF_NUM_LINES,0,NULL) |
| @@ -407,19 +463,42 @@ int BIO_get_ex_new_index(long argl, char *argp, int (*new_func)(), | |||
| 407 | #define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) | 463 | #define BIO_get_close(b) (int)BIO_ctrl(b,BIO_CTRL_GET_CLOSE,0,NULL) |
| 408 | #define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) | 464 | #define BIO_pending(b) (int)BIO_ctrl(b,BIO_CTRL_PENDING,0,NULL) |
| 409 | #define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) | 465 | #define BIO_wpending(b) (int)BIO_ctrl(b,BIO_CTRL_WPENDING,0,NULL) |
| 466 | /* ...pending macros have inappropriate return type */ | ||
| 467 | size_t BIO_ctrl_pending(BIO *b); | ||
| 468 | size_t BIO_ctrl_wpending(BIO *b); | ||
| 410 | #define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) | 469 | #define BIO_flush(b) (int)BIO_ctrl(b,BIO_CTRL_FLUSH,0,NULL) |
| 411 | #define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0,(char *)cbp) | 470 | #define BIO_get_info_callback(b,cbp) (int)BIO_ctrl(b,BIO_CTRL_GET_CALLBACK,0, \ |
| 412 | #define BIO_set_info_callback(b,cb) (int)BIO_ctrl(b,BIO_CTRL_SET_CALLBACK,0,(char *)cb) | 471 | cbp) |
| 472 | #define BIO_set_info_callback(b,cb) (int)BIO_callback_ctrl(b,BIO_CTRL_SET_CALLBACK,cb) | ||
| 413 | 473 | ||
| 414 | /* For the BIO_f_buffer() type */ | 474 | /* For the BIO_f_buffer() type */ |
| 415 | #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) | 475 | #define BIO_buffer_get_num_lines(b) BIO_ctrl(b,BIO_CTRL_GET,0,NULL) |
| 416 | 476 | ||
| 417 | #ifdef NO_STDIO | 477 | /* For BIO_s_bio() */ |
| 418 | #define NO_FP_API | 478 | #define BIO_set_write_buf_size(b,size) (int)BIO_ctrl(b,BIO_C_SET_WRITE_BUF_SIZE,size,NULL) |
| 419 | #endif | 479 | #define BIO_get_write_buf_size(b,size) (size_t)BIO_ctrl(b,BIO_C_GET_WRITE_BUF_SIZE,size,NULL) |
| 420 | 480 | #define BIO_make_bio_pair(b1,b2) (int)BIO_ctrl(b1,BIO_C_MAKE_BIO_PAIR,0,b2) | |
| 421 | #ifndef NOPROTO | 481 | #define BIO_destroy_bio_pair(b) (int)BIO_ctrl(b,BIO_C_DESTROY_BIO_PAIR,0,NULL) |
| 422 | # if defined(WIN16) && defined(_WINDLL) | 482 | #define BIO_shutdown_wr(b) (int)BIO_ctrl(b, BIO_C_SHUTDOWN_WR, 0, NULL) |
| 483 | /* macros with inappropriate type -- but ...pending macros use int too: */ | ||
| 484 | #define BIO_get_write_guarantee(b) (int)BIO_ctrl(b,BIO_C_GET_WRITE_GUARANTEE,0,NULL) | ||
| 485 | #define BIO_get_read_request(b) (int)BIO_ctrl(b,BIO_C_GET_READ_REQUEST,0,NULL) | ||
| 486 | size_t BIO_ctrl_get_write_guarantee(BIO *b); | ||
| 487 | size_t BIO_ctrl_get_read_request(BIO *b); | ||
| 488 | int BIO_ctrl_reset_read_request(BIO *b); | ||
| 489 | |||
| 490 | /* These two aren't currently implemented */ | ||
| 491 | /* int BIO_get_ex_num(BIO *bio); */ | ||
| 492 | /* void BIO_set_ex_free_func(BIO *bio,int idx,void (*cb)()); */ | ||
| 493 | int BIO_set_ex_data(BIO *bio,int idx,void *data); | ||
| 494 | void *BIO_get_ex_data(BIO *bio,int idx); | ||
| 495 | int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 496 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 497 | unsigned long BIO_number_read(BIO *bio); | ||
| 498 | unsigned long BIO_number_written(BIO *bio); | ||
| 499 | |||
| 500 | # ifndef OPENSSL_NO_FP_API | ||
| 501 | # if defined(OPENSSL_SYS_WIN16) && defined(_WINDLL) | ||
| 423 | BIO_METHOD *BIO_s_file_internal(void); | 502 | BIO_METHOD *BIO_s_file_internal(void); |
| 424 | BIO *BIO_new_file_internal(char *filename, char *mode); | 503 | BIO *BIO_new_file_internal(char *filename, char *mode); |
| 425 | BIO *BIO_new_fp_internal(FILE *stream, int close_flag); | 504 | BIO *BIO_new_fp_internal(FILE *stream, int close_flag); |
| @@ -428,261 +507,184 @@ BIO *BIO_new_fp_internal(FILE *stream, int close_flag); | |||
| 428 | # define BIO_new_fp BIO_new_fp_internal | 507 | # define BIO_new_fp BIO_new_fp_internal |
| 429 | # else /* FP_API */ | 508 | # else /* FP_API */ |
| 430 | BIO_METHOD *BIO_s_file(void ); | 509 | BIO_METHOD *BIO_s_file(void ); |
| 431 | BIO *BIO_new_file(char *filename, char *mode); | 510 | BIO *BIO_new_file(const char *filename, const char *mode); |
| 432 | BIO *BIO_new_fp(FILE *stream, int close_flag); | 511 | BIO *BIO_new_fp(FILE *stream, int close_flag); |
| 433 | # define BIO_s_file_internal BIO_s_file | 512 | # define BIO_s_file_internal BIO_s_file |
| 434 | # define BIO_new_file_internal BIO_new_file | 513 | # define BIO_new_file_internal BIO_new_file |
| 435 | # define BIO_new_fp_internal BIO_s_file | 514 | # define BIO_new_fp_internal BIO_s_file |
| 436 | # endif /* FP_API */ | 515 | # endif /* FP_API */ |
| 437 | #else | 516 | # endif |
| 438 | # if defined(WIN16) && defined(_WINDLL) | ||
| 439 | BIO_METHOD *BIO_s_file_internal(); | ||
| 440 | BIO *BIO_new_file_internal(); | ||
| 441 | BIO *BIO_new_fp_internal(); | ||
| 442 | # define BIO_s_file BIO_s_file_internal | ||
| 443 | # define BIO_new_file BIO_new_file_internal | ||
| 444 | # define BIO_new_fp BIO_new_fp_internal | ||
| 445 | # else /* FP_API */ | ||
| 446 | BIO_METHOD *BIO_s_file(); | ||
| 447 | BIO *BIO_new_file(); | ||
| 448 | BIO *BIO_new_fp(); | ||
| 449 | # define BIO_s_file_internal BIO_s_file | ||
| 450 | # define BIO_new_file_internal BIO_new_file | ||
| 451 | # define BIO_new_fp_internal BIO_s_file | ||
| 452 | # endif /* FP_API */ | ||
| 453 | #endif | ||
| 454 | |||
| 455 | #ifndef NOPROTO | ||
| 456 | BIO * BIO_new(BIO_METHOD *type); | 517 | BIO * BIO_new(BIO_METHOD *type); |
| 457 | int BIO_set(BIO *a,BIO_METHOD *type); | 518 | int BIO_set(BIO *a,BIO_METHOD *type); |
| 458 | int BIO_free(BIO *a); | 519 | int BIO_free(BIO *a); |
| 459 | int BIO_read(BIO *b, char *data, int len); | 520 | void BIO_vfree(BIO *a); |
| 521 | int BIO_read(BIO *b, void *data, int len); | ||
| 460 | int BIO_gets(BIO *bp,char *buf, int size); | 522 | int BIO_gets(BIO *bp,char *buf, int size); |
| 461 | int BIO_write(BIO *b, char *data, int len); | 523 | int BIO_write(BIO *b, const void *data, int len); |
| 462 | int BIO_puts(BIO *bp,char *buf); | 524 | int BIO_puts(BIO *bp,const char *buf); |
| 463 | long BIO_ctrl(BIO *bp,int cmd,long larg,char *parg); | 525 | long BIO_ctrl(BIO *bp,int cmd,long larg,void *parg); |
| 526 | long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)); | ||
| 464 | char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); | 527 | char * BIO_ptr_ctrl(BIO *bp,int cmd,long larg); |
| 465 | long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); | 528 | long BIO_int_ctrl(BIO *bp,int cmd,long larg,int iarg); |
| 466 | BIO * BIO_push(BIO *b,BIO *append); | 529 | BIO * BIO_push(BIO *b,BIO *append); |
| 467 | BIO * BIO_pop(BIO *b); | 530 | BIO * BIO_pop(BIO *b); |
| 468 | void BIO_free_all(BIO *a); | 531 | void BIO_free_all(BIO *a); |
| 469 | BIO * BIO_find_type(BIO *b,int bio_type); | 532 | BIO * BIO_find_type(BIO *b,int bio_type); |
| 533 | BIO * BIO_next(BIO *b); | ||
| 470 | BIO * BIO_get_retry_BIO(BIO *bio, int *reason); | 534 | BIO * BIO_get_retry_BIO(BIO *bio, int *reason); |
| 471 | int BIO_get_retry_reason(BIO *bio); | 535 | int BIO_get_retry_reason(BIO *bio); |
| 472 | BIO * BIO_dup_chain(BIO *in); | 536 | BIO * BIO_dup_chain(BIO *in); |
| 473 | 537 | ||
| 474 | #ifndef WIN16 | 538 | int BIO_nread0(BIO *bio, char **buf); |
| 475 | long BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi, | 539 | int BIO_nread(BIO *bio, char **buf, int num); |
| 540 | int BIO_nwrite0(BIO *bio, char **buf); | ||
| 541 | int BIO_nwrite(BIO *bio, char **buf, int num); | ||
| 542 | |||
| 543 | #ifndef OPENSSL_SYS_WIN16 | ||
| 544 | long BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, | ||
| 476 | long argl,long ret); | 545 | long argl,long ret); |
| 477 | #else | 546 | #else |
| 478 | long _far _loadds BIO_debug_callback(BIO *bio,int cmd,char *argp,int argi, | 547 | long _far _loadds BIO_debug_callback(BIO *bio,int cmd,const char *argp,int argi, |
| 479 | long argl,long ret); | 548 | long argl,long ret); |
| 480 | #endif | 549 | #endif |
| 481 | 550 | ||
| 482 | BIO_METHOD *BIO_s_mem(void); | 551 | BIO_METHOD *BIO_s_mem(void); |
| 552 | BIO *BIO_new_mem_buf(void *buf, int len); | ||
| 483 | BIO_METHOD *BIO_s_socket(void); | 553 | BIO_METHOD *BIO_s_socket(void); |
| 484 | BIO_METHOD *BIO_s_connect(void); | 554 | BIO_METHOD *BIO_s_connect(void); |
| 485 | BIO_METHOD *BIO_s_accept(void); | 555 | BIO_METHOD *BIO_s_accept(void); |
| 486 | BIO_METHOD *BIO_s_fd(void); | 556 | BIO_METHOD *BIO_s_fd(void); |
| 557 | BIO_METHOD *BIO_s_log(void); | ||
| 558 | BIO_METHOD *BIO_s_bio(void); | ||
| 487 | BIO_METHOD *BIO_s_null(void); | 559 | BIO_METHOD *BIO_s_null(void); |
| 488 | BIO_METHOD *BIO_f_null(void); | 560 | BIO_METHOD *BIO_f_null(void); |
| 489 | BIO_METHOD *BIO_f_nbio_test(void); | ||
| 490 | BIO_METHOD *BIO_f_buffer(void); | 561 | BIO_METHOD *BIO_f_buffer(void); |
| 562 | #ifdef OPENSSL_SYS_VMS | ||
| 563 | BIO_METHOD *BIO_f_linebuffer(void); | ||
| 564 | #endif | ||
| 565 | BIO_METHOD *BIO_f_nbio_test(void); | ||
| 566 | /* BIO_METHOD *BIO_f_ber(void); */ | ||
| 491 | 567 | ||
| 492 | int BIO_sock_should_retry(int i); | 568 | int BIO_sock_should_retry(int i); |
| 493 | int BIO_sock_non_fatal_error(int error); | 569 | int BIO_sock_non_fatal_error(int error); |
| 494 | int BIO_fd_should_retry(int i); | 570 | int BIO_fd_should_retry(int i); |
| 495 | int BIO_fd_non_fatal_error(int error); | 571 | int BIO_fd_non_fatal_error(int error); |
| 496 | int BIO_dump(BIO *b,char *bytes,int len); | 572 | int BIO_dump(BIO *b,const char *bytes,int len); |
| 497 | 573 | int BIO_dump_indent(BIO *b,const char *bytes,int len,int indent); | |
| 498 | struct hostent *BIO_gethostbyname(char *name); | 574 | |
| 575 | struct hostent *BIO_gethostbyname(const char *name); | ||
| 576 | /* We might want a thread-safe interface too: | ||
| 577 | * struct hostent *BIO_gethostbyname_r(const char *name, | ||
| 578 | * struct hostent *result, void *buffer, size_t buflen); | ||
| 579 | * or something similar (caller allocates a struct hostent, | ||
| 580 | * pointed to by "result", and additional buffer space for the various | ||
| 581 | * substructures; if the buffer does not suffice, NULL is returned | ||
| 582 | * and an appropriate error code is set). | ||
| 583 | */ | ||
| 499 | int BIO_sock_error(int sock); | 584 | int BIO_sock_error(int sock); |
| 500 | int BIO_socket_ioctl(int fd, long type, unsigned long *arg); | 585 | int BIO_socket_ioctl(int fd, long type, unsigned long *arg); |
| 501 | int BIO_get_port(char *str, short *port_ptr); | 586 | int BIO_socket_nbio(int fd,int mode); |
| 502 | int BIO_get_host_ip(char *str, unsigned char *ip); | 587 | int BIO_get_port(const char *str, unsigned short *port_ptr); |
| 503 | int BIO_get_accept_socket(char *host_port); | 588 | int BIO_get_host_ip(const char *str, unsigned char *ip); |
| 589 | int BIO_get_accept_socket(char *host_port,int mode); | ||
| 504 | int BIO_accept(int sock,char **ip_port); | 590 | int BIO_accept(int sock,char **ip_port); |
| 505 | int BIO_sock_init(void ); | 591 | int BIO_sock_init(void ); |
| 506 | void BIO_sock_cleanup(void); | 592 | void BIO_sock_cleanup(void); |
| 507 | int BIO_set_tcp_ndelay(int sock,int turn_on); | 593 | int BIO_set_tcp_ndelay(int sock,int turn_on); |
| 508 | 594 | ||
| 509 | void ERR_load_BIO_strings(void ); | ||
| 510 | |||
| 511 | BIO *BIO_new_socket(int sock, int close_flag); | 595 | BIO *BIO_new_socket(int sock, int close_flag); |
| 512 | BIO *BIO_new_fd(int fd, int close_flag); | 596 | BIO *BIO_new_fd(int fd, int close_flag); |
| 513 | BIO *BIO_new_connect(char *host_port); | 597 | BIO *BIO_new_connect(char *host_port); |
| 514 | BIO *BIO_new_accept(char *host_port); | 598 | BIO *BIO_new_accept(char *host_port); |
| 515 | 599 | ||
| 600 | int BIO_new_bio_pair(BIO **bio1, size_t writebuf1, | ||
| 601 | BIO **bio2, size_t writebuf2); | ||
| 602 | /* If successful, returns 1 and in *bio1, *bio2 two BIO pair endpoints. | ||
| 603 | * Otherwise returns 0 and sets *bio1 and *bio2 to NULL. | ||
| 604 | * Size 0 uses default value. | ||
| 605 | */ | ||
| 606 | |||
| 516 | void BIO_copy_next_retry(BIO *b); | 607 | void BIO_copy_next_retry(BIO *b); |
| 517 | 608 | ||
| 518 | long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); | 609 | long BIO_ghbn_ctrl(int cmd,int iarg,char *parg); |
| 519 | 610 | ||
| 520 | #else | 611 | int BIO_printf(BIO *bio, const char *format, ...); |
| 521 | 612 | int BIO_vprintf(BIO *bio, const char *format, va_list args); | |
| 522 | BIO * BIO_new(); | 613 | int BIO_snprintf(char *buf, size_t n, const char *format, ...); |
| 523 | int BIO_set(); | 614 | int BIO_vsnprintf(char *buf, size_t n, const char *format, va_list args); |
| 524 | int BIO_free(); | ||
| 525 | int BIO_read(); | ||
| 526 | int BIO_gets(); | ||
| 527 | int BIO_write(); | ||
| 528 | int BIO_puts(); | ||
| 529 | char * BIO_ptr_ctrl(); | ||
| 530 | long BIO_ctrl(); | ||
| 531 | long BIO_int_ctrl(); | ||
| 532 | BIO * BIO_push(); | ||
| 533 | BIO * BIO_pop(); | ||
| 534 | void BIO_free_all(); | ||
| 535 | BIO * BIO_find_type(); | ||
| 536 | BIO * BIO_get_retry_BIO(); | ||
| 537 | int BIO_get_retry_reason(); | ||
| 538 | BIO * BIO_dup_chain(); | ||
| 539 | |||
| 540 | #ifndef WIN16 | ||
| 541 | long BIO_debug_callback(); | ||
| 542 | #else | ||
| 543 | long _far _loadds BIO_debug_callback(); | ||
| 544 | #endif | ||
| 545 | |||
| 546 | BIO_METHOD *BIO_s_mem(); | ||
| 547 | BIO_METHOD *BIO_s_socket(); | ||
| 548 | BIO_METHOD *BIO_s_connect(); | ||
| 549 | BIO_METHOD *BIO_s_accept(); | ||
| 550 | BIO_METHOD *BIO_s_fd(); | ||
| 551 | BIO_METHOD *BIO_s_null(); | ||
| 552 | BIO_METHOD *BIO_f_null(); | ||
| 553 | BIO_METHOD *BIO_f_buffer(); | ||
| 554 | BIO_METHOD *BIO_f_nbio_test(); | ||
| 555 | |||
| 556 | int BIO_sock_should_retry(); | ||
| 557 | int BIO_sock_non_fatal_error(); | ||
| 558 | int BIO_fd_should_retry(); | ||
| 559 | int BIO_fd_non_fatal_error(); | ||
| 560 | int BIO_dump(); | ||
| 561 | |||
| 562 | struct hostent *BIO_gethostbyname(); | ||
| 563 | int BIO_sock_error(); | ||
| 564 | int BIO_socket_ioctl(); | ||
| 565 | int BIO_get_port(); | ||
| 566 | int BIO_get_host_ip(); | ||
| 567 | int BIO_get_accept_socket(); | ||
| 568 | int BIO_accept(); | ||
| 569 | int BIO_sock_init(); | ||
| 570 | void BIO_sock_cleanup(); | ||
| 571 | int BIO_set_tcp_ndelay(); | ||
| 572 | |||
| 573 | void ERR_load_BIO_strings(); | ||
| 574 | |||
| 575 | BIO *BIO_new_socket(); | ||
| 576 | BIO *BIO_new_fd(); | ||
| 577 | BIO *BIO_new_connect(); | ||
| 578 | BIO *BIO_new_accept(); | ||
| 579 | |||
| 580 | void BIO_copy_next_retry(); | ||
| 581 | |||
| 582 | int BIO_ghbn_ctrl(); | ||
| 583 | |||
| 584 | #endif | ||
| 585 | |||
| 586 | /* Tim Hudson's portable varargs stuff */ | ||
| 587 | |||
| 588 | #ifndef NOPROTO | ||
| 589 | #define VAR_ANSI /* select ANSI version by default */ | ||
| 590 | #endif | ||
| 591 | |||
| 592 | #ifdef VAR_ANSI | ||
| 593 | /* ANSI version of a "portable" macro set for variable length args */ | ||
| 594 | #ifndef __STDARG_H__ /**/ | ||
| 595 | #include <stdarg.h> | ||
| 596 | #endif /**/ | ||
| 597 | |||
| 598 | #define VAR_PLIST(arg1type,arg1) arg1type arg1, ... | ||
| 599 | #define VAR_PLIST2(arg1type,arg1,arg2type,arg2) arg1type arg1,arg2type arg2,... | ||
| 600 | #define VAR_ALIST | ||
| 601 | #define VAR_BDEFN(args,arg1type,arg1) va_list args | ||
| 602 | #define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2) va_list args | ||
| 603 | #define VAR_INIT(args,arg1type,arg1) va_start(args,arg1); | ||
| 604 | #define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args,arg2); | ||
| 605 | #define VAR_ARG(args,type,arg) arg=va_arg(args,type) | ||
| 606 | #define VAR_END(args) va_end(args); | ||
| 607 | |||
| 608 | #else | ||
| 609 | |||
| 610 | /* K&R version of a "portable" macro set for variable length args */ | ||
| 611 | #ifndef __VARARGS_H__ | ||
| 612 | #include <varargs.h> | ||
| 613 | #endif | ||
| 614 | |||
| 615 | #define VAR_PLIST(arg1type,arg1) va_alist | ||
| 616 | #define VAR_PLIST2(arg1type,arg1,arg2type,arg2) va_alist | ||
| 617 | #define VAR_ALIST va_dcl | ||
| 618 | #define VAR_BDEFN(args,arg1type,arg1) va_list args; arg1type arg1 | ||
| 619 | #define VAR_BDEFN2(args,arg1type,arg1,arg2type,arg2) va_list args; \ | ||
| 620 | arg1type arg1; arg2type arg2 | ||
| 621 | #define VAR_INIT(args,arg1type,arg1) va_start(args); \ | ||
| 622 | arg1=va_arg(args,arg1type); | ||
| 623 | #define VAR_INIT2(args,arg1type,arg1,arg2type,arg2) va_start(args); \ | ||
| 624 | arg1=va_arg(args,arg1type); arg2=va_arg(args,arg2type); | ||
| 625 | #define VAR_ARG(args,type,arg) arg=va_arg(args,type) | ||
| 626 | #define VAR_END(args) va_end(args); | ||
| 627 | |||
| 628 | #endif | ||
| 629 | |||
| 630 | #ifndef NOPROTO | ||
| 631 | int BIO_printf( VAR_PLIST( BIO *, bio ) ); | ||
| 632 | #else | ||
| 633 | int BIO_printf(); | ||
| 634 | #endif | ||
| 635 | 615 | ||
| 636 | /* BEGIN ERROR CODES */ | 616 | /* BEGIN ERROR CODES */ |
| 617 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 618 | * made after this point may be overwritten when the script is next run. | ||
| 619 | */ | ||
| 620 | void ERR_load_BIO_strings(void); | ||
| 621 | |||
| 637 | /* Error codes for the BIO functions. */ | 622 | /* Error codes for the BIO functions. */ |
| 638 | 623 | ||
| 639 | /* Function codes. */ | 624 | /* Function codes. */ |
| 640 | #define BIO_F_ACPT_STATE 100 | 625 | #define BIO_F_ACPT_STATE 100 |
| 641 | #define BIO_F_BIO_ACCEPT 101 | 626 | #define BIO_F_BIO_ACCEPT 101 |
| 642 | #define BIO_F_BIO_CTRL 102 | 627 | #define BIO_F_BIO_BER_GET_HEADER 102 |
| 643 | #define BIO_F_BIO_GETS 103 | 628 | #define BIO_F_BIO_CTRL 103 |
| 644 | #define BIO_F_BIO_GET_ACCEPT_SOCKET 104 | 629 | #define BIO_F_BIO_GETHOSTBYNAME 120 |
| 645 | #define BIO_F_BIO_GET_HOST_IP 105 | 630 | #define BIO_F_BIO_GETS 104 |
| 646 | #define BIO_F_BIO_GET_PORT 106 | 631 | #define BIO_F_BIO_GET_ACCEPT_SOCKET 105 |
| 647 | #define BIO_F_BIO_NEW 107 | 632 | #define BIO_F_BIO_GET_HOST_IP 106 |
| 648 | #define BIO_F_BIO_NEW_FILE 108 | 633 | #define BIO_F_BIO_GET_PORT 107 |
| 649 | #define BIO_F_BIO_PUTS 109 | 634 | #define BIO_F_BIO_MAKE_PAIR 121 |
| 650 | #define BIO_F_BIO_READ 110 | 635 | #define BIO_F_BIO_NEW 108 |
| 651 | #define BIO_F_BIO_SOCK_INIT 111 | 636 | #define BIO_F_BIO_NEW_FILE 109 |
| 652 | #define BIO_F_BIO_WRITE 112 | 637 | #define BIO_F_BIO_NEW_MEM_BUF 126 |
| 653 | #define BIO_F_BUFFER_CTRL 113 | 638 | #define BIO_F_BIO_NREAD 123 |
| 654 | #define BIO_F_CONN_STATE 114 | 639 | #define BIO_F_BIO_NREAD0 124 |
| 655 | #define BIO_F_FILE_CTRL 115 | 640 | #define BIO_F_BIO_NWRITE 125 |
| 656 | #define BIO_F_MEM_WRITE 116 | 641 | #define BIO_F_BIO_NWRITE0 122 |
| 657 | #define BIO_F_SSL_NEW 117 | 642 | #define BIO_F_BIO_PUTS 110 |
| 658 | #define BIO_F_WSASTARTUP 118 | 643 | #define BIO_F_BIO_READ 111 |
| 644 | #define BIO_F_BIO_SOCK_INIT 112 | ||
| 645 | #define BIO_F_BIO_WRITE 113 | ||
| 646 | #define BIO_F_BUFFER_CTRL 114 | ||
| 647 | #define BIO_F_CONN_CTRL 127 | ||
| 648 | #define BIO_F_CONN_STATE 115 | ||
| 649 | #define BIO_F_FILE_CTRL 116 | ||
| 650 | #define BIO_F_LINEBUFFER_CTRL 129 | ||
| 651 | #define BIO_F_MEM_READ 128 | ||
| 652 | #define BIO_F_MEM_WRITE 117 | ||
| 653 | #define BIO_F_SSL_NEW 118 | ||
| 654 | #define BIO_F_WSASTARTUP 119 | ||
| 659 | 655 | ||
| 660 | /* Reason codes. */ | 656 | /* Reason codes. */ |
| 661 | #define BIO_R_ACCEPT_ERROR 100 | 657 | #define BIO_R_ACCEPT_ERROR 100 |
| 662 | #define BIO_R_BAD_FOPEN_MODE 101 | 658 | #define BIO_R_BAD_FOPEN_MODE 101 |
| 663 | #define BIO_R_BAD_HOSTNAME_LOOKUP 102 | 659 | #define BIO_R_BAD_HOSTNAME_LOOKUP 102 |
| 660 | #define BIO_R_BROKEN_PIPE 124 | ||
| 664 | #define BIO_R_CONNECT_ERROR 103 | 661 | #define BIO_R_CONNECT_ERROR 103 |
| 662 | #define BIO_R_EOF_ON_MEMORY_BIO 127 | ||
| 665 | #define BIO_R_ERROR_SETTING_NBIO 104 | 663 | #define BIO_R_ERROR_SETTING_NBIO 104 |
| 666 | #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 | 664 | #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET 105 |
| 667 | #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 | 665 | #define BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET 106 |
| 668 | #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 | 666 | #define BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET 107 |
| 667 | #define BIO_R_INVALID_ARGUMENT 125 | ||
| 669 | #define BIO_R_INVALID_IP_ADDRESS 108 | 668 | #define BIO_R_INVALID_IP_ADDRESS 108 |
| 669 | #define BIO_R_IN_USE 123 | ||
| 670 | #define BIO_R_KEEPALIVE 109 | 670 | #define BIO_R_KEEPALIVE 109 |
| 671 | #define BIO_R_NBIO_CONNECT_ERROR 110 | 671 | #define BIO_R_NBIO_CONNECT_ERROR 110 |
| 672 | #define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 | 672 | #define BIO_R_NO_ACCEPT_PORT_SPECIFIED 111 |
| 673 | #define BIO_R_NO_HOSTHNAME_SPECIFIED 112 | 673 | #define BIO_R_NO_HOSTNAME_SPECIFIED 112 |
| 674 | #define BIO_R_NO_PORT_DEFINED 113 | 674 | #define BIO_R_NO_PORT_DEFINED 113 |
| 675 | #define BIO_R_NO_PORT_SPECIFIED 114 | 675 | #define BIO_R_NO_PORT_SPECIFIED 114 |
| 676 | #define BIO_R_NO_SUCH_FILE 128 | ||
| 676 | #define BIO_R_NULL_PARAMETER 115 | 677 | #define BIO_R_NULL_PARAMETER 115 |
| 677 | #define BIO_R_UNABLE_TO_BIND_SOCKET 116 | 678 | #define BIO_R_TAG_MISMATCH 116 |
| 678 | #define BIO_R_UNABLE_TO_CREATE_SOCKET 117 | 679 | #define BIO_R_UNABLE_TO_BIND_SOCKET 117 |
| 679 | #define BIO_R_UNABLE_TO_LISTEN_SOCKET 118 | 680 | #define BIO_R_UNABLE_TO_CREATE_SOCKET 118 |
| 680 | #define BIO_R_UNINITALISED 119 | 681 | #define BIO_R_UNABLE_TO_LISTEN_SOCKET 119 |
| 681 | #define BIO_R_UNSUPPORTED_METHOD 120 | 682 | #define BIO_R_UNINITIALIZED 120 |
| 682 | #define BIO_R_WSASTARTUP 121 | 683 | #define BIO_R_UNSUPPORTED_METHOD 121 |
| 683 | 684 | #define BIO_R_WRITE_TO_READ_ONLY_BIO 126 | |
| 685 | #define BIO_R_WSASTARTUP 122 | ||
| 686 | |||
| 684 | #ifdef __cplusplus | 687 | #ifdef __cplusplus |
| 685 | } | 688 | } |
| 686 | #endif | 689 | #endif |
| 687 | #endif | 690 | #endif |
| 688 | |||
diff --git a/src/lib/libcrypto/bio/bio_cb.c b/src/lib/libcrypto/bio/bio_cb.c index bc6ed9eda1..0ffa4d2136 100644 --- a/src/lib/libcrypto/bio/bio_cb.c +++ b/src/lib/libcrypto/bio/bio_cb.c | |||
| @@ -60,16 +60,11 @@ | |||
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include <stdlib.h> | 61 | #include <stdlib.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "bio.h" | 63 | #include <openssl/bio.h> |
| 64 | #include "err.h" | 64 | #include <openssl/err.h> |
| 65 | 65 | ||
| 66 | long MS_CALLBACK BIO_debug_callback(bio,cmd,argp,argi,argl,ret) | 66 | long MS_CALLBACK BIO_debug_callback(BIO *bio, int cmd, const char *argp, |
| 67 | BIO *bio; | 67 | int argi, long argl, long ret) |
| 68 | int cmd; | ||
| 69 | char *argp; | ||
| 70 | int argi; | ||
| 71 | long argl; | ||
| 72 | long ret; | ||
| 73 | { | 68 | { |
| 74 | BIO *b; | 69 | BIO *b; |
| 75 | MS_STATIC char buf[256]; | 70 | MS_STATIC char buf[256]; |
| @@ -130,7 +125,7 @@ long ret; | |||
| 130 | b=(BIO *)bio->cb_arg; | 125 | b=(BIO *)bio->cb_arg; |
| 131 | if (b != NULL) | 126 | if (b != NULL) |
| 132 | BIO_write(b,buf,strlen(buf)); | 127 | BIO_write(b,buf,strlen(buf)); |
| 133 | #if !defined(NO_STDIO) && !defined(WIN16) | 128 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) |
| 134 | else | 129 | else |
| 135 | fputs(buf,stderr); | 130 | fputs(buf,stderr); |
| 136 | #endif | 131 | #endif |
diff --git a/src/lib/libcrypto/bio/bio_err.c b/src/lib/libcrypto/bio/bio_err.c index 37e14ca107..99ca3cd0da 100644 --- a/src/lib/libcrypto/bio/bio_err.c +++ b/src/lib/libcrypto/bio/bio_err.c | |||
| @@ -1,88 +1,102 @@ | |||
| 1 | /* lib/bio/bio_err.c */ | 1 | /* crypto/bio/bio_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "bio.h" | 63 | #include <openssl/bio.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA BIO_str_functs[]= | 67 | static ERR_STRING_DATA BIO_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, | 69 | {ERR_PACK(0,BIO_F_ACPT_STATE,0), "ACPT_STATE"}, |
| 67 | {ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, | 70 | {ERR_PACK(0,BIO_F_BIO_ACCEPT,0), "BIO_accept"}, |
| 71 | {ERR_PACK(0,BIO_F_BIO_BER_GET_HEADER,0), "BIO_BER_GET_HEADER"}, | ||
| 68 | {ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, | 72 | {ERR_PACK(0,BIO_F_BIO_CTRL,0), "BIO_ctrl"}, |
| 73 | {ERR_PACK(0,BIO_F_BIO_GETHOSTBYNAME,0), "BIO_gethostbyname"}, | ||
| 69 | {ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, | 74 | {ERR_PACK(0,BIO_F_BIO_GETS,0), "BIO_gets"}, |
| 70 | {ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, | 75 | {ERR_PACK(0,BIO_F_BIO_GET_ACCEPT_SOCKET,0), "BIO_get_accept_socket"}, |
| 71 | {ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, | 76 | {ERR_PACK(0,BIO_F_BIO_GET_HOST_IP,0), "BIO_get_host_ip"}, |
| 72 | {ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, | 77 | {ERR_PACK(0,BIO_F_BIO_GET_PORT,0), "BIO_get_port"}, |
| 78 | {ERR_PACK(0,BIO_F_BIO_MAKE_PAIR,0), "BIO_MAKE_PAIR"}, | ||
| 73 | {ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, | 79 | {ERR_PACK(0,BIO_F_BIO_NEW,0), "BIO_new"}, |
| 74 | {ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, | 80 | {ERR_PACK(0,BIO_F_BIO_NEW_FILE,0), "BIO_new_file"}, |
| 81 | {ERR_PACK(0,BIO_F_BIO_NEW_MEM_BUF,0), "BIO_new_mem_buf"}, | ||
| 82 | {ERR_PACK(0,BIO_F_BIO_NREAD,0), "BIO_nread"}, | ||
| 83 | {ERR_PACK(0,BIO_F_BIO_NREAD0,0), "BIO_nread0"}, | ||
| 84 | {ERR_PACK(0,BIO_F_BIO_NWRITE,0), "BIO_nwrite"}, | ||
| 85 | {ERR_PACK(0,BIO_F_BIO_NWRITE0,0), "BIO_nwrite0"}, | ||
| 75 | {ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, | 86 | {ERR_PACK(0,BIO_F_BIO_PUTS,0), "BIO_puts"}, |
| 76 | {ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, | 87 | {ERR_PACK(0,BIO_F_BIO_READ,0), "BIO_read"}, |
| 77 | {ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, | 88 | {ERR_PACK(0,BIO_F_BIO_SOCK_INIT,0), "BIO_sock_init"}, |
| 78 | {ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, | 89 | {ERR_PACK(0,BIO_F_BIO_WRITE,0), "BIO_write"}, |
| 79 | {ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, | 90 | {ERR_PACK(0,BIO_F_BUFFER_CTRL,0), "BUFFER_CTRL"}, |
| 91 | {ERR_PACK(0,BIO_F_CONN_CTRL,0), "CONN_CTRL"}, | ||
| 80 | {ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, | 92 | {ERR_PACK(0,BIO_F_CONN_STATE,0), "CONN_STATE"}, |
| 81 | {ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, | 93 | {ERR_PACK(0,BIO_F_FILE_CTRL,0), "FILE_CTRL"}, |
| 94 | {ERR_PACK(0,BIO_F_LINEBUFFER_CTRL,0), "LINEBUFFER_CTRL"}, | ||
| 95 | {ERR_PACK(0,BIO_F_MEM_READ,0), "MEM_READ"}, | ||
| 82 | {ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, | 96 | {ERR_PACK(0,BIO_F_MEM_WRITE,0), "MEM_WRITE"}, |
| 83 | {ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_NEW"}, | 97 | {ERR_PACK(0,BIO_F_SSL_NEW,0), "SSL_new"}, |
| 84 | {ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, | 98 | {ERR_PACK(0,BIO_F_WSASTARTUP,0), "WSASTARTUP"}, |
| 85 | {0,NULL}, | 99 | {0,NULL} |
| 86 | }; | 100 | }; |
| 87 | 101 | ||
| 88 | static ERR_STRING_DATA BIO_str_reasons[]= | 102 | static ERR_STRING_DATA BIO_str_reasons[]= |
| @@ -90,38 +104,45 @@ static ERR_STRING_DATA BIO_str_reasons[]= | |||
| 90 | {BIO_R_ACCEPT_ERROR ,"accept error"}, | 104 | {BIO_R_ACCEPT_ERROR ,"accept error"}, |
| 91 | {BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, | 105 | {BIO_R_BAD_FOPEN_MODE ,"bad fopen mode"}, |
| 92 | {BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, | 106 | {BIO_R_BAD_HOSTNAME_LOOKUP ,"bad hostname lookup"}, |
| 107 | {BIO_R_BROKEN_PIPE ,"broken pipe"}, | ||
| 93 | {BIO_R_CONNECT_ERROR ,"connect error"}, | 108 | {BIO_R_CONNECT_ERROR ,"connect error"}, |
| 109 | {BIO_R_EOF_ON_MEMORY_BIO ,"EOF on memory BIO"}, | ||
| 94 | {BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, | 110 | {BIO_R_ERROR_SETTING_NBIO ,"error setting nbio"}, |
| 95 | {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, | 111 | {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET,"error setting nbio on accepted socket"}, |
| 96 | {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, | 112 | {BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET,"error setting nbio on accept socket"}, |
| 97 | {BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, | 113 | {BIO_R_GETHOSTBYNAME_ADDR_IS_NOT_AF_INET ,"gethostbyname addr is not af inet"}, |
| 114 | {BIO_R_INVALID_ARGUMENT ,"invalid argument"}, | ||
| 98 | {BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, | 115 | {BIO_R_INVALID_IP_ADDRESS ,"invalid ip address"}, |
| 116 | {BIO_R_IN_USE ,"in use"}, | ||
| 99 | {BIO_R_KEEPALIVE ,"keepalive"}, | 117 | {BIO_R_KEEPALIVE ,"keepalive"}, |
| 100 | {BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, | 118 | {BIO_R_NBIO_CONNECT_ERROR ,"nbio connect error"}, |
| 101 | {BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, | 119 | {BIO_R_NO_ACCEPT_PORT_SPECIFIED ,"no accept port specified"}, |
| 102 | {BIO_R_NO_HOSTHNAME_SPECIFIED ,"no hosthname specified"}, | 120 | {BIO_R_NO_HOSTNAME_SPECIFIED ,"no hostname specified"}, |
| 103 | {BIO_R_NO_PORT_DEFINED ,"no port defined"}, | 121 | {BIO_R_NO_PORT_DEFINED ,"no port defined"}, |
| 104 | {BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, | 122 | {BIO_R_NO_PORT_SPECIFIED ,"no port specified"}, |
| 123 | {BIO_R_NO_SUCH_FILE ,"no such file"}, | ||
| 105 | {BIO_R_NULL_PARAMETER ,"null parameter"}, | 124 | {BIO_R_NULL_PARAMETER ,"null parameter"}, |
| 125 | {BIO_R_TAG_MISMATCH ,"tag mismatch"}, | ||
| 106 | {BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, | 126 | {BIO_R_UNABLE_TO_BIND_SOCKET ,"unable to bind socket"}, |
| 107 | {BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, | 127 | {BIO_R_UNABLE_TO_CREATE_SOCKET ,"unable to create socket"}, |
| 108 | {BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, | 128 | {BIO_R_UNABLE_TO_LISTEN_SOCKET ,"unable to listen socket"}, |
| 109 | {BIO_R_UNINITALISED ,"uninitalised"}, | 129 | {BIO_R_UNINITIALIZED ,"uninitialized"}, |
| 110 | {BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, | 130 | {BIO_R_UNSUPPORTED_METHOD ,"unsupported method"}, |
| 111 | {BIO_R_WSASTARTUP ,"wsastartup"}, | 131 | {BIO_R_WRITE_TO_READ_ONLY_BIO ,"write to read only BIO"}, |
| 112 | {0,NULL}, | 132 | {BIO_R_WSASTARTUP ,"WSAStartup"}, |
| 133 | {0,NULL} | ||
| 113 | }; | 134 | }; |
| 114 | 135 | ||
| 115 | #endif | 136 | #endif |
| 116 | 137 | ||
| 117 | void ERR_load_BIO_strings() | 138 | void ERR_load_BIO_strings(void) |
| 118 | { | 139 | { |
| 119 | static int init=1; | 140 | static int init=1; |
| 120 | 141 | ||
| 121 | if (init); | 142 | if (init) |
| 122 | {; | 143 | { |
| 123 | init=0; | 144 | init=0; |
| 124 | #ifndef NO_ERR | 145 | #ifndef OPENSSL_NO_ERR |
| 125 | ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); | 146 | ERR_load_strings(ERR_LIB_BIO,BIO_str_functs); |
| 126 | ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); | 147 | ERR_load_strings(ERR_LIB_BIO,BIO_str_reasons); |
| 127 | #endif | 148 | #endif |
diff --git a/src/lib/libcrypto/bio/bio_lib.c b/src/lib/libcrypto/bio/bio_lib.c index 7a66b0892e..50df2238fa 100644 --- a/src/lib/libcrypto/bio/bio_lib.c +++ b/src/lib/libcrypto/bio/bio_lib.c | |||
| @@ -58,20 +58,16 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "crypto.h" | 61 | #include <openssl/crypto.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "bio.h" | 63 | #include <openssl/bio.h> |
| 64 | #include "stack.h" | 64 | #include <openssl/stack.h> |
| 65 | 65 | ||
| 66 | static STACK *bio_meth=NULL; | 66 | BIO *BIO_new(BIO_METHOD *method) |
| 67 | static int bio_meth_num=0; | ||
| 68 | |||
| 69 | BIO *BIO_new(method) | ||
| 70 | BIO_METHOD *method; | ||
| 71 | { | 67 | { |
| 72 | BIO *ret=NULL; | 68 | BIO *ret=NULL; |
| 73 | 69 | ||
| 74 | ret=(BIO *)Malloc(sizeof(BIO)); | 70 | ret=(BIO *)OPENSSL_malloc(sizeof(BIO)); |
| 75 | if (ret == NULL) | 71 | if (ret == NULL) |
| 76 | { | 72 | { |
| 77 | BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); | 73 | BIOerr(BIO_F_BIO_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -79,15 +75,13 @@ BIO_METHOD *method; | |||
| 79 | } | 75 | } |
| 80 | if (!BIO_set(ret,method)) | 76 | if (!BIO_set(ret,method)) |
| 81 | { | 77 | { |
| 82 | Free(ret); | 78 | OPENSSL_free(ret); |
| 83 | ret=NULL; | 79 | ret=NULL; |
| 84 | } | 80 | } |
| 85 | return(ret); | 81 | return(ret); |
| 86 | } | 82 | } |
| 87 | 83 | ||
| 88 | int BIO_set(bio,method) | 84 | int BIO_set(BIO *bio, BIO_METHOD *method) |
| 89 | BIO *bio; | ||
| 90 | BIO_METHOD *method; | ||
| 91 | { | 85 | { |
| 92 | bio->method=method; | 86 | bio->method=method; |
| 93 | bio->callback=NULL; | 87 | bio->callback=NULL; |
| @@ -103,15 +97,18 @@ BIO_METHOD *method; | |||
| 103 | bio->references=1; | 97 | bio->references=1; |
| 104 | bio->num_read=0L; | 98 | bio->num_read=0L; |
| 105 | bio->num_write=0L; | 99 | bio->num_write=0L; |
| 106 | CRYPTO_new_ex_data(bio_meth,(char *)bio,&bio->ex_data); | 100 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_BIO, bio, &bio->ex_data); |
| 107 | if (method->create != NULL) | 101 | if (method->create != NULL) |
| 108 | if (!method->create(bio)) | 102 | if (!method->create(bio)) |
| 103 | { | ||
| 104 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, bio, | ||
| 105 | &bio->ex_data); | ||
| 109 | return(0); | 106 | return(0); |
| 107 | } | ||
| 110 | return(1); | 108 | return(1); |
| 111 | } | 109 | } |
| 112 | 110 | ||
| 113 | int BIO_free(a) | 111 | int BIO_free(BIO *a) |
| 114 | BIO *a; | ||
| 115 | { | 112 | { |
| 116 | int ret=0,i; | 113 | int ret=0,i; |
| 117 | 114 | ||
| @@ -121,7 +118,7 @@ BIO *a; | |||
| 121 | #ifdef REF_PRINT | 118 | #ifdef REF_PRINT |
| 122 | REF_PRINT("BIO",a); | 119 | REF_PRINT("BIO",a); |
| 123 | #endif | 120 | #endif |
| 124 | if (i > 0) return(1); | 121 | if (i > 0) return(1); |
| 125 | #ifdef REF_CHECK | 122 | #ifdef REF_CHECK |
| 126 | if (i < 0) | 123 | if (i < 0) |
| 127 | { | 124 | { |
| @@ -133,18 +130,18 @@ BIO *a; | |||
| 133 | ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) | 130 | ((i=(int)a->callback(a,BIO_CB_FREE,NULL,0,0L,1L)) <= 0)) |
| 134 | return(i); | 131 | return(i); |
| 135 | 132 | ||
| 136 | CRYPTO_free_ex_data(bio_meth,(char *)a,&a->ex_data); | 133 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_BIO, a, &a->ex_data); |
| 137 | 134 | ||
| 138 | if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); | 135 | if ((a->method == NULL) || (a->method->destroy == NULL)) return(1); |
| 139 | ret=a->method->destroy(a); | 136 | ret=a->method->destroy(a); |
| 140 | Free(a); | 137 | OPENSSL_free(a); |
| 141 | return(1); | 138 | return(1); |
| 142 | } | 139 | } |
| 143 | 140 | ||
| 144 | int BIO_read(b,out,outl) | 141 | void BIO_vfree(BIO *a) |
| 145 | BIO *b; | 142 | { BIO_free(a); } |
| 146 | char *out; | 143 | |
| 147 | int outl; | 144 | int BIO_read(BIO *b, void *out, int outl) |
| 148 | { | 145 | { |
| 149 | int i; | 146 | int i; |
| 150 | long (*cb)(); | 147 | long (*cb)(); |
| @@ -162,11 +159,12 @@ int outl; | |||
| 162 | 159 | ||
| 163 | if (!b->init) | 160 | if (!b->init) |
| 164 | { | 161 | { |
| 165 | BIOerr(BIO_F_BIO_READ,BIO_R_UNINITALISED); | 162 | BIOerr(BIO_F_BIO_READ,BIO_R_UNINITIALIZED); |
| 166 | return(-2); | 163 | return(-2); |
| 167 | } | 164 | } |
| 168 | 165 | ||
| 169 | i=b->method->bread(b,out,outl); | 166 | i=b->method->bread(b,out,outl); |
| 167 | |||
| 170 | if (i > 0) b->num_read+=(unsigned long)i; | 168 | if (i > 0) b->num_read+=(unsigned long)i; |
| 171 | 169 | ||
| 172 | if (cb != NULL) | 170 | if (cb != NULL) |
| @@ -175,10 +173,7 @@ int outl; | |||
| 175 | return(i); | 173 | return(i); |
| 176 | } | 174 | } |
| 177 | 175 | ||
| 178 | int BIO_write(b,in,inl) | 176 | int BIO_write(BIO *b, const void *in, int inl) |
| 179 | BIO *b; | ||
| 180 | char *in; | ||
| 181 | int inl; | ||
| 182 | { | 177 | { |
| 183 | int i; | 178 | int i; |
| 184 | long (*cb)(); | 179 | long (*cb)(); |
| @@ -199,11 +194,12 @@ int inl; | |||
| 199 | 194 | ||
| 200 | if (!b->init) | 195 | if (!b->init) |
| 201 | { | 196 | { |
| 202 | BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITALISED); | 197 | BIOerr(BIO_F_BIO_WRITE,BIO_R_UNINITIALIZED); |
| 203 | return(-2); | 198 | return(-2); |
| 204 | } | 199 | } |
| 205 | 200 | ||
| 206 | i=b->method->bwrite(b,in,inl); | 201 | i=b->method->bwrite(b,in,inl); |
| 202 | |||
| 207 | if (i > 0) b->num_write+=(unsigned long)i; | 203 | if (i > 0) b->num_write+=(unsigned long)i; |
| 208 | 204 | ||
| 209 | if (cb != NULL) | 205 | if (cb != NULL) |
| @@ -212,9 +208,7 @@ int inl; | |||
| 212 | return(i); | 208 | return(i); |
| 213 | } | 209 | } |
| 214 | 210 | ||
| 215 | int BIO_puts(b,in) | 211 | int BIO_puts(BIO *b, const char *in) |
| 216 | BIO *b; | ||
| 217 | char *in; | ||
| 218 | { | 212 | { |
| 219 | int i; | 213 | int i; |
| 220 | long (*cb)(); | 214 | long (*cb)(); |
| @@ -233,22 +227,21 @@ char *in; | |||
| 233 | 227 | ||
| 234 | if (!b->init) | 228 | if (!b->init) |
| 235 | { | 229 | { |
| 236 | BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITALISED); | 230 | BIOerr(BIO_F_BIO_PUTS,BIO_R_UNINITIALIZED); |
| 237 | return(-2); | 231 | return(-2); |
| 238 | } | 232 | } |
| 239 | 233 | ||
| 240 | i=b->method->bputs(b,in); | 234 | i=b->method->bputs(b,in); |
| 241 | 235 | ||
| 236 | if (i > 0) b->num_write+=(unsigned long)i; | ||
| 237 | |||
| 242 | if (cb != NULL) | 238 | if (cb != NULL) |
| 243 | i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, | 239 | i=(int)cb(b,BIO_CB_PUTS|BIO_CB_RETURN,in,0, |
| 244 | 0L,(long)i); | 240 | 0L,(long)i); |
| 245 | return(i); | 241 | return(i); |
| 246 | } | 242 | } |
| 247 | 243 | ||
| 248 | int BIO_gets(b,in,inl) | 244 | int BIO_gets(BIO *b, char *in, int inl) |
| 249 | BIO *b; | ||
| 250 | char *in; | ||
| 251 | int inl; | ||
| 252 | { | 245 | { |
| 253 | int i; | 246 | int i; |
| 254 | long (*cb)(); | 247 | long (*cb)(); |
| @@ -267,7 +260,7 @@ int inl; | |||
| 267 | 260 | ||
| 268 | if (!b->init) | 261 | if (!b->init) |
| 269 | { | 262 | { |
| 270 | BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITALISED); | 263 | BIOerr(BIO_F_BIO_GETS,BIO_R_UNINITIALIZED); |
| 271 | return(-2); | 264 | return(-2); |
| 272 | } | 265 | } |
| 273 | 266 | ||
| @@ -279,11 +272,7 @@ int inl; | |||
| 279 | return(i); | 272 | return(i); |
| 280 | } | 273 | } |
| 281 | 274 | ||
| 282 | long BIO_int_ctrl(b,cmd,larg,iarg) | 275 | long BIO_int_ctrl(BIO *b, int cmd, long larg, int iarg) |
| 283 | BIO *b; | ||
| 284 | int cmd; | ||
| 285 | long larg; | ||
| 286 | int iarg; | ||
| 287 | { | 276 | { |
| 288 | int i; | 277 | int i; |
| 289 | 278 | ||
| @@ -291,10 +280,7 @@ int iarg; | |||
| 291 | return(BIO_ctrl(b,cmd,larg,(char *)&i)); | 280 | return(BIO_ctrl(b,cmd,larg,(char *)&i)); |
| 292 | } | 281 | } |
| 293 | 282 | ||
| 294 | char *BIO_ptr_ctrl(b,cmd,larg) | 283 | char *BIO_ptr_ctrl(BIO *b, int cmd, long larg) |
| 295 | BIO *b; | ||
| 296 | int cmd; | ||
| 297 | long larg; | ||
| 298 | { | 284 | { |
| 299 | char *p=NULL; | 285 | char *p=NULL; |
| 300 | 286 | ||
| @@ -304,11 +290,7 @@ long larg; | |||
| 304 | return(p); | 290 | return(p); |
| 305 | } | 291 | } |
| 306 | 292 | ||
| 307 | long BIO_ctrl(b,cmd,larg,parg) | 293 | long BIO_ctrl(BIO *b, int cmd, long larg, void *parg) |
| 308 | BIO *b; | ||
| 309 | int cmd; | ||
| 310 | long larg; | ||
| 311 | char *parg; | ||
| 312 | { | 294 | { |
| 313 | long ret; | 295 | long ret; |
| 314 | long (*cb)(); | 296 | long (*cb)(); |
| @@ -335,9 +317,49 @@ char *parg; | |||
| 335 | return(ret); | 317 | return(ret); |
| 336 | } | 318 | } |
| 337 | 319 | ||
| 320 | long BIO_callback_ctrl(BIO *b, int cmd, void (*fp)(struct bio_st *, int, const char *, int, long, long)) | ||
| 321 | { | ||
| 322 | long ret; | ||
| 323 | long (*cb)(); | ||
| 324 | |||
| 325 | if (b == NULL) return(0); | ||
| 326 | |||
| 327 | if ((b->method == NULL) || (b->method->callback_ctrl == NULL)) | ||
| 328 | { | ||
| 329 | BIOerr(BIO_F_BIO_CTRL,BIO_R_UNSUPPORTED_METHOD); | ||
| 330 | return(-2); | ||
| 331 | } | ||
| 332 | |||
| 333 | cb=b->callback; | ||
| 334 | |||
| 335 | if ((cb != NULL) && | ||
| 336 | ((ret=cb(b,BIO_CB_CTRL,(void *)&fp,cmd,0,1L)) <= 0)) | ||
| 337 | return(ret); | ||
| 338 | |||
| 339 | ret=b->method->callback_ctrl(b,cmd,fp); | ||
| 340 | |||
| 341 | if (cb != NULL) | ||
| 342 | ret=cb(b,BIO_CB_CTRL|BIO_CB_RETURN,(void *)&fp,cmd, | ||
| 343 | 0,ret); | ||
| 344 | return(ret); | ||
| 345 | } | ||
| 346 | |||
| 347 | /* It is unfortunate to duplicate in functions what the BIO_(w)pending macros | ||
| 348 | * do; but those macros have inappropriate return type, and for interfacing | ||
| 349 | * from other programming languages, C macros aren't much of a help anyway. */ | ||
| 350 | size_t BIO_ctrl_pending(BIO *bio) | ||
| 351 | { | ||
| 352 | return BIO_ctrl(bio, BIO_CTRL_PENDING, 0, NULL); | ||
| 353 | } | ||
| 354 | |||
| 355 | size_t BIO_ctrl_wpending(BIO *bio) | ||
| 356 | { | ||
| 357 | return BIO_ctrl(bio, BIO_CTRL_WPENDING, 0, NULL); | ||
| 358 | } | ||
| 359 | |||
| 360 | |||
| 338 | /* put the 'bio' on the end of b's list of operators */ | 361 | /* put the 'bio' on the end of b's list of operators */ |
| 339 | BIO *BIO_push(b,bio) | 362 | BIO *BIO_push(BIO *b, BIO *bio) |
| 340 | BIO *b,*bio; | ||
| 341 | { | 363 | { |
| 342 | BIO *lb; | 364 | BIO *lb; |
| 343 | 365 | ||
| @@ -354,8 +376,7 @@ BIO *b,*bio; | |||
| 354 | } | 376 | } |
| 355 | 377 | ||
| 356 | /* Remove the first and return the rest */ | 378 | /* Remove the first and return the rest */ |
| 357 | BIO *BIO_pop(b) | 379 | BIO *BIO_pop(BIO *b) |
| 358 | BIO *b; | ||
| 359 | { | 380 | { |
| 360 | BIO *ret; | 381 | BIO *ret; |
| 361 | 382 | ||
| @@ -373,9 +394,7 @@ BIO *b; | |||
| 373 | return(ret); | 394 | return(ret); |
| 374 | } | 395 | } |
| 375 | 396 | ||
| 376 | BIO *BIO_get_retry_BIO(bio,reason) | 397 | BIO *BIO_get_retry_BIO(BIO *bio, int *reason) |
| 377 | BIO *bio; | ||
| 378 | int *reason; | ||
| 379 | { | 398 | { |
| 380 | BIO *b,*last; | 399 | BIO *b,*last; |
| 381 | 400 | ||
| @@ -391,18 +410,16 @@ int *reason; | |||
| 391 | return(last); | 410 | return(last); |
| 392 | } | 411 | } |
| 393 | 412 | ||
| 394 | int BIO_get_retry_reason(bio) | 413 | int BIO_get_retry_reason(BIO *bio) |
| 395 | BIO *bio; | ||
| 396 | { | 414 | { |
| 397 | return(bio->retry_reason); | 415 | return(bio->retry_reason); |
| 398 | } | 416 | } |
| 399 | 417 | ||
| 400 | BIO *BIO_find_type(bio,type) | 418 | BIO *BIO_find_type(BIO *bio, int type) |
| 401 | BIO *bio; | ||
| 402 | int type; | ||
| 403 | { | 419 | { |
| 404 | int mt,mask; | 420 | int mt,mask; |
| 405 | 421 | ||
| 422 | if(!bio) return NULL; | ||
| 406 | mask=type&0xff; | 423 | mask=type&0xff; |
| 407 | do { | 424 | do { |
| 408 | if (bio->method != NULL) | 425 | if (bio->method != NULL) |
| @@ -421,8 +438,13 @@ int type; | |||
| 421 | return(NULL); | 438 | return(NULL); |
| 422 | } | 439 | } |
| 423 | 440 | ||
| 424 | void BIO_free_all(bio) | 441 | BIO *BIO_next(BIO *b) |
| 425 | BIO *bio; | 442 | { |
| 443 | if(!b) return NULL; | ||
| 444 | return b->next_bio; | ||
| 445 | } | ||
| 446 | |||
| 447 | void BIO_free_all(BIO *bio) | ||
| 426 | { | 448 | { |
| 427 | BIO *b; | 449 | BIO *b; |
| 428 | int ref; | 450 | int ref; |
| @@ -438,8 +460,7 @@ BIO *bio; | |||
| 438 | } | 460 | } |
| 439 | } | 461 | } |
| 440 | 462 | ||
| 441 | BIO *BIO_dup_chain(in) | 463 | BIO *BIO_dup_chain(BIO *in) |
| 442 | BIO *in; | ||
| 443 | { | 464 | { |
| 444 | BIO *ret=NULL,*eoc=NULL,*bio,*new; | 465 | BIO *ret=NULL,*eoc=NULL,*bio,*new; |
| 445 | 466 | ||
| @@ -461,9 +482,10 @@ BIO *in; | |||
| 461 | goto err; | 482 | goto err; |
| 462 | } | 483 | } |
| 463 | 484 | ||
| 464 | /* copy app data */ | 485 | /* copy app data */ |
| 465 | if (!CRYPTO_dup_ex_data(bio_meth,&new->ex_data,&bio->ex_data)) | 486 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_BIO, &new->ex_data, |
| 466 | goto err; | 487 | &bio->ex_data)) |
| 488 | goto err; | ||
| 467 | 489 | ||
| 468 | if (ret == NULL) | 490 | if (ret == NULL) |
| 469 | { | 491 | { |
| @@ -483,37 +505,39 @@ err: | |||
| 483 | return(NULL); | 505 | return(NULL); |
| 484 | } | 506 | } |
| 485 | 507 | ||
| 486 | void BIO_copy_next_retry(b) | 508 | void BIO_copy_next_retry(BIO *b) |
| 487 | BIO *b; | ||
| 488 | { | 509 | { |
| 489 | BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); | 510 | BIO_set_flags(b,BIO_get_retry_flags(b->next_bio)); |
| 490 | b->retry_reason=b->next_bio->retry_reason; | 511 | b->retry_reason=b->next_bio->retry_reason; |
| 491 | } | 512 | } |
| 492 | 513 | ||
| 493 | int BIO_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 514 | int BIO_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 494 | long argl; | 515 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 495 | char *argp; | 516 | { |
| 496 | int (*new_func)(); | 517 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_BIO, argl, argp, |
| 497 | int (*dup_func)(); | 518 | new_func, dup_func, free_func); |
| 498 | void (*free_func)(); | 519 | } |
| 499 | { | 520 | |
| 500 | bio_meth_num++; | 521 | int BIO_set_ex_data(BIO *bio, int idx, void *data) |
| 501 | return(CRYPTO_get_ex_new_index(bio_meth_num-1,&bio_meth, | ||
| 502 | argl,argp,new_func,dup_func,free_func)); | ||
| 503 | } | ||
| 504 | |||
| 505 | int BIO_set_ex_data(bio,idx,data) | ||
| 506 | BIO *bio; | ||
| 507 | int idx; | ||
| 508 | char *data; | ||
| 509 | { | 522 | { |
| 510 | return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); | 523 | return(CRYPTO_set_ex_data(&(bio->ex_data),idx,data)); |
| 511 | } | 524 | } |
| 512 | 525 | ||
| 513 | char *BIO_get_ex_data(bio,idx) | 526 | void *BIO_get_ex_data(BIO *bio, int idx) |
| 514 | BIO *bio; | ||
| 515 | int idx; | ||
| 516 | { | 527 | { |
| 517 | return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); | 528 | return(CRYPTO_get_ex_data(&(bio->ex_data),idx)); |
| 518 | } | 529 | } |
| 519 | 530 | ||
| 531 | unsigned long BIO_number_read(BIO *bio) | ||
| 532 | { | ||
| 533 | if(bio) return bio->num_read; | ||
| 534 | return 0; | ||
| 535 | } | ||
| 536 | |||
| 537 | unsigned long BIO_number_written(BIO *bio) | ||
| 538 | { | ||
| 539 | if(bio) return bio->num_write; | ||
| 540 | return 0; | ||
| 541 | } | ||
| 542 | |||
| 543 | IMPLEMENT_STACK_OF(BIO) | ||
diff --git a/src/lib/libcrypto/bio/bss_acpt.c b/src/lib/libcrypto/bio/bss_acpt.c index e49902fa9f..8ea1db158b 100644 --- a/src/lib/libcrypto/bio/bss_acpt.c +++ b/src/lib/libcrypto/bio/bss_acpt.c | |||
| @@ -56,22 +56,25 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_SOCK | 59 | #ifndef OPENSSL_NO_SOCK |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <errno.h> | 62 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 63 | #define USE_SOCKETS |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include "bio.h" | 65 | #include <openssl/bio.h> |
| 66 | 66 | ||
| 67 | /* BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */ | 67 | #ifdef OPENSSL_SYS_WIN16 |
| 68 | |||
| 69 | #ifdef WIN16 | ||
| 70 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| 71 | #else | 69 | #else |
| 72 | #define SOCKET_PROTOCOL IPPROTO_TCP | 70 | #define SOCKET_PROTOCOL IPPROTO_TCP |
| 73 | #endif | 71 | #endif |
| 74 | 72 | ||
| 73 | #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) | ||
| 74 | /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | ||
| 75 | #undef FIONBIO | ||
| 76 | #endif | ||
| 77 | |||
| 75 | typedef struct bio_accept_st | 78 | typedef struct bio_accept_st |
| 76 | { | 79 | { |
| 77 | int state; | 80 | int state; |
| @@ -82,39 +85,24 @@ typedef struct bio_accept_st | |||
| 82 | 85 | ||
| 83 | char *addr; | 86 | char *addr; |
| 84 | int nbio; | 87 | int nbio; |
| 88 | /* If 0, it means normal, if 1, do a connect on bind failure, | ||
| 89 | * and if there is no-one listening, bind with SO_REUSEADDR. | ||
| 90 | * If 2, always use SO_REUSEADDR. */ | ||
| 91 | int bind_mode; | ||
| 85 | BIO *bio_chain; | 92 | BIO *bio_chain; |
| 86 | } BIO_ACCEPT; | 93 | } BIO_ACCEPT; |
| 87 | 94 | ||
| 88 | #ifndef NOPROTO | 95 | static int acpt_write(BIO *h, const char *buf, int num); |
| 89 | static int acpt_write(BIO *h,char *buf,int num); | 96 | static int acpt_read(BIO *h, char *buf, int size); |
| 90 | static int acpt_read(BIO *h,char *buf,int size); | 97 | static int acpt_puts(BIO *h, const char *str); |
| 91 | static int acpt_puts(BIO *h,char *str); | 98 | static long acpt_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 92 | static long acpt_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 93 | static int acpt_new(BIO *h); | 99 | static int acpt_new(BIO *h); |
| 94 | static int acpt_free(BIO *data); | 100 | static int acpt_free(BIO *data); |
| 95 | #else | ||
| 96 | static int acpt_write(); | ||
| 97 | static int acpt_read(); | ||
| 98 | static int acpt_puts(); | ||
| 99 | static long acpt_ctrl(); | ||
| 100 | static int acpt_new(); | ||
| 101 | static int acpt_free(); | ||
| 102 | #endif | ||
| 103 | |||
| 104 | #ifndef NOPROTO | ||
| 105 | static int acpt_state(BIO *b, BIO_ACCEPT *c); | 101 | static int acpt_state(BIO *b, BIO_ACCEPT *c); |
| 106 | static void acpt_close_socket(BIO *data); | 102 | static void acpt_close_socket(BIO *data); |
| 107 | BIO_ACCEPT *BIO_ACCEPT_new(void ); | 103 | BIO_ACCEPT *BIO_ACCEPT_new(void ); |
| 108 | void BIO_ACCEPT_free(BIO_ACCEPT *a); | 104 | void BIO_ACCEPT_free(BIO_ACCEPT *a); |
| 109 | 105 | ||
| 110 | #else | ||
| 111 | |||
| 112 | static int acpt_state(); | ||
| 113 | static void acpt_close_socket(); | ||
| 114 | BIO_ACCEPT *BIO_ACCEPT_new(); | ||
| 115 | void BIO_ACCEPT_free(); | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #define ACPT_S_BEFORE 1 | 106 | #define ACPT_S_BEFORE 1 |
| 119 | #define ACPT_S_GET_ACCEPT_SOCKET 2 | 107 | #define ACPT_S_GET_ACCEPT_SOCKET 2 |
| 120 | #define ACPT_S_OK 3 | 108 | #define ACPT_S_OK 3 |
| @@ -130,15 +118,15 @@ static BIO_METHOD methods_acceptp= | |||
| 130 | acpt_ctrl, | 118 | acpt_ctrl, |
| 131 | acpt_new, | 119 | acpt_new, |
| 132 | acpt_free, | 120 | acpt_free, |
| 121 | NULL, | ||
| 133 | }; | 122 | }; |
| 134 | 123 | ||
| 135 | BIO_METHOD *BIO_s_accept() | 124 | BIO_METHOD *BIO_s_accept(void) |
| 136 | { | 125 | { |
| 137 | return(&methods_acceptp); | 126 | return(&methods_acceptp); |
| 138 | } | 127 | } |
| 139 | 128 | ||
| 140 | static int acpt_new(bi) | 129 | static int acpt_new(BIO *bi) |
| 141 | BIO *bi; | ||
| 142 | { | 130 | { |
| 143 | BIO_ACCEPT *ba; | 131 | BIO_ACCEPT *ba; |
| 144 | 132 | ||
| @@ -153,29 +141,31 @@ BIO *bi; | |||
| 153 | return(1); | 141 | return(1); |
| 154 | } | 142 | } |
| 155 | 143 | ||
| 156 | BIO_ACCEPT *BIO_ACCEPT_new() | 144 | BIO_ACCEPT *BIO_ACCEPT_new(void) |
| 157 | { | 145 | { |
| 158 | BIO_ACCEPT *ret; | 146 | BIO_ACCEPT *ret; |
| 159 | 147 | ||
| 160 | if ((ret=(BIO_ACCEPT *)Malloc(sizeof(BIO_ACCEPT))) == NULL) | 148 | if ((ret=(BIO_ACCEPT *)OPENSSL_malloc(sizeof(BIO_ACCEPT))) == NULL) |
| 161 | return(NULL); | 149 | return(NULL); |
| 162 | 150 | ||
| 163 | memset(ret,0,sizeof(BIO_ACCEPT)); | 151 | memset(ret,0,sizeof(BIO_ACCEPT)); |
| 164 | ret->accept_sock=INVALID_SOCKET; | 152 | ret->accept_sock=INVALID_SOCKET; |
| 153 | ret->bind_mode=BIO_BIND_NORMAL; | ||
| 165 | return(ret); | 154 | return(ret); |
| 166 | } | 155 | } |
| 167 | 156 | ||
| 168 | void BIO_ACCEPT_free(a) | 157 | void BIO_ACCEPT_free(BIO_ACCEPT *a) |
| 169 | BIO_ACCEPT *a; | ||
| 170 | { | 158 | { |
| 171 | if (a->param_addr != NULL) Free(a->param_addr); | 159 | if(a == NULL) |
| 172 | if (a->addr != NULL) Free(a->addr); | 160 | return; |
| 161 | |||
| 162 | if (a->param_addr != NULL) OPENSSL_free(a->param_addr); | ||
| 163 | if (a->addr != NULL) OPENSSL_free(a->addr); | ||
| 173 | if (a->bio_chain != NULL) BIO_free(a->bio_chain); | 164 | if (a->bio_chain != NULL) BIO_free(a->bio_chain); |
| 174 | Free(a); | 165 | OPENSSL_free(a); |
| 175 | } | 166 | } |
| 176 | 167 | ||
| 177 | static void acpt_close_socket(bio) | 168 | static void acpt_close_socket(BIO *bio) |
| 178 | BIO *bio; | ||
| 179 | { | 169 | { |
| 180 | BIO_ACCEPT *c; | 170 | BIO_ACCEPT *c; |
| 181 | 171 | ||
| @@ -183,18 +173,13 @@ BIO *bio; | |||
| 183 | if (c->accept_sock != INVALID_SOCKET) | 173 | if (c->accept_sock != INVALID_SOCKET) |
| 184 | { | 174 | { |
| 185 | shutdown(c->accept_sock,2); | 175 | shutdown(c->accept_sock,2); |
| 186 | # ifdef WINDOWS | ||
| 187 | closesocket(c->accept_sock); | 176 | closesocket(c->accept_sock); |
| 188 | # else | ||
| 189 | close(c->accept_sock); | ||
| 190 | # endif | ||
| 191 | c->accept_sock=INVALID_SOCKET; | 177 | c->accept_sock=INVALID_SOCKET; |
| 192 | bio->num=INVALID_SOCKET; | 178 | bio->num=INVALID_SOCKET; |
| 193 | } | 179 | } |
| 194 | } | 180 | } |
| 195 | 181 | ||
| 196 | static int acpt_free(a) | 182 | static int acpt_free(BIO *a) |
| 197 | BIO *a; | ||
| 198 | { | 183 | { |
| 199 | BIO_ACCEPT *data; | 184 | BIO_ACCEPT *data; |
| 200 | 185 | ||
| @@ -212,12 +197,9 @@ BIO *a; | |||
| 212 | return(1); | 197 | return(1); |
| 213 | } | 198 | } |
| 214 | 199 | ||
| 215 | static int acpt_state(b,c) | 200 | static int acpt_state(BIO *b, BIO_ACCEPT *c) |
| 216 | BIO *b; | ||
| 217 | BIO_ACCEPT *c; | ||
| 218 | { | 201 | { |
| 219 | BIO *bio=NULL,*dbio; | 202 | BIO *bio=NULL,*dbio; |
| 220 | unsigned long l=1; | ||
| 221 | int s= -1; | 203 | int s= -1; |
| 222 | int i; | 204 | int i; |
| 223 | 205 | ||
| @@ -230,56 +212,58 @@ again: | |||
| 230 | BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED); | 212 | BIOerr(BIO_F_ACPT_STATE,BIO_R_NO_ACCEPT_PORT_SPECIFIED); |
| 231 | return(-1); | 213 | return(-1); |
| 232 | } | 214 | } |
| 233 | s=BIO_get_accept_socket(c->param_addr); | 215 | s=BIO_get_accept_socket(c->param_addr,c->bind_mode); |
| 234 | if (s == INVALID_SOCKET) | 216 | if (s == INVALID_SOCKET) |
| 235 | return(-1); | 217 | return(-1); |
| 236 | 218 | ||
| 237 | #ifdef FIONBIO | ||
| 238 | if (c->accept_nbio) | 219 | if (c->accept_nbio) |
| 239 | { | 220 | { |
| 240 | i=BIO_socket_ioctl(b->num,FIONBIO,&l); | 221 | if (!BIO_socket_nbio(s,1)) |
| 241 | if (i < 0) | ||
| 242 | { | 222 | { |
| 243 | #ifdef WINDOWS | ||
| 244 | closesocket(s); | 223 | closesocket(s); |
| 245 | #else | ||
| 246 | close(s); | ||
| 247 | # endif | ||
| 248 | BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); | 224 | BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPT_SOCKET); |
| 249 | return(-1); | 225 | return(-1); |
| 250 | } | 226 | } |
| 251 | } | 227 | } |
| 252 | #endif | ||
| 253 | c->accept_sock=s; | 228 | c->accept_sock=s; |
| 254 | b->num=s; | 229 | b->num=s; |
| 255 | c->state=ACPT_S_GET_ACCEPT_SOCKET; | 230 | c->state=ACPT_S_GET_ACCEPT_SOCKET; |
| 256 | return(1); | 231 | return(1); |
| 257 | break; | 232 | /* break; */ |
| 258 | case ACPT_S_GET_ACCEPT_SOCKET: | 233 | case ACPT_S_GET_ACCEPT_SOCKET: |
| 259 | if (b->next_bio != NULL) | 234 | if (b->next_bio != NULL) |
| 260 | { | 235 | { |
| 261 | c->state=ACPT_S_OK; | 236 | c->state=ACPT_S_OK; |
| 262 | goto again; | 237 | goto again; |
| 263 | } | 238 | } |
| 239 | BIO_clear_retry_flags(b); | ||
| 240 | b->retry_reason=0; | ||
| 264 | i=BIO_accept(c->accept_sock,&(c->addr)); | 241 | i=BIO_accept(c->accept_sock,&(c->addr)); |
| 242 | |||
| 243 | /* -2 return means we should retry */ | ||
| 244 | if(i == -2) | ||
| 245 | { | ||
| 246 | BIO_set_retry_special(b); | ||
| 247 | b->retry_reason=BIO_RR_ACCEPT; | ||
| 248 | return -1; | ||
| 249 | } | ||
| 250 | |||
| 265 | if (i < 0) return(i); | 251 | if (i < 0) return(i); |
| 252 | |||
| 266 | bio=BIO_new_socket(i,BIO_CLOSE); | 253 | bio=BIO_new_socket(i,BIO_CLOSE); |
| 267 | if (bio == NULL) goto err; | 254 | if (bio == NULL) goto err; |
| 268 | 255 | ||
| 269 | BIO_set_callback(bio,BIO_get_callback(b)); | 256 | BIO_set_callback(bio,BIO_get_callback(b)); |
| 270 | BIO_set_callback_arg(bio,BIO_get_callback_arg(b)); | 257 | BIO_set_callback_arg(bio,BIO_get_callback_arg(b)); |
| 271 | 258 | ||
| 272 | #ifdef FIONBIO | ||
| 273 | if (c->nbio) | 259 | if (c->nbio) |
| 274 | { | 260 | { |
| 275 | i=BIO_socket_ioctl(i,FIONBIO,&l); | 261 | if (!BIO_socket_nbio(i,1)) |
| 276 | if (i < 0) | ||
| 277 | { | 262 | { |
| 278 | BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); | 263 | BIOerr(BIO_F_ACPT_STATE,BIO_R_ERROR_SETTING_NBIO_ON_ACCEPTED_SOCKET); |
| 279 | goto err; | 264 | goto err; |
| 280 | } | 265 | } |
| 281 | } | 266 | } |
| 282 | #endif | ||
| 283 | 267 | ||
| 284 | /* If the accept BIO has an bio_chain, we dup it and | 268 | /* If the accept BIO has an bio_chain, we dup it and |
| 285 | * put the new socket at the end. */ | 269 | * put the new socket at the end. */ |
| @@ -298,15 +282,9 @@ err: | |||
| 298 | if (bio != NULL) | 282 | if (bio != NULL) |
| 299 | BIO_free(bio); | 283 | BIO_free(bio); |
| 300 | else if (s >= 0) | 284 | else if (s >= 0) |
| 301 | { | ||
| 302 | #ifdef WINDOWS | ||
| 303 | closesocket(s); | 285 | closesocket(s); |
| 304 | #else | ||
| 305 | close(s); | ||
| 306 | # endif | ||
| 307 | } | ||
| 308 | return(0); | 286 | return(0); |
| 309 | break; | 287 | /* break; */ |
| 310 | case ACPT_S_OK: | 288 | case ACPT_S_OK: |
| 311 | if (b->next_bio == NULL) | 289 | if (b->next_bio == NULL) |
| 312 | { | 290 | { |
| @@ -314,23 +292,20 @@ err: | |||
| 314 | goto again; | 292 | goto again; |
| 315 | } | 293 | } |
| 316 | return(1); | 294 | return(1); |
| 317 | break; | 295 | /* break; */ |
| 318 | default: | 296 | default: |
| 319 | return(0); | 297 | return(0); |
| 320 | break; | 298 | /* break; */ |
| 321 | } | 299 | } |
| 322 | 300 | ||
| 323 | } | 301 | } |
| 324 | 302 | ||
| 325 | static int acpt_read(b,out,outl) | 303 | static int acpt_read(BIO *b, char *out, int outl) |
| 326 | BIO *b; | ||
| 327 | char *out; | ||
| 328 | int outl; | ||
| 329 | { | 304 | { |
| 330 | int ret=0; | 305 | int ret=0; |
| 331 | BIO_ACCEPT *data; | 306 | BIO_ACCEPT *data; |
| 332 | 307 | ||
| 333 | BIO_clear_retry_flags(b); | 308 | BIO_clear_retry_flags(b); |
| 334 | data=(BIO_ACCEPT *)b->ptr; | 309 | data=(BIO_ACCEPT *)b->ptr; |
| 335 | 310 | ||
| 336 | while (b->next_bio == NULL) | 311 | while (b->next_bio == NULL) |
| @@ -344,10 +319,7 @@ int outl; | |||
| 344 | return(ret); | 319 | return(ret); |
| 345 | } | 320 | } |
| 346 | 321 | ||
| 347 | static int acpt_write(b,in,inl) | 322 | static int acpt_write(BIO *b, const char *in, int inl) |
| 348 | BIO *b; | ||
| 349 | char *in; | ||
| 350 | int inl; | ||
| 351 | { | 323 | { |
| 352 | int ret; | 324 | int ret; |
| 353 | BIO_ACCEPT *data; | 325 | BIO_ACCEPT *data; |
| @@ -366,11 +338,7 @@ int inl; | |||
| 366 | return(ret); | 338 | return(ret); |
| 367 | } | 339 | } |
| 368 | 340 | ||
| 369 | static long acpt_ctrl(b,cmd,num,ptr) | 341 | static long acpt_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 370 | BIO *b; | ||
| 371 | int cmd; | ||
| 372 | long num; | ||
| 373 | char *ptr; | ||
| 374 | { | 342 | { |
| 375 | BIO *dbio; | 343 | BIO *dbio; |
| 376 | int *ip; | 344 | int *ip; |
| @@ -399,7 +367,7 @@ char *ptr; | |||
| 399 | { | 367 | { |
| 400 | b->init=1; | 368 | b->init=1; |
| 401 | if (data->param_addr != NULL) | 369 | if (data->param_addr != NULL) |
| 402 | Free(data->param_addr); | 370 | OPENSSL_free(data->param_addr); |
| 403 | data->param_addr=BUF_strdup(ptr); | 371 | data->param_addr=BUF_strdup(ptr); |
| 404 | } | 372 | } |
| 405 | else if (num == 1) | 373 | else if (num == 1) |
| @@ -417,13 +385,21 @@ char *ptr; | |||
| 417 | case BIO_C_SET_NBIO: | 385 | case BIO_C_SET_NBIO: |
| 418 | data->nbio=(int)num; | 386 | data->nbio=(int)num; |
| 419 | break; | 387 | break; |
| 388 | case BIO_C_SET_FD: | ||
| 389 | b->init=1; | ||
| 390 | b->num= *((int *)ptr); | ||
| 391 | data->accept_sock=b->num; | ||
| 392 | data->state=ACPT_S_GET_ACCEPT_SOCKET; | ||
| 393 | b->shutdown=(int)num; | ||
| 394 | b->init=1; | ||
| 395 | break; | ||
| 420 | case BIO_C_GET_FD: | 396 | case BIO_C_GET_FD: |
| 421 | if (b->init) | 397 | if (b->init) |
| 422 | { | 398 | { |
| 423 | ip=(int *)ptr; | 399 | ip=(int *)ptr; |
| 424 | if (ip != NULL) | 400 | if (ip != NULL) |
| 425 | *ip=data->accept_sock; | 401 | *ip=data->accept_sock; |
| 426 | ret=b->num; | 402 | ret=data->accept_sock; |
| 427 | } | 403 | } |
| 428 | else | 404 | else |
| 429 | ret= -1; | 405 | ret= -1; |
| @@ -454,6 +430,12 @@ char *ptr; | |||
| 454 | break; | 430 | break; |
| 455 | case BIO_CTRL_FLUSH: | 431 | case BIO_CTRL_FLUSH: |
| 456 | break; | 432 | break; |
| 433 | case BIO_C_SET_BIND_MODE: | ||
| 434 | data->bind_mode=(int)num; | ||
| 435 | break; | ||
| 436 | case BIO_C_GET_BIND_MODE: | ||
| 437 | ret=(long)data->bind_mode; | ||
| 438 | break; | ||
| 457 | case BIO_CTRL_DUP: | 439 | case BIO_CTRL_DUP: |
| 458 | dbio=(BIO *)ptr; | 440 | dbio=(BIO *)ptr; |
| 459 | /* if (data->param_port) EAY EAY | 441 | /* if (data->param_port) EAY EAY |
| @@ -470,9 +452,7 @@ char *ptr; | |||
| 470 | return(ret); | 452 | return(ret); |
| 471 | } | 453 | } |
| 472 | 454 | ||
| 473 | static int acpt_puts(bp,str) | 455 | static int acpt_puts(BIO *bp, const char *str) |
| 474 | BIO *bp; | ||
| 475 | char *str; | ||
| 476 | { | 456 | { |
| 477 | int n,ret; | 457 | int n,ret; |
| 478 | 458 | ||
| @@ -481,8 +461,7 @@ char *str; | |||
| 481 | return(ret); | 461 | return(ret); |
| 482 | } | 462 | } |
| 483 | 463 | ||
| 484 | BIO *BIO_new_accept(str) | 464 | BIO *BIO_new_accept(char *str) |
| 485 | char *str; | ||
| 486 | { | 465 | { |
| 487 | BIO *ret; | 466 | BIO *ret; |
| 488 | 467 | ||
diff --git a/src/lib/libcrypto/bio/bss_bio.c b/src/lib/libcrypto/bio/bss_bio.c index 562e9d8de2..1c485a4479 100644 --- a/src/lib/libcrypto/bio/bss_bio.c +++ b/src/lib/libcrypto/bio/bss_bio.c | |||
| @@ -7,25 +7,46 @@ | |||
| 7 | * for which no specific BIO method is available. | 7 | * for which no specific BIO method is available. |
| 8 | * See ssl/ssltest.c for some hints on how this can be used. */ | 8 | * See ssl/ssltest.c for some hints on how this can be used. */ |
| 9 | 9 | ||
| 10 | /* BIO_DEBUG implies BIO_PAIR_DEBUG */ | ||
| 11 | #ifdef BIO_DEBUG | ||
| 12 | # ifndef BIO_PAIR_DEBUG | ||
| 13 | # define BIO_PAIR_DEBUG | ||
| 14 | # endif | ||
| 15 | #endif | ||
| 16 | |||
| 17 | /* disable assert() unless BIO_PAIR_DEBUG has been defined */ | ||
| 10 | #ifndef BIO_PAIR_DEBUG | 18 | #ifndef BIO_PAIR_DEBUG |
| 11 | # undef NDEBUG /* avoid conflicting definitions */ | 19 | # ifndef NDEBUG |
| 12 | # define NDEBUG | 20 | # define NDEBUG |
| 21 | # endif | ||
| 13 | #endif | 22 | #endif |
| 14 | 23 | ||
| 15 | #include <assert.h> | 24 | #include <assert.h> |
| 25 | #include <limits.h> | ||
| 16 | #include <stdlib.h> | 26 | #include <stdlib.h> |
| 17 | #include <string.h> | 27 | #include <string.h> |
| 18 | 28 | ||
| 19 | #include <openssl/bio.h> | 29 | #include <openssl/bio.h> |
| 20 | #include <openssl/err.h> | 30 | #include <openssl/err.h> |
| 31 | #include <openssl/err.h> | ||
| 21 | #include <openssl/crypto.h> | 32 | #include <openssl/crypto.h> |
| 22 | 33 | ||
| 34 | #include "e_os.h" | ||
| 35 | |||
| 36 | /* VxWorks defines SSIZE_MAX with an empty value causing compile errors */ | ||
| 37 | #if defined(OPENSSL_SYS_VSWORKS) | ||
| 38 | # undef SSIZE_MAX | ||
| 39 | #endif | ||
| 40 | #ifndef SSIZE_MAX | ||
| 41 | # define SSIZE_MAX INT_MAX | ||
| 42 | #endif | ||
| 43 | |||
| 23 | static int bio_new(BIO *bio); | 44 | static int bio_new(BIO *bio); |
| 24 | static int bio_free(BIO *bio); | 45 | static int bio_free(BIO *bio); |
| 25 | static int bio_read(BIO *bio, char *buf, int size); | 46 | static int bio_read(BIO *bio, char *buf, int size); |
| 26 | static int bio_write(BIO *bio, char *buf, int num); | 47 | static int bio_write(BIO *bio, const char *buf, int num); |
| 27 | static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr); | 48 | static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr); |
| 28 | static int bio_puts(BIO *bio, char *str); | 49 | static int bio_puts(BIO *bio, const char *str); |
| 29 | 50 | ||
| 30 | static int bio_make_pair(BIO *bio1, BIO *bio2); | 51 | static int bio_make_pair(BIO *bio1, BIO *bio2); |
| 31 | static void bio_destroy_pair(BIO *bio); | 52 | static void bio_destroy_pair(BIO *bio); |
| @@ -40,7 +61,8 @@ static BIO_METHOD methods_biop = | |||
| 40 | NULL /* no bio_gets */, | 61 | NULL /* no bio_gets */, |
| 41 | bio_ctrl, | 62 | bio_ctrl, |
| 42 | bio_new, | 63 | bio_new, |
| 43 | bio_free | 64 | bio_free, |
| 65 | NULL /* no bio_callback_ctrl */ | ||
| 44 | }; | 66 | }; |
| 45 | 67 | ||
| 46 | BIO_METHOD *BIO_s_bio(void) | 68 | BIO_METHOD *BIO_s_bio(void) |
| @@ -64,7 +86,7 @@ struct bio_bio_st | |||
| 64 | 86 | ||
| 65 | size_t request; /* valid iff peer != NULL; 0 if len != 0, | 87 | size_t request; /* valid iff peer != NULL; 0 if len != 0, |
| 66 | * otherwise set by peer to number of bytes | 88 | * otherwise set by peer to number of bytes |
| 67 | * it (unsuccesfully) tried to read, | 89 | * it (unsuccessfully) tried to read, |
| 68 | * never more than buffer space (size-len) warrants. */ | 90 | * never more than buffer space (size-len) warrants. */ |
| 69 | }; | 91 | }; |
| 70 | 92 | ||
| @@ -72,7 +94,7 @@ static int bio_new(BIO *bio) | |||
| 72 | { | 94 | { |
| 73 | struct bio_bio_st *b; | 95 | struct bio_bio_st *b; |
| 74 | 96 | ||
| 75 | b = Malloc(sizeof *b); | 97 | b = OPENSSL_malloc(sizeof *b); |
| 76 | if (b == NULL) | 98 | if (b == NULL) |
| 77 | return 0; | 99 | return 0; |
| 78 | 100 | ||
| @@ -100,10 +122,10 @@ static int bio_free(BIO *bio) | |||
| 100 | 122 | ||
| 101 | if (b->buf != NULL) | 123 | if (b->buf != NULL) |
| 102 | { | 124 | { |
| 103 | Free(b->buf); | 125 | OPENSSL_free(b->buf); |
| 104 | } | 126 | } |
| 105 | 127 | ||
| 106 | Free(b); | 128 | OPENSSL_free(b); |
| 107 | 129 | ||
| 108 | return 1; | 130 | return 1; |
| 109 | } | 131 | } |
| @@ -195,7 +217,87 @@ static int bio_read(BIO *bio, char *buf, int size_) | |||
| 195 | return size; | 217 | return size; |
| 196 | } | 218 | } |
| 197 | 219 | ||
| 198 | static int bio_write(BIO *bio, char *buf, int num_) | 220 | /* non-copying interface: provide pointer to available data in buffer |
| 221 | * bio_nread0: return number of available bytes | ||
| 222 | * bio_nread: also advance index | ||
| 223 | * (example usage: bio_nread0(), read from buffer, bio_nread() | ||
| 224 | * or just bio_nread(), read from buffer) | ||
| 225 | */ | ||
| 226 | /* WARNING: The non-copying interface is largely untested as of yet | ||
| 227 | * and may contain bugs. */ | ||
| 228 | static ssize_t bio_nread0(BIO *bio, char **buf) | ||
| 229 | { | ||
| 230 | struct bio_bio_st *b, *peer_b; | ||
| 231 | ssize_t num; | ||
| 232 | |||
| 233 | BIO_clear_retry_flags(bio); | ||
| 234 | |||
| 235 | if (!bio->init) | ||
| 236 | return 0; | ||
| 237 | |||
| 238 | b = bio->ptr; | ||
| 239 | assert(b != NULL); | ||
| 240 | assert(b->peer != NULL); | ||
| 241 | peer_b = b->peer->ptr; | ||
| 242 | assert(peer_b != NULL); | ||
| 243 | assert(peer_b->buf != NULL); | ||
| 244 | |||
| 245 | peer_b->request = 0; | ||
| 246 | |||
| 247 | if (peer_b->len == 0) | ||
| 248 | { | ||
| 249 | char dummy; | ||
| 250 | |||
| 251 | /* avoid code duplication -- nothing available for reading */ | ||
| 252 | return bio_read(bio, &dummy, 1); /* returns 0 or -1 */ | ||
| 253 | } | ||
| 254 | |||
| 255 | num = peer_b->len; | ||
| 256 | if (peer_b->size < peer_b->offset + num) | ||
| 257 | /* no ring buffer wrap-around for non-copying interface */ | ||
| 258 | num = peer_b->size - peer_b->offset; | ||
| 259 | assert(num > 0); | ||
| 260 | |||
| 261 | if (buf != NULL) | ||
| 262 | *buf = peer_b->buf + peer_b->offset; | ||
| 263 | return num; | ||
| 264 | } | ||
| 265 | |||
| 266 | static ssize_t bio_nread(BIO *bio, char **buf, size_t num_) | ||
| 267 | { | ||
| 268 | struct bio_bio_st *b, *peer_b; | ||
| 269 | ssize_t num, available; | ||
| 270 | |||
| 271 | if (num_ > SSIZE_MAX) | ||
| 272 | num = SSIZE_MAX; | ||
| 273 | else | ||
| 274 | num = (ssize_t)num_; | ||
| 275 | |||
| 276 | available = bio_nread0(bio, buf); | ||
| 277 | if (num > available) | ||
| 278 | num = available; | ||
| 279 | if (num <= 0) | ||
| 280 | return num; | ||
| 281 | |||
| 282 | b = bio->ptr; | ||
| 283 | peer_b = b->peer->ptr; | ||
| 284 | |||
| 285 | peer_b->len -= num; | ||
| 286 | if (peer_b->len) | ||
| 287 | { | ||
| 288 | peer_b->offset += num; | ||
| 289 | assert(peer_b->offset <= peer_b->size); | ||
| 290 | if (peer_b->offset == peer_b->size) | ||
| 291 | peer_b->offset = 0; | ||
| 292 | } | ||
| 293 | else | ||
| 294 | peer_b->offset = 0; | ||
| 295 | |||
| 296 | return num; | ||
| 297 | } | ||
| 298 | |||
| 299 | |||
| 300 | static int bio_write(BIO *bio, const char *buf, int num_) | ||
| 199 | { | 301 | { |
| 200 | size_t num = num_; | 302 | size_t num = num_; |
| 201 | size_t rest; | 303 | size_t rest; |
| @@ -268,6 +370,83 @@ static int bio_write(BIO *bio, char *buf, int num_) | |||
| 268 | return num; | 370 | return num; |
| 269 | } | 371 | } |
| 270 | 372 | ||
| 373 | /* non-copying interface: provide pointer to region to write to | ||
| 374 | * bio_nwrite0: check how much space is available | ||
| 375 | * bio_nwrite: also increase length | ||
| 376 | * (example usage: bio_nwrite0(), write to buffer, bio_nwrite() | ||
| 377 | * or just bio_nwrite(), write to buffer) | ||
| 378 | */ | ||
| 379 | static ssize_t bio_nwrite0(BIO *bio, char **buf) | ||
| 380 | { | ||
| 381 | struct bio_bio_st *b; | ||
| 382 | size_t num; | ||
| 383 | size_t write_offset; | ||
| 384 | |||
| 385 | BIO_clear_retry_flags(bio); | ||
| 386 | |||
| 387 | if (!bio->init) | ||
| 388 | return 0; | ||
| 389 | |||
| 390 | b = bio->ptr; | ||
| 391 | assert(b != NULL); | ||
| 392 | assert(b->peer != NULL); | ||
| 393 | assert(b->buf != NULL); | ||
| 394 | |||
| 395 | b->request = 0; | ||
| 396 | if (b->closed) | ||
| 397 | { | ||
| 398 | BIOerr(BIO_F_BIO_NWRITE0, BIO_R_BROKEN_PIPE); | ||
| 399 | return -1; | ||
| 400 | } | ||
| 401 | |||
| 402 | assert(b->len <= b->size); | ||
| 403 | |||
| 404 | if (b->len == b->size) | ||
| 405 | { | ||
| 406 | BIO_set_retry_write(bio); | ||
| 407 | return -1; | ||
| 408 | } | ||
| 409 | |||
| 410 | num = b->size - b->len; | ||
| 411 | write_offset = b->offset + b->len; | ||
| 412 | if (write_offset >= b->size) | ||
| 413 | write_offset -= b->size; | ||
| 414 | if (write_offset + num > b->size) | ||
| 415 | /* no ring buffer wrap-around for non-copying interface | ||
| 416 | * (to fulfil the promise by BIO_ctrl_get_write_guarantee, | ||
| 417 | * BIO_nwrite may have to be called twice) */ | ||
| 418 | num = b->size - write_offset; | ||
| 419 | |||
| 420 | if (buf != NULL) | ||
| 421 | *buf = b->buf + write_offset; | ||
| 422 | assert(write_offset + num <= b->size); | ||
| 423 | |||
| 424 | return num; | ||
| 425 | } | ||
| 426 | |||
| 427 | static ssize_t bio_nwrite(BIO *bio, char **buf, size_t num_) | ||
| 428 | { | ||
| 429 | struct bio_bio_st *b; | ||
| 430 | ssize_t num, space; | ||
| 431 | |||
| 432 | if (num_ > SSIZE_MAX) | ||
| 433 | num = SSIZE_MAX; | ||
| 434 | else | ||
| 435 | num = (ssize_t)num_; | ||
| 436 | |||
| 437 | space = bio_nwrite0(bio, buf); | ||
| 438 | if (num > space) | ||
| 439 | num = space; | ||
| 440 | if (num <= 0) | ||
| 441 | return num; | ||
| 442 | b = bio->ptr; | ||
| 443 | assert(b != NULL); | ||
| 444 | b->len += num; | ||
| 445 | assert(b->len <= b->size); | ||
| 446 | |||
| 447 | return num; | ||
| 448 | } | ||
| 449 | |||
| 271 | 450 | ||
| 272 | static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | 451 | static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) |
| 273 | { | 452 | { |
| @@ -299,7 +478,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | |||
| 299 | { | 478 | { |
| 300 | if (b->buf) | 479 | if (b->buf) |
| 301 | { | 480 | { |
| 302 | Free(b->buf); | 481 | OPENSSL_free(b->buf); |
| 303 | b->buf = NULL; | 482 | b->buf = NULL; |
| 304 | } | 483 | } |
| 305 | b->size = new_size; | 484 | b->size = new_size; |
| @@ -309,7 +488,8 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | |||
| 309 | break; | 488 | break; |
| 310 | 489 | ||
| 311 | case BIO_C_GET_WRITE_BUF_SIZE: | 490 | case BIO_C_GET_WRITE_BUF_SIZE: |
| 312 | num = (long) b->size; | 491 | ret = (long) b->size; |
| 492 | break; | ||
| 313 | 493 | ||
| 314 | case BIO_C_MAKE_BIO_PAIR: | 494 | case BIO_C_MAKE_BIO_PAIR: |
| 315 | { | 495 | { |
| @@ -331,7 +511,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | |||
| 331 | 511 | ||
| 332 | case BIO_C_GET_WRITE_GUARANTEE: | 512 | case BIO_C_GET_WRITE_GUARANTEE: |
| 333 | /* How many bytes can the caller feed to the next write | 513 | /* How many bytes can the caller feed to the next write |
| 334 | * withouth having to keep any? */ | 514 | * without having to keep any? */ |
| 335 | if (b->peer == NULL || b->closed) | 515 | if (b->peer == NULL || b->closed) |
| 336 | ret = 0; | 516 | ret = 0; |
| 337 | else | 517 | else |
| @@ -339,18 +519,47 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | |||
| 339 | break; | 519 | break; |
| 340 | 520 | ||
| 341 | case BIO_C_GET_READ_REQUEST: | 521 | case BIO_C_GET_READ_REQUEST: |
| 342 | /* If the peer unsuccesfully tried to read, how many bytes | 522 | /* If the peer unsuccessfully tried to read, how many bytes |
| 343 | * were requested? (As with BIO_CTRL_PENDING, that number | 523 | * were requested? (As with BIO_CTRL_PENDING, that number |
| 344 | * can usually be treated as boolean.) */ | 524 | * can usually be treated as boolean.) */ |
| 345 | ret = (long) b->request; | 525 | ret = (long) b->request; |
| 346 | break; | 526 | break; |
| 347 | 527 | ||
| 528 | case BIO_C_RESET_READ_REQUEST: | ||
| 529 | /* Reset request. (Can be useful after read attempts | ||
| 530 | * at the other side that are meant to be non-blocking, | ||
| 531 | * e.g. when probing SSL_read to see if any data is | ||
| 532 | * available.) */ | ||
| 533 | b->request = 0; | ||
| 534 | ret = 1; | ||
| 535 | break; | ||
| 536 | |||
| 348 | case BIO_C_SHUTDOWN_WR: | 537 | case BIO_C_SHUTDOWN_WR: |
| 349 | /* similar to shutdown(..., SHUT_WR) */ | 538 | /* similar to shutdown(..., SHUT_WR) */ |
| 350 | b->closed = 1; | 539 | b->closed = 1; |
| 351 | ret = 1; | 540 | ret = 1; |
| 352 | break; | 541 | break; |
| 353 | 542 | ||
| 543 | case BIO_C_NREAD0: | ||
| 544 | /* prepare for non-copying read */ | ||
| 545 | ret = (long) bio_nread0(bio, ptr); | ||
| 546 | break; | ||
| 547 | |||
| 548 | case BIO_C_NREAD: | ||
| 549 | /* non-copying read */ | ||
| 550 | ret = (long) bio_nread(bio, ptr, (size_t) num); | ||
| 551 | break; | ||
| 552 | |||
| 553 | case BIO_C_NWRITE0: | ||
| 554 | /* prepare for non-copying write */ | ||
| 555 | ret = (long) bio_nwrite0(bio, ptr); | ||
| 556 | break; | ||
| 557 | |||
| 558 | case BIO_C_NWRITE: | ||
| 559 | /* non-copying write */ | ||
| 560 | ret = (long) bio_nwrite(bio, ptr, (size_t) num); | ||
| 561 | break; | ||
| 562 | |||
| 354 | 563 | ||
| 355 | /* standard CTRL codes follow */ | 564 | /* standard CTRL codes follow */ |
| 356 | 565 | ||
| @@ -434,7 +643,7 @@ static long bio_ctrl(BIO *bio, int cmd, long num, void *ptr) | |||
| 434 | return ret; | 643 | return ret; |
| 435 | } | 644 | } |
| 436 | 645 | ||
| 437 | static int bio_puts(BIO *bio, char *str) | 646 | static int bio_puts(BIO *bio, const char *str) |
| 438 | { | 647 | { |
| 439 | return bio_write(bio, str, strlen(str)); | 648 | return bio_write(bio, str, strlen(str)); |
| 440 | } | 649 | } |
| @@ -458,7 +667,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2) | |||
| 458 | 667 | ||
| 459 | if (b1->buf == NULL) | 668 | if (b1->buf == NULL) |
| 460 | { | 669 | { |
| 461 | b1->buf = Malloc(b1->size); | 670 | b1->buf = OPENSSL_malloc(b1->size); |
| 462 | if (b1->buf == NULL) | 671 | if (b1->buf == NULL) |
| 463 | { | 672 | { |
| 464 | BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); | 673 | BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); |
| @@ -470,7 +679,7 @@ static int bio_make_pair(BIO *bio1, BIO *bio2) | |||
| 470 | 679 | ||
| 471 | if (b2->buf == NULL) | 680 | if (b2->buf == NULL) |
| 472 | { | 681 | { |
| 473 | b2->buf = Malloc(b2->size); | 682 | b2->buf = OPENSSL_malloc(b2->size); |
| 474 | if (b2->buf == NULL) | 683 | if (b2->buf == NULL) |
| 475 | { | 684 | { |
| 476 | BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); | 685 | BIOerr(BIO_F_BIO_MAKE_PAIR, ERR_R_MALLOC_FAILURE); |
| @@ -586,3 +795,78 @@ size_t BIO_ctrl_get_read_request(BIO *bio) | |||
| 586 | { | 795 | { |
| 587 | return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); | 796 | return BIO_ctrl(bio, BIO_C_GET_READ_REQUEST, 0, NULL); |
| 588 | } | 797 | } |
| 798 | |||
| 799 | int BIO_ctrl_reset_read_request(BIO *bio) | ||
| 800 | { | ||
| 801 | return (BIO_ctrl(bio, BIO_C_RESET_READ_REQUEST, 0, NULL) != 0); | ||
| 802 | } | ||
| 803 | |||
| 804 | |||
| 805 | /* BIO_nread0/nread/nwrite0/nwrite are available only for BIO pairs for now | ||
| 806 | * (conceivably some other BIOs could allow non-copying reads and writes too.) | ||
| 807 | */ | ||
| 808 | int BIO_nread0(BIO *bio, char **buf) | ||
| 809 | { | ||
| 810 | long ret; | ||
| 811 | |||
| 812 | if (!bio->init) | ||
| 813 | { | ||
| 814 | BIOerr(BIO_F_BIO_NREAD0, BIO_R_UNINITIALIZED); | ||
| 815 | return -2; | ||
| 816 | } | ||
| 817 | |||
| 818 | ret = BIO_ctrl(bio, BIO_C_NREAD0, 0, buf); | ||
| 819 | if (ret > INT_MAX) | ||
| 820 | return INT_MAX; | ||
| 821 | else | ||
| 822 | return (int) ret; | ||
| 823 | } | ||
| 824 | |||
| 825 | int BIO_nread(BIO *bio, char **buf, int num) | ||
| 826 | { | ||
| 827 | int ret; | ||
| 828 | |||
| 829 | if (!bio->init) | ||
| 830 | { | ||
| 831 | BIOerr(BIO_F_BIO_NREAD, BIO_R_UNINITIALIZED); | ||
| 832 | return -2; | ||
| 833 | } | ||
| 834 | |||
| 835 | ret = (int) BIO_ctrl(bio, BIO_C_NREAD, num, buf); | ||
| 836 | if (ret > 0) | ||
| 837 | bio->num_read += ret; | ||
| 838 | return ret; | ||
| 839 | } | ||
| 840 | |||
| 841 | int BIO_nwrite0(BIO *bio, char **buf) | ||
| 842 | { | ||
| 843 | long ret; | ||
| 844 | |||
| 845 | if (!bio->init) | ||
| 846 | { | ||
| 847 | BIOerr(BIO_F_BIO_NWRITE0, BIO_R_UNINITIALIZED); | ||
| 848 | return -2; | ||
| 849 | } | ||
| 850 | |||
| 851 | ret = BIO_ctrl(bio, BIO_C_NWRITE0, 0, buf); | ||
| 852 | if (ret > INT_MAX) | ||
| 853 | return INT_MAX; | ||
| 854 | else | ||
| 855 | return (int) ret; | ||
| 856 | } | ||
| 857 | |||
| 858 | int BIO_nwrite(BIO *bio, char **buf, int num) | ||
| 859 | { | ||
| 860 | int ret; | ||
| 861 | |||
| 862 | if (!bio->init) | ||
| 863 | { | ||
| 864 | BIOerr(BIO_F_BIO_NWRITE, BIO_R_UNINITIALIZED); | ||
| 865 | return -2; | ||
| 866 | } | ||
| 867 | |||
| 868 | ret = BIO_ctrl(bio, BIO_C_NWRITE, num, buf); | ||
| 869 | if (ret > 0) | ||
| 870 | bio->num_read += ret; | ||
| 871 | return ret; | ||
| 872 | } | ||
diff --git a/src/lib/libcrypto/bio/bss_conn.c b/src/lib/libcrypto/bio/bss_conn.c index 6e547bf866..f91ae4c8c6 100644 --- a/src/lib/libcrypto/bio/bss_conn.c +++ b/src/lib/libcrypto/bio/bss_conn.c | |||
| @@ -56,22 +56,26 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_SOCK | 59 | #ifndef OPENSSL_NO_SOCK |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <errno.h> | 62 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 63 | #define USE_SOCKETS |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include "bio.h" | 65 | #include <openssl/bio.h> |
| 66 | 66 | ||
| 67 | /* BIOerr(BIO_F_WSASTARTUP,BIO_R_WSASTARTUP ); */ | 67 | #ifdef OPENSSL_SYS_WIN16 |
| 68 | |||
| 69 | #ifdef WIN16 | ||
| 70 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ | 68 | #define SOCKET_PROTOCOL 0 /* more microsoft stupidity */ |
| 71 | #else | 69 | #else |
| 72 | #define SOCKET_PROTOCOL IPPROTO_TCP | 70 | #define SOCKET_PROTOCOL IPPROTO_TCP |
| 73 | #endif | 71 | #endif |
| 74 | 72 | ||
| 73 | #if (defined(OPENSSL_SYS_VMS) && __VMS_VER < 70000000) | ||
| 74 | /* FIONBIO used as a switch to enable ioctl, and that isn't in VMS < 7.0 */ | ||
| 75 | #undef FIONBIO | ||
| 76 | #endif | ||
| 77 | |||
| 78 | |||
| 75 | typedef struct bio_connect_st | 79 | typedef struct bio_connect_st |
| 76 | { | 80 | { |
| 77 | int state; | 81 | int state; |
| @@ -81,52 +85,32 @@ typedef struct bio_connect_st | |||
| 81 | int nbio; | 85 | int nbio; |
| 82 | 86 | ||
| 83 | unsigned char ip[4]; | 87 | unsigned char ip[4]; |
| 84 | short port; | 88 | unsigned short port; |
| 85 | 89 | ||
| 86 | struct sockaddr_in them; | 90 | struct sockaddr_in them; |
| 87 | 91 | ||
| 88 | /* int socket; this will be kept in bio->num so that it is | 92 | /* int socket; this will be kept in bio->num so that it is |
| 89 | * compatable with the bss_sock bio */ | 93 | * compatible with the bss_sock bio */ |
| 90 | int error; | ||
| 91 | 94 | ||
| 92 | /* called when the connection is initially made | 95 | /* called when the connection is initially made |
| 93 | * callback(BIO,state,ret); The callback should return | 96 | * callback(BIO,state,ret); The callback should return |
| 94 | * 'ret'. state is for compatablity with the ssl info_callback */ | 97 | * 'ret'. state is for compatibility with the ssl info_callback */ |
| 95 | int (*info_callback)(); | 98 | int (*info_callback)(const BIO *bio,int state,int ret); |
| 96 | } BIO_CONNECT; | 99 | } BIO_CONNECT; |
| 97 | 100 | ||
| 98 | #ifndef NOPROTO | 101 | static int conn_write(BIO *h, const char *buf, int num); |
| 99 | static int conn_write(BIO *h,char *buf,int num); | 102 | static int conn_read(BIO *h, char *buf, int size); |
| 100 | static int conn_read(BIO *h,char *buf,int size); | 103 | static int conn_puts(BIO *h, const char *str); |
| 101 | static int conn_puts(BIO *h,char *str); | 104 | static long conn_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 102 | static long conn_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 103 | static int conn_new(BIO *h); | 105 | static int conn_new(BIO *h); |
| 104 | static int conn_free(BIO *data); | 106 | static int conn_free(BIO *data); |
| 105 | #else | 107 | static long conn_callback_ctrl(BIO *h, int cmd, bio_info_cb *); |
| 106 | static int conn_write(); | ||
| 107 | static int conn_read(); | ||
| 108 | static int conn_puts(); | ||
| 109 | static long conn_ctrl(); | ||
| 110 | static int conn_new(); | ||
| 111 | static int conn_free(); | ||
| 112 | #endif | ||
| 113 | |||
| 114 | #ifndef NOPROTO | ||
| 115 | 108 | ||
| 116 | static int conn_state(BIO *b, BIO_CONNECT *c); | 109 | static int conn_state(BIO *b, BIO_CONNECT *c); |
| 117 | static void conn_close_socket(BIO *data); | 110 | static void conn_close_socket(BIO *data); |
| 118 | BIO_CONNECT *BIO_CONNECT_new(void ); | 111 | BIO_CONNECT *BIO_CONNECT_new(void ); |
| 119 | void BIO_CONNECT_free(BIO_CONNECT *a); | 112 | void BIO_CONNECT_free(BIO_CONNECT *a); |
| 120 | 113 | ||
| 121 | #else | ||
| 122 | |||
| 123 | static int conn_state(); | ||
| 124 | static void conn_close_socket(); | ||
| 125 | BIO_CONNECT *BIO_CONNECT_new(); | ||
| 126 | void BIO_CONNECT_free(); | ||
| 127 | |||
| 128 | #endif | ||
| 129 | |||
| 130 | static BIO_METHOD methods_connectp= | 114 | static BIO_METHOD methods_connectp= |
| 131 | { | 115 | { |
| 132 | BIO_TYPE_CONNECT, | 116 | BIO_TYPE_CONNECT, |
| @@ -138,11 +122,10 @@ static BIO_METHOD methods_connectp= | |||
| 138 | conn_ctrl, | 122 | conn_ctrl, |
| 139 | conn_new, | 123 | conn_new, |
| 140 | conn_free, | 124 | conn_free, |
| 125 | conn_callback_ctrl, | ||
| 141 | }; | 126 | }; |
| 142 | 127 | ||
| 143 | static int conn_state(b,c) | 128 | static int conn_state(BIO *b, BIO_CONNECT *c) |
| 144 | BIO *b; | ||
| 145 | BIO_CONNECT *c; | ||
| 146 | { | 129 | { |
| 147 | int ret= -1,i; | 130 | int ret= -1,i; |
| 148 | unsigned long l; | 131 | unsigned long l; |
| @@ -160,7 +143,7 @@ BIO_CONNECT *c; | |||
| 160 | p=c->param_hostname; | 143 | p=c->param_hostname; |
| 161 | if (p == NULL) | 144 | if (p == NULL) |
| 162 | { | 145 | { |
| 163 | BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTHNAME_SPECIFIED); | 146 | BIOerr(BIO_F_CONN_STATE,BIO_R_NO_HOSTNAME_SPECIFIED); |
| 164 | goto exit_loop; | 147 | goto exit_loop; |
| 165 | } | 148 | } |
| 166 | for ( ; *p != '\0'; p++) | 149 | for ( ; *p != '\0'; p++) |
| @@ -182,12 +165,12 @@ BIO_CONNECT *c; | |||
| 182 | break; | 165 | break; |
| 183 | } | 166 | } |
| 184 | if (c->param_port != NULL) | 167 | if (c->param_port != NULL) |
| 185 | Free(c->param_port); | 168 | OPENSSL_free(c->param_port); |
| 186 | c->param_port=BUF_strdup(p); | 169 | c->param_port=BUF_strdup(p); |
| 187 | } | 170 | } |
| 188 | } | 171 | } |
| 189 | 172 | ||
| 190 | if (p == NULL) | 173 | if (c->param_port == NULL) |
| 191 | { | 174 | { |
| 192 | BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED); | 175 | BIOerr(BIO_F_CONN_STATE,BIO_R_NO_PORT_SPECIFIED); |
| 193 | ERR_add_error_data(2,"host=",c->param_hostname); | 176 | ERR_add_error_data(2,"host=",c->param_hostname); |
| @@ -203,7 +186,12 @@ BIO_CONNECT *c; | |||
| 203 | break; | 186 | break; |
| 204 | 187 | ||
| 205 | case BIO_CONN_S_GET_PORT: | 188 | case BIO_CONN_S_GET_PORT: |
| 206 | if (BIO_get_port(c->param_port,&c->port) <= 0) | 189 | if (c->param_port == NULL) |
| 190 | { | ||
| 191 | /* abort(); */ | ||
| 192 | goto exit_loop; | ||
| 193 | } | ||
| 194 | else if (BIO_get_port(c->param_port,&c->port) <= 0) | ||
| 207 | goto exit_loop; | 195 | goto exit_loop; |
| 208 | c->state=BIO_CONN_S_CREATE_SOCKET; | 196 | c->state=BIO_CONN_S_CREATE_SOCKET; |
| 209 | break; | 197 | break; |
| @@ -235,12 +223,9 @@ BIO_CONNECT *c; | |||
| 235 | break; | 223 | break; |
| 236 | 224 | ||
| 237 | case BIO_CONN_S_NBIO: | 225 | case BIO_CONN_S_NBIO: |
| 238 | #ifdef FIONBIO | ||
| 239 | if (c->nbio) | 226 | if (c->nbio) |
| 240 | { | 227 | { |
| 241 | l=1; | 228 | if (!BIO_socket_nbio(b->num,1)) |
| 242 | ret=BIO_socket_ioctl(b->num,FIONBIO,&l); | ||
| 243 | if (ret < 0) | ||
| 244 | { | 229 | { |
| 245 | BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO); | 230 | BIOerr(BIO_F_CONN_STATE,BIO_R_ERROR_SETTING_NBIO); |
| 246 | ERR_add_error_data(4,"host=", | 231 | ERR_add_error_data(4,"host=", |
| @@ -249,10 +234,9 @@ BIO_CONNECT *c; | |||
| 249 | goto exit_loop; | 234 | goto exit_loop; |
| 250 | } | 235 | } |
| 251 | } | 236 | } |
| 252 | #endif | ||
| 253 | c->state=BIO_CONN_S_CONNECT; | 237 | c->state=BIO_CONN_S_CONNECT; |
| 254 | 238 | ||
| 255 | #ifdef SO_KEEPALIVE | 239 | #if defined(SO_KEEPALIVE) && !defined(OPENSSL_SYS_MPE) |
| 256 | i=1; | 240 | i=1; |
| 257 | i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); | 241 | i=setsockopt(b->num,SOL_SOCKET,SO_KEEPALIVE,(char *)&i,sizeof(i)); |
| 258 | if (i < 0) | 242 | if (i < 0) |
| @@ -315,7 +299,7 @@ BIO_CONNECT *c; | |||
| 315 | ret=1; | 299 | ret=1; |
| 316 | goto exit_loop; | 300 | goto exit_loop; |
| 317 | default: | 301 | default: |
| 318 | abort(); | 302 | /* abort(); */ |
| 319 | goto exit_loop; | 303 | goto exit_loop; |
| 320 | } | 304 | } |
| 321 | 305 | ||
| @@ -326,21 +310,19 @@ BIO_CONNECT *c; | |||
| 326 | } | 310 | } |
| 327 | } | 311 | } |
| 328 | 312 | ||
| 329 | if (1) | 313 | /* Loop does not exit */ |
| 330 | { | ||
| 331 | exit_loop: | 314 | exit_loop: |
| 332 | if (cb != NULL) | 315 | if (cb != NULL) |
| 333 | ret=cb((BIO *)b,c->state,ret); | 316 | ret=cb((BIO *)b,c->state,ret); |
| 334 | } | ||
| 335 | end: | 317 | end: |
| 336 | return(ret); | 318 | return(ret); |
| 337 | } | 319 | } |
| 338 | 320 | ||
| 339 | BIO_CONNECT *BIO_CONNECT_new() | 321 | BIO_CONNECT *BIO_CONNECT_new(void) |
| 340 | { | 322 | { |
| 341 | BIO_CONNECT *ret; | 323 | BIO_CONNECT *ret; |
| 342 | 324 | ||
| 343 | if ((ret=(BIO_CONNECT *)Malloc(sizeof(BIO_CONNECT))) == NULL) | 325 | if ((ret=(BIO_CONNECT *)OPENSSL_malloc(sizeof(BIO_CONNECT))) == NULL) |
| 344 | return(NULL); | 326 | return(NULL); |
| 345 | ret->state=BIO_CONN_S_BEFORE; | 327 | ret->state=BIO_CONN_S_BEFORE; |
| 346 | ret->param_hostname=NULL; | 328 | ret->param_hostname=NULL; |
| @@ -353,27 +335,27 @@ BIO_CONNECT *BIO_CONNECT_new() | |||
| 353 | ret->ip[3]=0; | 335 | ret->ip[3]=0; |
| 354 | ret->port=0; | 336 | ret->port=0; |
| 355 | memset((char *)&ret->them,0,sizeof(ret->them)); | 337 | memset((char *)&ret->them,0,sizeof(ret->them)); |
| 356 | ret->error=0; | ||
| 357 | return(ret); | 338 | return(ret); |
| 358 | } | 339 | } |
| 359 | 340 | ||
| 360 | void BIO_CONNECT_free(a) | 341 | void BIO_CONNECT_free(BIO_CONNECT *a) |
| 361 | BIO_CONNECT *a; | ||
| 362 | { | 342 | { |
| 343 | if(a == NULL) | ||
| 344 | return; | ||
| 345 | |||
| 363 | if (a->param_hostname != NULL) | 346 | if (a->param_hostname != NULL) |
| 364 | Free(a->param_hostname); | 347 | OPENSSL_free(a->param_hostname); |
| 365 | if (a->param_port != NULL) | 348 | if (a->param_port != NULL) |
| 366 | Free(a->param_port); | 349 | OPENSSL_free(a->param_port); |
| 367 | Free(a); | 350 | OPENSSL_free(a); |
| 368 | } | 351 | } |
| 369 | 352 | ||
| 370 | BIO_METHOD *BIO_s_connect() | 353 | BIO_METHOD *BIO_s_connect(void) |
| 371 | { | 354 | { |
| 372 | return(&methods_connectp); | 355 | return(&methods_connectp); |
| 373 | } | 356 | } |
| 374 | 357 | ||
| 375 | static int conn_new(bi) | 358 | static int conn_new(BIO *bi) |
| 376 | BIO *bi; | ||
| 377 | { | 359 | { |
| 378 | bi->init=0; | 360 | bi->init=0; |
| 379 | bi->num=INVALID_SOCKET; | 361 | bi->num=INVALID_SOCKET; |
| @@ -384,8 +366,7 @@ BIO *bi; | |||
| 384 | return(1); | 366 | return(1); |
| 385 | } | 367 | } |
| 386 | 368 | ||
| 387 | static void conn_close_socket(bio) | 369 | static void conn_close_socket(BIO *bio) |
| 388 | BIO *bio; | ||
| 389 | { | 370 | { |
| 390 | BIO_CONNECT *c; | 371 | BIO_CONNECT *c; |
| 391 | 372 | ||
| @@ -395,17 +376,12 @@ BIO *bio; | |||
| 395 | /* Only do a shutdown if things were established */ | 376 | /* Only do a shutdown if things were established */ |
| 396 | if (c->state == BIO_CONN_S_OK) | 377 | if (c->state == BIO_CONN_S_OK) |
| 397 | shutdown(bio->num,2); | 378 | shutdown(bio->num,2); |
| 398 | # ifdef WINDOWS | ||
| 399 | closesocket(bio->num); | 379 | closesocket(bio->num); |
| 400 | # else | ||
| 401 | close(bio->num); | ||
| 402 | # endif | ||
| 403 | bio->num=INVALID_SOCKET; | 380 | bio->num=INVALID_SOCKET; |
| 404 | } | 381 | } |
| 405 | } | 382 | } |
| 406 | 383 | ||
| 407 | static int conn_free(a) | 384 | static int conn_free(BIO *a) |
| 408 | BIO *a; | ||
| 409 | { | 385 | { |
| 410 | BIO_CONNECT *data; | 386 | BIO_CONNECT *data; |
| 411 | 387 | ||
| @@ -423,10 +399,7 @@ BIO *a; | |||
| 423 | return(1); | 399 | return(1); |
| 424 | } | 400 | } |
| 425 | 401 | ||
| 426 | static int conn_read(b,out,outl) | 402 | static int conn_read(BIO *b, char *out, int outl) |
| 427 | BIO *b; | ||
| 428 | char *out; | ||
| 429 | int outl; | ||
| 430 | { | 403 | { |
| 431 | int ret=0; | 404 | int ret=0; |
| 432 | BIO_CONNECT *data; | 405 | BIO_CONNECT *data; |
| @@ -442,11 +415,7 @@ int outl; | |||
| 442 | if (out != NULL) | 415 | if (out != NULL) |
| 443 | { | 416 | { |
| 444 | clear_socket_error(); | 417 | clear_socket_error(); |
| 445 | #if defined(WINDOWS) | 418 | ret=readsocket(b->num,out,outl); |
| 446 | ret=recv(b->num,out,outl,0); | ||
| 447 | #else | ||
| 448 | ret=read(b->num,out,outl); | ||
| 449 | #endif | ||
| 450 | BIO_clear_retry_flags(b); | 419 | BIO_clear_retry_flags(b); |
| 451 | if (ret <= 0) | 420 | if (ret <= 0) |
| 452 | { | 421 | { |
| @@ -457,10 +426,7 @@ int outl; | |||
| 457 | return(ret); | 426 | return(ret); |
| 458 | } | 427 | } |
| 459 | 428 | ||
| 460 | static int conn_write(b,in,inl) | 429 | static int conn_write(BIO *b, const char *in, int inl) |
| 461 | BIO *b; | ||
| 462 | char *in; | ||
| 463 | int inl; | ||
| 464 | { | 430 | { |
| 465 | int ret; | 431 | int ret; |
| 466 | BIO_CONNECT *data; | 432 | BIO_CONNECT *data; |
| @@ -473,11 +439,7 @@ int inl; | |||
| 473 | } | 439 | } |
| 474 | 440 | ||
| 475 | clear_socket_error(); | 441 | clear_socket_error(); |
| 476 | #if defined(WINDOWS) | 442 | ret=writesocket(b->num,in,inl); |
| 477 | ret=send(b->num,in,inl,0); | ||
| 478 | #else | ||
| 479 | ret=write(b->num,in,inl); | ||
| 480 | #endif | ||
| 481 | BIO_clear_retry_flags(b); | 443 | BIO_clear_retry_flags(b); |
| 482 | if (ret <= 0) | 444 | if (ret <= 0) |
| 483 | { | 445 | { |
| @@ -487,15 +449,11 @@ int inl; | |||
| 487 | return(ret); | 449 | return(ret); |
| 488 | } | 450 | } |
| 489 | 451 | ||
| 490 | static long conn_ctrl(b,cmd,num,ptr) | 452 | static long conn_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 491 | BIO *b; | ||
| 492 | int cmd; | ||
| 493 | long num; | ||
| 494 | char *ptr; | ||
| 495 | { | 453 | { |
| 496 | BIO *dbio; | 454 | BIO *dbio; |
| 497 | int *ip; | 455 | int *ip; |
| 498 | char **pptr; | 456 | const char **pptr; |
| 499 | long ret=1; | 457 | long ret=1; |
| 500 | BIO_CONNECT *data; | 458 | BIO_CONNECT *data; |
| 501 | 459 | ||
| @@ -519,7 +477,7 @@ char *ptr; | |||
| 519 | case BIO_C_GET_CONNECT: | 477 | case BIO_C_GET_CONNECT: |
| 520 | if (ptr != NULL) | 478 | if (ptr != NULL) |
| 521 | { | 479 | { |
| 522 | pptr=(char **)ptr; | 480 | pptr=(const char **)ptr; |
| 523 | if (num == 0) | 481 | if (num == 0) |
| 524 | { | 482 | { |
| 525 | *pptr=data->param_hostname; | 483 | *pptr=data->param_hostname; |
| @@ -538,7 +496,7 @@ char *ptr; | |||
| 538 | *((int *)ptr)=data->port; | 496 | *((int *)ptr)=data->port; |
| 539 | } | 497 | } |
| 540 | if ((!b->init) || (ptr == NULL)) | 498 | if ((!b->init) || (ptr == NULL)) |
| 541 | *pptr="not initalised"; | 499 | *pptr="not initialized"; |
| 542 | ret=1; | 500 | ret=1; |
| 543 | } | 501 | } |
| 544 | break; | 502 | break; |
| @@ -549,19 +507,37 @@ char *ptr; | |||
| 549 | if (num == 0) | 507 | if (num == 0) |
| 550 | { | 508 | { |
| 551 | if (data->param_hostname != NULL) | 509 | if (data->param_hostname != NULL) |
| 552 | Free(data->param_hostname); | 510 | OPENSSL_free(data->param_hostname); |
| 553 | data->param_hostname=BUF_strdup(ptr); | 511 | data->param_hostname=BUF_strdup(ptr); |
| 554 | } | 512 | } |
| 555 | else if (num == 1) | 513 | else if (num == 1) |
| 556 | { | 514 | { |
| 557 | if (data->param_port != NULL) | 515 | if (data->param_port != NULL) |
| 558 | Free(data->param_port); | 516 | OPENSSL_free(data->param_port); |
| 559 | data->param_port=BUF_strdup(ptr); | 517 | data->param_port=BUF_strdup(ptr); |
| 560 | } | 518 | } |
| 561 | else if (num == 2) | 519 | else if (num == 2) |
| 562 | memcpy(data->ip,ptr,4); | 520 | { |
| 521 | char buf[16]; | ||
| 522 | char *p = ptr; | ||
| 523 | |||
| 524 | sprintf(buf,"%d.%d.%d.%d", | ||
| 525 | p[0],p[1],p[2],p[3]); | ||
| 526 | if (data->param_hostname != NULL) | ||
| 527 | OPENSSL_free(data->param_hostname); | ||
| 528 | data->param_hostname=BUF_strdup(buf); | ||
| 529 | memcpy(&(data->ip[0]),ptr,4); | ||
| 530 | } | ||
| 563 | else if (num == 3) | 531 | else if (num == 3) |
| 532 | { | ||
| 533 | char buf[16]; | ||
| 534 | |||
| 535 | sprintf(buf,"%d",*(int *)ptr); | ||
| 536 | if (data->param_port != NULL) | ||
| 537 | OPENSSL_free(data->param_port); | ||
| 538 | data->param_port=BUF_strdup(buf); | ||
| 564 | data->port= *(int *)ptr; | 539 | data->port= *(int *)ptr; |
| 540 | } | ||
| 565 | } | 541 | } |
| 566 | break; | 542 | break; |
| 567 | case BIO_C_SET_NBIO: | 543 | case BIO_C_SET_NBIO: |
| @@ -591,16 +567,26 @@ char *ptr; | |||
| 591 | case BIO_CTRL_FLUSH: | 567 | case BIO_CTRL_FLUSH: |
| 592 | break; | 568 | break; |
| 593 | case BIO_CTRL_DUP: | 569 | case BIO_CTRL_DUP: |
| 570 | { | ||
| 594 | dbio=(BIO *)ptr; | 571 | dbio=(BIO *)ptr; |
| 595 | if (data->param_port) | 572 | if (data->param_port) |
| 596 | BIO_set_conn_port(dbio,data->param_port); | 573 | BIO_set_conn_port(dbio,data->param_port); |
| 597 | if (data->param_hostname) | 574 | if (data->param_hostname) |
| 598 | BIO_set_conn_hostname(dbio,data->param_hostname); | 575 | BIO_set_conn_hostname(dbio,data->param_hostname); |
| 599 | BIO_set_nbio(dbio,data->nbio); | 576 | BIO_set_nbio(dbio,data->nbio); |
| 600 | BIO_set_info_callback(dbio,data->info_callback); | 577 | /* FIXME: the cast of the function seems unlikely to be a good idea */ |
| 578 | (void)BIO_set_info_callback(dbio,(bio_info_cb *)data->info_callback); | ||
| 579 | } | ||
| 601 | break; | 580 | break; |
| 602 | case BIO_CTRL_SET_CALLBACK: | 581 | case BIO_CTRL_SET_CALLBACK: |
| 603 | data->info_callback=(int (*)())ptr; | 582 | { |
| 583 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ | ||
| 584 | BIOerr(BIO_F_CONN_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 585 | ret = -1; | ||
| 586 | #else | ||
| 587 | ret=0; | ||
| 588 | #endif | ||
| 589 | } | ||
| 604 | break; | 590 | break; |
| 605 | case BIO_CTRL_GET_CALLBACK: | 591 | case BIO_CTRL_GET_CALLBACK: |
| 606 | { | 592 | { |
| @@ -617,9 +603,28 @@ char *ptr; | |||
| 617 | return(ret); | 603 | return(ret); |
| 618 | } | 604 | } |
| 619 | 605 | ||
| 620 | static int conn_puts(bp,str) | 606 | static long conn_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 621 | BIO *bp; | 607 | { |
| 622 | char *str; | 608 | long ret=1; |
| 609 | BIO_CONNECT *data; | ||
| 610 | |||
| 611 | data=(BIO_CONNECT *)b->ptr; | ||
| 612 | |||
| 613 | switch (cmd) | ||
| 614 | { | ||
| 615 | case BIO_CTRL_SET_CALLBACK: | ||
| 616 | { | ||
| 617 | data->info_callback=(int (*)(const struct bio_st *, int, int))fp; | ||
| 618 | } | ||
| 619 | break; | ||
| 620 | default: | ||
| 621 | ret=0; | ||
| 622 | break; | ||
| 623 | } | ||
| 624 | return(ret); | ||
| 625 | } | ||
| 626 | |||
| 627 | static int conn_puts(BIO *bp, const char *str) | ||
| 623 | { | 628 | { |
| 624 | int n,ret; | 629 | int n,ret; |
| 625 | 630 | ||
| @@ -628,8 +633,7 @@ char *str; | |||
| 628 | return(ret); | 633 | return(ret); |
| 629 | } | 634 | } |
| 630 | 635 | ||
| 631 | BIO *BIO_new_connect(str) | 636 | BIO *BIO_new_connect(char *str) |
| 632 | char *str; | ||
| 633 | { | 637 | { |
| 634 | BIO *ret; | 638 | BIO *ret; |
| 635 | 639 | ||
diff --git a/src/lib/libcrypto/bio/bss_fd.c b/src/lib/libcrypto/bio/bss_fd.c index 686c4909a2..5e3e187de6 100644 --- a/src/lib/libcrypto/bio/bss_fd.c +++ b/src/lib/libcrypto/bio/bss_fd.c | |||
| @@ -56,7 +56,227 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #define BIO_FD | 59 | #include <stdio.h> |
| 60 | #include "bss_sock.c" | 60 | #include <errno.h> |
| 61 | #undef BIO_FD | 61 | #define USE_SOCKETS |
| 62 | #include "cryptlib.h" | ||
| 63 | #include <openssl/bio.h> | ||
| 62 | 64 | ||
| 65 | static int fd_write(BIO *h, const char *buf, int num); | ||
| 66 | static int fd_read(BIO *h, char *buf, int size); | ||
| 67 | static int fd_puts(BIO *h, const char *str); | ||
| 68 | static long fd_ctrl(BIO *h, int cmd, long arg1, void *arg2); | ||
| 69 | static int fd_new(BIO *h); | ||
| 70 | static int fd_free(BIO *data); | ||
| 71 | int BIO_fd_should_retry(int s); | ||
| 72 | |||
| 73 | static BIO_METHOD methods_fdp= | ||
| 74 | { | ||
| 75 | BIO_TYPE_FD,"file descriptor", | ||
| 76 | fd_write, | ||
| 77 | fd_read, | ||
| 78 | fd_puts, | ||
| 79 | NULL, /* fd_gets, */ | ||
| 80 | fd_ctrl, | ||
| 81 | fd_new, | ||
| 82 | fd_free, | ||
| 83 | NULL, | ||
| 84 | }; | ||
| 85 | |||
| 86 | BIO_METHOD *BIO_s_fd(void) | ||
| 87 | { | ||
| 88 | return(&methods_fdp); | ||
| 89 | } | ||
| 90 | |||
| 91 | BIO *BIO_new_fd(int fd,int close_flag) | ||
| 92 | { | ||
| 93 | BIO *ret; | ||
| 94 | ret=BIO_new(BIO_s_fd()); | ||
| 95 | if (ret == NULL) return(NULL); | ||
| 96 | BIO_set_fd(ret,fd,close_flag); | ||
| 97 | return(ret); | ||
| 98 | } | ||
| 99 | |||
| 100 | static int fd_new(BIO *bi) | ||
| 101 | { | ||
| 102 | bi->init=0; | ||
| 103 | bi->num=0; | ||
| 104 | bi->ptr=NULL; | ||
| 105 | bi->flags=0; | ||
| 106 | return(1); | ||
| 107 | } | ||
| 108 | |||
| 109 | static int fd_free(BIO *a) | ||
| 110 | { | ||
| 111 | if (a == NULL) return(0); | ||
| 112 | if (a->shutdown) | ||
| 113 | { | ||
| 114 | if (a->init) | ||
| 115 | { | ||
| 116 | close(a->num); | ||
| 117 | } | ||
| 118 | a->init=0; | ||
| 119 | a->flags=0; | ||
| 120 | } | ||
| 121 | return(1); | ||
| 122 | } | ||
| 123 | |||
| 124 | static int fd_read(BIO *b, char *out,int outl) | ||
| 125 | { | ||
| 126 | int ret=0; | ||
| 127 | |||
| 128 | if (out != NULL) | ||
| 129 | { | ||
| 130 | clear_sys_error(); | ||
| 131 | ret=read(b->num,out,outl); | ||
| 132 | BIO_clear_retry_flags(b); | ||
| 133 | if (ret <= 0) | ||
| 134 | { | ||
| 135 | if (BIO_fd_should_retry(ret)) | ||
| 136 | BIO_set_retry_read(b); | ||
| 137 | } | ||
| 138 | } | ||
| 139 | return(ret); | ||
| 140 | } | ||
| 141 | |||
| 142 | static int fd_write(BIO *b, const char *in, int inl) | ||
| 143 | { | ||
| 144 | int ret; | ||
| 145 | clear_sys_error(); | ||
| 146 | ret=write(b->num,in,inl); | ||
| 147 | BIO_clear_retry_flags(b); | ||
| 148 | if (ret <= 0) | ||
| 149 | { | ||
| 150 | if (BIO_fd_should_retry(ret)) | ||
| 151 | BIO_set_retry_write(b); | ||
| 152 | } | ||
| 153 | return(ret); | ||
| 154 | } | ||
| 155 | |||
| 156 | static long fd_ctrl(BIO *b, int cmd, long num, void *ptr) | ||
| 157 | { | ||
| 158 | long ret=1; | ||
| 159 | int *ip; | ||
| 160 | |||
| 161 | switch (cmd) | ||
| 162 | { | ||
| 163 | case BIO_CTRL_RESET: | ||
| 164 | num=0; | ||
| 165 | case BIO_C_FILE_SEEK: | ||
| 166 | ret=(long)lseek(b->num,num,0); | ||
| 167 | break; | ||
| 168 | case BIO_C_FILE_TELL: | ||
| 169 | case BIO_CTRL_INFO: | ||
| 170 | ret=(long)lseek(b->num,0,1); | ||
| 171 | break; | ||
| 172 | case BIO_C_SET_FD: | ||
| 173 | fd_free(b); | ||
| 174 | b->num= *((int *)ptr); | ||
| 175 | b->shutdown=(int)num; | ||
| 176 | b->init=1; | ||
| 177 | break; | ||
| 178 | case BIO_C_GET_FD: | ||
| 179 | if (b->init) | ||
| 180 | { | ||
| 181 | ip=(int *)ptr; | ||
| 182 | if (ip != NULL) *ip=b->num; | ||
| 183 | ret=b->num; | ||
| 184 | } | ||
| 185 | else | ||
| 186 | ret= -1; | ||
| 187 | break; | ||
| 188 | case BIO_CTRL_GET_CLOSE: | ||
| 189 | ret=b->shutdown; | ||
| 190 | break; | ||
| 191 | case BIO_CTRL_SET_CLOSE: | ||
| 192 | b->shutdown=(int)num; | ||
| 193 | break; | ||
| 194 | case BIO_CTRL_PENDING: | ||
| 195 | case BIO_CTRL_WPENDING: | ||
| 196 | ret=0; | ||
| 197 | break; | ||
| 198 | case BIO_CTRL_DUP: | ||
| 199 | case BIO_CTRL_FLUSH: | ||
| 200 | ret=1; | ||
| 201 | break; | ||
| 202 | default: | ||
| 203 | ret=0; | ||
| 204 | break; | ||
| 205 | } | ||
| 206 | return(ret); | ||
| 207 | } | ||
| 208 | |||
| 209 | static int fd_puts(BIO *bp, const char *str) | ||
| 210 | { | ||
| 211 | int n,ret; | ||
| 212 | |||
| 213 | n=strlen(str); | ||
| 214 | ret=fd_write(bp,str,n); | ||
| 215 | return(ret); | ||
| 216 | } | ||
| 217 | |||
| 218 | int BIO_fd_should_retry(int i) | ||
| 219 | { | ||
| 220 | int err; | ||
| 221 | |||
| 222 | if ((i == 0) || (i == -1)) | ||
| 223 | { | ||
| 224 | err=get_last_sys_error(); | ||
| 225 | |||
| 226 | #if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ | ||
| 227 | if ((i == -1) && (err == 0)) | ||
| 228 | return(1); | ||
| 229 | #endif | ||
| 230 | |||
| 231 | return(BIO_fd_non_fatal_error(err)); | ||
| 232 | } | ||
| 233 | return(0); | ||
| 234 | } | ||
| 235 | |||
| 236 | int BIO_fd_non_fatal_error(int err) | ||
| 237 | { | ||
| 238 | switch (err) | ||
| 239 | { | ||
| 240 | |||
| 241 | #ifdef EWOULDBLOCK | ||
| 242 | # ifdef WSAEWOULDBLOCK | ||
| 243 | # if WSAEWOULDBLOCK != EWOULDBLOCK | ||
| 244 | case EWOULDBLOCK: | ||
| 245 | # endif | ||
| 246 | # else | ||
| 247 | case EWOULDBLOCK: | ||
| 248 | # endif | ||
| 249 | #endif | ||
| 250 | |||
| 251 | #if defined(ENOTCONN) | ||
| 252 | case ENOTCONN: | ||
| 253 | #endif | ||
| 254 | |||
| 255 | #ifdef EINTR | ||
| 256 | case EINTR: | ||
| 257 | #endif | ||
| 258 | |||
| 259 | #ifdef EAGAIN | ||
| 260 | #if EWOULDBLOCK != EAGAIN | ||
| 261 | case EAGAIN: | ||
| 262 | # endif | ||
| 263 | #endif | ||
| 264 | |||
| 265 | #ifdef EPROTO | ||
| 266 | case EPROTO: | ||
| 267 | #endif | ||
| 268 | |||
| 269 | #ifdef EINPROGRESS | ||
| 270 | case EINPROGRESS: | ||
| 271 | #endif | ||
| 272 | |||
| 273 | #ifdef EALREADY | ||
| 274 | case EALREADY: | ||
| 275 | #endif | ||
| 276 | return(1); | ||
| 277 | /* break; */ | ||
| 278 | default: | ||
| 279 | break; | ||
| 280 | } | ||
| 281 | return(0); | ||
| 282 | } | ||
diff --git a/src/lib/libcrypto/bio/bss_file.c b/src/lib/libcrypto/bio/bss_file.c index 1484cf849e..8b3ff278d9 100644 --- a/src/lib/libcrypto/bio/bss_file.c +++ b/src/lib/libcrypto/bio/bss_file.c | |||
| @@ -68,29 +68,18 @@ | |||
| 68 | #include <stdio.h> | 68 | #include <stdio.h> |
| 69 | #include <errno.h> | 69 | #include <errno.h> |
| 70 | #include "cryptlib.h" | 70 | #include "cryptlib.h" |
| 71 | #include "bio.h" | 71 | #include <openssl/bio.h> |
| 72 | #include "err.h" | 72 | #include <openssl/err.h> |
| 73 | 73 | ||
| 74 | #if !defined(NO_STDIO) | 74 | #if !defined(OPENSSL_NO_STDIO) |
| 75 | 75 | ||
| 76 | #ifndef NOPROTO | 76 | static int MS_CALLBACK file_write(BIO *h, const char *buf, int num); |
| 77 | static int MS_CALLBACK file_write(BIO *h,char *buf,int num); | 77 | static int MS_CALLBACK file_read(BIO *h, char *buf, int size); |
| 78 | static int MS_CALLBACK file_read(BIO *h,char *buf,int size); | 78 | static int MS_CALLBACK file_puts(BIO *h, const char *str); |
| 79 | static int MS_CALLBACK file_puts(BIO *h,char *str); | 79 | static int MS_CALLBACK file_gets(BIO *h, char *str, int size); |
| 80 | static int MS_CALLBACK file_gets(BIO *h,char *str,int size); | 80 | static long MS_CALLBACK file_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 81 | static long MS_CALLBACK file_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 82 | static int MS_CALLBACK file_new(BIO *h); | 81 | static int MS_CALLBACK file_new(BIO *h); |
| 83 | static int MS_CALLBACK file_free(BIO *data); | 82 | static int MS_CALLBACK file_free(BIO *data); |
| 84 | #else | ||
| 85 | static int MS_CALLBACK file_write(); | ||
| 86 | static int MS_CALLBACK file_read(); | ||
| 87 | static int MS_CALLBACK file_puts(); | ||
| 88 | static int MS_CALLBACK file_gets(); | ||
| 89 | static long MS_CALLBACK file_ctrl(); | ||
| 90 | static int MS_CALLBACK file_new(); | ||
| 91 | static int MS_CALLBACK file_free(); | ||
| 92 | #endif | ||
| 93 | |||
| 94 | static BIO_METHOD methods_filep= | 83 | static BIO_METHOD methods_filep= |
| 95 | { | 84 | { |
| 96 | BIO_TYPE_FILE, | 85 | BIO_TYPE_FILE, |
| @@ -102,11 +91,10 @@ static BIO_METHOD methods_filep= | |||
| 102 | file_ctrl, | 91 | file_ctrl, |
| 103 | file_new, | 92 | file_new, |
| 104 | file_free, | 93 | file_free, |
| 94 | NULL, | ||
| 105 | }; | 95 | }; |
| 106 | 96 | ||
| 107 | BIO *BIO_new_file(filename,mode) | 97 | BIO *BIO_new_file(const char *filename, const char *mode) |
| 108 | char *filename; | ||
| 109 | char *mode; | ||
| 110 | { | 98 | { |
| 111 | BIO *ret; | 99 | BIO *ret; |
| 112 | FILE *file; | 100 | FILE *file; |
| @@ -115,7 +103,10 @@ char *mode; | |||
| 115 | { | 103 | { |
| 116 | SYSerr(SYS_F_FOPEN,get_last_sys_error()); | 104 | SYSerr(SYS_F_FOPEN,get_last_sys_error()); |
| 117 | ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); | 105 | ERR_add_error_data(5,"fopen('",filename,"','",mode,"')"); |
| 118 | BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); | 106 | if (errno == ENOENT) |
| 107 | BIOerr(BIO_F_BIO_NEW_FILE,BIO_R_NO_SUCH_FILE); | ||
| 108 | else | ||
| 109 | BIOerr(BIO_F_BIO_NEW_FILE,ERR_R_SYS_LIB); | ||
| 119 | return(NULL); | 110 | return(NULL); |
| 120 | } | 111 | } |
| 121 | if ((ret=BIO_new(BIO_s_file_internal())) == NULL) | 112 | if ((ret=BIO_new(BIO_s_file_internal())) == NULL) |
| @@ -125,9 +116,7 @@ char *mode; | |||
| 125 | return(ret); | 116 | return(ret); |
| 126 | } | 117 | } |
| 127 | 118 | ||
| 128 | BIO *BIO_new_fp(stream,close_flag) | 119 | BIO *BIO_new_fp(FILE *stream, int close_flag) |
| 129 | FILE *stream; | ||
| 130 | int close_flag; | ||
| 131 | { | 120 | { |
| 132 | BIO *ret; | 121 | BIO *ret; |
| 133 | 122 | ||
| @@ -138,13 +127,12 @@ int close_flag; | |||
| 138 | return(ret); | 127 | return(ret); |
| 139 | } | 128 | } |
| 140 | 129 | ||
| 141 | BIO_METHOD *BIO_s_file() | 130 | BIO_METHOD *BIO_s_file(void) |
| 142 | { | 131 | { |
| 143 | return(&methods_filep); | 132 | return(&methods_filep); |
| 144 | } | 133 | } |
| 145 | 134 | ||
| 146 | static int MS_CALLBACK file_new(bi) | 135 | static int MS_CALLBACK file_new(BIO *bi) |
| 147 | BIO *bi; | ||
| 148 | { | 136 | { |
| 149 | bi->init=0; | 137 | bi->init=0; |
| 150 | bi->num=0; | 138 | bi->num=0; |
| @@ -152,8 +140,7 @@ BIO *bi; | |||
| 152 | return(1); | 140 | return(1); |
| 153 | } | 141 | } |
| 154 | 142 | ||
| 155 | static int MS_CALLBACK file_free(a) | 143 | static int MS_CALLBACK file_free(BIO *a) |
| 156 | BIO *a; | ||
| 157 | { | 144 | { |
| 158 | if (a == NULL) return(0); | 145 | if (a == NULL) return(0); |
| 159 | if (a->shutdown) | 146 | if (a->shutdown) |
| @@ -168,10 +155,7 @@ BIO *a; | |||
| 168 | return(1); | 155 | return(1); |
| 169 | } | 156 | } |
| 170 | 157 | ||
| 171 | static int MS_CALLBACK file_read(b,out,outl) | 158 | static int MS_CALLBACK file_read(BIO *b, char *out, int outl) |
| 172 | BIO *b; | ||
| 173 | char *out; | ||
| 174 | int outl; | ||
| 175 | { | 159 | { |
| 176 | int ret=0; | 160 | int ret=0; |
| 177 | 161 | ||
| @@ -182,10 +166,7 @@ int outl; | |||
| 182 | return(ret); | 166 | return(ret); |
| 183 | } | 167 | } |
| 184 | 168 | ||
| 185 | static int MS_CALLBACK file_write(b,in,inl) | 169 | static int MS_CALLBACK file_write(BIO *b, const char *in, int inl) |
| 186 | BIO *b; | ||
| 187 | char *in; | ||
| 188 | int inl; | ||
| 189 | { | 170 | { |
| 190 | int ret=0; | 171 | int ret=0; |
| 191 | 172 | ||
| @@ -194,18 +175,14 @@ int inl; | |||
| 194 | if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) | 175 | if (fwrite(in,(int)inl,1,(FILE *)b->ptr)) |
| 195 | ret=inl; | 176 | ret=inl; |
| 196 | /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ | 177 | /* ret=fwrite(in,1,(int)inl,(FILE *)b->ptr); */ |
| 197 | /* acording to Tim Hudson <tjh@cryptsoft.com>, the commented | 178 | /* according to Tim Hudson <tjh@cryptsoft.com>, the commented |
| 198 | * out version above can cause 'inl' write calls under | 179 | * out version above can cause 'inl' write calls under |
| 199 | * some stupid stdio implementations (VMS) */ | 180 | * some stupid stdio implementations (VMS) */ |
| 200 | } | 181 | } |
| 201 | return(ret); | 182 | return(ret); |
| 202 | } | 183 | } |
| 203 | 184 | ||
| 204 | static long MS_CALLBACK file_ctrl(b,cmd,num,ptr) | 185 | static long MS_CALLBACK file_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 205 | BIO *b; | ||
| 206 | int cmd; | ||
| 207 | long num; | ||
| 208 | char *ptr; | ||
| 209 | { | 186 | { |
| 210 | long ret=1; | 187 | long ret=1; |
| 211 | FILE *fp=(FILE *)b->ptr; | 188 | FILE *fp=(FILE *)b->ptr; |
| @@ -214,26 +191,33 @@ char *ptr; | |||
| 214 | 191 | ||
| 215 | switch (cmd) | 192 | switch (cmd) |
| 216 | { | 193 | { |
| 194 | case BIO_C_FILE_SEEK: | ||
| 217 | case BIO_CTRL_RESET: | 195 | case BIO_CTRL_RESET: |
| 218 | ret=(long)fseek(fp,num,0); | 196 | ret=(long)fseek(fp,num,0); |
| 219 | break; | 197 | break; |
| 220 | case BIO_CTRL_EOF: | 198 | case BIO_CTRL_EOF: |
| 221 | ret=(long)feof(fp); | 199 | ret=(long)feof(fp); |
| 222 | break; | 200 | break; |
| 201 | case BIO_C_FILE_TELL: | ||
| 223 | case BIO_CTRL_INFO: | 202 | case BIO_CTRL_INFO: |
| 224 | ret=ftell(fp); | 203 | ret=ftell(fp); |
| 225 | break; | 204 | break; |
| 226 | case BIO_C_SET_FILE_PTR: | 205 | case BIO_C_SET_FILE_PTR: |
| 227 | file_free(b); | 206 | file_free(b); |
| 228 | b->shutdown=(int)num; | 207 | b->shutdown=(int)num&BIO_CLOSE; |
| 229 | b->ptr=(char *)ptr; | 208 | b->ptr=(char *)ptr; |
| 230 | b->init=1; | 209 | b->init=1; |
| 231 | #if defined(MSDOS) || defined(WINDOWS) | 210 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) |
| 232 | /* Set correct text/binary mode */ | 211 | /* Set correct text/binary mode */ |
| 233 | if (num & BIO_FP_TEXT) | 212 | if (num & BIO_FP_TEXT) |
| 234 | _setmode(fileno((FILE *)ptr),_O_TEXT); | 213 | _setmode(fileno((FILE *)ptr),_O_TEXT); |
| 235 | else | 214 | else |
| 236 | _setmode(fileno((FILE *)ptr),_O_BINARY); | 215 | _setmode(fileno((FILE *)ptr),_O_BINARY); |
| 216 | #elif defined(OPENSSL_SYS_OS2) | ||
| 217 | if (num & BIO_FP_TEXT) | ||
| 218 | setmode(fileno((FILE *)ptr), O_TEXT); | ||
| 219 | else | ||
| 220 | setmode(fileno((FILE *)ptr), O_BINARY); | ||
| 237 | #endif | 221 | #endif |
| 238 | break; | 222 | break; |
| 239 | case BIO_C_SET_FILENAME: | 223 | case BIO_C_SET_FILENAME: |
| @@ -257,7 +241,7 @@ char *ptr; | |||
| 257 | ret=0; | 241 | ret=0; |
| 258 | break; | 242 | break; |
| 259 | } | 243 | } |
| 260 | #if defined(MSDOS) || defined(WINDOWS) | 244 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) |
| 261 | if (!(num & BIO_FP_TEXT)) | 245 | if (!(num & BIO_FP_TEXT)) |
| 262 | strcat(p,"b"); | 246 | strcat(p,"b"); |
| 263 | else | 247 | else |
| @@ -307,10 +291,7 @@ char *ptr; | |||
| 307 | return(ret); | 291 | return(ret); |
| 308 | } | 292 | } |
| 309 | 293 | ||
| 310 | static int MS_CALLBACK file_gets(bp,buf,size) | 294 | static int MS_CALLBACK file_gets(BIO *bp, char *buf, int size) |
| 311 | BIO *bp; | ||
| 312 | char *buf; | ||
| 313 | int size; | ||
| 314 | { | 295 | { |
| 315 | int ret=0; | 296 | int ret=0; |
| 316 | 297 | ||
| @@ -321,9 +302,7 @@ int size; | |||
| 321 | return(ret); | 302 | return(ret); |
| 322 | } | 303 | } |
| 323 | 304 | ||
| 324 | static int MS_CALLBACK file_puts(bp,str) | 305 | static int MS_CALLBACK file_puts(BIO *bp, const char *str) |
| 325 | BIO *bp; | ||
| 326 | char *str; | ||
| 327 | { | 306 | { |
| 328 | int n,ret; | 307 | int n,ret; |
| 329 | 308 | ||
| @@ -332,7 +311,7 @@ char *str; | |||
| 332 | return(ret); | 311 | return(ret); |
| 333 | } | 312 | } |
| 334 | 313 | ||
| 335 | #endif /* NO_STDIO */ | 314 | #endif /* OPENSSL_NO_STDIO */ |
| 336 | 315 | ||
| 337 | #endif /* HEADER_BSS_FILE_C */ | 316 | #endif /* HEADER_BSS_FILE_C */ |
| 338 | 317 | ||
diff --git a/src/lib/libcrypto/bio/bss_log.c b/src/lib/libcrypto/bio/bss_log.c index db82e757e7..a39d95297c 100644 --- a/src/lib/libcrypto/bio/bss_log.c +++ b/src/lib/libcrypto/bio/bss_log.c | |||
| @@ -57,8 +57,8 @@ | |||
| 57 | Why BIO_s_log? | 57 | Why BIO_s_log? |
| 58 | 58 | ||
| 59 | BIO_s_log is useful for system daemons (or services under NT). | 59 | BIO_s_log is useful for system daemons (or services under NT). |
| 60 | It is one-way BIO, it sends all stuff to syslogd (or event log | 60 | It is one-way BIO, it sends all stuff to syslogd (on system that |
| 61 | under NT). | 61 | commonly use that), or event log (on NT), or OPCOM (on OpenVMS). |
| 62 | 62 | ||
| 63 | */ | 63 | */ |
| 64 | 64 | ||
| @@ -66,27 +66,71 @@ | |||
| 66 | #include <stdio.h> | 66 | #include <stdio.h> |
| 67 | #include <errno.h> | 67 | #include <errno.h> |
| 68 | 68 | ||
| 69 | #ifndef WIN32 | 69 | #include "cryptlib.h" |
| 70 | #ifdef __ultrix | 70 | |
| 71 | #include <sys/syslog.h> | 71 | #if defined(OPENSSL_SYS_WIN32) |
| 72 | #else | 72 | # include <process.h> |
| 73 | #include <syslog.h> | 73 | #elif defined(OPENSSL_SYS_VMS) |
| 74 | #endif | 74 | # include <opcdef.h> |
| 75 | # include <descrip.h> | ||
| 76 | # include <lib$routines.h> | ||
| 77 | # include <starlet.h> | ||
| 78 | #elif defined(__ultrix) | ||
| 79 | # include <sys/syslog.h> | ||
| 80 | #elif !defined(MSDOS) && !defined(OPENSSL_SYS_VXWORKS) && !defined(NO_SYSLOG) /* Unix */ | ||
| 81 | # include <syslog.h> | ||
| 75 | #endif | 82 | #endif |
| 76 | 83 | ||
| 77 | #include "cryptlib.h" | ||
| 78 | #include <openssl/buffer.h> | 84 | #include <openssl/buffer.h> |
| 79 | #include <openssl/err.h> | 85 | #include <openssl/err.h> |
| 86 | |||
| 80 | #ifndef NO_SYSLOG | 87 | #ifndef NO_SYSLOG |
| 81 | 88 | ||
| 89 | #if defined(OPENSSL_SYS_WIN32) | ||
| 90 | #define LOG_EMERG 0 | ||
| 91 | #define LOG_ALERT 1 | ||
| 92 | #define LOG_CRIT 2 | ||
| 93 | #define LOG_ERR 3 | ||
| 94 | #define LOG_WARNING 4 | ||
| 95 | #define LOG_NOTICE 5 | ||
| 96 | #define LOG_INFO 6 | ||
| 97 | #define LOG_DEBUG 7 | ||
| 82 | 98 | ||
| 83 | static int MS_CALLBACK slg_write(BIO *h,char *buf,int num); | 99 | #define LOG_DAEMON (3<<3) |
| 84 | static int MS_CALLBACK slg_puts(BIO *h,char *str); | 100 | #elif defined(OPENSSL_SYS_VMS) |
| 85 | static long MS_CALLBACK slg_ctrl(BIO *h,int cmd,long arg1,char *arg2); | 101 | /* On VMS, we don't really care about these, but we need them to compile */ |
| 102 | #define LOG_EMERG 0 | ||
| 103 | #define LOG_ALERT 1 | ||
| 104 | #define LOG_CRIT 2 | ||
| 105 | #define LOG_ERR 3 | ||
| 106 | #define LOG_WARNING 4 | ||
| 107 | #define LOG_NOTICE 5 | ||
| 108 | #define LOG_INFO 6 | ||
| 109 | #define LOG_DEBUG 7 | ||
| 110 | |||
| 111 | #define LOG_DAEMON OPC$M_NM_NTWORK | ||
| 112 | #endif | ||
| 113 | |||
| 114 | static int MS_CALLBACK slg_write(BIO *h, const char *buf, int num); | ||
| 115 | static int MS_CALLBACK slg_puts(BIO *h, const char *str); | ||
| 116 | static long MS_CALLBACK slg_ctrl(BIO *h, int cmd, long arg1, void *arg2); | ||
| 86 | static int MS_CALLBACK slg_new(BIO *h); | 117 | static int MS_CALLBACK slg_new(BIO *h); |
| 87 | static int MS_CALLBACK slg_free(BIO *data); | 118 | static int MS_CALLBACK slg_free(BIO *data); |
| 88 | static int xopenlog(BIO* bp, const char* name, int level); | 119 | static void xopenlog(BIO* bp, char* name, int level); |
| 89 | static int xcloselog(BIO* bp); | 120 | static void xsyslog(BIO* bp, int priority, const char* string); |
| 121 | static void xcloselog(BIO* bp); | ||
| 122 | #ifdef OPENSSL_SYS_WIN32 | ||
| 123 | LONG (WINAPI *go_for_advapi)() = RegOpenKeyEx; | ||
| 124 | HANDLE (WINAPI *register_event_source)() = NULL; | ||
| 125 | BOOL (WINAPI *deregister_event_source)() = NULL; | ||
| 126 | BOOL (WINAPI *report_event)() = NULL; | ||
| 127 | #define DL_PROC(m,f) (GetProcAddress( m, f )) | ||
| 128 | #ifdef UNICODE | ||
| 129 | #define DL_PROC_X(m,f) DL_PROC( m, f "W" ) | ||
| 130 | #else | ||
| 131 | #define DL_PROC_X(m,f) DL_PROC( m, f "A" ) | ||
| 132 | #endif | ||
| 133 | #endif | ||
| 90 | 134 | ||
| 91 | static BIO_METHOD methods_slg= | 135 | static BIO_METHOD methods_slg= |
| 92 | { | 136 | { |
| @@ -98,6 +142,7 @@ static BIO_METHOD methods_slg= | |||
| 98 | slg_ctrl, | 142 | slg_ctrl, |
| 99 | slg_new, | 143 | slg_new, |
| 100 | slg_free, | 144 | slg_free, |
| 145 | NULL, | ||
| 101 | }; | 146 | }; |
| 102 | 147 | ||
| 103 | BIO_METHOD *BIO_s_log(void) | 148 | BIO_METHOD *BIO_s_log(void) |
| @@ -110,11 +155,7 @@ static int MS_CALLBACK slg_new(BIO *bi) | |||
| 110 | bi->init=1; | 155 | bi->init=1; |
| 111 | bi->num=0; | 156 | bi->num=0; |
| 112 | bi->ptr=NULL; | 157 | bi->ptr=NULL; |
| 113 | #ifndef WIN32 | ||
| 114 | xopenlog(bi, "application", LOG_DAEMON); | 158 | xopenlog(bi, "application", LOG_DAEMON); |
| 115 | #else | ||
| 116 | xopenlog(bi, "application", 0); | ||
| 117 | #endif | ||
| 118 | return(1); | 159 | return(1); |
| 119 | } | 160 | } |
| 120 | 161 | ||
| @@ -125,64 +166,60 @@ static int MS_CALLBACK slg_free(BIO *a) | |||
| 125 | return(1); | 166 | return(1); |
| 126 | } | 167 | } |
| 127 | 168 | ||
| 128 | static int MS_CALLBACK slg_write(BIO *b, char *in, int inl) | 169 | static int MS_CALLBACK slg_write(BIO *b, const char *in, int inl) |
| 129 | { | 170 | { |
| 130 | int ret= inl; | 171 | int ret= inl; |
| 131 | char* buf= in; | 172 | char* buf; |
| 132 | char* pp; | 173 | char* pp; |
| 133 | #if defined(WIN32) | 174 | int priority, i; |
| 134 | LPTSTR lpszStrings[1]; | 175 | static struct |
| 135 | WORD evtype= EVENTLOG_ERROR_TYPE; | 176 | { |
| 136 | #else | 177 | int strl; |
| 137 | int priority; | 178 | char str[10]; |
| 138 | #endif | 179 | int log_level; |
| 180 | } | ||
| 181 | mapping[] = | ||
| 182 | { | ||
| 183 | { 6, "PANIC ", LOG_EMERG }, | ||
| 184 | { 6, "EMERG ", LOG_EMERG }, | ||
| 185 | { 4, "EMR ", LOG_EMERG }, | ||
| 186 | { 6, "ALERT ", LOG_ALERT }, | ||
| 187 | { 4, "ALR ", LOG_ALERT }, | ||
| 188 | { 5, "CRIT ", LOG_CRIT }, | ||
| 189 | { 4, "CRI ", LOG_CRIT }, | ||
| 190 | { 6, "ERROR ", LOG_ERR }, | ||
| 191 | { 4, "ERR ", LOG_ERR }, | ||
| 192 | { 8, "WARNING ", LOG_WARNING }, | ||
| 193 | { 5, "WARN ", LOG_WARNING }, | ||
| 194 | { 4, "WAR ", LOG_WARNING }, | ||
| 195 | { 7, "NOTICE ", LOG_NOTICE }, | ||
| 196 | { 5, "NOTE ", LOG_NOTICE }, | ||
| 197 | { 4, "NOT ", LOG_NOTICE }, | ||
| 198 | { 5, "INFO ", LOG_INFO }, | ||
| 199 | { 4, "INF ", LOG_INFO }, | ||
| 200 | { 6, "DEBUG ", LOG_DEBUG }, | ||
| 201 | { 4, "DBG ", LOG_DEBUG }, | ||
| 202 | { 0, "", LOG_ERR } /* The default */ | ||
| 203 | }; | ||
| 139 | 204 | ||
| 140 | if((buf= (char *)Malloc(inl+ 1)) == NULL){ | 205 | if((buf= (char *)OPENSSL_malloc(inl+ 1)) == NULL){ |
| 141 | return(0); | 206 | return(0); |
| 142 | } | 207 | } |
| 143 | strncpy(buf, in, inl); | 208 | strncpy(buf, in, inl); |
| 144 | buf[inl]= '\0'; | 209 | buf[inl]= '\0'; |
| 145 | #if defined(WIN32) | ||
| 146 | if(strncmp(buf, "ERR ", 4) == 0){ | ||
| 147 | evtype= EVENTLOG_ERROR_TYPE; | ||
| 148 | pp= buf+ 4; | ||
| 149 | }else if(strncmp(buf, "WAR ", 4) == 0){ | ||
| 150 | evtype= EVENTLOG_WARNING_TYPE; | ||
| 151 | pp= buf+ 4; | ||
| 152 | }else if(strncmp(buf, "INF ", 4) == 0){ | ||
| 153 | evtype= EVENTLOG_INFORMATION_TYPE; | ||
| 154 | pp= buf+ 4; | ||
| 155 | }else{ | ||
| 156 | evtype= EVENTLOG_ERROR_TYPE; | ||
| 157 | pp= buf; | ||
| 158 | } | ||
| 159 | lpszStrings[0]= pp; | ||
| 160 | 210 | ||
| 161 | if(b->ptr) | 211 | i = 0; |
| 162 | ReportEvent(b->ptr, evtype, 0, 1024, NULL, 1, 0, | 212 | while(strncmp(buf, mapping[i].str, mapping[i].strl) != 0) i++; |
| 163 | lpszStrings, NULL); | 213 | priority = mapping[i].log_level; |
| 164 | #else | 214 | pp = buf + mapping[i].strl; |
| 165 | if(strncmp(buf, "ERR ", 4) == 0){ | ||
| 166 | priority= LOG_ERR; | ||
| 167 | pp= buf+ 4; | ||
| 168 | }else if(strncmp(buf, "WAR ", 4) == 0){ | ||
| 169 | priority= LOG_WARNING; | ||
| 170 | pp= buf+ 4; | ||
| 171 | }else if(strncmp(buf, "INF ", 4) == 0){ | ||
| 172 | priority= LOG_INFO; | ||
| 173 | pp= buf+ 4; | ||
| 174 | }else{ | ||
| 175 | priority= LOG_ERR; | ||
| 176 | pp= buf; | ||
| 177 | } | ||
| 178 | 215 | ||
| 179 | syslog(priority, "%s", pp); | 216 | xsyslog(b, priority, pp); |
| 180 | #endif | 217 | |
| 181 | Free(buf); | 218 | OPENSSL_free(buf); |
| 182 | return(ret); | 219 | return(ret); |
| 183 | } | 220 | } |
| 184 | 221 | ||
| 185 | static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr) | 222 | static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 186 | { | 223 | { |
| 187 | switch (cmd) | 224 | switch (cmd) |
| 188 | { | 225 | { |
| @@ -196,7 +233,7 @@ static long MS_CALLBACK slg_ctrl(BIO *b, int cmd, long num, char *ptr) | |||
| 196 | return(0); | 233 | return(0); |
| 197 | } | 234 | } |
| 198 | 235 | ||
| 199 | static int MS_CALLBACK slg_puts(BIO *bp, char *str) | 236 | static int MS_CALLBACK slg_puts(BIO *bp, const char *str) |
| 200 | { | 237 | { |
| 201 | int n,ret; | 238 | int n,ret; |
| 202 | 239 | ||
| @@ -205,28 +242,154 @@ static int MS_CALLBACK slg_puts(BIO *bp, char *str) | |||
| 205 | return(ret); | 242 | return(ret); |
| 206 | } | 243 | } |
| 207 | 244 | ||
| 208 | static int xopenlog(BIO* bp, const char* name, int level) | 245 | #if defined(OPENSSL_SYS_WIN32) |
| 246 | |||
| 247 | static void xopenlog(BIO* bp, char* name, int level) | ||
| 209 | { | 248 | { |
| 210 | #if defined(WIN32) | 249 | if ( !register_event_source ) |
| 211 | if((bp->ptr= (char *)RegisterEventSource(NULL, name)) == NULL){ | 250 | { |
| 212 | return(0); | 251 | HANDLE advapi; |
| 213 | } | 252 | if ( !(advapi = GetModuleHandle("advapi32")) ) |
| 214 | #else | 253 | return; |
| 215 | openlog(name, LOG_PID|LOG_CONS, level); | 254 | register_event_source = (HANDLE (WINAPI *)())DL_PROC_X(advapi, |
| 216 | #endif | 255 | "RegisterEventSource" ); |
| 217 | return(1); | 256 | deregister_event_source = (BOOL (WINAPI *)())DL_PROC(advapi, |
| 257 | "DeregisterEventSource"); | ||
| 258 | report_event = (BOOL (WINAPI *)())DL_PROC_X(advapi, | ||
| 259 | "ReportEvent" ); | ||
| 260 | if ( !(register_event_source && deregister_event_source && | ||
| 261 | report_event) ) | ||
| 262 | { | ||
| 263 | register_event_source = NULL; | ||
| 264 | deregister_event_source = NULL; | ||
| 265 | report_event = NULL; | ||
| 266 | return; | ||
| 267 | } | ||
| 268 | } | ||
| 269 | bp->ptr= (char *)register_event_source(NULL, name); | ||
| 218 | } | 270 | } |
| 219 | 271 | ||
| 220 | static int xcloselog(BIO* bp) | 272 | static void xsyslog(BIO *bp, int priority, const char *string) |
| 273 | { | ||
| 274 | LPCSTR lpszStrings[2]; | ||
| 275 | WORD evtype= EVENTLOG_ERROR_TYPE; | ||
| 276 | int pid = _getpid(); | ||
| 277 | char pidbuf[20]; | ||
| 278 | |||
| 279 | switch (priority) | ||
| 280 | { | ||
| 281 | case LOG_EMERG: | ||
| 282 | case LOG_ALERT: | ||
| 283 | case LOG_CRIT: | ||
| 284 | case LOG_ERR: | ||
| 285 | evtype = EVENTLOG_ERROR_TYPE; | ||
| 286 | break; | ||
| 287 | case LOG_WARNING: | ||
| 288 | evtype = EVENTLOG_WARNING_TYPE; | ||
| 289 | break; | ||
| 290 | case LOG_NOTICE: | ||
| 291 | case LOG_INFO: | ||
| 292 | case LOG_DEBUG: | ||
| 293 | evtype = EVENTLOG_INFORMATION_TYPE; | ||
| 294 | break; | ||
| 295 | default: /* Should never happen, but set it | ||
| 296 | as error anyway. */ | ||
| 297 | evtype = EVENTLOG_ERROR_TYPE; | ||
| 298 | break; | ||
| 299 | } | ||
| 300 | |||
| 301 | sprintf(pidbuf, "[%d] ", pid); | ||
| 302 | lpszStrings[0] = pidbuf; | ||
| 303 | lpszStrings[1] = string; | ||
| 304 | |||
| 305 | if(report_event && bp->ptr) | ||
| 306 | report_event(bp->ptr, evtype, 0, 1024, NULL, 2, 0, | ||
| 307 | lpszStrings, NULL); | ||
| 308 | } | ||
| 309 | |||
| 310 | static void xcloselog(BIO* bp) | ||
| 221 | { | 311 | { |
| 222 | #if defined(WIN32) | 312 | if(deregister_event_source && bp->ptr) |
| 223 | if(bp->ptr) | 313 | deregister_event_source((HANDLE)(bp->ptr)); |
| 224 | DeregisterEventSource((HANDLE)(bp->ptr)); | ||
| 225 | bp->ptr= NULL; | 314 | bp->ptr= NULL; |
| 226 | #else | 315 | } |
| 316 | |||
| 317 | #elif defined(OPENSSL_SYS_VMS) | ||
| 318 | |||
| 319 | static int VMS_OPC_target = LOG_DAEMON; | ||
| 320 | |||
| 321 | static void xopenlog(BIO* bp, char* name, int level) | ||
| 322 | { | ||
| 323 | VMS_OPC_target = level; | ||
| 324 | } | ||
| 325 | |||
| 326 | static void xsyslog(BIO *bp, int priority, const char *string) | ||
| 327 | { | ||
| 328 | struct dsc$descriptor_s opc_dsc; | ||
| 329 | struct opcdef *opcdef_p; | ||
| 330 | char buf[10240]; | ||
| 331 | unsigned int len; | ||
| 332 | struct dsc$descriptor_s buf_dsc; | ||
| 333 | $DESCRIPTOR(fao_cmd, "!AZ: !AZ"); | ||
| 334 | char *priority_tag; | ||
| 335 | |||
| 336 | switch (priority) | ||
| 337 | { | ||
| 338 | case LOG_EMERG: priority_tag = "Emergency"; break; | ||
| 339 | case LOG_ALERT: priority_tag = "Alert"; break; | ||
| 340 | case LOG_CRIT: priority_tag = "Critical"; break; | ||
| 341 | case LOG_ERR: priority_tag = "Error"; break; | ||
| 342 | case LOG_WARNING: priority_tag = "Warning"; break; | ||
| 343 | case LOG_NOTICE: priority_tag = "Notice"; break; | ||
| 344 | case LOG_INFO: priority_tag = "Info"; break; | ||
| 345 | case LOG_DEBUG: priority_tag = "DEBUG"; break; | ||
| 346 | } | ||
| 347 | |||
| 348 | buf_dsc.dsc$b_dtype = DSC$K_DTYPE_T; | ||
| 349 | buf_dsc.dsc$b_class = DSC$K_CLASS_S; | ||
| 350 | buf_dsc.dsc$a_pointer = buf; | ||
| 351 | buf_dsc.dsc$w_length = sizeof(buf) - 1; | ||
| 352 | |||
| 353 | lib$sys_fao(&fao_cmd, &len, &buf_dsc, priority_tag, string); | ||
| 354 | |||
| 355 | /* we know there's an 8 byte header. That's documented */ | ||
| 356 | opcdef_p = (struct opcdef *) OPENSSL_malloc(8 + len); | ||
| 357 | opcdef_p->opc$b_ms_type = OPC$_RQ_RQST; | ||
| 358 | memcpy(opcdef_p->opc$z_ms_target_classes, &VMS_OPC_target, 3); | ||
| 359 | opcdef_p->opc$l_ms_rqstid = 0; | ||
| 360 | memcpy(&opcdef_p->opc$l_ms_text, buf, len); | ||
| 361 | |||
| 362 | opc_dsc.dsc$b_dtype = DSC$K_DTYPE_T; | ||
| 363 | opc_dsc.dsc$b_class = DSC$K_CLASS_S; | ||
| 364 | opc_dsc.dsc$a_pointer = (char *)opcdef_p; | ||
| 365 | opc_dsc.dsc$w_length = len + 8; | ||
| 366 | |||
| 367 | sys$sndopr(opc_dsc, 0); | ||
| 368 | |||
| 369 | OPENSSL_free(opcdef_p); | ||
| 370 | } | ||
| 371 | |||
| 372 | static void xcloselog(BIO* bp) | ||
| 373 | { | ||
| 374 | } | ||
| 375 | |||
| 376 | #else /* Unix */ | ||
| 377 | |||
| 378 | static void xopenlog(BIO* bp, char* name, int level) | ||
| 379 | { | ||
| 380 | openlog(name, LOG_PID|LOG_CONS, level); | ||
| 381 | } | ||
| 382 | |||
| 383 | static void xsyslog(BIO *bp, int priority, const char *string) | ||
| 384 | { | ||
| 385 | syslog(priority, "%s", string); | ||
| 386 | } | ||
| 387 | |||
| 388 | static void xcloselog(BIO* bp) | ||
| 389 | { | ||
| 227 | closelog(); | 390 | closelog(); |
| 228 | #endif | ||
| 229 | return(1); | ||
| 230 | } | 391 | } |
| 231 | 392 | ||
| 232 | #endif | 393 | #endif /* Unix */ |
| 394 | |||
| 395 | #endif /* NO_SYSLOG */ | ||
diff --git a/src/lib/libcrypto/bio/bss_mem.c b/src/lib/libcrypto/bio/bss_mem.c index 40c4e39f02..28ff7582bf 100644 --- a/src/lib/libcrypto/bio/bss_mem.c +++ b/src/lib/libcrypto/bio/bss_mem.c | |||
| @@ -59,26 +59,15 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bio.h" | 62 | #include <openssl/bio.h> |
| 63 | 63 | ||
| 64 | #ifndef NOPROTO | 64 | static int mem_write(BIO *h, const char *buf, int num); |
| 65 | static int mem_write(BIO *h,char *buf,int num); | 65 | static int mem_read(BIO *h, char *buf, int size); |
| 66 | static int mem_read(BIO *h,char *buf,int size); | 66 | static int mem_puts(BIO *h, const char *str); |
| 67 | static int mem_puts(BIO *h,char *str); | 67 | static int mem_gets(BIO *h, char *str, int size); |
| 68 | static int mem_gets(BIO *h,char *str,int size); | 68 | static long mem_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 69 | static long mem_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 70 | static int mem_new(BIO *h); | 69 | static int mem_new(BIO *h); |
| 71 | static int mem_free(BIO *data); | 70 | static int mem_free(BIO *data); |
| 72 | #else | ||
| 73 | static int mem_write(); | ||
| 74 | static int mem_read(); | ||
| 75 | static int mem_puts(); | ||
| 76 | static int mem_gets(); | ||
| 77 | static long mem_ctrl(); | ||
| 78 | static int mem_new(); | ||
| 79 | static int mem_free(); | ||
| 80 | #endif | ||
| 81 | |||
| 82 | static BIO_METHOD mem_method= | 71 | static BIO_METHOD mem_method= |
| 83 | { | 72 | { |
| 84 | BIO_TYPE_MEM, | 73 | BIO_TYPE_MEM, |
| @@ -90,15 +79,38 @@ static BIO_METHOD mem_method= | |||
| 90 | mem_ctrl, | 79 | mem_ctrl, |
| 91 | mem_new, | 80 | mem_new, |
| 92 | mem_free, | 81 | mem_free, |
| 82 | NULL, | ||
| 93 | }; | 83 | }; |
| 94 | 84 | ||
| 95 | BIO_METHOD *BIO_s_mem() | 85 | /* bio->num is used to hold the value to return on 'empty', if it is |
| 86 | * 0, should_retry is not set */ | ||
| 87 | |||
| 88 | BIO_METHOD *BIO_s_mem(void) | ||
| 96 | { | 89 | { |
| 97 | return(&mem_method); | 90 | return(&mem_method); |
| 98 | } | 91 | } |
| 99 | 92 | ||
| 100 | static int mem_new(bi) | 93 | BIO *BIO_new_mem_buf(void *buf, int len) |
| 101 | BIO *bi; | 94 | { |
| 95 | BIO *ret; | ||
| 96 | BUF_MEM *b; | ||
| 97 | if (!buf) { | ||
| 98 | BIOerr(BIO_F_BIO_NEW_MEM_BUF,BIO_R_NULL_PARAMETER); | ||
| 99 | return NULL; | ||
| 100 | } | ||
| 101 | if(len == -1) len = strlen(buf); | ||
| 102 | if(!(ret = BIO_new(BIO_s_mem())) ) return NULL; | ||
| 103 | b = (BUF_MEM *)ret->ptr; | ||
| 104 | b->data = buf; | ||
| 105 | b->length = len; | ||
| 106 | b->max = len; | ||
| 107 | ret->flags |= BIO_FLAGS_MEM_RDONLY; | ||
| 108 | /* Since this is static data retrying wont help */ | ||
| 109 | ret->num = 0; | ||
| 110 | return ret; | ||
| 111 | } | ||
| 112 | |||
| 113 | static int mem_new(BIO *bi) | ||
| 102 | { | 114 | { |
| 103 | BUF_MEM *b; | 115 | BUF_MEM *b; |
| 104 | 116 | ||
| @@ -106,30 +118,29 @@ BIO *bi; | |||
| 106 | return(0); | 118 | return(0); |
| 107 | bi->shutdown=1; | 119 | bi->shutdown=1; |
| 108 | bi->init=1; | 120 | bi->init=1; |
| 109 | bi->num=0; | 121 | bi->num= -1; |
| 110 | bi->ptr=(char *)b; | 122 | bi->ptr=(char *)b; |
| 111 | return(1); | 123 | return(1); |
| 112 | } | 124 | } |
| 113 | 125 | ||
| 114 | static int mem_free(a) | 126 | static int mem_free(BIO *a) |
| 115 | BIO *a; | ||
| 116 | { | 127 | { |
| 117 | if (a == NULL) return(0); | 128 | if (a == NULL) return(0); |
| 118 | if (a->shutdown) | 129 | if (a->shutdown) |
| 119 | { | 130 | { |
| 120 | if ((a->init) && (a->ptr != NULL)) | 131 | if ((a->init) && (a->ptr != NULL)) |
| 121 | { | 132 | { |
| 122 | BUF_MEM_free((BUF_MEM *)a->ptr); | 133 | BUF_MEM *b; |
| 134 | b = (BUF_MEM *)a->ptr; | ||
| 135 | if(a->flags & BIO_FLAGS_MEM_RDONLY) b->data = NULL; | ||
| 136 | BUF_MEM_free(b); | ||
| 123 | a->ptr=NULL; | 137 | a->ptr=NULL; |
| 124 | } | 138 | } |
| 125 | } | 139 | } |
| 126 | return(1); | 140 | return(1); |
| 127 | } | 141 | } |
| 128 | 142 | ||
| 129 | static int mem_read(b,out,outl) | 143 | static int mem_read(BIO *b, char *out, int outl) |
| 130 | BIO *b; | ||
| 131 | char *out; | ||
| 132 | int outl; | ||
| 133 | { | 144 | { |
| 134 | int ret= -1; | 145 | int ret= -1; |
| 135 | BUF_MEM *bm; | 146 | BUF_MEM *bm; |
| @@ -139,28 +150,27 @@ int outl; | |||
| 139 | bm=(BUF_MEM *)b->ptr; | 150 | bm=(BUF_MEM *)b->ptr; |
| 140 | BIO_clear_retry_flags(b); | 151 | BIO_clear_retry_flags(b); |
| 141 | ret=(outl > bm->length)?bm->length:outl; | 152 | ret=(outl > bm->length)?bm->length:outl; |
| 142 | if ((out != NULL) && (ret > 0)) | 153 | if ((out != NULL) && (ret > 0)) { |
| 143 | { | ||
| 144 | memcpy(out,bm->data,ret); | 154 | memcpy(out,bm->data,ret); |
| 145 | bm->length-=ret; | 155 | bm->length-=ret; |
| 146 | /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ | 156 | /* memmove(&(bm->data[0]),&(bm->data[ret]), bm->length); */ |
| 147 | from=(char *)&(bm->data[ret]); | 157 | if(b->flags & BIO_FLAGS_MEM_RDONLY) bm->data += ret; |
| 148 | to=(char *)&(bm->data[0]); | 158 | else { |
| 149 | for (i=0; i<bm->length; i++) | 159 | from=(char *)&(bm->data[ret]); |
| 150 | to[i]=from[i]; | 160 | to=(char *)&(bm->data[0]); |
| 161 | for (i=0; i<bm->length; i++) | ||
| 162 | to[i]=from[i]; | ||
| 151 | } | 163 | } |
| 152 | else if (bm->length == 0) | 164 | } else if (bm->length == 0) |
| 153 | { | 165 | { |
| 154 | BIO_set_retry_read(b); | 166 | ret = b->num; |
| 155 | ret= -1; | 167 | if (ret != 0) |
| 168 | BIO_set_retry_read(b); | ||
| 156 | } | 169 | } |
| 157 | return(ret); | 170 | return(ret); |
| 158 | } | 171 | } |
| 159 | 172 | ||
| 160 | static int mem_write(b,in,inl) | 173 | static int mem_write(BIO *b, const char *in, int inl) |
| 161 | BIO *b; | ||
| 162 | char *in; | ||
| 163 | int inl; | ||
| 164 | { | 174 | { |
| 165 | int ret= -1; | 175 | int ret= -1; |
| 166 | int blen; | 176 | int blen; |
| @@ -173,6 +183,11 @@ int inl; | |||
| 173 | goto end; | 183 | goto end; |
| 174 | } | 184 | } |
| 175 | 185 | ||
| 186 | if(b->flags & BIO_FLAGS_MEM_RDONLY) { | ||
| 187 | BIOerr(BIO_F_MEM_WRITE,BIO_R_WRITE_TO_READ_ONLY_BIO); | ||
| 188 | goto end; | ||
| 189 | } | ||
| 190 | |||
| 176 | BIO_clear_retry_flags(b); | 191 | BIO_clear_retry_flags(b); |
| 177 | blen=bm->length; | 192 | blen=bm->length; |
| 178 | if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) | 193 | if (BUF_MEM_grow(bm,blen+inl) != (blen+inl)) |
| @@ -183,11 +198,7 @@ end: | |||
| 183 | return(ret); | 198 | return(ret); |
| 184 | } | 199 | } |
| 185 | 200 | ||
| 186 | static long mem_ctrl(b,cmd,num,ptr) | 201 | static long mem_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 187 | BIO *b; | ||
| 188 | int cmd; | ||
| 189 | long num; | ||
| 190 | char *ptr; | ||
| 191 | { | 202 | { |
| 192 | long ret=1; | 203 | long ret=1; |
| 193 | char **pptr; | 204 | char **pptr; |
| @@ -198,12 +209,26 @@ char *ptr; | |||
| 198 | { | 209 | { |
| 199 | case BIO_CTRL_RESET: | 210 | case BIO_CTRL_RESET: |
| 200 | if (bm->data != NULL) | 211 | if (bm->data != NULL) |
| 201 | memset(bm->data,0,bm->max); | 212 | { |
| 202 | bm->length=0; | 213 | /* For read only case reset to the start again */ |
| 214 | if(b->flags & BIO_FLAGS_MEM_RDONLY) | ||
| 215 | { | ||
| 216 | bm->data -= bm->max - bm->length; | ||
| 217 | bm->length = bm->max; | ||
| 218 | } | ||
| 219 | else | ||
| 220 | { | ||
| 221 | memset(bm->data,0,bm->max); | ||
| 222 | bm->length=0; | ||
| 223 | } | ||
| 224 | } | ||
| 203 | break; | 225 | break; |
| 204 | case BIO_CTRL_EOF: | 226 | case BIO_CTRL_EOF: |
| 205 | ret=(long)(bm->length == 0); | 227 | ret=(long)(bm->length == 0); |
| 206 | break; | 228 | break; |
| 229 | case BIO_C_SET_BUF_MEM_EOF_RETURN: | ||
| 230 | b->num=(int)num; | ||
| 231 | break; | ||
| 207 | case BIO_CTRL_INFO: | 232 | case BIO_CTRL_INFO: |
| 208 | ret=(long)bm->length; | 233 | ret=(long)bm->length; |
| 209 | if (ptr != NULL) | 234 | if (ptr != NULL) |
| @@ -250,10 +275,7 @@ char *ptr; | |||
| 250 | return(ret); | 275 | return(ret); |
| 251 | } | 276 | } |
| 252 | 277 | ||
| 253 | static int mem_gets(bp,buf,size) | 278 | static int mem_gets(BIO *bp, char *buf, int size) |
| 254 | BIO *bp; | ||
| 255 | char *buf; | ||
| 256 | int size; | ||
| 257 | { | 279 | { |
| 258 | int i,j; | 280 | int i,j; |
| 259 | int ret= -1; | 281 | int ret= -1; |
| @@ -283,9 +305,7 @@ int size; | |||
| 283 | return(ret); | 305 | return(ret); |
| 284 | } | 306 | } |
| 285 | 307 | ||
| 286 | static int mem_puts(bp,str) | 308 | static int mem_puts(BIO *bp, const char *str) |
| 287 | BIO *bp; | ||
| 288 | char *str; | ||
| 289 | { | 309 | { |
| 290 | int n,ret; | 310 | int n,ret; |
| 291 | 311 | ||
diff --git a/src/lib/libcrypto/bio/bss_null.c b/src/lib/libcrypto/bio/bss_null.c index 0791a2471a..46b73339df 100644 --- a/src/lib/libcrypto/bio/bss_null.c +++ b/src/lib/libcrypto/bio/bss_null.c | |||
| @@ -59,26 +59,15 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bio.h" | 62 | #include <openssl/bio.h> |
| 63 | 63 | ||
| 64 | #ifndef NOPROTO | 64 | static int null_write(BIO *h, const char *buf, int num); |
| 65 | static int null_write(BIO *h,char *buf,int num); | 65 | static int null_read(BIO *h, char *buf, int size); |
| 66 | static int null_read(BIO *h,char *buf,int size); | 66 | static int null_puts(BIO *h, const char *str); |
| 67 | static int null_puts(BIO *h,char *str); | 67 | static int null_gets(BIO *h, char *str, int size); |
| 68 | static int null_gets(BIO *h,char *str,int size); | 68 | static long null_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 69 | static long null_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 70 | static int null_new(BIO *h); | 69 | static int null_new(BIO *h); |
| 71 | static int null_free(BIO *data); | 70 | static int null_free(BIO *data); |
| 72 | #else | ||
| 73 | static int null_write(); | ||
| 74 | static int null_read(); | ||
| 75 | static int null_puts(); | ||
| 76 | static int null_gets(); | ||
| 77 | static long null_ctrl(); | ||
| 78 | static int null_new(); | ||
| 79 | static int null_free(); | ||
| 80 | #endif | ||
| 81 | |||
| 82 | static BIO_METHOD null_method= | 71 | static BIO_METHOD null_method= |
| 83 | { | 72 | { |
| 84 | BIO_TYPE_NULL, | 73 | BIO_TYPE_NULL, |
| @@ -90,15 +79,15 @@ static BIO_METHOD null_method= | |||
| 90 | null_ctrl, | 79 | null_ctrl, |
| 91 | null_new, | 80 | null_new, |
| 92 | null_free, | 81 | null_free, |
| 82 | NULL, | ||
| 93 | }; | 83 | }; |
| 94 | 84 | ||
| 95 | BIO_METHOD *BIO_s_null() | 85 | BIO_METHOD *BIO_s_null(void) |
| 96 | { | 86 | { |
| 97 | return(&null_method); | 87 | return(&null_method); |
| 98 | } | 88 | } |
| 99 | 89 | ||
| 100 | static int null_new(bi) | 90 | static int null_new(BIO *bi) |
| 101 | BIO *bi; | ||
| 102 | { | 91 | { |
| 103 | bi->init=1; | 92 | bi->init=1; |
| 104 | bi->num=0; | 93 | bi->num=0; |
| @@ -106,34 +95,23 @@ BIO *bi; | |||
| 106 | return(1); | 95 | return(1); |
| 107 | } | 96 | } |
| 108 | 97 | ||
| 109 | static int null_free(a) | 98 | static int null_free(BIO *a) |
| 110 | BIO *a; | ||
| 111 | { | 99 | { |
| 112 | if (a == NULL) return(0); | 100 | if (a == NULL) return(0); |
| 113 | return(1); | 101 | return(1); |
| 114 | } | 102 | } |
| 115 | 103 | ||
| 116 | static int null_read(b,out,outl) | 104 | static int null_read(BIO *b, char *out, int outl) |
| 117 | BIO *b; | ||
| 118 | char *out; | ||
| 119 | int outl; | ||
| 120 | { | 105 | { |
| 121 | return(0); | 106 | return(0); |
| 122 | } | 107 | } |
| 123 | 108 | ||
| 124 | static int null_write(b,in,inl) | 109 | static int null_write(BIO *b, const char *in, int inl) |
| 125 | BIO *b; | ||
| 126 | char *in; | ||
| 127 | int inl; | ||
| 128 | { | 110 | { |
| 129 | return(inl); | 111 | return(inl); |
| 130 | } | 112 | } |
| 131 | 113 | ||
| 132 | static long null_ctrl(b,cmd,num,ptr) | 114 | static long null_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 133 | BIO *b; | ||
| 134 | int cmd; | ||
| 135 | long num; | ||
| 136 | char *ptr; | ||
| 137 | { | 115 | { |
| 138 | long ret=1; | 116 | long ret=1; |
| 139 | 117 | ||
| @@ -159,17 +137,12 @@ char *ptr; | |||
| 159 | return(ret); | 137 | return(ret); |
| 160 | } | 138 | } |
| 161 | 139 | ||
| 162 | static int null_gets(bp,buf,size) | 140 | static int null_gets(BIO *bp, char *buf, int size) |
| 163 | BIO *bp; | ||
| 164 | char *buf; | ||
| 165 | int size; | ||
| 166 | { | 141 | { |
| 167 | return(0); | 142 | return(0); |
| 168 | } | 143 | } |
| 169 | 144 | ||
| 170 | static int null_puts(bp,str) | 145 | static int null_puts(BIO *bp, const char *str) |
| 171 | BIO *bp; | ||
| 172 | char *str; | ||
| 173 | { | 146 | { |
| 174 | if (str == NULL) return(0); | 147 | if (str == NULL) return(0); |
| 175 | return(strlen(str)); | 148 | return(strlen(str)); |
diff --git a/src/lib/libcrypto/bio/bss_sock.c b/src/lib/libcrypto/bio/bss_sock.c index d907a2867b..fdabd16d7e 100644 --- a/src/lib/libcrypto/bio/bss_sock.c +++ b/src/lib/libcrypto/bio/bss_sock.c | |||
| @@ -56,55 +56,22 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #if !defined(NO_SOCK) || defined(BIO_FD) | 59 | #ifndef OPENSSL_NO_SOCK |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include <errno.h> | 62 | #include <errno.h> |
| 63 | #define USE_SOCKETS | 63 | #define USE_SOCKETS |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | #include "bio.h" | 65 | #include <openssl/bio.h> |
| 66 | 66 | ||
| 67 | #ifndef BIO_FD | 67 | static int sock_write(BIO *h, const char *buf, int num); |
| 68 | #ifndef NOPROTO | 68 | static int sock_read(BIO *h, char *buf, int size); |
| 69 | static int sock_write(BIO *h,char *buf,int num); | 69 | static int sock_puts(BIO *h, const char *str); |
| 70 | static int sock_read(BIO *h,char *buf,int size); | 70 | static long sock_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 71 | static int sock_puts(BIO *h,char *str); | ||
| 72 | static long sock_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 73 | static int sock_new(BIO *h); | 71 | static int sock_new(BIO *h); |
| 74 | static int sock_free(BIO *data); | 72 | static int sock_free(BIO *data); |
| 75 | int BIO_sock_should_retry(int s); | 73 | int BIO_sock_should_retry(int s); |
| 76 | #else | ||
| 77 | static int sock_write(); | ||
| 78 | static int sock_read(); | ||
| 79 | static int sock_puts(); | ||
| 80 | static long sock_ctrl(); | ||
| 81 | static int sock_new(); | ||
| 82 | static int sock_free(); | ||
| 83 | int BIO_sock_should_retry(); | ||
| 84 | #endif | ||
| 85 | |||
| 86 | #else | ||
| 87 | |||
| 88 | #ifndef NOPROTO | ||
| 89 | static int fd_write(BIO *h,char *buf,int num); | ||
| 90 | static int fd_read(BIO *h,char *buf,int size); | ||
| 91 | static int fd_puts(BIO *h,char *str); | ||
| 92 | static long fd_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 93 | static int fd_new(BIO *h); | ||
| 94 | static int fd_free(BIO *data); | ||
| 95 | int BIO_fd_should_retry(int s); | ||
| 96 | #else | ||
| 97 | static int fd_write(); | ||
| 98 | static int fd_read(); | ||
| 99 | static int fd_puts(); | ||
| 100 | static long fd_ctrl(); | ||
| 101 | static int fd_new(); | ||
| 102 | static int fd_free(); | ||
| 103 | int BIO_fd_should_retry(); | ||
| 104 | #endif | ||
| 105 | #endif | ||
| 106 | 74 | ||
| 107 | #ifndef BIO_FD | ||
| 108 | static BIO_METHOD methods_sockp= | 75 | static BIO_METHOD methods_sockp= |
| 109 | { | 76 | { |
| 110 | BIO_TYPE_SOCKET, | 77 | BIO_TYPE_SOCKET, |
| @@ -116,57 +83,25 @@ static BIO_METHOD methods_sockp= | |||
| 116 | sock_ctrl, | 83 | sock_ctrl, |
| 117 | sock_new, | 84 | sock_new, |
| 118 | sock_free, | 85 | sock_free, |
| 86 | NULL, | ||
| 119 | }; | 87 | }; |
| 120 | 88 | ||
| 121 | BIO_METHOD *BIO_s_socket() | 89 | BIO_METHOD *BIO_s_socket(void) |
| 122 | { | 90 | { |
| 123 | return(&methods_sockp); | 91 | return(&methods_sockp); |
| 124 | } | 92 | } |
| 125 | #else | ||
| 126 | static BIO_METHOD methods_fdp= | ||
| 127 | { | ||
| 128 | BIO_TYPE_FD,"file descriptor", | ||
| 129 | fd_write, | ||
| 130 | fd_read, | ||
| 131 | fd_puts, | ||
| 132 | NULL, /* fd_gets, */ | ||
| 133 | fd_ctrl, | ||
| 134 | fd_new, | ||
| 135 | fd_free, | ||
| 136 | }; | ||
| 137 | 93 | ||
| 138 | BIO_METHOD *BIO_s_fd() | 94 | BIO *BIO_new_socket(int fd, int close_flag) |
| 139 | { | ||
| 140 | return(&methods_fdp); | ||
| 141 | } | ||
| 142 | #endif | ||
| 143 | |||
| 144 | #ifndef BIO_FD | ||
| 145 | BIO *BIO_new_socket(fd,close_flag) | ||
| 146 | #else | ||
| 147 | BIO *BIO_new_fd(fd,close_flag) | ||
| 148 | #endif | ||
| 149 | int fd; | ||
| 150 | int close_flag; | ||
| 151 | { | 95 | { |
| 152 | BIO *ret; | 96 | BIO *ret; |
| 153 | 97 | ||
| 154 | #ifndef BIO_FD | ||
| 155 | ret=BIO_new(BIO_s_socket()); | 98 | ret=BIO_new(BIO_s_socket()); |
| 156 | #else | ||
| 157 | ret=BIO_new(BIO_s_fd()); | ||
| 158 | #endif | ||
| 159 | if (ret == NULL) return(NULL); | 99 | if (ret == NULL) return(NULL); |
| 160 | BIO_set_fd(ret,fd,close_flag); | 100 | BIO_set_fd(ret,fd,close_flag); |
| 161 | return(ret); | 101 | return(ret); |
| 162 | } | 102 | } |
| 163 | 103 | ||
| 164 | #ifndef BIO_FD | 104 | static int sock_new(BIO *bi) |
| 165 | static int sock_new(bi) | ||
| 166 | #else | ||
| 167 | static int fd_new(bi) | ||
| 168 | #endif | ||
| 169 | BIO *bi; | ||
| 170 | { | 105 | { |
| 171 | bi->init=0; | 106 | bi->init=0; |
| 172 | bi->num=0; | 107 | bi->num=0; |
| @@ -175,29 +110,14 @@ BIO *bi; | |||
| 175 | return(1); | 110 | return(1); |
| 176 | } | 111 | } |
| 177 | 112 | ||
| 178 | #ifndef BIO_FD | 113 | static int sock_free(BIO *a) |
| 179 | static int sock_free(a) | ||
| 180 | #else | ||
| 181 | static int fd_free(a) | ||
| 182 | #endif | ||
| 183 | BIO *a; | ||
| 184 | { | 114 | { |
| 185 | if (a == NULL) return(0); | 115 | if (a == NULL) return(0); |
| 186 | if (a->shutdown) | 116 | if (a->shutdown) |
| 187 | { | 117 | { |
| 188 | if (a->init) | 118 | if (a->init) |
| 189 | { | 119 | { |
| 190 | #ifndef BIO_FD | 120 | SHUTDOWN2(a->num); |
| 191 | shutdown(a->num,2); | ||
| 192 | # ifdef WINDOWS | ||
| 193 | closesocket(a->num); | ||
| 194 | # else | ||
| 195 | close(a->num); | ||
| 196 | # endif | ||
| 197 | #else /* BIO_FD */ | ||
| 198 | close(a->num); | ||
| 199 | #endif | ||
| 200 | |||
| 201 | } | 121 | } |
| 202 | a->init=0; | 122 | a->init=0; |
| 203 | a->flags=0; | 123 | a->flags=0; |
| @@ -205,80 +125,40 @@ BIO *a; | |||
| 205 | return(1); | 125 | return(1); |
| 206 | } | 126 | } |
| 207 | 127 | ||
| 208 | #ifndef BIO_FD | 128 | static int sock_read(BIO *b, char *out, int outl) |
| 209 | static int sock_read(b,out,outl) | ||
| 210 | #else | ||
| 211 | static int fd_read(b,out,outl) | ||
| 212 | #endif | ||
| 213 | BIO *b; | ||
| 214 | char *out; | ||
| 215 | int outl; | ||
| 216 | { | 129 | { |
| 217 | int ret=0; | 130 | int ret=0; |
| 218 | 131 | ||
| 219 | if (out != NULL) | 132 | if (out != NULL) |
| 220 | { | 133 | { |
| 221 | #if defined(WINDOWS) && !defined(BIO_FD) | ||
| 222 | clear_socket_error(); | 134 | clear_socket_error(); |
| 223 | ret=recv(b->num,out,outl,0); | 135 | ret=readsocket(b->num,out,outl); |
| 224 | #else | ||
| 225 | clear_sys_error(); | ||
| 226 | ret=read(b->num,out,outl); | ||
| 227 | #endif | ||
| 228 | BIO_clear_retry_flags(b); | 136 | BIO_clear_retry_flags(b); |
| 229 | if (ret <= 0) | 137 | if (ret <= 0) |
| 230 | { | 138 | { |
| 231 | #ifndef BIO_FD | ||
| 232 | if (BIO_sock_should_retry(ret)) | 139 | if (BIO_sock_should_retry(ret)) |
| 233 | #else | ||
| 234 | if (BIO_fd_should_retry(ret)) | ||
| 235 | #endif | ||
| 236 | BIO_set_retry_read(b); | 140 | BIO_set_retry_read(b); |
| 237 | } | 141 | } |
| 238 | } | 142 | } |
| 239 | return(ret); | 143 | return(ret); |
| 240 | } | 144 | } |
| 241 | 145 | ||
| 242 | #ifndef BIO_FD | 146 | static int sock_write(BIO *b, const char *in, int inl) |
| 243 | static int sock_write(b,in,inl) | ||
| 244 | #else | ||
| 245 | static int fd_write(b,in,inl) | ||
| 246 | #endif | ||
| 247 | BIO *b; | ||
| 248 | char *in; | ||
| 249 | int inl; | ||
| 250 | { | 147 | { |
| 251 | int ret; | 148 | int ret; |
| 252 | 149 | ||
| 253 | #if defined(WINDOWS) && !defined(BIO_FD) | ||
| 254 | clear_socket_error(); | 150 | clear_socket_error(); |
| 255 | ret=send(b->num,in,inl,0); | 151 | ret=writesocket(b->num,in,inl); |
| 256 | #else | ||
| 257 | clear_sys_error(); | ||
| 258 | ret=write(b->num,in,inl); | ||
| 259 | #endif | ||
| 260 | BIO_clear_retry_flags(b); | 152 | BIO_clear_retry_flags(b); |
| 261 | if (ret <= 0) | 153 | if (ret <= 0) |
| 262 | { | 154 | { |
| 263 | #ifndef BIO_FD | ||
| 264 | if (BIO_sock_should_retry(ret)) | 155 | if (BIO_sock_should_retry(ret)) |
| 265 | #else | ||
| 266 | if (BIO_fd_should_retry(ret)) | ||
| 267 | #endif | ||
| 268 | BIO_set_retry_write(b); | 156 | BIO_set_retry_write(b); |
| 269 | } | 157 | } |
| 270 | return(ret); | 158 | return(ret); |
| 271 | } | 159 | } |
| 272 | 160 | ||
| 273 | #ifndef BIO_FD | 161 | static long sock_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 274 | static long sock_ctrl(b,cmd,num,ptr) | ||
| 275 | #else | ||
| 276 | static long fd_ctrl(b,cmd,num,ptr) | ||
| 277 | #endif | ||
| 278 | BIO *b; | ||
| 279 | int cmd; | ||
| 280 | long num; | ||
| 281 | char *ptr; | ||
| 282 | { | 162 | { |
| 283 | long ret=1; | 163 | long ret=1; |
| 284 | int *ip; | 164 | int *ip; |
| @@ -286,21 +166,16 @@ char *ptr; | |||
| 286 | switch (cmd) | 166 | switch (cmd) |
| 287 | { | 167 | { |
| 288 | case BIO_CTRL_RESET: | 168 | case BIO_CTRL_RESET: |
| 289 | #ifdef BIO_FD | 169 | num=0; |
| 290 | ret=(long)lseek(b->num,0,0); | 170 | case BIO_C_FILE_SEEK: |
| 291 | #else | ||
| 292 | ret=0; | 171 | ret=0; |
| 293 | #endif | ||
| 294 | break; | 172 | break; |
| 173 | case BIO_C_FILE_TELL: | ||
| 295 | case BIO_CTRL_INFO: | 174 | case BIO_CTRL_INFO: |
| 296 | ret=0; | 175 | ret=0; |
| 297 | break; | 176 | break; |
| 298 | case BIO_C_SET_FD: | 177 | case BIO_C_SET_FD: |
| 299 | #ifndef BIO_FD | ||
| 300 | sock_free(b); | 178 | sock_free(b); |
| 301 | #else | ||
| 302 | fd_free(b); | ||
| 303 | #endif | ||
| 304 | b->num= *((int *)ptr); | 179 | b->num= *((int *)ptr); |
| 305 | b->shutdown=(int)num; | 180 | b->shutdown=(int)num; |
| 306 | b->init=1; | 181 | b->init=1; |
| @@ -329,7 +204,6 @@ char *ptr; | |||
| 329 | case BIO_CTRL_FLUSH: | 204 | case BIO_CTRL_FLUSH: |
| 330 | ret=1; | 205 | ret=1; |
| 331 | break; | 206 | break; |
| 332 | break; | ||
| 333 | default: | 207 | default: |
| 334 | ret=0; | 208 | ret=0; |
| 335 | break; | 209 | break; |
| @@ -337,82 +211,46 @@ char *ptr; | |||
| 337 | return(ret); | 211 | return(ret); |
| 338 | } | 212 | } |
| 339 | 213 | ||
| 340 | #ifdef undef | 214 | static int sock_puts(BIO *bp, const char *str) |
| 341 | static int sock_gets(bp,buf,size) | ||
| 342 | BIO *bp; | ||
| 343 | char *buf; | ||
| 344 | int size; | ||
| 345 | { | ||
| 346 | return(-1); | ||
| 347 | } | ||
| 348 | #endif | ||
| 349 | |||
| 350 | #ifndef BIO_FD | ||
| 351 | static int sock_puts(bp,str) | ||
| 352 | #else | ||
| 353 | static int fd_puts(bp,str) | ||
| 354 | #endif | ||
| 355 | BIO *bp; | ||
| 356 | char *str; | ||
| 357 | { | 215 | { |
| 358 | int n,ret; | 216 | int n,ret; |
| 359 | 217 | ||
| 360 | n=strlen(str); | 218 | n=strlen(str); |
| 361 | #ifndef BIO_FD | ||
| 362 | ret=sock_write(bp,str,n); | 219 | ret=sock_write(bp,str,n); |
| 363 | #else | ||
| 364 | ret=fd_write(bp,str,n); | ||
| 365 | #endif | ||
| 366 | return(ret); | 220 | return(ret); |
| 367 | } | 221 | } |
| 368 | 222 | ||
| 369 | #ifndef BIO_FD | 223 | int BIO_sock_should_retry(int i) |
| 370 | int BIO_sock_should_retry(i) | ||
| 371 | #else | ||
| 372 | int BIO_fd_should_retry(i) | ||
| 373 | #endif | ||
| 374 | int i; | ||
| 375 | { | 224 | { |
| 376 | int err; | 225 | int err; |
| 377 | 226 | ||
| 378 | if ((i == 0) || (i == -1)) | 227 | if ((i == 0) || (i == -1)) |
| 379 | { | 228 | { |
| 380 | #if !defined(BIO_FD) && defined(WINDOWS) | ||
| 381 | err=get_last_socket_error(); | 229 | err=get_last_socket_error(); |
| 382 | #else | ||
| 383 | err=get_last_sys_error(); | ||
| 384 | #endif | ||
| 385 | 230 | ||
| 386 | #if defined(WINDOWS) /* more microsoft stupidity */ | 231 | #if defined(OPENSSL_SYS_WINDOWS) && 0 /* more microsoft stupidity? perhaps not? Ben 4/1/99 */ |
| 387 | if ((i == -1) && (err == 0)) | 232 | if ((i == -1) && (err == 0)) |
| 388 | return(1); | 233 | return(1); |
| 389 | #endif | 234 | #endif |
| 390 | 235 | ||
| 391 | #ifndef BIO_FD | ||
| 392 | return(BIO_sock_non_fatal_error(err)); | 236 | return(BIO_sock_non_fatal_error(err)); |
| 393 | #else | ||
| 394 | return(BIO_fd_non_fatal_error(err)); | ||
| 395 | #endif | ||
| 396 | } | 237 | } |
| 397 | return(0); | 238 | return(0); |
| 398 | } | 239 | } |
| 399 | 240 | ||
| 400 | #ifndef BIO_FD | 241 | int BIO_sock_non_fatal_error(int err) |
| 401 | int BIO_sock_non_fatal_error(err) | ||
| 402 | #else | ||
| 403 | int BIO_fd_non_fatal_error(err) | ||
| 404 | #endif | ||
| 405 | int err; | ||
| 406 | { | 242 | { |
| 407 | switch (err) | 243 | switch (err) |
| 408 | { | 244 | { |
| 409 | #if !defined(BIO_FD) && defined(WINDOWS) | 245 | #if defined(OPENSSL_SYS_WINDOWS) |
| 410 | # if defined(WSAEWOULDBLOCK) | 246 | # if defined(WSAEWOULDBLOCK) |
| 411 | case WSAEWOULDBLOCK: | 247 | case WSAEWOULDBLOCK: |
| 412 | # endif | 248 | # endif |
| 413 | 249 | ||
| 414 | # if defined(WSAENOTCONN) | 250 | # if 0 /* This appears to always be an error */ |
| 251 | # if defined(WSAENOTCONN) | ||
| 415 | case WSAENOTCONN: | 252 | case WSAENOTCONN: |
| 253 | # endif | ||
| 416 | # endif | 254 | # endif |
| 417 | #endif | 255 | #endif |
| 418 | 256 | ||
| @@ -452,7 +290,7 @@ int err; | |||
| 452 | case EALREADY: | 290 | case EALREADY: |
| 453 | #endif | 291 | #endif |
| 454 | return(1); | 292 | return(1); |
| 455 | break; | 293 | /* break; */ |
| 456 | default: | 294 | default: |
| 457 | break; | 295 | break; |
| 458 | } | 296 | } |
diff --git a/src/lib/libcrypto/bn/asm/bn-586.pl b/src/lib/libcrypto/bn/asm/bn-586.pl index 19d425ee96..33f6125920 100644 --- a/src/lib/libcrypto/bn/asm/bn-586.pl +++ b/src/lib/libcrypto/bn/asm/bn-586.pl | |||
| @@ -1,18 +1,17 @@ | |||
| 1 | #!/usr/bin/perl | ||
| 2 | # | ||
| 3 | |||
| 4 | #!/usr/local/bin/perl | 1 | #!/usr/local/bin/perl |
| 5 | 2 | ||
| 6 | push(@INC,"perlasm","../../perlasm"); | 3 | push(@INC,"perlasm","../../perlasm"); |
| 7 | require "x86asm.pl"; | 4 | require "x86asm.pl"; |
| 8 | 5 | ||
| 9 | &asm_init($ARGV[0],"bn-586.pl"); | 6 | &asm_init($ARGV[0],$0); |
| 10 | 7 | ||
| 11 | &bn_mul_add_words("bn_mul_add_words"); | 8 | &bn_mul_add_words("bn_mul_add_words"); |
| 12 | &bn_mul_words("bn_mul_words"); | 9 | &bn_mul_words("bn_mul_words"); |
| 13 | &bn_sqr_words("bn_sqr_words"); | 10 | &bn_sqr_words("bn_sqr_words"); |
| 14 | &bn_div64("bn_div64"); | 11 | &bn_div_words("bn_div_words"); |
| 15 | &bn_add_words("bn_add_words"); | 12 | &bn_add_words("bn_add_words"); |
| 13 | &bn_sub_words("bn_sub_words"); | ||
| 14 | &bn_sub_part_words("bn_sub_part_words"); | ||
| 16 | 15 | ||
| 17 | &asm_finish(); | 16 | &asm_finish(); |
| 18 | 17 | ||
| @@ -228,7 +227,7 @@ sub bn_sqr_words | |||
| 228 | &function_end($name); | 227 | &function_end($name); |
| 229 | } | 228 | } |
| 230 | 229 | ||
| 231 | sub bn_div64 | 230 | sub bn_div_words |
| 232 | { | 231 | { |
| 233 | local($name)=@_; | 232 | local($name)=@_; |
| 234 | 233 | ||
| @@ -302,12 +301,292 @@ sub bn_add_words | |||
| 302 | &add($tmp1,$tmp2); | 301 | &add($tmp1,$tmp2); |
| 303 | &adc($c,0); | 302 | &adc($c,0); |
| 304 | &dec($num) if ($i != 6); | 303 | &dec($num) if ($i != 6); |
| 305 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *a | 304 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r |
| 306 | &jz(&label("aw_end")) if ($i != 6); | 305 | &jz(&label("aw_end")) if ($i != 6); |
| 307 | } | 306 | } |
| 308 | &set_label("aw_end",0); | 307 | &set_label("aw_end",0); |
| 309 | 308 | ||
| 310 | &mov("eax",$c); | 309 | # &mov("eax",$c); # $c is "eax" |
| 310 | |||
| 311 | &function_end($name); | ||
| 312 | } | ||
| 313 | |||
| 314 | sub bn_sub_words | ||
| 315 | { | ||
| 316 | local($name)=@_; | ||
| 317 | |||
| 318 | &function_begin($name,""); | ||
| 319 | |||
| 320 | &comment(""); | ||
| 321 | $a="esi"; | ||
| 322 | $b="edi"; | ||
| 323 | $c="eax"; | ||
| 324 | $r="ebx"; | ||
| 325 | $tmp1="ecx"; | ||
| 326 | $tmp2="edx"; | ||
| 327 | $num="ebp"; | ||
| 328 | |||
| 329 | &mov($r,&wparam(0)); # get r | ||
| 330 | &mov($a,&wparam(1)); # get a | ||
| 331 | &mov($b,&wparam(2)); # get b | ||
| 332 | &mov($num,&wparam(3)); # get num | ||
| 333 | &xor($c,$c); # clear carry | ||
| 334 | &and($num,0xfffffff8); # num / 8 | ||
| 335 | |||
| 336 | &jz(&label("aw_finish")); | ||
| 337 | |||
| 338 | &set_label("aw_loop",0); | ||
| 339 | for ($i=0; $i<8; $i++) | ||
| 340 | { | ||
| 341 | &comment("Round $i"); | ||
| 342 | |||
| 343 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 344 | &mov($tmp2,&DWP($i*4,$b,"",0)); # *b | ||
| 345 | &sub($tmp1,$c); | ||
| 346 | &mov($c,0); | ||
| 347 | &adc($c,$c); | ||
| 348 | &sub($tmp1,$tmp2); | ||
| 349 | &adc($c,0); | ||
| 350 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 351 | } | ||
| 352 | |||
| 353 | &comment(""); | ||
| 354 | &add($a,32); | ||
| 355 | &add($b,32); | ||
| 356 | &add($r,32); | ||
| 357 | &sub($num,8); | ||
| 358 | &jnz(&label("aw_loop")); | ||
| 359 | |||
| 360 | &set_label("aw_finish",0); | ||
| 361 | &mov($num,&wparam(3)); # get num | ||
| 362 | &and($num,7); | ||
| 363 | &jz(&label("aw_end")); | ||
| 364 | |||
| 365 | for ($i=0; $i<7; $i++) | ||
| 366 | { | ||
| 367 | &comment("Tail Round $i"); | ||
| 368 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 369 | &mov($tmp2,&DWP($i*4,$b,"",0));# *b | ||
| 370 | &sub($tmp1,$c); | ||
| 371 | &mov($c,0); | ||
| 372 | &adc($c,$c); | ||
| 373 | &sub($tmp1,$tmp2); | ||
| 374 | &adc($c,0); | ||
| 375 | &dec($num) if ($i != 6); | ||
| 376 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 377 | &jz(&label("aw_end")) if ($i != 6); | ||
| 378 | } | ||
| 379 | &set_label("aw_end",0); | ||
| 380 | |||
| 381 | # &mov("eax",$c); # $c is "eax" | ||
| 382 | |||
| 383 | &function_end($name); | ||
| 384 | } | ||
| 385 | |||
| 386 | sub bn_sub_part_words | ||
| 387 | { | ||
| 388 | local($name)=@_; | ||
| 389 | |||
| 390 | &function_begin($name,""); | ||
| 391 | |||
| 392 | &comment(""); | ||
| 393 | $a="esi"; | ||
| 394 | $b="edi"; | ||
| 395 | $c="eax"; | ||
| 396 | $r="ebx"; | ||
| 397 | $tmp1="ecx"; | ||
| 398 | $tmp2="edx"; | ||
| 399 | $num="ebp"; | ||
| 400 | |||
| 401 | &mov($r,&wparam(0)); # get r | ||
| 402 | &mov($a,&wparam(1)); # get a | ||
| 403 | &mov($b,&wparam(2)); # get b | ||
| 404 | &mov($num,&wparam(3)); # get num | ||
| 405 | &xor($c,$c); # clear carry | ||
| 406 | &and($num,0xfffffff8); # num / 8 | ||
| 407 | |||
| 408 | &jz(&label("aw_finish")); | ||
| 409 | |||
| 410 | &set_label("aw_loop",0); | ||
| 411 | for ($i=0; $i<8; $i++) | ||
| 412 | { | ||
| 413 | &comment("Round $i"); | ||
| 414 | |||
| 415 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 416 | &mov($tmp2,&DWP($i*4,$b,"",0)); # *b | ||
| 417 | &sub($tmp1,$c); | ||
| 418 | &mov($c,0); | ||
| 419 | &adc($c,$c); | ||
| 420 | &sub($tmp1,$tmp2); | ||
| 421 | &adc($c,0); | ||
| 422 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 423 | } | ||
| 424 | |||
| 425 | &comment(""); | ||
| 426 | &add($a,32); | ||
| 427 | &add($b,32); | ||
| 428 | &add($r,32); | ||
| 429 | &sub($num,8); | ||
| 430 | &jnz(&label("aw_loop")); | ||
| 431 | |||
| 432 | &set_label("aw_finish",0); | ||
| 433 | &mov($num,&wparam(3)); # get num | ||
| 434 | &and($num,7); | ||
| 435 | &jz(&label("aw_end")); | ||
| 436 | |||
| 437 | for ($i=0; $i<7; $i++) | ||
| 438 | { | ||
| 439 | &comment("Tail Round $i"); | ||
| 440 | &mov($tmp1,&DWP(0,$a,"",0)); # *a | ||
| 441 | &mov($tmp2,&DWP(0,$b,"",0));# *b | ||
| 442 | &sub($tmp1,$c); | ||
| 443 | &mov($c,0); | ||
| 444 | &adc($c,$c); | ||
| 445 | &sub($tmp1,$tmp2); | ||
| 446 | &adc($c,0); | ||
| 447 | &mov(&DWP(0,$r,"",0),$tmp1); # *r | ||
| 448 | &add($a, 4); | ||
| 449 | &add($b, 4); | ||
| 450 | &add($r, 4); | ||
| 451 | &dec($num) if ($i != 6); | ||
| 452 | &jz(&label("aw_end")) if ($i != 6); | ||
| 453 | } | ||
| 454 | &set_label("aw_end",0); | ||
| 455 | |||
| 456 | &cmp(&wparam(4),0); | ||
| 457 | &je(&label("pw_end")); | ||
| 458 | |||
| 459 | &mov($num,&wparam(4)); # get dl | ||
| 460 | &cmp($num,0); | ||
| 461 | &je(&label("pw_end")); | ||
| 462 | &jge(&label("pw_pos")); | ||
| 463 | |||
| 464 | &comment("pw_neg"); | ||
| 465 | &mov($tmp2,0); | ||
| 466 | &sub($tmp2,$num); | ||
| 467 | &mov($num,$tmp2); | ||
| 468 | &and($num,0xfffffff8); # num / 8 | ||
| 469 | &jz(&label("pw_neg_finish")); | ||
| 470 | |||
| 471 | &set_label("pw_neg_loop",0); | ||
| 472 | for ($i=0; $i<8; $i++) | ||
| 473 | { | ||
| 474 | &comment("dl<0 Round $i"); | ||
| 475 | |||
| 476 | &mov($tmp1,0); | ||
| 477 | &mov($tmp2,&DWP($i*4,$b,"",0)); # *b | ||
| 478 | &sub($tmp1,$c); | ||
| 479 | &mov($c,0); | ||
| 480 | &adc($c,$c); | ||
| 481 | &sub($tmp1,$tmp2); | ||
| 482 | &adc($c,0); | ||
| 483 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 484 | } | ||
| 485 | |||
| 486 | &comment(""); | ||
| 487 | &add($b,32); | ||
| 488 | &add($r,32); | ||
| 489 | &sub($num,8); | ||
| 490 | &jnz(&label("pw_neg_loop")); | ||
| 491 | |||
| 492 | &set_label("pw_neg_finish",0); | ||
| 493 | &mov($tmp2,&wparam(4)); # get dl | ||
| 494 | &mov($num,0); | ||
| 495 | &sub($num,$tmp2); | ||
| 496 | &and($num,7); | ||
| 497 | &jz(&label("pw_end")); | ||
| 498 | |||
| 499 | for ($i=0; $i<7; $i++) | ||
| 500 | { | ||
| 501 | &comment("dl<0 Tail Round $i"); | ||
| 502 | &mov($tmp1,0); | ||
| 503 | &mov($tmp2,&DWP($i*4,$b,"",0));# *b | ||
| 504 | &sub($tmp1,$c); | ||
| 505 | &mov($c,0); | ||
| 506 | &adc($c,$c); | ||
| 507 | &sub($tmp1,$tmp2); | ||
| 508 | &adc($c,0); | ||
| 509 | &dec($num) if ($i != 6); | ||
| 510 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 511 | &jz(&label("pw_end")) if ($i != 6); | ||
| 512 | } | ||
| 513 | |||
| 514 | &jmp(&label("pw_end")); | ||
| 515 | |||
| 516 | &set_label("pw_pos",0); | ||
| 517 | |||
| 518 | &and($num,0xfffffff8); # num / 8 | ||
| 519 | &jz(&label("pw_pos_finish")); | ||
| 520 | |||
| 521 | &set_label("pw_pos_loop",0); | ||
| 522 | |||
| 523 | for ($i=0; $i<8; $i++) | ||
| 524 | { | ||
| 525 | &comment("dl>0 Round $i"); | ||
| 526 | |||
| 527 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 528 | &sub($tmp1,$c); | ||
| 529 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 530 | &jnc(&label("pw_nc".$i)); | ||
| 531 | } | ||
| 532 | |||
| 533 | &comment(""); | ||
| 534 | &add($a,32); | ||
| 535 | &add($r,32); | ||
| 536 | &sub($num,8); | ||
| 537 | &jnz(&label("pw_pos_loop")); | ||
| 538 | |||
| 539 | &set_label("pw_pos_finish",0); | ||
| 540 | &mov($num,&wparam(4)); # get dl | ||
| 541 | &and($num,7); | ||
| 542 | &jz(&label("pw_end")); | ||
| 543 | |||
| 544 | for ($i=0; $i<7; $i++) | ||
| 545 | { | ||
| 546 | &comment("dl>0 Tail Round $i"); | ||
| 547 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 548 | &sub($tmp1,$c); | ||
| 549 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 550 | &jnc(&label("pw_tail_nc".$i)); | ||
| 551 | &dec($num) if ($i != 6); | ||
| 552 | &jz(&label("pw_end")) if ($i != 6); | ||
| 553 | } | ||
| 554 | &mov($c,1); | ||
| 555 | &jmp(&label("pw_end")); | ||
| 556 | |||
| 557 | &set_label("pw_nc_loop",0); | ||
| 558 | for ($i=0; $i<8; $i++) | ||
| 559 | { | ||
| 560 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 561 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 562 | &set_label("pw_nc".$i,0); | ||
| 563 | } | ||
| 564 | |||
| 565 | &comment(""); | ||
| 566 | &add($a,32); | ||
| 567 | &add($r,32); | ||
| 568 | &sub($num,8); | ||
| 569 | &jnz(&label("pw_nc_loop")); | ||
| 570 | |||
| 571 | &mov($num,&wparam(4)); # get dl | ||
| 572 | &and($num,7); | ||
| 573 | &jz(&label("pw_nc_end")); | ||
| 574 | |||
| 575 | for ($i=0; $i<7; $i++) | ||
| 576 | { | ||
| 577 | &mov($tmp1,&DWP($i*4,$a,"",0)); # *a | ||
| 578 | &mov(&DWP($i*4,$r,"",0),$tmp1); # *r | ||
| 579 | &set_label("pw_tail_nc".$i,0); | ||
| 580 | &dec($num) if ($i != 6); | ||
| 581 | &jz(&label("pw_nc_end")) if ($i != 6); | ||
| 582 | } | ||
| 583 | |||
| 584 | &set_label("pw_nc_end",0); | ||
| 585 | &mov($c,0); | ||
| 586 | |||
| 587 | &set_label("pw_end",0); | ||
| 588 | |||
| 589 | # &mov("eax",$c); # $c is "eax" | ||
| 311 | 590 | ||
| 312 | &function_end($name); | 591 | &function_end($name); |
| 313 | } | 592 | } |
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2.s b/src/lib/libcrypto/bn/asm/pa-risc2.s index c2725996a4..af9730d062 100644 --- a/src/lib/libcrypto/bn/asm/pa-risc2.s +++ b/src/lib/libcrypto/bn/asm/pa-risc2.s | |||
| @@ -1,416 +1,1618 @@ | |||
| 1 | .SPACE $PRIVATE$ | 1 | ; |
| 2 | .SUBSPA $DATA$,QUAD=1,ALIGN=8,ACCESS=31 | 2 | ; PA-RISC 2.0 implementation of bn_asm code, based on the |
| 3 | .SUBSPA $BSS$,QUAD=1,ALIGN=8,ACCESS=31,ZERO,SORT=82 | 3 | ; 64-bit version of the code. This code is effectively the |
| 4 | .SPACE $TEXT$ | 4 | ; same as the 64-bit version except the register model is |
| 5 | .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=44 | 5 | ; slightly different given all values must be 32-bit between |
| 6 | .SUBSPA $CODE$,QUAD=0,ALIGN=8,ACCESS=44,CODE_ONLY | 6 | ; function calls. Thus the 64-bit return values are returned |
| 7 | .IMPORT $global$,DATA | 7 | ; in %ret0 and %ret1 vs just %ret0 as is done in 64-bit |
| 8 | .IMPORT $$dyncall,MILLICODE | 8 | ; |
| 9 | ; gcc_compiled.: | 9 | ; |
| 10 | .SPACE $TEXT$ | 10 | ; This code is approximately 2x faster than the C version |
| 11 | .SUBSPA $CODE$ | 11 | ; for RSA/DSA. |
| 12 | 12 | ; | |
| 13 | .align 4 | 13 | ; See http://devresource.hp.com/ for more details on the PA-RISC |
| 14 | .EXPORT bn_mul_add_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR | 14 | ; architecture. Also see the book "PA-RISC 2.0 Architecture" |
| 15 | ; by Gerry Kane for information on the instruction set architecture. | ||
| 16 | ; | ||
| 17 | ; Code written by Chris Ruemmler (with some help from the HP C | ||
| 18 | ; compiler). | ||
| 19 | ; | ||
| 20 | ; The code compiles with HP's assembler | ||
| 21 | ; | ||
| 22 | |||
| 23 | .level 2.0N | ||
| 24 | .space $TEXT$ | ||
| 25 | .subspa $CODE$,QUAD=0,ALIGN=8,ACCESS=0x2c,CODE_ONLY | ||
| 26 | |||
| 27 | ; | ||
| 28 | ; Global Register definitions used for the routines. | ||
| 29 | ; | ||
| 30 | ; Some information about HP's runtime architecture for 32-bits. | ||
| 31 | ; | ||
| 32 | ; "Caller save" means the calling function must save the register | ||
| 33 | ; if it wants the register to be preserved. | ||
| 34 | ; "Callee save" means if a function uses the register, it must save | ||
| 35 | ; the value before using it. | ||
| 36 | ; | ||
| 37 | ; For the floating point registers | ||
| 38 | ; | ||
| 39 | ; "caller save" registers: fr4-fr11, fr22-fr31 | ||
| 40 | ; "callee save" registers: fr12-fr21 | ||
| 41 | ; "special" registers: fr0-fr3 (status and exception registers) | ||
| 42 | ; | ||
| 43 | ; For the integer registers | ||
| 44 | ; value zero : r0 | ||
| 45 | ; "caller save" registers: r1,r19-r26 | ||
| 46 | ; "callee save" registers: r3-r18 | ||
| 47 | ; return register : r2 (rp) | ||
| 48 | ; return values ; r28,r29 (ret0,ret1) | ||
| 49 | ; Stack pointer ; r30 (sp) | ||
| 50 | ; millicode return ptr ; r31 (also a caller save register) | ||
| 51 | |||
| 52 | |||
| 53 | ; | ||
| 54 | ; Arguments to the routines | ||
| 55 | ; | ||
| 56 | r_ptr .reg %r26 | ||
| 57 | a_ptr .reg %r25 | ||
| 58 | b_ptr .reg %r24 | ||
| 59 | num .reg %r24 | ||
| 60 | n .reg %r23 | ||
| 61 | |||
| 62 | ; | ||
| 63 | ; Note that the "w" argument for bn_mul_add_words and bn_mul_words | ||
| 64 | ; is passed on the stack at a delta of -56 from the top of stack | ||
| 65 | ; as the routine is entered. | ||
| 66 | ; | ||
| 67 | |||
| 68 | ; | ||
| 69 | ; Globals used in some routines | ||
| 70 | ; | ||
| 71 | |||
| 72 | top_overflow .reg %r23 | ||
| 73 | high_mask .reg %r22 ; value 0xffffffff80000000L | ||
| 74 | |||
| 75 | |||
| 76 | ;------------------------------------------------------------------------------ | ||
| 77 | ; | ||
| 78 | ; bn_mul_add_words | ||
| 79 | ; | ||
| 80 | ;BN_ULONG bn_mul_add_words(BN_ULONG *r_ptr, BN_ULONG *a_ptr, | ||
| 81 | ; int num, BN_ULONG w) | ||
| 82 | ; | ||
| 83 | ; arg0 = r_ptr | ||
| 84 | ; arg1 = a_ptr | ||
| 85 | ; arg3 = num | ||
| 86 | ; -56(sp) = w | ||
| 87 | ; | ||
| 88 | ; Local register definitions | ||
| 89 | ; | ||
| 90 | |||
| 91 | fm1 .reg %fr22 | ||
| 92 | fm .reg %fr23 | ||
| 93 | ht_temp .reg %fr24 | ||
| 94 | ht_temp_1 .reg %fr25 | ||
| 95 | lt_temp .reg %fr26 | ||
| 96 | lt_temp_1 .reg %fr27 | ||
| 97 | fm1_1 .reg %fr28 | ||
| 98 | fm_1 .reg %fr29 | ||
| 99 | |||
| 100 | fw_h .reg %fr7L | ||
| 101 | fw_l .reg %fr7R | ||
| 102 | fw .reg %fr7 | ||
| 103 | |||
| 104 | fht_0 .reg %fr8L | ||
| 105 | flt_0 .reg %fr8R | ||
| 106 | t_float_0 .reg %fr8 | ||
| 107 | |||
| 108 | fht_1 .reg %fr9L | ||
| 109 | flt_1 .reg %fr9R | ||
| 110 | t_float_1 .reg %fr9 | ||
| 111 | |||
| 112 | tmp_0 .reg %r31 | ||
| 113 | tmp_1 .reg %r21 | ||
| 114 | m_0 .reg %r20 | ||
| 115 | m_1 .reg %r19 | ||
| 116 | ht_0 .reg %r1 | ||
| 117 | ht_1 .reg %r3 | ||
| 118 | lt_0 .reg %r4 | ||
| 119 | lt_1 .reg %r5 | ||
| 120 | m1_0 .reg %r6 | ||
| 121 | m1_1 .reg %r7 | ||
| 122 | rp_val .reg %r8 | ||
| 123 | rp_val_1 .reg %r9 | ||
| 124 | |||
| 15 | bn_mul_add_words | 125 | bn_mul_add_words |
| 16 | .PROC | 126 | .export bn_mul_add_words,entry,NO_RELOCATION,LONG_RETURN |
| 17 | .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=4 | 127 | .proc |
| 18 | .ENTRY | 128 | .callinfo frame=128 |
| 19 | stw %r2,-20(0,%r30) | 129 | .entry |
| 20 | stwm %r4,64(0,%r30) | 130 | .align 64 |
| 21 | copy %r24,%r31 | 131 | |
| 22 | stw %r3,-60(0,%r30) | 132 | STD %r3,0(%sp) ; save r3 |
| 23 | ldi 0,%r20 | 133 | STD %r4,8(%sp) ; save r4 |
| 24 | ldo 12(%r26),%r2 | 134 | NOP ; Needed to make the loop 16-byte aligned |
| 25 | stw %r23,-16(0,%r30) | 135 | NOP ; needed to make the loop 16-byte aligned |
| 26 | copy %r25,%r3 | 136 | |
| 27 | ldo 12(%r3),%r1 | 137 | STD %r5,16(%sp) ; save r5 |
| 28 | fldws -16(0,%r30),%fr8L | 138 | NOP |
| 29 | L$0010 | 139 | STD %r6,24(%sp) ; save r6 |
| 30 | copy %r20,%r25 | 140 | STD %r7,32(%sp) ; save r7 |
| 31 | ldi 0,%r24 | 141 | |
| 32 | fldws 0(0,%r3),%fr9L | 142 | STD %r8,40(%sp) ; save r8 |
| 33 | ldw 0(0,%r26),%r19 | 143 | STD %r9,48(%sp) ; save r9 |
| 34 | xmpyu %fr8L,%fr9L,%fr9 | 144 | COPY %r0,%ret1 ; return 0 by default |
| 35 | fstds %fr9,-16(0,%r30) | 145 | DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 |
| 36 | copy %r19,%r23 | 146 | |
| 37 | ldw -16(0,%r30),%r28 | 147 | CMPIB,>= 0,num,bn_mul_add_words_exit ; if (num <= 0) then exit |
| 38 | ldw -12(0,%r30),%r29 | 148 | LDO 128(%sp),%sp ; bump stack |
| 39 | ldi 0,%r22 | 149 | |
| 40 | add %r23,%r29,%r29 | 150 | ; |
| 41 | addc %r22,%r28,%r28 | 151 | ; The loop is unrolled twice, so if there is only 1 number |
| 42 | add %r25,%r29,%r29 | 152 | ; then go straight to the cleanup code. |
| 43 | addc %r24,%r28,%r28 | 153 | ; |
| 44 | copy %r28,%r21 | 154 | CMPIB,= 1,num,bn_mul_add_words_single_top |
| 45 | ldi 0,%r20 | 155 | FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l) |
| 46 | copy %r21,%r20 | 156 | |
| 47 | addib,= -1,%r31,L$0011 | 157 | ; |
| 48 | stw %r29,0(0,%r26) | 158 | ; This loop is unrolled 2 times (64-byte aligned as well) |
| 49 | copy %r20,%r25 | 159 | ; |
| 50 | ldi 0,%r24 | 160 | ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus |
| 51 | fldws -8(0,%r1),%fr9L | 161 | ; two 32-bit mutiplies can be issued per cycle. |
| 52 | ldw -8(0,%r2),%r19 | 162 | ; |
| 53 | xmpyu %fr8L,%fr9L,%fr9 | 163 | bn_mul_add_words_unroll2 |
| 54 | fstds %fr9,-16(0,%r30) | 164 | |
| 55 | copy %r19,%r23 | 165 | FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) |
| 56 | ldw -16(0,%r30),%r28 | 166 | FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) |
| 57 | ldw -12(0,%r30),%r29 | 167 | LDD 0(r_ptr),rp_val ; rp[0] |
| 58 | ldi 0,%r22 | 168 | LDD 8(r_ptr),rp_val_1 ; rp[1] |
| 59 | add %r23,%r29,%r29 | 169 | |
| 60 | addc %r22,%r28,%r28 | 170 | XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l |
| 61 | add %r25,%r29,%r29 | 171 | XMPYU fht_1,fw_l,fm1_1 ; m1[1] = fht_1*fw_l |
| 62 | addc %r24,%r28,%r28 | 172 | FSTD fm1,-16(%sp) ; -16(sp) = m1[0] |
| 63 | copy %r28,%r21 | 173 | FSTD fm1_1,-48(%sp) ; -48(sp) = m1[1] |
| 64 | ldi 0,%r20 | 174 | |
| 65 | copy %r21,%r20 | 175 | XMPYU flt_0,fw_h,fm ; m[0] = flt_0*fw_h |
| 66 | addib,= -1,%r31,L$0011 | 176 | XMPYU flt_1,fw_h,fm_1 ; m[1] = flt_1*fw_h |
| 67 | stw %r29,-8(0,%r2) | 177 | FSTD fm,-8(%sp) ; -8(sp) = m[0] |
| 68 | copy %r20,%r25 | 178 | FSTD fm_1,-40(%sp) ; -40(sp) = m[1] |
| 69 | ldi 0,%r24 | 179 | |
| 70 | fldws -4(0,%r1),%fr9L | 180 | XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h |
| 71 | ldw -4(0,%r2),%r19 | 181 | XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp_1 = fht_1*fw_h |
| 72 | xmpyu %fr8L,%fr9L,%fr9 | 182 | FSTD ht_temp,-24(%sp) ; -24(sp) = ht_temp |
| 73 | fstds %fr9,-16(0,%r30) | 183 | FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht_temp_1 |
| 74 | copy %r19,%r23 | 184 | |
| 75 | ldw -16(0,%r30),%r28 | 185 | XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l |
| 76 | ldw -12(0,%r30),%r29 | 186 | XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l |
| 77 | ldi 0,%r22 | 187 | FSTD lt_temp,-32(%sp) ; -32(sp) = lt_temp |
| 78 | add %r23,%r29,%r29 | 188 | FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt_temp_1 |
| 79 | addc %r22,%r28,%r28 | 189 | |
| 80 | add %r25,%r29,%r29 | 190 | LDD -8(%sp),m_0 ; m[0] |
| 81 | addc %r24,%r28,%r28 | 191 | LDD -40(%sp),m_1 ; m[1] |
| 82 | copy %r28,%r21 | 192 | LDD -16(%sp),m1_0 ; m1[0] |
| 83 | ldi 0,%r20 | 193 | LDD -48(%sp),m1_1 ; m1[1] |
| 84 | copy %r21,%r20 | 194 | |
| 85 | addib,= -1,%r31,L$0011 | 195 | LDD -24(%sp),ht_0 ; ht[0] |
| 86 | stw %r29,-4(0,%r2) | 196 | LDD -56(%sp),ht_1 ; ht[1] |
| 87 | copy %r20,%r25 | 197 | ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m[0] + m1[0]; |
| 88 | ldi 0,%r24 | 198 | ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m[1] + m1[1]; |
| 89 | fldws 0(0,%r1),%fr9L | 199 | |
| 90 | ldw 0(0,%r2),%r19 | 200 | LDD -32(%sp),lt_0 |
| 91 | xmpyu %fr8L,%fr9L,%fr9 | 201 | LDD -64(%sp),lt_1 |
| 92 | fstds %fr9,-16(0,%r30) | 202 | CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m[0] < m1[0]) |
| 93 | copy %r19,%r23 | 203 | ADD,L ht_0,top_overflow,ht_0 ; ht[0] += (1<<32) |
| 94 | ldw -16(0,%r30),%r28 | 204 | |
| 95 | ldw -12(0,%r30),%r29 | 205 | CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m[1] < m1[1]) |
| 96 | ldi 0,%r22 | 206 | ADD,L ht_1,top_overflow,ht_1 ; ht[1] += (1<<32) |
| 97 | add %r23,%r29,%r29 | 207 | EXTRD,U tmp_0,31,32,m_0 ; m[0]>>32 |
| 98 | addc %r22,%r28,%r28 | 208 | DEPD,Z tmp_0,31,32,m1_0 ; m1[0] = m[0]<<32 |
| 99 | add %r25,%r29,%r29 | 209 | |
| 100 | addc %r24,%r28,%r28 | 210 | EXTRD,U tmp_1,31,32,m_1 ; m[1]>>32 |
| 101 | copy %r28,%r21 | 211 | DEPD,Z tmp_1,31,32,m1_1 ; m1[1] = m[1]<<32 |
| 102 | ldi 0,%r20 | 212 | ADD,L ht_0,m_0,ht_0 ; ht[0]+= (m[0]>>32) |
| 103 | copy %r21,%r20 | 213 | ADD,L ht_1,m_1,ht_1 ; ht[1]+= (m[1]>>32) |
| 104 | addib,= -1,%r31,L$0011 | 214 | |
| 105 | stw %r29,0(0,%r2) | 215 | ADD lt_0,m1_0,lt_0 ; lt[0] = lt[0]+m1[0]; |
| 106 | ldo 16(%r1),%r1 | 216 | ADD,DC ht_0,%r0,ht_0 ; ht[0]++ |
| 107 | ldo 16(%r3),%r3 | 217 | ADD lt_1,m1_1,lt_1 ; lt[1] = lt[1]+m1[1]; |
| 108 | ldo 16(%r2),%r2 | 218 | ADD,DC ht_1,%r0,ht_1 ; ht[1]++ |
| 109 | bl L$0010,0 | 219 | |
| 110 | ldo 16(%r26),%r26 | 220 | ADD %ret1,lt_0,lt_0 ; lt[0] = lt[0] + c; |
| 111 | L$0011 | 221 | ADD,DC ht_0,%r0,ht_0 ; ht[0]++ |
| 112 | copy %r20,%r28 | 222 | ADD lt_0,rp_val,lt_0 ; lt[0] = lt[0]+rp[0] |
| 113 | ldw -84(0,%r30),%r2 | 223 | ADD,DC ht_0,%r0,ht_0 ; ht[0]++ |
| 114 | ldw -60(0,%r30),%r3 | 224 | |
| 115 | bv 0(%r2) | 225 | LDO -2(num),num ; num = num - 2; |
| 116 | ldwm -64(0,%r30),%r4 | 226 | ADD ht_0,lt_1,lt_1 ; lt[1] = lt[1] + ht_0 (c); |
| 117 | .EXIT | 227 | ADD,DC ht_1,%r0,ht_1 ; ht[1]++ |
| 118 | .PROCEND | 228 | STD lt_0,0(r_ptr) ; rp[0] = lt[0] |
| 119 | .align 4 | 229 | |
| 120 | .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR | 230 | ADD lt_1,rp_val_1,lt_1 ; lt[1] = lt[1]+rp[1] |
| 231 | ADD,DC ht_1,%r0,%ret1 ; ht[1]++ | ||
| 232 | LDO 16(a_ptr),a_ptr ; a_ptr += 2 | ||
| 233 | |||
| 234 | STD lt_1,8(r_ptr) ; rp[1] = lt[1] | ||
| 235 | CMPIB,<= 2,num,bn_mul_add_words_unroll2 ; go again if more to do | ||
| 236 | LDO 16(r_ptr),r_ptr ; r_ptr += 2 | ||
| 237 | |||
| 238 | CMPIB,=,N 0,num,bn_mul_add_words_exit ; are we done, or cleanup last one | ||
| 239 | |||
| 240 | ; | ||
| 241 | ; Top of loop aligned on 64-byte boundary | ||
| 242 | ; | ||
| 243 | bn_mul_add_words_single_top | ||
| 244 | FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) | ||
| 245 | LDD 0(r_ptr),rp_val ; rp[0] | ||
| 246 | LDO 8(a_ptr),a_ptr ; a_ptr++ | ||
| 247 | XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l | ||
| 248 | FSTD fm1,-16(%sp) ; -16(sp) = m1 | ||
| 249 | XMPYU flt_0,fw_h,fm ; m = lt*fw_h | ||
| 250 | FSTD fm,-8(%sp) ; -8(sp) = m | ||
| 251 | XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h | ||
| 252 | FSTD ht_temp,-24(%sp) ; -24(sp) = ht | ||
| 253 | XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l | ||
| 254 | FSTD lt_temp,-32(%sp) ; -32(sp) = lt | ||
| 255 | |||
| 256 | LDD -8(%sp),m_0 | ||
| 257 | LDD -16(%sp),m1_0 ; m1 = temp1 | ||
| 258 | ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; | ||
| 259 | LDD -24(%sp),ht_0 | ||
| 260 | LDD -32(%sp),lt_0 | ||
| 261 | |||
| 262 | CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) | ||
| 263 | ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) | ||
| 264 | |||
| 265 | EXTRD,U tmp_0,31,32,m_0 ; m>>32 | ||
| 266 | DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 | ||
| 267 | |||
| 268 | ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) | ||
| 269 | ADD lt_0,m1_0,tmp_0 ; tmp_0 = lt+m1; | ||
| 270 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 271 | ADD %ret1,tmp_0,lt_0 ; lt = lt + c; | ||
| 272 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 273 | ADD lt_0,rp_val,lt_0 ; lt = lt+rp[0] | ||
| 274 | ADD,DC ht_0,%r0,%ret1 ; ht++ | ||
| 275 | STD lt_0,0(r_ptr) ; rp[0] = lt | ||
| 276 | |||
| 277 | bn_mul_add_words_exit | ||
| 278 | .EXIT | ||
| 279 | |||
| 280 | EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 | ||
| 281 | LDD -80(%sp),%r9 ; restore r9 | ||
| 282 | LDD -88(%sp),%r8 ; restore r8 | ||
| 283 | LDD -96(%sp),%r7 ; restore r7 | ||
| 284 | LDD -104(%sp),%r6 ; restore r6 | ||
| 285 | LDD -112(%sp),%r5 ; restore r5 | ||
| 286 | LDD -120(%sp),%r4 ; restore r4 | ||
| 287 | BVE (%rp) | ||
| 288 | LDD,MB -128(%sp),%r3 ; restore r3 | ||
| 289 | .PROCEND ;in=23,24,25,26,29;out=28; | ||
| 290 | |||
| 291 | ;---------------------------------------------------------------------------- | ||
| 292 | ; | ||
| 293 | ;BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | ||
| 294 | ; | ||
| 295 | ; arg0 = rp | ||
| 296 | ; arg1 = ap | ||
| 297 | ; arg3 = num | ||
| 298 | ; w on stack at -56(sp) | ||
| 299 | |||
| 121 | bn_mul_words | 300 | bn_mul_words |
| 122 | .PROC | 301 | .proc |
| 123 | .CALLINFO FRAME=64,CALLS,SAVE_RP,ENTRY_GR=3 | 302 | .callinfo frame=128 |
| 124 | .ENTRY | 303 | .entry |
| 125 | stw %r2,-20(0,%r30) | 304 | .EXPORT bn_mul_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN |
| 126 | copy %r25,%r2 | 305 | .align 64 |
| 127 | stwm %r4,64(0,%r30) | 306 | |
| 128 | copy %r24,%r19 | 307 | STD %r3,0(%sp) ; save r3 |
| 129 | ldi 0,%r28 | 308 | STD %r4,8(%sp) ; save r4 |
| 130 | stw %r23,-16(0,%r30) | 309 | NOP |
| 131 | ldo 12(%r26),%r31 | 310 | STD %r5,16(%sp) ; save r5 |
| 132 | ldo 12(%r2),%r29 | 311 | |
| 133 | fldws -16(0,%r30),%fr8L | 312 | STD %r6,24(%sp) ; save r6 |
| 134 | L$0026 | 313 | STD %r7,32(%sp) ; save r7 |
| 135 | fldws 0(0,%r2),%fr9L | 314 | COPY %r0,%ret1 ; return 0 by default |
| 136 | xmpyu %fr8L,%fr9L,%fr9 | 315 | DEPDI,Z 1,31,1,top_overflow ; top_overflow = 1 << 32 |
| 137 | fstds %fr9,-16(0,%r30) | 316 | |
| 138 | copy %r28,%r21 | 317 | CMPIB,>= 0,num,bn_mul_words_exit |
| 139 | ldi 0,%r20 | 318 | LDO 128(%sp),%sp ; bump stack |
| 140 | ldw -16(0,%r30),%r24 | 319 | |
| 141 | ldw -12(0,%r30),%r25 | 320 | ; |
| 142 | add %r21,%r25,%r25 | 321 | ; See if only 1 word to do, thus just do cleanup |
| 143 | addc %r20,%r24,%r24 | 322 | ; |
| 144 | copy %r24,%r23 | 323 | CMPIB,= 1,num,bn_mul_words_single_top |
| 145 | ldi 0,%r22 | 324 | FLDD -184(%sp),fw ; (-56-128) load up w into fw (fw_h/fw_l) |
| 146 | copy %r23,%r28 | 325 | |
| 147 | addib,= -1,%r19,L$0027 | 326 | ; |
| 148 | stw %r25,0(0,%r26) | 327 | ; This loop is unrolled 2 times (64-byte aligned as well) |
| 149 | fldws -8(0,%r29),%fr9L | 328 | ; |
| 150 | xmpyu %fr8L,%fr9L,%fr9 | 329 | ; PA-RISC 2.0 chips have two fully pipelined multipliers, thus |
| 151 | fstds %fr9,-16(0,%r30) | 330 | ; two 32-bit mutiplies can be issued per cycle. |
| 152 | copy %r28,%r21 | 331 | ; |
| 153 | ldi 0,%r20 | 332 | bn_mul_words_unroll2 |
| 154 | ldw -16(0,%r30),%r24 | 333 | |
| 155 | ldw -12(0,%r30),%r25 | 334 | FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) |
| 156 | add %r21,%r25,%r25 | 335 | FLDD 8(a_ptr),t_float_1 ; load up 64-bit value (fr8L) ht(L)/lt(R) |
| 157 | addc %r20,%r24,%r24 | 336 | XMPYU fht_0,fw_l,fm1 ; m1[0] = fht_0*fw_l |
| 158 | copy %r24,%r23 | 337 | XMPYU fht_1,fw_l,fm1_1 ; m1[1] = ht*fw_l |
| 159 | ldi 0,%r22 | 338 | |
| 160 | copy %r23,%r28 | 339 | FSTD fm1,-16(%sp) ; -16(sp) = m1 |
| 161 | addib,= -1,%r19,L$0027 | 340 | FSTD fm1_1,-48(%sp) ; -48(sp) = m1 |
| 162 | stw %r25,-8(0,%r31) | 341 | XMPYU flt_0,fw_h,fm ; m = lt*fw_h |
| 163 | fldws -4(0,%r29),%fr9L | 342 | XMPYU flt_1,fw_h,fm_1 ; m = lt*fw_h |
| 164 | xmpyu %fr8L,%fr9L,%fr9 | 343 | |
| 165 | fstds %fr9,-16(0,%r30) | 344 | FSTD fm,-8(%sp) ; -8(sp) = m |
| 166 | copy %r28,%r21 | 345 | FSTD fm_1,-40(%sp) ; -40(sp) = m |
| 167 | ldi 0,%r20 | 346 | XMPYU fht_0,fw_h,ht_temp ; ht_temp = fht_0*fw_h |
| 168 | ldw -16(0,%r30),%r24 | 347 | XMPYU fht_1,fw_h,ht_temp_1 ; ht_temp = ht*fw_h |
| 169 | ldw -12(0,%r30),%r25 | 348 | |
| 170 | add %r21,%r25,%r25 | 349 | FSTD ht_temp,-24(%sp) ; -24(sp) = ht |
| 171 | addc %r20,%r24,%r24 | 350 | FSTD ht_temp_1,-56(%sp) ; -56(sp) = ht |
| 172 | copy %r24,%r23 | 351 | XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l |
| 173 | ldi 0,%r22 | 352 | XMPYU flt_1,fw_l,lt_temp_1 ; lt_temp = lt*fw_l |
| 174 | copy %r23,%r28 | 353 | |
| 175 | addib,= -1,%r19,L$0027 | 354 | FSTD lt_temp,-32(%sp) ; -32(sp) = lt |
| 176 | stw %r25,-4(0,%r31) | 355 | FSTD lt_temp_1,-64(%sp) ; -64(sp) = lt |
| 177 | fldws 0(0,%r29),%fr9L | 356 | LDD -8(%sp),m_0 |
| 178 | xmpyu %fr8L,%fr9L,%fr9 | 357 | LDD -40(%sp),m_1 |
| 179 | fstds %fr9,-16(0,%r30) | 358 | |
| 180 | copy %r28,%r21 | 359 | LDD -16(%sp),m1_0 |
| 181 | ldi 0,%r20 | 360 | LDD -48(%sp),m1_1 |
| 182 | ldw -16(0,%r30),%r24 | 361 | LDD -24(%sp),ht_0 |
| 183 | ldw -12(0,%r30),%r25 | 362 | LDD -56(%sp),ht_1 |
| 184 | add %r21,%r25,%r25 | 363 | |
| 185 | addc %r20,%r24,%r24 | 364 | ADD,L m1_0,m_0,tmp_0 ; tmp_0 = m + m1; |
| 186 | copy %r24,%r23 | 365 | ADD,L m1_1,m_1,tmp_1 ; tmp_1 = m + m1; |
| 187 | ldi 0,%r22 | 366 | LDD -32(%sp),lt_0 |
| 188 | copy %r23,%r28 | 367 | LDD -64(%sp),lt_1 |
| 189 | addib,= -1,%r19,L$0027 | 368 | |
| 190 | stw %r25,0(0,%r31) | 369 | CMPCLR,*>>= tmp_0,m1_0, %r0 ; if (m < m1) |
| 191 | ldo 16(%r29),%r29 | 370 | ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) |
| 192 | ldo 16(%r2),%r2 | 371 | CMPCLR,*>>= tmp_1,m1_1,%r0 ; if (m < m1) |
| 193 | ldo 16(%r31),%r31 | 372 | ADD,L ht_1,top_overflow,ht_1 ; ht += (1<<32) |
| 194 | bl L$0026,0 | 373 | |
| 195 | ldo 16(%r26),%r26 | 374 | EXTRD,U tmp_0,31,32,m_0 ; m>>32 |
| 196 | L$0027 | 375 | DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 |
| 197 | ldw -84(0,%r30),%r2 | 376 | EXTRD,U tmp_1,31,32,m_1 ; m>>32 |
| 198 | bv 0(%r2) | 377 | DEPD,Z tmp_1,31,32,m1_1 ; m1 = m<<32 |
| 199 | ldwm -64(0,%r30),%r4 | 378 | |
| 200 | .EXIT | 379 | ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) |
| 201 | .PROCEND | 380 | ADD,L ht_1,m_1,ht_1 ; ht+= (m>>32) |
| 202 | .align 4 | 381 | ADD lt_0,m1_0,lt_0 ; lt = lt+m1; |
| 203 | .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR | 382 | ADD,DC ht_0,%r0,ht_0 ; ht++ |
| 383 | |||
| 384 | ADD lt_1,m1_1,lt_1 ; lt = lt+m1; | ||
| 385 | ADD,DC ht_1,%r0,ht_1 ; ht++ | ||
| 386 | ADD %ret1,lt_0,lt_0 ; lt = lt + c (ret1); | ||
| 387 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 388 | |||
| 389 | ADD ht_0,lt_1,lt_1 ; lt = lt + c (ht_0) | ||
| 390 | ADD,DC ht_1,%r0,ht_1 ; ht++ | ||
| 391 | STD lt_0,0(r_ptr) ; rp[0] = lt | ||
| 392 | STD lt_1,8(r_ptr) ; rp[1] = lt | ||
| 393 | |||
| 394 | COPY ht_1,%ret1 ; carry = ht | ||
| 395 | LDO -2(num),num ; num = num - 2; | ||
| 396 | LDO 16(a_ptr),a_ptr ; ap += 2 | ||
| 397 | CMPIB,<= 2,num,bn_mul_words_unroll2 | ||
| 398 | LDO 16(r_ptr),r_ptr ; rp++ | ||
| 399 | |||
| 400 | CMPIB,=,N 0,num,bn_mul_words_exit ; are we done? | ||
| 401 | |||
| 402 | ; | ||
| 403 | ; Top of loop aligned on 64-byte boundary | ||
| 404 | ; | ||
| 405 | bn_mul_words_single_top | ||
| 406 | FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) | ||
| 407 | |||
| 408 | XMPYU fht_0,fw_l,fm1 ; m1 = ht*fw_l | ||
| 409 | FSTD fm1,-16(%sp) ; -16(sp) = m1 | ||
| 410 | XMPYU flt_0,fw_h,fm ; m = lt*fw_h | ||
| 411 | FSTD fm,-8(%sp) ; -8(sp) = m | ||
| 412 | XMPYU fht_0,fw_h,ht_temp ; ht_temp = ht*fw_h | ||
| 413 | FSTD ht_temp,-24(%sp) ; -24(sp) = ht | ||
| 414 | XMPYU flt_0,fw_l,lt_temp ; lt_temp = lt*fw_l | ||
| 415 | FSTD lt_temp,-32(%sp) ; -32(sp) = lt | ||
| 416 | |||
| 417 | LDD -8(%sp),m_0 | ||
| 418 | LDD -16(%sp),m1_0 | ||
| 419 | ADD,L m_0,m1_0,tmp_0 ; tmp_0 = m + m1; | ||
| 420 | LDD -24(%sp),ht_0 | ||
| 421 | LDD -32(%sp),lt_0 | ||
| 422 | |||
| 423 | CMPCLR,*>>= tmp_0,m1_0,%r0 ; if (m < m1) | ||
| 424 | ADD,L ht_0,top_overflow,ht_0 ; ht += (1<<32) | ||
| 425 | |||
| 426 | EXTRD,U tmp_0,31,32,m_0 ; m>>32 | ||
| 427 | DEPD,Z tmp_0,31,32,m1_0 ; m1 = m<<32 | ||
| 428 | |||
| 429 | ADD,L ht_0,m_0,ht_0 ; ht+= (m>>32) | ||
| 430 | ADD lt_0,m1_0,lt_0 ; lt= lt+m1; | ||
| 431 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 432 | |||
| 433 | ADD %ret1,lt_0,lt_0 ; lt = lt + c; | ||
| 434 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 435 | |||
| 436 | COPY ht_0,%ret1 ; copy carry | ||
| 437 | STD lt_0,0(r_ptr) ; rp[0] = lt | ||
| 438 | |||
| 439 | bn_mul_words_exit | ||
| 440 | .EXIT | ||
| 441 | EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 | ||
| 442 | LDD -96(%sp),%r7 ; restore r7 | ||
| 443 | LDD -104(%sp),%r6 ; restore r6 | ||
| 444 | LDD -112(%sp),%r5 ; restore r5 | ||
| 445 | LDD -120(%sp),%r4 ; restore r4 | ||
| 446 | BVE (%rp) | ||
| 447 | LDD,MB -128(%sp),%r3 ; restore r3 | ||
| 448 | .PROCEND | ||
| 449 | |||
| 450 | ;---------------------------------------------------------------------------- | ||
| 451 | ; | ||
| 452 | ;void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num) | ||
| 453 | ; | ||
| 454 | ; arg0 = rp | ||
| 455 | ; arg1 = ap | ||
| 456 | ; arg2 = num | ||
| 457 | ; | ||
| 458 | |||
| 204 | bn_sqr_words | 459 | bn_sqr_words |
| 460 | .proc | ||
| 461 | .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE | ||
| 462 | .EXPORT bn_sqr_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN | ||
| 463 | .entry | ||
| 464 | .align 64 | ||
| 465 | |||
| 466 | STD %r3,0(%sp) ; save r3 | ||
| 467 | STD %r4,8(%sp) ; save r4 | ||
| 468 | NOP | ||
| 469 | STD %r5,16(%sp) ; save r5 | ||
| 470 | |||
| 471 | CMPIB,>= 0,num,bn_sqr_words_exit | ||
| 472 | LDO 128(%sp),%sp ; bump stack | ||
| 473 | |||
| 474 | ; | ||
| 475 | ; If only 1, the goto straight to cleanup | ||
| 476 | ; | ||
| 477 | CMPIB,= 1,num,bn_sqr_words_single_top | ||
| 478 | DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L | ||
| 479 | |||
| 480 | ; | ||
| 481 | ; This loop is unrolled 2 times (64-byte aligned as well) | ||
| 482 | ; | ||
| 483 | |||
| 484 | bn_sqr_words_unroll2 | ||
| 485 | FLDD 0(a_ptr),t_float_0 ; a[0] | ||
| 486 | FLDD 8(a_ptr),t_float_1 ; a[1] | ||
| 487 | XMPYU fht_0,flt_0,fm ; m[0] | ||
| 488 | XMPYU fht_1,flt_1,fm_1 ; m[1] | ||
| 489 | |||
| 490 | FSTD fm,-24(%sp) ; store m[0] | ||
| 491 | FSTD fm_1,-56(%sp) ; store m[1] | ||
| 492 | XMPYU flt_0,flt_0,lt_temp ; lt[0] | ||
| 493 | XMPYU flt_1,flt_1,lt_temp_1 ; lt[1] | ||
| 494 | |||
| 495 | FSTD lt_temp,-16(%sp) ; store lt[0] | ||
| 496 | FSTD lt_temp_1,-48(%sp) ; store lt[1] | ||
| 497 | XMPYU fht_0,fht_0,ht_temp ; ht[0] | ||
| 498 | XMPYU fht_1,fht_1,ht_temp_1 ; ht[1] | ||
| 499 | |||
| 500 | FSTD ht_temp,-8(%sp) ; store ht[0] | ||
| 501 | FSTD ht_temp_1,-40(%sp) ; store ht[1] | ||
| 502 | LDD -24(%sp),m_0 | ||
| 503 | LDD -56(%sp),m_1 | ||
| 504 | |||
| 505 | AND m_0,high_mask,tmp_0 ; m[0] & Mask | ||
| 506 | AND m_1,high_mask,tmp_1 ; m[1] & Mask | ||
| 507 | DEPD,Z m_0,30,31,m_0 ; m[0] << 32+1 | ||
| 508 | DEPD,Z m_1,30,31,m_1 ; m[1] << 32+1 | ||
| 509 | |||
| 510 | LDD -16(%sp),lt_0 | ||
| 511 | LDD -48(%sp),lt_1 | ||
| 512 | EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m[0]&Mask >> 32-1 | ||
| 513 | EXTRD,U tmp_1,32,33,tmp_1 ; tmp_1 = m[1]&Mask >> 32-1 | ||
| 514 | |||
| 515 | LDD -8(%sp),ht_0 | ||
| 516 | LDD -40(%sp),ht_1 | ||
| 517 | ADD,L ht_0,tmp_0,ht_0 ; ht[0] += tmp_0 | ||
| 518 | ADD,L ht_1,tmp_1,ht_1 ; ht[1] += tmp_1 | ||
| 519 | |||
| 520 | ADD lt_0,m_0,lt_0 ; lt = lt+m | ||
| 521 | ADD,DC ht_0,%r0,ht_0 ; ht[0]++ | ||
| 522 | STD lt_0,0(r_ptr) ; rp[0] = lt[0] | ||
| 523 | STD ht_0,8(r_ptr) ; rp[1] = ht[1] | ||
| 524 | |||
| 525 | ADD lt_1,m_1,lt_1 ; lt = lt+m | ||
| 526 | ADD,DC ht_1,%r0,ht_1 ; ht[1]++ | ||
| 527 | STD lt_1,16(r_ptr) ; rp[2] = lt[1] | ||
| 528 | STD ht_1,24(r_ptr) ; rp[3] = ht[1] | ||
| 529 | |||
| 530 | LDO -2(num),num ; num = num - 2; | ||
| 531 | LDO 16(a_ptr),a_ptr ; ap += 2 | ||
| 532 | CMPIB,<= 2,num,bn_sqr_words_unroll2 | ||
| 533 | LDO 32(r_ptr),r_ptr ; rp += 4 | ||
| 534 | |||
| 535 | CMPIB,=,N 0,num,bn_sqr_words_exit ; are we done? | ||
| 536 | |||
| 537 | ; | ||
| 538 | ; Top of loop aligned on 64-byte boundary | ||
| 539 | ; | ||
| 540 | bn_sqr_words_single_top | ||
| 541 | FLDD 0(a_ptr),t_float_0 ; load up 64-bit value (fr8L) ht(L)/lt(R) | ||
| 542 | |||
| 543 | XMPYU fht_0,flt_0,fm ; m | ||
| 544 | FSTD fm,-24(%sp) ; store m | ||
| 545 | |||
| 546 | XMPYU flt_0,flt_0,lt_temp ; lt | ||
| 547 | FSTD lt_temp,-16(%sp) ; store lt | ||
| 548 | |||
| 549 | XMPYU fht_0,fht_0,ht_temp ; ht | ||
| 550 | FSTD ht_temp,-8(%sp) ; store ht | ||
| 551 | |||
| 552 | LDD -24(%sp),m_0 ; load m | ||
| 553 | AND m_0,high_mask,tmp_0 ; m & Mask | ||
| 554 | DEPD,Z m_0,30,31,m_0 ; m << 32+1 | ||
| 555 | LDD -16(%sp),lt_0 ; lt | ||
| 556 | |||
| 557 | LDD -8(%sp),ht_0 ; ht | ||
| 558 | EXTRD,U tmp_0,32,33,tmp_0 ; tmp_0 = m&Mask >> 32-1 | ||
| 559 | ADD m_0,lt_0,lt_0 ; lt = lt+m | ||
| 560 | ADD,L ht_0,tmp_0,ht_0 ; ht += tmp_0 | ||
| 561 | ADD,DC ht_0,%r0,ht_0 ; ht++ | ||
| 562 | |||
| 563 | STD lt_0,0(r_ptr) ; rp[0] = lt | ||
| 564 | STD ht_0,8(r_ptr) ; rp[1] = ht | ||
| 565 | |||
| 566 | bn_sqr_words_exit | ||
| 567 | .EXIT | ||
| 568 | LDD -112(%sp),%r5 ; restore r5 | ||
| 569 | LDD -120(%sp),%r4 ; restore r4 | ||
| 570 | BVE (%rp) | ||
| 571 | LDD,MB -128(%sp),%r3 | ||
| 572 | .PROCEND ;in=23,24,25,26,29;out=28; | ||
| 573 | |||
| 574 | |||
| 575 | ;---------------------------------------------------------------------------- | ||
| 576 | ; | ||
| 577 | ;BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | ||
| 578 | ; | ||
| 579 | ; arg0 = rp | ||
| 580 | ; arg1 = ap | ||
| 581 | ; arg2 = bp | ||
| 582 | ; arg3 = n | ||
| 583 | |||
| 584 | t .reg %r22 | ||
| 585 | b .reg %r21 | ||
| 586 | l .reg %r20 | ||
| 587 | |||
| 588 | bn_add_words | ||
| 589 | .proc | ||
| 590 | .entry | ||
| 591 | .callinfo | ||
| 592 | .EXPORT bn_add_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN | ||
| 593 | .align 64 | ||
| 594 | |||
| 595 | CMPIB,>= 0,n,bn_add_words_exit | ||
| 596 | COPY %r0,%ret1 ; return 0 by default | ||
| 597 | |||
| 598 | ; | ||
| 599 | ; If 2 or more numbers do the loop | ||
| 600 | ; | ||
| 601 | CMPIB,= 1,n,bn_add_words_single_top | ||
| 602 | NOP | ||
| 603 | |||
| 604 | ; | ||
| 605 | ; This loop is unrolled 2 times (64-byte aligned as well) | ||
| 606 | ; | ||
| 607 | bn_add_words_unroll2 | ||
| 608 | LDD 0(a_ptr),t | ||
| 609 | LDD 0(b_ptr),b | ||
| 610 | ADD t,%ret1,t ; t = t+c; | ||
| 611 | ADD,DC %r0,%r0,%ret1 ; set c to carry | ||
| 612 | ADD t,b,l ; l = t + b[0] | ||
| 613 | ADD,DC %ret1,%r0,%ret1 ; c+= carry | ||
| 614 | STD l,0(r_ptr) | ||
| 615 | |||
| 616 | LDD 8(a_ptr),t | ||
| 617 | LDD 8(b_ptr),b | ||
| 618 | ADD t,%ret1,t ; t = t+c; | ||
| 619 | ADD,DC %r0,%r0,%ret1 ; set c to carry | ||
| 620 | ADD t,b,l ; l = t + b[0] | ||
| 621 | ADD,DC %ret1,%r0,%ret1 ; c+= carry | ||
| 622 | STD l,8(r_ptr) | ||
| 623 | |||
| 624 | LDO -2(n),n | ||
| 625 | LDO 16(a_ptr),a_ptr | ||
| 626 | LDO 16(b_ptr),b_ptr | ||
| 627 | |||
| 628 | CMPIB,<= 2,n,bn_add_words_unroll2 | ||
| 629 | LDO 16(r_ptr),r_ptr | ||
| 630 | |||
| 631 | CMPIB,=,N 0,n,bn_add_words_exit ; are we done? | ||
| 632 | |||
| 633 | bn_add_words_single_top | ||
| 634 | LDD 0(a_ptr),t | ||
| 635 | LDD 0(b_ptr),b | ||
| 636 | |||
| 637 | ADD t,%ret1,t ; t = t+c; | ||
| 638 | ADD,DC %r0,%r0,%ret1 ; set c to carry (could use CMPCLR??) | ||
| 639 | ADD t,b,l ; l = t + b[0] | ||
| 640 | ADD,DC %ret1,%r0,%ret1 ; c+= carry | ||
| 641 | STD l,0(r_ptr) | ||
| 642 | |||
| 643 | bn_add_words_exit | ||
| 644 | .EXIT | ||
| 645 | BVE (%rp) | ||
| 646 | EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 | ||
| 647 | .PROCEND ;in=23,24,25,26,29;out=28; | ||
| 648 | |||
| 649 | ;---------------------------------------------------------------------------- | ||
| 650 | ; | ||
| 651 | ;BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | ||
| 652 | ; | ||
| 653 | ; arg0 = rp | ||
| 654 | ; arg1 = ap | ||
| 655 | ; arg2 = bp | ||
| 656 | ; arg3 = n | ||
| 657 | |||
| 658 | t1 .reg %r22 | ||
| 659 | t2 .reg %r21 | ||
| 660 | sub_tmp1 .reg %r20 | ||
| 661 | sub_tmp2 .reg %r19 | ||
| 662 | |||
| 663 | |||
| 664 | bn_sub_words | ||
| 665 | .proc | ||
| 666 | .callinfo | ||
| 667 | .EXPORT bn_sub_words,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN | ||
| 668 | .entry | ||
| 669 | .align 64 | ||
| 670 | |||
| 671 | CMPIB,>= 0,n,bn_sub_words_exit | ||
| 672 | COPY %r0,%ret1 ; return 0 by default | ||
| 673 | |||
| 674 | ; | ||
| 675 | ; If 2 or more numbers do the loop | ||
| 676 | ; | ||
| 677 | CMPIB,= 1,n,bn_sub_words_single_top | ||
| 678 | NOP | ||
| 679 | |||
| 680 | ; | ||
| 681 | ; This loop is unrolled 2 times (64-byte aligned as well) | ||
| 682 | ; | ||
| 683 | bn_sub_words_unroll2 | ||
| 684 | LDD 0(a_ptr),t1 | ||
| 685 | LDD 0(b_ptr),t2 | ||
| 686 | SUB t1,t2,sub_tmp1 ; t3 = t1-t2; | ||
| 687 | SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; | ||
| 688 | |||
| 689 | CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 | ||
| 690 | LDO 1(%r0),sub_tmp2 | ||
| 691 | |||
| 692 | CMPCLR,*= t1,t2,%r0 | ||
| 693 | COPY sub_tmp2,%ret1 | ||
| 694 | STD sub_tmp1,0(r_ptr) | ||
| 695 | |||
| 696 | LDD 8(a_ptr),t1 | ||
| 697 | LDD 8(b_ptr),t2 | ||
| 698 | SUB t1,t2,sub_tmp1 ; t3 = t1-t2; | ||
| 699 | SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; | ||
| 700 | CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 | ||
| 701 | LDO 1(%r0),sub_tmp2 | ||
| 702 | |||
| 703 | CMPCLR,*= t1,t2,%r0 | ||
| 704 | COPY sub_tmp2,%ret1 | ||
| 705 | STD sub_tmp1,8(r_ptr) | ||
| 706 | |||
| 707 | LDO -2(n),n | ||
| 708 | LDO 16(a_ptr),a_ptr | ||
| 709 | LDO 16(b_ptr),b_ptr | ||
| 710 | |||
| 711 | CMPIB,<= 2,n,bn_sub_words_unroll2 | ||
| 712 | LDO 16(r_ptr),r_ptr | ||
| 713 | |||
| 714 | CMPIB,=,N 0,n,bn_sub_words_exit ; are we done? | ||
| 715 | |||
| 716 | bn_sub_words_single_top | ||
| 717 | LDD 0(a_ptr),t1 | ||
| 718 | LDD 0(b_ptr),t2 | ||
| 719 | SUB t1,t2,sub_tmp1 ; t3 = t1-t2; | ||
| 720 | SUB sub_tmp1,%ret1,sub_tmp1 ; t3 = t3- c; | ||
| 721 | CMPCLR,*>> t1,t2,sub_tmp2 ; clear if t1 > t2 | ||
| 722 | LDO 1(%r0),sub_tmp2 | ||
| 723 | |||
| 724 | CMPCLR,*= t1,t2,%r0 | ||
| 725 | COPY sub_tmp2,%ret1 | ||
| 726 | |||
| 727 | STD sub_tmp1,0(r_ptr) | ||
| 728 | |||
| 729 | bn_sub_words_exit | ||
| 730 | .EXIT | ||
| 731 | BVE (%rp) | ||
| 732 | EXTRD,U %ret1,31,32,%ret0 ; for 32-bit, return in ret0/ret1 | ||
| 733 | .PROCEND ;in=23,24,25,26,29;out=28; | ||
| 734 | |||
| 735 | ;------------------------------------------------------------------------------ | ||
| 736 | ; | ||
| 737 | ; unsigned long bn_div_words(unsigned long h, unsigned long l, unsigned long d) | ||
| 738 | ; | ||
| 739 | ; arg0 = h | ||
| 740 | ; arg1 = l | ||
| 741 | ; arg2 = d | ||
| 742 | ; | ||
| 743 | ; This is mainly just output from the HP C compiler. | ||
| 744 | ; | ||
| 745 | ;------------------------------------------------------------------------------ | ||
| 746 | bn_div_words | ||
| 205 | .PROC | 747 | .PROC |
| 206 | .CALLINFO FRAME=0,NO_CALLS | 748 | .EXPORT bn_div_words,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,ARGW3=GR,RTNVAL=GR,LONG_RETURN |
| 207 | .ENTRY | 749 | .IMPORT BN_num_bits_word,CODE |
| 208 | ldo 28(%r26),%r19 | 750 | .IMPORT __iob,DATA |
| 209 | ldo 12(%r25),%r28 | 751 | .IMPORT fprintf,CODE |
| 210 | L$0042 | 752 | .IMPORT abort,CODE |
| 211 | fldws 0(0,%r25),%fr8L | 753 | .IMPORT $$div2U,MILLICODE |
| 212 | fldws 0(0,%r25),%fr8R | 754 | .CALLINFO CALLER,FRAME=144,ENTRY_GR=%r9,SAVE_RP,ARGS_SAVED,ORDERING_AWARE |
| 213 | xmpyu %fr8L,%fr8R,%fr8 | 755 | .ENTRY |
| 214 | fstds %fr8,-16(0,%r30) | 756 | STW %r2,-20(%r30) ;offset 0x8ec |
| 215 | ldw -16(0,%r30),%r22 | 757 | STW,MA %r3,192(%r30) ;offset 0x8f0 |
| 216 | ldw -12(0,%r30),%r23 | 758 | STW %r4,-188(%r30) ;offset 0x8f4 |
| 217 | stw %r23,0(0,%r26) | 759 | DEPD %r5,31,32,%r6 ;offset 0x8f8 |
| 218 | copy %r22,%r21 | 760 | STD %r6,-184(%r30) ;offset 0x8fc |
| 219 | ldi 0,%r20 | 761 | DEPD %r7,31,32,%r8 ;offset 0x900 |
| 220 | addib,= -1,%r24,L$0049 | 762 | STD %r8,-176(%r30) ;offset 0x904 |
| 221 | stw %r21,-24(0,%r19) | 763 | STW %r9,-168(%r30) ;offset 0x908 |
| 222 | fldws -8(0,%r28),%fr8L | 764 | LDD -248(%r30),%r3 ;offset 0x90c |
| 223 | fldws -8(0,%r28),%fr8R | 765 | COPY %r26,%r4 ;offset 0x910 |
| 224 | xmpyu %fr8L,%fr8R,%fr8 | 766 | COPY %r24,%r5 ;offset 0x914 |
| 225 | fstds %fr8,-16(0,%r30) | 767 | DEPD %r25,31,32,%r4 ;offset 0x918 |
| 226 | ldw -16(0,%r30),%r22 | 768 | CMPB,*<> %r3,%r0,$0006000C ;offset 0x91c |
| 227 | ldw -12(0,%r30),%r23 | 769 | DEPD %r23,31,32,%r5 ;offset 0x920 |
| 228 | stw %r23,-20(0,%r19) | 770 | MOVIB,TR -1,%r29,$00060002 ;offset 0x924 |
| 229 | copy %r22,%r21 | 771 | EXTRD,U %r29,31,32,%r28 ;offset 0x928 |
| 230 | ldi 0,%r20 | 772 | $0006002A |
| 231 | addib,= -1,%r24,L$0049 | 773 | LDO -1(%r29),%r29 ;offset 0x92c |
| 232 | stw %r21,-16(0,%r19) | 774 | SUB %r23,%r7,%r23 ;offset 0x930 |
| 233 | fldws -4(0,%r28),%fr8L | 775 | $00060024 |
| 234 | fldws -4(0,%r28),%fr8R | 776 | SUB %r4,%r31,%r25 ;offset 0x934 |
| 235 | xmpyu %fr8L,%fr8R,%fr8 | 777 | AND %r25,%r19,%r26 ;offset 0x938 |
| 236 | fstds %fr8,-16(0,%r30) | 778 | CMPB,*<>,N %r0,%r26,$00060046 ;offset 0x93c |
| 237 | ldw -16(0,%r30),%r22 | 779 | DEPD,Z %r25,31,32,%r20 ;offset 0x940 |
| 238 | ldw -12(0,%r30),%r23 | 780 | OR %r20,%r24,%r21 ;offset 0x944 |
| 239 | stw %r23,-12(0,%r19) | 781 | CMPB,*<<,N %r21,%r23,$0006002A ;offset 0x948 |
| 240 | copy %r22,%r21 | 782 | SUB %r31,%r2,%r31 ;offset 0x94c |
| 241 | ldi 0,%r20 | 783 | $00060046 |
| 242 | addib,= -1,%r24,L$0049 | 784 | $0006002E |
| 243 | stw %r21,-8(0,%r19) | 785 | DEPD,Z %r23,31,32,%r25 ;offset 0x950 |
| 244 | fldws 0(0,%r28),%fr8L | 786 | EXTRD,U %r23,31,32,%r26 ;offset 0x954 |
| 245 | fldws 0(0,%r28),%fr8R | 787 | AND %r25,%r19,%r24 ;offset 0x958 |
| 246 | xmpyu %fr8L,%fr8R,%fr8 | 788 | ADD,L %r31,%r26,%r31 ;offset 0x95c |
| 247 | fstds %fr8,-16(0,%r30) | 789 | CMPCLR,*>>= %r5,%r24,%r0 ;offset 0x960 |
| 248 | ldw -16(0,%r30),%r22 | 790 | LDO 1(%r31),%r31 ;offset 0x964 |
| 249 | ldw -12(0,%r30),%r23 | 791 | $00060032 |
| 250 | stw %r23,-4(0,%r19) | 792 | CMPB,*<<=,N %r31,%r4,$00060036 ;offset 0x968 |
| 251 | copy %r22,%r21 | 793 | LDO -1(%r29),%r29 ;offset 0x96c |
| 252 | ldi 0,%r20 | 794 | ADD,L %r4,%r3,%r4 ;offset 0x970 |
| 253 | addib,= -1,%r24,L$0049 | 795 | $00060036 |
| 254 | stw %r21,0(0,%r19) | 796 | ADDIB,=,N -1,%r8,$D0 ;offset 0x974 |
| 255 | ldo 16(%r28),%r28 | 797 | SUB %r5,%r24,%r28 ;offset 0x978 |
| 256 | ldo 16(%r25),%r25 | 798 | $0006003A |
| 257 | ldo 32(%r19),%r19 | 799 | SUB %r4,%r31,%r24 ;offset 0x97c |
| 258 | bl L$0042,0 | 800 | SHRPD %r24,%r28,32,%r4 ;offset 0x980 |
| 259 | ldo 32(%r26),%r26 | 801 | DEPD,Z %r29,31,32,%r9 ;offset 0x984 |
| 260 | L$0049 | 802 | DEPD,Z %r28,31,32,%r5 ;offset 0x988 |
| 261 | bv,n 0(%r2) | 803 | $0006001C |
| 262 | .EXIT | 804 | EXTRD,U %r4,31,32,%r31 ;offset 0x98c |
| 263 | .PROCEND | 805 | CMPB,*<>,N %r31,%r2,$00060020 ;offset 0x990 |
| 264 | .IMPORT BN_num_bits_word,CODE | 806 | MOVB,TR %r6,%r29,$D1 ;offset 0x994 |
| 265 | .IMPORT fprintf,CODE | 807 | STD %r29,-152(%r30) ;offset 0x998 |
| 266 | .IMPORT __iob,DATA | 808 | $0006000C |
| 267 | .SPACE $TEXT$ | 809 | EXTRD,U %r3,31,32,%r25 ;offset 0x99c |
| 268 | .SUBSPA $LIT$ | 810 | COPY %r3,%r26 ;offset 0x9a0 |
| 269 | 811 | EXTRD,U %r3,31,32,%r9 ;offset 0x9a4 | |
| 270 | .align 4 | 812 | EXTRD,U %r4,31,32,%r8 ;offset 0x9a8 |
| 271 | L$C0000 | 813 | .CALL ARGW0=GR,ARGW1=GR,RTNVAL=GR ;in=25,26;out=28; |
| 272 | .STRING "Division would overflow (%d)\x0a\x00" | 814 | B,L BN_num_bits_word,%r2 ;offset 0x9ac |
| 273 | .IMPORT abort,CODE | 815 | EXTRD,U %r5,31,32,%r7 ;offset 0x9b0 |
| 274 | .SPACE $TEXT$ | 816 | LDI 64,%r20 ;offset 0x9b4 |
| 275 | .SUBSPA $CODE$ | 817 | DEPD %r7,31,32,%r5 ;offset 0x9b8 |
| 276 | 818 | DEPD %r8,31,32,%r4 ;offset 0x9bc | |
| 277 | .align 4 | 819 | DEPD %r9,31,32,%r3 ;offset 0x9c0 |
| 278 | .EXPORT bn_div64,ENTRY,PRIV_LEV=3,ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR | 820 | CMPB,= %r28,%r20,$00060012 ;offset 0x9c4 |
| 279 | bn_div64 | 821 | COPY %r28,%r24 ;offset 0x9c8 |
| 822 | MTSARCM %r24 ;offset 0x9cc | ||
| 823 | DEPDI,Z -1,%sar,1,%r19 ;offset 0x9d0 | ||
| 824 | CMPB,*>>,N %r4,%r19,$D2 ;offset 0x9d4 | ||
| 825 | $00060012 | ||
| 826 | SUBI 64,%r24,%r31 ;offset 0x9d8 | ||
| 827 | CMPCLR,*<< %r4,%r3,%r0 ;offset 0x9dc | ||
| 828 | SUB %r4,%r3,%r4 ;offset 0x9e0 | ||
| 829 | $00060016 | ||
| 830 | CMPB,= %r31,%r0,$0006001A ;offset 0x9e4 | ||
| 831 | COPY %r0,%r9 ;offset 0x9e8 | ||
| 832 | MTSARCM %r31 ;offset 0x9ec | ||
| 833 | DEPD,Z %r3,%sar,64,%r3 ;offset 0x9f0 | ||
| 834 | SUBI 64,%r31,%r26 ;offset 0x9f4 | ||
| 835 | MTSAR %r26 ;offset 0x9f8 | ||
| 836 | SHRPD %r4,%r5,%sar,%r4 ;offset 0x9fc | ||
| 837 | MTSARCM %r31 ;offset 0xa00 | ||
| 838 | DEPD,Z %r5,%sar,64,%r5 ;offset 0xa04 | ||
| 839 | $0006001A | ||
| 840 | DEPDI,Z -1,31,32,%r19 ;offset 0xa08 | ||
| 841 | AND %r3,%r19,%r29 ;offset 0xa0c | ||
| 842 | EXTRD,U %r29,31,32,%r2 ;offset 0xa10 | ||
| 843 | DEPDI,Z -1,63,32,%r6 ;offset 0xa14 | ||
| 844 | MOVIB,TR 2,%r8,$0006001C ;offset 0xa18 | ||
| 845 | EXTRD,U %r3,63,32,%r7 ;offset 0xa1c | ||
| 846 | $D2 | ||
| 847 | ADDIL LR'__iob-$global$,%r27,%r1 ;offset 0xa20 | ||
| 848 | LDIL LR'C$7,%r21 ;offset 0xa24 | ||
| 849 | LDO RR'__iob-$global$+32(%r1),%r26 ;offset 0xa28 | ||
| 850 | .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR,RTNVAL=GR ;in=24,25,26;out=28; | ||
| 851 | B,L fprintf,%r2 ;offset 0xa2c | ||
| 852 | LDO RR'C$7(%r21),%r25 ;offset 0xa30 | ||
| 853 | .CALL ; | ||
| 854 | B,L abort,%r2 ;offset 0xa34 | ||
| 855 | NOP ;offset 0xa38 | ||
| 856 | B $D3 ;offset 0xa3c | ||
| 857 | LDW -212(%r30),%r2 ;offset 0xa40 | ||
| 858 | $00060020 | ||
| 859 | COPY %r4,%r26 ;offset 0xa44 | ||
| 860 | EXTRD,U %r4,31,32,%r25 ;offset 0xa48 | ||
| 861 | COPY %r2,%r24 ;offset 0xa4c | ||
| 862 | .CALL ;in=23,24,25,26;out=20,21,22,28,29; (MILLICALL) | ||
| 863 | B,L $$div2U,%r31 ;offset 0xa50 | ||
| 864 | EXTRD,U %r2,31,32,%r23 ;offset 0xa54 | ||
| 865 | DEPD %r28,31,32,%r29 ;offset 0xa58 | ||
| 866 | $00060022 | ||
| 867 | STD %r29,-152(%r30) ;offset 0xa5c | ||
| 868 | $D1 | ||
| 869 | AND %r5,%r19,%r24 ;offset 0xa60 | ||
| 870 | EXTRD,U %r24,31,32,%r24 ;offset 0xa64 | ||
| 871 | STW %r2,-160(%r30) ;offset 0xa68 | ||
| 872 | STW %r7,-128(%r30) ;offset 0xa6c | ||
| 873 | FLDD -152(%r30),%fr4 ;offset 0xa70 | ||
| 874 | FLDD -152(%r30),%fr7 ;offset 0xa74 | ||
| 875 | FLDW -160(%r30),%fr8L ;offset 0xa78 | ||
| 876 | FLDW -128(%r30),%fr5L ;offset 0xa7c | ||
| 877 | XMPYU %fr8L,%fr7L,%fr10 ;offset 0xa80 | ||
| 878 | FSTD %fr10,-136(%r30) ;offset 0xa84 | ||
| 879 | XMPYU %fr8L,%fr7R,%fr22 ;offset 0xa88 | ||
| 880 | FSTD %fr22,-144(%r30) ;offset 0xa8c | ||
| 881 | XMPYU %fr5L,%fr4L,%fr11 ;offset 0xa90 | ||
| 882 | XMPYU %fr5L,%fr4R,%fr23 ;offset 0xa94 | ||
| 883 | FSTD %fr11,-112(%r30) ;offset 0xa98 | ||
| 884 | FSTD %fr23,-120(%r30) ;offset 0xa9c | ||
| 885 | LDD -136(%r30),%r28 ;offset 0xaa0 | ||
| 886 | DEPD,Z %r28,31,32,%r31 ;offset 0xaa4 | ||
| 887 | LDD -144(%r30),%r20 ;offset 0xaa8 | ||
| 888 | ADD,L %r20,%r31,%r31 ;offset 0xaac | ||
| 889 | LDD -112(%r30),%r22 ;offset 0xab0 | ||
| 890 | DEPD,Z %r22,31,32,%r22 ;offset 0xab4 | ||
| 891 | LDD -120(%r30),%r21 ;offset 0xab8 | ||
| 892 | B $00060024 ;offset 0xabc | ||
| 893 | ADD,L %r21,%r22,%r23 ;offset 0xac0 | ||
| 894 | $D0 | ||
| 895 | OR %r9,%r29,%r29 ;offset 0xac4 | ||
| 896 | $00060040 | ||
| 897 | EXTRD,U %r29,31,32,%r28 ;offset 0xac8 | ||
| 898 | $00060002 | ||
| 899 | $L2 | ||
| 900 | LDW -212(%r30),%r2 ;offset 0xacc | ||
| 901 | $D3 | ||
| 902 | LDW -168(%r30),%r9 ;offset 0xad0 | ||
| 903 | LDD -176(%r30),%r8 ;offset 0xad4 | ||
| 904 | EXTRD,U %r8,31,32,%r7 ;offset 0xad8 | ||
| 905 | LDD -184(%r30),%r6 ;offset 0xadc | ||
| 906 | EXTRD,U %r6,31,32,%r5 ;offset 0xae0 | ||
| 907 | LDW -188(%r30),%r4 ;offset 0xae4 | ||
| 908 | BVE (%r2) ;offset 0xae8 | ||
| 909 | .EXIT | ||
| 910 | LDW,MB -192(%r30),%r3 ;offset 0xaec | ||
| 911 | .PROCEND ;in=23,25;out=28,29;fpin=105,107; | ||
| 912 | |||
| 913 | |||
| 914 | |||
| 915 | |||
| 916 | ;---------------------------------------------------------------------------- | ||
| 917 | ; | ||
| 918 | ; Registers to hold 64-bit values to manipulate. The "L" part | ||
| 919 | ; of the register corresponds to the upper 32-bits, while the "R" | ||
| 920 | ; part corresponds to the lower 32-bits | ||
| 921 | ; | ||
| 922 | ; Note, that when using b6 and b7, the code must save these before | ||
| 923 | ; using them because they are callee save registers | ||
| 924 | ; | ||
| 925 | ; | ||
| 926 | ; Floating point registers to use to save values that | ||
| 927 | ; are manipulated. These don't collide with ftemp1-6 and | ||
| 928 | ; are all caller save registers | ||
| 929 | ; | ||
| 930 | a0 .reg %fr22 | ||
| 931 | a0L .reg %fr22L | ||
| 932 | a0R .reg %fr22R | ||
| 933 | |||
| 934 | a1 .reg %fr23 | ||
| 935 | a1L .reg %fr23L | ||
| 936 | a1R .reg %fr23R | ||
| 937 | |||
| 938 | a2 .reg %fr24 | ||
| 939 | a2L .reg %fr24L | ||
| 940 | a2R .reg %fr24R | ||
| 941 | |||
| 942 | a3 .reg %fr25 | ||
| 943 | a3L .reg %fr25L | ||
| 944 | a3R .reg %fr25R | ||
| 945 | |||
| 946 | a4 .reg %fr26 | ||
| 947 | a4L .reg %fr26L | ||
| 948 | a4R .reg %fr26R | ||
| 949 | |||
| 950 | a5 .reg %fr27 | ||
| 951 | a5L .reg %fr27L | ||
| 952 | a5R .reg %fr27R | ||
| 953 | |||
| 954 | a6 .reg %fr28 | ||
| 955 | a6L .reg %fr28L | ||
| 956 | a6R .reg %fr28R | ||
| 957 | |||
| 958 | a7 .reg %fr29 | ||
| 959 | a7L .reg %fr29L | ||
| 960 | a7R .reg %fr29R | ||
| 961 | |||
| 962 | b0 .reg %fr30 | ||
| 963 | b0L .reg %fr30L | ||
| 964 | b0R .reg %fr30R | ||
| 965 | |||
| 966 | b1 .reg %fr31 | ||
| 967 | b1L .reg %fr31L | ||
| 968 | b1R .reg %fr31R | ||
| 969 | |||
| 970 | ; | ||
| 971 | ; Temporary floating point variables, these are all caller save | ||
| 972 | ; registers | ||
| 973 | ; | ||
| 974 | ftemp1 .reg %fr4 | ||
| 975 | ftemp2 .reg %fr5 | ||
| 976 | ftemp3 .reg %fr6 | ||
| 977 | ftemp4 .reg %fr7 | ||
| 978 | |||
| 979 | ; | ||
| 980 | ; The B set of registers when used. | ||
| 981 | ; | ||
| 982 | |||
| 983 | b2 .reg %fr8 | ||
| 984 | b2L .reg %fr8L | ||
| 985 | b2R .reg %fr8R | ||
| 986 | |||
| 987 | b3 .reg %fr9 | ||
| 988 | b3L .reg %fr9L | ||
| 989 | b3R .reg %fr9R | ||
| 990 | |||
| 991 | b4 .reg %fr10 | ||
| 992 | b4L .reg %fr10L | ||
| 993 | b4R .reg %fr10R | ||
| 994 | |||
| 995 | b5 .reg %fr11 | ||
| 996 | b5L .reg %fr11L | ||
| 997 | b5R .reg %fr11R | ||
| 998 | |||
| 999 | b6 .reg %fr12 | ||
| 1000 | b6L .reg %fr12L | ||
| 1001 | b6R .reg %fr12R | ||
| 1002 | |||
| 1003 | b7 .reg %fr13 | ||
| 1004 | b7L .reg %fr13L | ||
| 1005 | b7R .reg %fr13R | ||
| 1006 | |||
| 1007 | c1 .reg %r21 ; only reg | ||
| 1008 | temp1 .reg %r20 ; only reg | ||
| 1009 | temp2 .reg %r19 ; only reg | ||
| 1010 | temp3 .reg %r31 ; only reg | ||
| 1011 | |||
| 1012 | m1 .reg %r28 | ||
| 1013 | c2 .reg %r23 | ||
| 1014 | high_one .reg %r1 | ||
| 1015 | ht .reg %r6 | ||
| 1016 | lt .reg %r5 | ||
| 1017 | m .reg %r4 | ||
| 1018 | c3 .reg %r3 | ||
| 1019 | |||
| 1020 | SQR_ADD_C .macro A0L,A0R,C1,C2,C3 | ||
| 1021 | XMPYU A0L,A0R,ftemp1 ; m | ||
| 1022 | FSTD ftemp1,-24(%sp) ; store m | ||
| 1023 | |||
| 1024 | XMPYU A0R,A0R,ftemp2 ; lt | ||
| 1025 | FSTD ftemp2,-16(%sp) ; store lt | ||
| 1026 | |||
| 1027 | XMPYU A0L,A0L,ftemp3 ; ht | ||
| 1028 | FSTD ftemp3,-8(%sp) ; store ht | ||
| 1029 | |||
| 1030 | LDD -24(%sp),m ; load m | ||
| 1031 | AND m,high_mask,temp2 ; m & Mask | ||
| 1032 | DEPD,Z m,30,31,temp3 ; m << 32+1 | ||
| 1033 | LDD -16(%sp),lt ; lt | ||
| 1034 | |||
| 1035 | LDD -8(%sp),ht ; ht | ||
| 1036 | EXTRD,U temp2,32,33,temp1 ; temp1 = m&Mask >> 32-1 | ||
| 1037 | ADD temp3,lt,lt ; lt = lt+m | ||
| 1038 | ADD,L ht,temp1,ht ; ht += temp1 | ||
| 1039 | ADD,DC ht,%r0,ht ; ht++ | ||
| 1040 | |||
| 1041 | ADD C1,lt,C1 ; c1=c1+lt | ||
| 1042 | ADD,DC ht,%r0,ht ; ht++ | ||
| 1043 | |||
| 1044 | ADD C2,ht,C2 ; c2=c2+ht | ||
| 1045 | ADD,DC C3,%r0,C3 ; c3++ | ||
| 1046 | .endm | ||
| 1047 | |||
| 1048 | SQR_ADD_C2 .macro A0L,A0R,A1L,A1R,C1,C2,C3 | ||
| 1049 | XMPYU A0L,A1R,ftemp1 ; m1 = bl*ht | ||
| 1050 | FSTD ftemp1,-16(%sp) ; | ||
| 1051 | XMPYU A0R,A1L,ftemp2 ; m = bh*lt | ||
| 1052 | FSTD ftemp2,-8(%sp) ; | ||
| 1053 | XMPYU A0R,A1R,ftemp3 ; lt = bl*lt | ||
| 1054 | FSTD ftemp3,-32(%sp) | ||
| 1055 | XMPYU A0L,A1L,ftemp4 ; ht = bh*ht | ||
| 1056 | FSTD ftemp4,-24(%sp) ; | ||
| 1057 | |||
| 1058 | LDD -8(%sp),m ; r21 = m | ||
| 1059 | LDD -16(%sp),m1 ; r19 = m1 | ||
| 1060 | ADD,L m,m1,m ; m+m1 | ||
| 1061 | |||
| 1062 | DEPD,Z m,31,32,temp3 ; (m+m1<<32) | ||
| 1063 | LDD -24(%sp),ht ; r24 = ht | ||
| 1064 | |||
| 1065 | CMPCLR,*>>= m,m1,%r0 ; if (m < m1) | ||
| 1066 | ADD,L ht,high_one,ht ; ht+=high_one | ||
| 1067 | |||
| 1068 | EXTRD,U m,31,32,temp1 ; m >> 32 | ||
| 1069 | LDD -32(%sp),lt ; lt | ||
| 1070 | ADD,L ht,temp1,ht ; ht+= m>>32 | ||
| 1071 | ADD lt,temp3,lt ; lt = lt+m1 | ||
| 1072 | ADD,DC ht,%r0,ht ; ht++ | ||
| 1073 | |||
| 1074 | ADD ht,ht,ht ; ht=ht+ht; | ||
| 1075 | ADD,DC C3,%r0,C3 ; add in carry (c3++) | ||
| 1076 | |||
| 1077 | ADD lt,lt,lt ; lt=lt+lt; | ||
| 1078 | ADD,DC ht,%r0,ht ; add in carry (ht++) | ||
| 1079 | |||
| 1080 | ADD C1,lt,C1 ; c1=c1+lt | ||
| 1081 | ADD,DC,*NUV ht,%r0,ht ; add in carry (ht++) | ||
| 1082 | LDO 1(C3),C3 ; bump c3 if overflow,nullify otherwise | ||
| 1083 | |||
| 1084 | ADD C2,ht,C2 ; c2 = c2 + ht | ||
| 1085 | ADD,DC C3,%r0,C3 ; add in carry (c3++) | ||
| 1086 | .endm | ||
| 1087 | |||
| 1088 | ; | ||
| 1089 | ;void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | ||
| 1090 | ; arg0 = r_ptr | ||
| 1091 | ; arg1 = a_ptr | ||
| 1092 | ; | ||
| 1093 | |||
| 1094 | bn_sqr_comba8 | ||
| 280 | .PROC | 1095 | .PROC |
| 281 | .CALLINFO FRAME=128,CALLS,SAVE_RP,ENTRY_GR=8 | 1096 | .CALLINFO FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE |
| 282 | .ENTRY | 1097 | .EXPORT bn_sqr_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN |
| 283 | stw %r2,-20(0,%r30) | 1098 | .ENTRY |
| 284 | stwm %r8,128(0,%r30) | 1099 | .align 64 |
| 285 | stw %r7,-124(0,%r30) | 1100 | |
| 286 | stw %r4,-112(0,%r30) | 1101 | STD %r3,0(%sp) ; save r3 |
| 287 | stw %r3,-108(0,%r30) | 1102 | STD %r4,8(%sp) ; save r4 |
| 288 | copy %r26,%r3 | 1103 | STD %r5,16(%sp) ; save r5 |
| 289 | copy %r25,%r4 | 1104 | STD %r6,24(%sp) ; save r6 |
| 290 | stw %r6,-120(0,%r30) | 1105 | |
| 291 | ldi 0,%r7 | 1106 | ; |
| 292 | stw %r5,-116(0,%r30) | 1107 | ; Zero out carries |
| 293 | movb,<> %r24,%r5,L$0051 | 1108 | ; |
| 294 | ldi 2,%r6 | 1109 | COPY %r0,c1 |
| 295 | bl L$0068,0 | 1110 | COPY %r0,c2 |
| 296 | ldi -1,%r28 | 1111 | COPY %r0,c3 |
| 297 | L$0051 | 1112 | |
| 298 | .CALL ARGW0=GR | 1113 | LDO 128(%sp),%sp ; bump stack |
| 299 | bl BN_num_bits_word,%r2 | 1114 | DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L |
| 300 | copy %r5,%r26 | 1115 | DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 |
| 301 | copy %r28,%r24 | 1116 | |
| 302 | ldi 32,%r19 | 1117 | ; |
| 303 | comb,= %r19,%r24,L$0052 | 1118 | ; Load up all of the values we are going to use |
| 304 | subi 31,%r24,%r19 | 1119 | ; |
| 305 | mtsar %r19 | 1120 | FLDD 0(a_ptr),a0 |
| 306 | zvdepi 1,32,%r19 | 1121 | FLDD 8(a_ptr),a1 |
| 307 | comb,>>= %r19,%r3,L$0052 | 1122 | FLDD 16(a_ptr),a2 |
| 308 | addil LR'__iob-$global$+32,%r27 | 1123 | FLDD 24(a_ptr),a3 |
| 309 | ldo RR'__iob-$global$+32(%r1),%r26 | 1124 | FLDD 32(a_ptr),a4 |
| 310 | ldil LR'L$C0000,%r25 | 1125 | FLDD 40(a_ptr),a5 |
| 311 | .CALL ARGW0=GR,ARGW1=GR,ARGW2=GR | 1126 | FLDD 48(a_ptr),a6 |
| 312 | bl fprintf,%r2 | 1127 | FLDD 56(a_ptr),a7 |
| 313 | ldo RR'L$C0000(%r25),%r25 | 1128 | |
| 314 | .CALL | 1129 | SQR_ADD_C a0L,a0R,c1,c2,c3 |
| 315 | bl abort,%r2 | 1130 | STD c1,0(r_ptr) ; r[0] = c1; |
| 316 | nop | 1131 | COPY %r0,c1 |
| 317 | L$0052 | 1132 | |
| 318 | comb,>> %r5,%r3,L$0053 | 1133 | SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 |
| 319 | subi 32,%r24,%r24 | 1134 | STD c2,8(r_ptr) ; r[1] = c2; |
| 320 | sub %r3,%r5,%r3 | 1135 | COPY %r0,c2 |
| 321 | L$0053 | 1136 | |
| 322 | comib,= 0,%r24,L$0054 | 1137 | SQR_ADD_C a1L,a1R,c3,c1,c2 |
| 323 | subi 31,%r24,%r19 | 1138 | SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 |
| 324 | mtsar %r19 | 1139 | STD c3,16(r_ptr) ; r[2] = c3; |
| 325 | zvdep %r5,32,%r5 | 1140 | COPY %r0,c3 |
| 326 | zvdep %r3,32,%r21 | 1141 | |
| 327 | subi 32,%r24,%r20 | 1142 | SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 |
| 328 | mtsar %r20 | 1143 | SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 |
| 329 | vshd 0,%r4,%r20 | 1144 | STD c1,24(r_ptr) ; r[3] = c1; |
| 330 | or %r21,%r20,%r3 | 1145 | COPY %r0,c1 |
| 331 | mtsar %r19 | 1146 | |
| 332 | zvdep %r4,32,%r4 | 1147 | SQR_ADD_C a2L,a2R,c2,c3,c1 |
| 333 | L$0054 | 1148 | SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 |
| 334 | extru %r5,15,16,%r23 | 1149 | SQR_ADD_C2 a4L,a4R,a0L,a0R,c2,c3,c1 |
| 335 | extru %r5,31,16,%r28 | 1150 | STD c2,32(r_ptr) ; r[4] = c2; |
| 336 | L$0055 | 1151 | COPY %r0,c2 |
| 337 | extru %r3,15,16,%r19 | 1152 | |
| 338 | comb,<> %r23,%r19,L$0058 | 1153 | SQR_ADD_C2 a5L,a5R,a0L,a0R,c3,c1,c2 |
| 339 | copy %r3,%r26 | 1154 | SQR_ADD_C2 a4L,a4R,a1L,a1R,c3,c1,c2 |
| 340 | bl L$0059,0 | 1155 | SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 |
| 341 | zdepi -1,31,16,%r29 | 1156 | STD c3,40(r_ptr) ; r[5] = c3; |
| 342 | L$0058 | 1157 | COPY %r0,c3 |
| 343 | .IMPORT $$divU,MILLICODE | 1158 | |
| 344 | bl $$divU,%r31 | 1159 | SQR_ADD_C a3L,a3R,c1,c2,c3 |
| 345 | copy %r23,%r25 | 1160 | SQR_ADD_C2 a4L,a4R,a2L,a2R,c1,c2,c3 |
| 346 | L$0059 | 1161 | SQR_ADD_C2 a5L,a5R,a1L,a1R,c1,c2,c3 |
| 347 | stw %r29,-16(0,%r30) | 1162 | SQR_ADD_C2 a6L,a6R,a0L,a0R,c1,c2,c3 |
| 348 | fldws -16(0,%r30),%fr10L | 1163 | STD c1,48(r_ptr) ; r[6] = c1; |
| 349 | stw %r28,-16(0,%r30) | 1164 | COPY %r0,c1 |
| 350 | fldws -16(0,%r30),%fr10R | 1165 | |
| 351 | stw %r23,-16(0,%r30) | 1166 | SQR_ADD_C2 a7L,a7R,a0L,a0R,c2,c3,c1 |
| 352 | xmpyu %fr10L,%fr10R,%fr8 | 1167 | SQR_ADD_C2 a6L,a6R,a1L,a1R,c2,c3,c1 |
| 353 | fldws -16(0,%r30),%fr10R | 1168 | SQR_ADD_C2 a5L,a5R,a2L,a2R,c2,c3,c1 |
| 354 | fstws %fr8R,-16(0,%r30) | 1169 | SQR_ADD_C2 a4L,a4R,a3L,a3R,c2,c3,c1 |
| 355 | xmpyu %fr10L,%fr10R,%fr9 | 1170 | STD c2,56(r_ptr) ; r[7] = c2; |
| 356 | ldw -16(0,%r30),%r8 | 1171 | COPY %r0,c2 |
| 357 | fstws %fr9R,-16(0,%r30) | 1172 | |
| 358 | copy %r8,%r22 | 1173 | SQR_ADD_C a4L,a4R,c3,c1,c2 |
| 359 | ldw -16(0,%r30),%r8 | 1174 | SQR_ADD_C2 a5L,a5R,a3L,a3R,c3,c1,c2 |
| 360 | extru %r4,15,16,%r24 | 1175 | SQR_ADD_C2 a6L,a6R,a2L,a2R,c3,c1,c2 |
| 361 | copy %r8,%r21 | 1176 | SQR_ADD_C2 a7L,a7R,a1L,a1R,c3,c1,c2 |
| 362 | L$0060 | 1177 | STD c3,64(r_ptr) ; r[8] = c3; |
| 363 | sub %r3,%r21,%r20 | 1178 | COPY %r0,c3 |
| 364 | copy %r20,%r19 | 1179 | |
| 365 | depi 0,31,16,%r19 | 1180 | SQR_ADD_C2 a7L,a7R,a2L,a2R,c1,c2,c3 |
| 366 | comib,<> 0,%r19,L$0061 | 1181 | SQR_ADD_C2 a6L,a6R,a3L,a3R,c1,c2,c3 |
| 367 | zdep %r20,15,16,%r19 | 1182 | SQR_ADD_C2 a5L,a5R,a4L,a4R,c1,c2,c3 |
| 368 | addl %r19,%r24,%r19 | 1183 | STD c1,72(r_ptr) ; r[9] = c1; |
| 369 | comb,>>= %r19,%r22,L$0061 | 1184 | COPY %r0,c1 |
| 370 | sub %r22,%r28,%r22 | 1185 | |
| 371 | sub %r21,%r23,%r21 | 1186 | SQR_ADD_C a5L,a5R,c2,c3,c1 |
| 372 | bl L$0060,0 | 1187 | SQR_ADD_C2 a6L,a6R,a4L,a4R,c2,c3,c1 |
| 373 | ldo -1(%r29),%r29 | 1188 | SQR_ADD_C2 a7L,a7R,a3L,a3R,c2,c3,c1 |
| 374 | L$0061 | 1189 | STD c2,80(r_ptr) ; r[10] = c2; |
| 375 | stw %r29,-16(0,%r30) | 1190 | COPY %r0,c2 |
| 376 | fldws -16(0,%r30),%fr10L | 1191 | |
| 377 | stw %r28,-16(0,%r30) | 1192 | SQR_ADD_C2 a7L,a7R,a4L,a4R,c3,c1,c2 |
| 378 | fldws -16(0,%r30),%fr10R | 1193 | SQR_ADD_C2 a6L,a6R,a5L,a5R,c3,c1,c2 |
| 379 | xmpyu %fr10L,%fr10R,%fr8 | 1194 | STD c3,88(r_ptr) ; r[11] = c3; |
| 380 | fstws %fr8R,-16(0,%r30) | 1195 | COPY %r0,c3 |
| 381 | ldw -16(0,%r30),%r8 | 1196 | |
| 382 | stw %r23,-16(0,%r30) | 1197 | SQR_ADD_C a6L,a6R,c1,c2,c3 |
| 383 | fldws -16(0,%r30),%fr10R | 1198 | SQR_ADD_C2 a7L,a7R,a5L,a5R,c1,c2,c3 |
| 384 | copy %r8,%r19 | 1199 | STD c1,96(r_ptr) ; r[12] = c1; |
| 385 | xmpyu %fr10L,%fr10R,%fr8 | 1200 | COPY %r0,c1 |
| 386 | fstws %fr8R,-16(0,%r30) | 1201 | |
| 387 | extru %r19,15,16,%r20 | 1202 | SQR_ADD_C2 a7L,a7R,a6L,a6R,c2,c3,c1 |
| 388 | ldw -16(0,%r30),%r8 | 1203 | STD c2,104(r_ptr) ; r[13] = c2; |
| 389 | zdep %r19,15,16,%r19 | 1204 | COPY %r0,c2 |
| 390 | addl %r8,%r20,%r20 | 1205 | |
| 391 | comclr,<<= %r19,%r4,0 | 1206 | SQR_ADD_C a7L,a7R,c3,c1,c2 |
| 392 | addi 1,%r20,%r20 | 1207 | STD c3, 112(r_ptr) ; r[14] = c3 |
| 393 | comb,<<= %r20,%r3,L$0066 | 1208 | STD c1, 120(r_ptr) ; r[15] = c1 |
| 394 | sub %r4,%r19,%r4 | 1209 | |
| 395 | addl %r3,%r5,%r3 | 1210 | .EXIT |
| 396 | ldo -1(%r29),%r29 | 1211 | LDD -104(%sp),%r6 ; restore r6 |
| 397 | L$0066 | 1212 | LDD -112(%sp),%r5 ; restore r5 |
| 398 | addib,= -1,%r6,L$0056 | 1213 | LDD -120(%sp),%r4 ; restore r4 |
| 399 | sub %r3,%r20,%r3 | 1214 | BVE (%rp) |
| 400 | zdep %r29,15,16,%r7 | 1215 | LDD,MB -128(%sp),%r3 |
| 401 | shd %r3,%r4,16,%r3 | 1216 | |
| 402 | bl L$0055,0 | 1217 | .PROCEND |
| 403 | zdep %r4,15,16,%r4 | 1218 | |
| 404 | L$0056 | 1219 | ;----------------------------------------------------------------------------- |
| 405 | or %r7,%r29,%r28 | 1220 | ; |
| 406 | L$0068 | 1221 | ;void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) |
| 407 | ldw -148(0,%r30),%r2 | 1222 | ; arg0 = r_ptr |
| 408 | ldw -124(0,%r30),%r7 | 1223 | ; arg1 = a_ptr |
| 409 | ldw -120(0,%r30),%r6 | 1224 | ; |
| 410 | ldw -116(0,%r30),%r5 | 1225 | |
| 411 | ldw -112(0,%r30),%r4 | 1226 | bn_sqr_comba4 |
| 412 | ldw -108(0,%r30),%r3 | 1227 | .proc |
| 413 | bv 0(%r2) | 1228 | .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE |
| 414 | ldwm -128(0,%r30),%r8 | 1229 | .EXPORT bn_sqr_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN |
| 415 | .EXIT | 1230 | .entry |
| 416 | .PROCEND | 1231 | .align 64 |
| 1232 | STD %r3,0(%sp) ; save r3 | ||
| 1233 | STD %r4,8(%sp) ; save r4 | ||
| 1234 | STD %r5,16(%sp) ; save r5 | ||
| 1235 | STD %r6,24(%sp) ; save r6 | ||
| 1236 | |||
| 1237 | ; | ||
| 1238 | ; Zero out carries | ||
| 1239 | ; | ||
| 1240 | COPY %r0,c1 | ||
| 1241 | COPY %r0,c2 | ||
| 1242 | COPY %r0,c3 | ||
| 1243 | |||
| 1244 | LDO 128(%sp),%sp ; bump stack | ||
| 1245 | DEPDI,Z -1,32,33,high_mask ; Create Mask 0xffffffff80000000L | ||
| 1246 | DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 | ||
| 1247 | |||
| 1248 | ; | ||
| 1249 | ; Load up all of the values we are going to use | ||
| 1250 | ; | ||
| 1251 | FLDD 0(a_ptr),a0 | ||
| 1252 | FLDD 8(a_ptr),a1 | ||
| 1253 | FLDD 16(a_ptr),a2 | ||
| 1254 | FLDD 24(a_ptr),a3 | ||
| 1255 | FLDD 32(a_ptr),a4 | ||
| 1256 | FLDD 40(a_ptr),a5 | ||
| 1257 | FLDD 48(a_ptr),a6 | ||
| 1258 | FLDD 56(a_ptr),a7 | ||
| 1259 | |||
| 1260 | SQR_ADD_C a0L,a0R,c1,c2,c3 | ||
| 1261 | |||
| 1262 | STD c1,0(r_ptr) ; r[0] = c1; | ||
| 1263 | COPY %r0,c1 | ||
| 1264 | |||
| 1265 | SQR_ADD_C2 a1L,a1R,a0L,a0R,c2,c3,c1 | ||
| 1266 | |||
| 1267 | STD c2,8(r_ptr) ; r[1] = c2; | ||
| 1268 | COPY %r0,c2 | ||
| 1269 | |||
| 1270 | SQR_ADD_C a1L,a1R,c3,c1,c2 | ||
| 1271 | SQR_ADD_C2 a2L,a2R,a0L,a0R,c3,c1,c2 | ||
| 1272 | |||
| 1273 | STD c3,16(r_ptr) ; r[2] = c3; | ||
| 1274 | COPY %r0,c3 | ||
| 1275 | |||
| 1276 | SQR_ADD_C2 a3L,a3R,a0L,a0R,c1,c2,c3 | ||
| 1277 | SQR_ADD_C2 a2L,a2R,a1L,a1R,c1,c2,c3 | ||
| 1278 | |||
| 1279 | STD c1,24(r_ptr) ; r[3] = c1; | ||
| 1280 | COPY %r0,c1 | ||
| 1281 | |||
| 1282 | SQR_ADD_C a2L,a2R,c2,c3,c1 | ||
| 1283 | SQR_ADD_C2 a3L,a3R,a1L,a1R,c2,c3,c1 | ||
| 1284 | |||
| 1285 | STD c2,32(r_ptr) ; r[4] = c2; | ||
| 1286 | COPY %r0,c2 | ||
| 1287 | |||
| 1288 | SQR_ADD_C2 a3L,a3R,a2L,a2R,c3,c1,c2 | ||
| 1289 | STD c3,40(r_ptr) ; r[5] = c3; | ||
| 1290 | COPY %r0,c3 | ||
| 1291 | |||
| 1292 | SQR_ADD_C a3L,a3R,c1,c2,c3 | ||
| 1293 | STD c1,48(r_ptr) ; r[6] = c1; | ||
| 1294 | STD c2,56(r_ptr) ; r[7] = c2; | ||
| 1295 | |||
| 1296 | .EXIT | ||
| 1297 | LDD -104(%sp),%r6 ; restore r6 | ||
| 1298 | LDD -112(%sp),%r5 ; restore r5 | ||
| 1299 | LDD -120(%sp),%r4 ; restore r4 | ||
| 1300 | BVE (%rp) | ||
| 1301 | LDD,MB -128(%sp),%r3 | ||
| 1302 | |||
| 1303 | .PROCEND | ||
| 1304 | |||
| 1305 | |||
| 1306 | ;--------------------------------------------------------------------------- | ||
| 1307 | |||
| 1308 | MUL_ADD_C .macro A0L,A0R,B0L,B0R,C1,C2,C3 | ||
| 1309 | XMPYU A0L,B0R,ftemp1 ; m1 = bl*ht | ||
| 1310 | FSTD ftemp1,-16(%sp) ; | ||
| 1311 | XMPYU A0R,B0L,ftemp2 ; m = bh*lt | ||
| 1312 | FSTD ftemp2,-8(%sp) ; | ||
| 1313 | XMPYU A0R,B0R,ftemp3 ; lt = bl*lt | ||
| 1314 | FSTD ftemp3,-32(%sp) | ||
| 1315 | XMPYU A0L,B0L,ftemp4 ; ht = bh*ht | ||
| 1316 | FSTD ftemp4,-24(%sp) ; | ||
| 1317 | |||
| 1318 | LDD -8(%sp),m ; r21 = m | ||
| 1319 | LDD -16(%sp),m1 ; r19 = m1 | ||
| 1320 | ADD,L m,m1,m ; m+m1 | ||
| 1321 | |||
| 1322 | DEPD,Z m,31,32,temp3 ; (m+m1<<32) | ||
| 1323 | LDD -24(%sp),ht ; r24 = ht | ||
| 1324 | |||
| 1325 | CMPCLR,*>>= m,m1,%r0 ; if (m < m1) | ||
| 1326 | ADD,L ht,high_one,ht ; ht+=high_one | ||
| 1327 | |||
| 1328 | EXTRD,U m,31,32,temp1 ; m >> 32 | ||
| 1329 | LDD -32(%sp),lt ; lt | ||
| 1330 | ADD,L ht,temp1,ht ; ht+= m>>32 | ||
| 1331 | ADD lt,temp3,lt ; lt = lt+m1 | ||
| 1332 | ADD,DC ht,%r0,ht ; ht++ | ||
| 1333 | |||
| 1334 | ADD C1,lt,C1 ; c1=c1+lt | ||
| 1335 | ADD,DC ht,%r0,ht ; bump c3 if overflow,nullify otherwise | ||
| 1336 | |||
| 1337 | ADD C2,ht,C2 ; c2 = c2 + ht | ||
| 1338 | ADD,DC C3,%r0,C3 ; add in carry (c3++) | ||
| 1339 | .endm | ||
| 1340 | |||
| 1341 | |||
| 1342 | ; | ||
| 1343 | ;void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | ||
| 1344 | ; arg0 = r_ptr | ||
| 1345 | ; arg1 = a_ptr | ||
| 1346 | ; arg2 = b_ptr | ||
| 1347 | ; | ||
| 1348 | |||
| 1349 | bn_mul_comba8 | ||
| 1350 | .proc | ||
| 1351 | .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE | ||
| 1352 | .EXPORT bn_mul_comba8,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN | ||
| 1353 | .entry | ||
| 1354 | .align 64 | ||
| 1355 | |||
| 1356 | STD %r3,0(%sp) ; save r3 | ||
| 1357 | STD %r4,8(%sp) ; save r4 | ||
| 1358 | STD %r5,16(%sp) ; save r5 | ||
| 1359 | STD %r6,24(%sp) ; save r6 | ||
| 1360 | FSTD %fr12,32(%sp) ; save r6 | ||
| 1361 | FSTD %fr13,40(%sp) ; save r7 | ||
| 1362 | |||
| 1363 | ; | ||
| 1364 | ; Zero out carries | ||
| 1365 | ; | ||
| 1366 | COPY %r0,c1 | ||
| 1367 | COPY %r0,c2 | ||
| 1368 | COPY %r0,c3 | ||
| 1369 | |||
| 1370 | LDO 128(%sp),%sp ; bump stack | ||
| 1371 | DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 | ||
| 1372 | |||
| 1373 | ; | ||
| 1374 | ; Load up all of the values we are going to use | ||
| 1375 | ; | ||
| 1376 | FLDD 0(a_ptr),a0 | ||
| 1377 | FLDD 8(a_ptr),a1 | ||
| 1378 | FLDD 16(a_ptr),a2 | ||
| 1379 | FLDD 24(a_ptr),a3 | ||
| 1380 | FLDD 32(a_ptr),a4 | ||
| 1381 | FLDD 40(a_ptr),a5 | ||
| 1382 | FLDD 48(a_ptr),a6 | ||
| 1383 | FLDD 56(a_ptr),a7 | ||
| 1384 | |||
| 1385 | FLDD 0(b_ptr),b0 | ||
| 1386 | FLDD 8(b_ptr),b1 | ||
| 1387 | FLDD 16(b_ptr),b2 | ||
| 1388 | FLDD 24(b_ptr),b3 | ||
| 1389 | FLDD 32(b_ptr),b4 | ||
| 1390 | FLDD 40(b_ptr),b5 | ||
| 1391 | FLDD 48(b_ptr),b6 | ||
| 1392 | FLDD 56(b_ptr),b7 | ||
| 1393 | |||
| 1394 | MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 | ||
| 1395 | STD c1,0(r_ptr) | ||
| 1396 | COPY %r0,c1 | ||
| 1397 | |||
| 1398 | MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 | ||
| 1399 | MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 | ||
| 1400 | STD c2,8(r_ptr) | ||
| 1401 | COPY %r0,c2 | ||
| 1402 | |||
| 1403 | MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 | ||
| 1404 | MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 | ||
| 1405 | MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 | ||
| 1406 | STD c3,16(r_ptr) | ||
| 1407 | COPY %r0,c3 | ||
| 1408 | |||
| 1409 | MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 | ||
| 1410 | MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 | ||
| 1411 | MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 | ||
| 1412 | MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 | ||
| 1413 | STD c1,24(r_ptr) | ||
| 1414 | COPY %r0,c1 | ||
| 1415 | |||
| 1416 | MUL_ADD_C a4L,a4R,b0L,b0R,c2,c3,c1 | ||
| 1417 | MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 | ||
| 1418 | MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 | ||
| 1419 | MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 | ||
| 1420 | MUL_ADD_C a0L,a0R,b4L,b4R,c2,c3,c1 | ||
| 1421 | STD c2,32(r_ptr) | ||
| 1422 | COPY %r0,c2 | ||
| 1423 | |||
| 1424 | MUL_ADD_C a0L,a0R,b5L,b5R,c3,c1,c2 | ||
| 1425 | MUL_ADD_C a1L,a1R,b4L,b4R,c3,c1,c2 | ||
| 1426 | MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 | ||
| 1427 | MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 | ||
| 1428 | MUL_ADD_C a4L,a4R,b1L,b1R,c3,c1,c2 | ||
| 1429 | MUL_ADD_C a5L,a5R,b0L,b0R,c3,c1,c2 | ||
| 1430 | STD c3,40(r_ptr) | ||
| 1431 | COPY %r0,c3 | ||
| 1432 | |||
| 1433 | MUL_ADD_C a6L,a6R,b0L,b0R,c1,c2,c3 | ||
| 1434 | MUL_ADD_C a5L,a5R,b1L,b1R,c1,c2,c3 | ||
| 1435 | MUL_ADD_C a4L,a4R,b2L,b2R,c1,c2,c3 | ||
| 1436 | MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 | ||
| 1437 | MUL_ADD_C a2L,a2R,b4L,b4R,c1,c2,c3 | ||
| 1438 | MUL_ADD_C a1L,a1R,b5L,b5R,c1,c2,c3 | ||
| 1439 | MUL_ADD_C a0L,a0R,b6L,b6R,c1,c2,c3 | ||
| 1440 | STD c1,48(r_ptr) | ||
| 1441 | COPY %r0,c1 | ||
| 1442 | |||
| 1443 | MUL_ADD_C a0L,a0R,b7L,b7R,c2,c3,c1 | ||
| 1444 | MUL_ADD_C a1L,a1R,b6L,b6R,c2,c3,c1 | ||
| 1445 | MUL_ADD_C a2L,a2R,b5L,b5R,c2,c3,c1 | ||
| 1446 | MUL_ADD_C a3L,a3R,b4L,b4R,c2,c3,c1 | ||
| 1447 | MUL_ADD_C a4L,a4R,b3L,b3R,c2,c3,c1 | ||
| 1448 | MUL_ADD_C a5L,a5R,b2L,b2R,c2,c3,c1 | ||
| 1449 | MUL_ADD_C a6L,a6R,b1L,b1R,c2,c3,c1 | ||
| 1450 | MUL_ADD_C a7L,a7R,b0L,b0R,c2,c3,c1 | ||
| 1451 | STD c2,56(r_ptr) | ||
| 1452 | COPY %r0,c2 | ||
| 1453 | |||
| 1454 | MUL_ADD_C a7L,a7R,b1L,b1R,c3,c1,c2 | ||
| 1455 | MUL_ADD_C a6L,a6R,b2L,b2R,c3,c1,c2 | ||
| 1456 | MUL_ADD_C a5L,a5R,b3L,b3R,c3,c1,c2 | ||
| 1457 | MUL_ADD_C a4L,a4R,b4L,b4R,c3,c1,c2 | ||
| 1458 | MUL_ADD_C a3L,a3R,b5L,b5R,c3,c1,c2 | ||
| 1459 | MUL_ADD_C a2L,a2R,b6L,b6R,c3,c1,c2 | ||
| 1460 | MUL_ADD_C a1L,a1R,b7L,b7R,c3,c1,c2 | ||
| 1461 | STD c3,64(r_ptr) | ||
| 1462 | COPY %r0,c3 | ||
| 1463 | |||
| 1464 | MUL_ADD_C a2L,a2R,b7L,b7R,c1,c2,c3 | ||
| 1465 | MUL_ADD_C a3L,a3R,b6L,b6R,c1,c2,c3 | ||
| 1466 | MUL_ADD_C a4L,a4R,b5L,b5R,c1,c2,c3 | ||
| 1467 | MUL_ADD_C a5L,a5R,b4L,b4R,c1,c2,c3 | ||
| 1468 | MUL_ADD_C a6L,a6R,b3L,b3R,c1,c2,c3 | ||
| 1469 | MUL_ADD_C a7L,a7R,b2L,b2R,c1,c2,c3 | ||
| 1470 | STD c1,72(r_ptr) | ||
| 1471 | COPY %r0,c1 | ||
| 1472 | |||
| 1473 | MUL_ADD_C a7L,a7R,b3L,b3R,c2,c3,c1 | ||
| 1474 | MUL_ADD_C a6L,a6R,b4L,b4R,c2,c3,c1 | ||
| 1475 | MUL_ADD_C a5L,a5R,b5L,b5R,c2,c3,c1 | ||
| 1476 | MUL_ADD_C a4L,a4R,b6L,b6R,c2,c3,c1 | ||
| 1477 | MUL_ADD_C a3L,a3R,b7L,b7R,c2,c3,c1 | ||
| 1478 | STD c2,80(r_ptr) | ||
| 1479 | COPY %r0,c2 | ||
| 1480 | |||
| 1481 | MUL_ADD_C a4L,a4R,b7L,b7R,c3,c1,c2 | ||
| 1482 | MUL_ADD_C a5L,a5R,b6L,b6R,c3,c1,c2 | ||
| 1483 | MUL_ADD_C a6L,a6R,b5L,b5R,c3,c1,c2 | ||
| 1484 | MUL_ADD_C a7L,a7R,b4L,b4R,c3,c1,c2 | ||
| 1485 | STD c3,88(r_ptr) | ||
| 1486 | COPY %r0,c3 | ||
| 1487 | |||
| 1488 | MUL_ADD_C a7L,a7R,b5L,b5R,c1,c2,c3 | ||
| 1489 | MUL_ADD_C a6L,a6R,b6L,b6R,c1,c2,c3 | ||
| 1490 | MUL_ADD_C a5L,a5R,b7L,b7R,c1,c2,c3 | ||
| 1491 | STD c1,96(r_ptr) | ||
| 1492 | COPY %r0,c1 | ||
| 1493 | |||
| 1494 | MUL_ADD_C a6L,a6R,b7L,b7R,c2,c3,c1 | ||
| 1495 | MUL_ADD_C a7L,a7R,b6L,b6R,c2,c3,c1 | ||
| 1496 | STD c2,104(r_ptr) | ||
| 1497 | COPY %r0,c2 | ||
| 1498 | |||
| 1499 | MUL_ADD_C a7L,a7R,b7L,b7R,c3,c1,c2 | ||
| 1500 | STD c3,112(r_ptr) | ||
| 1501 | STD c1,120(r_ptr) | ||
| 1502 | |||
| 1503 | .EXIT | ||
| 1504 | FLDD -88(%sp),%fr13 | ||
| 1505 | FLDD -96(%sp),%fr12 | ||
| 1506 | LDD -104(%sp),%r6 ; restore r6 | ||
| 1507 | LDD -112(%sp),%r5 ; restore r5 | ||
| 1508 | LDD -120(%sp),%r4 ; restore r4 | ||
| 1509 | BVE (%rp) | ||
| 1510 | LDD,MB -128(%sp),%r3 | ||
| 1511 | |||
| 1512 | .PROCEND | ||
| 1513 | |||
| 1514 | ;----------------------------------------------------------------------------- | ||
| 1515 | ; | ||
| 1516 | ;void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | ||
| 1517 | ; arg0 = r_ptr | ||
| 1518 | ; arg1 = a_ptr | ||
| 1519 | ; arg2 = b_ptr | ||
| 1520 | ; | ||
| 1521 | |||
| 1522 | bn_mul_comba4 | ||
| 1523 | .proc | ||
| 1524 | .callinfo FRAME=128,ENTRY_GR=%r3,ARGS_SAVED,ORDERING_AWARE | ||
| 1525 | .EXPORT bn_mul_comba4,ENTRY,PRIV_LEV=3,NO_RELOCATION,LONG_RETURN | ||
| 1526 | .entry | ||
| 1527 | .align 64 | ||
| 1528 | |||
| 1529 | STD %r3,0(%sp) ; save r3 | ||
| 1530 | STD %r4,8(%sp) ; save r4 | ||
| 1531 | STD %r5,16(%sp) ; save r5 | ||
| 1532 | STD %r6,24(%sp) ; save r6 | ||
| 1533 | FSTD %fr12,32(%sp) ; save r6 | ||
| 1534 | FSTD %fr13,40(%sp) ; save r7 | ||
| 1535 | |||
| 1536 | ; | ||
| 1537 | ; Zero out carries | ||
| 1538 | ; | ||
| 1539 | COPY %r0,c1 | ||
| 1540 | COPY %r0,c2 | ||
| 1541 | COPY %r0,c3 | ||
| 1542 | |||
| 1543 | LDO 128(%sp),%sp ; bump stack | ||
| 1544 | DEPDI,Z 1,31,1,high_one ; Create Value 1 << 32 | ||
| 1545 | |||
| 1546 | ; | ||
| 1547 | ; Load up all of the values we are going to use | ||
| 1548 | ; | ||
| 1549 | FLDD 0(a_ptr),a0 | ||
| 1550 | FLDD 8(a_ptr),a1 | ||
| 1551 | FLDD 16(a_ptr),a2 | ||
| 1552 | FLDD 24(a_ptr),a3 | ||
| 1553 | |||
| 1554 | FLDD 0(b_ptr),b0 | ||
| 1555 | FLDD 8(b_ptr),b1 | ||
| 1556 | FLDD 16(b_ptr),b2 | ||
| 1557 | FLDD 24(b_ptr),b3 | ||
| 1558 | |||
| 1559 | MUL_ADD_C a0L,a0R,b0L,b0R,c1,c2,c3 | ||
| 1560 | STD c1,0(r_ptr) | ||
| 1561 | COPY %r0,c1 | ||
| 1562 | |||
| 1563 | MUL_ADD_C a0L,a0R,b1L,b1R,c2,c3,c1 | ||
| 1564 | MUL_ADD_C a1L,a1R,b0L,b0R,c2,c3,c1 | ||
| 1565 | STD c2,8(r_ptr) | ||
| 1566 | COPY %r0,c2 | ||
| 1567 | |||
| 1568 | MUL_ADD_C a2L,a2R,b0L,b0R,c3,c1,c2 | ||
| 1569 | MUL_ADD_C a1L,a1R,b1L,b1R,c3,c1,c2 | ||
| 1570 | MUL_ADD_C a0L,a0R,b2L,b2R,c3,c1,c2 | ||
| 1571 | STD c3,16(r_ptr) | ||
| 1572 | COPY %r0,c3 | ||
| 1573 | |||
| 1574 | MUL_ADD_C a0L,a0R,b3L,b3R,c1,c2,c3 | ||
| 1575 | MUL_ADD_C a1L,a1R,b2L,b2R,c1,c2,c3 | ||
| 1576 | MUL_ADD_C a2L,a2R,b1L,b1R,c1,c2,c3 | ||
| 1577 | MUL_ADD_C a3L,a3R,b0L,b0R,c1,c2,c3 | ||
| 1578 | STD c1,24(r_ptr) | ||
| 1579 | COPY %r0,c1 | ||
| 1580 | |||
| 1581 | MUL_ADD_C a3L,a3R,b1L,b1R,c2,c3,c1 | ||
| 1582 | MUL_ADD_C a2L,a2R,b2L,b2R,c2,c3,c1 | ||
| 1583 | MUL_ADD_C a1L,a1R,b3L,b3R,c2,c3,c1 | ||
| 1584 | STD c2,32(r_ptr) | ||
| 1585 | COPY %r0,c2 | ||
| 1586 | |||
| 1587 | MUL_ADD_C a2L,a2R,b3L,b3R,c3,c1,c2 | ||
| 1588 | MUL_ADD_C a3L,a3R,b2L,b2R,c3,c1,c2 | ||
| 1589 | STD c3,40(r_ptr) | ||
| 1590 | COPY %r0,c3 | ||
| 1591 | |||
| 1592 | MUL_ADD_C a3L,a3R,b3L,b3R,c1,c2,c3 | ||
| 1593 | STD c1,48(r_ptr) | ||
| 1594 | STD c2,56(r_ptr) | ||
| 1595 | |||
| 1596 | .EXIT | ||
| 1597 | FLDD -88(%sp),%fr13 | ||
| 1598 | FLDD -96(%sp),%fr12 | ||
| 1599 | LDD -104(%sp),%r6 ; restore r6 | ||
| 1600 | LDD -112(%sp),%r5 ; restore r5 | ||
| 1601 | LDD -120(%sp),%r4 ; restore r4 | ||
| 1602 | BVE (%rp) | ||
| 1603 | LDD,MB -128(%sp),%r3 | ||
| 1604 | |||
| 1605 | .PROCEND | ||
| 1606 | |||
| 1607 | |||
| 1608 | .SPACE $TEXT$ | ||
| 1609 | .SUBSPA $CODE$ | ||
| 1610 | .SPACE $PRIVATE$,SORT=16 | ||
| 1611 | .IMPORT $global$,DATA | ||
| 1612 | .SPACE $TEXT$ | ||
| 1613 | .SUBSPA $CODE$ | ||
| 1614 | .SUBSPA $LIT$,ACCESS=0x2c | ||
| 1615 | C$7 | ||
| 1616 | .ALIGN 8 | ||
| 1617 | .STRINGZ "Division would overflow (%d)\n" | ||
| 1618 | .END | ||
diff --git a/src/lib/libcrypto/bn/asm/pa-risc2W.s b/src/lib/libcrypto/bn/asm/pa-risc2W.s index 54b6606252..a99545754d 100644 --- a/src/lib/libcrypto/bn/asm/pa-risc2W.s +++ b/src/lib/libcrypto/bn/asm/pa-risc2W.s | |||
| @@ -1598,7 +1598,7 @@ bn_mul_comba4 | |||
| 1598 | .IMPORT $global$,DATA | 1598 | .IMPORT $global$,DATA |
| 1599 | .SPACE $TEXT$ | 1599 | .SPACE $TEXT$ |
| 1600 | .SUBSPA $CODE$ | 1600 | .SUBSPA $CODE$ |
| 1601 | .SUBSPA $LIT$,QUAD=0,ALIGN=8,ACCESS=0x2c,SORT=16 | 1601 | .SUBSPA $LIT$,ACCESS=0x2c |
| 1602 | C$4 | 1602 | C$4 |
| 1603 | .ALIGN 8 | 1603 | .ALIGN 8 |
| 1604 | .STRINGZ "Division would overflow (%d)\n" | 1604 | .STRINGZ "Division would overflow (%d)\n" |
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index f935e1ca79..1eaf879553 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h | |||
| @@ -59,38 +59,39 @@ | |||
| 59 | #ifndef HEADER_BN_H | 59 | #ifndef HEADER_BN_H |
| 60 | #define HEADER_BN_H | 60 | #define HEADER_BN_H |
| 61 | 61 | ||
| 62 | #ifndef WIN16 | 62 | #include <openssl/e_os2.h> |
| 63 | #ifndef OPENSSL_NO_FP_API | ||
| 63 | #include <stdio.h> /* FILE */ | 64 | #include <stdio.h> /* FILE */ |
| 64 | #endif | 65 | #endif |
| 65 | #include <openssl/opensslconf.h> | ||
| 66 | 66 | ||
| 67 | #ifdef __cplusplus | 67 | #ifdef __cplusplus |
| 68 | extern "C" { | 68 | extern "C" { |
| 69 | #endif | 69 | #endif |
| 70 | 70 | ||
| 71 | #ifdef VMS | 71 | #ifdef OPENSSL_SYS_VMS |
| 72 | #undef BN_LLONG /* experimental, so far... */ | 72 | #undef BN_LLONG /* experimental, so far... */ |
| 73 | #endif | 73 | #endif |
| 74 | 74 | ||
| 75 | #define BN_MUL_COMBA | 75 | #define BN_MUL_COMBA |
| 76 | #define BN_SQR_COMBA | 76 | #define BN_SQR_COMBA |
| 77 | #define BN_RECURSION | 77 | #define BN_RECURSION |
| 78 | #define RECP_MUL_MOD | ||
| 79 | #define MONT_MUL_MOD | ||
| 80 | 78 | ||
| 81 | /* This next option uses the C libraries (2 word)/(1 word) function. | 79 | /* This next option uses the C libraries (2 word)/(1 word) function. |
| 82 | * If it is not defined, I use my C version (which is slower). | 80 | * If it is not defined, I use my C version (which is slower). |
| 83 | * The reason for this flag is that when the particular C compiler | 81 | * The reason for this flag is that when the particular C compiler |
| 84 | * library routine is used, and the library is linked with a different | 82 | * library routine is used, and the library is linked with a different |
| 85 | * compiler, the library is missing. This mostly happens when the | 83 | * compiler, the library is missing. This mostly happens when the |
| 86 | * library is built with gcc and then linked using nornal cc. This would | 84 | * library is built with gcc and then linked using normal cc. This would |
| 87 | * be a common occurance because gcc normally produces code that is | 85 | * be a common occurrence because gcc normally produces code that is |
| 88 | * 2 times faster than system compilers for the big number stuff. | 86 | * 2 times faster than system compilers for the big number stuff. |
| 89 | * For machines with only one compiler (or shared libraries), this should | 87 | * For machines with only one compiler (or shared libraries), this should |
| 90 | * be on. Again this in only really a problem on machines | 88 | * be on. Again this in only really a problem on machines |
| 91 | * using "long long's", are 32bit, and are not using my assember code. */ | 89 | * using "long long's", are 32bit, and are not using my assembler code. */ |
| 92 | #if defined(MSDOS) || defined(WINDOWS) || defined(linux) | 90 | #if defined(OPENSSL_SYS_MSDOS) || defined(OPENSSL_SYS_WINDOWS) || \ |
| 93 | #define BN_DIV2W | 91 | defined(OPENSSL_SYS_WIN32) || defined(linux) |
| 92 | # ifndef BN_DIV2W | ||
| 93 | # define BN_DIV2W | ||
| 94 | # endif | ||
| 94 | #endif | 95 | #endif |
| 95 | 96 | ||
| 96 | /* assuming long is 64bit - this is the DEC Alpha | 97 | /* assuming long is 64bit - this is the DEC Alpha |
| @@ -118,8 +119,8 @@ extern "C" { | |||
| 118 | 119 | ||
| 119 | /* This is where the long long data type is 64 bits, but long is 32. | 120 | /* This is where the long long data type is 64 bits, but long is 32. |
| 120 | * For machines where there are 64bit registers, this is the mode to use. | 121 | * For machines where there are 64bit registers, this is the mode to use. |
| 121 | * IRIX, on R4000 and above should use this mode, along with the relevent | 122 | * IRIX, on R4000 and above should use this mode, along with the relevant |
| 122 | * assember code :-). Do NOT define BN_LLONG. | 123 | * assembler code :-). Do NOT define BN_LLONG. |
| 123 | */ | 124 | */ |
| 124 | #ifdef SIXTY_FOUR_BIT | 125 | #ifdef SIXTY_FOUR_BIT |
| 125 | #undef BN_LLONG | 126 | #undef BN_LLONG |
| @@ -135,14 +136,14 @@ extern "C" { | |||
| 135 | #define BN_MASK2h (0xffffffff00000000LL) | 136 | #define BN_MASK2h (0xffffffff00000000LL) |
| 136 | #define BN_MASK2h1 (0xffffffff80000000LL) | 137 | #define BN_MASK2h1 (0xffffffff80000000LL) |
| 137 | #define BN_TBIT (0x8000000000000000LL) | 138 | #define BN_TBIT (0x8000000000000000LL) |
| 138 | #define BN_DEC_CONV (10000000000000000000LL) | 139 | #define BN_DEC_CONV (10000000000000000000ULL) |
| 139 | #define BN_DEC_FMT1 "%llu" | 140 | #define BN_DEC_FMT1 "%llu" |
| 140 | #define BN_DEC_FMT2 "%019llu" | 141 | #define BN_DEC_FMT2 "%019llu" |
| 141 | #define BN_DEC_NUM 19 | 142 | #define BN_DEC_NUM 19 |
| 142 | #endif | 143 | #endif |
| 143 | 144 | ||
| 144 | #ifdef THIRTY_TWO_BIT | 145 | #ifdef THIRTY_TWO_BIT |
| 145 | #if defined(WIN32) && !defined(__GNUC__) | 146 | #if defined(OPENSSL_SYS_WIN32) && !defined(__GNUC__) |
| 146 | #define BN_ULLONG unsigned _int64 | 147 | #define BN_ULLONG unsigned _int64 |
| 147 | #else | 148 | #else |
| 148 | #define BN_ULLONG unsigned long long | 149 | #define BN_ULLONG unsigned long long |
| @@ -153,7 +154,7 @@ extern "C" { | |||
| 153 | #define BN_BYTES 4 | 154 | #define BN_BYTES 4 |
| 154 | #define BN_BITS2 32 | 155 | #define BN_BITS2 32 |
| 155 | #define BN_BITS4 16 | 156 | #define BN_BITS4 16 |
| 156 | #ifdef WIN32 | 157 | #ifdef OPENSSL_SYS_WIN32 |
| 157 | /* VC++ doesn't like the LL suffix */ | 158 | /* VC++ doesn't like the LL suffix */ |
| 158 | #define BN_MASK (0xffffffffffffffffL) | 159 | #define BN_MASK (0xffffffffffffffffL) |
| 159 | #else | 160 | #else |
| @@ -233,19 +234,13 @@ typedef struct bignum_st | |||
| 233 | BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ | 234 | BN_ULONG *d; /* Pointer to an array of 'BN_BITS2' bit chunks. */ |
| 234 | int top; /* Index of last used d +1. */ | 235 | int top; /* Index of last used d +1. */ |
| 235 | /* The next are internal book keeping for bn_expand. */ | 236 | /* The next are internal book keeping for bn_expand. */ |
| 236 | int max; /* Size of the d array. */ | 237 | int dmax; /* Size of the d array. */ |
| 237 | int neg; /* one if the number is negative */ | 238 | int neg; /* one if the number is negative */ |
| 238 | int flags; | 239 | int flags; |
| 239 | } BIGNUM; | 240 | } BIGNUM; |
| 240 | 241 | ||
| 241 | /* Used for temp variables */ | 242 | /* Used for temp variables (declaration hidden in bn_lcl.h) */ |
| 242 | #define BN_CTX_NUM 12 | 243 | typedef struct bignum_ctx BN_CTX; |
| 243 | typedef struct bignum_ctx | ||
| 244 | { | ||
| 245 | int tos; | ||
| 246 | BIGNUM bn[BN_CTX_NUM+1]; | ||
| 247 | int flags; | ||
| 248 | } BN_CTX; | ||
| 249 | 244 | ||
| 250 | typedef struct bn_blinding_st | 245 | typedef struct bn_blinding_st |
| 251 | { | 246 | { |
| @@ -257,16 +252,15 @@ typedef struct bn_blinding_st | |||
| 257 | 252 | ||
| 258 | /* Used for montgomery multiplication */ | 253 | /* Used for montgomery multiplication */ |
| 259 | typedef struct bn_mont_ctx_st | 254 | typedef struct bn_mont_ctx_st |
| 260 | { | 255 | { |
| 261 | int use_word; /* 0 for word form, 1 for long form */ | 256 | int ri; /* number of bits in R */ |
| 262 | int ri; /* number of bits in R */ | 257 | BIGNUM RR; /* used to convert to montgomery form */ |
| 263 | BIGNUM RR; /* used to convert to montgomery form */ | 258 | BIGNUM N; /* The modulus */ |
| 264 | BIGNUM N; /* The modulus */ | 259 | BIGNUM Ni; /* R*(1/R mod N) - N*Ni = 1 |
| 265 | BIGNUM Ni; /* The inverse of N */ | 260 | * (Ni is only stored for bignum algorithm) */ |
| 266 | BN_ULONG n0; /* word form of inverse, normally only one of | 261 | BN_ULONG n0; /* least significant word of Ni */ |
| 267 | * Ni or n0 is defined */ | ||
| 268 | int flags; | 262 | int flags; |
| 269 | } BN_MONT_CTX; | 263 | } BN_MONT_CTX; |
| 270 | 264 | ||
| 271 | /* Used for reciprocal division/mod functions | 265 | /* Used for reciprocal division/mod functions |
| 272 | * It cannot be shared between threads | 266 | * It cannot be shared between threads |
| @@ -280,97 +274,129 @@ typedef struct bn_recp_ctx_st | |||
| 280 | int flags; | 274 | int flags; |
| 281 | } BN_RECP_CTX; | 275 | } BN_RECP_CTX; |
| 282 | 276 | ||
| 283 | #define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ | 277 | #define BN_prime_checks 0 /* default: select number of iterations |
| 284 | r,a,&((mont)->RR),(mont),ctx) | 278 | based on the size of the number */ |
| 285 | 279 | ||
| 286 | #define BN_prime_checks (5) | 280 | /* number of Miller-Rabin iterations for an error rate of less than 2^-80 |
| 281 | * for random 'b'-bit input, b >= 100 (taken from table 4.4 in the Handbook | ||
| 282 | * of Applied Cryptography [Menezes, van Oorschot, Vanstone; CRC Press 1996]; | ||
| 283 | * original paper: Damgaard, Landrock, Pomerance: Average case error estimates | ||
| 284 | * for the strong probable prime test. -- Math. Comp. 61 (1993) 177-194) */ | ||
| 285 | #define BN_prime_checks_for_size(b) ((b) >= 1300 ? 2 : \ | ||
| 286 | (b) >= 850 ? 3 : \ | ||
| 287 | (b) >= 650 ? 4 : \ | ||
| 288 | (b) >= 550 ? 5 : \ | ||
| 289 | (b) >= 450 ? 6 : \ | ||
| 290 | (b) >= 400 ? 7 : \ | ||
| 291 | (b) >= 350 ? 8 : \ | ||
| 292 | (b) >= 300 ? 9 : \ | ||
| 293 | (b) >= 250 ? 12 : \ | ||
| 294 | (b) >= 200 ? 15 : \ | ||
| 295 | (b) >= 150 ? 18 : \ | ||
| 296 | /* b >= 100 */ 27) | ||
| 287 | 297 | ||
| 288 | #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) | 298 | #define BN_num_bytes(a) ((BN_num_bits(a)+7)/8) |
| 289 | #define BN_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) | 299 | |
| 290 | #define BN_is_zero(a) (((a)->top == 0) || BN_is_word(a,0)) | 300 | /* Note that BN_abs_is_word does not work reliably for w == 0 */ |
| 291 | #define BN_is_one(a) (BN_is_word((a),1)) | 301 | #define BN_abs_is_word(a,w) (((a)->top == 1) && ((a)->d[0] == (BN_ULONG)(w))) |
| 292 | #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) | 302 | #define BN_is_zero(a) (((a)->top == 0) || BN_abs_is_word(a,0)) |
| 303 | #define BN_is_one(a) (BN_abs_is_word((a),1) && !(a)->neg) | ||
| 304 | #define BN_is_word(a,w) ((w) ? BN_abs_is_word((a),(w)) && !(a)->neg : \ | ||
| 305 | BN_is_zero((a))) | ||
| 306 | #define BN_is_odd(a) (((a)->top > 0) && ((a)->d[0] & 1)) | ||
| 307 | |||
| 293 | #define BN_one(a) (BN_set_word((a),1)) | 308 | #define BN_one(a) (BN_set_word((a),1)) |
| 294 | #define BN_zero(a) (BN_set_word((a),0)) | 309 | #define BN_zero(a) (BN_set_word((a),0)) |
| 295 | 310 | ||
| 296 | /*#define BN_ascii2bn(a) BN_hex2bn(a) */ | 311 | /*#define BN_ascii2bn(a) BN_hex2bn(a) */ |
| 297 | /*#define BN_bn2ascii(a) BN_bn2hex(a) */ | 312 | /*#define BN_bn2ascii(a) BN_bn2hex(a) */ |
| 298 | 313 | ||
| 299 | #define bn_expand(n,b) ((((((b+BN_BITS2-1))/BN_BITS2)) <= (n)->max)?\ | 314 | const BIGNUM *BN_value_one(void); |
| 300 | (n):bn_expand2((n),(b)/BN_BITS2+1)) | ||
| 301 | #define bn_wexpand(n,b) (((b) <= (n)->max)?(n):bn_expand2((n),(b))) | ||
| 302 | |||
| 303 | #define bn_fix_top(a) \ | ||
| 304 | { \ | ||
| 305 | BN_ULONG *ftl; \ | ||
| 306 | if ((a)->top > 0) \ | ||
| 307 | { \ | ||
| 308 | for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ | ||
| 309 | if (*(ftl--)) break; \ | ||
| 310 | } \ | ||
| 311 | } | ||
| 312 | |||
| 313 | BIGNUM *BN_value_one(void); | ||
| 314 | char * BN_options(void); | 315 | char * BN_options(void); |
| 315 | BN_CTX *BN_CTX_new(void); | 316 | BN_CTX *BN_CTX_new(void); |
| 316 | void BN_CTX_init(BN_CTX *c); | 317 | void BN_CTX_init(BN_CTX *c); |
| 317 | void BN_CTX_free(BN_CTX *c); | 318 | void BN_CTX_free(BN_CTX *c); |
| 319 | void BN_CTX_start(BN_CTX *ctx); | ||
| 320 | BIGNUM *BN_CTX_get(BN_CTX *ctx); | ||
| 321 | void BN_CTX_end(BN_CTX *ctx); | ||
| 318 | int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); | 322 | int BN_rand(BIGNUM *rnd, int bits, int top,int bottom); |
| 323 | int BN_pseudo_rand(BIGNUM *rnd, int bits, int top,int bottom); | ||
| 324 | int BN_rand_range(BIGNUM *rnd, BIGNUM *range); | ||
| 325 | int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); | ||
| 319 | int BN_num_bits(const BIGNUM *a); | 326 | int BN_num_bits(const BIGNUM *a); |
| 320 | int BN_num_bits_word(BN_ULONG); | 327 | int BN_num_bits_word(BN_ULONG); |
| 321 | BIGNUM *BN_new(void); | 328 | BIGNUM *BN_new(void); |
| 322 | void BN_init(BIGNUM *); | 329 | void BN_init(BIGNUM *); |
| 323 | void BN_clear_free(BIGNUM *a); | 330 | void BN_clear_free(BIGNUM *a); |
| 324 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); | 331 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); |
| 332 | void BN_swap(BIGNUM *a, BIGNUM *b); | ||
| 325 | BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); | 333 | BIGNUM *BN_bin2bn(const unsigned char *s,int len,BIGNUM *ret); |
| 326 | int BN_bn2bin(const BIGNUM *a, unsigned char *to); | 334 | int BN_bn2bin(const BIGNUM *a, unsigned char *to); |
| 327 | BIGNUM *BN_mpi2bn(unsigned char *s,int len,BIGNUM *ret); | 335 | BIGNUM *BN_mpi2bn(const unsigned char *s,int len,BIGNUM *ret); |
| 328 | int BN_bn2mpi(const BIGNUM *a, unsigned char *to); | 336 | int BN_bn2mpi(const BIGNUM *a, unsigned char *to); |
| 329 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 337 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 330 | int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 338 | int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 331 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 339 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 332 | int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); | 340 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 333 | int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); | 341 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx); |
| 342 | int BN_sqr(BIGNUM *r, const BIGNUM *a,BN_CTX *ctx); | ||
| 343 | |||
| 334 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | 344 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, |
| 335 | BN_CTX *ctx); | 345 | BN_CTX *ctx); |
| 336 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b,BN_CTX *ctx); | 346 | #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) |
| 337 | int BN_sqr(BIGNUM *r, BIGNUM *a,BN_CTX *ctx); | 347 | int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); |
| 338 | BN_ULONG BN_mod_word(BIGNUM *a, BN_ULONG w); | 348 | int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); |
| 349 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); | ||
| 350 | int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); | ||
| 351 | int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); | ||
| 352 | int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, | ||
| 353 | const BIGNUM *m, BN_CTX *ctx); | ||
| 354 | int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); | ||
| 355 | int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); | ||
| 356 | int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m); | ||
| 357 | int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx); | ||
| 358 | int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m); | ||
| 359 | |||
| 360 | BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w); | ||
| 339 | BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); | 361 | BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w); |
| 340 | int BN_mul_word(BIGNUM *a, BN_ULONG w); | 362 | int BN_mul_word(BIGNUM *a, BN_ULONG w); |
| 341 | int BN_add_word(BIGNUM *a, BN_ULONG w); | 363 | int BN_add_word(BIGNUM *a, BN_ULONG w); |
| 342 | int BN_sub_word(BIGNUM *a, BN_ULONG w); | 364 | int BN_sub_word(BIGNUM *a, BN_ULONG w); |
| 343 | int BN_set_word(BIGNUM *a, BN_ULONG w); | 365 | int BN_set_word(BIGNUM *a, BN_ULONG w); |
| 344 | BN_ULONG BN_get_word(BIGNUM *a); | 366 | BN_ULONG BN_get_word(const BIGNUM *a); |
| 367 | |||
| 345 | int BN_cmp(const BIGNUM *a, const BIGNUM *b); | 368 | int BN_cmp(const BIGNUM *a, const BIGNUM *b); |
| 346 | void BN_free(BIGNUM *a); | 369 | void BN_free(BIGNUM *a); |
| 347 | int BN_is_bit_set(const BIGNUM *a, int n); | 370 | int BN_is_bit_set(const BIGNUM *a, int n); |
| 348 | int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); | 371 | int BN_lshift(BIGNUM *r, const BIGNUM *a, int n); |
| 349 | int BN_lshift1(BIGNUM *r, BIGNUM *a); | 372 | int BN_lshift1(BIGNUM *r, const BIGNUM *a); |
| 350 | int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p,BN_CTX *ctx); | 373 | int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,BN_CTX *ctx); |
| 351 | int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 374 | |
| 352 | const BIGNUM *m,BN_CTX *ctx); | 375 | int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 353 | int BN_mod_exp_mont(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 376 | const BIGNUM *m,BN_CTX *ctx); |
| 354 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 377 | int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 355 | int BN_mod_exp2_mont(BIGNUM *r, BIGNUM *a1, BIGNUM *p1,BIGNUM *a2, | 378 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| 356 | BIGNUM *p2,BIGNUM *m,BN_CTX *ctx,BN_MONT_CTX *m_ctx); | 379 | int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, |
| 357 | int BN_mod_exp_simple(BIGNUM *r, BIGNUM *a, BIGNUM *p, | 380 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| 358 | BIGNUM *m,BN_CTX *ctx); | 381 | int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, |
| 382 | const BIGNUM *a2, const BIGNUM *p2,const BIGNUM *m, | ||
| 383 | BN_CTX *ctx,BN_MONT_CTX *m_ctx); | ||
| 384 | int BN_mod_exp_simple(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 385 | const BIGNUM *m,BN_CTX *ctx); | ||
| 386 | |||
| 359 | int BN_mask_bits(BIGNUM *a,int n); | 387 | int BN_mask_bits(BIGNUM *a,int n); |
| 360 | int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); | 388 | #ifndef OPENSSL_NO_FP_API |
| 361 | #ifndef WIN16 | 389 | int BN_print_fp(FILE *fp, const BIGNUM *a); |
| 362 | int BN_print_fp(FILE *fp, BIGNUM *a); | ||
| 363 | #endif | 390 | #endif |
| 364 | #ifdef HEADER_BIO_H | 391 | #ifdef HEADER_BIO_H |
| 365 | int BN_print(BIO *fp, const BIGNUM *a); | 392 | int BN_print(BIO *fp, const BIGNUM *a); |
| 366 | #else | 393 | #else |
| 367 | int BN_print(char *fp, const BIGNUM *a); | 394 | int BN_print(void *fp, const BIGNUM *a); |
| 368 | #endif | 395 | #endif |
| 369 | int BN_reciprocal(BIGNUM *r, BIGNUM *m, int len, BN_CTX *ctx); | 396 | int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx); |
| 370 | int BN_rshift(BIGNUM *r, BIGNUM *a, int n); | 397 | int BN_rshift(BIGNUM *r, const BIGNUM *a, int n); |
| 371 | int BN_rshift1(BIGNUM *r, BIGNUM *a); | 398 | int BN_rshift1(BIGNUM *r, const BIGNUM *a); |
| 372 | void BN_clear(BIGNUM *a); | 399 | void BN_clear(BIGNUM *a); |
| 373 | BIGNUM *bn_expand2(BIGNUM *b, int bits); | ||
| 374 | BIGNUM *BN_dup(const BIGNUM *a); | 400 | BIGNUM *BN_dup(const BIGNUM *a); |
| 375 | int BN_ucmp(const BIGNUM *a, const BIGNUM *b); | 401 | int BN_ucmp(const BIGNUM *a, const BIGNUM *b); |
| 376 | int BN_set_bit(BIGNUM *a, int n); | 402 | int BN_set_bit(BIGNUM *a, int n); |
| @@ -379,26 +405,30 @@ char * BN_bn2hex(const BIGNUM *a); | |||
| 379 | char * BN_bn2dec(const BIGNUM *a); | 405 | char * BN_bn2dec(const BIGNUM *a); |
| 380 | int BN_hex2bn(BIGNUM **a, const char *str); | 406 | int BN_hex2bn(BIGNUM **a, const char *str); |
| 381 | int BN_dec2bn(BIGNUM **a, const char *str); | 407 | int BN_dec2bn(BIGNUM **a, const char *str); |
| 382 | int BN_gcd(BIGNUM *r,BIGNUM *in_a,BIGNUM *in_b,BN_CTX *ctx); | 408 | int BN_gcd(BIGNUM *r,const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); |
| 383 | BIGNUM *BN_mod_inverse(BIGNUM *ret,BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); | 409 | int BN_kronecker(const BIGNUM *a,const BIGNUM *b,BN_CTX *ctx); /* returns -2 for error */ |
| 384 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int strong,BIGNUM *add, | 410 | BIGNUM *BN_mod_inverse(BIGNUM *ret, |
| 385 | BIGNUM *rem,void (*callback)(int,int,void *),void *cb_arg); | 411 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
| 386 | int BN_is_prime(BIGNUM *p,int nchecks,void (*callback)(int,int,void *), | 412 | BIGNUM *BN_mod_sqrt(BIGNUM *ret, |
| 387 | BN_CTX *ctx,void *cb_arg); | 413 | const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
| 388 | void ERR_load_BN_strings(void ); | 414 | BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, |
| 389 | 415 | const BIGNUM *add, const BIGNUM *rem, | |
| 390 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); | 416 | void (*callback)(int,int,void *),void *cb_arg); |
| 391 | BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w); | 417 | int BN_is_prime(const BIGNUM *p,int nchecks, |
| 392 | void bn_sqr_words(BN_ULONG *rp, BN_ULONG *ap, int num); | 418 | void (*callback)(int,int,void *), |
| 393 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); | 419 | BN_CTX *ctx,void *cb_arg); |
| 394 | BN_ULONG bn_add_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); | 420 | int BN_is_prime_fasttest(const BIGNUM *p,int nchecks, |
| 395 | BN_ULONG bn_sub_words(BN_ULONG *rp, BN_ULONG *ap, BN_ULONG *bp,int num); | 421 | void (*callback)(int,int,void *),BN_CTX *ctx,void *cb_arg, |
| 422 | int do_trial_division); | ||
| 396 | 423 | ||
| 397 | BN_MONT_CTX *BN_MONT_CTX_new(void ); | 424 | BN_MONT_CTX *BN_MONT_CTX_new(void ); |
| 398 | void BN_MONT_CTX_init(BN_MONT_CTX *ctx); | 425 | void BN_MONT_CTX_init(BN_MONT_CTX *ctx); |
| 399 | int BN_mod_mul_montgomery(BIGNUM *r,BIGNUM *a,BIGNUM *b,BN_MONT_CTX *mont, | 426 | int BN_mod_mul_montgomery(BIGNUM *r,const BIGNUM *a,const BIGNUM *b, |
| 400 | BN_CTX *ctx); | 427 | BN_MONT_CTX *mont, BN_CTX *ctx); |
| 401 | int BN_from_montgomery(BIGNUM *r,BIGNUM *a,BN_MONT_CTX *mont,BN_CTX *ctx); | 428 | #define BN_to_montgomery(r,a,mont,ctx) BN_mod_mul_montgomery(\ |
| 429 | (r),(a),&((mont)->RR),(mont),(ctx)) | ||
| 430 | int BN_from_montgomery(BIGNUM *r,const BIGNUM *a, | ||
| 431 | BN_MONT_CTX *mont, BN_CTX *ctx); | ||
| 402 | void BN_MONT_CTX_free(BN_MONT_CTX *mont); | 432 | void BN_MONT_CTX_free(BN_MONT_CTX *mont); |
| 403 | int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); | 433 | int BN_MONT_CTX_set(BN_MONT_CTX *mont,const BIGNUM *modulus,BN_CTX *ctx); |
| 404 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); | 434 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to,BN_MONT_CTX *from); |
| @@ -416,18 +446,55 @@ void BN_RECP_CTX_init(BN_RECP_CTX *recp); | |||
| 416 | BN_RECP_CTX *BN_RECP_CTX_new(void); | 446 | BN_RECP_CTX *BN_RECP_CTX_new(void); |
| 417 | void BN_RECP_CTX_free(BN_RECP_CTX *recp); | 447 | void BN_RECP_CTX_free(BN_RECP_CTX *recp); |
| 418 | int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); | 448 | int BN_RECP_CTX_set(BN_RECP_CTX *recp,const BIGNUM *rdiv,BN_CTX *ctx); |
| 419 | int BN_mod_mul_reciprocal(BIGNUM *r, BIGNUM *x, BIGNUM *y, | 449 | int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, |
| 420 | BN_RECP_CTX *recp,BN_CTX *ctx); | 450 | BN_RECP_CTX *recp,BN_CTX *ctx); |
| 421 | int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 451 | int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 422 | const BIGNUM *m, BN_CTX *ctx); | 452 | const BIGNUM *m, BN_CTX *ctx); |
| 423 | int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, | 453 | int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, |
| 424 | BN_RECP_CTX *recp, BN_CTX *ctx); | 454 | BN_RECP_CTX *recp, BN_CTX *ctx); |
| 455 | |||
| 456 | /* library internal functions */ | ||
| 457 | |||
| 458 | #define bn_expand(a,bits) ((((((bits+BN_BITS2-1))/BN_BITS2)) <= (a)->dmax)?\ | ||
| 459 | (a):bn_expand2((a),(bits)/BN_BITS2+1)) | ||
| 460 | #define bn_wexpand(a,words) (((words) <= (a)->dmax)?(a):bn_expand2((a),(words))) | ||
| 461 | BIGNUM *bn_expand2(BIGNUM *a, int words); | ||
| 462 | BIGNUM *bn_dup_expand(const BIGNUM *a, int words); | ||
| 463 | |||
| 464 | #define bn_fix_top(a) \ | ||
| 465 | { \ | ||
| 466 | BN_ULONG *ftl; \ | ||
| 467 | if ((a)->top > 0) \ | ||
| 468 | { \ | ||
| 469 | for (ftl= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ | ||
| 470 | if (*(ftl--)) break; \ | ||
| 471 | } \ | ||
| 472 | } | ||
| 425 | 473 | ||
| 474 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); | ||
| 475 | BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w); | ||
| 476 | void bn_sqr_words(BN_ULONG *rp, const BN_ULONG *ap, int num); | ||
| 477 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d); | ||
| 478 | BN_ULONG bn_add_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); | ||
| 479 | BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int num); | ||
| 480 | |||
| 481 | #ifdef BN_DEBUG | ||
| 482 | void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n); | ||
| 483 | # define bn_print(a) {fprintf(stderr, #a "="); BN_print_fp(stderr,a); \ | ||
| 484 | fprintf(stderr,"\n");} | ||
| 485 | # define bn_dump(a,n) bn_dump1(stderr,#a,a,n); | ||
| 486 | #else | ||
| 487 | # define bn_print(a) | ||
| 488 | # define bn_dump(a,b) | ||
| 489 | #endif | ||
| 490 | |||
| 491 | int BN_bntest_rand(BIGNUM *rnd, int bits, int top,int bottom); | ||
| 426 | 492 | ||
| 427 | /* BEGIN ERROR CODES */ | 493 | /* BEGIN ERROR CODES */ |
| 428 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 494 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 429 | * made after this point may be overwritten when the script is next run. | 495 | * made after this point may be overwritten when the script is next run. |
| 430 | */ | 496 | */ |
| 497 | void ERR_load_BN_strings(void); | ||
| 431 | 498 | ||
| 432 | /* Error codes for the BN functions. */ | 499 | /* Error codes for the BN functions. */ |
| 433 | 500 | ||
| @@ -438,30 +505,43 @@ int BN_div_recp(BIGNUM *dv, BIGNUM *rem, BIGNUM *m, | |||
| 438 | #define BN_F_BN_BLINDING_UPDATE 103 | 505 | #define BN_F_BN_BLINDING_UPDATE 103 |
| 439 | #define BN_F_BN_BN2DEC 104 | 506 | #define BN_F_BN_BN2DEC 104 |
| 440 | #define BN_F_BN_BN2HEX 105 | 507 | #define BN_F_BN_BN2HEX 105 |
| 508 | #define BN_F_BN_CTX_GET 116 | ||
| 441 | #define BN_F_BN_CTX_NEW 106 | 509 | #define BN_F_BN_CTX_NEW 106 |
| 442 | #define BN_F_BN_DIV 107 | 510 | #define BN_F_BN_DIV 107 |
| 443 | #define BN_F_BN_EXPAND2 108 | 511 | #define BN_F_BN_EXPAND2 108 |
| 512 | #define BN_F_BN_EXPAND_INTERNAL 120 | ||
| 513 | #define BN_F_BN_MOD_EXP2_MONT 118 | ||
| 444 | #define BN_F_BN_MOD_EXP_MONT 109 | 514 | #define BN_F_BN_MOD_EXP_MONT 109 |
| 515 | #define BN_F_BN_MOD_EXP_MONT_WORD 117 | ||
| 445 | #define BN_F_BN_MOD_INVERSE 110 | 516 | #define BN_F_BN_MOD_INVERSE 110 |
| 517 | #define BN_F_BN_MOD_LSHIFT_QUICK 119 | ||
| 446 | #define BN_F_BN_MOD_MUL_RECIPROCAL 111 | 518 | #define BN_F_BN_MOD_MUL_RECIPROCAL 111 |
| 519 | #define BN_F_BN_MOD_SQRT 121 | ||
| 447 | #define BN_F_BN_MPI2BN 112 | 520 | #define BN_F_BN_MPI2BN 112 |
| 448 | #define BN_F_BN_NEW 113 | 521 | #define BN_F_BN_NEW 113 |
| 449 | #define BN_F_BN_RAND 114 | 522 | #define BN_F_BN_RAND 114 |
| 523 | #define BN_F_BN_RAND_RANGE 122 | ||
| 450 | #define BN_F_BN_USUB 115 | 524 | #define BN_F_BN_USUB 115 |
| 451 | 525 | ||
| 452 | /* Reason codes. */ | 526 | /* Reason codes. */ |
| 453 | #define BN_R_ARG2_LT_ARG3 100 | 527 | #define BN_R_ARG2_LT_ARG3 100 |
| 454 | #define BN_R_BAD_RECIPROCAL 101 | 528 | #define BN_R_BAD_RECIPROCAL 101 |
| 529 | #define BN_R_BIGNUM_TOO_LONG 114 | ||
| 455 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 | 530 | #define BN_R_CALLED_WITH_EVEN_MODULUS 102 |
| 456 | #define BN_R_DIV_BY_ZERO 103 | 531 | #define BN_R_DIV_BY_ZERO 103 |
| 457 | #define BN_R_ENCODING_ERROR 104 | 532 | #define BN_R_ENCODING_ERROR 104 |
| 458 | #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 | 533 | #define BN_R_EXPAND_ON_STATIC_BIGNUM_DATA 105 |
| 534 | #define BN_R_INPUT_NOT_REDUCED 110 | ||
| 459 | #define BN_R_INVALID_LENGTH 106 | 535 | #define BN_R_INVALID_LENGTH 106 |
| 536 | #define BN_R_INVALID_RANGE 115 | ||
| 537 | #define BN_R_NOT_A_SQUARE 111 | ||
| 460 | #define BN_R_NOT_INITIALIZED 107 | 538 | #define BN_R_NOT_INITIALIZED 107 |
| 461 | #define BN_R_NO_INVERSE 108 | 539 | #define BN_R_NO_INVERSE 108 |
| 540 | #define BN_R_P_IS_NOT_PRIME 112 | ||
| 541 | #define BN_R_TOO_MANY_ITERATIONS 113 | ||
| 542 | #define BN_R_TOO_MANY_TEMPORARY_VARIABLES 109 | ||
| 462 | 543 | ||
| 463 | #ifdef __cplusplus | 544 | #ifdef __cplusplus |
| 464 | } | 545 | } |
| 465 | #endif | 546 | #endif |
| 466 | #endif | 547 | #endif |
| 467 | |||
diff --git a/src/lib/libcrypto/bn/bn_add.c b/src/lib/libcrypto/bn/bn_add.c index efb2e312e8..6cba07e9f6 100644 --- a/src/lib/libcrypto/bn/bn_add.c +++ b/src/lib/libcrypto/bn/bn_add.c | |||
| @@ -61,76 +61,70 @@ | |||
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | /* r can == a or b */ | 63 | /* r can == a or b */ |
| 64 | int BN_add(r, a, b) | 64 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 65 | BIGNUM *r; | ||
| 66 | BIGNUM *a; | ||
| 67 | BIGNUM *b; | ||
| 68 | { | 65 | { |
| 69 | int i; | 66 | const BIGNUM *tmp; |
| 70 | BIGNUM *tmp; | 67 | int a_neg = a->neg; |
| 68 | |||
| 69 | bn_check_top(a); | ||
| 70 | bn_check_top(b); | ||
| 71 | 71 | ||
| 72 | /* a + b a+b | 72 | /* a + b a+b |
| 73 | * a + -b a-b | 73 | * a + -b a-b |
| 74 | * -a + b b-a | 74 | * -a + b b-a |
| 75 | * -a + -b -(a+b) | 75 | * -a + -b -(a+b) |
| 76 | */ | 76 | */ |
| 77 | if (a->neg ^ b->neg) | 77 | if (a_neg ^ b->neg) |
| 78 | { | 78 | { |
| 79 | /* only one is negative */ | 79 | /* only one is negative */ |
| 80 | if (a->neg) | 80 | if (a_neg) |
| 81 | { tmp=a; a=b; b=tmp; } | 81 | { tmp=a; a=b; b=tmp; } |
| 82 | 82 | ||
| 83 | /* we are now a - b */ | 83 | /* we are now a - b */ |
| 84 | 84 | ||
| 85 | if (BN_ucmp(a,b) < 0) | 85 | if (BN_ucmp(a,b) < 0) |
| 86 | { | 86 | { |
| 87 | if (bn_wexpand(r,b->top) == NULL) return(0); | 87 | if (!BN_usub(r,b,a)) return(0); |
| 88 | bn_qsub(r,b,a); | ||
| 89 | r->neg=1; | 88 | r->neg=1; |
| 90 | } | 89 | } |
| 91 | else | 90 | else |
| 92 | { | 91 | { |
| 93 | if (bn_wexpand(r,a->top) == NULL) return(0); | 92 | if (!BN_usub(r,a,b)) return(0); |
| 94 | bn_qsub(r,a,b); | ||
| 95 | r->neg=0; | 93 | r->neg=0; |
| 96 | } | 94 | } |
| 97 | return(1); | 95 | return(1); |
| 98 | } | 96 | } |
| 99 | 97 | ||
| 100 | if (a->neg) /* both are neg */ | 98 | if (!BN_uadd(r,a,b)) return(0); |
| 99 | if (a_neg) /* both are neg */ | ||
| 101 | r->neg=1; | 100 | r->neg=1; |
| 102 | else | 101 | else |
| 103 | r->neg=0; | 102 | r->neg=0; |
| 104 | |||
| 105 | i=(a->top > b->top); | ||
| 106 | |||
| 107 | if (i) | ||
| 108 | { | ||
| 109 | if (bn_wexpand(r,a->top+1) == NULL) return(0); | ||
| 110 | bn_qadd(r,a,b); | ||
| 111 | } | ||
| 112 | else | ||
| 113 | { | ||
| 114 | if (bn_wexpand(r,b->top+1) == NULL) return(0); | ||
| 115 | bn_qadd(r,b,a); | ||
| 116 | } | ||
| 117 | return(1); | 103 | return(1); |
| 118 | } | 104 | } |
| 119 | 105 | ||
| 120 | /* unsigned add of b to a, r must be large enough */ | 106 | /* unsigned add of b to a, r must be large enough */ |
| 121 | void bn_qadd(r,a,b) | 107 | int BN_uadd(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) |
| 122 | BIGNUM *r; | ||
| 123 | BIGNUM *a; | ||
| 124 | BIGNUM *b; | ||
| 125 | { | 108 | { |
| 126 | register int i; | 109 | register int i; |
| 127 | int max,min; | 110 | int max,min; |
| 128 | BN_ULONG *ap,*bp,*rp,carry,t1; | 111 | BN_ULONG *ap,*bp,*rp,carry,t1; |
| 112 | const BIGNUM *tmp; | ||
| 113 | |||
| 114 | bn_check_top(a); | ||
| 115 | bn_check_top(b); | ||
| 129 | 116 | ||
| 117 | if (a->top < b->top) | ||
| 118 | { tmp=a; a=b; b=tmp; } | ||
| 130 | max=a->top; | 119 | max=a->top; |
| 131 | min=b->top; | 120 | min=b->top; |
| 121 | |||
| 122 | if (bn_wexpand(r,max+1) == NULL) | ||
| 123 | return(0); | ||
| 124 | |||
| 132 | r->top=max; | 125 | r->top=max; |
| 133 | 126 | ||
| 127 | |||
| 134 | ap=a->d; | 128 | ap=a->d; |
| 135 | bp=b->d; | 129 | bp=b->d; |
| 136 | rp=r->d; | 130 | rp=r->d; |
| @@ -160,8 +154,156 @@ BIGNUM *b; | |||
| 160 | r->top++; | 154 | r->top++; |
| 161 | } | 155 | } |
| 162 | } | 156 | } |
| 163 | for (; i<max; i++) | 157 | if (rp != ap) |
| 164 | *(rp++)= *(ap++); | 158 | { |
| 159 | for (; i<max; i++) | ||
| 160 | *(rp++)= *(ap++); | ||
| 161 | } | ||
| 165 | /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ | 162 | /* memcpy(rp,ap,sizeof(*ap)*(max-i));*/ |
| 163 | r->neg = 0; | ||
| 164 | return(1); | ||
| 165 | } | ||
| 166 | |||
| 167 | /* unsigned subtraction of b from a, a must be larger than b. */ | ||
| 168 | int BN_usub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | ||
| 169 | { | ||
| 170 | int max,min; | ||
| 171 | register BN_ULONG t1,t2,*ap,*bp,*rp; | ||
| 172 | int i,carry; | ||
| 173 | #if defined(IRIX_CC_BUG) && !defined(LINT) | ||
| 174 | int dummy; | ||
| 175 | #endif | ||
| 176 | |||
| 177 | bn_check_top(a); | ||
| 178 | bn_check_top(b); | ||
| 179 | |||
| 180 | if (a->top < b->top) /* hmm... should not be happening */ | ||
| 181 | { | ||
| 182 | BNerr(BN_F_BN_USUB,BN_R_ARG2_LT_ARG3); | ||
| 183 | return(0); | ||
| 184 | } | ||
| 185 | |||
| 186 | max=a->top; | ||
| 187 | min=b->top; | ||
| 188 | if (bn_wexpand(r,max) == NULL) return(0); | ||
| 189 | |||
| 190 | ap=a->d; | ||
| 191 | bp=b->d; | ||
| 192 | rp=r->d; | ||
| 193 | |||
| 194 | #if 1 | ||
| 195 | carry=0; | ||
| 196 | for (i=0; i<min; i++) | ||
| 197 | { | ||
| 198 | t1= *(ap++); | ||
| 199 | t2= *(bp++); | ||
| 200 | if (carry) | ||
| 201 | { | ||
| 202 | carry=(t1 <= t2); | ||
| 203 | t1=(t1-t2-1)&BN_MASK2; | ||
| 204 | } | ||
| 205 | else | ||
| 206 | { | ||
| 207 | carry=(t1 < t2); | ||
| 208 | t1=(t1-t2)&BN_MASK2; | ||
| 209 | } | ||
| 210 | #if defined(IRIX_CC_BUG) && !defined(LINT) | ||
| 211 | dummy=t1; | ||
| 212 | #endif | ||
| 213 | *(rp++)=t1&BN_MASK2; | ||
| 214 | } | ||
| 215 | #else | ||
| 216 | carry=bn_sub_words(rp,ap,bp,min); | ||
| 217 | ap+=min; | ||
| 218 | bp+=min; | ||
| 219 | rp+=min; | ||
| 220 | i=min; | ||
| 221 | #endif | ||
| 222 | if (carry) /* subtracted */ | ||
| 223 | { | ||
| 224 | while (i < max) | ||
| 225 | { | ||
| 226 | i++; | ||
| 227 | t1= *(ap++); | ||
| 228 | t2=(t1-1)&BN_MASK2; | ||
| 229 | *(rp++)=t2; | ||
| 230 | if (t1 > t2) break; | ||
| 231 | } | ||
| 232 | } | ||
| 233 | #if 0 | ||
| 234 | memcpy(rp,ap,sizeof(*rp)*(max-i)); | ||
| 235 | #else | ||
| 236 | if (rp != ap) | ||
| 237 | { | ||
| 238 | for (;;) | ||
| 239 | { | ||
| 240 | if (i++ >= max) break; | ||
| 241 | rp[0]=ap[0]; | ||
| 242 | if (i++ >= max) break; | ||
| 243 | rp[1]=ap[1]; | ||
| 244 | if (i++ >= max) break; | ||
| 245 | rp[2]=ap[2]; | ||
| 246 | if (i++ >= max) break; | ||
| 247 | rp[3]=ap[3]; | ||
| 248 | rp+=4; | ||
| 249 | ap+=4; | ||
| 250 | } | ||
| 251 | } | ||
| 252 | #endif | ||
| 253 | |||
| 254 | r->top=max; | ||
| 255 | r->neg=0; | ||
| 256 | bn_fix_top(r); | ||
| 257 | return(1); | ||
| 258 | } | ||
| 259 | |||
| 260 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b) | ||
| 261 | { | ||
| 262 | int max; | ||
| 263 | int add=0,neg=0; | ||
| 264 | const BIGNUM *tmp; | ||
| 265 | |||
| 266 | bn_check_top(a); | ||
| 267 | bn_check_top(b); | ||
| 268 | |||
| 269 | /* a - b a-b | ||
| 270 | * a - -b a+b | ||
| 271 | * -a - b -(a+b) | ||
| 272 | * -a - -b b-a | ||
| 273 | */ | ||
| 274 | if (a->neg) | ||
| 275 | { | ||
| 276 | if (b->neg) | ||
| 277 | { tmp=a; a=b; b=tmp; } | ||
| 278 | else | ||
| 279 | { add=1; neg=1; } | ||
| 280 | } | ||
| 281 | else | ||
| 282 | { | ||
| 283 | if (b->neg) { add=1; neg=0; } | ||
| 284 | } | ||
| 285 | |||
| 286 | if (add) | ||
| 287 | { | ||
| 288 | if (!BN_uadd(r,a,b)) return(0); | ||
| 289 | r->neg=neg; | ||
| 290 | return(1); | ||
| 291 | } | ||
| 292 | |||
| 293 | /* We are actually doing a - b :-) */ | ||
| 294 | |||
| 295 | max=(a->top > b->top)?a->top:b->top; | ||
| 296 | if (bn_wexpand(r,max) == NULL) return(0); | ||
| 297 | if (BN_ucmp(a,b) < 0) | ||
| 298 | { | ||
| 299 | if (!BN_usub(r,b,a)) return(0); | ||
| 300 | r->neg=1; | ||
| 301 | } | ||
| 302 | else | ||
| 303 | { | ||
| 304 | if (!BN_usub(r,a,b)) return(0); | ||
| 305 | r->neg=0; | ||
| 306 | } | ||
| 307 | return(1); | ||
| 166 | } | 308 | } |
| 167 | 309 | ||
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c index 4d3da16a0c..be8aa3ffc5 100644 --- a/src/lib/libcrypto/bn/bn_asm.c +++ b/src/lib/libcrypto/bn/bn_asm.c | |||
| @@ -56,97 +56,95 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef BN_DEBUG | ||
| 60 | # undef NDEBUG /* avoid conflicting definitions */ | ||
| 61 | # define NDEBUG | ||
| 62 | #endif | ||
| 63 | |||
| 59 | #include <stdio.h> | 64 | #include <stdio.h> |
| 65 | #include <assert.h> | ||
| 60 | #include "cryptlib.h" | 66 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 67 | #include "bn_lcl.h" |
| 62 | 68 | ||
| 63 | #ifdef BN_LLONG | 69 | #if defined(BN_LLONG) || defined(BN_UMULT_HIGH) |
| 64 | 70 | ||
| 65 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | 71 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) |
| 66 | { | 72 | { |
| 67 | BN_ULONG c1=0; | 73 | BN_ULONG c1=0; |
| 68 | 74 | ||
| 69 | bn_check_num(num); | 75 | assert(num >= 0); |
| 70 | if (num <= 0) return(c1); | 76 | if (num <= 0) return(c1); |
| 71 | 77 | ||
| 72 | for (;;) | 78 | while (num&~3) |
| 73 | { | 79 | { |
| 74 | mul_add(rp[0],ap[0],w,c1); | 80 | mul_add(rp[0],ap[0],w,c1); |
| 75 | if (--num == 0) break; | ||
| 76 | mul_add(rp[1],ap[1],w,c1); | 81 | mul_add(rp[1],ap[1],w,c1); |
| 77 | if (--num == 0) break; | ||
| 78 | mul_add(rp[2],ap[2],w,c1); | 82 | mul_add(rp[2],ap[2],w,c1); |
| 79 | if (--num == 0) break; | ||
| 80 | mul_add(rp[3],ap[3],w,c1); | 83 | mul_add(rp[3],ap[3],w,c1); |
| 81 | if (--num == 0) break; | 84 | ap+=4; rp+=4; num-=4; |
| 82 | ap+=4; | 85 | } |
| 83 | rp+=4; | 86 | if (num) |
| 87 | { | ||
| 88 | mul_add(rp[0],ap[0],w,c1); if (--num==0) return c1; | ||
| 89 | mul_add(rp[1],ap[1],w,c1); if (--num==0) return c1; | ||
| 90 | mul_add(rp[2],ap[2],w,c1); return c1; | ||
| 84 | } | 91 | } |
| 85 | 92 | ||
| 86 | return(c1); | 93 | return(c1); |
| 87 | } | 94 | } |
| 88 | 95 | ||
| 89 | BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | 96 | BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) |
| 90 | { | 97 | { |
| 91 | BN_ULONG c1=0; | 98 | BN_ULONG c1=0; |
| 92 | 99 | ||
| 93 | bn_check_num(num); | 100 | assert(num >= 0); |
| 94 | if (num <= 0) return(c1); | 101 | if (num <= 0) return(c1); |
| 95 | 102 | ||
| 96 | /* for (;;) */ | 103 | while (num&~3) |
| 97 | while (1) /* circumvent egcs-1.1.2 bug */ | ||
| 98 | { | 104 | { |
| 99 | mul(rp[0],ap[0],w,c1); | 105 | mul(rp[0],ap[0],w,c1); |
| 100 | if (--num == 0) break; | ||
| 101 | mul(rp[1],ap[1],w,c1); | 106 | mul(rp[1],ap[1],w,c1); |
| 102 | if (--num == 0) break; | ||
| 103 | mul(rp[2],ap[2],w,c1); | 107 | mul(rp[2],ap[2],w,c1); |
| 104 | if (--num == 0) break; | ||
| 105 | mul(rp[3],ap[3],w,c1); | 108 | mul(rp[3],ap[3],w,c1); |
| 106 | if (--num == 0) break; | 109 | ap+=4; rp+=4; num-=4; |
| 107 | ap+=4; | 110 | } |
| 108 | rp+=4; | 111 | if (num) |
| 112 | { | ||
| 113 | mul(rp[0],ap[0],w,c1); if (--num == 0) return c1; | ||
| 114 | mul(rp[1],ap[1],w,c1); if (--num == 0) return c1; | ||
| 115 | mul(rp[2],ap[2],w,c1); | ||
| 109 | } | 116 | } |
| 110 | return(c1); | 117 | return(c1); |
| 111 | } | 118 | } |
| 112 | 119 | ||
| 113 | void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) | 120 | void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) |
| 114 | { | 121 | { |
| 115 | bn_check_num(n); | 122 | assert(n >= 0); |
| 116 | if (n <= 0) return; | 123 | if (n <= 0) return; |
| 117 | for (;;) | 124 | while (n&~3) |
| 118 | { | 125 | { |
| 119 | BN_ULLONG t; | 126 | sqr(r[0],r[1],a[0]); |
| 120 | 127 | sqr(r[2],r[3],a[1]); | |
| 121 | t=(BN_ULLONG)(a[0])*(a[0]); | 128 | sqr(r[4],r[5],a[2]); |
| 122 | r[0]=Lw(t); r[1]=Hw(t); | 129 | sqr(r[6],r[7],a[3]); |
| 123 | if (--n == 0) break; | 130 | a+=4; r+=8; n-=4; |
| 124 | 131 | } | |
| 125 | t=(BN_ULLONG)(a[1])*(a[1]); | 132 | if (n) |
| 126 | r[2]=Lw(t); r[3]=Hw(t); | 133 | { |
| 127 | if (--n == 0) break; | 134 | sqr(r[0],r[1],a[0]); if (--n == 0) return; |
| 128 | 135 | sqr(r[2],r[3],a[1]); if (--n == 0) return; | |
| 129 | t=(BN_ULLONG)(a[2])*(a[2]); | 136 | sqr(r[4],r[5],a[2]); |
| 130 | r[4]=Lw(t); r[5]=Hw(t); | ||
| 131 | if (--n == 0) break; | ||
| 132 | |||
| 133 | t=(BN_ULLONG)(a[3])*(a[3]); | ||
| 134 | r[6]=Lw(t); r[7]=Hw(t); | ||
| 135 | if (--n == 0) break; | ||
| 136 | |||
| 137 | a+=4; | ||
| 138 | r+=8; | ||
| 139 | } | 137 | } |
| 140 | } | 138 | } |
| 141 | 139 | ||
| 142 | #else | 140 | #else /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ |
| 143 | 141 | ||
| 144 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | 142 | BN_ULONG bn_mul_add_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) |
| 145 | { | 143 | { |
| 146 | BN_ULONG c=0; | 144 | BN_ULONG c=0; |
| 147 | BN_ULONG bl,bh; | 145 | BN_ULONG bl,bh; |
| 148 | 146 | ||
| 149 | bn_check_num(num); | 147 | assert(num >= 0); |
| 150 | if (num <= 0) return((BN_ULONG)0); | 148 | if (num <= 0) return((BN_ULONG)0); |
| 151 | 149 | ||
| 152 | bl=LBITS(w); | 150 | bl=LBITS(w); |
| @@ -168,12 +166,12 @@ BN_ULONG bn_mul_add_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | |||
| 168 | return(c); | 166 | return(c); |
| 169 | } | 167 | } |
| 170 | 168 | ||
| 171 | BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | 169 | BN_ULONG bn_mul_words(BN_ULONG *rp, const BN_ULONG *ap, int num, BN_ULONG w) |
| 172 | { | 170 | { |
| 173 | BN_ULONG carry=0; | 171 | BN_ULONG carry=0; |
| 174 | BN_ULONG bl,bh; | 172 | BN_ULONG bl,bh; |
| 175 | 173 | ||
| 176 | bn_check_num(num); | 174 | assert(num >= 0); |
| 177 | if (num <= 0) return((BN_ULONG)0); | 175 | if (num <= 0) return((BN_ULONG)0); |
| 178 | 176 | ||
| 179 | bl=LBITS(w); | 177 | bl=LBITS(w); |
| @@ -195,9 +193,9 @@ BN_ULONG bn_mul_words(BN_ULONG *rp, BN_ULONG *ap, int num, BN_ULONG w) | |||
| 195 | return(carry); | 193 | return(carry); |
| 196 | } | 194 | } |
| 197 | 195 | ||
| 198 | void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) | 196 | void bn_sqr_words(BN_ULONG *r, const BN_ULONG *a, int n) |
| 199 | { | 197 | { |
| 200 | bn_check_num(n); | 198 | assert(n >= 0); |
| 201 | if (n <= 0) return; | 199 | if (n <= 0) return; |
| 202 | for (;;) | 200 | for (;;) |
| 203 | { | 201 | { |
| @@ -218,7 +216,7 @@ void bn_sqr_words(BN_ULONG *r, BN_ULONG *a, int n) | |||
| 218 | } | 216 | } |
| 219 | } | 217 | } |
| 220 | 218 | ||
| 221 | #endif | 219 | #endif /* !(defined(BN_LLONG) || defined(BN_UMULT_HIGH)) */ |
| 222 | 220 | ||
| 223 | #if defined(BN_LLONG) && defined(BN_DIV2W) | 221 | #if defined(BN_LLONG) && defined(BN_DIV2W) |
| 224 | 222 | ||
| @@ -229,7 +227,7 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | |||
| 229 | 227 | ||
| 230 | #else | 228 | #else |
| 231 | 229 | ||
| 232 | /* Divide h-l by d and return the result. */ | 230 | /* Divide h,l by d and return the result. */ |
| 233 | /* I need to test this some more :-( */ | 231 | /* I need to test this some more :-( */ |
| 234 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | 232 | BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) |
| 235 | { | 233 | { |
| @@ -239,13 +237,8 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | |||
| 239 | if (d == 0) return(BN_MASK2); | 237 | if (d == 0) return(BN_MASK2); |
| 240 | 238 | ||
| 241 | i=BN_num_bits_word(d); | 239 | i=BN_num_bits_word(d); |
| 242 | if ((i != BN_BITS2) && (h > (BN_ULONG)1<<i)) | 240 | assert((i == BN_BITS2) || (h > (BN_ULONG)1<<i)); |
| 243 | { | 241 | |
| 244 | #if !defined(NO_STDIO) && !defined(WIN16) | ||
| 245 | fprintf(stderr,"Division would overflow (%d)\n",i); | ||
| 246 | #endif | ||
| 247 | abort(); | ||
| 248 | } | ||
| 249 | i=BN_BITS2-i; | 242 | i=BN_BITS2-i; |
| 250 | if (h >= d) h-=d; | 243 | if (h >= d) h-=d; |
| 251 | 244 | ||
| @@ -300,14 +293,14 @@ BN_ULONG bn_div_words(BN_ULONG h, BN_ULONG l, BN_ULONG d) | |||
| 300 | ret|=q; | 293 | ret|=q; |
| 301 | return(ret); | 294 | return(ret); |
| 302 | } | 295 | } |
| 303 | #endif | 296 | #endif /* !defined(BN_LLONG) && defined(BN_DIV2W) */ |
| 304 | 297 | ||
| 305 | #ifdef BN_LLONG | 298 | #ifdef BN_LLONG |
| 306 | BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | 299 | BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) |
| 307 | { | 300 | { |
| 308 | BN_ULLONG ll=0; | 301 | BN_ULLONG ll=0; |
| 309 | 302 | ||
| 310 | bn_check_num(n); | 303 | assert(n >= 0); |
| 311 | if (n <= 0) return((BN_ULONG)0); | 304 | if (n <= 0) return((BN_ULONG)0); |
| 312 | 305 | ||
| 313 | for (;;) | 306 | for (;;) |
| @@ -338,12 +331,12 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 338 | } | 331 | } |
| 339 | return((BN_ULONG)ll); | 332 | return((BN_ULONG)ll); |
| 340 | } | 333 | } |
| 341 | #else | 334 | #else /* !BN_LLONG */ |
| 342 | BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | 335 | BN_ULONG bn_add_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) |
| 343 | { | 336 | { |
| 344 | BN_ULONG c,l,t; | 337 | BN_ULONG c,l,t; |
| 345 | 338 | ||
| 346 | bn_check_num(n); | 339 | assert(n >= 0); |
| 347 | if (n <= 0) return((BN_ULONG)0); | 340 | if (n <= 0) return((BN_ULONG)0); |
| 348 | 341 | ||
| 349 | c=0; | 342 | c=0; |
| @@ -387,14 +380,14 @@ BN_ULONG bn_add_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 387 | } | 380 | } |
| 388 | return((BN_ULONG)c); | 381 | return((BN_ULONG)c); |
| 389 | } | 382 | } |
| 390 | #endif | 383 | #endif /* !BN_LLONG */ |
| 391 | 384 | ||
| 392 | BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | 385 | BN_ULONG bn_sub_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, int n) |
| 393 | { | 386 | { |
| 394 | BN_ULONG t1,t2; | 387 | BN_ULONG t1,t2; |
| 395 | int c=0; | 388 | int c=0; |
| 396 | 389 | ||
| 397 | bn_check_num(n); | 390 | assert(n >= 0); |
| 398 | if (n <= 0) return((BN_ULONG)0); | 391 | if (n <= 0) return((BN_ULONG)0); |
| 399 | 392 | ||
| 400 | for (;;) | 393 | for (;;) |
| @@ -433,6 +426,11 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 433 | #undef bn_sqr_comba8 | 426 | #undef bn_sqr_comba8 |
| 434 | #undef bn_sqr_comba4 | 427 | #undef bn_sqr_comba4 |
| 435 | 428 | ||
| 429 | /* mul_add_c(a,b,c0,c1,c2) -- c+=a*b for three word number c=(c2,c1,c0) */ | ||
| 430 | /* mul_add_c2(a,b,c0,c1,c2) -- c+=2*a*b for three word number c=(c2,c1,c0) */ | ||
| 431 | /* sqr_add_c(a,i,c0,c1,c2) -- c+=a[i]^2 for three word number c=(c2,c1,c0) */ | ||
| 432 | /* sqr_add_c2(a,i,c0,c1,c2) -- c+=2*a[i]*a[j] for three word number c=(c2,c1,c0) */ | ||
| 433 | |||
| 436 | #ifdef BN_LLONG | 434 | #ifdef BN_LLONG |
| 437 | #define mul_add_c(a,b,c0,c1,c2) \ | 435 | #define mul_add_c(a,b,c0,c1,c2) \ |
| 438 | t=(BN_ULLONG)a*b; \ | 436 | t=(BN_ULLONG)a*b; \ |
| @@ -460,7 +458,39 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 460 | 458 | ||
| 461 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ | 459 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ |
| 462 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) | 460 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) |
| 463 | #else | 461 | |
| 462 | #elif defined(BN_UMULT_HIGH) | ||
| 463 | |||
| 464 | #define mul_add_c(a,b,c0,c1,c2) { \ | ||
| 465 | BN_ULONG ta=(a),tb=(b); \ | ||
| 466 | t1 = ta * tb; \ | ||
| 467 | t2 = BN_UMULT_HIGH(ta,tb); \ | ||
| 468 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 469 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 470 | } | ||
| 471 | |||
| 472 | #define mul_add_c2(a,b,c0,c1,c2) { \ | ||
| 473 | BN_ULONG ta=(a),tb=(b),t0; \ | ||
| 474 | t1 = BN_UMULT_HIGH(ta,tb); \ | ||
| 475 | t0 = ta * tb; \ | ||
| 476 | t2 = t1+t1; c2 += (t2<t1)?1:0; \ | ||
| 477 | t1 = t0+t0; t2 += (t1<t0)?1:0; \ | ||
| 478 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 479 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 480 | } | ||
| 481 | |||
| 482 | #define sqr_add_c(a,i,c0,c1,c2) { \ | ||
| 483 | BN_ULONG ta=(a)[i]; \ | ||
| 484 | t1 = ta * ta; \ | ||
| 485 | t2 = BN_UMULT_HIGH(ta,ta); \ | ||
| 486 | c0 += t1; t2 += (c0<t1)?1:0; \ | ||
| 487 | c1 += t2; c2 += (c1<t2)?1:0; \ | ||
| 488 | } | ||
| 489 | |||
| 490 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ | ||
| 491 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) | ||
| 492 | |||
| 493 | #else /* !BN_LLONG */ | ||
| 464 | #define mul_add_c(a,b,c0,c1,c2) \ | 494 | #define mul_add_c(a,b,c0,c1,c2) \ |
| 465 | t1=LBITS(a); t2=HBITS(a); \ | 495 | t1=LBITS(a); t2=HBITS(a); \ |
| 466 | bl=LBITS(b); bh=HBITS(b); \ | 496 | bl=LBITS(b); bh=HBITS(b); \ |
| @@ -487,7 +517,7 @@ BN_ULONG bn_sub_words(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | |||
| 487 | 517 | ||
| 488 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ | 518 | #define sqr_add_c2(a,i,j,c0,c1,c2) \ |
| 489 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) | 519 | mul_add_c2((a)[i],(a)[j],c0,c1,c2) |
| 490 | #endif | 520 | #endif /* !BN_LLONG */ |
| 491 | 521 | ||
| 492 | void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | 522 | void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) |
| 493 | { | 523 | { |
| @@ -643,7 +673,7 @@ void bn_mul_comba4(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | |||
| 643 | r[7]=c2; | 673 | r[7]=c2; |
| 644 | } | 674 | } |
| 645 | 675 | ||
| 646 | void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | 676 | void bn_sqr_comba8(BN_ULONG *r, const BN_ULONG *a) |
| 647 | { | 677 | { |
| 648 | #ifdef BN_LLONG | 678 | #ifdef BN_LLONG |
| 649 | BN_ULLONG t,tt; | 679 | BN_ULLONG t,tt; |
| @@ -724,7 +754,7 @@ void bn_sqr_comba8(BN_ULONG *r, BN_ULONG *a) | |||
| 724 | r[15]=c1; | 754 | r[15]=c1; |
| 725 | } | 755 | } |
| 726 | 756 | ||
| 727 | void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) | 757 | void bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a) |
| 728 | { | 758 | { |
| 729 | #ifdef BN_LLONG | 759 | #ifdef BN_LLONG |
| 730 | BN_ULLONG t,tt; | 760 | BN_ULLONG t,tt; |
| @@ -762,7 +792,7 @@ void bn_sqr_comba4(BN_ULONG *r, BN_ULONG *a) | |||
| 762 | r[6]=c1; | 792 | r[6]=c1; |
| 763 | r[7]=c2; | 793 | r[7]=c2; |
| 764 | } | 794 | } |
| 765 | #else | 795 | #else /* !BN_MUL_COMBA */ |
| 766 | 796 | ||
| 767 | /* hmm... is it faster just to do a multiply? */ | 797 | /* hmm... is it faster just to do a multiply? */ |
| 768 | #undef bn_sqr_comba4 | 798 | #undef bn_sqr_comba4 |
| @@ -799,4 +829,4 @@ void bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b) | |||
| 799 | r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); | 829 | r[15]=bn_mul_add_words(&(r[7]),a,8,b[7]); |
| 800 | } | 830 | } |
| 801 | 831 | ||
| 802 | #endif /* BN_COMBA */ | 832 | #endif /* !BN_MUL_COMBA */ |
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c index a7b34f0bf0..2d287e6d1b 100644 --- a/src/lib/libcrypto/bn/bn_blind.c +++ b/src/lib/libcrypto/bn/bn_blind.c | |||
| @@ -60,15 +60,18 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | BN_BLINDING *BN_BLINDING_new(A,Ai,mod) | 63 | BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) |
| 64 | BIGNUM *A; | ||
| 65 | BIGNUM *Ai; | ||
| 66 | BIGNUM *mod; | ||
| 67 | { | 64 | { |
| 68 | BN_BLINDING *ret=NULL; | 65 | BN_BLINDING *ret=NULL; |
| 69 | 66 | ||
| 70 | if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL) | 67 | bn_check_top(Ai); |
| 68 | bn_check_top(mod); | ||
| 69 | |||
| 70 | if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) | ||
| 71 | { | ||
| 71 | BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); | 72 | BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); |
| 73 | return(NULL); | ||
| 74 | } | ||
| 72 | memset(ret,0,sizeof(BN_BLINDING)); | 75 | memset(ret,0,sizeof(BN_BLINDING)); |
| 73 | if ((ret->A=BN_new()) == NULL) goto err; | 76 | if ((ret->A=BN_new()) == NULL) goto err; |
| 74 | if ((ret->Ai=BN_new()) == NULL) goto err; | 77 | if ((ret->Ai=BN_new()) == NULL) goto err; |
| @@ -78,26 +81,26 @@ BIGNUM *mod; | |||
| 78 | return(ret); | 81 | return(ret); |
| 79 | err: | 82 | err: |
| 80 | if (ret != NULL) BN_BLINDING_free(ret); | 83 | if (ret != NULL) BN_BLINDING_free(ret); |
| 81 | return(ret); | 84 | return(NULL); |
| 82 | } | 85 | } |
| 83 | 86 | ||
| 84 | void BN_BLINDING_free(r) | 87 | void BN_BLINDING_free(BN_BLINDING *r) |
| 85 | BN_BLINDING *r; | ||
| 86 | { | 88 | { |
| 89 | if(r == NULL) | ||
| 90 | return; | ||
| 91 | |||
| 87 | if (r->A != NULL) BN_free(r->A ); | 92 | if (r->A != NULL) BN_free(r->A ); |
| 88 | if (r->Ai != NULL) BN_free(r->Ai); | 93 | if (r->Ai != NULL) BN_free(r->Ai); |
| 89 | Free(r); | 94 | OPENSSL_free(r); |
| 90 | } | 95 | } |
| 91 | 96 | ||
| 92 | int BN_BLINDING_update(b,ctx) | 97 | int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) |
| 93 | BN_BLINDING *b; | ||
| 94 | BN_CTX *ctx; | ||
| 95 | { | 98 | { |
| 96 | int ret=0; | 99 | int ret=0; |
| 97 | 100 | ||
| 98 | if ((b->A == NULL) || (b->Ai == NULL)) | 101 | if ((b->A == NULL) || (b->Ai == NULL)) |
| 99 | { | 102 | { |
| 100 | BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITALISED); | 103 | BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); |
| 101 | goto err; | 104 | goto err; |
| 102 | } | 105 | } |
| 103 | 106 | ||
| @@ -109,28 +112,26 @@ err: | |||
| 109 | return(ret); | 112 | return(ret); |
| 110 | } | 113 | } |
| 111 | 114 | ||
| 112 | int BN_BLINDING_convert(n,b,ctx) | 115 | int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
| 113 | BIGNUM *n; | ||
| 114 | BN_BLINDING *b; | ||
| 115 | BN_CTX *ctx; | ||
| 116 | { | 116 | { |
| 117 | bn_check_top(n); | ||
| 118 | |||
| 117 | if ((b->A == NULL) || (b->Ai == NULL)) | 119 | if ((b->A == NULL) || (b->Ai == NULL)) |
| 118 | { | 120 | { |
| 119 | BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITALISED); | 121 | BNerr(BN_F_BN_BLINDING_CONVERT,BN_R_NOT_INITIALIZED); |
| 120 | return(0); | 122 | return(0); |
| 121 | } | 123 | } |
| 122 | return(BN_mod_mul(n,n,b->A,b->mod,ctx)); | 124 | return(BN_mod_mul(n,n,b->A,b->mod,ctx)); |
| 123 | } | 125 | } |
| 124 | 126 | ||
| 125 | int BN_BLINDING_invert(n,b,ctx) | 127 | int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
| 126 | BIGNUM *n; | ||
| 127 | BN_BLINDING *b; | ||
| 128 | BN_CTX *ctx; | ||
| 129 | { | 128 | { |
| 130 | int ret; | 129 | int ret; |
| 130 | |||
| 131 | bn_check_top(n); | ||
| 131 | if ((b->A == NULL) || (b->Ai == NULL)) | 132 | if ((b->A == NULL) || (b->Ai == NULL)) |
| 132 | { | 133 | { |
| 133 | BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITALISED); | 134 | BNerr(BN_F_BN_BLINDING_INVERT,BN_R_NOT_INITIALIZED); |
| 134 | return(0); | 135 | return(0); |
| 135 | } | 136 | } |
| 136 | if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) | 137 | if ((ret=BN_mod_mul(n,n,b->Ai,b->mod,ctx)) >= 0) |
diff --git a/src/lib/libcrypto/bn/bn_ctx.c b/src/lib/libcrypto/bn/bn_ctx.c index 46132fd180..7daf19eb84 100644 --- a/src/lib/libcrypto/bn/bn_ctx.c +++ b/src/lib/libcrypto/bn/bn_ctx.c | |||
| @@ -61,15 +61,16 @@ | |||
| 61 | 61 | ||
| 62 | #include <stdio.h> | 62 | #include <stdio.h> |
| 63 | #include <assert.h> | 63 | #include <assert.h> |
| 64 | |||
| 64 | #include "cryptlib.h" | 65 | #include "cryptlib.h" |
| 65 | #include <openssl/bn.h> | 66 | #include "bn_lcl.h" |
| 66 | 67 | ||
| 67 | 68 | ||
| 68 | BN_CTX *BN_CTX_new(void) | 69 | BN_CTX *BN_CTX_new(void) |
| 69 | { | 70 | { |
| 70 | BN_CTX *ret; | 71 | BN_CTX *ret; |
| 71 | 72 | ||
| 72 | ret=(BN_CTX *)Malloc(sizeof(BN_CTX)); | 73 | ret=(BN_CTX *)OPENSSL_malloc(sizeof(BN_CTX)); |
| 73 | if (ret == NULL) | 74 | if (ret == NULL) |
| 74 | { | 75 | { |
| 75 | BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); | 76 | BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -83,6 +84,7 @@ BN_CTX *BN_CTX_new(void) | |||
| 83 | 84 | ||
| 84 | void BN_CTX_init(BN_CTX *ctx) | 85 | void BN_CTX_init(BN_CTX *ctx) |
| 85 | { | 86 | { |
| 87 | #if 0 /* explicit version */ | ||
| 86 | int i; | 88 | int i; |
| 87 | ctx->tos = 0; | 89 | ctx->tos = 0; |
| 88 | ctx->flags = 0; | 90 | ctx->flags = 0; |
| @@ -90,6 +92,9 @@ void BN_CTX_init(BN_CTX *ctx) | |||
| 90 | ctx->too_many = 0; | 92 | ctx->too_many = 0; |
| 91 | for (i = 0; i < BN_CTX_NUM; i++) | 93 | for (i = 0; i < BN_CTX_NUM; i++) |
| 92 | BN_init(&(ctx->bn[i])); | 94 | BN_init(&(ctx->bn[i])); |
| 95 | #else | ||
| 96 | memset(ctx, 0, sizeof *ctx); | ||
| 97 | #endif | ||
| 93 | } | 98 | } |
| 94 | 99 | ||
| 95 | void BN_CTX_free(BN_CTX *ctx) | 100 | void BN_CTX_free(BN_CTX *ctx) |
| @@ -102,7 +107,7 @@ void BN_CTX_free(BN_CTX *ctx) | |||
| 102 | for (i=0; i < BN_CTX_NUM; i++) | 107 | for (i=0; i < BN_CTX_NUM; i++) |
| 103 | BN_clear_free(&(ctx->bn[i])); | 108 | BN_clear_free(&(ctx->bn[i])); |
| 104 | if (ctx->flags & BN_FLG_MALLOCED) | 109 | if (ctx->flags & BN_FLG_MALLOCED) |
| 105 | Free(ctx); | 110 | OPENSSL_free(ctx); |
| 106 | } | 111 | } |
| 107 | 112 | ||
| 108 | void BN_CTX_start(BN_CTX *ctx) | 113 | void BN_CTX_start(BN_CTX *ctx) |
| @@ -112,8 +117,14 @@ void BN_CTX_start(BN_CTX *ctx) | |||
| 112 | ctx->depth++; | 117 | ctx->depth++; |
| 113 | } | 118 | } |
| 114 | 119 | ||
| 120 | |||
| 115 | BIGNUM *BN_CTX_get(BN_CTX *ctx) | 121 | BIGNUM *BN_CTX_get(BN_CTX *ctx) |
| 116 | { | 122 | { |
| 123 | /* Note: If BN_CTX_get is ever changed to allocate BIGNUMs dynamically, | ||
| 124 | * make sure that if BN_CTX_get fails once it will return NULL again | ||
| 125 | * until BN_CTX_end is called. (This is so that callers have to check | ||
| 126 | * only the last return value.) | ||
| 127 | */ | ||
| 117 | if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) | 128 | if (ctx->depth > BN_CTX_NUM_POS || ctx->tos >= BN_CTX_NUM) |
| 118 | { | 129 | { |
| 119 | if (!ctx->too_many) | 130 | if (!ctx->too_many) |
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c index 2263bdc7da..f9a095e3b3 100644 --- a/src/lib/libcrypto/bn/bn_div.c +++ b/src/lib/libcrypto/bn/bn_div.c | |||
| @@ -57,21 +57,22 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <openssl/bn.h> | ||
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 62 | #include "bn_lcl.h" |
| 62 | 63 | ||
| 64 | |||
| 63 | /* The old slow way */ | 65 | /* The old slow way */ |
| 64 | #if 0 | 66 | #if 0 |
| 65 | int BN_div(dv, rem, m, d,ctx) | 67 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, |
| 66 | BIGNUM *dv; | 68 | BN_CTX *ctx) |
| 67 | BIGNUM *rem; | ||
| 68 | BIGNUM *m; | ||
| 69 | BIGNUM *d; | ||
| 70 | BN_CTX *ctx; | ||
| 71 | { | 69 | { |
| 72 | int i,nm,nd; | 70 | int i,nm,nd; |
| 71 | int ret = 0; | ||
| 73 | BIGNUM *D; | 72 | BIGNUM *D; |
| 74 | 73 | ||
| 74 | bn_check_top(m); | ||
| 75 | bn_check_top(d); | ||
| 75 | if (BN_is_zero(d)) | 76 | if (BN_is_zero(d)) |
| 76 | { | 77 | { |
| 77 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); | 78 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); |
| @@ -86,45 +87,83 @@ BN_CTX *ctx; | |||
| 86 | return(1); | 87 | return(1); |
| 87 | } | 88 | } |
| 88 | 89 | ||
| 89 | D=ctx->bn[ctx->tos]; | 90 | BN_CTX_start(ctx); |
| 90 | if (dv == NULL) dv=ctx->bn[ctx->tos+1]; | 91 | D = BN_CTX_get(ctx); |
| 91 | if (rem == NULL) rem=ctx->bn[ctx->tos+2]; | 92 | if (dv == NULL) dv = BN_CTX_get(ctx); |
| 93 | if (rem == NULL) rem = BN_CTX_get(ctx); | ||
| 94 | if (D == NULL || dv == NULL || rem == NULL) | ||
| 95 | goto end; | ||
| 92 | 96 | ||
| 93 | nd=BN_num_bits(d); | 97 | nd=BN_num_bits(d); |
| 94 | nm=BN_num_bits(m); | 98 | nm=BN_num_bits(m); |
| 95 | if (BN_copy(D,d) == NULL) return(0); | 99 | if (BN_copy(D,d) == NULL) goto end; |
| 96 | if (BN_copy(rem,m) == NULL) return(0); | 100 | if (BN_copy(rem,m) == NULL) goto end; |
| 97 | 101 | ||
| 98 | /* The next 2 are needed so we can do a dv->d[0]|=1 later | 102 | /* The next 2 are needed so we can do a dv->d[0]|=1 later |
| 99 | * since BN_lshift1 will only work once there is a value :-) */ | 103 | * since BN_lshift1 will only work once there is a value :-) */ |
| 100 | BN_zero(dv); | 104 | BN_zero(dv); |
| 105 | bn_wexpand(dv,1); | ||
| 101 | dv->top=1; | 106 | dv->top=1; |
| 102 | 107 | ||
| 103 | if (!BN_lshift(D,D,nm-nd)) return(0); | 108 | if (!BN_lshift(D,D,nm-nd)) goto end; |
| 104 | for (i=nm-nd; i>=0; i--) | 109 | for (i=nm-nd; i>=0; i--) |
| 105 | { | 110 | { |
| 106 | if (!BN_lshift1(dv,dv)) return(0); | 111 | if (!BN_lshift1(dv,dv)) goto end; |
| 107 | if (BN_ucmp(rem,D) >= 0) | 112 | if (BN_ucmp(rem,D) >= 0) |
| 108 | { | 113 | { |
| 109 | dv->d[0]|=1; | 114 | dv->d[0]|=1; |
| 110 | bn_qsub(rem,rem,D); | 115 | if (!BN_usub(rem,rem,D)) goto end; |
| 111 | } | 116 | } |
| 112 | /* CAN IMPROVE (and have now :=) */ | 117 | /* CAN IMPROVE (and have now :=) */ |
| 113 | if (!BN_rshift1(D,D)) return(0); | 118 | if (!BN_rshift1(D,D)) goto end; |
| 114 | } | 119 | } |
| 115 | rem->neg=BN_is_zero(rem)?0:m->neg; | 120 | rem->neg=BN_is_zero(rem)?0:m->neg; |
| 116 | dv->neg=m->neg^d->neg; | 121 | dv->neg=m->neg^d->neg; |
| 117 | return(1); | 122 | ret = 1; |
| 123 | end: | ||
| 124 | BN_CTX_end(ctx); | ||
| 125 | return(ret); | ||
| 118 | } | 126 | } |
| 119 | 127 | ||
| 120 | #else | 128 | #else |
| 121 | 129 | ||
| 122 | int BN_div(dv, rm, num, divisor,ctx) | 130 | #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) \ |
| 123 | BIGNUM *dv; | 131 | && !defined(PEDANTIC) && !defined(BN_DIV3W) |
| 124 | BIGNUM *rm; | 132 | # if defined(__GNUC__) && __GNUC__>=2 |
| 125 | BIGNUM *num; | 133 | # if defined(__i386) || defined (__i386__) |
| 126 | BIGNUM *divisor; | 134 | /* |
| 127 | BN_CTX *ctx; | 135 | * There were two reasons for implementing this template: |
| 136 | * - GNU C generates a call to a function (__udivdi3 to be exact) | ||
| 137 | * in reply to ((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0 (I fail to | ||
| 138 | * understand why...); | ||
| 139 | * - divl doesn't only calculate quotient, but also leaves | ||
| 140 | * remainder in %edx which we can definitely use here:-) | ||
| 141 | * | ||
| 142 | * <appro@fy.chalmers.se> | ||
| 143 | */ | ||
| 144 | # define bn_div_words(n0,n1,d0) \ | ||
| 145 | ({ asm volatile ( \ | ||
| 146 | "divl %4" \ | ||
| 147 | : "=a"(q), "=d"(rem) \ | ||
| 148 | : "a"(n1), "d"(n0), "g"(d0) \ | ||
| 149 | : "cc"); \ | ||
| 150 | q; \ | ||
| 151 | }) | ||
| 152 | # define REMAINDER_IS_ALREADY_CALCULATED | ||
| 153 | # endif /* __<cpu> */ | ||
| 154 | # endif /* __GNUC__ */ | ||
| 155 | #endif /* OPENSSL_NO_ASM */ | ||
| 156 | |||
| 157 | |||
| 158 | /* BN_div computes dv := num / divisor, rounding towards zero, and sets up | ||
| 159 | * rm such that dv*divisor + rm = num holds. | ||
| 160 | * Thus: | ||
| 161 | * dv->neg == num->neg ^ divisor->neg (unless the result is zero) | ||
| 162 | * rm->neg == num->neg (unless the remainder is zero) | ||
| 163 | * If 'dv' or 'rm' is NULL, the respective value is not returned. | ||
| 164 | */ | ||
| 165 | int BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||
| 166 | BN_CTX *ctx) | ||
| 128 | { | 167 | { |
| 129 | int norm_shift,i,j,loop; | 168 | int norm_shift,i,j,loop; |
| 130 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; | 169 | BIGNUM *tmp,wnum,*snum,*sdiv,*res; |
| @@ -132,6 +171,9 @@ BN_CTX *ctx; | |||
| 132 | BN_ULONG d0,d1; | 171 | BN_ULONG d0,d1; |
| 133 | int num_n,div_n; | 172 | int num_n,div_n; |
| 134 | 173 | ||
| 174 | bn_check_top(num); | ||
| 175 | bn_check_top(divisor); | ||
| 176 | |||
| 135 | if (BN_is_zero(divisor)) | 177 | if (BN_is_zero(divisor)) |
| 136 | { | 178 | { |
| 137 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); | 179 | BNerr(BN_F_BN_DIV,BN_R_DIV_BY_ZERO); |
| @@ -146,20 +188,22 @@ BN_CTX *ctx; | |||
| 146 | return(1); | 188 | return(1); |
| 147 | } | 189 | } |
| 148 | 190 | ||
| 149 | tmp=ctx->bn[ctx->tos]; | 191 | BN_CTX_start(ctx); |
| 150 | tmp->neg=0; | 192 | tmp=BN_CTX_get(ctx); |
| 151 | snum=ctx->bn[ctx->tos+1]; | 193 | snum=BN_CTX_get(ctx); |
| 152 | sdiv=ctx->bn[ctx->tos+2]; | 194 | sdiv=BN_CTX_get(ctx); |
| 153 | if (dv == NULL) | 195 | if (dv == NULL) |
| 154 | res=ctx->bn[ctx->tos+3]; | 196 | res=BN_CTX_get(ctx); |
| 155 | else res=dv; | 197 | else res=dv; |
| 198 | if (sdiv == NULL || res == NULL) goto err; | ||
| 199 | tmp->neg=0; | ||
| 156 | 200 | ||
| 157 | /* First we normalise the numbers */ | 201 | /* First we normalise the numbers */ |
| 158 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); | 202 | norm_shift=BN_BITS2-((BN_num_bits(divisor))%BN_BITS2); |
| 159 | BN_lshift(sdiv,divisor,norm_shift); | 203 | if (!(BN_lshift(sdiv,divisor,norm_shift))) goto err; |
| 160 | sdiv->neg=0; | 204 | sdiv->neg=0; |
| 161 | norm_shift+=BN_BITS2; | 205 | norm_shift+=BN_BITS2; |
| 162 | BN_lshift(snum,num,norm_shift); | 206 | if (!(BN_lshift(snum,num,norm_shift))) goto err; |
| 163 | snum->neg=0; | 207 | snum->neg=0; |
| 164 | div_n=sdiv->top; | 208 | div_n=sdiv->top; |
| 165 | num_n=snum->top; | 209 | num_n=snum->top; |
| @@ -168,10 +212,10 @@ BN_CTX *ctx; | |||
| 168 | /* Lets setup a 'window' into snum | 212 | /* Lets setup a 'window' into snum |
| 169 | * This is the part that corresponds to the current | 213 | * This is the part that corresponds to the current |
| 170 | * 'area' being divided */ | 214 | * 'area' being divided */ |
| 215 | BN_init(&wnum); | ||
| 171 | wnum.d= &(snum->d[loop]); | 216 | wnum.d= &(snum->d[loop]); |
| 172 | wnum.top= div_n; | 217 | wnum.top= div_n; |
| 173 | wnum.max= snum->max; /* a bit of a lie */ | 218 | wnum.dmax= snum->dmax+1; /* a bit of a lie */ |
| 174 | wnum.neg= 0; | ||
| 175 | 219 | ||
| 176 | /* Get the top 2 words of sdiv */ | 220 | /* Get the top 2 words of sdiv */ |
| 177 | /* i=sdiv->top; */ | 221 | /* i=sdiv->top; */ |
| @@ -183,8 +227,8 @@ BN_CTX *ctx; | |||
| 183 | 227 | ||
| 184 | /* Setup to 'res' */ | 228 | /* Setup to 'res' */ |
| 185 | res->neg= (num->neg^divisor->neg); | 229 | res->neg= (num->neg^divisor->neg); |
| 186 | res->top=loop; | ||
| 187 | if (!bn_wexpand(res,(loop+1))) goto err; | 230 | if (!bn_wexpand(res,(loop+1))) goto err; |
| 231 | res->top=loop; | ||
| 188 | resp= &(res->d[loop-1]); | 232 | resp= &(res->d[loop-1]); |
| 189 | 233 | ||
| 190 | /* space for temp */ | 234 | /* space for temp */ |
| @@ -192,74 +236,98 @@ BN_CTX *ctx; | |||
| 192 | 236 | ||
| 193 | if (BN_ucmp(&wnum,sdiv) >= 0) | 237 | if (BN_ucmp(&wnum,sdiv) >= 0) |
| 194 | { | 238 | { |
| 195 | bn_qsub(&wnum,&wnum,sdiv); | 239 | if (!BN_usub(&wnum,&wnum,sdiv)) goto err; |
| 196 | *resp=1; | 240 | *resp=1; |
| 197 | res->d[res->top-1]=1; | 241 | res->d[res->top-1]=1; |
| 198 | } | 242 | } |
| 199 | else | 243 | else |
| 200 | res->top--; | 244 | res->top--; |
| 245 | if (res->top == 0) | ||
| 246 | res->neg = 0; | ||
| 201 | resp--; | 247 | resp--; |
| 202 | 248 | ||
| 203 | for (i=0; i<loop-1; i++) | 249 | for (i=0; i<loop-1; i++) |
| 204 | { | 250 | { |
| 205 | BN_ULONG q,n0,n1; | 251 | BN_ULONG q,l0; |
| 206 | BN_ULONG l0; | 252 | #if defined(BN_DIV3W) && !defined(OPENSSL_NO_ASM) |
| 253 | BN_ULONG bn_div_3_words(BN_ULONG*,BN_ULONG,BN_ULONG); | ||
| 254 | q=bn_div_3_words(wnump,d1,d0); | ||
| 255 | #else | ||
| 256 | BN_ULONG n0,n1,rem=0; | ||
| 207 | 257 | ||
| 208 | wnum.d--; wnum.top++; | ||
| 209 | n0=wnump[0]; | 258 | n0=wnump[0]; |
| 210 | n1=wnump[-1]; | 259 | n1=wnump[-1]; |
| 211 | if (n0 == d0) | 260 | if (n0 == d0) |
| 212 | q=BN_MASK2; | 261 | q=BN_MASK2; |
| 213 | else | 262 | else /* n0 < d0 */ |
| 214 | q=bn_div64(n0,n1,d0); | ||
| 215 | { | ||
| 216 | #ifdef BN_LLONG | ||
| 217 | BN_ULLONG t1,t2,rem; | ||
| 218 | t1=((BN_ULLONG)n0<<BN_BITS2)|n1; | ||
| 219 | for (;;) | ||
| 220 | { | 263 | { |
| 264 | #ifdef BN_LLONG | ||
| 265 | BN_ULLONG t2; | ||
| 266 | |||
| 267 | #if defined(BN_LLONG) && defined(BN_DIV2W) && !defined(bn_div_words) | ||
| 268 | q=(BN_ULONG)(((((BN_ULLONG)n0)<<BN_BITS2)|n1)/d0); | ||
| 269 | #else | ||
| 270 | q=bn_div_words(n0,n1,d0); | ||
| 271 | #endif | ||
| 272 | |||
| 273 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | ||
| 274 | /* | ||
| 275 | * rem doesn't have to be BN_ULLONG. The least we | ||
| 276 | * know it's less that d0, isn't it? | ||
| 277 | */ | ||
| 278 | rem=(n1-q*d0)&BN_MASK2; | ||
| 279 | #endif | ||
| 221 | t2=(BN_ULLONG)d1*q; | 280 | t2=(BN_ULLONG)d1*q; |
| 222 | rem=t1-(BN_ULLONG)q*d0; | 281 | |
| 223 | if ((rem>>BN_BITS2) || | 282 | for (;;) |
| 224 | (t2 <= ((BN_ULLONG)(rem<<BN_BITS2)+wnump[-2]))) | 283 | { |
| 225 | break; | 284 | if (t2 <= ((((BN_ULLONG)rem)<<BN_BITS2)|wnump[-2])) |
| 226 | q--; | 285 | break; |
| 227 | } | 286 | q--; |
| 287 | rem += d0; | ||
| 288 | if (rem < d0) break; /* don't let rem overflow */ | ||
| 289 | t2 -= d1; | ||
| 290 | } | ||
| 291 | #else /* !BN_LLONG */ | ||
| 292 | BN_ULONG t2l,t2h,ql,qh; | ||
| 293 | |||
| 294 | q=bn_div_words(n0,n1,d0); | ||
| 295 | #ifndef REMAINDER_IS_ALREADY_CALCULATED | ||
| 296 | rem=(n1-q*d0)&BN_MASK2; | ||
| 297 | #endif | ||
| 298 | |||
| 299 | #ifdef BN_UMULT_HIGH | ||
| 300 | t2l = d1 * q; | ||
| 301 | t2h = BN_UMULT_HIGH(d1,q); | ||
| 228 | #else | 302 | #else |
| 229 | BN_ULONG t1l,t1h,t2l,t2h,t3l,t3h,ql,qh,t3t; | ||
| 230 | t1h=n0; | ||
| 231 | t1l=n1; | ||
| 232 | for (;;) | ||
| 233 | { | ||
| 234 | t2l=LBITS(d1); t2h=HBITS(d1); | 303 | t2l=LBITS(d1); t2h=HBITS(d1); |
| 235 | ql =LBITS(q); qh =HBITS(q); | 304 | ql =LBITS(q); qh =HBITS(q); |
| 236 | mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ | 305 | mul64(t2l,t2h,ql,qh); /* t2=(BN_ULLONG)d1*q; */ |
| 306 | #endif | ||
| 237 | 307 | ||
| 238 | t3t=LBITS(d0); t3h=HBITS(d0); | 308 | for (;;) |
| 239 | mul64(t3t,t3h,ql,qh); /* t3=t1-(BN_ULLONG)q*d0; */ | 309 | { |
| 240 | t3l=(t1l-t3t)&BN_MASK2; | 310 | if ((t2h < rem) || |
| 241 | if (t3l > t1l) t3h++; | 311 | ((t2h == rem) && (t2l <= wnump[-2]))) |
| 242 | t3h=(t1h-t3h)&BN_MASK2; | 312 | break; |
| 243 | 313 | q--; | |
| 244 | /*if ((t3>>BN_BITS2) || | 314 | rem += d0; |
| 245 | (t2 <= ((t3<<BN_BITS2)+wnump[-2]))) | 315 | if (rem < d0) break; /* don't let rem overflow */ |
| 246 | break; */ | 316 | if (t2l < d1) t2h--; t2l -= d1; |
| 247 | if (t3h) break; | 317 | } |
| 248 | if (t2h < t3l) break; | 318 | #endif /* !BN_LLONG */ |
| 249 | if ((t2h == t3l) && (t2l <= wnump[-2])) break; | ||
| 250 | |||
| 251 | q--; | ||
| 252 | } | 319 | } |
| 253 | #endif | 320 | #endif /* !BN_DIV3W */ |
| 254 | } | 321 | |
| 255 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); | 322 | l0=bn_mul_words(tmp->d,sdiv->d,div_n,q); |
| 323 | wnum.d--; wnum.top++; | ||
| 256 | tmp->d[div_n]=l0; | 324 | tmp->d[div_n]=l0; |
| 257 | for (j=div_n+1; j>0; j--) | 325 | for (j=div_n+1; j>0; j--) |
| 258 | if (tmp->d[j-1]) break; | 326 | if (tmp->d[j-1]) break; |
| 259 | tmp->top=j; | 327 | tmp->top=j; |
| 260 | 328 | ||
| 261 | j=wnum.top; | 329 | j=wnum.top; |
| 262 | BN_sub(&wnum,&wnum,tmp); | 330 | if (!BN_sub(&wnum,&wnum,tmp)) goto err; |
| 263 | 331 | ||
| 264 | snum->top=snum->top+wnum.top-j; | 332 | snum->top=snum->top+wnum.top-j; |
| 265 | 333 | ||
| @@ -267,7 +335,7 @@ BN_CTX *ctx; | |||
| 267 | { | 335 | { |
| 268 | q--; | 336 | q--; |
| 269 | j=wnum.top; | 337 | j=wnum.top; |
| 270 | BN_add(&wnum,&wnum,sdiv); | 338 | if (!BN_add(&wnum,&wnum,sdiv)) goto err; |
| 271 | snum->top+=wnum.top-j; | 339 | snum->top+=wnum.top-j; |
| 272 | } | 340 | } |
| 273 | *(resp--)=q; | 341 | *(resp--)=q; |
| @@ -275,11 +343,18 @@ BN_CTX *ctx; | |||
| 275 | } | 343 | } |
| 276 | if (rm != NULL) | 344 | if (rm != NULL) |
| 277 | { | 345 | { |
| 346 | /* Keep a copy of the neg flag in num because if rm==num | ||
| 347 | * BN_rshift() will overwrite it. | ||
| 348 | */ | ||
| 349 | int neg = num->neg; | ||
| 278 | BN_rshift(rm,snum,norm_shift); | 350 | BN_rshift(rm,snum,norm_shift); |
| 279 | rm->neg=num->neg; | 351 | if (!BN_is_zero(rm)) |
| 352 | rm->neg = neg; | ||
| 280 | } | 353 | } |
| 354 | BN_CTX_end(ctx); | ||
| 281 | return(1); | 355 | return(1); |
| 282 | err: | 356 | err: |
| 357 | BN_CTX_end(ctx); | ||
| 283 | return(0); | 358 | return(0); |
| 284 | } | 359 | } |
| 285 | 360 | ||
diff --git a/src/lib/libcrypto/bn/bn_err.c b/src/lib/libcrypto/bn/bn_err.c index 029ae810d5..fb84ee96d8 100644 --- a/src/lib/libcrypto/bn/bn_err.c +++ b/src/lib/libcrypto/bn/bn_err.c | |||
| @@ -1,66 +1,69 @@ | |||
| 1 | /* lib/bn/bn_err.c */ | 1 | /* crypto/bn/bn_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "bn.h" | 63 | #include <openssl/bn.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA BN_str_functs[]= | 67 | static ERR_STRING_DATA BN_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, | 69 | {ERR_PACK(0,BN_F_BN_BLINDING_CONVERT,0), "BN_BLINDING_convert"}, |
| @@ -69,40 +72,57 @@ static ERR_STRING_DATA BN_str_functs[]= | |||
| 69 | {ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, | 72 | {ERR_PACK(0,BN_F_BN_BLINDING_UPDATE,0), "BN_BLINDING_update"}, |
| 70 | {ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, | 73 | {ERR_PACK(0,BN_F_BN_BN2DEC,0), "BN_bn2dec"}, |
| 71 | {ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, | 74 | {ERR_PACK(0,BN_F_BN_BN2HEX,0), "BN_bn2hex"}, |
| 75 | {ERR_PACK(0,BN_F_BN_CTX_GET,0), "BN_CTX_get"}, | ||
| 72 | {ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, | 76 | {ERR_PACK(0,BN_F_BN_CTX_NEW,0), "BN_CTX_new"}, |
| 73 | {ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, | 77 | {ERR_PACK(0,BN_F_BN_DIV,0), "BN_div"}, |
| 74 | {ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, | 78 | {ERR_PACK(0,BN_F_BN_EXPAND2,0), "bn_expand2"}, |
| 79 | {ERR_PACK(0,BN_F_BN_EXPAND_INTERNAL,0), "BN_EXPAND_INTERNAL"}, | ||
| 80 | {ERR_PACK(0,BN_F_BN_MOD_EXP2_MONT,0), "BN_mod_exp2_mont"}, | ||
| 75 | {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, | 81 | {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT,0), "BN_mod_exp_mont"}, |
| 82 | {ERR_PACK(0,BN_F_BN_MOD_EXP_MONT_WORD,0), "BN_mod_exp_mont_word"}, | ||
| 76 | {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, | 83 | {ERR_PACK(0,BN_F_BN_MOD_INVERSE,0), "BN_mod_inverse"}, |
| 84 | {ERR_PACK(0,BN_F_BN_MOD_LSHIFT_QUICK,0), "BN_mod_lshift_quick"}, | ||
| 77 | {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, | 85 | {ERR_PACK(0,BN_F_BN_MOD_MUL_RECIPROCAL,0), "BN_mod_mul_reciprocal"}, |
| 86 | {ERR_PACK(0,BN_F_BN_MOD_SQRT,0), "BN_mod_sqrt"}, | ||
| 78 | {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, | 87 | {ERR_PACK(0,BN_F_BN_MPI2BN,0), "BN_mpi2bn"}, |
| 79 | {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, | 88 | {ERR_PACK(0,BN_F_BN_NEW,0), "BN_new"}, |
| 80 | {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, | 89 | {ERR_PACK(0,BN_F_BN_RAND,0), "BN_rand"}, |
| 81 | {0,NULL}, | 90 | {ERR_PACK(0,BN_F_BN_RAND_RANGE,0), "BN_rand_range"}, |
| 91 | {ERR_PACK(0,BN_F_BN_USUB,0), "BN_usub"}, | ||
| 92 | {0,NULL} | ||
| 82 | }; | 93 | }; |
| 83 | 94 | ||
| 84 | static ERR_STRING_DATA BN_str_reasons[]= | 95 | static ERR_STRING_DATA BN_str_reasons[]= |
| 85 | { | 96 | { |
| 97 | {BN_R_ARG2_LT_ARG3 ,"arg2 lt arg3"}, | ||
| 86 | {BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, | 98 | {BN_R_BAD_RECIPROCAL ,"bad reciprocal"}, |
| 99 | {BN_R_BIGNUM_TOO_LONG ,"bignum too long"}, | ||
| 87 | {BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, | 100 | {BN_R_CALLED_WITH_EVEN_MODULUS ,"called with even modulus"}, |
| 88 | {BN_R_DIV_BY_ZERO ,"div by zero"}, | 101 | {BN_R_DIV_BY_ZERO ,"div by zero"}, |
| 89 | {BN_R_ENCODING_ERROR ,"encoding error"}, | 102 | {BN_R_ENCODING_ERROR ,"encoding error"}, |
| 103 | {BN_R_EXPAND_ON_STATIC_BIGNUM_DATA ,"expand on static bignum data"}, | ||
| 104 | {BN_R_INPUT_NOT_REDUCED ,"input not reduced"}, | ||
| 90 | {BN_R_INVALID_LENGTH ,"invalid length"}, | 105 | {BN_R_INVALID_LENGTH ,"invalid length"}, |
| 91 | {BN_R_NOT_INITALISED ,"not initalised"}, | 106 | {BN_R_INVALID_RANGE ,"invalid range"}, |
| 107 | {BN_R_NOT_A_SQUARE ,"not a square"}, | ||
| 108 | {BN_R_NOT_INITIALIZED ,"not initialized"}, | ||
| 92 | {BN_R_NO_INVERSE ,"no inverse"}, | 109 | {BN_R_NO_INVERSE ,"no inverse"}, |
| 93 | {0,NULL}, | 110 | {BN_R_P_IS_NOT_PRIME ,"p is not prime"}, |
| 111 | {BN_R_TOO_MANY_ITERATIONS ,"too many iterations"}, | ||
| 112 | {BN_R_TOO_MANY_TEMPORARY_VARIABLES ,"too many temporary variables"}, | ||
| 113 | {0,NULL} | ||
| 94 | }; | 114 | }; |
| 95 | 115 | ||
| 96 | #endif | 116 | #endif |
| 97 | 117 | ||
| 98 | void ERR_load_BN_strings() | 118 | void ERR_load_BN_strings(void) |
| 99 | { | 119 | { |
| 100 | static int init=1; | 120 | static int init=1; |
| 101 | 121 | ||
| 102 | if (init); | 122 | if (init) |
| 103 | {; | 123 | { |
| 104 | init=0; | 124 | init=0; |
| 105 | #ifndef NO_ERR | 125 | #ifndef OPENSSL_NO_ERR |
| 106 | ERR_load_strings(ERR_LIB_BN,BN_str_functs); | 126 | ERR_load_strings(ERR_LIB_BN,BN_str_functs); |
| 107 | ERR_load_strings(ERR_LIB_BN,BN_str_reasons); | 127 | ERR_load_strings(ERR_LIB_BN,BN_str_reasons); |
| 108 | #endif | 128 | #endif |
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index c056a5083f..afdfd580fb 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -55,112 +55,145 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 58 | 112 | ||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | 113 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 114 | #include "bn_lcl.h" |
| 62 | 115 | ||
| 63 | /* slow but works */ | 116 | #define TABLE_SIZE 32 |
| 64 | int BN_mod_mul(ret, a, b, m, ctx) | ||
| 65 | BIGNUM *ret; | ||
| 66 | BIGNUM *a; | ||
| 67 | BIGNUM *b; | ||
| 68 | BIGNUM *m; | ||
| 69 | BN_CTX *ctx; | ||
| 70 | { | ||
| 71 | BIGNUM *t; | ||
| 72 | int r=0; | ||
| 73 | |||
| 74 | t=ctx->bn[ctx->tos++]; | ||
| 75 | if (a == b) | ||
| 76 | { if (!BN_sqr(t,a,ctx)) goto err; } | ||
| 77 | else | ||
| 78 | { if (!BN_mul(t,a,b)) goto err; } | ||
| 79 | if (!BN_mod(ret,t,m,ctx)) goto err; | ||
| 80 | r=1; | ||
| 81 | err: | ||
| 82 | ctx->tos--; | ||
| 83 | return(r); | ||
| 84 | } | ||
| 85 | 117 | ||
| 86 | #if 0 | ||
| 87 | /* this one works - simple but works */ | 118 | /* this one works - simple but works */ |
| 88 | int BN_mod_exp(r,a,p,m,ctx) | 119 | int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) |
| 89 | BIGNUM *r,*a,*p,*m; | ||
| 90 | BN_CTX *ctx; | ||
| 91 | { | 120 | { |
| 92 | int i,bits,ret=0; | 121 | int i,bits,ret=0; |
| 93 | BIGNUM *v,*tmp; | 122 | BIGNUM *v,*rr; |
| 94 | 123 | ||
| 95 | v=ctx->bn[ctx->tos++]; | 124 | BN_CTX_start(ctx); |
| 96 | tmp=ctx->bn[ctx->tos++]; | 125 | if ((r == a) || (r == p)) |
| 126 | rr = BN_CTX_get(ctx); | ||
| 127 | else | ||
| 128 | rr = r; | ||
| 129 | if ((v = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 97 | 130 | ||
| 98 | if (BN_copy(v,a) == NULL) goto err; | 131 | if (BN_copy(v,a) == NULL) goto err; |
| 99 | bits=BN_num_bits(p); | 132 | bits=BN_num_bits(p); |
| 100 | 133 | ||
| 101 | if (BN_is_odd(p)) | 134 | if (BN_is_odd(p)) |
| 102 | { if (BN_copy(r,a) == NULL) goto err; } | 135 | { if (BN_copy(rr,a) == NULL) goto err; } |
| 103 | else { if (BN_one(r)) goto err; } | 136 | else { if (!BN_one(rr)) goto err; } |
| 104 | 137 | ||
| 105 | for (i=1; i<bits; i++) | 138 | for (i=1; i<bits; i++) |
| 106 | { | 139 | { |
| 107 | if (!BN_sqr(tmp,v,ctx)) goto err; | 140 | if (!BN_sqr(v,v,ctx)) goto err; |
| 108 | if (!BN_mod(v,tmp,m,ctx)) goto err; | ||
| 109 | if (BN_is_bit_set(p,i)) | 141 | if (BN_is_bit_set(p,i)) |
| 110 | { | 142 | { |
| 111 | if (!BN_mul(tmp,r,v)) goto err; | 143 | if (!BN_mul(rr,rr,v,ctx)) goto err; |
| 112 | if (!BN_mod(r,tmp,m,ctx)) goto err; | ||
| 113 | } | 144 | } |
| 114 | } | 145 | } |
| 115 | ret=1; | 146 | ret=1; |
| 116 | err: | 147 | err: |
| 117 | ctx->tos-=2; | 148 | if (r != rr) BN_copy(r,rr); |
| 149 | BN_CTX_end(ctx); | ||
| 118 | return(ret); | 150 | return(ret); |
| 119 | } | 151 | } |
| 120 | 152 | ||
| 121 | #endif | ||
| 122 | |||
| 123 | /* this one works - simple but works */ | ||
| 124 | int BN_exp(r,a,p,ctx) | ||
| 125 | BIGNUM *r,*a,*p; | ||
| 126 | BN_CTX *ctx; | ||
| 127 | { | ||
| 128 | int i,bits,ret=0; | ||
| 129 | BIGNUM *v,*tmp; | ||
| 130 | |||
| 131 | v=ctx->bn[ctx->tos++]; | ||
| 132 | tmp=ctx->bn[ctx->tos++]; | ||
| 133 | |||
| 134 | if (BN_copy(v,a) == NULL) goto err; | ||
| 135 | bits=BN_num_bits(p); | ||
| 136 | |||
| 137 | if (BN_is_odd(p)) | ||
| 138 | { if (BN_copy(r,a) == NULL) goto err; } | ||
| 139 | else { if (BN_one(r)) goto err; } | ||
| 140 | |||
| 141 | for (i=1; i<bits; i++) | ||
| 142 | { | ||
| 143 | if (!BN_sqr(tmp,v,ctx)) goto err; | ||
| 144 | if (BN_is_bit_set(p,i)) | ||
| 145 | { | ||
| 146 | if (!BN_mul(tmp,r,v)) goto err; | ||
| 147 | } | ||
| 148 | } | ||
| 149 | ret=1; | ||
| 150 | err: | ||
| 151 | ctx->tos-=2; | ||
| 152 | return(ret); | ||
| 153 | } | ||
| 154 | 153 | ||
| 155 | int BN_mod_exp(r,a,p,m,ctx) | 154 | int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, |
| 156 | BIGNUM *r; | 155 | BN_CTX *ctx) |
| 157 | BIGNUM *a; | ||
| 158 | BIGNUM *p; | ||
| 159 | BIGNUM *m; | ||
| 160 | BN_CTX *ctx; | ||
| 161 | { | 156 | { |
| 162 | int ret; | 157 | int ret; |
| 163 | 158 | ||
| 159 | bn_check_top(a); | ||
| 160 | bn_check_top(p); | ||
| 161 | bn_check_top(m); | ||
| 162 | |||
| 163 | /* For even modulus m = 2^k*m_odd, it might make sense to compute | ||
| 164 | * a^p mod m_odd and a^p mod 2^k separately (with Montgomery | ||
| 165 | * exponentiation for the odd part), using appropriate exponent | ||
| 166 | * reductions, and combine the results using the CRT. | ||
| 167 | * | ||
| 168 | * For now, we use Montgomery only if the modulus is odd; otherwise, | ||
| 169 | * exponentiation using the reciprocal-based quick remaindering | ||
| 170 | * algorithm is used. | ||
| 171 | * | ||
| 172 | * (Timing obtained with expspeed.c [computations a^p mod m | ||
| 173 | * where a, p, m are of the same length: 256, 512, 1024, 2048, | ||
| 174 | * 4096, 8192 bits], compared to the running time of the | ||
| 175 | * standard algorithm: | ||
| 176 | * | ||
| 177 | * BN_mod_exp_mont 33 .. 40 % [AMD K6-2, Linux, debug configuration] | ||
| 178 | * 55 .. 77 % [UltraSparc processor, but | ||
| 179 | * debug-solaris-sparcv8-gcc conf.] | ||
| 180 | * | ||
| 181 | * BN_mod_exp_recp 50 .. 70 % [AMD K6-2, Linux, debug configuration] | ||
| 182 | * 62 .. 118 % [UltraSparc, debug-solaris-sparcv8-gcc] | ||
| 183 | * | ||
| 184 | * On the Sparc, BN_mod_exp_recp was faster than BN_mod_exp_mont | ||
| 185 | * at 2048 and more bits, but at 512 and 1024 bits, it was | ||
| 186 | * slower even than the standard algorithm! | ||
| 187 | * | ||
| 188 | * "Real" timings [linux-elf, solaris-sparcv9-gcc configurations] | ||
| 189 | * should be obtained when the new Montgomery reduction code | ||
| 190 | * has been integrated into OpenSSL.) | ||
| 191 | */ | ||
| 192 | |||
| 193 | #define MONT_MUL_MOD | ||
| 194 | #define MONT_EXP_WORD | ||
| 195 | #define RECP_MUL_MOD | ||
| 196 | |||
| 164 | #ifdef MONT_MUL_MOD | 197 | #ifdef MONT_MUL_MOD |
| 165 | /* I have finally been able to take out this pre-condition of | 198 | /* I have finally been able to take out this pre-condition of |
| 166 | * the top bit being set. It was caused by an error in BN_div | 199 | * the top bit being set. It was caused by an error in BN_div |
| @@ -169,7 +202,17 @@ BN_CTX *ctx; | |||
| 169 | /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ | 202 | /* if ((m->d[m->top-1]&BN_TBIT) && BN_is_odd(m)) */ |
| 170 | 203 | ||
| 171 | if (BN_is_odd(m)) | 204 | if (BN_is_odd(m)) |
| 172 | { ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); } | 205 | { |
| 206 | # ifdef MONT_EXP_WORD | ||
| 207 | if (a->top == 1 && !a->neg) | ||
| 208 | { | ||
| 209 | BN_ULONG A = a->d[0]; | ||
| 210 | ret=BN_mod_exp_mont_word(r,A,p,m,ctx,NULL); | ||
| 211 | } | ||
| 212 | else | ||
| 213 | # endif | ||
| 214 | ret=BN_mod_exp_mont(r,a,p,m,ctx,NULL); | ||
| 215 | } | ||
| 173 | else | 216 | else |
| 174 | #endif | 217 | #endif |
| 175 | #ifdef RECP_MUL_MOD | 218 | #ifdef RECP_MUL_MOD |
| @@ -181,55 +224,65 @@ BN_CTX *ctx; | |||
| 181 | return(ret); | 224 | return(ret); |
| 182 | } | 225 | } |
| 183 | 226 | ||
| 184 | /* #ifdef RECP_MUL_MOD */ | 227 | |
| 185 | int BN_mod_exp_recp(r,a,p,m,ctx) | 228 | int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
| 186 | BIGNUM *r; | 229 | const BIGNUM *m, BN_CTX *ctx) |
| 187 | BIGNUM *a; | ||
| 188 | BIGNUM *p; | ||
| 189 | BIGNUM *m; | ||
| 190 | BN_CTX *ctx; | ||
| 191 | { | 230 | { |
| 192 | int nb,i,j,bits,ret=0,wstart,wend,window,wvalue; | 231 | int i,j,bits,ret=0,wstart,wend,window,wvalue; |
| 193 | int start=1; | 232 | int start=1,ts=0; |
| 194 | BIGNUM *d,*aa; | 233 | BIGNUM *aa; |
| 195 | BIGNUM *val[16]; | 234 | BIGNUM val[TABLE_SIZE]; |
| 235 | BN_RECP_CTX recp; | ||
| 196 | 236 | ||
| 197 | d=ctx->bn[ctx->tos++]; | ||
| 198 | aa=ctx->bn[ctx->tos++]; | ||
| 199 | bits=BN_num_bits(p); | 237 | bits=BN_num_bits(p); |
| 200 | 238 | ||
| 201 | if (bits == 0) | 239 | if (bits == 0) |
| 202 | { | 240 | { |
| 203 | BN_one(r); | 241 | ret = BN_one(r); |
| 204 | return(1); | 242 | return ret; |
| 243 | } | ||
| 244 | |||
| 245 | BN_CTX_start(ctx); | ||
| 246 | if ((aa = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 247 | |||
| 248 | BN_RECP_CTX_init(&recp); | ||
| 249 | if (m->neg) | ||
| 250 | { | ||
| 251 | /* ignore sign of 'm' */ | ||
| 252 | if (!BN_copy(aa, m)) goto err; | ||
| 253 | aa->neg = 0; | ||
| 254 | if (BN_RECP_CTX_set(&recp,aa,ctx) <= 0) goto err; | ||
| 205 | } | 255 | } |
| 206 | nb=BN_reciprocal(d,m,ctx); | ||
| 207 | if (nb == -1) goto err; | ||
| 208 | |||
| 209 | val[0]=BN_new(); | ||
| 210 | if (!BN_mod(val[0],a,m,ctx)) goto err; /* 1 */ | ||
| 211 | if (!BN_mod_mul_reciprocal(aa,val[0],val[0],m,d,nb,ctx)) | ||
| 212 | goto err; /* 2 */ | ||
| 213 | |||
| 214 | if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */ | ||
| 215 | window=1; | ||
| 216 | else if (bits >= 256) | ||
| 217 | window=5; /* max size of window */ | ||
| 218 | else if (bits >= 128) | ||
| 219 | window=4; | ||
| 220 | else | 256 | else |
| 221 | window=3; | 257 | { |
| 258 | if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err; | ||
| 259 | } | ||
| 260 | |||
| 261 | BN_init(&(val[0])); | ||
| 262 | ts=1; | ||
| 222 | 263 | ||
| 223 | j=1<<(window-1); | 264 | if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ |
| 224 | for (i=1; i<j; i++) | 265 | if (BN_is_zero(&(val[0]))) |
| 225 | { | 266 | { |
| 226 | val[i]=BN_new(); | 267 | ret = BN_zero(r); |
| 227 | if (!BN_mod_mul_reciprocal(val[i],val[i-1],aa,m,d,nb,ctx)) | 268 | goto err; |
| 228 | goto err; | ||
| 229 | } | 269 | } |
| 230 | for (; i<16; i++) | ||
| 231 | val[i]=NULL; | ||
| 232 | 270 | ||
| 271 | window = BN_window_bits_for_exponent_size(bits); | ||
| 272 | if (window > 1) | ||
| 273 | { | ||
| 274 | if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx)) | ||
| 275 | goto err; /* 2 */ | ||
| 276 | j=1<<(window-1); | ||
| 277 | for (i=1; i<j; i++) | ||
| 278 | { | ||
| 279 | BN_init(&val[i]); | ||
| 280 | if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx)) | ||
| 281 | goto err; | ||
| 282 | } | ||
| 283 | ts=i; | ||
| 284 | } | ||
| 285 | |||
| 233 | start=1; /* This is used to avoid multiplication etc | 286 | start=1; /* This is used to avoid multiplication etc |
| 234 | * when there is only the value '1' in the | 287 | * when there is only the value '1' in the |
| 235 | * buffer. */ | 288 | * buffer. */ |
| @@ -244,7 +297,7 @@ BN_CTX *ctx; | |||
| 244 | if (BN_is_bit_set(p,wstart) == 0) | 297 | if (BN_is_bit_set(p,wstart) == 0) |
| 245 | { | 298 | { |
| 246 | if (!start) | 299 | if (!start) |
| 247 | if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx)) | 300 | if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx)) |
| 248 | goto err; | 301 | goto err; |
| 249 | if (wstart == 0) break; | 302 | if (wstart == 0) break; |
| 250 | wstart--; | 303 | wstart--; |
| @@ -274,12 +327,12 @@ BN_CTX *ctx; | |||
| 274 | if (!start) | 327 | if (!start) |
| 275 | for (i=0; i<j; i++) | 328 | for (i=0; i<j; i++) |
| 276 | { | 329 | { |
| 277 | if (!BN_mod_mul_reciprocal(r,r,r,m,d,nb,ctx)) | 330 | if (!BN_mod_mul_reciprocal(r,r,r,&recp,ctx)) |
| 278 | goto err; | 331 | goto err; |
| 279 | } | 332 | } |
| 280 | 333 | ||
| 281 | /* wvalue will be an odd number < 2^window */ | 334 | /* wvalue will be an odd number < 2^window */ |
| 282 | if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],m,d,nb,ctx)) | 335 | if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx)) |
| 283 | goto err; | 336 | goto err; |
| 284 | 337 | ||
| 285 | /* move the 'window' down further */ | 338 | /* move the 'window' down further */ |
| @@ -290,84 +343,86 @@ BN_CTX *ctx; | |||
| 290 | } | 343 | } |
| 291 | ret=1; | 344 | ret=1; |
| 292 | err: | 345 | err: |
| 293 | ctx->tos-=2; | 346 | BN_CTX_end(ctx); |
| 294 | for (i=0; i<16; i++) | 347 | for (i=0; i<ts; i++) |
| 295 | if (val[i] != NULL) BN_clear_free(val[i]); | 348 | BN_clear_free(&(val[i])); |
| 349 | BN_RECP_CTX_free(&recp); | ||
| 296 | return(ret); | 350 | return(ret); |
| 297 | } | 351 | } |
| 298 | /* #endif */ | 352 | |
| 299 | 353 | ||
| 300 | /* #ifdef MONT_MUL_MOD */ | 354 | int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, |
| 301 | int BN_mod_exp_mont(r,a,p,m,ctx,in_mont) | 355 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) |
| 302 | BIGNUM *r; | ||
| 303 | BIGNUM *a; | ||
| 304 | BIGNUM *p; | ||
| 305 | BIGNUM *m; | ||
| 306 | BN_CTX *ctx; | ||
| 307 | BN_MONT_CTX *in_mont; | ||
| 308 | { | 356 | { |
| 309 | #define TABLE_SIZE 16 | ||
| 310 | int i,j,bits,ret=0,wstart,wend,window,wvalue; | 357 | int i,j,bits,ret=0,wstart,wend,window,wvalue; |
| 311 | int start=1; | 358 | int start=1,ts=0; |
| 312 | BIGNUM *d,*aa; | 359 | BIGNUM *d,*r; |
| 313 | BIGNUM *val[TABLE_SIZE]; | 360 | const BIGNUM *aa; |
| 361 | BIGNUM val[TABLE_SIZE]; | ||
| 314 | BN_MONT_CTX *mont=NULL; | 362 | BN_MONT_CTX *mont=NULL; |
| 315 | 363 | ||
| 364 | bn_check_top(a); | ||
| 365 | bn_check_top(p); | ||
| 366 | bn_check_top(m); | ||
| 367 | |||
| 316 | if (!(m->d[0] & 1)) | 368 | if (!(m->d[0] & 1)) |
| 317 | { | 369 | { |
| 318 | BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); | 370 | BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); |
| 319 | return(0); | 371 | return(0); |
| 320 | } | 372 | } |
| 321 | d=ctx->bn[ctx->tos++]; | ||
| 322 | bits=BN_num_bits(p); | 373 | bits=BN_num_bits(p); |
| 323 | if (bits == 0) | 374 | if (bits == 0) |
| 324 | { | 375 | { |
| 325 | BN_one(r); | 376 | ret = BN_one(rr); |
| 326 | return(1); | 377 | return ret; |
| 327 | } | 378 | } |
| 328 | 379 | ||
| 380 | BN_CTX_start(ctx); | ||
| 381 | d = BN_CTX_get(ctx); | ||
| 382 | r = BN_CTX_get(ctx); | ||
| 383 | if (d == NULL || r == NULL) goto err; | ||
| 384 | |||
| 329 | /* If this is not done, things will break in the montgomery | 385 | /* If this is not done, things will break in the montgomery |
| 330 | * part */ | 386 | * part */ |
| 331 | 387 | ||
| 332 | #if 1 | ||
| 333 | if (in_mont != NULL) | 388 | if (in_mont != NULL) |
| 334 | mont=in_mont; | 389 | mont=in_mont; |
| 335 | else | 390 | else |
| 336 | #endif | ||
| 337 | { | 391 | { |
| 338 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; | 392 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; |
| 339 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; | 393 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; |
| 340 | } | 394 | } |
| 341 | 395 | ||
| 342 | val[0]=BN_new(); | 396 | BN_init(&val[0]); |
| 343 | if (BN_ucmp(a,m) >= 0) | 397 | ts=1; |
| 398 | if (a->neg || BN_ucmp(a,m) >= 0) | ||
| 344 | { | 399 | { |
| 345 | BN_mod(val[0],a,m,ctx); | 400 | if (!BN_nnmod(&(val[0]),a,m,ctx)) |
| 346 | aa=val[0]; | 401 | goto err; |
| 402 | aa= &(val[0]); | ||
| 347 | } | 403 | } |
| 348 | else | 404 | else |
| 349 | aa=a; | 405 | aa=a; |
| 350 | if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */ | 406 | if (BN_is_zero(aa)) |
| 351 | if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */ | 407 | { |
| 352 | 408 | ret = BN_zero(rr); | |
| 353 | if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */ | 409 | goto err; |
| 354 | window=1; | 410 | } |
| 355 | else if (bits > 250) | 411 | if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */ |
| 356 | window=5; /* max size of window */ | ||
| 357 | else if (bits >= 120) | ||
| 358 | window=4; | ||
| 359 | else | ||
| 360 | window=3; | ||
| 361 | 412 | ||
| 362 | j=1<<(window-1); | 413 | window = BN_window_bits_for_exponent_size(bits); |
| 363 | for (i=1; i<j; i++) | 414 | if (window > 1) |
| 364 | { | 415 | { |
| 365 | val[i]=BN_new(); | 416 | if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */ |
| 366 | if (!BN_mod_mul_montgomery(val[i],val[i-1],d,mont,ctx)) | 417 | j=1<<(window-1); |
| 367 | goto err; | 418 | for (i=1; i<j; i++) |
| 419 | { | ||
| 420 | BN_init(&(val[i])); | ||
| 421 | if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx)) | ||
| 422 | goto err; | ||
| 423 | } | ||
| 424 | ts=i; | ||
| 368 | } | 425 | } |
| 369 | for (; i<TABLE_SIZE; i++) | ||
| 370 | val[i]=NULL; | ||
| 371 | 426 | ||
| 372 | start=1; /* This is used to avoid multiplication etc | 427 | start=1; /* This is used to avoid multiplication etc |
| 373 | * when there is only the value '1' in the | 428 | * when there is only the value '1' in the |
| @@ -376,7 +431,7 @@ BN_MONT_CTX *in_mont; | |||
| 376 | wstart=bits-1; /* The top bit of the window */ | 431 | wstart=bits-1; /* The top bit of the window */ |
| 377 | wend=0; /* The bottom bit of the window */ | 432 | wend=0; /* The bottom bit of the window */ |
| 378 | 433 | ||
| 379 | if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; | 434 | if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; |
| 380 | for (;;) | 435 | for (;;) |
| 381 | { | 436 | { |
| 382 | if (BN_is_bit_set(p,wstart) == 0) | 437 | if (BN_is_bit_set(p,wstart) == 0) |
| @@ -419,7 +474,7 @@ BN_MONT_CTX *in_mont; | |||
| 419 | } | 474 | } |
| 420 | 475 | ||
| 421 | /* wvalue will be an odd number < 2^window */ | 476 | /* wvalue will be an odd number < 2^window */ |
| 422 | if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx)) | 477 | if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx)) |
| 423 | goto err; | 478 | goto err; |
| 424 | 479 | ||
| 425 | /* move the 'window' down further */ | 480 | /* move the 'window' down further */ |
| @@ -428,62 +483,201 @@ BN_MONT_CTX *in_mont; | |||
| 428 | start=0; | 483 | start=0; |
| 429 | if (wstart < 0) break; | 484 | if (wstart < 0) break; |
| 430 | } | 485 | } |
| 431 | BN_from_montgomery(r,r,mont,ctx); | 486 | if (!BN_from_montgomery(rr,r,mont,ctx)) goto err; |
| 432 | ret=1; | 487 | ret=1; |
| 433 | err: | 488 | err: |
| 434 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 489 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 435 | ctx->tos--; | 490 | BN_CTX_end(ctx); |
| 436 | for (i=0; i<TABLE_SIZE; i++) | 491 | for (i=0; i<ts; i++) |
| 437 | if (val[i] != NULL) BN_clear_free(val[i]); | 492 | BN_clear_free(&(val[i])); |
| 438 | return(ret); | 493 | return(ret); |
| 439 | } | 494 | } |
| 440 | /* #endif */ | 495 | |
| 496 | int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, | ||
| 497 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 498 | { | ||
| 499 | BN_MONT_CTX *mont = NULL; | ||
| 500 | int b, bits, ret=0; | ||
| 501 | int r_is_one; | ||
| 502 | BN_ULONG w, next_w; | ||
| 503 | BIGNUM *d, *r, *t; | ||
| 504 | BIGNUM *swap_tmp; | ||
| 505 | #define BN_MOD_MUL_WORD(r, w, m) \ | ||
| 506 | (BN_mul_word(r, (w)) && \ | ||
| 507 | (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ | ||
| 508 | (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) | ||
| 509 | /* BN_MOD_MUL_WORD is only used with 'w' large, | ||
| 510 | * so the BN_ucmp test is probably more overhead | ||
| 511 | * than always using BN_mod (which uses BN_copy if | ||
| 512 | * a similar test returns true). */ | ||
| 513 | /* We can use BN_mod and do not need BN_nnmod because our | ||
| 514 | * accumulator is never negative (the result of BN_mod does | ||
| 515 | * not depend on the sign of the modulus). | ||
| 516 | */ | ||
| 517 | #define BN_TO_MONTGOMERY_WORD(r, w, mont) \ | ||
| 518 | (BN_set_word(r, (w)) && BN_to_montgomery(r, r, (mont), ctx)) | ||
| 519 | |||
| 520 | bn_check_top(p); | ||
| 521 | bn_check_top(m); | ||
| 522 | |||
| 523 | if (m->top == 0 || !(m->d[0] & 1)) | ||
| 524 | { | ||
| 525 | BNerr(BN_F_BN_MOD_EXP_MONT_WORD,BN_R_CALLED_WITH_EVEN_MODULUS); | ||
| 526 | return(0); | ||
| 527 | } | ||
| 528 | if (m->top == 1) | ||
| 529 | a %= m->d[0]; /* make sure that 'a' is reduced */ | ||
| 530 | |||
| 531 | bits = BN_num_bits(p); | ||
| 532 | if (bits == 0) | ||
| 533 | { | ||
| 534 | ret = BN_one(rr); | ||
| 535 | return ret; | ||
| 536 | } | ||
| 537 | if (a == 0) | ||
| 538 | { | ||
| 539 | ret = BN_zero(rr); | ||
| 540 | return ret; | ||
| 541 | } | ||
| 542 | |||
| 543 | BN_CTX_start(ctx); | ||
| 544 | d = BN_CTX_get(ctx); | ||
| 545 | r = BN_CTX_get(ctx); | ||
| 546 | t = BN_CTX_get(ctx); | ||
| 547 | if (d == NULL || r == NULL || t == NULL) goto err; | ||
| 548 | |||
| 549 | if (in_mont != NULL) | ||
| 550 | mont=in_mont; | ||
| 551 | else | ||
| 552 | { | ||
| 553 | if ((mont = BN_MONT_CTX_new()) == NULL) goto err; | ||
| 554 | if (!BN_MONT_CTX_set(mont, m, ctx)) goto err; | ||
| 555 | } | ||
| 556 | |||
| 557 | r_is_one = 1; /* except for Montgomery factor */ | ||
| 558 | |||
| 559 | /* bits-1 >= 0 */ | ||
| 560 | |||
| 561 | /* The result is accumulated in the product r*w. */ | ||
| 562 | w = a; /* bit 'bits-1' of 'p' is always set */ | ||
| 563 | for (b = bits-2; b >= 0; b--) | ||
| 564 | { | ||
| 565 | /* First, square r*w. */ | ||
| 566 | next_w = w*w; | ||
| 567 | if ((next_w/w) != w) /* overflow */ | ||
| 568 | { | ||
| 569 | if (r_is_one) | ||
| 570 | { | ||
| 571 | if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; | ||
| 572 | r_is_one = 0; | ||
| 573 | } | ||
| 574 | else | ||
| 575 | { | ||
| 576 | if (!BN_MOD_MUL_WORD(r, w, m)) goto err; | ||
| 577 | } | ||
| 578 | next_w = 1; | ||
| 579 | } | ||
| 580 | w = next_w; | ||
| 581 | if (!r_is_one) | ||
| 582 | { | ||
| 583 | if (!BN_mod_mul_montgomery(r, r, r, mont, ctx)) goto err; | ||
| 584 | } | ||
| 585 | |||
| 586 | /* Second, multiply r*w by 'a' if exponent bit is set. */ | ||
| 587 | if (BN_is_bit_set(p, b)) | ||
| 588 | { | ||
| 589 | next_w = w*a; | ||
| 590 | if ((next_w/a) != w) /* overflow */ | ||
| 591 | { | ||
| 592 | if (r_is_one) | ||
| 593 | { | ||
| 594 | if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; | ||
| 595 | r_is_one = 0; | ||
| 596 | } | ||
| 597 | else | ||
| 598 | { | ||
| 599 | if (!BN_MOD_MUL_WORD(r, w, m)) goto err; | ||
| 600 | } | ||
| 601 | next_w = a; | ||
| 602 | } | ||
| 603 | w = next_w; | ||
| 604 | } | ||
| 605 | } | ||
| 606 | |||
| 607 | /* Finally, set r:=r*w. */ | ||
| 608 | if (w != 1) | ||
| 609 | { | ||
| 610 | if (r_is_one) | ||
| 611 | { | ||
| 612 | if (!BN_TO_MONTGOMERY_WORD(r, w, mont)) goto err; | ||
| 613 | r_is_one = 0; | ||
| 614 | } | ||
| 615 | else | ||
| 616 | { | ||
| 617 | if (!BN_MOD_MUL_WORD(r, w, m)) goto err; | ||
| 618 | } | ||
| 619 | } | ||
| 620 | |||
| 621 | if (r_is_one) /* can happen only if a == 1*/ | ||
| 622 | { | ||
| 623 | if (!BN_one(rr)) goto err; | ||
| 624 | } | ||
| 625 | else | ||
| 626 | { | ||
| 627 | if (!BN_from_montgomery(rr, r, mont, ctx)) goto err; | ||
| 628 | } | ||
| 629 | ret = 1; | ||
| 630 | err: | ||
| 631 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | ||
| 632 | BN_CTX_end(ctx); | ||
| 633 | return(ret); | ||
| 634 | } | ||
| 635 | |||
| 441 | 636 | ||
| 442 | /* The old fallback, simple version :-) */ | 637 | /* The old fallback, simple version :-) */ |
| 443 | int BN_mod_exp_simple(r,a,p,m,ctx) | 638 | int BN_mod_exp_simple(BIGNUM *r, |
| 444 | BIGNUM *r; | 639 | const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, |
| 445 | BIGNUM *a; | 640 | BN_CTX *ctx) |
| 446 | BIGNUM *p; | ||
| 447 | BIGNUM *m; | ||
| 448 | BN_CTX *ctx; | ||
| 449 | { | 641 | { |
| 450 | int i,j,bits,ret=0,wstart,wend,window,wvalue; | 642 | int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0; |
| 451 | int start=1; | 643 | int start=1; |
| 452 | BIGNUM *d; | 644 | BIGNUM *d; |
| 453 | BIGNUM *val[16]; | 645 | BIGNUM val[TABLE_SIZE]; |
| 454 | 646 | ||
| 455 | d=ctx->bn[ctx->tos++]; | ||
| 456 | bits=BN_num_bits(p); | 647 | bits=BN_num_bits(p); |
| 457 | 648 | ||
| 458 | if (bits == 0) | 649 | if (bits == 0) |
| 459 | { | 650 | { |
| 460 | BN_one(r); | 651 | ret = BN_one(r); |
| 461 | return(1); | 652 | return ret; |
| 462 | } | 653 | } |
| 463 | 654 | ||
| 464 | val[0]=BN_new(); | 655 | BN_CTX_start(ctx); |
| 465 | if (!BN_mod(val[0],a,m,ctx)) goto err; /* 1 */ | 656 | if ((d = BN_CTX_get(ctx)) == NULL) goto err; |
| 466 | if (!BN_mod_mul(d,val[0],val[0],m,ctx)) | ||
| 467 | goto err; /* 2 */ | ||
| 468 | |||
| 469 | if (bits <= 17) /* This is probably 3 or 0x10001, so just do singles */ | ||
| 470 | window=1; | ||
| 471 | else if (bits >= 256) | ||
| 472 | window=5; /* max size of window */ | ||
| 473 | else if (bits >= 128) | ||
| 474 | window=4; | ||
| 475 | else | ||
| 476 | window=3; | ||
| 477 | 657 | ||
| 478 | j=1<<(window-1); | 658 | BN_init(&(val[0])); |
| 479 | for (i=1; i<j; i++) | 659 | ts=1; |
| 660 | if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */ | ||
| 661 | if (BN_is_zero(&(val[0]))) | ||
| 480 | { | 662 | { |
| 481 | val[i]=BN_new(); | 663 | ret = BN_zero(r); |
| 482 | if (!BN_mod_mul(val[i],val[i-1],d,m,ctx)) | 664 | goto err; |
| 483 | goto err; | 665 | } |
| 666 | |||
| 667 | window = BN_window_bits_for_exponent_size(bits); | ||
| 668 | if (window > 1) | ||
| 669 | { | ||
| 670 | if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx)) | ||
| 671 | goto err; /* 2 */ | ||
| 672 | j=1<<(window-1); | ||
| 673 | for (i=1; i<j; i++) | ||
| 674 | { | ||
| 675 | BN_init(&(val[i])); | ||
| 676 | if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx)) | ||
| 677 | goto err; | ||
| 678 | } | ||
| 679 | ts=i; | ||
| 484 | } | 680 | } |
| 485 | for (; i<16; i++) | ||
| 486 | val[i]=NULL; | ||
| 487 | 681 | ||
| 488 | start=1; /* This is used to avoid multiplication etc | 682 | start=1; /* This is used to avoid multiplication etc |
| 489 | * when there is only the value '1' in the | 683 | * when there is only the value '1' in the |
| @@ -534,7 +728,7 @@ BN_CTX *ctx; | |||
| 534 | } | 728 | } |
| 535 | 729 | ||
| 536 | /* wvalue will be an odd number < 2^window */ | 730 | /* wvalue will be an odd number < 2^window */ |
| 537 | if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx)) | 731 | if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx)) |
| 538 | goto err; | 732 | goto err; |
| 539 | 733 | ||
| 540 | /* move the 'window' down further */ | 734 | /* move the 'window' down further */ |
| @@ -545,9 +739,9 @@ BN_CTX *ctx; | |||
| 545 | } | 739 | } |
| 546 | ret=1; | 740 | ret=1; |
| 547 | err: | 741 | err: |
| 548 | ctx->tos--; | 742 | BN_CTX_end(ctx); |
| 549 | for (i=0; i<16; i++) | 743 | for (i=0; i<ts; i++) |
| 550 | if (val[i] != NULL) BN_clear_free(val[i]); | 744 | BN_clear_free(&(val[i])); |
| 551 | return(ret); | 745 | return(ret); |
| 552 | } | 746 | } |
| 553 | 747 | ||
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c index 1132d53365..73ccd58a83 100644 --- a/src/lib/libcrypto/bn/bn_exp2.c +++ b/src/lib/libcrypto/bn/bn_exp2.c | |||
| @@ -1,27 +1,129 @@ | |||
| 1 | /* crypto/bn/bn_exp2.c */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | ||
| 3 | * All rights reserved. | ||
| 4 | * | ||
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | ||
| 24 | * modification, are permitted provided that the following conditions | ||
| 25 | * are met: | ||
| 26 | * 1. Redistributions of source code must retain the copyright | ||
| 27 | * notice, this list of conditions and the following disclaimer. | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 29 | * notice, this list of conditions and the following disclaimer in the | ||
| 30 | * documentation and/or other materials provided with the distribution. | ||
| 31 | * 3. All advertising materials mentioning features or use of this software | ||
| 32 | * must display the following acknowledgement: | ||
| 33 | * "This product includes cryptographic software written by | ||
| 34 | * Eric Young (eay@cryptsoft.com)" | ||
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 36 | * being used are not cryptographic related :-). | ||
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 38 | * the apps directory (application code) you must include an acknowledgement: | ||
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 40 | * | ||
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 51 | * SUCH DAMAGE. | ||
| 52 | * | ||
| 53 | * The licence and distribution terms for any publically available version or | ||
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 55 | * copied and put under another distribution licence | ||
| 56 | * [including the GNU Public Licence.] | ||
| 57 | */ | ||
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | |||
| 1 | #include <stdio.h> | 112 | #include <stdio.h> |
| 2 | #include "cryptlib.h" | 113 | #include "cryptlib.h" |
| 3 | #include "bn_lcl.h" | 114 | #include "bn_lcl.h" |
| 4 | 115 | ||
| 5 | /* I've done some timing with different table sizes. | 116 | #define TABLE_SIZE 32 |
| 6 | * The main hassle is that even with bits set at 3, this requires | ||
| 7 | * 63 BIGNUMs to store the pre-calculated values. | ||
| 8 | * 512 1024 | ||
| 9 | * bits=1 75.4% 79.4% | ||
| 10 | * bits=2 61.2% 62.4% | ||
| 11 | * bits=3 61.3% 59.3% | ||
| 12 | * The lack of speed improvment is also a function of the pre-calculation | ||
| 13 | * which could be removed. | ||
| 14 | */ | ||
| 15 | #define EXP2_TABLE_BITS 2 /* 1 2 3 4 5 */ | ||
| 16 | #define EXP2_TABLE_SIZE 4 /* 2 4 8 16 32 */ | ||
| 17 | 117 | ||
| 18 | int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, | 118 | int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, |
| 19 | BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) | 119 | const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, |
| 120 | BN_CTX *ctx, BN_MONT_CTX *in_mont) | ||
| 20 | { | 121 | { |
| 21 | int i,j,k,bits,bits1,bits2,ret=0,wstart,wend,window,xvalue,yvalue; | 122 | int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2; |
| 22 | int start=1,ts=0,x,y; | 123 | int r_is_one=1,ts1=0,ts2=0; |
| 23 | BIGNUM *d,*aa1,*aa2,*r; | 124 | BIGNUM *d,*r; |
| 24 | BIGNUM val[EXP2_TABLE_SIZE][EXP2_TABLE_SIZE]; | 125 | const BIGNUM *a_mod_m; |
| 126 | BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE]; | ||
| 25 | BN_MONT_CTX *mont=NULL; | 127 | BN_MONT_CTX *mont=NULL; |
| 26 | 128 | ||
| 27 | bn_check_top(a1); | 129 | bn_check_top(a1); |
| @@ -32,22 +134,23 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, | |||
| 32 | 134 | ||
| 33 | if (!(m->d[0] & 1)) | 135 | if (!(m->d[0] & 1)) |
| 34 | { | 136 | { |
| 35 | BNerr(BN_F_BN_MOD_EXP_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); | 137 | BNerr(BN_F_BN_MOD_EXP2_MONT,BN_R_CALLED_WITH_EVEN_MODULUS); |
| 36 | return(0); | 138 | return(0); |
| 37 | } | 139 | } |
| 38 | d= &(ctx->bn[ctx->tos++]); | ||
| 39 | r= &(ctx->bn[ctx->tos++]); | ||
| 40 | bits1=BN_num_bits(p1); | 140 | bits1=BN_num_bits(p1); |
| 41 | bits2=BN_num_bits(p2); | 141 | bits2=BN_num_bits(p2); |
| 42 | if ((bits1 == 0) && (bits2 == 0)) | 142 | if ((bits1 == 0) && (bits2 == 0)) |
| 43 | { | 143 | { |
| 44 | BN_one(r); | 144 | ret = BN_one(rr); |
| 45 | return(1); | 145 | return ret; |
| 46 | } | 146 | } |
| 147 | |||
| 47 | bits=(bits1 > bits2)?bits1:bits2; | 148 | bits=(bits1 > bits2)?bits1:bits2; |
| 48 | 149 | ||
| 49 | /* If this is not done, things will break in the montgomery | 150 | BN_CTX_start(ctx); |
| 50 | * part */ | 151 | d = BN_CTX_get(ctx); |
| 152 | r = BN_CTX_get(ctx); | ||
| 153 | if (d == NULL || r == NULL) goto err; | ||
| 51 | 154 | ||
| 52 | if (in_mont != NULL) | 155 | if (in_mont != NULL) |
| 53 | mont=in_mont; | 156 | mont=in_mont; |
| @@ -57,139 +160,154 @@ int BN_mod_exp2_mont(BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, BIGNUM *a2, | |||
| 57 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; | 160 | if (!BN_MONT_CTX_set(mont,m,ctx)) goto err; |
| 58 | } | 161 | } |
| 59 | 162 | ||
| 60 | BN_init(&(val[0][0])); | 163 | window1 = BN_window_bits_for_exponent_size(bits1); |
| 61 | BN_init(&(val[1][1])); | 164 | window2 = BN_window_bits_for_exponent_size(bits2); |
| 62 | BN_init(&(val[0][1])); | 165 | |
| 63 | BN_init(&(val[1][0])); | 166 | /* |
| 64 | ts=1; | 167 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) |
| 65 | if (BN_ucmp(a1,m) >= 0) | 168 | */ |
| 169 | BN_init(&val1[0]); | ||
| 170 | ts1=1; | ||
| 171 | if (a1->neg || BN_ucmp(a1,m) >= 0) | ||
| 66 | { | 172 | { |
| 67 | BN_mod(&(val[1][0]),a1,m,ctx); | 173 | if (!BN_mod(&(val1[0]),a1,m,ctx)) |
| 68 | aa1= &(val[1][0]); | 174 | goto err; |
| 175 | a_mod_m = &(val1[0]); | ||
| 69 | } | 176 | } |
| 70 | else | 177 | else |
| 71 | aa1=a1; | 178 | a_mod_m = a1; |
| 72 | if (BN_ucmp(a2,m) >= 0) | 179 | if (BN_is_zero(a_mod_m)) |
| 73 | { | 180 | { |
| 74 | BN_mod(&(val[0][1]),a2,m,ctx); | 181 | ret = BN_zero(rr); |
| 75 | aa2= &(val[0][1]); | ||
| 76 | } | ||
| 77 | else | ||
| 78 | aa2=a2; | ||
| 79 | if (!BN_to_montgomery(&(val[1][0]),aa1,mont,ctx)) goto err; | ||
| 80 | if (!BN_to_montgomery(&(val[0][1]),aa2,mont,ctx)) goto err; | ||
| 81 | if (!BN_mod_mul_montgomery(&(val[1][1]), | ||
| 82 | &(val[1][0]),&(val[0][1]),mont,ctx)) | ||
| 83 | goto err; | 182 | goto err; |
| 183 | } | ||
| 84 | 184 | ||
| 85 | #if 0 | 185 | if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err; |
| 86 | if (bits <= 20) /* This is probably 3 or 0x10001, so just do singles */ | 186 | if (window1 > 1) |
| 87 | window=1; | ||
| 88 | else if (bits > 250) | ||
| 89 | window=5; /* max size of window */ | ||
| 90 | else if (bits >= 120) | ||
| 91 | window=4; | ||
| 92 | else | ||
| 93 | window=3; | ||
| 94 | #else | ||
| 95 | window=EXP2_TABLE_BITS; | ||
| 96 | #endif | ||
| 97 | |||
| 98 | k=1<<window; | ||
| 99 | for (x=0; x<k; x++) | ||
| 100 | { | 187 | { |
| 101 | if (x >= 2) | 188 | if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err; |
| 189 | |||
| 190 | j=1<<(window1-1); | ||
| 191 | for (i=1; i<j; i++) | ||
| 102 | { | 192 | { |
| 103 | BN_init(&(val[x][0])); | 193 | BN_init(&(val1[i])); |
| 104 | BN_init(&(val[x][1])); | 194 | if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx)) |
| 105 | if (!BN_mod_mul_montgomery(&(val[x][0]), | 195 | goto err; |
| 106 | &(val[1][0]),&(val[x-1][0]),mont,ctx)) goto err; | ||
| 107 | if (!BN_mod_mul_montgomery(&(val[x][1]), | ||
| 108 | &(val[1][0]),&(val[x-1][1]),mont,ctx)) goto err; | ||
| 109 | } | 196 | } |
| 110 | for (y=2; y<k; y++) | 197 | ts1=i; |
| 198 | } | ||
| 199 | |||
| 200 | |||
| 201 | /* | ||
| 202 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | ||
| 203 | */ | ||
| 204 | BN_init(&val2[0]); | ||
| 205 | ts2=1; | ||
| 206 | if (a2->neg || BN_ucmp(a2,m) >= 0) | ||
| 207 | { | ||
| 208 | if (!BN_mod(&(val2[0]),a2,m,ctx)) | ||
| 209 | goto err; | ||
| 210 | a_mod_m = &(val2[0]); | ||
| 211 | } | ||
| 212 | else | ||
| 213 | a_mod_m = a2; | ||
| 214 | if (BN_is_zero(a_mod_m)) | ||
| 215 | { | ||
| 216 | ret = BN_zero(rr); | ||
| 217 | goto err; | ||
| 218 | } | ||
| 219 | if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err; | ||
| 220 | if (window2 > 1) | ||
| 221 | { | ||
| 222 | if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err; | ||
| 223 | |||
| 224 | j=1<<(window2-1); | ||
| 225 | for (i=1; i<j; i++) | ||
| 111 | { | 226 | { |
| 112 | BN_init(&(val[x][y])); | 227 | BN_init(&(val2[i])); |
| 113 | if (!BN_mod_mul_montgomery(&(val[x][y]), | 228 | if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx)) |
| 114 | &(val[x][y-1]),&(val[0][1]),mont,ctx)) | ||
| 115 | goto err; | 229 | goto err; |
| 116 | } | 230 | } |
| 231 | ts2=i; | ||
| 117 | } | 232 | } |
| 118 | ts=k; | 233 | |
| 119 | 234 | ||
| 120 | start=1; /* This is used to avoid multiplication etc | 235 | /* Now compute the power product, using independent windows. */ |
| 121 | * when there is only the value '1' in the | 236 | r_is_one=1; |
| 122 | * buffer. */ | 237 | wvalue1=0; /* The 'value' of the first window */ |
| 123 | xvalue=0; /* The 'x value' of the window */ | 238 | wvalue2=0; /* The 'value' of the second window */ |
| 124 | yvalue=0; /* The 'y value' of the window */ | 239 | wpos1=0; /* If wvalue1 > 0, the bottom bit of the first window */ |
| 125 | wstart=bits-1; /* The top bit of the window */ | 240 | wpos2=0; /* If wvalue2 > 0, the bottom bit of the second window */ |
| 126 | wend=0; /* The bottom bit of the window */ | 241 | |
| 127 | 242 | if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; | |
| 128 | if (!BN_to_montgomery(r,BN_value_one(),mont,ctx)) goto err; | 243 | for (b=bits-1; b>=0; b--) |
| 129 | for (;;) | ||
| 130 | { | 244 | { |
| 131 | xvalue=BN_is_bit_set(p1,wstart); | 245 | if (!r_is_one) |
| 132 | yvalue=BN_is_bit_set(p2,wstart); | ||
| 133 | if (!(xvalue || yvalue)) | ||
| 134 | { | 246 | { |
| 135 | if (!start) | 247 | if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) |
| 248 | goto err; | ||
| 249 | } | ||
| 250 | |||
| 251 | if (!wvalue1) | ||
| 252 | if (BN_is_bit_set(p1, b)) | ||
| 136 | { | 253 | { |
| 137 | if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) | 254 | /* consider bits b-window1+1 .. b for this window */ |
| 138 | goto err; | 255 | i = b-window1+1; |
| 256 | while (!BN_is_bit_set(p1, i)) /* works for i<0 */ | ||
| 257 | i++; | ||
| 258 | wpos1 = i; | ||
| 259 | wvalue1 = 1; | ||
| 260 | for (i = b-1; i >= wpos1; i--) | ||
| 261 | { | ||
| 262 | wvalue1 <<= 1; | ||
| 263 | if (BN_is_bit_set(p1, i)) | ||
| 264 | wvalue1++; | ||
| 265 | } | ||
| 139 | } | 266 | } |
| 140 | wstart--; | 267 | |
| 141 | if (wstart < 0) break; | 268 | if (!wvalue2) |
| 142 | continue; | 269 | if (BN_is_bit_set(p2, b)) |
| 143 | } | ||
| 144 | /* We now have wstart on a 'set' bit, we now need to work out | ||
| 145 | * how bit a window to do. To do this we need to scan | ||
| 146 | * forward until the last set bit before the end of the | ||
| 147 | * window */ | ||
| 148 | j=wstart; | ||
| 149 | /* xvalue=BN_is_bit_set(p1,wstart); already set */ | ||
| 150 | /* yvalue=BN_is_bit_set(p1,wstart); already set */ | ||
| 151 | wend=0; | ||
| 152 | for (i=1; i<window; i++) | ||
| 153 | { | ||
| 154 | if (wstart-i < 0) break; | ||
| 155 | xvalue+=xvalue; | ||
| 156 | xvalue|=BN_is_bit_set(p1,wstart-i); | ||
| 157 | yvalue+=yvalue; | ||
| 158 | yvalue|=BN_is_bit_set(p2,wstart-i); | ||
| 159 | } | ||
| 160 | |||
| 161 | /* i is the size of the current window */ | ||
| 162 | /* add the 'bytes above' */ | ||
| 163 | if (!start) | ||
| 164 | for (j=0; j<i; j++) | ||
| 165 | { | 270 | { |
| 166 | if (!BN_mod_mul_montgomery(r,r,r,mont,ctx)) | 271 | /* consider bits b-window2+1 .. b for this window */ |
| 167 | goto err; | 272 | i = b-window2+1; |
| 273 | while (!BN_is_bit_set(p2, i)) | ||
| 274 | i++; | ||
| 275 | wpos2 = i; | ||
| 276 | wvalue2 = 1; | ||
| 277 | for (i = b-1; i >= wpos2; i--) | ||
| 278 | { | ||
| 279 | wvalue2 <<= 1; | ||
| 280 | if (BN_is_bit_set(p2, i)) | ||
| 281 | wvalue2++; | ||
| 282 | } | ||
| 168 | } | 283 | } |
| 284 | |||
| 285 | if (wvalue1 && b == wpos1) | ||
| 286 | { | ||
| 287 | /* wvalue1 is odd and < 2^window1 */ | ||
| 288 | if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx)) | ||
| 289 | goto err; | ||
| 290 | wvalue1 = 0; | ||
| 291 | r_is_one = 0; | ||
| 292 | } | ||
| 169 | 293 | ||
| 170 | /* wvalue will be an odd number < 2^window */ | 294 | if (wvalue2 && b == wpos2) |
| 171 | if (xvalue || yvalue) | ||
| 172 | { | 295 | { |
| 173 | if (!BN_mod_mul_montgomery(r,r,&(val[xvalue][yvalue]), | 296 | /* wvalue2 is odd and < 2^window2 */ |
| 174 | mont,ctx)) goto err; | 297 | if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx)) |
| 298 | goto err; | ||
| 299 | wvalue2 = 0; | ||
| 300 | r_is_one = 0; | ||
| 175 | } | 301 | } |
| 176 | |||
| 177 | /* move the 'window' down further */ | ||
| 178 | wstart-=i; | ||
| 179 | start=0; | ||
| 180 | if (wstart < 0) break; | ||
| 181 | } | 302 | } |
| 182 | BN_from_montgomery(rr,r,mont,ctx); | 303 | BN_from_montgomery(rr,r,mont,ctx); |
| 183 | ret=1; | 304 | ret=1; |
| 184 | err: | 305 | err: |
| 185 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); | 306 | if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont); |
| 186 | ctx->tos-=2; | 307 | BN_CTX_end(ctx); |
| 187 | for (i=0; i<ts; i++) | 308 | for (i=0; i<ts1; i++) |
| 188 | { | 309 | BN_clear_free(&(val1[i])); |
| 189 | for (j=0; j<ts; j++) | 310 | for (i=0; i<ts2; i++) |
| 190 | { | 311 | BN_clear_free(&(val2[i])); |
| 191 | BN_clear_free(&(val[i][j])); | ||
| 192 | } | ||
| 193 | } | ||
| 194 | return(ret); | 312 | return(ret); |
| 195 | } | 313 | } |
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c index 071bba3b4b..7649f63fd2 100644 --- a/src/lib/libcrypto/bn/bn_gcd.c +++ b/src/lib/libcrypto/bn/bn_gcd.c | |||
| @@ -55,29 +55,82 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | 112 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 113 | #include "bn_lcl.h" |
| 62 | 114 | ||
| 63 | #ifndef NOPROTO | ||
| 64 | static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); | 115 | static BIGNUM *euclid(BIGNUM *a, BIGNUM *b); |
| 65 | #else | ||
| 66 | static BIGNUM *euclid(); | ||
| 67 | #endif | ||
| 68 | 116 | ||
| 69 | int BN_gcd(r,in_a,in_b,ctx) | 117 | int BN_gcd(BIGNUM *r, const BIGNUM *in_a, const BIGNUM *in_b, BN_CTX *ctx) |
| 70 | BIGNUM *r,*in_a,*in_b; | ||
| 71 | BN_CTX *ctx; | ||
| 72 | { | 118 | { |
| 73 | BIGNUM *a,*b,*t; | 119 | BIGNUM *a,*b,*t; |
| 74 | int ret=0; | 120 | int ret=0; |
| 75 | 121 | ||
| 76 | a=ctx->bn[ctx->tos]; | 122 | bn_check_top(in_a); |
| 77 | b=ctx->bn[ctx->tos+1]; | 123 | bn_check_top(in_b); |
| 124 | |||
| 125 | BN_CTX_start(ctx); | ||
| 126 | a = BN_CTX_get(ctx); | ||
| 127 | b = BN_CTX_get(ctx); | ||
| 128 | if (a == NULL || b == NULL) goto err; | ||
| 78 | 129 | ||
| 79 | if (BN_copy(a,in_a) == NULL) goto err; | 130 | if (BN_copy(a,in_a) == NULL) goto err; |
| 80 | if (BN_copy(b,in_b) == NULL) goto err; | 131 | if (BN_copy(b,in_b) == NULL) goto err; |
| 132 | a->neg = 0; | ||
| 133 | b->neg = 0; | ||
| 81 | 134 | ||
| 82 | if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } | 135 | if (BN_cmp(a,b) < 0) { t=a; a=b; b=t; } |
| 83 | t=euclid(a,b); | 136 | t=euclid(a,b); |
| @@ -86,19 +139,22 @@ BN_CTX *ctx; | |||
| 86 | if (BN_copy(r,t) == NULL) goto err; | 139 | if (BN_copy(r,t) == NULL) goto err; |
| 87 | ret=1; | 140 | ret=1; |
| 88 | err: | 141 | err: |
| 142 | BN_CTX_end(ctx); | ||
| 89 | return(ret); | 143 | return(ret); |
| 90 | } | 144 | } |
| 91 | 145 | ||
| 92 | static BIGNUM *euclid(a,b) | 146 | static BIGNUM *euclid(BIGNUM *a, BIGNUM *b) |
| 93 | BIGNUM *a,*b; | ||
| 94 | { | 147 | { |
| 95 | BIGNUM *t; | 148 | BIGNUM *t; |
| 96 | int shifts=0; | 149 | int shifts=0; |
| 97 | 150 | ||
| 98 | for (;;) | 151 | bn_check_top(a); |
| 152 | bn_check_top(b); | ||
| 153 | |||
| 154 | /* 0 <= b <= a */ | ||
| 155 | while (!BN_is_zero(b)) | ||
| 99 | { | 156 | { |
| 100 | if (BN_is_zero(b)) | 157 | /* 0 < b <= a */ |
| 101 | break; | ||
| 102 | 158 | ||
| 103 | if (BN_is_odd(a)) | 159 | if (BN_is_odd(a)) |
| 104 | { | 160 | { |
| @@ -131,7 +187,9 @@ BIGNUM *a,*b; | |||
| 131 | shifts++; | 187 | shifts++; |
| 132 | } | 188 | } |
| 133 | } | 189 | } |
| 190 | /* 0 <= b <= a */ | ||
| 134 | } | 191 | } |
| 192 | |||
| 135 | if (shifts) | 193 | if (shifts) |
| 136 | { | 194 | { |
| 137 | if (!BN_lshift(a,a,shifts)) goto err; | 195 | if (!BN_lshift(a,a,shifts)) goto err; |
| @@ -141,54 +199,284 @@ err: | |||
| 141 | return(NULL); | 199 | return(NULL); |
| 142 | } | 200 | } |
| 143 | 201 | ||
| 202 | |||
| 144 | /* solves ax == 1 (mod n) */ | 203 | /* solves ax == 1 (mod n) */ |
| 145 | BIGNUM *BN_mod_inverse(a, n, ctx) | 204 | BIGNUM *BN_mod_inverse(BIGNUM *in, |
| 146 | BIGNUM *a; | 205 | const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) |
| 147 | BIGNUM *n; | ||
| 148 | BN_CTX *ctx; | ||
| 149 | { | 206 | { |
| 150 | BIGNUM *A,*B,*X,*Y,*M,*D,*R; | 207 | BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL; |
| 151 | BIGNUM *ret=NULL,*T; | 208 | BIGNUM *ret=NULL; |
| 152 | int sign; | 209 | int sign; |
| 153 | 210 | ||
| 154 | A=ctx->bn[ctx->tos]; | 211 | bn_check_top(a); |
| 155 | B=ctx->bn[ctx->tos+1]; | 212 | bn_check_top(n); |
| 156 | X=ctx->bn[ctx->tos+2]; | 213 | |
| 157 | D=ctx->bn[ctx->tos+3]; | 214 | BN_CTX_start(ctx); |
| 158 | M=ctx->bn[ctx->tos+4]; | 215 | A = BN_CTX_get(ctx); |
| 159 | Y=ctx->bn[ctx->tos+5]; | 216 | B = BN_CTX_get(ctx); |
| 160 | ctx->tos+=6; | 217 | X = BN_CTX_get(ctx); |
| 161 | R=BN_new(); | 218 | D = BN_CTX_get(ctx); |
| 219 | M = BN_CTX_get(ctx); | ||
| 220 | Y = BN_CTX_get(ctx); | ||
| 221 | T = BN_CTX_get(ctx); | ||
| 222 | if (T == NULL) goto err; | ||
| 223 | |||
| 224 | if (in == NULL) | ||
| 225 | R=BN_new(); | ||
| 226 | else | ||
| 227 | R=in; | ||
| 162 | if (R == NULL) goto err; | 228 | if (R == NULL) goto err; |
| 163 | 229 | ||
| 164 | BN_zero(X); | 230 | BN_one(X); |
| 165 | BN_one(Y); | 231 | BN_zero(Y); |
| 166 | if (BN_copy(A,a) == NULL) goto err; | 232 | if (BN_copy(B,a) == NULL) goto err; |
| 167 | if (BN_copy(B,n) == NULL) goto err; | 233 | if (BN_copy(A,n) == NULL) goto err; |
| 168 | sign=1; | 234 | A->neg = 0; |
| 235 | if (B->neg || (BN_ucmp(B, A) >= 0)) | ||
| 236 | { | ||
| 237 | if (!BN_nnmod(B, B, A, ctx)) goto err; | ||
| 238 | } | ||
| 239 | sign = -1; | ||
| 240 | /* From B = a mod |n|, A = |n| it follows that | ||
| 241 | * | ||
| 242 | * 0 <= B < A, | ||
| 243 | * -sign*X*a == B (mod |n|), | ||
| 244 | * sign*Y*a == A (mod |n|). | ||
| 245 | */ | ||
| 246 | |||
| 247 | if (BN_is_odd(n) && (BN_num_bits(n) <= (BN_BITS <= 32 ? 450 : 2048))) | ||
| 248 | { | ||
| 249 | /* Binary inversion algorithm; requires odd modulus. | ||
| 250 | * This is faster than the general algorithm if the modulus | ||
| 251 | * is sufficiently small (about 400 .. 500 bits on 32-bit | ||
| 252 | * sytems, but much more on 64-bit systems) */ | ||
| 253 | int shift; | ||
| 254 | |||
| 255 | while (!BN_is_zero(B)) | ||
| 256 | { | ||
| 257 | /* | ||
| 258 | * 0 < B < |n|, | ||
| 259 | * 0 < A <= |n|, | ||
| 260 | * (1) -sign*X*a == B (mod |n|), | ||
| 261 | * (2) sign*Y*a == A (mod |n|) | ||
| 262 | */ | ||
| 263 | |||
| 264 | /* Now divide B by the maximum possible power of two in the integers, | ||
| 265 | * and divide X by the same value mod |n|. | ||
| 266 | * When we're done, (1) still holds. */ | ||
| 267 | shift = 0; | ||
| 268 | while (!BN_is_bit_set(B, shift)) /* note that 0 < B */ | ||
| 269 | { | ||
| 270 | shift++; | ||
| 271 | |||
| 272 | if (BN_is_odd(X)) | ||
| 273 | { | ||
| 274 | if (!BN_uadd(X, X, n)) goto err; | ||
| 275 | } | ||
| 276 | /* now X is even, so we can easily divide it by two */ | ||
| 277 | if (!BN_rshift1(X, X)) goto err; | ||
| 278 | } | ||
| 279 | if (shift > 0) | ||
| 280 | { | ||
| 281 | if (!BN_rshift(B, B, shift)) goto err; | ||
| 282 | } | ||
| 283 | |||
| 169 | 284 | ||
| 170 | while (!BN_is_zero(B)) | 285 | /* Same for A and Y. Afterwards, (2) still holds. */ |
| 286 | shift = 0; | ||
| 287 | while (!BN_is_bit_set(A, shift)) /* note that 0 < A */ | ||
| 288 | { | ||
| 289 | shift++; | ||
| 290 | |||
| 291 | if (BN_is_odd(Y)) | ||
| 292 | { | ||
| 293 | if (!BN_uadd(Y, Y, n)) goto err; | ||
| 294 | } | ||
| 295 | /* now Y is even */ | ||
| 296 | if (!BN_rshift1(Y, Y)) goto err; | ||
| 297 | } | ||
| 298 | if (shift > 0) | ||
| 299 | { | ||
| 300 | if (!BN_rshift(A, A, shift)) goto err; | ||
| 301 | } | ||
| 302 | |||
| 303 | |||
| 304 | /* We still have (1) and (2). | ||
| 305 | * Both A and B are odd. | ||
| 306 | * The following computations ensure that | ||
| 307 | * | ||
| 308 | * 0 <= B < |n|, | ||
| 309 | * 0 < A < |n|, | ||
| 310 | * (1) -sign*X*a == B (mod |n|), | ||
| 311 | * (2) sign*Y*a == A (mod |n|), | ||
| 312 | * | ||
| 313 | * and that either A or B is even in the next iteration. | ||
| 314 | */ | ||
| 315 | if (BN_ucmp(B, A) >= 0) | ||
| 316 | { | ||
| 317 | /* -sign*(X + Y)*a == B - A (mod |n|) */ | ||
| 318 | if (!BN_uadd(X, X, Y)) goto err; | ||
| 319 | /* NB: we could use BN_mod_add_quick(X, X, Y, n), but that | ||
| 320 | * actually makes the algorithm slower */ | ||
| 321 | if (!BN_usub(B, B, A)) goto err; | ||
| 322 | } | ||
| 323 | else | ||
| 324 | { | ||
| 325 | /* sign*(X + Y)*a == A - B (mod |n|) */ | ||
| 326 | if (!BN_uadd(Y, Y, X)) goto err; | ||
| 327 | /* as above, BN_mod_add_quick(Y, Y, X, n) would slow things down */ | ||
| 328 | if (!BN_usub(A, A, B)) goto err; | ||
| 329 | } | ||
| 330 | } | ||
| 331 | } | ||
| 332 | else | ||
| 171 | { | 333 | { |
| 172 | if (!BN_div(D,M,A,B,ctx)) goto err; | 334 | /* general inversion algorithm */ |
| 173 | T=A; | 335 | |
| 174 | A=B; | 336 | while (!BN_is_zero(B)) |
| 175 | B=M; | 337 | { |
| 176 | /* T has a struct, M does not */ | 338 | BIGNUM *tmp; |
| 177 | 339 | ||
| 178 | if (!BN_mul(T,D,X)) goto err; | 340 | /* |
| 179 | if (!BN_add(T,T,Y)) goto err; | 341 | * 0 < B < A, |
| 180 | M=Y; | 342 | * (*) -sign*X*a == B (mod |n|), |
| 181 | Y=X; | 343 | * sign*Y*a == A (mod |n|) |
| 182 | X=T; | 344 | */ |
| 183 | sign= -sign; | 345 | |
| 346 | /* (D, M) := (A/B, A%B) ... */ | ||
| 347 | if (BN_num_bits(A) == BN_num_bits(B)) | ||
| 348 | { | ||
| 349 | if (!BN_one(D)) goto err; | ||
| 350 | if (!BN_sub(M,A,B)) goto err; | ||
| 351 | } | ||
| 352 | else if (BN_num_bits(A) == BN_num_bits(B) + 1) | ||
| 353 | { | ||
| 354 | /* A/B is 1, 2, or 3 */ | ||
| 355 | if (!BN_lshift1(T,B)) goto err; | ||
| 356 | if (BN_ucmp(A,T) < 0) | ||
| 357 | { | ||
| 358 | /* A < 2*B, so D=1 */ | ||
| 359 | if (!BN_one(D)) goto err; | ||
| 360 | if (!BN_sub(M,A,B)) goto err; | ||
| 361 | } | ||
| 362 | else | ||
| 363 | { | ||
| 364 | /* A >= 2*B, so D=2 or D=3 */ | ||
| 365 | if (!BN_sub(M,A,T)) goto err; | ||
| 366 | if (!BN_add(D,T,B)) goto err; /* use D (:= 3*B) as temp */ | ||
| 367 | if (BN_ucmp(A,D) < 0) | ||
| 368 | { | ||
| 369 | /* A < 3*B, so D=2 */ | ||
| 370 | if (!BN_set_word(D,2)) goto err; | ||
| 371 | /* M (= A - 2*B) already has the correct value */ | ||
| 372 | } | ||
| 373 | else | ||
| 374 | { | ||
| 375 | /* only D=3 remains */ | ||
| 376 | if (!BN_set_word(D,3)) goto err; | ||
| 377 | /* currently M = A - 2*B, but we need M = A - 3*B */ | ||
| 378 | if (!BN_sub(M,M,B)) goto err; | ||
| 379 | } | ||
| 380 | } | ||
| 381 | } | ||
| 382 | else | ||
| 383 | { | ||
| 384 | if (!BN_div(D,M,A,B,ctx)) goto err; | ||
| 385 | } | ||
| 386 | |||
| 387 | /* Now | ||
| 388 | * A = D*B + M; | ||
| 389 | * thus we have | ||
| 390 | * (**) sign*Y*a == D*B + M (mod |n|). | ||
| 391 | */ | ||
| 392 | |||
| 393 | tmp=A; /* keep the BIGNUM object, the value does not matter */ | ||
| 394 | |||
| 395 | /* (A, B) := (B, A mod B) ... */ | ||
| 396 | A=B; | ||
| 397 | B=M; | ||
| 398 | /* ... so we have 0 <= B < A again */ | ||
| 399 | |||
| 400 | /* Since the former M is now B and the former B is now A, | ||
| 401 | * (**) translates into | ||
| 402 | * sign*Y*a == D*A + B (mod |n|), | ||
| 403 | * i.e. | ||
| 404 | * sign*Y*a - D*A == B (mod |n|). | ||
| 405 | * Similarly, (*) translates into | ||
| 406 | * -sign*X*a == A (mod |n|). | ||
| 407 | * | ||
| 408 | * Thus, | ||
| 409 | * sign*Y*a + D*sign*X*a == B (mod |n|), | ||
| 410 | * i.e. | ||
| 411 | * sign*(Y + D*X)*a == B (mod |n|). | ||
| 412 | * | ||
| 413 | * So if we set (X, Y, sign) := (Y + D*X, X, -sign), we arrive back at | ||
| 414 | * -sign*X*a == B (mod |n|), | ||
| 415 | * sign*Y*a == A (mod |n|). | ||
| 416 | * Note that X and Y stay non-negative all the time. | ||
| 417 | */ | ||
| 418 | |||
| 419 | /* most of the time D is very small, so we can optimize tmp := D*X+Y */ | ||
| 420 | if (BN_is_one(D)) | ||
| 421 | { | ||
| 422 | if (!BN_add(tmp,X,Y)) goto err; | ||
| 423 | } | ||
| 424 | else | ||
| 425 | { | ||
| 426 | if (BN_is_word(D,2)) | ||
| 427 | { | ||
| 428 | if (!BN_lshift1(tmp,X)) goto err; | ||
| 429 | } | ||
| 430 | else if (BN_is_word(D,4)) | ||
| 431 | { | ||
| 432 | if (!BN_lshift(tmp,X,2)) goto err; | ||
| 433 | } | ||
| 434 | else if (D->top == 1) | ||
| 435 | { | ||
| 436 | if (!BN_copy(tmp,X)) goto err; | ||
| 437 | if (!BN_mul_word(tmp,D->d[0])) goto err; | ||
| 438 | } | ||
| 439 | else | ||
| 440 | { | ||
| 441 | if (!BN_mul(tmp,D,X,ctx)) goto err; | ||
| 442 | } | ||
| 443 | if (!BN_add(tmp,tmp,Y)) goto err; | ||
| 444 | } | ||
| 445 | |||
| 446 | M=Y; /* keep the BIGNUM object, the value does not matter */ | ||
| 447 | Y=X; | ||
| 448 | X=tmp; | ||
| 449 | sign = -sign; | ||
| 450 | } | ||
| 184 | } | 451 | } |
| 452 | |||
| 453 | /* | ||
| 454 | * The while loop (Euclid's algorithm) ends when | ||
| 455 | * A == gcd(a,n); | ||
| 456 | * we have | ||
| 457 | * sign*Y*a == A (mod |n|), | ||
| 458 | * where Y is non-negative. | ||
| 459 | */ | ||
| 460 | |||
| 185 | if (sign < 0) | 461 | if (sign < 0) |
| 186 | { | 462 | { |
| 187 | if (!BN_sub(Y,n,Y)) goto err; | 463 | if (!BN_sub(Y,n,Y)) goto err; |
| 188 | } | 464 | } |
| 465 | /* Now Y*a == A (mod |n|). */ | ||
| 466 | |||
| 189 | 467 | ||
| 190 | if (BN_is_one(A)) | 468 | if (BN_is_one(A)) |
| 191 | { if (!BN_mod(R,Y,n,ctx)) goto err; } | 469 | { |
| 470 | /* Y*a == 1 (mod |n|) */ | ||
| 471 | if (!Y->neg && BN_ucmp(Y,n) < 0) | ||
| 472 | { | ||
| 473 | if (!BN_copy(R,Y)) goto err; | ||
| 474 | } | ||
| 475 | else | ||
| 476 | { | ||
| 477 | if (!BN_nnmod(R,Y,n,ctx)) goto err; | ||
| 478 | } | ||
| 479 | } | ||
| 192 | else | 480 | else |
| 193 | { | 481 | { |
| 194 | BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); | 482 | BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE); |
| @@ -196,8 +484,7 @@ BN_CTX *ctx; | |||
| 196 | } | 484 | } |
| 197 | ret=R; | 485 | ret=R; |
| 198 | err: | 486 | err: |
| 199 | if ((ret == NULL) && (R != NULL)) BN_free(R); | 487 | if ((ret == NULL) && (in == NULL)) BN_free(R); |
| 200 | ctx->tos-=6; | 488 | BN_CTX_end(ctx); |
| 201 | return(ret); | 489 | return(ret); |
| 202 | } | 490 | } |
| 203 | |||
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h index edfd788338..8a4dba375a 100644 --- a/src/lib/libcrypto/bn/bn_lcl.h +++ b/src/lib/libcrypto/bn/bn_lcl.h | |||
| @@ -55,30 +55,228 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #ifndef HEADER_BN_LCL_H | 112 | #ifndef HEADER_BN_LCL_H |
| 60 | #define HEADER_BN_LCL_H | 113 | #define HEADER_BN_LCL_H |
| 61 | 114 | ||
| 62 | #include "bn.h" | 115 | #include <openssl/bn.h> |
| 63 | 116 | ||
| 64 | #ifdef __cplusplus | 117 | #ifdef __cplusplus |
| 65 | extern "C" { | 118 | extern "C" { |
| 66 | #endif | 119 | #endif |
| 67 | 120 | ||
| 121 | |||
| 122 | /* Used for temp variables */ | ||
| 123 | #define BN_CTX_NUM 32 | ||
| 124 | #define BN_CTX_NUM_POS 12 | ||
| 125 | struct bignum_ctx | ||
| 126 | { | ||
| 127 | int tos; | ||
| 128 | BIGNUM bn[BN_CTX_NUM]; | ||
| 129 | int flags; | ||
| 130 | int depth; | ||
| 131 | int pos[BN_CTX_NUM_POS]; | ||
| 132 | int too_many; | ||
| 133 | } /* BN_CTX */; | ||
| 134 | |||
| 135 | |||
| 136 | /* | ||
| 137 | * BN_window_bits_for_exponent_size -- macro for sliding window mod_exp functions | ||
| 138 | * | ||
| 139 | * | ||
| 140 | * For window size 'w' (w >= 2) and a random 'b' bits exponent, | ||
| 141 | * the number of multiplications is a constant plus on average | ||
| 142 | * | ||
| 143 | * 2^(w-1) + (b-w)/(w+1); | ||
| 144 | * | ||
| 145 | * here 2^(w-1) is for precomputing the table (we actually need | ||
| 146 | * entries only for windows that have the lowest bit set), and | ||
| 147 | * (b-w)/(w+1) is an approximation for the expected number of | ||
| 148 | * w-bit windows, not counting the first one. | ||
| 149 | * | ||
| 150 | * Thus we should use | ||
| 151 | * | ||
| 152 | * w >= 6 if b > 671 | ||
| 153 | * w = 5 if 671 > b > 239 | ||
| 154 | * w = 4 if 239 > b > 79 | ||
| 155 | * w = 3 if 79 > b > 23 | ||
| 156 | * w <= 2 if 23 > b | ||
| 157 | * | ||
| 158 | * (with draws in between). Very small exponents are often selected | ||
| 159 | * with low Hamming weight, so we use w = 1 for b <= 23. | ||
| 160 | */ | ||
| 161 | #if 1 | ||
| 162 | #define BN_window_bits_for_exponent_size(b) \ | ||
| 163 | ((b) > 671 ? 6 : \ | ||
| 164 | (b) > 239 ? 5 : \ | ||
| 165 | (b) > 79 ? 4 : \ | ||
| 166 | (b) > 23 ? 3 : 1) | ||
| 167 | #else | ||
| 168 | /* Old SSLeay/OpenSSL table. | ||
| 169 | * Maximum window size was 5, so this table differs for b==1024; | ||
| 170 | * but it coincides for other interesting values (b==160, b==512). | ||
| 171 | */ | ||
| 172 | #define BN_window_bits_for_exponent_size(b) \ | ||
| 173 | ((b) > 255 ? 5 : \ | ||
| 174 | (b) > 127 ? 4 : \ | ||
| 175 | (b) > 17 ? 3 : 1) | ||
| 176 | #endif | ||
| 177 | |||
| 178 | |||
| 179 | |||
| 180 | /* Pentium pro 16,16,16,32,64 */ | ||
| 181 | /* Alpha 16,16,16,16.64 */ | ||
| 182 | #define BN_MULL_SIZE_NORMAL (16) /* 32 */ | ||
| 183 | #define BN_MUL_RECURSIVE_SIZE_NORMAL (16) /* 32 less than */ | ||
| 184 | #define BN_SQR_RECURSIVE_SIZE_NORMAL (16) /* 32 */ | ||
| 185 | #define BN_MUL_LOW_RECURSIVE_SIZE_NORMAL (32) /* 32 */ | ||
| 186 | #define BN_MONT_CTX_SET_SIZE_WORD (64) /* 32 */ | ||
| 187 | |||
| 188 | #if !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) && !defined(PEDANTIC) | ||
| 189 | /* | ||
| 190 | * BN_UMULT_HIGH section. | ||
| 191 | * | ||
| 192 | * No, I'm not trying to overwhelm you when stating that the | ||
| 193 | * product of N-bit numbers is 2*N bits wide:-) No, I don't expect | ||
| 194 | * you to be impressed when I say that if the compiler doesn't | ||
| 195 | * support 2*N integer type, then you have to replace every N*N | ||
| 196 | * multiplication with 4 (N/2)*(N/2) accompanied by some shifts | ||
| 197 | * and additions which unavoidably results in severe performance | ||
| 198 | * penalties. Of course provided that the hardware is capable of | ||
| 199 | * producing 2*N result... That's when you normally start | ||
| 200 | * considering assembler implementation. However! It should be | ||
| 201 | * pointed out that some CPUs (most notably Alpha, PowerPC and | ||
| 202 | * upcoming IA-64 family:-) provide *separate* instruction | ||
| 203 | * calculating the upper half of the product placing the result | ||
| 204 | * into a general purpose register. Now *if* the compiler supports | ||
| 205 | * inline assembler, then it's not impossible to implement the | ||
| 206 | * "bignum" routines (and have the compiler optimize 'em) | ||
| 207 | * exhibiting "native" performance in C. That's what BN_UMULT_HIGH | ||
| 208 | * macro is about:-) | ||
| 209 | * | ||
| 210 | * <appro@fy.chalmers.se> | ||
| 211 | */ | ||
| 212 | # if defined(__alpha) && (defined(SIXTY_FOUR_BIT_LONG) || defined(SIXTY_FOUR_BIT)) | ||
| 213 | # if defined(__DECC) | ||
| 214 | # include <c_asm.h> | ||
| 215 | # define BN_UMULT_HIGH(a,b) (BN_ULONG)asm("umulh %a0,%a1,%v0",(a),(b)) | ||
| 216 | # elif defined(__GNUC__) | ||
| 217 | # define BN_UMULT_HIGH(a,b) ({ \ | ||
| 218 | register BN_ULONG ret; \ | ||
| 219 | asm ("umulh %1,%2,%0" \ | ||
| 220 | : "=r"(ret) \ | ||
| 221 | : "r"(a), "r"(b)); \ | ||
| 222 | ret; }) | ||
| 223 | # endif /* compiler */ | ||
| 224 | # elif defined(_ARCH_PPC) && defined(__64BIT__) && defined(SIXTY_FOUR_BIT_LONG) | ||
| 225 | # if defined(__GNUC__) | ||
| 226 | # define BN_UMULT_HIGH(a,b) ({ \ | ||
| 227 | register BN_ULONG ret; \ | ||
| 228 | asm ("mulhdu %0,%1,%2" \ | ||
| 229 | : "=r"(ret) \ | ||
| 230 | : "r"(a), "r"(b)); \ | ||
| 231 | ret; }) | ||
| 232 | # endif /* compiler */ | ||
| 233 | # endif /* cpu */ | ||
| 234 | #endif /* OPENSSL_NO_ASM */ | ||
| 235 | |||
| 68 | /************************************************************* | 236 | /************************************************************* |
| 69 | * Using the long long type | 237 | * Using the long long type |
| 70 | */ | 238 | */ |
| 71 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) | 239 | #define Lw(t) (((BN_ULONG)(t))&BN_MASK2) |
| 72 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) | 240 | #define Hw(t) (((BN_ULONG)((t)>>BN_BITS2))&BN_MASK2) |
| 73 | 241 | ||
| 74 | #define bn_fix_top(a) \ | 242 | /* This is used for internal error checking and is not normally used */ |
| 75 | { \ | 243 | #ifdef BN_DEBUG |
| 76 | BN_ULONG *fix_top_l; \ | 244 | # include <assert.h> |
| 77 | for (fix_top_l= &((a)->d[(a)->top-1]); (a)->top > 0; (a)->top--) \ | 245 | # define bn_check_top(a) assert ((a)->top >= 0 && (a)->top <= (a)->dmax); |
| 78 | if (*(fix_top_l--)) break; \ | 246 | #else |
| 247 | # define bn_check_top(a) | ||
| 248 | #endif | ||
| 249 | |||
| 250 | /* This macro is to add extra stuff for development checking */ | ||
| 251 | #ifdef BN_DEBUG | ||
| 252 | #define bn_set_max(r) ((r)->max=(r)->top,BN_set_flags((r),BN_FLG_STATIC_DATA)) | ||
| 253 | #else | ||
| 254 | #define bn_set_max(r) | ||
| 255 | #endif | ||
| 256 | |||
| 257 | /* These macros are used to 'take' a section of a bignum for read only use */ | ||
| 258 | #define bn_set_low(r,a,n) \ | ||
| 259 | { \ | ||
| 260 | (r)->top=((a)->top > (n))?(n):(a)->top; \ | ||
| 261 | (r)->d=(a)->d; \ | ||
| 262 | (r)->neg=(a)->neg; \ | ||
| 263 | (r)->flags|=BN_FLG_STATIC_DATA; \ | ||
| 264 | bn_set_max(r); \ | ||
| 79 | } | 265 | } |
| 80 | 266 | ||
| 81 | /* #define bn_expand(n,b) ((((b)/BN_BITS2) <= (n)->max)?(n):bn_expand2((n),(b))) */ | 267 | #define bn_set_high(r,a,n) \ |
| 268 | { \ | ||
| 269 | if ((a)->top > (n)) \ | ||
| 270 | { \ | ||
| 271 | (r)->top=(a)->top-n; \ | ||
| 272 | (r)->d= &((a)->d[n]); \ | ||
| 273 | } \ | ||
| 274 | else \ | ||
| 275 | (r)->top=0; \ | ||
| 276 | (r)->neg=(a)->neg; \ | ||
| 277 | (r)->flags|=BN_FLG_STATIC_DATA; \ | ||
| 278 | bn_set_max(r); \ | ||
| 279 | } | ||
| 82 | 280 | ||
| 83 | #ifdef BN_LLONG | 281 | #ifdef BN_LLONG |
| 84 | #define mul_add(r,a,w,c) { \ | 282 | #define mul_add(r,a,w,c) { \ |
| @@ -95,6 +293,43 @@ extern "C" { | |||
| 95 | (c)= Hw(t); \ | 293 | (c)= Hw(t); \ |
| 96 | } | 294 | } |
| 97 | 295 | ||
| 296 | #define sqr(r0,r1,a) { \ | ||
| 297 | BN_ULLONG t; \ | ||
| 298 | t=(BN_ULLONG)(a)*(a); \ | ||
| 299 | (r0)=Lw(t); \ | ||
| 300 | (r1)=Hw(t); \ | ||
| 301 | } | ||
| 302 | |||
| 303 | #elif defined(BN_UMULT_HIGH) | ||
| 304 | #define mul_add(r,a,w,c) { \ | ||
| 305 | BN_ULONG high,low,ret,tmp=(a); \ | ||
| 306 | ret = (r); \ | ||
| 307 | high= BN_UMULT_HIGH(w,tmp); \ | ||
| 308 | ret += (c); \ | ||
| 309 | low = (w) * tmp; \ | ||
| 310 | (c) = (ret<(c))?1:0; \ | ||
| 311 | (c) += high; \ | ||
| 312 | ret += low; \ | ||
| 313 | (c) += (ret<low)?1:0; \ | ||
| 314 | (r) = ret; \ | ||
| 315 | } | ||
| 316 | |||
| 317 | #define mul(r,a,w,c) { \ | ||
| 318 | BN_ULONG high,low,ret,ta=(a); \ | ||
| 319 | low = (w) * ta; \ | ||
| 320 | high= BN_UMULT_HIGH(w,ta); \ | ||
| 321 | ret = low + (c); \ | ||
| 322 | (c) = high; \ | ||
| 323 | (c) += (ret<low)?1:0; \ | ||
| 324 | (r) = ret; \ | ||
| 325 | } | ||
| 326 | |||
| 327 | #define sqr(r0,r1,a) { \ | ||
| 328 | BN_ULONG tmp=(a); \ | ||
| 329 | (r0) = tmp * tmp; \ | ||
| 330 | (r1) = BN_UMULT_HIGH(tmp,tmp); \ | ||
| 331 | } | ||
| 332 | |||
| 98 | #else | 333 | #else |
| 99 | /************************************************************* | 334 | /************************************************************* |
| 100 | * No long long type | 335 | * No long long type |
| @@ -172,25 +407,31 @@ extern "C" { | |||
| 172 | (c)=h&BN_MASK2; \ | 407 | (c)=h&BN_MASK2; \ |
| 173 | (r)=l&BN_MASK2; \ | 408 | (r)=l&BN_MASK2; \ |
| 174 | } | 409 | } |
| 410 | #endif /* !BN_LLONG */ | ||
| 175 | 411 | ||
| 176 | #endif | 412 | void bn_mul_normal(BN_ULONG *r,BN_ULONG *a,int na,BN_ULONG *b,int nb); |
| 177 | 413 | void bn_mul_comba8(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); | |
| 178 | #ifndef NOPROTO | 414 | void bn_mul_comba4(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b); |
| 179 | 415 | void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp); | |
| 180 | BIGNUM *bn_expand2(BIGNUM *b, int bits); | 416 | void bn_sqr_comba8(BN_ULONG *r,const BN_ULONG *a); |
| 181 | 417 | void bn_sqr_comba4(BN_ULONG *r,const BN_ULONG *a); | |
| 182 | #ifdef X86_ASM | 418 | int bn_cmp_words(const BN_ULONG *a,const BN_ULONG *b,int n); |
| 183 | void bn_add_words(BN_ULONG *r,BN_ULONG *a,int num); | 419 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, |
| 184 | #endif | 420 | int cl, int dl); |
| 185 | 421 | void bn_mul_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, | |
| 186 | #else | 422 | int dna,int dnb,BN_ULONG *t); |
| 187 | 423 | void bn_mul_part_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, | |
| 188 | BIGNUM *bn_expand2(); | 424 | int n,int tna,int tnb,BN_ULONG *t); |
| 189 | #ifdef X86_ASM | 425 | void bn_sqr_recursive(BN_ULONG *r,const BN_ULONG *a, int n2, BN_ULONG *t); |
| 190 | BN_ULONG bn_add_words(); | 426 | void bn_mul_low_normal(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b, int n); |
| 191 | #endif | 427 | void bn_mul_low_recursive(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,int n2, |
| 192 | 428 | BN_ULONG *t); | |
| 193 | #endif | 429 | void bn_mul_high(BN_ULONG *r,BN_ULONG *a,BN_ULONG *b,BN_ULONG *l,int n2, |
| 430 | BN_ULONG *t); | ||
| 431 | BN_ULONG bn_add_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, | ||
| 432 | int cl, int dl); | ||
| 433 | BN_ULONG bn_sub_part_words(BN_ULONG *r, const BN_ULONG *a, const BN_ULONG *b, | ||
| 434 | int cl, int dl); | ||
| 194 | 435 | ||
| 195 | #ifdef __cplusplus | 436 | #ifdef __cplusplus |
| 196 | } | 437 | } |
diff --git a/src/lib/libcrypto/bn/bn_lib.c b/src/lib/libcrypto/bn/bn_lib.c index bfe7628ad4..a016cb7f53 100644 --- a/src/lib/libcrypto/bn/bn_lib.c +++ b/src/lib/libcrypto/bn/bn_lib.c | |||
| @@ -56,13 +56,79 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef BN_DEBUG | ||
| 60 | # undef NDEBUG /* avoid conflicting definitions */ | ||
| 61 | # define NDEBUG | ||
| 62 | #endif | ||
| 63 | |||
| 64 | #include <assert.h> | ||
| 65 | #include <limits.h> | ||
| 59 | #include <stdio.h> | 66 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 67 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 68 | #include "bn_lcl.h" |
| 62 | 69 | ||
| 63 | char *BN_version="Big Number part of SSLeay 0.9.0b 29-Jun-1998"; | 70 | const char *BN_version="Big Number" OPENSSL_VERSION_PTEXT; |
| 64 | 71 | ||
| 65 | BIGNUM *BN_value_one() | 72 | /* For a 32 bit machine |
| 73 | * 2 - 4 == 128 | ||
| 74 | * 3 - 8 == 256 | ||
| 75 | * 4 - 16 == 512 | ||
| 76 | * 5 - 32 == 1024 | ||
| 77 | * 6 - 64 == 2048 | ||
| 78 | * 7 - 128 == 4096 | ||
| 79 | * 8 - 256 == 8192 | ||
| 80 | */ | ||
| 81 | static int bn_limit_bits=0; | ||
| 82 | static int bn_limit_num=8; /* (1<<bn_limit_bits) */ | ||
| 83 | static int bn_limit_bits_low=0; | ||
| 84 | static int bn_limit_num_low=8; /* (1<<bn_limit_bits_low) */ | ||
| 85 | static int bn_limit_bits_high=0; | ||
| 86 | static int bn_limit_num_high=8; /* (1<<bn_limit_bits_high) */ | ||
| 87 | static int bn_limit_bits_mont=0; | ||
| 88 | static int bn_limit_num_mont=8; /* (1<<bn_limit_bits_mont) */ | ||
| 89 | |||
| 90 | void BN_set_params(int mult, int high, int low, int mont) | ||
| 91 | { | ||
| 92 | if (mult >= 0) | ||
| 93 | { | ||
| 94 | if (mult > (sizeof(int)*8)-1) | ||
| 95 | mult=sizeof(int)*8-1; | ||
| 96 | bn_limit_bits=mult; | ||
| 97 | bn_limit_num=1<<mult; | ||
| 98 | } | ||
| 99 | if (high >= 0) | ||
| 100 | { | ||
| 101 | if (high > (sizeof(int)*8)-1) | ||
| 102 | high=sizeof(int)*8-1; | ||
| 103 | bn_limit_bits_high=high; | ||
| 104 | bn_limit_num_high=1<<high; | ||
| 105 | } | ||
| 106 | if (low >= 0) | ||
| 107 | { | ||
| 108 | if (low > (sizeof(int)*8)-1) | ||
| 109 | low=sizeof(int)*8-1; | ||
| 110 | bn_limit_bits_low=low; | ||
| 111 | bn_limit_num_low=1<<low; | ||
| 112 | } | ||
| 113 | if (mont >= 0) | ||
| 114 | { | ||
| 115 | if (mont > (sizeof(int)*8)-1) | ||
| 116 | mont=sizeof(int)*8-1; | ||
| 117 | bn_limit_bits_mont=mont; | ||
| 118 | bn_limit_num_mont=1<<mont; | ||
| 119 | } | ||
| 120 | } | ||
| 121 | |||
| 122 | int BN_get_params(int which) | ||
| 123 | { | ||
| 124 | if (which == 0) return(bn_limit_bits); | ||
| 125 | else if (which == 1) return(bn_limit_bits_high); | ||
| 126 | else if (which == 2) return(bn_limit_bits_low); | ||
| 127 | else if (which == 3) return(bn_limit_bits_mont); | ||
| 128 | else return(0); | ||
| 129 | } | ||
| 130 | |||
| 131 | const BIGNUM *BN_value_one(void) | ||
| 66 | { | 132 | { |
| 67 | static BN_ULONG data_one=1L; | 133 | static BN_ULONG data_one=1L; |
| 68 | static BIGNUM const_one={&data_one,1,1,0}; | 134 | static BIGNUM const_one={&data_one,1,1,0}; |
| @@ -70,7 +136,7 @@ BIGNUM *BN_value_one() | |||
| 70 | return(&const_one); | 136 | return(&const_one); |
| 71 | } | 137 | } |
| 72 | 138 | ||
| 73 | char *BN_options() | 139 | char *BN_options(void) |
| 74 | { | 140 | { |
| 75 | static int init=0; | 141 | static int init=0; |
| 76 | static char data[16]; | 142 | static char data[16]; |
| @@ -89,10 +155,9 @@ char *BN_options() | |||
| 89 | return(data); | 155 | return(data); |
| 90 | } | 156 | } |
| 91 | 157 | ||
| 92 | int BN_num_bits_word(l) | 158 | int BN_num_bits_word(BN_ULONG l) |
| 93 | BN_ULONG l; | ||
| 94 | { | 159 | { |
| 95 | static char bits[256]={ | 160 | static const char bits[256]={ |
| 96 | 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, | 161 | 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4, |
| 97 | 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, | 162 | 5,5,5,5,5,5,5,5,5,5,5,5,5,5,5,5, |
| 98 | 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, | 163 | 6,6,6,6,6,6,6,6,6,6,6,6,6,6,6,6, |
| @@ -111,24 +176,24 @@ BN_ULONG l; | |||
| 111 | 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, | 176 | 8,8,8,8,8,8,8,8,8,8,8,8,8,8,8,8, |
| 112 | }; | 177 | }; |
| 113 | 178 | ||
| 114 | #ifdef SIXTY_FOUR_BIT_LONG | 179 | #if defined(SIXTY_FOUR_BIT_LONG) |
| 115 | if (l & 0xffffffff00000000L) | 180 | if (l & 0xffffffff00000000L) |
| 116 | { | 181 | { |
| 117 | if (l & 0xffff000000000000L) | 182 | if (l & 0xffff000000000000L) |
| 118 | { | 183 | { |
| 119 | if (l & 0xff00000000000000L) | 184 | if (l & 0xff00000000000000L) |
| 120 | { | 185 | { |
| 121 | return(bits[l>>56]+56); | 186 | return(bits[(int)(l>>56)]+56); |
| 122 | } | 187 | } |
| 123 | else return(bits[l>>48]+48); | 188 | else return(bits[(int)(l>>48)]+48); |
| 124 | } | 189 | } |
| 125 | else | 190 | else |
| 126 | { | 191 | { |
| 127 | if (l & 0x0000ff0000000000L) | 192 | if (l & 0x0000ff0000000000L) |
| 128 | { | 193 | { |
| 129 | return(bits[l>>40]+40); | 194 | return(bits[(int)(l>>40)]+40); |
| 130 | } | 195 | } |
| 131 | else return(bits[l>>32]+32); | 196 | else return(bits[(int)(l>>32)]+32); |
| 132 | } | 197 | } |
| 133 | } | 198 | } |
| 134 | else | 199 | else |
| @@ -140,17 +205,17 @@ BN_ULONG l; | |||
| 140 | { | 205 | { |
| 141 | if (l & 0xff00000000000000LL) | 206 | if (l & 0xff00000000000000LL) |
| 142 | { | 207 | { |
| 143 | return(bits[l>>56]+56); | 208 | return(bits[(int)(l>>56)]+56); |
| 144 | } | 209 | } |
| 145 | else return(bits[l>>48]+48); | 210 | else return(bits[(int)(l>>48)]+48); |
| 146 | } | 211 | } |
| 147 | else | 212 | else |
| 148 | { | 213 | { |
| 149 | if (l & 0x0000ff0000000000LL) | 214 | if (l & 0x0000ff0000000000LL) |
| 150 | { | 215 | { |
| 151 | return(bits[l>>40]+40); | 216 | return(bits[(int)(l>>40)]+40); |
| 152 | } | 217 | } |
| 153 | else return(bits[l>>32]+32); | 218 | else return(bits[(int)(l>>32)]+32); |
| 154 | } | 219 | } |
| 155 | } | 220 | } |
| 156 | else | 221 | else |
| @@ -161,161 +226,256 @@ BN_ULONG l; | |||
| 161 | if (l & 0xffff0000L) | 226 | if (l & 0xffff0000L) |
| 162 | { | 227 | { |
| 163 | if (l & 0xff000000L) | 228 | if (l & 0xff000000L) |
| 164 | return(bits[l>>24L]+24); | 229 | return(bits[(int)(l>>24L)]+24); |
| 165 | else return(bits[l>>16L]+16); | 230 | else return(bits[(int)(l>>16L)]+16); |
| 166 | } | 231 | } |
| 167 | else | 232 | else |
| 168 | #endif | 233 | #endif |
| 169 | { | 234 | { |
| 170 | #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) | 235 | #if defined(SIXTEEN_BIT) || defined(THIRTY_TWO_BIT) || defined(SIXTY_FOUR_BIT) || defined(SIXTY_FOUR_BIT_LONG) |
| 171 | if (l & 0xff00L) | 236 | if (l & 0xff00L) |
| 172 | return(bits[l>>8]+8); | 237 | return(bits[(int)(l>>8)]+8); |
| 173 | else | 238 | else |
| 174 | #endif | 239 | #endif |
| 175 | return(bits[l ] ); | 240 | return(bits[(int)(l )] ); |
| 176 | } | 241 | } |
| 177 | } | 242 | } |
| 178 | } | 243 | } |
| 179 | 244 | ||
| 180 | int BN_num_bits(a) | 245 | int BN_num_bits(const BIGNUM *a) |
| 181 | BIGNUM *a; | ||
| 182 | { | 246 | { |
| 183 | BN_ULONG l; | 247 | BN_ULONG l; |
| 184 | int i; | 248 | int i; |
| 185 | 249 | ||
| 250 | bn_check_top(a); | ||
| 251 | |||
| 186 | if (a->top == 0) return(0); | 252 | if (a->top == 0) return(0); |
| 187 | l=a->d[a->top-1]; | 253 | l=a->d[a->top-1]; |
| 254 | assert(l != 0); | ||
| 188 | i=(a->top-1)*BN_BITS2; | 255 | i=(a->top-1)*BN_BITS2; |
| 189 | if (l == 0) | ||
| 190 | { | ||
| 191 | #if !defined(NO_STDIO) && !defined(WIN16) | ||
| 192 | fprintf(stderr,"BAD TOP VALUE\n"); | ||
| 193 | #endif | ||
| 194 | abort(); | ||
| 195 | } | ||
| 196 | return(i+BN_num_bits_word(l)); | 256 | return(i+BN_num_bits_word(l)); |
| 197 | } | 257 | } |
| 198 | 258 | ||
| 199 | void BN_clear_free(a) | 259 | void BN_clear_free(BIGNUM *a) |
| 200 | BIGNUM *a; | ||
| 201 | { | 260 | { |
| 261 | int i; | ||
| 262 | |||
| 202 | if (a == NULL) return; | 263 | if (a == NULL) return; |
| 203 | if (a->d != NULL) | 264 | if (a->d != NULL) |
| 204 | { | 265 | { |
| 205 | memset(a->d,0,a->max*sizeof(a->d[0])); | 266 | memset(a->d,0,a->dmax*sizeof(a->d[0])); |
| 206 | Free(a->d); | 267 | if (!(BN_get_flags(a,BN_FLG_STATIC_DATA))) |
| 268 | OPENSSL_free(a->d); | ||
| 207 | } | 269 | } |
| 270 | i=BN_get_flags(a,BN_FLG_MALLOCED); | ||
| 208 | memset(a,0,sizeof(BIGNUM)); | 271 | memset(a,0,sizeof(BIGNUM)); |
| 209 | Free(a); | 272 | if (i) |
| 273 | OPENSSL_free(a); | ||
| 210 | } | 274 | } |
| 211 | 275 | ||
| 212 | void BN_free(a) | 276 | void BN_free(BIGNUM *a) |
| 213 | BIGNUM *a; | ||
| 214 | { | 277 | { |
| 215 | if (a == NULL) return; | 278 | if (a == NULL) return; |
| 216 | if (a->d != NULL) Free(a->d); | 279 | if ((a->d != NULL) && !(BN_get_flags(a,BN_FLG_STATIC_DATA))) |
| 217 | Free(a); | 280 | OPENSSL_free(a->d); |
| 281 | a->flags|=BN_FLG_FREE; /* REMOVE? */ | ||
| 282 | if (a->flags & BN_FLG_MALLOCED) | ||
| 283 | OPENSSL_free(a); | ||
| 218 | } | 284 | } |
| 219 | 285 | ||
| 220 | BIGNUM *BN_new() | 286 | void BN_init(BIGNUM *a) |
| 287 | { | ||
| 288 | memset(a,0,sizeof(BIGNUM)); | ||
| 289 | } | ||
| 290 | |||
| 291 | BIGNUM *BN_new(void) | ||
| 221 | { | 292 | { |
| 222 | BIGNUM *ret; | 293 | BIGNUM *ret; |
| 223 | BN_ULONG *p; | ||
| 224 | 294 | ||
| 225 | ret=(BIGNUM *)Malloc(sizeof(BIGNUM)); | 295 | if ((ret=(BIGNUM *)OPENSSL_malloc(sizeof(BIGNUM))) == NULL) |
| 226 | if (ret == NULL) goto err; | 296 | { |
| 297 | BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); | ||
| 298 | return(NULL); | ||
| 299 | } | ||
| 300 | ret->flags=BN_FLG_MALLOCED; | ||
| 227 | ret->top=0; | 301 | ret->top=0; |
| 228 | ret->neg=0; | 302 | ret->neg=0; |
| 229 | ret->max=(BN_DEFAULT_BITS/BN_BITS2); | 303 | ret->dmax=0; |
| 230 | p=(BN_ULONG *)Malloc(sizeof(BN_ULONG)*(ret->max+1)); | 304 | ret->d=NULL; |
| 231 | if (p == NULL) goto err; | ||
| 232 | ret->d=p; | ||
| 233 | |||
| 234 | memset(p,0,(ret->max+1)*sizeof(p[0])); | ||
| 235 | return(ret); | 305 | return(ret); |
| 236 | err: | ||
| 237 | BNerr(BN_F_BN_NEW,ERR_R_MALLOC_FAILURE); | ||
| 238 | return(NULL); | ||
| 239 | } | 306 | } |
| 240 | 307 | ||
| 241 | BN_CTX *BN_CTX_new() | 308 | /* This is used both by bn_expand2() and bn_dup_expand() */ |
| 309 | /* The caller MUST check that words > b->dmax before calling this */ | ||
| 310 | static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) | ||
| 242 | { | 311 | { |
| 243 | BN_CTX *ret; | 312 | BN_ULONG *A,*a = NULL; |
| 244 | BIGNUM *n; | 313 | const BN_ULONG *B; |
| 245 | int i,j; | 314 | int i; |
| 246 | 315 | ||
| 247 | ret=(BN_CTX *)Malloc(sizeof(BN_CTX)); | 316 | if (words > (INT_MAX/(4*BN_BITS2))) |
| 248 | if (ret == NULL) goto err2; | 317 | { |
| 318 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_BIGNUM_TOO_LONG); | ||
| 319 | return NULL; | ||
| 320 | } | ||
| 249 | 321 | ||
| 250 | for (i=0; i<BN_CTX_NUM; i++) | 322 | bn_check_top(b); |
| 323 | if (BN_get_flags(b,BN_FLG_STATIC_DATA)) | ||
| 251 | { | 324 | { |
| 252 | n=BN_new(); | 325 | BNerr(BN_F_BN_EXPAND_INTERNAL,BN_R_EXPAND_ON_STATIC_BIGNUM_DATA); |
| 253 | if (n == NULL) goto err; | 326 | return(NULL); |
| 254 | ret->bn[i]=n; | 327 | } |
| 328 | a=A=(BN_ULONG *)OPENSSL_malloc(sizeof(BN_ULONG)*(words+1)); | ||
| 329 | if (A == NULL) | ||
| 330 | { | ||
| 331 | BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); | ||
| 332 | return(NULL); | ||
| 333 | } | ||
| 334 | #if 1 | ||
| 335 | B=b->d; | ||
| 336 | /* Check if the previous number needs to be copied */ | ||
| 337 | if (B != NULL) | ||
| 338 | { | ||
| 339 | for (i=b->top>>2; i>0; i--,A+=4,B+=4) | ||
| 340 | { | ||
| 341 | /* | ||
| 342 | * The fact that the loop is unrolled | ||
| 343 | * 4-wise is a tribute to Intel. It's | ||
| 344 | * the one that doesn't have enough | ||
| 345 | * registers to accomodate more data. | ||
| 346 | * I'd unroll it 8-wise otherwise:-) | ||
| 347 | * | ||
| 348 | * <appro@fy.chalmers.se> | ||
| 349 | */ | ||
| 350 | BN_ULONG a0,a1,a2,a3; | ||
| 351 | a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; | ||
| 352 | A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; | ||
| 353 | } | ||
| 354 | switch (b->top&3) | ||
| 355 | { | ||
| 356 | case 3: A[2]=B[2]; | ||
| 357 | case 2: A[1]=B[1]; | ||
| 358 | case 1: A[0]=B[0]; | ||
| 359 | case 0: /* workaround for ultrix cc: without 'case 0', the optimizer does | ||
| 360 | * the switch table by doing a=top&3; a--; goto jump_table[a]; | ||
| 361 | * which fails for top== 0 */ | ||
| 362 | ; | ||
| 363 | } | ||
| 255 | } | 364 | } |
| 256 | 365 | ||
| 257 | /* There is actually an extra one, this is for debugging my | 366 | /* Now need to zero any data between b->top and b->max */ |
| 258 | * stuff */ | 367 | /* XXX Why? */ |
| 259 | ret->bn[BN_CTX_NUM]=NULL; | ||
| 260 | 368 | ||
| 261 | ret->tos=0; | 369 | A= &(a[b->top]); |
| 262 | return(ret); | 370 | for (i=(words - b->top)>>3; i>0; i--,A+=8) |
| 263 | err: | 371 | { |
| 264 | for (j=0; j<i; j++) | 372 | A[0]=0; A[1]=0; A[2]=0; A[3]=0; |
| 265 | BN_free(ret->bn[j]); | 373 | A[4]=0; A[5]=0; A[6]=0; A[7]=0; |
| 266 | Free(ret); | 374 | } |
| 267 | err2: | 375 | for (i=(words - b->top)&7; i>0; i--,A++) |
| 268 | BNerr(BN_F_BN_CTX_NEW,ERR_R_MALLOC_FAILURE); | 376 | A[0]=0; |
| 269 | return(NULL); | 377 | #else |
| 378 | memset(A,0,sizeof(BN_ULONG)*(words+1)); | ||
| 379 | memcpy(A,b->d,sizeof(b->d[0])*b->top); | ||
| 380 | #endif | ||
| 381 | |||
| 382 | return(a); | ||
| 270 | } | 383 | } |
| 271 | 384 | ||
| 272 | void BN_CTX_free(c) | 385 | /* This is an internal function that can be used instead of bn_expand2() |
| 273 | BN_CTX *c; | 386 | * when there is a need to copy BIGNUMs instead of only expanding the |
| 387 | * data part, while still expanding them. | ||
| 388 | * Especially useful when needing to expand BIGNUMs that are declared | ||
| 389 | * 'const' and should therefore not be changed. | ||
| 390 | * The reason to use this instead of a BN_dup() followed by a bn_expand2() | ||
| 391 | * is memory allocation overhead. A BN_dup() followed by a bn_expand2() | ||
| 392 | * will allocate new memory for the BIGNUM data twice, and free it once, | ||
| 393 | * while bn_dup_expand() makes sure allocation is made only once. | ||
| 394 | */ | ||
| 395 | |||
| 396 | BIGNUM *bn_dup_expand(const BIGNUM *b, int words) | ||
| 274 | { | 397 | { |
| 275 | int i; | 398 | BIGNUM *r = NULL; |
| 399 | |||
| 400 | if (words > b->dmax) | ||
| 401 | { | ||
| 402 | BN_ULONG *a = bn_expand_internal(b, words); | ||
| 276 | 403 | ||
| 277 | for (i=0; i<BN_CTX_NUM; i++) | 404 | if (a) |
| 278 | BN_clear_free(c->bn[i]); | 405 | { |
| 279 | Free(c); | 406 | r = BN_new(); |
| 407 | if (r) | ||
| 408 | { | ||
| 409 | r->top = b->top; | ||
| 410 | r->dmax = words; | ||
| 411 | r->neg = b->neg; | ||
| 412 | r->d = a; | ||
| 413 | } | ||
| 414 | else | ||
| 415 | { | ||
| 416 | /* r == NULL, BN_new failure */ | ||
| 417 | OPENSSL_free(a); | ||
| 418 | } | ||
| 419 | } | ||
| 420 | /* If a == NULL, there was an error in allocation in | ||
| 421 | bn_expand_internal(), and NULL should be returned */ | ||
| 422 | } | ||
| 423 | else | ||
| 424 | { | ||
| 425 | r = BN_dup(b); | ||
| 426 | } | ||
| 427 | |||
| 428 | return r; | ||
| 280 | } | 429 | } |
| 281 | 430 | ||
| 282 | BIGNUM *bn_expand2(b, words) | 431 | /* This is an internal function that should not be used in applications. |
| 283 | BIGNUM *b; | 432 | * It ensures that 'b' has enough room for a 'words' word number number. |
| 284 | int words; | 433 | * It is mostly used by the various BIGNUM routines. If there is an error, |
| 285 | { | 434 | * NULL is returned. If not, 'b' is returned. */ |
| 286 | BN_ULONG *p; | ||
| 287 | 435 | ||
| 288 | if (words > b->max) | 436 | BIGNUM *bn_expand2(BIGNUM *b, int words) |
| 437 | { | ||
| 438 | if (words > b->dmax) | ||
| 289 | { | 439 | { |
| 290 | p=(BN_ULONG *)Realloc(b->d,sizeof(BN_ULONG)*(words+1)); | 440 | BN_ULONG *a = bn_expand_internal(b, words); |
| 291 | if (p == NULL) | 441 | |
| 442 | if (a) | ||
| 292 | { | 443 | { |
| 293 | BNerr(BN_F_BN_EXPAND2,ERR_R_MALLOC_FAILURE); | 444 | if (b->d) |
| 294 | return(NULL); | 445 | OPENSSL_free(b->d); |
| 446 | b->d=a; | ||
| 447 | b->dmax=words; | ||
| 295 | } | 448 | } |
| 296 | b->d=p; | 449 | else |
| 297 | memset(&(p[b->max]),0,((words+1)-b->max)*sizeof(BN_ULONG)); | 450 | b = NULL; |
| 298 | b->max=words; | ||
| 299 | } | 451 | } |
| 300 | return(b); | 452 | return b; |
| 301 | } | 453 | } |
| 302 | 454 | ||
| 303 | BIGNUM *BN_dup(a) | 455 | BIGNUM *BN_dup(const BIGNUM *a) |
| 304 | BIGNUM *a; | ||
| 305 | { | 456 | { |
| 306 | BIGNUM *r; | 457 | BIGNUM *r, *t; |
| 307 | 458 | ||
| 308 | r=BN_new(); | 459 | if (a == NULL) return NULL; |
| 309 | if (r == NULL) return(NULL); | 460 | |
| 310 | return((BIGNUM *)BN_copy(r,a)); | 461 | bn_check_top(a); |
| 462 | |||
| 463 | t = BN_new(); | ||
| 464 | if (t == NULL) return(NULL); | ||
| 465 | r = BN_copy(t, a); | ||
| 466 | /* now r == t || r == NULL */ | ||
| 467 | if (r == NULL) | ||
| 468 | BN_free(t); | ||
| 469 | return r; | ||
| 311 | } | 470 | } |
| 312 | 471 | ||
| 313 | BIGNUM *BN_copy(a, b) | 472 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b) |
| 314 | BIGNUM *a; | ||
| 315 | BIGNUM *b; | ||
| 316 | { | 473 | { |
| 317 | int i; | 474 | int i; |
| 318 | BN_ULONG *A,*B; | 475 | BN_ULONG *A; |
| 476 | const BN_ULONG *B; | ||
| 477 | |||
| 478 | bn_check_top(b); | ||
| 319 | 479 | ||
| 320 | if (a == b) return(a); | 480 | if (a == b) return(a); |
| 321 | if (bn_wexpand(a,b->top) == NULL) return(NULL); | 481 | if (bn_wexpand(a,b->top) == NULL) return(NULL); |
| @@ -323,35 +483,18 @@ BIGNUM *b; | |||
| 323 | #if 1 | 483 | #if 1 |
| 324 | A=a->d; | 484 | A=a->d; |
| 325 | B=b->d; | 485 | B=b->d; |
| 326 | for (i=b->top&(~7); i>0; i-=8) | 486 | for (i=b->top>>2; i>0; i--,A+=4,B+=4) |
| 327 | { | 487 | { |
| 328 | A[0]=B[0]; | 488 | BN_ULONG a0,a1,a2,a3; |
| 329 | A[1]=B[1]; | 489 | a0=B[0]; a1=B[1]; a2=B[2]; a3=B[3]; |
| 330 | A[2]=B[2]; | 490 | A[0]=a0; A[1]=a1; A[2]=a2; A[3]=a3; |
| 331 | A[3]=B[3]; | 491 | } |
| 332 | A[4]=B[4]; | 492 | switch (b->top&3) |
| 333 | A[5]=B[5]; | 493 | { |
| 334 | A[6]=B[6]; | 494 | case 3: A[2]=B[2]; |
| 335 | A[7]=B[7]; | 495 | case 2: A[1]=B[1]; |
| 336 | A+=8; | 496 | case 1: A[0]=B[0]; |
| 337 | B+=8; | 497 | case 0: ; /* ultrix cc workaround, see comments in bn_expand_internal */ |
| 338 | } | ||
| 339 | switch (b->top&7) | ||
| 340 | { | ||
| 341 | case 7: | ||
| 342 | A[6]=B[6]; | ||
| 343 | case 6: | ||
| 344 | A[5]=B[5]; | ||
| 345 | case 5: | ||
| 346 | A[4]=B[4]; | ||
| 347 | case 4: | ||
| 348 | A[3]=B[3]; | ||
| 349 | case 3: | ||
| 350 | A[2]=B[2]; | ||
| 351 | case 2: | ||
| 352 | A[1]=B[1]; | ||
| 353 | case 1: | ||
| 354 | A[0]=B[0]; | ||
| 355 | } | 498 | } |
| 356 | #else | 499 | #else |
| 357 | memcpy(a->d,b->d,sizeof(b->d[0])*b->top); | 500 | memcpy(a->d,b->d,sizeof(b->d[0])*b->top); |
| @@ -359,52 +502,76 @@ BIGNUM *b; | |||
| 359 | 502 | ||
| 360 | /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ | 503 | /* memset(&(a->d[b->top]),0,sizeof(a->d[0])*(a->max-b->top));*/ |
| 361 | a->top=b->top; | 504 | a->top=b->top; |
| 362 | if (a->top == 0) | 505 | if ((a->top == 0) && (a->d != NULL)) |
| 363 | a->d[0]=0; | 506 | a->d[0]=0; |
| 364 | a->neg=b->neg; | 507 | a->neg=b->neg; |
| 365 | return(a); | 508 | return(a); |
| 366 | } | 509 | } |
| 367 | 510 | ||
| 368 | void BN_clear(a) | 511 | void BN_swap(BIGNUM *a, BIGNUM *b) |
| 369 | BIGNUM *a; | 512 | { |
| 513 | int flags_old_a, flags_old_b; | ||
| 514 | BN_ULONG *tmp_d; | ||
| 515 | int tmp_top, tmp_dmax, tmp_neg; | ||
| 516 | |||
| 517 | flags_old_a = a->flags; | ||
| 518 | flags_old_b = b->flags; | ||
| 519 | |||
| 520 | tmp_d = a->d; | ||
| 521 | tmp_top = a->top; | ||
| 522 | tmp_dmax = a->dmax; | ||
| 523 | tmp_neg = a->neg; | ||
| 524 | |||
| 525 | a->d = b->d; | ||
| 526 | a->top = b->top; | ||
| 527 | a->dmax = b->dmax; | ||
| 528 | a->neg = b->neg; | ||
| 529 | |||
| 530 | b->d = tmp_d; | ||
| 531 | b->top = tmp_top; | ||
| 532 | b->dmax = tmp_dmax; | ||
| 533 | b->neg = tmp_neg; | ||
| 534 | |||
| 535 | a->flags = (flags_old_a & BN_FLG_MALLOCED) | (flags_old_b & BN_FLG_STATIC_DATA); | ||
| 536 | b->flags = (flags_old_b & BN_FLG_MALLOCED) | (flags_old_a & BN_FLG_STATIC_DATA); | ||
| 537 | } | ||
| 538 | |||
| 539 | |||
| 540 | void BN_clear(BIGNUM *a) | ||
| 370 | { | 541 | { |
| 371 | memset(a->d,0,a->max*sizeof(a->d[0])); | 542 | if (a->d != NULL) |
| 543 | memset(a->d,0,a->dmax*sizeof(a->d[0])); | ||
| 372 | a->top=0; | 544 | a->top=0; |
| 373 | a->neg=0; | 545 | a->neg=0; |
| 374 | } | 546 | } |
| 375 | 547 | ||
| 376 | unsigned long BN_get_word(a) | 548 | BN_ULONG BN_get_word(const BIGNUM *a) |
| 377 | BIGNUM *a; | ||
| 378 | { | 549 | { |
| 379 | int i,n; | 550 | int i,n; |
| 380 | unsigned long ret=0; | 551 | BN_ULONG ret=0; |
| 381 | 552 | ||
| 382 | n=BN_num_bytes(a); | 553 | n=BN_num_bytes(a); |
| 383 | if (n > sizeof(unsigned long)) | 554 | if (n > sizeof(BN_ULONG)) |
| 384 | #ifdef SIXTY_FOUR_BIT_LONG | ||
| 385 | return(BN_MASK2); | 555 | return(BN_MASK2); |
| 386 | #else | ||
| 387 | return(0xFFFFFFFFL); | ||
| 388 | #endif | ||
| 389 | for (i=a->top-1; i>=0; i--) | 556 | for (i=a->top-1; i>=0; i--) |
| 390 | { | 557 | { |
| 391 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ | 558 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ |
| 392 | ret<<=BN_BITS4; /* stops the compiler complaining */ | 559 | ret<<=BN_BITS4; /* stops the compiler complaining */ |
| 393 | ret<<=BN_BITS4; | 560 | ret<<=BN_BITS4; |
| 561 | #else | ||
| 562 | ret=0; | ||
| 394 | #endif | 563 | #endif |
| 395 | ret|=a->d[i]; | 564 | ret|=a->d[i]; |
| 396 | } | 565 | } |
| 397 | return(ret); | 566 | return(ret); |
| 398 | } | 567 | } |
| 399 | 568 | ||
| 400 | int BN_set_word(a,w) | 569 | int BN_set_word(BIGNUM *a, BN_ULONG w) |
| 401 | BIGNUM *a; | ||
| 402 | unsigned long w; | ||
| 403 | { | 570 | { |
| 404 | int i,n; | 571 | int i,n; |
| 405 | if (bn_expand(a,sizeof(unsigned long)*8) == NULL) return(0); | 572 | if (bn_expand(a,sizeof(BN_ULONG)*8) == NULL) return(0); |
| 406 | 573 | ||
| 407 | n=sizeof(unsigned long)/BN_BYTES; | 574 | n=sizeof(BN_ULONG)/BN_BYTES; |
| 408 | a->neg=0; | 575 | a->neg=0; |
| 409 | a->top=0; | 576 | a->top=0; |
| 410 | a->d[0]=(BN_ULONG)w&BN_MASK2; | 577 | a->d[0]=(BN_ULONG)w&BN_MASK2; |
| @@ -417,6 +584,8 @@ unsigned long w; | |||
| 417 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ | 584 | #ifndef SIXTY_FOUR_BIT /* the data item > unsigned long */ |
| 418 | w>>=BN_BITS4; | 585 | w>>=BN_BITS4; |
| 419 | w>>=BN_BITS4; | 586 | w>>=BN_BITS4; |
| 587 | #else | ||
| 588 | w=0; | ||
| 420 | #endif | 589 | #endif |
| 421 | a->d[i]=(BN_ULONG)w&BN_MASK2; | 590 | a->d[i]=(BN_ULONG)w&BN_MASK2; |
| 422 | if (a->d[i] != 0) a->top=i+1; | 591 | if (a->d[i] != 0) a->top=i+1; |
| @@ -424,11 +593,7 @@ unsigned long w; | |||
| 424 | return(1); | 593 | return(1); |
| 425 | } | 594 | } |
| 426 | 595 | ||
| 427 | /* ignore negative */ | 596 | BIGNUM *BN_bin2bn(const unsigned char *s, int len, BIGNUM *ret) |
| 428 | BIGNUM *BN_bin2bn(s, len, ret) | ||
| 429 | unsigned char *s; | ||
| 430 | int len; | ||
| 431 | BIGNUM *ret; | ||
| 432 | { | 597 | { |
| 433 | unsigned int i,m; | 598 | unsigned int i,m; |
| 434 | unsigned int n; | 599 | unsigned int n; |
| @@ -448,6 +613,7 @@ BIGNUM *ret; | |||
| 448 | i=((n-1)/BN_BYTES)+1; | 613 | i=((n-1)/BN_BYTES)+1; |
| 449 | m=((n-1)%(BN_BYTES)); | 614 | m=((n-1)%(BN_BYTES)); |
| 450 | ret->top=i; | 615 | ret->top=i; |
| 616 | ret->neg=0; | ||
| 451 | while (n-- > 0) | 617 | while (n-- > 0) |
| 452 | { | 618 | { |
| 453 | l=(l<<8L)| *(s++); | 619 | l=(l<<8L)| *(s++); |
| @@ -465,9 +631,7 @@ BIGNUM *ret; | |||
| 465 | } | 631 | } |
| 466 | 632 | ||
| 467 | /* ignore negative */ | 633 | /* ignore negative */ |
| 468 | int BN_bn2bin(a, to) | 634 | int BN_bn2bin(const BIGNUM *a, unsigned char *to) |
| 469 | BIGNUM *a; | ||
| 470 | unsigned char *to; | ||
| 471 | { | 635 | { |
| 472 | int n,i; | 636 | int n,i; |
| 473 | BN_ULONG l; | 637 | BN_ULONG l; |
| @@ -481,13 +645,14 @@ unsigned char *to; | |||
| 481 | return(n); | 645 | return(n); |
| 482 | } | 646 | } |
| 483 | 647 | ||
| 484 | int BN_ucmp(a, b) | 648 | int BN_ucmp(const BIGNUM *a, const BIGNUM *b) |
| 485 | BIGNUM *a; | ||
| 486 | BIGNUM *b; | ||
| 487 | { | 649 | { |
| 488 | int i; | 650 | int i; |
| 489 | BN_ULONG t1,t2,*ap,*bp; | 651 | BN_ULONG t1,t2,*ap,*bp; |
| 490 | 652 | ||
| 653 | bn_check_top(a); | ||
| 654 | bn_check_top(b); | ||
| 655 | |||
| 491 | i=a->top-b->top; | 656 | i=a->top-b->top; |
| 492 | if (i != 0) return(i); | 657 | if (i != 0) return(i); |
| 493 | ap=a->d; | 658 | ap=a->d; |
| @@ -502,9 +667,7 @@ BIGNUM *b; | |||
| 502 | return(0); | 667 | return(0); |
| 503 | } | 668 | } |
| 504 | 669 | ||
| 505 | int BN_cmp(a, b) | 670 | int BN_cmp(const BIGNUM *a, const BIGNUM *b) |
| 506 | BIGNUM *a; | ||
| 507 | BIGNUM *b; | ||
| 508 | { | 671 | { |
| 509 | int i; | 672 | int i; |
| 510 | int gt,lt; | 673 | int gt,lt; |
| @@ -519,6 +682,10 @@ BIGNUM *b; | |||
| 519 | else | 682 | else |
| 520 | return(0); | 683 | return(0); |
| 521 | } | 684 | } |
| 685 | |||
| 686 | bn_check_top(a); | ||
| 687 | bn_check_top(b); | ||
| 688 | |||
| 522 | if (a->neg != b->neg) | 689 | if (a->neg != b->neg) |
| 523 | { | 690 | { |
| 524 | if (a->neg) | 691 | if (a->neg) |
| @@ -541,27 +708,25 @@ BIGNUM *b; | |||
| 541 | return(0); | 708 | return(0); |
| 542 | } | 709 | } |
| 543 | 710 | ||
| 544 | int BN_set_bit(a, n) | 711 | int BN_set_bit(BIGNUM *a, int n) |
| 545 | BIGNUM *a; | ||
| 546 | int n; | ||
| 547 | { | 712 | { |
| 548 | int i,j; | 713 | int i,j,k; |
| 549 | 714 | ||
| 550 | i=n/BN_BITS2; | 715 | i=n/BN_BITS2; |
| 551 | j=n%BN_BITS2; | 716 | j=n%BN_BITS2; |
| 552 | if (a->top <= i) | 717 | if (a->top <= i) |
| 553 | { | 718 | { |
| 554 | if (bn_expand(a,n) == NULL) return(0); | 719 | if (bn_wexpand(a,i+1) == NULL) return(0); |
| 720 | for(k=a->top; k<i+1; k++) | ||
| 721 | a->d[k]=0; | ||
| 555 | a->top=i+1; | 722 | a->top=i+1; |
| 556 | } | 723 | } |
| 557 | 724 | ||
| 558 | a->d[i]|=(1L<<j); | 725 | a->d[i]|=(((BN_ULONG)1)<<j); |
| 559 | return(1); | 726 | return(1); |
| 560 | } | 727 | } |
| 561 | 728 | ||
| 562 | int BN_clear_bit(a, n) | 729 | int BN_clear_bit(BIGNUM *a, int n) |
| 563 | BIGNUM *a; | ||
| 564 | int n; | ||
| 565 | { | 730 | { |
| 566 | int i,j; | 731 | int i,j; |
| 567 | 732 | ||
| @@ -569,13 +734,12 @@ int n; | |||
| 569 | j=n%BN_BITS2; | 734 | j=n%BN_BITS2; |
| 570 | if (a->top <= i) return(0); | 735 | if (a->top <= i) return(0); |
| 571 | 736 | ||
| 572 | a->d[i]&=(~(1L<<j)); | 737 | a->d[i]&=(~(((BN_ULONG)1)<<j)); |
| 738 | bn_fix_top(a); | ||
| 573 | return(1); | 739 | return(1); |
| 574 | } | 740 | } |
| 575 | 741 | ||
| 576 | int BN_is_bit_set(a, n) | 742 | int BN_is_bit_set(const BIGNUM *a, int n) |
| 577 | BIGNUM *a; | ||
| 578 | int n; | ||
| 579 | { | 743 | { |
| 580 | int i,j; | 744 | int i,j; |
| 581 | 745 | ||
| @@ -586,9 +750,7 @@ int n; | |||
| 586 | return((a->d[i]&(((BN_ULONG)1)<<j))?1:0); | 750 | return((a->d[i]&(((BN_ULONG)1)<<j))?1:0); |
| 587 | } | 751 | } |
| 588 | 752 | ||
| 589 | int BN_mask_bits(a,n) | 753 | int BN_mask_bits(BIGNUM *a, int n) |
| 590 | BIGNUM *a; | ||
| 591 | int n; | ||
| 592 | { | 754 | { |
| 593 | int b,w; | 755 | int b,w; |
| 594 | 756 | ||
| @@ -601,11 +763,56 @@ int n; | |||
| 601 | { | 763 | { |
| 602 | a->top=w+1; | 764 | a->top=w+1; |
| 603 | a->d[w]&= ~(BN_MASK2<<b); | 765 | a->d[w]&= ~(BN_MASK2<<b); |
| 604 | while ((w >= 0) && (a->d[w] == 0)) | 766 | } |
| 767 | bn_fix_top(a); | ||
| 768 | return(1); | ||
| 769 | } | ||
| 770 | |||
| 771 | int bn_cmp_words(const BN_ULONG *a, const BN_ULONG *b, int n) | ||
| 772 | { | ||
| 773 | int i; | ||
| 774 | BN_ULONG aa,bb; | ||
| 775 | |||
| 776 | aa=a[n-1]; | ||
| 777 | bb=b[n-1]; | ||
| 778 | if (aa != bb) return((aa > bb)?1:-1); | ||
| 779 | for (i=n-2; i>=0; i--) | ||
| 780 | { | ||
| 781 | aa=a[i]; | ||
| 782 | bb=b[i]; | ||
| 783 | if (aa != bb) return((aa > bb)?1:-1); | ||
| 784 | } | ||
| 785 | return(0); | ||
| 786 | } | ||
| 787 | |||
| 788 | /* Here follows a specialised variants of bn_cmp_words(). It has the | ||
| 789 | property of performing the operation on arrays of different sizes. | ||
| 790 | The sizes of those arrays is expressed through cl, which is the | ||
| 791 | common length ( basicall, min(len(a),len(b)) ), and dl, which is the | ||
| 792 | delta between the two lengths, calculated as len(a)-len(b). | ||
| 793 | All lengths are the number of BN_ULONGs... */ | ||
| 794 | |||
| 795 | int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, | ||
| 796 | int cl, int dl) | ||
| 797 | { | ||
| 798 | int n,i; | ||
| 799 | n = cl-1; | ||
| 800 | |||
| 801 | if (dl < 0) | ||
| 802 | { | ||
| 803 | for (i=dl; i<0; i++) | ||
| 605 | { | 804 | { |
| 606 | a->top--; | 805 | if (b[n-i] != 0) |
| 607 | w--; | 806 | return -1; /* a < b */ |
| 608 | } | 807 | } |
| 609 | } | 808 | } |
| 610 | return(1); | 809 | if (dl > 0) |
| 810 | { | ||
| 811 | for (i=dl; i>0; i--) | ||
| 812 | { | ||
| 813 | if (a[n+i] != 0) | ||
| 814 | return 1; /* a > b */ | ||
| 815 | } | ||
| 816 | } | ||
| 817 | return bn_cmp_words(a,b,cl); | ||
| 611 | } | 818 | } |
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c index c351aac14f..5cf82480d7 100644 --- a/src/lib/libcrypto/bn/bn_mod.c +++ b/src/lib/libcrypto/bn/bn_mod.c | |||
| @@ -1,4 +1,59 @@ | |||
| 1 | /* crypto/bn/bn_mod.c */ | 1 | /* crypto/bn/bn_mod.c */ |
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | ||
| 3 | * for the OpenSSL project. */ | ||
| 4 | /* ==================================================================== | ||
| 5 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. | ||
| 6 | * | ||
| 7 | * Redistribution and use in source and binary forms, with or without | ||
| 8 | * modification, are permitted provided that the following conditions | ||
| 9 | * are met: | ||
| 10 | * | ||
| 11 | * 1. Redistributions of source code must retain the above copyright | ||
| 12 | * notice, this list of conditions and the following disclaimer. | ||
| 13 | * | ||
| 14 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 15 | * notice, this list of conditions and the following disclaimer in | ||
| 16 | * the documentation and/or other materials provided with the | ||
| 17 | * distribution. | ||
| 18 | * | ||
| 19 | * 3. All advertising materials mentioning features or use of this | ||
| 20 | * software must display the following acknowledgment: | ||
| 21 | * "This product includes software developed by the OpenSSL Project | ||
| 22 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 23 | * | ||
| 24 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 25 | * endorse or promote products derived from this software without | ||
| 26 | * prior written permission. For written permission, please contact | ||
| 27 | * openssl-core@openssl.org. | ||
| 28 | * | ||
| 29 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 30 | * nor may "OpenSSL" appear in their names without prior written | ||
| 31 | * permission of the OpenSSL Project. | ||
| 32 | * | ||
| 33 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 34 | * acknowledgment: | ||
| 35 | * "This product includes software developed by the OpenSSL Project | ||
| 36 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 37 | * | ||
| 38 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 39 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 40 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 41 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 42 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 43 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 44 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 45 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 46 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 47 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 48 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 49 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 50 | * ==================================================================== | ||
| 51 | * | ||
| 52 | * This product includes cryptographic software written by Eric Young | ||
| 53 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 54 | * Hudson (tjh@cryptsoft.com). | ||
| 55 | * | ||
| 56 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 57 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 58 | * All rights reserved. |
| 4 | * | 59 | * |
| @@ -56,42 +111,186 @@ | |||
| 56 | * [including the GNU Public Licence.] | 111 | * [including the GNU Public Licence.] |
| 57 | */ | 112 | */ |
| 58 | 113 | ||
| 59 | #include <stdio.h> | ||
| 60 | #include "cryptlib.h" | 114 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 115 | #include "bn_lcl.h" |
| 62 | 116 | ||
| 63 | /* rem != m */ | 117 | |
| 64 | int BN_mod(rem, m, d,ctx) | 118 | #if 0 /* now just a #define */ |
| 65 | BIGNUM *rem; | 119 | int BN_mod(BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) |
| 66 | BIGNUM *m; | 120 | { |
| 67 | BIGNUM *d; | 121 | return(BN_div(NULL,rem,m,d,ctx)); |
| 68 | BN_CTX *ctx; | 122 | /* note that rem->neg == m->neg (unless the remainder is zero) */ |
| 123 | } | ||
| 124 | #endif | ||
| 125 | |||
| 126 | |||
| 127 | int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) | ||
| 128 | { | ||
| 129 | /* like BN_mod, but returns non-negative remainder | ||
| 130 | * (i.e., 0 <= r < |d| always holds) */ | ||
| 131 | |||
| 132 | if (!(BN_mod(r,m,d,ctx))) | ||
| 133 | return 0; | ||
| 134 | if (!r->neg) | ||
| 135 | return 1; | ||
| 136 | /* now -|d| < r < 0, so we have to set r := r + |d| */ | ||
| 137 | return (d->neg ? BN_sub : BN_add)(r, r, d); | ||
| 138 | } | ||
| 139 | |||
| 140 | |||
| 141 | int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) | ||
| 142 | { | ||
| 143 | if (!BN_add(r, a, b)) return 0; | ||
| 144 | return BN_nnmod(r, r, m, ctx); | ||
| 145 | } | ||
| 146 | |||
| 147 | |||
| 148 | /* BN_mod_add variant that may be used if both a and b are non-negative | ||
| 149 | * and less than m */ | ||
| 150 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) | ||
| 151 | { | ||
| 152 | if (!BN_add(r, a, b)) return 0; | ||
| 153 | if (BN_ucmp(r, m) >= 0) | ||
| 154 | return BN_usub(r, r, m); | ||
| 155 | return 1; | ||
| 156 | } | ||
| 157 | |||
| 158 | |||
| 159 | int BN_mod_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx) | ||
| 160 | { | ||
| 161 | if (!BN_sub(r, a, b)) return 0; | ||
| 162 | return BN_nnmod(r, r, m, ctx); | ||
| 163 | } | ||
| 164 | |||
| 165 | |||
| 166 | /* BN_mod_sub variant that may be used if both a and b are non-negative | ||
| 167 | * and less than m */ | ||
| 168 | int BN_mod_sub_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m) | ||
| 169 | { | ||
| 170 | if (!BN_sub(r, a, b)) return 0; | ||
| 171 | if (r->neg) | ||
| 172 | return BN_add(r, r, m); | ||
| 173 | return 1; | ||
| 174 | } | ||
| 175 | |||
| 176 | |||
| 177 | /* slow but works */ | ||
| 178 | int BN_mod_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, | ||
| 179 | BN_CTX *ctx) | ||
| 69 | { | 180 | { |
| 70 | #if 0 /* The old slow way */ | 181 | BIGNUM *t; |
| 71 | int i,nm,nd; | 182 | int ret=0; |
| 72 | BIGNUM *dv; | 183 | |
| 184 | bn_check_top(a); | ||
| 185 | bn_check_top(b); | ||
| 186 | bn_check_top(m); | ||
| 187 | |||
| 188 | BN_CTX_start(ctx); | ||
| 189 | if ((t = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 190 | if (a == b) | ||
| 191 | { if (!BN_sqr(t,a,ctx)) goto err; } | ||
| 192 | else | ||
| 193 | { if (!BN_mul(t,a,b,ctx)) goto err; } | ||
| 194 | if (!BN_nnmod(r,t,m,ctx)) goto err; | ||
| 195 | ret=1; | ||
| 196 | err: | ||
| 197 | BN_CTX_end(ctx); | ||
| 198 | return(ret); | ||
| 199 | } | ||
| 73 | 200 | ||
| 74 | if (BN_ucmp(m,d) < 0) | ||
| 75 | return((BN_copy(rem,m) == NULL)?0:1); | ||
| 76 | 201 | ||
| 77 | dv=ctx->bn[ctx->tos]; | 202 | int BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) |
| 203 | { | ||
| 204 | if (!BN_sqr(r, a, ctx)) return 0; | ||
| 205 | /* r->neg == 0, thus we don't need BN_nnmod */ | ||
| 206 | return BN_mod(r, r, m, ctx); | ||
| 207 | } | ||
| 78 | 208 | ||
| 79 | if (!BN_copy(rem,m)) return(0); | ||
| 80 | 209 | ||
| 81 | nm=BN_num_bits(rem); | 210 | int BN_mod_lshift1(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) |
| 82 | nd=BN_num_bits(d); | 211 | { |
| 83 | if (!BN_lshift(dv,d,nm-nd)) return(0); | 212 | if (!BN_lshift1(r, a)) return 0; |
| 84 | for (i=nm-nd; i>=0; i--) | 213 | return BN_nnmod(r, r, m, ctx); |
| 214 | } | ||
| 215 | |||
| 216 | |||
| 217 | /* BN_mod_lshift1 variant that may be used if a is non-negative | ||
| 218 | * and less than m */ | ||
| 219 | int BN_mod_lshift1_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *m) | ||
| 220 | { | ||
| 221 | if (!BN_lshift1(r, a)) return 0; | ||
| 222 | if (BN_cmp(r, m) >= 0) | ||
| 223 | return BN_sub(r, r, m); | ||
| 224 | return 1; | ||
| 225 | } | ||
| 226 | |||
| 227 | |||
| 228 | int BN_mod_lshift(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m, BN_CTX *ctx) | ||
| 229 | { | ||
| 230 | BIGNUM *abs_m = NULL; | ||
| 231 | int ret; | ||
| 232 | |||
| 233 | if (!BN_nnmod(r, a, m, ctx)) return 0; | ||
| 234 | |||
| 235 | if (m->neg) | ||
| 85 | { | 236 | { |
| 86 | if (BN_cmp(rem,dv) >= 0) | 237 | abs_m = BN_dup(m); |
| 238 | if (abs_m == NULL) return 0; | ||
| 239 | abs_m->neg = 0; | ||
| 240 | } | ||
| 241 | |||
| 242 | ret = BN_mod_lshift_quick(r, r, n, (abs_m ? abs_m : m)); | ||
| 243 | |||
| 244 | if (abs_m) | ||
| 245 | BN_free(abs_m); | ||
| 246 | return ret; | ||
| 247 | } | ||
| 248 | |||
| 249 | |||
| 250 | /* BN_mod_lshift variant that may be used if a is non-negative | ||
| 251 | * and less than m */ | ||
| 252 | int BN_mod_lshift_quick(BIGNUM *r, const BIGNUM *a, int n, const BIGNUM *m) | ||
| 253 | { | ||
| 254 | if (r != a) | ||
| 255 | { | ||
| 256 | if (BN_copy(r, a) == NULL) return 0; | ||
| 257 | } | ||
| 258 | |||
| 259 | while (n > 0) | ||
| 260 | { | ||
| 261 | int max_shift; | ||
| 262 | |||
| 263 | /* 0 < r < m */ | ||
| 264 | max_shift = BN_num_bits(m) - BN_num_bits(r); | ||
| 265 | /* max_shift >= 0 */ | ||
| 266 | |||
| 267 | if (max_shift < 0) | ||
| 268 | { | ||
| 269 | BNerr(BN_F_BN_MOD_LSHIFT_QUICK, BN_R_INPUT_NOT_REDUCED); | ||
| 270 | return 0; | ||
| 271 | } | ||
| 272 | |||
| 273 | if (max_shift > n) | ||
| 274 | max_shift = n; | ||
| 275 | |||
| 276 | if (max_shift) | ||
| 277 | { | ||
| 278 | if (!BN_lshift(r, r, max_shift)) return 0; | ||
| 279 | n -= max_shift; | ||
| 280 | } | ||
| 281 | else | ||
| 282 | { | ||
| 283 | if (!BN_lshift1(r, r)) return 0; | ||
| 284 | --n; | ||
| 285 | } | ||
| 286 | |||
| 287 | /* BN_num_bits(r) <= BN_num_bits(m) */ | ||
| 288 | |||
| 289 | if (BN_cmp(r, m) >= 0) | ||
| 87 | { | 290 | { |
| 88 | if (!BN_sub(rem,rem,dv)) return(0); | 291 | if (!BN_sub(r, r, m)) return 0; |
| 89 | } | 292 | } |
| 90 | if (!BN_rshift1(dv,dv)) return(0); | ||
| 91 | } | 293 | } |
| 92 | return(1); | 294 | |
| 93 | #else | 295 | return 1; |
| 94 | return(BN_div(NULL,rem,m,d,ctx)); | ||
| 95 | #endif | ||
| 96 | } | 296 | } |
| 97 | |||
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index e435df61f8..c9ebdbaabe 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c | |||
| @@ -56,59 +56,67 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* | ||
| 60 | * Details about Montgomery multiplication algorithms can be found at | ||
| 61 | * http://security.ece.orst.edu/publications.html, e.g. | ||
| 62 | * http://security.ece.orst.edu/koc/papers/j37acmon.pdf and | ||
| 63 | * sections 3.8 and 4.2 in http://security.ece.orst.edu/koc/papers/r01rsasw.pdf | ||
| 64 | */ | ||
| 65 | |||
| 59 | #include <stdio.h> | 66 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 67 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 68 | #include "bn_lcl.h" |
| 62 | 69 | ||
| 63 | int BN_mod_mul_montgomery(r,a,b,mont,ctx) | 70 | #define MONT_WORD /* use the faster word-based algorithm */ |
| 64 | BIGNUM *r,*a,*b; | 71 | |
| 65 | BN_MONT_CTX *mont; | 72 | int BN_mod_mul_montgomery(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, |
| 66 | BN_CTX *ctx; | 73 | BN_MONT_CTX *mont, BN_CTX *ctx) |
| 67 | { | 74 | { |
| 68 | BIGNUM *tmp; | 75 | BIGNUM *tmp; |
| 76 | int ret=0; | ||
| 69 | 77 | ||
| 70 | tmp=ctx->bn[ctx->tos++]; | 78 | BN_CTX_start(ctx); |
| 79 | tmp = BN_CTX_get(ctx); | ||
| 80 | if (tmp == NULL) goto err; | ||
| 71 | 81 | ||
| 82 | bn_check_top(tmp); | ||
| 72 | if (a == b) | 83 | if (a == b) |
| 73 | { | 84 | { |
| 74 | if (!BN_sqr(tmp,a,ctx)) goto err; | 85 | if (!BN_sqr(tmp,a,ctx)) goto err; |
| 75 | } | 86 | } |
| 76 | else | 87 | else |
| 77 | { | 88 | { |
| 78 | if (!BN_mul(tmp,a,b)) goto err; | 89 | if (!BN_mul(tmp,a,b,ctx)) goto err; |
| 79 | } | 90 | } |
| 80 | /* reduce from aRR to aR */ | 91 | /* reduce from aRR to aR */ |
| 81 | if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; | 92 | if (!BN_from_montgomery(r,tmp,mont,ctx)) goto err; |
| 82 | ctx->tos--; | 93 | ret=1; |
| 83 | return(1); | ||
| 84 | err: | 94 | err: |
| 85 | return(0); | 95 | BN_CTX_end(ctx); |
| 96 | return(ret); | ||
| 86 | } | 97 | } |
| 87 | 98 | ||
| 88 | #define MONT_WORD | 99 | int BN_from_montgomery(BIGNUM *ret, const BIGNUM *a, BN_MONT_CTX *mont, |
| 100 | BN_CTX *ctx) | ||
| 101 | { | ||
| 102 | int retn=0; | ||
| 89 | 103 | ||
| 90 | #ifdef MONT_WORD | 104 | #ifdef MONT_WORD |
| 91 | int BN_from_montgomery(ret,a,mont,ctx) | 105 | BIGNUM *n,*r; |
| 92 | BIGNUM *ret; | 106 | BN_ULONG *ap,*np,*rp,n0,v,*nrp; |
| 93 | BIGNUM *a; | ||
| 94 | BN_MONT_CTX *mont; | ||
| 95 | BN_CTX *ctx; | ||
| 96 | { | ||
| 97 | BIGNUM *n,*t1,*r; | ||
| 98 | BN_ULONG *ap,*np,*rp,n0,v; | ||
| 99 | int al,nl,max,i,x,ri; | 107 | int al,nl,max,i,x,ri; |
| 100 | int retn=0; | ||
| 101 | 108 | ||
| 102 | t1=ctx->bn[ctx->tos]; | 109 | BN_CTX_start(ctx); |
| 103 | r=ctx->bn[ctx->tos+1]; | 110 | if ((r = BN_CTX_get(ctx)) == NULL) goto err; |
| 104 | 111 | ||
| 105 | if (!BN_copy(r,a)) goto err; | 112 | if (!BN_copy(r,a)) goto err; |
| 106 | n=mont->N; | 113 | n= &(mont->N); |
| 107 | 114 | ||
| 108 | ap=a->d; | 115 | ap=a->d; |
| 109 | /* mont->ri is the size of mont->N in bits/words */ | 116 | /* mont->ri is the size of mont->N in bits (rounded up |
| 117 | to the word size) */ | ||
| 110 | al=ri=mont->ri/BN_BITS2; | 118 | al=ri=mont->ri/BN_BITS2; |
| 111 | 119 | ||
| 112 | nl=n->top; | 120 | nl=n->top; |
| 113 | if ((al == 0) || (nl == 0)) { r->top=0; return(1); } | 121 | if ((al == 0) || (nl == 0)) { r->top=0; return(1); } |
| 114 | 122 | ||
| @@ -119,6 +127,7 @@ BN_CTX *ctx; | |||
| 119 | r->neg=a->neg^n->neg; | 127 | r->neg=a->neg^n->neg; |
| 120 | np=n->d; | 128 | np=n->d; |
| 121 | rp=r->d; | 129 | rp=r->d; |
| 130 | nrp= &(r->d[nl]); | ||
| 122 | 131 | ||
| 123 | /* clear the top words of T */ | 132 | /* clear the top words of T */ |
| 124 | #if 1 | 133 | #if 1 |
| @@ -131,176 +140,210 @@ BN_CTX *ctx; | |||
| 131 | r->top=max; | 140 | r->top=max; |
| 132 | n0=mont->n0; | 141 | n0=mont->n0; |
| 133 | 142 | ||
| 143 | #ifdef BN_COUNT | ||
| 144 | fprintf(stderr,"word BN_from_montgomery %d * %d\n",nl,nl); | ||
| 145 | #endif | ||
| 134 | for (i=0; i<nl; i++) | 146 | for (i=0; i<nl; i++) |
| 135 | { | 147 | { |
| 136 | #if 0 | 148 | #ifdef __TANDEM |
| 137 | int x1,x2; | 149 | { |
| 138 | 150 | long long t1; | |
| 139 | if (i+4 > nl) | 151 | long long t2; |
| 140 | { | 152 | long long t3; |
| 141 | x2=nl; | 153 | t1 = rp[0] * (n0 & 0177777); |
| 142 | x1=0; | 154 | t2 = 037777600000l; |
| 143 | } | 155 | t2 = n0 & t2; |
| 144 | else | 156 | t3 = rp[0] & 0177777; |
| 145 | { | 157 | t2 = (t3 * t2) & BN_MASK2; |
| 146 | x2=i+4; | 158 | t1 = t1 + t2; |
| 147 | x1=nl-x2; | 159 | v=bn_mul_add_words(rp,np,nl,(BN_ULONG) t1); |
| 148 | } | 160 | } |
| 149 | v=bn_mul_add_words(&(rp[x1]),&(np[x1]),x2,(rp[x1]*n0)&BN_MASK2); | ||
| 150 | #else | 161 | #else |
| 151 | v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); | 162 | v=bn_mul_add_words(rp,np,nl,(rp[0]*n0)&BN_MASK2); |
| 152 | #endif | 163 | #endif |
| 153 | 164 | nrp++; | |
| 154 | if (((rp[nl]+=v)&BN_MASK2) < v) | 165 | rp++; |
| 166 | if (((nrp[-1]+=v)&BN_MASK2) >= v) | ||
| 167 | continue; | ||
| 168 | else | ||
| 155 | { | 169 | { |
| 156 | for (x=(nl+1); (((++rp[x])&BN_MASK2) == 0); x++) | 170 | if (((++nrp[0])&BN_MASK2) != 0) continue; |
| 157 | ; | 171 | if (((++nrp[1])&BN_MASK2) != 0) continue; |
| 172 | for (x=2; (((++nrp[x])&BN_MASK2) == 0); x++) ; | ||
| 158 | } | 173 | } |
| 159 | rp++; | ||
| 160 | } | 174 | } |
| 161 | while (r->d[r->top-1] == 0) | 175 | bn_fix_top(r); |
| 162 | r->top--; | 176 | |
| 163 | |||
| 164 | /* mont->ri will be a multiple of the word size */ | 177 | /* mont->ri will be a multiple of the word size */ |
| 165 | #if 0 | 178 | #if 0 |
| 166 | BN_rshift(ret,r,mont->ri); | 179 | BN_rshift(ret,r,mont->ri); |
| 167 | #else | 180 | #else |
| 168 | ap=r->d; | 181 | ret->neg = r->neg; |
| 169 | rp=ret->d; | ||
| 170 | x=ri; | 182 | x=ri; |
| 171 | al=r->top-x; | 183 | rp=ret->d; |
| 172 | for (i=0; i<al; i++) | 184 | ap= &(r->d[x]); |
| 173 | { | 185 | if (r->top < x) |
| 174 | rp[i]=ap[i+x]; | 186 | al=0; |
| 175 | } | 187 | else |
| 188 | al=r->top-x; | ||
| 176 | ret->top=al; | 189 | ret->top=al; |
| 177 | #endif | 190 | al-=4; |
| 178 | 191 | for (i=0; i<al; i+=4) | |
| 179 | if (BN_ucmp(ret,mont->N) >= 0) | ||
| 180 | { | 192 | { |
| 181 | bn_qsub(ret,ret,mont->N); /* XXX */ | 193 | BN_ULONG t1,t2,t3,t4; |
| 194 | |||
| 195 | t1=ap[i+0]; | ||
| 196 | t2=ap[i+1]; | ||
| 197 | t3=ap[i+2]; | ||
| 198 | t4=ap[i+3]; | ||
| 199 | rp[i+0]=t1; | ||
| 200 | rp[i+1]=t2; | ||
| 201 | rp[i+2]=t3; | ||
| 202 | rp[i+3]=t4; | ||
| 182 | } | 203 | } |
| 183 | retn=1; | 204 | al+=4; |
| 184 | err: | 205 | for (; i<al; i++) |
| 185 | return(retn); | 206 | rp[i]=ap[i]; |
| 186 | } | 207 | #endif |
| 187 | #else | 208 | #else /* !MONT_WORD */ |
| 188 | int BN_from_montgomery(r,a,mont,ctx) | ||
| 189 | BIGNUM *r; | ||
| 190 | BIGNUM *a; | ||
| 191 | BN_MONT_CTX *mont; | ||
| 192 | BN_CTX *ctx; | ||
| 193 | { | ||
| 194 | BIGNUM *t1,*t2; | 209 | BIGNUM *t1,*t2; |
| 195 | 210 | ||
| 196 | t1=ctx->bn[ctx->tos]; | 211 | BN_CTX_start(ctx); |
| 197 | t2=ctx->bn[ctx->tos+1]; | 212 | t1 = BN_CTX_get(ctx); |
| 198 | 213 | t2 = BN_CTX_get(ctx); | |
| 214 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 215 | |||
| 199 | if (!BN_copy(t1,a)) goto err; | 216 | if (!BN_copy(t1,a)) goto err; |
| 200 | /* can cheat */ | ||
| 201 | BN_mask_bits(t1,mont->ri); | 217 | BN_mask_bits(t1,mont->ri); |
| 202 | 218 | ||
| 203 | if (!BN_mul(t2,t1,mont->Ni)) goto err; | 219 | if (!BN_mul(t2,t1,&mont->Ni,ctx)) goto err; |
| 204 | BN_mask_bits(t2,mont->ri); | 220 | BN_mask_bits(t2,mont->ri); |
| 205 | 221 | ||
| 206 | if (!BN_mul(t1,t2,mont->N)) goto err; | 222 | if (!BN_mul(t1,t2,&mont->N,ctx)) goto err; |
| 207 | if (!BN_add(t2,a,t1)) goto err; | 223 | if (!BN_add(t2,a,t1)) goto err; |
| 208 | BN_rshift(r,t2,mont->ri); | 224 | if (!BN_rshift(ret,t2,mont->ri)) goto err; |
| 225 | #endif /* MONT_WORD */ | ||
| 209 | 226 | ||
| 210 | if (BN_ucmp(r,mont->N) >= 0) | 227 | if (BN_ucmp(ret, &(mont->N)) >= 0) |
| 211 | bn_qsub(r,r,mont->N); | 228 | { |
| 212 | 229 | if (!BN_usub(ret,ret,&(mont->N))) goto err; | |
| 213 | return(1); | 230 | } |
| 214 | err: | 231 | retn=1; |
| 215 | return(0); | 232 | err: |
| 233 | BN_CTX_end(ctx); | ||
| 234 | return(retn); | ||
| 216 | } | 235 | } |
| 217 | #endif | ||
| 218 | 236 | ||
| 219 | BN_MONT_CTX *BN_MONT_CTX_new() | 237 | BN_MONT_CTX *BN_MONT_CTX_new(void) |
| 220 | { | 238 | { |
| 221 | BN_MONT_CTX *ret; | 239 | BN_MONT_CTX *ret; |
| 222 | 240 | ||
| 223 | if ((ret=(BN_MONT_CTX *)Malloc(sizeof(BN_MONT_CTX))) == NULL) | 241 | if ((ret=(BN_MONT_CTX *)OPENSSL_malloc(sizeof(BN_MONT_CTX))) == NULL) |
| 224 | return(NULL); | ||
| 225 | ret->ri=0; | ||
| 226 | ret->RR=BN_new(); | ||
| 227 | ret->N=BN_new(); | ||
| 228 | ret->Ni=NULL; | ||
| 229 | if ((ret->RR == NULL) || (ret->N == NULL)) | ||
| 230 | { | ||
| 231 | BN_MONT_CTX_free(ret); | ||
| 232 | return(NULL); | 242 | return(NULL); |
| 233 | } | 243 | |
| 244 | BN_MONT_CTX_init(ret); | ||
| 245 | ret->flags=BN_FLG_MALLOCED; | ||
| 234 | return(ret); | 246 | return(ret); |
| 235 | } | 247 | } |
| 236 | 248 | ||
| 237 | void BN_MONT_CTX_free(mont) | 249 | void BN_MONT_CTX_init(BN_MONT_CTX *ctx) |
| 238 | BN_MONT_CTX *mont; | ||
| 239 | { | 250 | { |
| 240 | if (mont->RR != NULL) BN_free(mont->RR); | 251 | ctx->ri=0; |
| 241 | if (mont->N != NULL) BN_free(mont->N); | 252 | BN_init(&(ctx->RR)); |
| 242 | if (mont->Ni != NULL) BN_free(mont->Ni); | 253 | BN_init(&(ctx->N)); |
| 243 | Free(mont); | 254 | BN_init(&(ctx->Ni)); |
| 255 | ctx->flags=0; | ||
| 244 | } | 256 | } |
| 245 | 257 | ||
| 246 | int BN_MONT_CTX_set(mont,mod,ctx) | 258 | void BN_MONT_CTX_free(BN_MONT_CTX *mont) |
| 247 | BN_MONT_CTX *mont; | ||
| 248 | BIGNUM *mod; | ||
| 249 | BN_CTX *ctx; | ||
| 250 | { | 259 | { |
| 251 | BIGNUM *Ri=NULL,*R=NULL; | 260 | if(mont == NULL) |
| 261 | return; | ||
| 262 | |||
| 263 | BN_free(&(mont->RR)); | ||
| 264 | BN_free(&(mont->N)); | ||
| 265 | BN_free(&(mont->Ni)); | ||
| 266 | if (mont->flags & BN_FLG_MALLOCED) | ||
| 267 | OPENSSL_free(mont); | ||
| 268 | } | ||
| 252 | 269 | ||
| 253 | if (mont->RR == NULL) mont->RR=BN_new(); | 270 | int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) |
| 254 | if (mont->N == NULL) mont->N=BN_new(); | 271 | { |
| 272 | BIGNUM Ri,*R; | ||
| 255 | 273 | ||
| 256 | R=mont->RR; /* grab RR as a temp */ | 274 | BN_init(&Ri); |
| 257 | BN_copy(mont->N,mod); /* Set N */ | 275 | R= &(mont->RR); /* grab RR as a temp */ |
| 276 | BN_copy(&(mont->N),mod); /* Set N */ | ||
| 277 | mont->N.neg = 0; | ||
| 258 | 278 | ||
| 259 | #ifdef MONT_WORD | 279 | #ifdef MONT_WORD |
| 260 | { | 280 | { |
| 261 | BIGNUM tmod; | 281 | BIGNUM tmod; |
| 262 | BN_ULONG buf[2]; | 282 | BN_ULONG buf[2]; |
| 263 | /* int z; */ | 283 | |
| 264 | 284 | mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; | |
| 265 | mont->ri=(BN_num_bits(mod)+(BN_BITS2-1))/BN_BITS2*BN_BITS2; | 285 | if (!(BN_zero(R))) goto err; |
| 266 | BN_lshift(R,BN_value_one(),BN_BITS2); /* R */ | 286 | if (!(BN_set_bit(R,BN_BITS2))) goto err; /* R */ |
| 267 | /* I was bad, this modification of a passed variable was | 287 | |
| 268 | * breaking the multithreaded stuff :-( | 288 | buf[0]=mod->d[0]; /* tmod = N mod word size */ |
| 269 | * z=mod->top; | 289 | buf[1]=0; |
| 270 | * mod->top=1; */ | 290 | tmod.d=buf; |
| 271 | 291 | tmod.top=1; | |
| 272 | buf[0]=mod->d[0]; | 292 | tmod.dmax=2; |
| 273 | buf[1]=0; | 293 | tmod.neg=0; |
| 274 | tmod.d=buf; | 294 | /* Ri = R^-1 mod N*/ |
| 275 | tmod.top=1; | 295 | if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL) |
| 276 | tmod.max=mod->max; | 296 | goto err; |
| 277 | tmod.neg=mod->neg; | 297 | if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* R*Ri */ |
| 278 | 298 | if (!BN_is_zero(&Ri)) | |
| 279 | if ((Ri=BN_mod_inverse(R,&tmod,ctx)) == NULL) goto err; /* Ri */ | 299 | { |
| 280 | BN_lshift(Ri,Ri,BN_BITS2); /* R*Ri */ | 300 | if (!BN_sub_word(&Ri,1)) goto err; |
| 281 | bn_qsub(Ri,Ri,BN_value_one()); /* R*Ri - 1 */ | 301 | } |
| 282 | BN_div(Ri,NULL,Ri,&tmod,ctx); | 302 | else /* if N mod word size == 1 */ |
| 283 | mont->n0=Ri->d[0]; | 303 | { |
| 284 | BN_free(Ri); | 304 | if (!BN_set_word(&Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */ |
| 285 | /* mod->top=z; */ | 305 | } |
| 286 | } | 306 | if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err; |
| 287 | #else | 307 | /* Ni = (R*Ri-1)/N, |
| 288 | mont->ri=BN_num_bits(mod); | 308 | * keep only least significant word: */ |
| 289 | BN_lshift(R,BN_value_one(),mont->ri); /* R */ | 309 | mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0; |
| 290 | if ((Ri=BN_mod_inverse(R,mod,ctx)) == NULL) goto err; /* Ri */ | 310 | BN_free(&Ri); |
| 291 | BN_lshift(Ri,Ri,mont->ri); /* R*Ri */ | 311 | } |
| 292 | bn_qsub(Ri,Ri,BN_value_one()); /* R*Ri - 1 */ | 312 | #else /* !MONT_WORD */ |
| 293 | BN_div(Ri,NULL,Ri,mod,ctx); | 313 | { /* bignum version */ |
| 294 | if (mont->Ni != NULL) BN_free(mont->Ni); | 314 | mont->ri=BN_num_bits(&mont->N); |
| 295 | mont->Ni=Ri; /* Ni=(R*Ri-1)/N */ | 315 | if (!BN_zero(R)) goto err; |
| 316 | if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */ | ||
| 317 | /* Ri = R^-1 mod N*/ | ||
| 318 | if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL) | ||
| 319 | goto err; | ||
| 320 | if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* R*Ri */ | ||
| 321 | if (!BN_sub_word(&Ri,1)) goto err; | ||
| 322 | /* Ni = (R*Ri-1) / N */ | ||
| 323 | if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err; | ||
| 324 | BN_free(&Ri); | ||
| 325 | } | ||
| 296 | #endif | 326 | #endif |
| 297 | 327 | ||
| 298 | /* setup RR for conversions */ | 328 | /* setup RR for conversions */ |
| 299 | BN_lshift(mont->RR,BN_value_one(),mont->ri*2); | 329 | if (!BN_zero(&(mont->RR))) goto err; |
| 300 | BN_mod(mont->RR,mont->RR,mont->N,ctx); | 330 | if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err; |
| 331 | if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err; | ||
| 301 | 332 | ||
| 302 | return(1); | 333 | return(1); |
| 303 | err: | 334 | err: |
| 304 | return(0); | 335 | return(0); |
| 305 | } | 336 | } |
| 306 | 337 | ||
| 338 | BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) | ||
| 339 | { | ||
| 340 | if (to == from) return(to); | ||
| 341 | |||
| 342 | if (!BN_copy(&(to->RR),&(from->RR))) return NULL; | ||
| 343 | if (!BN_copy(&(to->N),&(from->N))) return NULL; | ||
| 344 | if (!BN_copy(&(to->Ni),&(from->Ni))) return NULL; | ||
| 345 | to->ri=from->ri; | ||
| 346 | to->n0=from->n0; | ||
| 347 | return(to); | ||
| 348 | } | ||
| 349 | |||
diff --git a/src/lib/libcrypto/bn/bn_mpi.c b/src/lib/libcrypto/bn/bn_mpi.c index 53945c1057..05fa9d1e9a 100644 --- a/src/lib/libcrypto/bn/bn_mpi.c +++ b/src/lib/libcrypto/bn/bn_mpi.c | |||
| @@ -60,9 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | int BN_bn2mpi(a,d) | 63 | int BN_bn2mpi(const BIGNUM *a, unsigned char *d) |
| 64 | BIGNUM *a; | ||
| 65 | unsigned char *d; | ||
| 66 | { | 64 | { |
| 67 | int bits; | 65 | int bits; |
| 68 | int num=0; | 66 | int num=0; |
| @@ -90,10 +88,7 @@ unsigned char *d; | |||
| 90 | return(num+4+ext); | 88 | return(num+4+ext); |
| 91 | } | 89 | } |
| 92 | 90 | ||
| 93 | BIGNUM *BN_mpi2bn(d,n,a) | 91 | BIGNUM *BN_mpi2bn(const unsigned char *d, int n, BIGNUM *a) |
| 94 | unsigned char *d; | ||
| 95 | int n; | ||
| 96 | BIGNUM *a; | ||
| 97 | { | 92 | { |
| 98 | long len; | 93 | long len; |
| 99 | int neg=0; | 94 | int neg=0; |
| @@ -103,7 +98,7 @@ BIGNUM *a; | |||
| 103 | BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); | 98 | BNerr(BN_F_BN_MPI2BN,BN_R_INVALID_LENGTH); |
| 104 | return(NULL); | 99 | return(NULL); |
| 105 | } | 100 | } |
| 106 | len=(d[0]<<24)|(d[1]<<16)|(d[2]<<8)|d[3]; | 101 | len=((long)d[0]<<24)|((long)d[1]<<16)|((int)d[2]<<8)|(int)d[3]; |
| 107 | if ((len+4) != n) | 102 | if ((len+4) != n) |
| 108 | { | 103 | { |
| 109 | BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); | 104 | BNerr(BN_F_BN_MPI2BN,BN_R_ENCODING_ERROR); |
diff --git a/src/lib/libcrypto/bn/bn_mul.c b/src/lib/libcrypto/bn/bn_mul.c index d0c04e1d4b..fd598b8b3d 100644 --- a/src/lib/libcrypto/bn/bn_mul.c +++ b/src/lib/libcrypto/bn/bn_mul.c | |||
| @@ -56,154 +56,1108 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef BN_DEBUG | ||
| 60 | # undef NDEBUG /* avoid conflicting definitions */ | ||
| 61 | # define NDEBUG | ||
| 62 | #endif | ||
| 63 | |||
| 59 | #include <stdio.h> | 64 | #include <stdio.h> |
| 65 | #include <assert.h> | ||
| 60 | #include "cryptlib.h" | 66 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 67 | #include "bn_lcl.h" |
| 62 | 68 | ||
| 63 | /* r must be different to a and b */ | 69 | #if defined(OPENSSL_NO_ASM) || !(defined(__i386) || defined(__i386__))/* Assembler implementation exists only for x86 */ |
| 64 | /* int BN_mmul(r, a, b) */ | 70 | /* Here follows specialised variants of bn_add_words() and |
| 65 | int BN_mul(r, a, b) | 71 | bn_sub_words(). They have the property performing operations on |
| 66 | BIGNUM *r; | 72 | arrays of different sizes. The sizes of those arrays is expressed through |
| 67 | BIGNUM *a; | 73 | cl, which is the common length ( basicall, min(len(a),len(b)) ), and dl, |
| 68 | BIGNUM *b; | 74 | which is the delta between the two lengths, calculated as len(a)-len(b). |
| 75 | All lengths are the number of BN_ULONGs... For the operations that require | ||
| 76 | a result array as parameter, it must have the length cl+abs(dl). | ||
| 77 | These functions should probably end up in bn_asm.c as soon as there are | ||
| 78 | assembler counterparts for the systems that use assembler files. */ | ||
| 79 | |||
| 80 | BN_ULONG bn_sub_part_words(BN_ULONG *r, | ||
| 81 | const BN_ULONG *a, const BN_ULONG *b, | ||
| 82 | int cl, int dl) | ||
| 69 | { | 83 | { |
| 70 | int i; | 84 | BN_ULONG c, t; |
| 71 | int max,al,bl; | ||
| 72 | BN_ULONG *ap,*bp,*rp; | ||
| 73 | 85 | ||
| 74 | al=a->top; | 86 | assert(cl >= 0); |
| 75 | bl=b->top; | 87 | c = bn_sub_words(r, a, b, cl); |
| 76 | if ((al == 0) || (bl == 0)) | 88 | |
| 89 | if (dl == 0) | ||
| 90 | return c; | ||
| 91 | |||
| 92 | r += cl; | ||
| 93 | a += cl; | ||
| 94 | b += cl; | ||
| 95 | |||
| 96 | if (dl < 0) | ||
| 77 | { | 97 | { |
| 78 | r->top=0; | 98 | #ifdef BN_COUNT |
| 79 | return(1); | 99 | fprintf(stderr, " bn_sub_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); |
| 80 | } | 100 | #endif |
| 101 | for (;;) | ||
| 102 | { | ||
| 103 | t = b[0]; | ||
| 104 | r[0] = (0-t-c)&BN_MASK2; | ||
| 105 | if (t != 0) c=1; | ||
| 106 | if (++dl >= 0) break; | ||
| 107 | |||
| 108 | t = b[1]; | ||
| 109 | r[1] = (0-t-c)&BN_MASK2; | ||
| 110 | if (t != 0) c=1; | ||
| 111 | if (++dl >= 0) break; | ||
| 112 | |||
| 113 | t = b[2]; | ||
| 114 | r[2] = (0-t-c)&BN_MASK2; | ||
| 115 | if (t != 0) c=1; | ||
| 116 | if (++dl >= 0) break; | ||
| 81 | 117 | ||
| 82 | max=(al+bl); | 118 | t = b[3]; |
| 83 | if (bn_wexpand(r,max) == NULL) return(0); | 119 | r[3] = (0-t-c)&BN_MASK2; |
| 84 | r->top=max; | 120 | if (t != 0) c=1; |
| 85 | r->neg=a->neg^b->neg; | 121 | if (++dl >= 0) break; |
| 86 | ap=a->d; | ||
| 87 | bp=b->d; | ||
| 88 | rp=r->d; | ||
| 89 | 122 | ||
| 90 | rp[al]=bn_mul_words(rp,ap,al,*(bp++)); | 123 | b += 4; |
| 91 | rp++; | 124 | r += 4; |
| 92 | for (i=1; i<bl; i++) | 125 | } |
| 126 | } | ||
| 127 | else | ||
| 93 | { | 128 | { |
| 94 | rp[al]=bn_mul_add_words(rp,ap,al,*(bp++)); | 129 | int save_dl = dl; |
| 95 | rp++; | 130 | #ifdef BN_COUNT |
| 131 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c = %d)\n", cl, dl, c); | ||
| 132 | #endif | ||
| 133 | while(c) | ||
| 134 | { | ||
| 135 | t = a[0]; | ||
| 136 | r[0] = (t-c)&BN_MASK2; | ||
| 137 | if (t != 0) c=0; | ||
| 138 | if (--dl <= 0) break; | ||
| 139 | |||
| 140 | t = a[1]; | ||
| 141 | r[1] = (t-c)&BN_MASK2; | ||
| 142 | if (t != 0) c=0; | ||
| 143 | if (--dl <= 0) break; | ||
| 144 | |||
| 145 | t = a[2]; | ||
| 146 | r[2] = (t-c)&BN_MASK2; | ||
| 147 | if (t != 0) c=0; | ||
| 148 | if (--dl <= 0) break; | ||
| 149 | |||
| 150 | t = a[3]; | ||
| 151 | r[3] = (t-c)&BN_MASK2; | ||
| 152 | if (t != 0) c=0; | ||
| 153 | if (--dl <= 0) break; | ||
| 154 | |||
| 155 | save_dl = dl; | ||
| 156 | a += 4; | ||
| 157 | r += 4; | ||
| 158 | } | ||
| 159 | if (dl > 0) | ||
| 160 | { | ||
| 161 | #ifdef BN_COUNT | ||
| 162 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); | ||
| 163 | #endif | ||
| 164 | if (save_dl > dl) | ||
| 165 | { | ||
| 166 | switch (save_dl - dl) | ||
| 167 | { | ||
| 168 | case 1: | ||
| 169 | r[1] = a[1]; | ||
| 170 | if (--dl <= 0) break; | ||
| 171 | case 2: | ||
| 172 | r[2] = a[2]; | ||
| 173 | if (--dl <= 0) break; | ||
| 174 | case 3: | ||
| 175 | r[3] = a[3]; | ||
| 176 | if (--dl <= 0) break; | ||
| 177 | } | ||
| 178 | a += 4; | ||
| 179 | r += 4; | ||
| 180 | } | ||
| 181 | } | ||
| 182 | if (dl > 0) | ||
| 183 | { | ||
| 184 | #ifdef BN_COUNT | ||
| 185 | fprintf(stderr, " bn_sub_part_words %d + %d (dl > 0, copy)\n", cl, dl); | ||
| 186 | #endif | ||
| 187 | for(;;) | ||
| 188 | { | ||
| 189 | r[0] = a[0]; | ||
| 190 | if (--dl <= 0) break; | ||
| 191 | r[1] = a[1]; | ||
| 192 | if (--dl <= 0) break; | ||
| 193 | r[2] = a[2]; | ||
| 194 | if (--dl <= 0) break; | ||
| 195 | r[3] = a[3]; | ||
| 196 | if (--dl <= 0) break; | ||
| 197 | |||
| 198 | a += 4; | ||
| 199 | r += 4; | ||
| 200 | } | ||
| 201 | } | ||
| 96 | } | 202 | } |
| 97 | if (r->d[max-1] == 0) r->top--; | 203 | return c; |
| 98 | return(1); | ||
| 99 | } | 204 | } |
| 205 | #endif | ||
| 100 | 206 | ||
| 101 | #if 0 | 207 | BN_ULONG bn_add_part_words(BN_ULONG *r, |
| 102 | #include "stack.h" | 208 | const BN_ULONG *a, const BN_ULONG *b, |
| 209 | int cl, int dl) | ||
| 210 | { | ||
| 211 | BN_ULONG c, l, t; | ||
| 212 | |||
| 213 | assert(cl >= 0); | ||
| 214 | c = bn_add_words(r, a, b, cl); | ||
| 215 | |||
| 216 | if (dl == 0) | ||
| 217 | return c; | ||
| 218 | |||
| 219 | r += cl; | ||
| 220 | a += cl; | ||
| 221 | b += cl; | ||
| 222 | |||
| 223 | if (dl < 0) | ||
| 224 | { | ||
| 225 | int save_dl = dl; | ||
| 226 | #ifdef BN_COUNT | ||
| 227 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c = %d)\n", cl, dl, c); | ||
| 228 | #endif | ||
| 229 | while (c) | ||
| 230 | { | ||
| 231 | l=(c+b[0])&BN_MASK2; | ||
| 232 | c=(l < c); | ||
| 233 | r[0]=l; | ||
| 234 | if (++dl >= 0) break; | ||
| 235 | |||
| 236 | l=(c+b[1])&BN_MASK2; | ||
| 237 | c=(l < c); | ||
| 238 | r[1]=l; | ||
| 239 | if (++dl >= 0) break; | ||
| 240 | |||
| 241 | l=(c+b[2])&BN_MASK2; | ||
| 242 | c=(l < c); | ||
| 243 | r[2]=l; | ||
| 244 | if (++dl >= 0) break; | ||
| 103 | 245 | ||
| 104 | int limit=16; | 246 | l=(c+b[3])&BN_MASK2; |
| 247 | c=(l < c); | ||
| 248 | r[3]=l; | ||
| 249 | if (++dl >= 0) break; | ||
| 105 | 250 | ||
| 106 | typedef struct bn_pool_st | 251 | save_dl = dl; |
| 252 | b+=4; | ||
| 253 | r+=4; | ||
| 254 | } | ||
| 255 | if (dl < 0) | ||
| 256 | { | ||
| 257 | #ifdef BN_COUNT | ||
| 258 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, c == 0)\n", cl, dl); | ||
| 259 | #endif | ||
| 260 | if (save_dl < dl) | ||
| 261 | { | ||
| 262 | switch (dl - save_dl) | ||
| 263 | { | ||
| 264 | case 1: | ||
| 265 | r[1] = b[1]; | ||
| 266 | if (++dl >= 0) break; | ||
| 267 | case 2: | ||
| 268 | r[2] = b[2]; | ||
| 269 | if (++dl >= 0) break; | ||
| 270 | case 3: | ||
| 271 | r[3] = b[3]; | ||
| 272 | if (++dl >= 0) break; | ||
| 273 | } | ||
| 274 | b += 4; | ||
| 275 | r += 4; | ||
| 276 | } | ||
| 277 | } | ||
| 278 | if (dl < 0) | ||
| 279 | { | ||
| 280 | #ifdef BN_COUNT | ||
| 281 | fprintf(stderr, " bn_add_part_words %d + %d (dl < 0, copy)\n", cl, dl); | ||
| 282 | #endif | ||
| 283 | for(;;) | ||
| 284 | { | ||
| 285 | r[0] = b[0]; | ||
| 286 | if (++dl >= 0) break; | ||
| 287 | r[1] = b[1]; | ||
| 288 | if (++dl >= 0) break; | ||
| 289 | r[2] = b[2]; | ||
| 290 | if (++dl >= 0) break; | ||
| 291 | r[3] = b[3]; | ||
| 292 | if (++dl >= 0) break; | ||
| 293 | |||
| 294 | b += 4; | ||
| 295 | r += 4; | ||
| 296 | } | ||
| 297 | } | ||
| 298 | } | ||
| 299 | else | ||
| 300 | { | ||
| 301 | int save_dl = dl; | ||
| 302 | #ifdef BN_COUNT | ||
| 303 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0)\n", cl, dl); | ||
| 304 | #endif | ||
| 305 | while (c) | ||
| 306 | { | ||
| 307 | t=(a[0]+c)&BN_MASK2; | ||
| 308 | c=(t < c); | ||
| 309 | r[0]=t; | ||
| 310 | if (--dl <= 0) break; | ||
| 311 | |||
| 312 | t=(a[1]+c)&BN_MASK2; | ||
| 313 | c=(t < c); | ||
| 314 | r[1]=t; | ||
| 315 | if (--dl <= 0) break; | ||
| 316 | |||
| 317 | t=(a[2]+c)&BN_MASK2; | ||
| 318 | c=(t < c); | ||
| 319 | r[2]=t; | ||
| 320 | if (--dl <= 0) break; | ||
| 321 | |||
| 322 | t=(a[3]+c)&BN_MASK2; | ||
| 323 | c=(t < c); | ||
| 324 | r[3]=t; | ||
| 325 | if (--dl <= 0) break; | ||
| 326 | |||
| 327 | save_dl = dl; | ||
| 328 | a+=4; | ||
| 329 | r+=4; | ||
| 330 | } | ||
| 331 | #ifdef BN_COUNT | ||
| 332 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, c == 0)\n", cl, dl); | ||
| 333 | #endif | ||
| 334 | if (dl > 0) | ||
| 335 | { | ||
| 336 | if (save_dl > dl) | ||
| 337 | { | ||
| 338 | switch (save_dl - dl) | ||
| 339 | { | ||
| 340 | case 1: | ||
| 341 | r[1] = a[1]; | ||
| 342 | if (--dl <= 0) break; | ||
| 343 | case 2: | ||
| 344 | r[2] = a[2]; | ||
| 345 | if (--dl <= 0) break; | ||
| 346 | case 3: | ||
| 347 | r[3] = a[3]; | ||
| 348 | if (--dl <= 0) break; | ||
| 349 | } | ||
| 350 | a += 4; | ||
| 351 | r += 4; | ||
| 352 | } | ||
| 353 | } | ||
| 354 | if (dl > 0) | ||
| 355 | { | ||
| 356 | #ifdef BN_COUNT | ||
| 357 | fprintf(stderr, " bn_add_part_words %d + %d (dl > 0, copy)\n", cl, dl); | ||
| 358 | #endif | ||
| 359 | for(;;) | ||
| 360 | { | ||
| 361 | r[0] = a[0]; | ||
| 362 | if (--dl <= 0) break; | ||
| 363 | r[1] = a[1]; | ||
| 364 | if (--dl <= 0) break; | ||
| 365 | r[2] = a[2]; | ||
| 366 | if (--dl <= 0) break; | ||
| 367 | r[3] = a[3]; | ||
| 368 | if (--dl <= 0) break; | ||
| 369 | |||
| 370 | a += 4; | ||
| 371 | r += 4; | ||
| 372 | } | ||
| 373 | } | ||
| 374 | } | ||
| 375 | return c; | ||
| 376 | } | ||
| 377 | |||
| 378 | #ifdef BN_RECURSION | ||
| 379 | /* Karatsuba recursive multiplication algorithm | ||
| 380 | * (cf. Knuth, The Art of Computer Programming, Vol. 2) */ | ||
| 381 | |||
| 382 | /* r is 2*n2 words in size, | ||
| 383 | * a and b are both n2 words in size. | ||
| 384 | * n2 must be a power of 2. | ||
| 385 | * We multiply and return the result. | ||
| 386 | * t must be 2*n2 words in size | ||
| 387 | * We calculate | ||
| 388 | * a[0]*b[0] | ||
| 389 | * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) | ||
| 390 | * a[1]*b[1] | ||
| 391 | */ | ||
| 392 | void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | ||
| 393 | int dna, int dnb, BN_ULONG *t) | ||
| 107 | { | 394 | { |
| 108 | int used; | 395 | int n=n2/2,c1,c2; |
| 109 | int tos; | 396 | int tna=n+dna, tnb=n+dnb; |
| 110 | STACK *sk; | 397 | unsigned int neg,zero; |
| 111 | } BN_POOL; | 398 | BN_ULONG ln,lo,*p; |
| 399 | |||
| 400 | # ifdef BN_COUNT | ||
| 401 | fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2); | ||
| 402 | # endif | ||
| 403 | # ifdef BN_MUL_COMBA | ||
| 404 | # if 0 | ||
| 405 | if (n2 == 4) | ||
| 406 | { | ||
| 407 | bn_mul_comba4(r,a,b); | ||
| 408 | return; | ||
| 409 | } | ||
| 410 | # endif | ||
| 411 | /* Only call bn_mul_comba 8 if n2 == 8 and the | ||
| 412 | * two arrays are complete [steve] | ||
| 413 | */ | ||
| 414 | if (n2 == 8 && dna == 0 && dnb == 0) | ||
| 415 | { | ||
| 416 | bn_mul_comba8(r,a,b); | ||
| 417 | return; | ||
| 418 | } | ||
| 419 | # endif /* BN_MUL_COMBA */ | ||
| 420 | /* Else do normal multiply */ | ||
| 421 | if (n2 < BN_MUL_RECURSIVE_SIZE_NORMAL) | ||
| 422 | { | ||
| 423 | bn_mul_normal(r,a,n2+dna,b,n2+dnb); | ||
| 424 | if ((dna + dnb) < 0) | ||
| 425 | memset(&r[2*n2 + dna + dnb], 0, | ||
| 426 | sizeof(BN_ULONG) * -(dna + dnb)); | ||
| 427 | return; | ||
| 428 | } | ||
| 429 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ | ||
| 430 | c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); | ||
| 431 | c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); | ||
| 432 | zero=neg=0; | ||
| 433 | switch (c1*3+c2) | ||
| 434 | { | ||
| 435 | case -4: | ||
| 436 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ | ||
| 437 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ | ||
| 438 | break; | ||
| 439 | case -3: | ||
| 440 | zero=1; | ||
| 441 | break; | ||
| 442 | case -2: | ||
| 443 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ | ||
| 444 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ | ||
| 445 | neg=1; | ||
| 446 | break; | ||
| 447 | case -1: | ||
| 448 | case 0: | ||
| 449 | case 1: | ||
| 450 | zero=1; | ||
| 451 | break; | ||
| 452 | case 2: | ||
| 453 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ | ||
| 454 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ | ||
| 455 | neg=1; | ||
| 456 | break; | ||
| 457 | case 3: | ||
| 458 | zero=1; | ||
| 459 | break; | ||
| 460 | case 4: | ||
| 461 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); | ||
| 462 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); | ||
| 463 | break; | ||
| 464 | } | ||
| 465 | |||
| 466 | # ifdef BN_MUL_COMBA | ||
| 467 | if (n == 4 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba4 could take | ||
| 468 | extra args to do this well */ | ||
| 469 | { | ||
| 470 | if (!zero) | ||
| 471 | bn_mul_comba4(&(t[n2]),t,&(t[n])); | ||
| 472 | else | ||
| 473 | memset(&(t[n2]),0,8*sizeof(BN_ULONG)); | ||
| 474 | |||
| 475 | bn_mul_comba4(r,a,b); | ||
| 476 | bn_mul_comba4(&(r[n2]),&(a[n]),&(b[n])); | ||
| 477 | } | ||
| 478 | else if (n == 8 && dna == 0 && dnb == 0) /* XXX: bn_mul_comba8 could | ||
| 479 | take extra args to do this | ||
| 480 | well */ | ||
| 481 | { | ||
| 482 | if (!zero) | ||
| 483 | bn_mul_comba8(&(t[n2]),t,&(t[n])); | ||
| 484 | else | ||
| 485 | memset(&(t[n2]),0,16*sizeof(BN_ULONG)); | ||
| 486 | |||
| 487 | bn_mul_comba8(r,a,b); | ||
| 488 | bn_mul_comba8(&(r[n2]),&(a[n]),&(b[n])); | ||
| 489 | } | ||
| 490 | else | ||
| 491 | # endif /* BN_MUL_COMBA */ | ||
| 492 | { | ||
| 493 | p= &(t[n2*2]); | ||
| 494 | if (!zero) | ||
| 495 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); | ||
| 496 | else | ||
| 497 | memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); | ||
| 498 | bn_mul_recursive(r,a,b,n,0,0,p); | ||
| 499 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]),n,dna,dnb,p); | ||
| 500 | } | ||
| 112 | 501 | ||
| 113 | BIGNUM *BN_POOL_push(bp) | 502 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign |
| 114 | BN_POOL *bp; | 503 | * r[10] holds (a[0]*b[0]) |
| 504 | * r[32] holds (b[1]*b[1]) | ||
| 505 | */ | ||
| 506 | |||
| 507 | c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); | ||
| 508 | |||
| 509 | if (neg) /* if t[32] is negative */ | ||
| 510 | { | ||
| 511 | c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); | ||
| 512 | } | ||
| 513 | else | ||
| 514 | { | ||
| 515 | /* Might have a carry */ | ||
| 516 | c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); | ||
| 517 | } | ||
| 518 | |||
| 519 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) | ||
| 520 | * r[10] holds (a[0]*b[0]) | ||
| 521 | * r[32] holds (b[1]*b[1]) | ||
| 522 | * c1 holds the carry bits | ||
| 523 | */ | ||
| 524 | c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); | ||
| 525 | if (c1) | ||
| 526 | { | ||
| 527 | p= &(r[n+n2]); | ||
| 528 | lo= *p; | ||
| 529 | ln=(lo+c1)&BN_MASK2; | ||
| 530 | *p=ln; | ||
| 531 | |||
| 532 | /* The overflow will stop before we over write | ||
| 533 | * words we should not overwrite */ | ||
| 534 | if (ln < (BN_ULONG)c1) | ||
| 535 | { | ||
| 536 | do { | ||
| 537 | p++; | ||
| 538 | lo= *p; | ||
| 539 | ln=(lo+1)&BN_MASK2; | ||
| 540 | *p=ln; | ||
| 541 | } while (ln == 0); | ||
| 542 | } | ||
| 543 | } | ||
| 544 | } | ||
| 545 | |||
| 546 | /* n+tn is the word length | ||
| 547 | * t needs to be n*4 is size, as does r */ | ||
| 548 | void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n, | ||
| 549 | int tna, int tnb, BN_ULONG *t) | ||
| 115 | { | 550 | { |
| 116 | BIGNUM *ret; | 551 | int i,j,n2=n*2; |
| 552 | unsigned int c1,c2,neg,zero; | ||
| 553 | BN_ULONG ln,lo,*p; | ||
| 554 | |||
| 555 | # ifdef BN_COUNT | ||
| 556 | fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n", | ||
| 557 | tna, n, tnb, n); | ||
| 558 | # endif | ||
| 559 | if (n < 8) | ||
| 560 | { | ||
| 561 | bn_mul_normal(r,a,n+tna,b,n+tnb); | ||
| 562 | return; | ||
| 563 | } | ||
| 117 | 564 | ||
| 118 | if (bp->used >= bp->tos) | 565 | /* r=(a[0]-a[1])*(b[1]-b[0]) */ |
| 566 | c1=bn_cmp_part_words(a,&(a[n]),tna,n-tna); | ||
| 567 | c2=bn_cmp_part_words(&(b[n]),b,tnb,tnb-n); | ||
| 568 | zero=neg=0; | ||
| 569 | switch (c1*3+c2) | ||
| 570 | { | ||
| 571 | case -4: | ||
| 572 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ | ||
| 573 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ | ||
| 574 | break; | ||
| 575 | case -3: | ||
| 576 | zero=1; | ||
| 577 | /* break; */ | ||
| 578 | case -2: | ||
| 579 | bn_sub_part_words(t, &(a[n]),a, tna,tna-n); /* - */ | ||
| 580 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); /* + */ | ||
| 581 | neg=1; | ||
| 582 | break; | ||
| 583 | case -1: | ||
| 584 | case 0: | ||
| 585 | case 1: | ||
| 586 | zero=1; | ||
| 587 | /* break; */ | ||
| 588 | case 2: | ||
| 589 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); /* + */ | ||
| 590 | bn_sub_part_words(&(t[n]),b, &(b[n]),tnb,n-tnb); /* - */ | ||
| 591 | neg=1; | ||
| 592 | break; | ||
| 593 | case 3: | ||
| 594 | zero=1; | ||
| 595 | /* break; */ | ||
| 596 | case 4: | ||
| 597 | bn_sub_part_words(t, a, &(a[n]),tna,n-tna); | ||
| 598 | bn_sub_part_words(&(t[n]),&(b[n]),b, tnb,tnb-n); | ||
| 599 | break; | ||
| 600 | } | ||
| 601 | /* The zero case isn't yet implemented here. The speedup | ||
| 602 | would probably be negligible. */ | ||
| 603 | # if 0 | ||
| 604 | if (n == 4) | ||
| 119 | { | 605 | { |
| 120 | ret=BN_new(); | 606 | bn_mul_comba4(&(t[n2]),t,&(t[n])); |
| 121 | sk_push(bp->sk,(char *)ret); | 607 | bn_mul_comba4(r,a,b); |
| 122 | bp->tos++; | 608 | bn_mul_normal(&(r[n2]),&(a[n]),tn,&(b[n]),tn); |
| 123 | bp->used++; | 609 | memset(&(r[n2+tn*2]),0,sizeof(BN_ULONG)*(n2-tn*2)); |
| 124 | } | 610 | } |
| 125 | else | 611 | else |
| 612 | # endif | ||
| 613 | if (n == 8) | ||
| 126 | { | 614 | { |
| 127 | ret=(BIGNUM *)sk_value(bp->sk,bp->used); | 615 | bn_mul_comba8(&(t[n2]),t,&(t[n])); |
| 128 | bp->used++; | 616 | bn_mul_comba8(r,a,b); |
| 617 | bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); | ||
| 618 | memset(&(r[n2+tna+tnb]),0,sizeof(BN_ULONG)*(n2-tna-tnb)); | ||
| 619 | } | ||
| 620 | else | ||
| 621 | { | ||
| 622 | p= &(t[n2*2]); | ||
| 623 | bn_mul_recursive(&(t[n2]),t,&(t[n]),n,0,0,p); | ||
| 624 | bn_mul_recursive(r,a,b,n,0,0,p); | ||
| 625 | i=n/2; | ||
| 626 | /* If there is only a bottom half to the number, | ||
| 627 | * just do it */ | ||
| 628 | if (tna > tnb) | ||
| 629 | j = tna - i; | ||
| 630 | else | ||
| 631 | j = tnb - i; | ||
| 632 | if (j == 0) | ||
| 633 | { | ||
| 634 | bn_mul_recursive(&(r[n2]),&(a[n]),&(b[n]), | ||
| 635 | i,tna-i,tnb-i,p); | ||
| 636 | memset(&(r[n2+i*2]),0,sizeof(BN_ULONG)*(n2-i*2)); | ||
| 637 | } | ||
| 638 | else if (j > 0) /* eg, n == 16, i == 8 and tn == 11 */ | ||
| 639 | { | ||
| 640 | bn_mul_part_recursive(&(r[n2]),&(a[n]),&(b[n]), | ||
| 641 | i,tna-i,tnb-i,p); | ||
| 642 | memset(&(r[n2+tna+tnb]),0, | ||
| 643 | sizeof(BN_ULONG)*(n2-tna-tnb)); | ||
| 644 | } | ||
| 645 | else /* (j < 0) eg, n == 16, i == 8 and tn == 5 */ | ||
| 646 | { | ||
| 647 | memset(&(r[n2]),0,sizeof(BN_ULONG)*n2); | ||
| 648 | if (tna < BN_MUL_RECURSIVE_SIZE_NORMAL | ||
| 649 | && tnb < BN_MUL_RECURSIVE_SIZE_NORMAL) | ||
| 650 | { | ||
| 651 | bn_mul_normal(&(r[n2]),&(a[n]),tna,&(b[n]),tnb); | ||
| 652 | } | ||
| 653 | else | ||
| 654 | { | ||
| 655 | for (;;) | ||
| 656 | { | ||
| 657 | i/=2; | ||
| 658 | if (i < tna && i < tnb) | ||
| 659 | { | ||
| 660 | bn_mul_part_recursive(&(r[n2]), | ||
| 661 | &(a[n]),&(b[n]), | ||
| 662 | i,tna-i,tnb-i,p); | ||
| 663 | break; | ||
| 664 | } | ||
| 665 | else if (i <= tna && i <= tnb) | ||
| 666 | { | ||
| 667 | bn_mul_recursive(&(r[n2]), | ||
| 668 | &(a[n]),&(b[n]), | ||
| 669 | i,tna-i,tnb-i,p); | ||
| 670 | break; | ||
| 671 | } | ||
| 672 | } | ||
| 673 | } | ||
| 674 | } | ||
| 675 | } | ||
| 676 | |||
| 677 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0]), c1 is the sign | ||
| 678 | * r[10] holds (a[0]*b[0]) | ||
| 679 | * r[32] holds (b[1]*b[1]) | ||
| 680 | */ | ||
| 681 | |||
| 682 | c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); | ||
| 683 | |||
| 684 | if (neg) /* if t[32] is negative */ | ||
| 685 | { | ||
| 686 | c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); | ||
| 687 | } | ||
| 688 | else | ||
| 689 | { | ||
| 690 | /* Might have a carry */ | ||
| 691 | c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),t,n2)); | ||
| 692 | } | ||
| 693 | |||
| 694 | /* t[32] holds (a[0]-a[1])*(b[1]-b[0])+(a[0]*b[0])+(a[1]*b[1]) | ||
| 695 | * r[10] holds (a[0]*b[0]) | ||
| 696 | * r[32] holds (b[1]*b[1]) | ||
| 697 | * c1 holds the carry bits | ||
| 698 | */ | ||
| 699 | c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); | ||
| 700 | if (c1) | ||
| 701 | { | ||
| 702 | p= &(r[n+n2]); | ||
| 703 | lo= *p; | ||
| 704 | ln=(lo+c1)&BN_MASK2; | ||
| 705 | *p=ln; | ||
| 706 | |||
| 707 | /* The overflow will stop before we over write | ||
| 708 | * words we should not overwrite */ | ||
| 709 | if (ln < c1) | ||
| 710 | { | ||
| 711 | do { | ||
| 712 | p++; | ||
| 713 | lo= *p; | ||
| 714 | ln=(lo+1)&BN_MASK2; | ||
| 715 | *p=ln; | ||
| 716 | } while (ln == 0); | ||
| 717 | } | ||
| 129 | } | 718 | } |
| 130 | return(ret); | ||
| 131 | } | 719 | } |
| 132 | 720 | ||
| 133 | void BN_POOL_pop(bp,num) | 721 | /* a and b must be the same size, which is n2. |
| 134 | BN_POOL *bp; | 722 | * r needs to be n2 words and t needs to be n2*2 |
| 135 | int num; | 723 | */ |
| 724 | void bn_mul_low_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2, | ||
| 725 | BN_ULONG *t) | ||
| 136 | { | 726 | { |
| 137 | bp->used-=num; | 727 | int n=n2/2; |
| 728 | |||
| 729 | # ifdef BN_COUNT | ||
| 730 | fprintf(stderr," bn_mul_low_recursive %d * %d\n",n2,n2); | ||
| 731 | # endif | ||
| 732 | |||
| 733 | bn_mul_recursive(r,a,b,n,0,0,&(t[0])); | ||
| 734 | if (n >= BN_MUL_LOW_RECURSIVE_SIZE_NORMAL) | ||
| 735 | { | ||
| 736 | bn_mul_low_recursive(&(t[0]),&(a[0]),&(b[n]),n,&(t[n2])); | ||
| 737 | bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); | ||
| 738 | bn_mul_low_recursive(&(t[0]),&(a[n]),&(b[0]),n,&(t[n2])); | ||
| 739 | bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); | ||
| 740 | } | ||
| 741 | else | ||
| 742 | { | ||
| 743 | bn_mul_low_normal(&(t[0]),&(a[0]),&(b[n]),n); | ||
| 744 | bn_mul_low_normal(&(t[n]),&(a[n]),&(b[0]),n); | ||
| 745 | bn_add_words(&(r[n]),&(r[n]),&(t[0]),n); | ||
| 746 | bn_add_words(&(r[n]),&(r[n]),&(t[n]),n); | ||
| 747 | } | ||
| 138 | } | 748 | } |
| 139 | 749 | ||
| 140 | int BN_mul(r,a,b) | 750 | /* a and b must be the same size, which is n2. |
| 141 | BIGNUM *r,*a,*b; | 751 | * r needs to be n2 words and t needs to be n2*2 |
| 752 | * l is the low words of the output. | ||
| 753 | * t needs to be n2*3 | ||
| 754 | */ | ||
| 755 | void bn_mul_high(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, BN_ULONG *l, int n2, | ||
| 756 | BN_ULONG *t) | ||
| 142 | { | 757 | { |
| 143 | static BN_POOL bp; | 758 | int i,n; |
| 144 | static init=1; | 759 | int c1,c2; |
| 760 | int neg,oneg,zero; | ||
| 761 | BN_ULONG ll,lc,*lp,*mp; | ||
| 762 | |||
| 763 | # ifdef BN_COUNT | ||
| 764 | fprintf(stderr," bn_mul_high %d * %d\n",n2,n2); | ||
| 765 | # endif | ||
| 766 | n=n2/2; | ||
| 767 | |||
| 768 | /* Calculate (al-ah)*(bh-bl) */ | ||
| 769 | neg=zero=0; | ||
| 770 | c1=bn_cmp_words(&(a[0]),&(a[n]),n); | ||
| 771 | c2=bn_cmp_words(&(b[n]),&(b[0]),n); | ||
| 772 | switch (c1*3+c2) | ||
| 773 | { | ||
| 774 | case -4: | ||
| 775 | bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); | ||
| 776 | bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); | ||
| 777 | break; | ||
| 778 | case -3: | ||
| 779 | zero=1; | ||
| 780 | break; | ||
| 781 | case -2: | ||
| 782 | bn_sub_words(&(r[0]),&(a[n]),&(a[0]),n); | ||
| 783 | bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); | ||
| 784 | neg=1; | ||
| 785 | break; | ||
| 786 | case -1: | ||
| 787 | case 0: | ||
| 788 | case 1: | ||
| 789 | zero=1; | ||
| 790 | break; | ||
| 791 | case 2: | ||
| 792 | bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); | ||
| 793 | bn_sub_words(&(r[n]),&(b[0]),&(b[n]),n); | ||
| 794 | neg=1; | ||
| 795 | break; | ||
| 796 | case 3: | ||
| 797 | zero=1; | ||
| 798 | break; | ||
| 799 | case 4: | ||
| 800 | bn_sub_words(&(r[0]),&(a[0]),&(a[n]),n); | ||
| 801 | bn_sub_words(&(r[n]),&(b[n]),&(b[0]),n); | ||
| 802 | break; | ||
| 803 | } | ||
| 804 | |||
| 805 | oneg=neg; | ||
| 806 | /* t[10] = (a[0]-a[1])*(b[1]-b[0]) */ | ||
| 807 | /* r[10] = (a[1]*b[1]) */ | ||
| 808 | # ifdef BN_MUL_COMBA | ||
| 809 | if (n == 8) | ||
| 810 | { | ||
| 811 | bn_mul_comba8(&(t[0]),&(r[0]),&(r[n])); | ||
| 812 | bn_mul_comba8(r,&(a[n]),&(b[n])); | ||
| 813 | } | ||
| 814 | else | ||
| 815 | # endif | ||
| 816 | { | ||
| 817 | bn_mul_recursive(&(t[0]),&(r[0]),&(r[n]),n,0,0,&(t[n2])); | ||
| 818 | bn_mul_recursive(r,&(a[n]),&(b[n]),n,0,0,&(t[n2])); | ||
| 819 | } | ||
| 820 | |||
| 821 | /* s0 == low(al*bl) | ||
| 822 | * s1 == low(ah*bh)+low((al-ah)*(bh-bl))+low(al*bl)+high(al*bl) | ||
| 823 | * We know s0 and s1 so the only unknown is high(al*bl) | ||
| 824 | * high(al*bl) == s1 - low(ah*bh+s0+(al-ah)*(bh-bl)) | ||
| 825 | * high(al*bl) == s1 - (r[0]+l[0]+t[0]) | ||
| 826 | */ | ||
| 827 | if (l != NULL) | ||
| 828 | { | ||
| 829 | lp= &(t[n2+n]); | ||
| 830 | c1=(int)(bn_add_words(lp,&(r[0]),&(l[0]),n)); | ||
| 831 | } | ||
| 832 | else | ||
| 833 | { | ||
| 834 | c1=0; | ||
| 835 | lp= &(r[0]); | ||
| 836 | } | ||
| 837 | |||
| 838 | if (neg) | ||
| 839 | neg=(int)(bn_sub_words(&(t[n2]),lp,&(t[0]),n)); | ||
| 840 | else | ||
| 841 | { | ||
| 842 | bn_add_words(&(t[n2]),lp,&(t[0]),n); | ||
| 843 | neg=0; | ||
| 844 | } | ||
| 845 | |||
| 846 | if (l != NULL) | ||
| 847 | { | ||
| 848 | bn_sub_words(&(t[n2+n]),&(l[n]),&(t[n2]),n); | ||
| 849 | } | ||
| 850 | else | ||
| 851 | { | ||
| 852 | lp= &(t[n2+n]); | ||
| 853 | mp= &(t[n2]); | ||
| 854 | for (i=0; i<n; i++) | ||
| 855 | lp[i]=((~mp[i])+1)&BN_MASK2; | ||
| 856 | } | ||
| 145 | 857 | ||
| 146 | if (init) | 858 | /* s[0] = low(al*bl) |
| 859 | * t[3] = high(al*bl) | ||
| 860 | * t[10] = (a[0]-a[1])*(b[1]-b[0]) neg is the sign | ||
| 861 | * r[10] = (a[1]*b[1]) | ||
| 862 | */ | ||
| 863 | /* R[10] = al*bl | ||
| 864 | * R[21] = al*bl + ah*bh + (a[0]-a[1])*(b[1]-b[0]) | ||
| 865 | * R[32] = ah*bh | ||
| 866 | */ | ||
| 867 | /* R[1]=t[3]+l[0]+r[0](+-)t[0] (have carry/borrow) | ||
| 868 | * R[2]=r[0]+t[3]+r[1](+-)t[1] (have carry/borrow) | ||
| 869 | * R[3]=r[1]+(carry/borrow) | ||
| 870 | */ | ||
| 871 | if (l != NULL) | ||
| 872 | { | ||
| 873 | lp= &(t[n2]); | ||
| 874 | c1= (int)(bn_add_words(lp,&(t[n2+n]),&(l[0]),n)); | ||
| 875 | } | ||
| 876 | else | ||
| 147 | { | 877 | { |
| 148 | bp.used=0; | 878 | lp= &(t[n2+n]); |
| 149 | bp.tos=0; | 879 | c1=0; |
| 150 | bp.sk=sk_new_null(); | 880 | } |
| 151 | init=0; | 881 | c1+=(int)(bn_add_words(&(t[n2]),lp, &(r[0]),n)); |
| 882 | if (oneg) | ||
| 883 | c1-=(int)(bn_sub_words(&(t[n2]),&(t[n2]),&(t[0]),n)); | ||
| 884 | else | ||
| 885 | c1+=(int)(bn_add_words(&(t[n2]),&(t[n2]),&(t[0]),n)); | ||
| 886 | |||
| 887 | c2 =(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n2+n]),n)); | ||
| 888 | c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(r[n]),n)); | ||
| 889 | if (oneg) | ||
| 890 | c2-=(int)(bn_sub_words(&(r[0]),&(r[0]),&(t[n]),n)); | ||
| 891 | else | ||
| 892 | c2+=(int)(bn_add_words(&(r[0]),&(r[0]),&(t[n]),n)); | ||
| 893 | |||
| 894 | if (c1 != 0) /* Add starting at r[0], could be +ve or -ve */ | ||
| 895 | { | ||
| 896 | i=0; | ||
| 897 | if (c1 > 0) | ||
| 898 | { | ||
| 899 | lc=c1; | ||
| 900 | do { | ||
| 901 | ll=(r[i]+lc)&BN_MASK2; | ||
| 902 | r[i++]=ll; | ||
| 903 | lc=(lc > ll); | ||
| 904 | } while (lc); | ||
| 905 | } | ||
| 906 | else | ||
| 907 | { | ||
| 908 | lc= -c1; | ||
| 909 | do { | ||
| 910 | ll=r[i]; | ||
| 911 | r[i++]=(ll-lc)&BN_MASK2; | ||
| 912 | lc=(lc > ll); | ||
| 913 | } while (lc); | ||
| 914 | } | ||
| 915 | } | ||
| 916 | if (c2 != 0) /* Add starting at r[1] */ | ||
| 917 | { | ||
| 918 | i=n; | ||
| 919 | if (c2 > 0) | ||
| 920 | { | ||
| 921 | lc=c2; | ||
| 922 | do { | ||
| 923 | ll=(r[i]+lc)&BN_MASK2; | ||
| 924 | r[i++]=ll; | ||
| 925 | lc=(lc > ll); | ||
| 926 | } while (lc); | ||
| 927 | } | ||
| 928 | else | ||
| 929 | { | ||
| 930 | lc= -c2; | ||
| 931 | do { | ||
| 932 | ll=r[i]; | ||
| 933 | r[i++]=(ll-lc)&BN_MASK2; | ||
| 934 | lc=(lc > ll); | ||
| 935 | } while (lc); | ||
| 936 | } | ||
| 152 | } | 937 | } |
| 153 | return(BN_mm(r,a,b,&bp)); | ||
| 154 | } | 938 | } |
| 939 | #endif /* BN_RECURSION */ | ||
| 155 | 940 | ||
| 156 | /* r must be different to a and b */ | 941 | int BN_mul(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, BN_CTX *ctx) |
| 157 | int BN_mm(m, A, B, bp) | ||
| 158 | BIGNUM *m,*A,*B; | ||
| 159 | BN_POOL *bp; | ||
| 160 | { | 942 | { |
| 161 | int i,num; | 943 | int ret=0; |
| 162 | int an,bn; | 944 | int top,al,bl; |
| 163 | BIGNUM *a,*b,*c,*d,*ac,*bd; | 945 | BIGNUM *rr; |
| 946 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) | ||
| 947 | int i; | ||
| 948 | #endif | ||
| 949 | #ifdef BN_RECURSION | ||
| 950 | BIGNUM *t=NULL; | ||
| 951 | int j=0,k; | ||
| 952 | #endif | ||
| 953 | |||
| 954 | #ifdef BN_COUNT | ||
| 955 | fprintf(stderr,"BN_mul %d * %d\n",a->top,b->top); | ||
| 956 | #endif | ||
| 164 | 957 | ||
| 165 | an=A->top; | 958 | bn_check_top(a); |
| 166 | bn=B->top; | 959 | bn_check_top(b); |
| 167 | if ((an <= limit) || (bn <= limit)) | 960 | bn_check_top(r); |
| 961 | |||
| 962 | al=a->top; | ||
| 963 | bl=b->top; | ||
| 964 | |||
| 965 | if ((al == 0) || (bl == 0)) | ||
| 168 | { | 966 | { |
| 169 | return(BN_mmul(m,A,B)); | 967 | if (!BN_zero(r)) goto err; |
| 968 | return(1); | ||
| 170 | } | 969 | } |
| 970 | top=al+bl; | ||
| 171 | 971 | ||
| 172 | a=BN_POOL_push(bp); | 972 | BN_CTX_start(ctx); |
| 173 | b=BN_POOL_push(bp); | 973 | if ((r == a) || (r == b)) |
| 174 | c=BN_POOL_push(bp); | 974 | { |
| 175 | d=BN_POOL_push(bp); | 975 | if ((rr = BN_CTX_get(ctx)) == NULL) goto err; |
| 176 | ac=BN_POOL_push(bp); | 976 | } |
| 177 | bd=BN_POOL_push(bp); | 977 | else |
| 978 | rr = r; | ||
| 979 | rr->neg=a->neg^b->neg; | ||
| 178 | 980 | ||
| 179 | num=(an <= bn)?an:bn; | 981 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
| 180 | num=1<<(BN_num_bits_word(num-1)-1); | 982 | i = al-bl; |
| 983 | #endif | ||
| 984 | #ifdef BN_MUL_COMBA | ||
| 985 | if (i == 0) | ||
| 986 | { | ||
| 987 | # if 0 | ||
| 988 | if (al == 4) | ||
| 989 | { | ||
| 990 | if (bn_wexpand(rr,8) == NULL) goto err; | ||
| 991 | rr->top=8; | ||
| 992 | bn_mul_comba4(rr->d,a->d,b->d); | ||
| 993 | goto end; | ||
| 994 | } | ||
| 995 | # endif | ||
| 996 | if (al == 8) | ||
| 997 | { | ||
| 998 | if (bn_wexpand(rr,16) == NULL) goto err; | ||
| 999 | rr->top=16; | ||
| 1000 | bn_mul_comba8(rr->d,a->d,b->d); | ||
| 1001 | goto end; | ||
| 1002 | } | ||
| 1003 | } | ||
| 1004 | #endif /* BN_MUL_COMBA */ | ||
| 1005 | #ifdef BN_RECURSION | ||
| 1006 | if ((al >= BN_MULL_SIZE_NORMAL) && (bl >= BN_MULL_SIZE_NORMAL)) | ||
| 1007 | { | ||
| 1008 | if (i >= -1 && i <= 1) | ||
| 1009 | { | ||
| 1010 | int sav_j =0; | ||
| 1011 | /* Find out the power of two lower or equal | ||
| 1012 | to the longest of the two numbers */ | ||
| 1013 | if (i >= 0) | ||
| 1014 | { | ||
| 1015 | j = BN_num_bits_word((BN_ULONG)al); | ||
| 1016 | } | ||
| 1017 | if (i == -1) | ||
| 1018 | { | ||
| 1019 | j = BN_num_bits_word((BN_ULONG)bl); | ||
| 1020 | } | ||
| 1021 | sav_j = j; | ||
| 1022 | j = 1<<(j-1); | ||
| 1023 | assert(j <= al || j <= bl); | ||
| 1024 | k = j+j; | ||
| 1025 | t = BN_CTX_get(ctx); | ||
| 1026 | if (al > j || bl > j) | ||
| 1027 | { | ||
| 1028 | bn_wexpand(t,k*4); | ||
| 1029 | bn_wexpand(rr,k*4); | ||
| 1030 | bn_mul_part_recursive(rr->d,a->d,b->d, | ||
| 1031 | j,al-j,bl-j,t->d); | ||
| 1032 | } | ||
| 1033 | else /* al <= j || bl <= j */ | ||
| 1034 | { | ||
| 1035 | bn_wexpand(t,k*2); | ||
| 1036 | bn_wexpand(rr,k*2); | ||
| 1037 | bn_mul_recursive(rr->d,a->d,b->d, | ||
| 1038 | j,al-j,bl-j,t->d); | ||
| 1039 | } | ||
| 1040 | rr->top=top; | ||
| 1041 | goto end; | ||
| 1042 | } | ||
| 1043 | #if 0 | ||
| 1044 | if (i == 1 && !BN_get_flags(b,BN_FLG_STATIC_DATA)) | ||
| 1045 | { | ||
| 1046 | BIGNUM *tmp_bn = (BIGNUM *)b; | ||
| 1047 | if (bn_wexpand(tmp_bn,al) == NULL) goto err; | ||
| 1048 | tmp_bn->d[bl]=0; | ||
| 1049 | bl++; | ||
| 1050 | i--; | ||
| 1051 | } | ||
| 1052 | else if (i == -1 && !BN_get_flags(a,BN_FLG_STATIC_DATA)) | ||
| 1053 | { | ||
| 1054 | BIGNUM *tmp_bn = (BIGNUM *)a; | ||
| 1055 | if (bn_wexpand(tmp_bn,bl) == NULL) goto err; | ||
| 1056 | tmp_bn->d[al]=0; | ||
| 1057 | al++; | ||
| 1058 | i++; | ||
| 1059 | } | ||
| 1060 | if (i == 0) | ||
| 1061 | { | ||
| 1062 | /* symmetric and > 4 */ | ||
| 1063 | /* 16 or larger */ | ||
| 1064 | j=BN_num_bits_word((BN_ULONG)al); | ||
| 1065 | j=1<<(j-1); | ||
| 1066 | k=j+j; | ||
| 1067 | t = BN_CTX_get(ctx); | ||
| 1068 | if (al == j) /* exact multiple */ | ||
| 1069 | { | ||
| 1070 | if (bn_wexpand(t,k*2) == NULL) goto err; | ||
| 1071 | if (bn_wexpand(rr,k*2) == NULL) goto err; | ||
| 1072 | bn_mul_recursive(rr->d,a->d,b->d,al,t->d); | ||
| 1073 | } | ||
| 1074 | else | ||
| 1075 | { | ||
| 1076 | if (bn_wexpand(t,k*4) == NULL) goto err; | ||
| 1077 | if (bn_wexpand(rr,k*4) == NULL) goto err; | ||
| 1078 | bn_mul_part_recursive(rr->d,a->d,b->d,al-j,j,t->d); | ||
| 1079 | } | ||
| 1080 | rr->top=top; | ||
| 1081 | goto end; | ||
| 1082 | } | ||
| 1083 | #endif | ||
| 1084 | } | ||
| 1085 | #endif /* BN_RECURSION */ | ||
| 1086 | if (bn_wexpand(rr,top) == NULL) goto err; | ||
| 1087 | rr->top=top; | ||
| 1088 | bn_mul_normal(rr->d,a->d,al,b->d,bl); | ||
| 181 | 1089 | ||
| 182 | /* Are going to now chop things into 'num' word chunks. */ | 1090 | #if defined(BN_MUL_COMBA) || defined(BN_RECURSION) |
| 183 | num*=BN_BITS2; | 1091 | end: |
| 1092 | #endif | ||
| 1093 | bn_fix_top(rr); | ||
| 1094 | if (r != rr) BN_copy(r,rr); | ||
| 1095 | ret=1; | ||
| 1096 | err: | ||
| 1097 | BN_CTX_end(ctx); | ||
| 1098 | return(ret); | ||
| 1099 | } | ||
| 184 | 1100 | ||
| 185 | BN_copy(a,A); | 1101 | void bn_mul_normal(BN_ULONG *r, BN_ULONG *a, int na, BN_ULONG *b, int nb) |
| 186 | BN_mask_bits(a,num); | 1102 | { |
| 187 | BN_rshift(b,A,num); | 1103 | BN_ULONG *rr; |
| 188 | 1104 | ||
| 189 | BN_copy(c,B); | 1105 | #ifdef BN_COUNT |
| 190 | BN_mask_bits(c,num); | 1106 | fprintf(stderr," bn_mul_normal %d * %d\n",na,nb); |
| 191 | BN_rshift(d,B,num); | 1107 | #endif |
| 192 | 1108 | ||
| 193 | BN_sub(ac ,b,a); | 1109 | if (na < nb) |
| 194 | BN_sub(bd,c,d); | 1110 | { |
| 195 | BN_mm(m,ac,bd,bp); | 1111 | int itmp; |
| 196 | BN_mm(ac,a,c,bp); | 1112 | BN_ULONG *ltmp; |
| 197 | BN_mm(bd,b,d,bp); | ||
| 198 | 1113 | ||
| 199 | BN_add(m,m,ac); | 1114 | itmp=na; na=nb; nb=itmp; |
| 200 | BN_add(m,m,bd); | 1115 | ltmp=a; a=b; b=ltmp; |
| 201 | BN_lshift(m,m,num); | ||
| 202 | BN_lshift(bd,bd,num*2); | ||
| 203 | 1116 | ||
| 204 | BN_add(m,m,ac); | 1117 | } |
| 205 | BN_add(m,m,bd); | 1118 | rr= &(r[na]); |
| 206 | BN_POOL_pop(bp,6); | 1119 | if (nb <= 0) |
| 207 | return(1); | 1120 | { |
| 1121 | (void)bn_mul_words(r,a,na,0); | ||
| 1122 | return; | ||
| 1123 | } | ||
| 1124 | else | ||
| 1125 | rr[0]=bn_mul_words(r,a,na,b[0]); | ||
| 1126 | |||
| 1127 | for (;;) | ||
| 1128 | { | ||
| 1129 | if (--nb <= 0) return; | ||
| 1130 | rr[1]=bn_mul_add_words(&(r[1]),a,na,b[1]); | ||
| 1131 | if (--nb <= 0) return; | ||
| 1132 | rr[2]=bn_mul_add_words(&(r[2]),a,na,b[2]); | ||
| 1133 | if (--nb <= 0) return; | ||
| 1134 | rr[3]=bn_mul_add_words(&(r[3]),a,na,b[3]); | ||
| 1135 | if (--nb <= 0) return; | ||
| 1136 | rr[4]=bn_mul_add_words(&(r[4]),a,na,b[4]); | ||
| 1137 | rr+=4; | ||
| 1138 | r+=4; | ||
| 1139 | b+=4; | ||
| 1140 | } | ||
| 208 | } | 1141 | } |
| 1142 | |||
| 1143 | void bn_mul_low_normal(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n) | ||
| 1144 | { | ||
| 1145 | #ifdef BN_COUNT | ||
| 1146 | fprintf(stderr," bn_mul_low_normal %d * %d\n",n,n); | ||
| 209 | #endif | 1147 | #endif |
| 1148 | bn_mul_words(r,a,n,b[0]); | ||
| 1149 | |||
| 1150 | for (;;) | ||
| 1151 | { | ||
| 1152 | if (--n <= 0) return; | ||
| 1153 | bn_mul_add_words(&(r[1]),a,n,b[1]); | ||
| 1154 | if (--n <= 0) return; | ||
| 1155 | bn_mul_add_words(&(r[2]),a,n,b[2]); | ||
| 1156 | if (--n <= 0) return; | ||
| 1157 | bn_mul_add_words(&(r[3]),a,n,b[3]); | ||
| 1158 | if (--n <= 0) return; | ||
| 1159 | bn_mul_add_words(&(r[4]),a,n,b[4]); | ||
| 1160 | r+=4; | ||
| 1161 | b+=4; | ||
| 1162 | } | ||
| 1163 | } | ||
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index 0c85f70b59..918b9237c6 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c | |||
| @@ -55,53 +55,100 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include <time.h> | 113 | #include <time.h> |
| 61 | #include "cryptlib.h" | 114 | #include "cryptlib.h" |
| 62 | #include "bn_lcl.h" | 115 | #include "bn_lcl.h" |
| 63 | #include "rand.h" | 116 | #include <openssl/rand.h> |
| 64 | 117 | ||
| 65 | /* The quick seive algorithm approach to weeding out primes is | 118 | /* The quick sieve algorithm approach to weeding out primes is |
| 66 | * Philip Zimmermann's, as implemented in PGP. I have had a read of | 119 | * Philip Zimmermann's, as implemented in PGP. I have had a read of |
| 67 | * his comments and implemented my own version. | 120 | * his comments and implemented my own version. |
| 68 | */ | 121 | */ |
| 69 | #include "bn_prime.h" | 122 | #include "bn_prime.h" |
| 70 | 123 | ||
| 71 | #ifndef NOPROTO | 124 | static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, |
| 72 | static int witness(BIGNUM *a, BIGNUM *n, BN_CTX *ctx,BN_CTX *ctx2, | 125 | const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont); |
| 73 | BN_MONT_CTX *mont); | ||
| 74 | static int probable_prime(BIGNUM *rnd, int bits); | 126 | static int probable_prime(BIGNUM *rnd, int bits); |
| 75 | static int probable_prime_dh(BIGNUM *rnd, int bits, | 127 | static int probable_prime_dh(BIGNUM *rnd, int bits, |
| 76 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); | 128 | const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); |
| 77 | static int probable_prime_dh_strong(BIGNUM *rnd, int bits, | 129 | static int probable_prime_dh_safe(BIGNUM *rnd, int bits, |
| 78 | BIGNUM *add, BIGNUM *rem, BN_CTX *ctx); | 130 | const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx); |
| 79 | #else | 131 | |
| 80 | static int witness(); | 132 | BIGNUM *BN_generate_prime(BIGNUM *ret, int bits, int safe, |
| 81 | static int probable_prime(); | 133 | const BIGNUM *add, const BIGNUM *rem, |
| 82 | static int probable_prime_dh(); | 134 | void (*callback)(int,int,void *), void *cb_arg) |
| 83 | static int probable_prime_dh_strong(); | ||
| 84 | #endif | ||
| 85 | |||
| 86 | BIGNUM *BN_generate_prime(bits,strong,add,rem,callback,cb_arg) | ||
| 87 | int bits; | ||
| 88 | int strong; | ||
| 89 | BIGNUM *add; | ||
| 90 | BIGNUM *rem; | ||
| 91 | void (*callback)(P_I_I_P); | ||
| 92 | char *cb_arg; | ||
| 93 | { | 135 | { |
| 94 | BIGNUM *rnd=NULL; | 136 | BIGNUM *rnd=NULL; |
| 95 | BIGNUM *ret=NULL; | 137 | BIGNUM t; |
| 96 | BIGNUM *t=NULL; | 138 | int found=0; |
| 97 | int i,j,c1=0; | 139 | int i,j,c1=0; |
| 98 | BN_CTX *ctx; | 140 | BN_CTX *ctx; |
| 141 | int checks = BN_prime_checks_for_size(bits); | ||
| 99 | 142 | ||
| 100 | ctx=BN_CTX_new(); | 143 | ctx=BN_CTX_new(); |
| 101 | if (ctx == NULL) goto err; | 144 | if (ctx == NULL) goto err; |
| 102 | if ((rnd=BN_new()) == NULL) goto err; | 145 | if (ret == NULL) |
| 103 | if (strong) | 146 | { |
| 104 | if ((t=BN_new()) == NULL) goto err; | 147 | if ((rnd=BN_new()) == NULL) goto err; |
| 148 | } | ||
| 149 | else | ||
| 150 | rnd=ret; | ||
| 151 | BN_init(&t); | ||
| 105 | loop: | 152 | loop: |
| 106 | /* make a random number and set the top and bottom bits */ | 153 | /* make a random number and set the top and bottom bits */ |
| 107 | if (add == NULL) | 154 | if (add == NULL) |
| @@ -110,9 +157,9 @@ loop: | |||
| 110 | } | 157 | } |
| 111 | else | 158 | else |
| 112 | { | 159 | { |
| 113 | if (strong) | 160 | if (safe) |
| 114 | { | 161 | { |
| 115 | if (!probable_prime_dh_strong(rnd,bits,add,rem,ctx)) | 162 | if (!probable_prime_dh_safe(rnd,bits,add,rem,ctx)) |
| 116 | goto err; | 163 | goto err; |
| 117 | } | 164 | } |
| 118 | else | 165 | else |
| @@ -124,171 +171,188 @@ loop: | |||
| 124 | /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ | 171 | /* if (BN_mod_word(rnd,(BN_ULONG)3) == 1) goto loop; */ |
| 125 | if (callback != NULL) callback(0,c1++,cb_arg); | 172 | if (callback != NULL) callback(0,c1++,cb_arg); |
| 126 | 173 | ||
| 127 | if (!strong) | 174 | if (!safe) |
| 128 | { | 175 | { |
| 129 | i=BN_is_prime(rnd,BN_prime_checks,callback,ctx,cb_arg); | 176 | i=BN_is_prime_fasttest(rnd,checks,callback,ctx,cb_arg,0); |
| 130 | if (i == -1) goto err; | 177 | if (i == -1) goto err; |
| 131 | if (i == 0) goto loop; | 178 | if (i == 0) goto loop; |
| 132 | } | 179 | } |
| 133 | else | 180 | else |
| 134 | { | 181 | { |
| 135 | /* for a strong prime generation, | 182 | /* for "safe prime" generation, |
| 136 | * check that (p-1)/2 is prime. | 183 | * check that (p-1)/2 is prime. |
| 137 | * Since a prime is odd, We just | 184 | * Since a prime is odd, We just |
| 138 | * need to divide by 2 */ | 185 | * need to divide by 2 */ |
| 139 | if (!BN_rshift1(t,rnd)) goto err; | 186 | if (!BN_rshift1(&t,rnd)) goto err; |
| 140 | 187 | ||
| 141 | for (i=0; i<BN_prime_checks; i++) | 188 | for (i=0; i<checks; i++) |
| 142 | { | 189 | { |
| 143 | j=BN_is_prime(rnd,1,callback,ctx,cb_arg); | 190 | j=BN_is_prime_fasttest(rnd,1,callback,ctx,cb_arg,0); |
| 144 | if (j == -1) goto err; | 191 | if (j == -1) goto err; |
| 145 | if (j == 0) goto loop; | 192 | if (j == 0) goto loop; |
| 146 | 193 | ||
| 147 | j=BN_is_prime(t,1,callback,ctx,cb_arg); | 194 | j=BN_is_prime_fasttest(&t,1,callback,ctx,cb_arg,0); |
| 148 | if (j == -1) goto err; | 195 | if (j == -1) goto err; |
| 149 | if (j == 0) goto loop; | 196 | if (j == 0) goto loop; |
| 150 | 197 | ||
| 151 | if (callback != NULL) callback(2,c1-1,cb_arg); | 198 | if (callback != NULL) callback(2,c1-1,cb_arg); |
| 152 | /* We have a strong prime test pass */ | 199 | /* We have a safe prime test pass */ |
| 153 | } | 200 | } |
| 154 | } | 201 | } |
| 155 | /* we have a prime :-) */ | 202 | /* we have a prime :-) */ |
| 156 | ret=rnd; | 203 | found = 1; |
| 157 | err: | 204 | err: |
| 158 | if ((ret == NULL) && (rnd != NULL)) BN_free(rnd); | 205 | if (!found && (ret == NULL) && (rnd != NULL)) BN_free(rnd); |
| 159 | if (t != NULL) BN_free(t); | 206 | BN_free(&t); |
| 160 | if (ctx != NULL) BN_CTX_free(ctx); | 207 | if (ctx != NULL) BN_CTX_free(ctx); |
| 161 | return(ret); | 208 | return(found ? rnd : NULL); |
| 162 | } | 209 | } |
| 163 | 210 | ||
| 164 | int BN_is_prime(a,checks,callback,ctx_passed,cb_arg) | 211 | int BN_is_prime(const BIGNUM *a, int checks, void (*callback)(int,int,void *), |
| 165 | BIGNUM *a; | 212 | BN_CTX *ctx_passed, void *cb_arg) |
| 166 | int checks; | ||
| 167 | void (*callback)(P_I_I_P); | ||
| 168 | BN_CTX *ctx_passed; | ||
| 169 | char *cb_arg; | ||
| 170 | { | 213 | { |
| 171 | int i,j,c2=0,ret= -1; | 214 | return BN_is_prime_fasttest(a, checks, callback, ctx_passed, cb_arg, 0); |
| 172 | BIGNUM *check; | 215 | } |
| 173 | BN_CTX *ctx=NULL,*ctx2=NULL; | ||
| 174 | BN_MONT_CTX *mont=NULL; | ||
| 175 | 216 | ||
| 217 | int BN_is_prime_fasttest(const BIGNUM *a, int checks, | ||
| 218 | void (*callback)(int,int,void *), | ||
| 219 | BN_CTX *ctx_passed, void *cb_arg, | ||
| 220 | int do_trial_division) | ||
| 221 | { | ||
| 222 | int i, j, ret = -1; | ||
| 223 | int k; | ||
| 224 | BN_CTX *ctx = NULL; | ||
| 225 | BIGNUM *A1, *A1_odd, *check; /* taken from ctx */ | ||
| 226 | BN_MONT_CTX *mont = NULL; | ||
| 227 | const BIGNUM *A = NULL; | ||
| 228 | |||
| 229 | if (BN_cmp(a, BN_value_one()) <= 0) | ||
| 230 | return 0; | ||
| 231 | |||
| 232 | if (checks == BN_prime_checks) | ||
| 233 | checks = BN_prime_checks_for_size(BN_num_bits(a)); | ||
| 234 | |||
| 235 | /* first look for small factors */ | ||
| 176 | if (!BN_is_odd(a)) | 236 | if (!BN_is_odd(a)) |
| 177 | return(0); | 237 | return 0; |
| 238 | if (do_trial_division) | ||
| 239 | { | ||
| 240 | for (i = 1; i < NUMPRIMES; i++) | ||
| 241 | if (BN_mod_word(a, primes[i]) == 0) | ||
| 242 | return 0; | ||
| 243 | if (callback != NULL) callback(1, -1, cb_arg); | ||
| 244 | } | ||
| 245 | |||
| 178 | if (ctx_passed != NULL) | 246 | if (ctx_passed != NULL) |
| 179 | ctx=ctx_passed; | 247 | ctx = ctx_passed; |
| 180 | else | 248 | else |
| 181 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 249 | if ((ctx=BN_CTX_new()) == NULL) |
| 182 | 250 | goto err; | |
| 183 | if ((ctx2=BN_CTX_new()) == NULL) goto err; | 251 | BN_CTX_start(ctx); |
| 184 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; | ||
| 185 | |||
| 186 | check=ctx->bn[ctx->tos++]; | ||
| 187 | 252 | ||
| 188 | /* Setup the montgomery structure */ | 253 | /* A := abs(a) */ |
| 189 | if (!BN_MONT_CTX_set(mont,a,ctx2)) goto err; | 254 | if (a->neg) |
| 255 | { | ||
| 256 | BIGNUM *t; | ||
| 257 | if ((t = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 258 | BN_copy(t, a); | ||
| 259 | t->neg = 0; | ||
| 260 | A = t; | ||
| 261 | } | ||
| 262 | else | ||
| 263 | A = a; | ||
| 264 | A1 = BN_CTX_get(ctx); | ||
| 265 | A1_odd = BN_CTX_get(ctx); | ||
| 266 | check = BN_CTX_get(ctx); | ||
| 267 | if (check == NULL) goto err; | ||
| 268 | |||
| 269 | /* compute A1 := A - 1 */ | ||
| 270 | if (!BN_copy(A1, A)) | ||
| 271 | goto err; | ||
| 272 | if (!BN_sub_word(A1, 1)) | ||
| 273 | goto err; | ||
| 274 | if (BN_is_zero(A1)) | ||
| 275 | { | ||
| 276 | ret = 0; | ||
| 277 | goto err; | ||
| 278 | } | ||
| 190 | 279 | ||
| 191 | for (i=0; i<checks; i++) | 280 | /* write A1 as A1_odd * 2^k */ |
| 281 | k = 1; | ||
| 282 | while (!BN_is_bit_set(A1, k)) | ||
| 283 | k++; | ||
| 284 | if (!BN_rshift(A1_odd, A1, k)) | ||
| 285 | goto err; | ||
| 286 | |||
| 287 | /* Montgomery setup for computations mod A */ | ||
| 288 | mont = BN_MONT_CTX_new(); | ||
| 289 | if (mont == NULL) | ||
| 290 | goto err; | ||
| 291 | if (!BN_MONT_CTX_set(mont, A, ctx)) | ||
| 292 | goto err; | ||
| 293 | |||
| 294 | for (i = 0; i < checks; i++) | ||
| 192 | { | 295 | { |
| 193 | if (!BN_rand(check,BN_num_bits(a)-1,0,0)) goto err; | 296 | if (!BN_pseudo_rand_range(check, A1)) |
| 194 | j=witness(check,a,ctx,ctx2,mont); | 297 | goto err; |
| 298 | if (!BN_add_word(check, 1)) | ||
| 299 | goto err; | ||
| 300 | /* now 1 <= check < A */ | ||
| 301 | |||
| 302 | j = witness(check, A, A1, A1_odd, k, ctx, mont); | ||
| 195 | if (j == -1) goto err; | 303 | if (j == -1) goto err; |
| 196 | if (j) | 304 | if (j) |
| 197 | { | 305 | { |
| 198 | ret=0; | 306 | ret=0; |
| 199 | goto err; | 307 | goto err; |
| 200 | } | 308 | } |
| 201 | if (callback != NULL) callback(1,c2++,cb_arg); | 309 | if (callback != NULL) callback(1,i,cb_arg); |
| 202 | } | 310 | } |
| 203 | ret=1; | 311 | ret=1; |
| 204 | err: | 312 | err: |
| 205 | ctx->tos--; | 313 | if (ctx != NULL) |
| 206 | if ((ctx_passed == NULL) && (ctx != NULL)) | 314 | { |
| 207 | BN_CTX_free(ctx); | 315 | BN_CTX_end(ctx); |
| 208 | if (ctx2 != NULL) | 316 | if (ctx_passed == NULL) |
| 209 | BN_CTX_free(ctx2); | 317 | BN_CTX_free(ctx); |
| 210 | if (mont != NULL) BN_MONT_CTX_free(mont); | 318 | } |
| 211 | 319 | if (mont != NULL) | |
| 320 | BN_MONT_CTX_free(mont); | ||
| 321 | |||
| 212 | return(ret); | 322 | return(ret); |
| 213 | } | 323 | } |
| 214 | 324 | ||
| 215 | #define RECP_MUL_MOD | 325 | static int witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, |
| 216 | 326 | const BIGNUM *a1_odd, int k, BN_CTX *ctx, BN_MONT_CTX *mont) | |
| 217 | static int witness(a,n,ctx,ctx2,mont) | ||
| 218 | BIGNUM *a; | ||
| 219 | BIGNUM *n; | ||
| 220 | BN_CTX *ctx,*ctx2; | ||
| 221 | BN_MONT_CTX *mont; | ||
| 222 | { | 327 | { |
| 223 | int k,i,ret= -1,good; | 328 | if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) /* w := w^a1_odd mod a */ |
| 224 | BIGNUM *d,*dd,*tmp,*d1,*d2,*n1; | 329 | return -1; |
| 225 | BIGNUM *mont_one,*mont_n1,*mont_a; | 330 | if (BN_is_one(w)) |
| 226 | 331 | return 0; /* probably prime */ | |
| 227 | d1=ctx->bn[ctx->tos]; | 332 | if (BN_cmp(w, a1) == 0) |
| 228 | d2=ctx->bn[ctx->tos+1]; | 333 | return 0; /* w == -1 (mod a), 'a' is probably prime */ |
| 229 | n1=ctx->bn[ctx->tos+2]; | 334 | while (--k) |
| 230 | ctx->tos+=3; | ||
| 231 | |||
| 232 | mont_one=ctx2->bn[ctx2->tos]; | ||
| 233 | mont_n1=ctx2->bn[ctx2->tos+1]; | ||
| 234 | mont_a=ctx2->bn[ctx2->tos+2]; | ||
| 235 | ctx2->tos+=3; | ||
| 236 | |||
| 237 | d=d1; | ||
| 238 | dd=d2; | ||
| 239 | if (!BN_one(d)) goto err; | ||
| 240 | if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */ | ||
| 241 | k=BN_num_bits(n1); | ||
| 242 | |||
| 243 | if (!BN_to_montgomery(mont_one,BN_value_one(),mont,ctx2)) goto err; | ||
| 244 | if (!BN_to_montgomery(mont_n1,n1,mont,ctx2)) goto err; | ||
| 245 | if (!BN_to_montgomery(mont_a,a,mont,ctx2)) goto err; | ||
| 246 | |||
| 247 | BN_copy(d,mont_one); | ||
| 248 | for (i=k-1; i>=0; i--) | ||
| 249 | { | 335 | { |
| 250 | if ( (BN_cmp(d,mont_one) != 0) && | 336 | if (!BN_mod_mul(w, w, w, a, ctx)) /* w := w^2 mod a */ |
| 251 | (BN_cmp(d,mont_n1) != 0)) | 337 | return -1; |
| 252 | good=1; | 338 | if (BN_is_one(w)) |
| 253 | else | 339 | return 1; /* 'a' is composite, otherwise a previous 'w' would |
| 254 | good=0; | 340 | * have been == -1 (mod 'a') */ |
| 255 | 341 | if (BN_cmp(w, a1) == 0) | |
| 256 | BN_mod_mul_montgomery(dd,d,d,mont,ctx2); | 342 | return 0; /* w == -1 (mod a), 'a' is probably prime */ |
| 257 | |||
| 258 | if (good && (BN_cmp(dd,mont_one) == 0)) | ||
| 259 | { | ||
| 260 | ret=1; | ||
| 261 | goto err; | ||
| 262 | } | ||
| 263 | if (BN_is_bit_set(n1,i)) | ||
| 264 | { | ||
| 265 | BN_mod_mul_montgomery(d,dd,mont_a,mont,ctx2); | ||
| 266 | } | ||
| 267 | else | ||
| 268 | { | ||
| 269 | tmp=d; | ||
| 270 | d=dd; | ||
| 271 | dd=tmp; | ||
| 272 | } | ||
| 273 | } | 343 | } |
| 274 | if (BN_cmp(d,mont_one) == 0) | 344 | /* If we get here, 'w' is the (a-1)/2-th power of the original 'w', |
| 275 | i=0; | 345 | * and it is neither -1 nor +1 -- so 'a' cannot be prime */ |
| 276 | else i=1; | 346 | return 1; |
| 277 | ret=i; | ||
| 278 | err: | ||
| 279 | ctx->tos-=3; | ||
| 280 | ctx2->tos-=3; | ||
| 281 | return(ret); | ||
| 282 | } | 347 | } |
| 283 | 348 | ||
| 284 | static int probable_prime(rnd, bits) | 349 | static int probable_prime(BIGNUM *rnd, int bits) |
| 285 | BIGNUM *rnd; | ||
| 286 | int bits; | ||
| 287 | { | 350 | { |
| 288 | int i; | 351 | int i; |
| 289 | MS_STATIC BN_ULONG mods[NUMPRIMES]; | 352 | BN_ULONG mods[NUMPRIMES]; |
| 290 | BN_ULONG delta; | 353 | BN_ULONG delta,d; |
| 291 | 354 | ||
| 355 | again: | ||
| 292 | if (!BN_rand(rnd,bits,1,1)) return(0); | 356 | if (!BN_rand(rnd,bits,1,1)) return(0); |
| 293 | /* we now have a random number 'rand' to test. */ | 357 | /* we now have a random number 'rand' to test. */ |
| 294 | for (i=1; i<NUMPRIMES; i++) | 358 | for (i=1; i<NUMPRIMES; i++) |
| @@ -300,9 +364,12 @@ int bits; | |||
| 300 | * that gcd(rnd-1,primes) == 1 (except for 2) */ | 364 | * that gcd(rnd-1,primes) == 1 (except for 2) */ |
| 301 | if (((mods[i]+delta)%primes[i]) <= 1) | 365 | if (((mods[i]+delta)%primes[i]) <= 1) |
| 302 | { | 366 | { |
| 367 | d=delta; | ||
| 303 | delta+=2; | 368 | delta+=2; |
| 304 | /* perhaps need to check for overflow of | 369 | /* perhaps need to check for overflow of |
| 305 | * delta (but delta can be upto 2^32) */ | 370 | * delta (but delta can be up to 2^32) |
| 371 | * 21-May-98 eay - added overflow check */ | ||
| 372 | if (delta < d) goto again; | ||
| 306 | goto loop; | 373 | goto loop; |
| 307 | } | 374 | } |
| 308 | } | 375 | } |
| @@ -310,17 +377,14 @@ int bits; | |||
| 310 | return(1); | 377 | return(1); |
| 311 | } | 378 | } |
| 312 | 379 | ||
| 313 | static int probable_prime_dh(rnd, bits, add, rem,ctx) | 380 | static int probable_prime_dh(BIGNUM *rnd, int bits, |
| 314 | BIGNUM *rnd; | 381 | const BIGNUM *add, const BIGNUM *rem, BN_CTX *ctx) |
| 315 | int bits; | ||
| 316 | BIGNUM *add; | ||
| 317 | BIGNUM *rem; | ||
| 318 | BN_CTX *ctx; | ||
| 319 | { | 382 | { |
| 320 | int i,ret=0; | 383 | int i,ret=0; |
| 321 | BIGNUM *t1; | 384 | BIGNUM *t1; |
| 322 | 385 | ||
| 323 | t1=ctx->bn[ctx->tos++]; | 386 | BN_CTX_start(ctx); |
| 387 | if ((t1 = BN_CTX_get(ctx)) == NULL) goto err; | ||
| 324 | 388 | ||
| 325 | if (!BN_rand(rnd,bits,0,1)) goto err; | 389 | if (!BN_rand(rnd,bits,0,1)) goto err; |
| 326 | 390 | ||
| @@ -338,7 +402,7 @@ BN_CTX *ctx; | |||
| 338 | loop: for (i=1; i<NUMPRIMES; i++) | 402 | loop: for (i=1; i<NUMPRIMES; i++) |
| 339 | { | 403 | { |
| 340 | /* check that rnd is a prime */ | 404 | /* check that rnd is a prime */ |
| 341 | if (BN_mod_word(rnd,(BN_LONG)primes[i]) <= 1) | 405 | if (BN_mod_word(rnd,(BN_ULONG)primes[i]) <= 1) |
| 342 | { | 406 | { |
| 343 | if (!BN_add(rnd,rnd,add)) goto err; | 407 | if (!BN_add(rnd,rnd,add)) goto err; |
| 344 | goto loop; | 408 | goto loop; |
| @@ -346,24 +410,22 @@ BN_CTX *ctx; | |||
| 346 | } | 410 | } |
| 347 | ret=1; | 411 | ret=1; |
| 348 | err: | 412 | err: |
| 349 | ctx->tos--; | 413 | BN_CTX_end(ctx); |
| 350 | return(ret); | 414 | return(ret); |
| 351 | } | 415 | } |
| 352 | 416 | ||
| 353 | static int probable_prime_dh_strong(p, bits, padd, rem,ctx) | 417 | static int probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, |
| 354 | BIGNUM *p; | 418 | const BIGNUM *rem, BN_CTX *ctx) |
| 355 | int bits; | ||
| 356 | BIGNUM *padd; | ||
| 357 | BIGNUM *rem; | ||
| 358 | BN_CTX *ctx; | ||
| 359 | { | 419 | { |
| 360 | int i,ret=0; | 420 | int i,ret=0; |
| 361 | BIGNUM *t1,*qadd=NULL,*q=NULL; | 421 | BIGNUM *t1,*qadd,*q; |
| 362 | 422 | ||
| 363 | bits--; | 423 | bits--; |
| 364 | t1=ctx->bn[ctx->tos++]; | 424 | BN_CTX_start(ctx); |
| 365 | q=ctx->bn[ctx->tos++]; | 425 | t1 = BN_CTX_get(ctx); |
| 366 | qadd=ctx->bn[ctx->tos++]; | 426 | q = BN_CTX_get(ctx); |
| 427 | qadd = BN_CTX_get(ctx); | ||
| 428 | if (qadd == NULL) goto err; | ||
| 367 | 429 | ||
| 368 | if (!BN_rshift1(qadd,padd)) goto err; | 430 | if (!BN_rshift1(qadd,padd)) goto err; |
| 369 | 431 | ||
| @@ -389,8 +451,8 @@ BN_CTX *ctx; | |||
| 389 | /* check that p and q are prime */ | 451 | /* check that p and q are prime */ |
| 390 | /* check that for p and q | 452 | /* check that for p and q |
| 391 | * gcd(p-1,primes) == 1 (except for 2) */ | 453 | * gcd(p-1,primes) == 1 (except for 2) */ |
| 392 | if ( (BN_mod_word(p,(BN_LONG)primes[i]) == 0) || | 454 | if ( (BN_mod_word(p,(BN_ULONG)primes[i]) == 0) || |
| 393 | (BN_mod_word(q,(BN_LONG)primes[i]) == 0)) | 455 | (BN_mod_word(q,(BN_ULONG)primes[i]) == 0)) |
| 394 | { | 456 | { |
| 395 | if (!BN_add(p,p,padd)) goto err; | 457 | if (!BN_add(p,p,padd)) goto err; |
| 396 | if (!BN_add(q,q,qadd)) goto err; | 458 | if (!BN_add(q,q,qadd)) goto err; |
| @@ -399,75 +461,6 @@ BN_CTX *ctx; | |||
| 399 | } | 461 | } |
| 400 | ret=1; | 462 | ret=1; |
| 401 | err: | 463 | err: |
| 402 | ctx->tos-=3; | 464 | BN_CTX_end(ctx); |
| 403 | return(ret); | ||
| 404 | } | ||
| 405 | |||
| 406 | #if 0 | ||
| 407 | static int witness(a, n,ctx) | ||
| 408 | BIGNUM *a; | ||
| 409 | BIGNUM *n; | ||
| 410 | BN_CTX *ctx; | ||
| 411 | { | ||
| 412 | int k,i,nb,ret= -1; | ||
| 413 | BIGNUM *d,*dd,*tmp; | ||
| 414 | BIGNUM *d1,*d2,*x,*n1,*inv; | ||
| 415 | |||
| 416 | d1=ctx->bn[ctx->tos]; | ||
| 417 | d2=ctx->bn[ctx->tos+1]; | ||
| 418 | x=ctx->bn[ctx->tos+2]; | ||
| 419 | n1=ctx->bn[ctx->tos+3]; | ||
| 420 | inv=ctx->bn[ctx->tos+4]; | ||
| 421 | ctx->tos+=5; | ||
| 422 | |||
| 423 | d=d1; | ||
| 424 | dd=d2; | ||
| 425 | if (!BN_one(d)) goto err; | ||
| 426 | if (!BN_sub(n1,n,d)) goto err; /* n1=n-1; */ | ||
| 427 | k=BN_num_bits(n1); | ||
| 428 | |||
| 429 | /* i=BN_num_bits(n); */ | ||
| 430 | #ifdef RECP_MUL_MOD | ||
| 431 | nb=BN_reciprocal(inv,n,ctx); /**/ | ||
| 432 | if (nb == -1) goto err; | ||
| 433 | #endif | ||
| 434 | |||
| 435 | for (i=k-1; i>=0; i--) | ||
| 436 | { | ||
| 437 | if (BN_copy(x,d) == NULL) goto err; | ||
| 438 | #ifndef RECP_MUL_MOD | ||
| 439 | if (!BN_mod_mul(dd,d,d,n,ctx)) goto err; | ||
| 440 | #else | ||
| 441 | if (!BN_mod_mul_reciprocal(dd,d,d,n,inv,nb,ctx)) goto err; | ||
| 442 | #endif | ||
| 443 | if ( BN_is_one(dd) && | ||
| 444 | !BN_is_one(x) && | ||
| 445 | (BN_cmp(x,n1) != 0)) | ||
| 446 | { | ||
| 447 | ret=1; | ||
| 448 | goto err; | ||
| 449 | } | ||
| 450 | if (BN_is_bit_set(n1,i)) | ||
| 451 | { | ||
| 452 | #ifndef RECP_MUL_MOD | ||
| 453 | if (!BN_mod_mul(d,dd,a,n,ctx)) goto err; | ||
| 454 | #else | ||
| 455 | if (!BN_mod_mul_reciprocal(d,dd,a,n,inv,nb,ctx)) goto err; | ||
| 456 | #endif | ||
| 457 | } | ||
| 458 | else | ||
| 459 | { | ||
| 460 | tmp=d; | ||
| 461 | d=dd; | ||
| 462 | dd=tmp; | ||
| 463 | } | ||
| 464 | } | ||
| 465 | if (BN_is_one(d)) | ||
| 466 | i=0; | ||
| 467 | else i=1; | ||
| 468 | ret=i; | ||
| 469 | err: | ||
| 470 | ctx->tos-=5; | ||
| 471 | return(ret); | 465 | return(ret); |
| 472 | } | 466 | } |
| 473 | #endif | ||
diff --git a/src/lib/libcrypto/bn/bn_prime.h b/src/lib/libcrypto/bn/bn_prime.h index 6fce0210cd..b7cf9a9bfe 100644 --- a/src/lib/libcrypto/bn/bn_prime.h +++ b/src/lib/libcrypto/bn/bn_prime.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* crypto/bn/bn_prime.h */ | 1 | /* Auto generated by bn_prime.pl */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -61,7 +61,7 @@ | |||
| 61 | #else | 61 | #else |
| 62 | #define NUMPRIMES 54 | 62 | #define NUMPRIMES 54 |
| 63 | #endif | 63 | #endif |
| 64 | static unsigned int primes[NUMPRIMES]= | 64 | static const unsigned int primes[NUMPRIMES]= |
| 65 | { | 65 | { |
| 66 | 2, 3, 5, 7, 11, 13, 17, 19, | 66 | 2, 3, 5, 7, 11, 13, 17, 19, |
| 67 | 23, 29, 31, 37, 41, 43, 47, 53, | 67 | 23, 29, 31, 37, 41, 43, 47, 53, |
diff --git a/src/lib/libcrypto/bn/bn_prime.pl b/src/lib/libcrypto/bn/bn_prime.pl index 1b00c21a77..9fc3765486 100644 --- a/src/lib/libcrypto/bn/bn_prime.pl +++ b/src/lib/libcrypto/bn/bn_prime.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | # bn_prime.pl | 2 | # bn_prime.pl |
| 3 | 3 | ||
| 4 | $num=2048; | 4 | $num=2048; |
| @@ -18,13 +18,74 @@ loop: while ($#primes < $num-1) | |||
| 18 | push(@primes,$p); | 18 | push(@primes,$p); |
| 19 | } | 19 | } |
| 20 | 20 | ||
| 21 | print <<"EOF"; | 21 | # print <<"EOF"; |
| 22 | # /* Auto generated by bn_prime.pl */ | ||
| 23 | # /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au). | ||
| 24 | # * All rights reserved. | ||
| 25 | # * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 26 | # * the code are not to be removed. | ||
| 27 | # * See the COPYRIGHT file in the SSLeay distribution for more details. | ||
| 28 | # */ | ||
| 29 | # | ||
| 30 | # EOF | ||
| 31 | |||
| 32 | print <<\EOF; | ||
| 22 | /* Auto generated by bn_prime.pl */ | 33 | /* Auto generated by bn_prime.pl */ |
| 23 | /* Copyright (C) 1995-1997 Eric Young (eay\@mincom.oz.au). | 34 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 24 | * All rights reserved. | 35 | * All rights reserved. |
| 36 | * | ||
| 37 | * This package is an SSL implementation written | ||
| 38 | * by Eric Young (eay@cryptsoft.com). | ||
| 39 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 40 | * | ||
| 41 | * This library is free for commercial and non-commercial use as long as | ||
| 42 | * the following conditions are aheared to. The following conditions | ||
| 43 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 44 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 45 | * included with this distribution is covered by the same copyright terms | ||
| 46 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 47 | * | ||
| 25 | * Copyright remains Eric Young's, and as such any Copyright notices in | 48 | * Copyright remains Eric Young's, and as such any Copyright notices in |
| 26 | * the code are not to be removed. | 49 | * the code are not to be removed. |
| 27 | * See the COPYRIGHT file in the SSLeay distribution for more details. | 50 | * If this package is used in a product, Eric Young should be given attribution |
| 51 | * as the author of the parts of the library used. | ||
| 52 | * This can be in the form of a textual message at program startup or | ||
| 53 | * in documentation (online or textual) provided with the package. | ||
| 54 | * | ||
| 55 | * Redistribution and use in source and binary forms, with or without | ||
| 56 | * modification, are permitted provided that the following conditions | ||
| 57 | * are met: | ||
| 58 | * 1. Redistributions of source code must retain the copyright | ||
| 59 | * notice, this list of conditions and the following disclaimer. | ||
| 60 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 61 | * notice, this list of conditions and the following disclaimer in the | ||
| 62 | * documentation and/or other materials provided with the distribution. | ||
| 63 | * 3. All advertising materials mentioning features or use of this software | ||
| 64 | * must display the following acknowledgement: | ||
| 65 | * "This product includes cryptographic software written by | ||
| 66 | * Eric Young (eay@cryptsoft.com)" | ||
| 67 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 68 | * being used are not cryptographic related :-). | ||
| 69 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 70 | * the apps directory (application code) you must include an acknowledgement: | ||
| 71 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | ||
| 72 | * | ||
| 73 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 74 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 75 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 76 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 77 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 78 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 79 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 80 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 81 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 82 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 83 | * SUCH DAMAGE. | ||
| 84 | * | ||
| 85 | * The licence and distribution terms for any publically available version or | ||
| 86 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 87 | * copied and put under another distribution licence | ||
| 88 | * [including the GNU Public Licence.] | ||
| 28 | */ | 89 | */ |
| 29 | 90 | ||
| 30 | EOF | 91 | EOF |
| @@ -43,7 +104,7 @@ printf "#define NUMPRIMES %d\n",$num; | |||
| 43 | printf "#else\n"; | 104 | printf "#else\n"; |
| 44 | printf "#define NUMPRIMES %d\n",$eight; | 105 | printf "#define NUMPRIMES %d\n",$eight; |
| 45 | printf "#endif\n"; | 106 | printf "#endif\n"; |
| 46 | print "static unsigned int primes[NUMPRIMES]=\n\t{\n\t"; | 107 | print "static const unsigned int primes[NUMPRIMES]=\n\t{\n\t"; |
| 47 | $init=0; | 108 | $init=0; |
| 48 | for ($i=0; $i <= $#primes; $i++) | 109 | for ($i=0; $i <= $#primes; $i++) |
| 49 | { | 110 | { |
diff --git a/src/lib/libcrypto/bn/bn_print.c b/src/lib/libcrypto/bn/bn_print.c index 2bcc11c852..5f46b1826c 100644 --- a/src/lib/libcrypto/bn/bn_print.c +++ b/src/lib/libcrypto/bn/bn_print.c | |||
| @@ -59,20 +59,19 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <ctype.h> | 60 | #include <ctype.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | #include "bn_lcl.h" | 63 | #include "bn_lcl.h" |
| 64 | 64 | ||
| 65 | static char *Hex="0123456789ABCDEF"; | 65 | static const char *Hex="0123456789ABCDEF"; |
| 66 | 66 | ||
| 67 | /* Must 'Free' the returned data */ | 67 | /* Must 'OPENSSL_free' the returned data */ |
| 68 | char *BN_bn2hex(a) | 68 | char *BN_bn2hex(const BIGNUM *a) |
| 69 | BIGNUM *a; | ||
| 70 | { | 69 | { |
| 71 | int i,j,v,z=0; | 70 | int i,j,v,z=0; |
| 72 | char *buf; | 71 | char *buf; |
| 73 | char *p; | 72 | char *p; |
| 74 | 73 | ||
| 75 | buf=(char *)Malloc(a->top*BN_BYTES*2+2); | 74 | buf=(char *)OPENSSL_malloc(a->top*BN_BYTES*2+2); |
| 76 | if (buf == NULL) | 75 | if (buf == NULL) |
| 77 | { | 76 | { |
| 78 | BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); | 77 | BNerr(BN_F_BN_BN2HEX,ERR_R_MALLOC_FAILURE); |
| @@ -100,9 +99,8 @@ err: | |||
| 100 | return(buf); | 99 | return(buf); |
| 101 | } | 100 | } |
| 102 | 101 | ||
| 103 | /* Must 'Free' the returned data */ | 102 | /* Must 'OPENSSL_free' the returned data */ |
| 104 | char *BN_bn2dec(a) | 103 | char *BN_bn2dec(const BIGNUM *a) |
| 105 | BIGNUM *a; | ||
| 106 | { | 104 | { |
| 107 | int i=0,num; | 105 | int i=0,num; |
| 108 | char *buf=NULL; | 106 | char *buf=NULL; |
| @@ -112,8 +110,8 @@ BIGNUM *a; | |||
| 112 | 110 | ||
| 113 | i=BN_num_bits(a)*3; | 111 | i=BN_num_bits(a)*3; |
| 114 | num=(i/10+i/1000+3)+1; | 112 | num=(i/10+i/1000+3)+1; |
| 115 | bn_data=(BN_ULONG *)Malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); | 113 | bn_data=(BN_ULONG *)OPENSSL_malloc((num/BN_DEC_NUM+1)*sizeof(BN_ULONG)); |
| 116 | buf=(char *)Malloc(num+3); | 114 | buf=(char *)OPENSSL_malloc(num+3); |
| 117 | if ((buf == NULL) || (bn_data == NULL)) | 115 | if ((buf == NULL) || (bn_data == NULL)) |
| 118 | { | 116 | { |
| 119 | BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); | 117 | BNerr(BN_F_BN_BN2DEC,ERR_R_MALLOC_FAILURE); |
| @@ -139,7 +137,7 @@ BIGNUM *a; | |||
| 139 | } | 137 | } |
| 140 | lp--; | 138 | lp--; |
| 141 | /* We now have a series of blocks, BN_DEC_NUM chars | 139 | /* We now have a series of blocks, BN_DEC_NUM chars |
| 142 | * in length, where the last one needs trucation. | 140 | * in length, where the last one needs truncation. |
| 143 | * The blocks need to be reversed in order. */ | 141 | * The blocks need to be reversed in order. */ |
| 144 | sprintf(p,BN_DEC_FMT1,*lp); | 142 | sprintf(p,BN_DEC_FMT1,*lp); |
| 145 | while (*p) p++; | 143 | while (*p) p++; |
| @@ -151,14 +149,12 @@ BIGNUM *a; | |||
| 151 | } | 149 | } |
| 152 | } | 150 | } |
| 153 | err: | 151 | err: |
| 154 | if (bn_data != NULL) Free(bn_data); | 152 | if (bn_data != NULL) OPENSSL_free(bn_data); |
| 155 | if (t != NULL) BN_free(t); | 153 | if (t != NULL) BN_free(t); |
| 156 | return(buf); | 154 | return(buf); |
| 157 | } | 155 | } |
| 158 | 156 | ||
| 159 | int BN_hex2bn(bn,a) | 157 | int BN_hex2bn(BIGNUM **bn, const char *a) |
| 160 | BIGNUM **bn; | ||
| 161 | char *a; | ||
| 162 | { | 158 | { |
| 163 | BIGNUM *ret=NULL; | 159 | BIGNUM *ret=NULL; |
| 164 | BN_ULONG l=0; | 160 | BN_ULONG l=0; |
| @@ -169,13 +165,13 @@ char *a; | |||
| 169 | 165 | ||
| 170 | if (*a == '-') { neg=1; a++; } | 166 | if (*a == '-') { neg=1; a++; } |
| 171 | 167 | ||
| 172 | for (i=0; isxdigit(a[i]); i++) | 168 | for (i=0; isxdigit((unsigned char) a[i]); i++) |
| 173 | ; | 169 | ; |
| 174 | 170 | ||
| 175 | num=i+neg; | 171 | num=i+neg; |
| 176 | if (bn == NULL) return(num); | 172 | if (bn == NULL) return(num); |
| 177 | 173 | ||
| 178 | /* a is the start of the hex digets, and it is 'i' long */ | 174 | /* a is the start of the hex digits, and it is 'i' long */ |
| 179 | if (*bn == NULL) | 175 | if (*bn == NULL) |
| 180 | { | 176 | { |
| 181 | if ((ret=BN_new()) == NULL) return(0); | 177 | if ((ret=BN_new()) == NULL) return(0); |
| @@ -189,7 +185,7 @@ char *a; | |||
| 189 | /* i is the number of hex digests; */ | 185 | /* i is the number of hex digests; */ |
| 190 | if (bn_expand(ret,i*4) == NULL) goto err; | 186 | if (bn_expand(ret,i*4) == NULL) goto err; |
| 191 | 187 | ||
| 192 | j=i; /* least significate 'hex' */ | 188 | j=i; /* least significant 'hex' */ |
| 193 | m=0; | 189 | m=0; |
| 194 | h=0; | 190 | h=0; |
| 195 | while (j > 0) | 191 | while (j > 0) |
| @@ -224,9 +220,7 @@ err: | |||
| 224 | return(0); | 220 | return(0); |
| 225 | } | 221 | } |
| 226 | 222 | ||
| 227 | int BN_dec2bn(bn,a) | 223 | int BN_dec2bn(BIGNUM **bn, const char *a) |
| 228 | BIGNUM **bn; | ||
| 229 | char *a; | ||
| 230 | { | 224 | { |
| 231 | BIGNUM *ret=NULL; | 225 | BIGNUM *ret=NULL; |
| 232 | BN_ULONG l=0; | 226 | BN_ULONG l=0; |
| @@ -236,14 +230,14 @@ char *a; | |||
| 236 | if ((a == NULL) || (*a == '\0')) return(0); | 230 | if ((a == NULL) || (*a == '\0')) return(0); |
| 237 | if (*a == '-') { neg=1; a++; } | 231 | if (*a == '-') { neg=1; a++; } |
| 238 | 232 | ||
| 239 | for (i=0; isdigit(a[i]); i++) | 233 | for (i=0; isdigit((unsigned char) a[i]); i++) |
| 240 | ; | 234 | ; |
| 241 | 235 | ||
| 242 | num=i+neg; | 236 | num=i+neg; |
| 243 | if (bn == NULL) return(num); | 237 | if (bn == NULL) return(num); |
| 244 | 238 | ||
| 245 | /* a is the start of the digets, and it is 'i' long. | 239 | /* a is the start of the digits, and it is 'i' long. |
| 246 | * We chop it into BN_DEC_NUM digets at a time */ | 240 | * We chop it into BN_DEC_NUM digits at a time */ |
| 247 | if (*bn == NULL) | 241 | if (*bn == NULL) |
| 248 | { | 242 | { |
| 249 | if ((ret=BN_new()) == NULL) return(0); | 243 | if ((ret=BN_new()) == NULL) return(0); |
| @@ -283,12 +277,9 @@ err: | |||
| 283 | return(0); | 277 | return(0); |
| 284 | } | 278 | } |
| 285 | 279 | ||
| 286 | #ifndef NO_BIO | 280 | #ifndef OPENSSL_NO_BIO |
| 287 | 281 | #ifndef OPENSSL_NO_FP_API | |
| 288 | #ifndef NO_FP_API | 282 | int BN_print_fp(FILE *fp, const BIGNUM *a) |
| 289 | int BN_print_fp(fp, a) | ||
| 290 | FILE *fp; | ||
| 291 | BIGNUM *a; | ||
| 292 | { | 283 | { |
| 293 | BIO *b; | 284 | BIO *b; |
| 294 | int ret; | 285 | int ret; |
| @@ -302,9 +293,7 @@ BIGNUM *a; | |||
| 302 | } | 293 | } |
| 303 | #endif | 294 | #endif |
| 304 | 295 | ||
| 305 | int BN_print(bp, a) | 296 | int BN_print(BIO *bp, const BIGNUM *a) |
| 306 | BIO *bp; | ||
| 307 | BIGNUM *a; | ||
| 308 | { | 297 | { |
| 309 | int i,j,v,z=0; | 298 | int i,j,v,z=0; |
| 310 | int ret=0; | 299 | int ret=0; |
| @@ -329,5 +318,15 @@ BIGNUM *a; | |||
| 329 | end: | 318 | end: |
| 330 | return(ret); | 319 | return(ret); |
| 331 | } | 320 | } |
| 321 | #endif | ||
| 332 | 322 | ||
| 323 | #ifdef BN_DEBUG | ||
| 324 | void bn_dump1(FILE *o, const char *a, const BN_ULONG *b,int n) | ||
| 325 | { | ||
| 326 | int i; | ||
| 327 | fprintf(o, "%s=", a); | ||
| 328 | for (i=n-1;i>=0;i--) | ||
| 329 | fprintf(o, "%08lX", b[i]); /* assumes 32-bit BN_ULONG */ | ||
| 330 | fprintf(o, "\n"); | ||
| 331 | } | ||
| 333 | #endif | 332 | #endif |
diff --git a/src/lib/libcrypto/bn/bn_rand.c b/src/lib/libcrypto/bn/bn_rand.c index 75b6b0493b..9e08ccd22e 100644 --- a/src/lib/libcrypto/bn/bn_rand.c +++ b/src/lib/libcrypto/bn/bn_rand.c | |||
| @@ -55,28 +55,83 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include <time.h> | 113 | #include <time.h> |
| 61 | #include "cryptlib.h" | 114 | #include "cryptlib.h" |
| 62 | #include "bn_lcl.h" | 115 | #include "bn_lcl.h" |
| 63 | #include "rand.h" | 116 | #include <openssl/rand.h> |
| 64 | 117 | ||
| 65 | int BN_rand(rnd, bits, top, bottom) | 118 | static int bnrand(int pseudorand, BIGNUM *rnd, int bits, int top, int bottom) |
| 66 | BIGNUM *rnd; | ||
| 67 | int bits; | ||
| 68 | int top; | ||
| 69 | int bottom; | ||
| 70 | { | 119 | { |
| 71 | unsigned char *buf=NULL; | 120 | unsigned char *buf=NULL; |
| 72 | int ret=0,bit,bytes,mask; | 121 | int ret=0,bit,bytes,mask; |
| 73 | time_t tim; | 122 | time_t tim; |
| 74 | 123 | ||
| 124 | if (bits == 0) | ||
| 125 | { | ||
| 126 | BN_zero(rnd); | ||
| 127 | return 1; | ||
| 128 | } | ||
| 129 | |||
| 75 | bytes=(bits+7)/8; | 130 | bytes=(bits+7)/8; |
| 76 | bit=(bits-1)%8; | 131 | bit=(bits-1)%8; |
| 77 | mask=0xff<<bit; | 132 | mask=0xff<<(bit+1); |
| 78 | 133 | ||
| 79 | buf=(unsigned char *)Malloc(bytes); | 134 | buf=(unsigned char *)OPENSSL_malloc(bytes); |
| 80 | if (buf == NULL) | 135 | if (buf == NULL) |
| 81 | { | 136 | { |
| 82 | BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); | 137 | BNerr(BN_F_BN_RAND,ERR_R_MALLOC_FAILURE); |
| @@ -85,28 +140,61 @@ int bottom; | |||
| 85 | 140 | ||
| 86 | /* make a random number and set the top and bottom bits */ | 141 | /* make a random number and set the top and bottom bits */ |
| 87 | time(&tim); | 142 | time(&tim); |
| 88 | RAND_seed((unsigned char *)&tim,sizeof(tim)); | 143 | RAND_add(&tim,sizeof(tim),0); |
| 89 | 144 | ||
| 90 | RAND_bytes(buf,(int)bytes); | 145 | if (pseudorand) |
| 91 | if (top) | ||
| 92 | { | 146 | { |
| 93 | if (bit == 0) | 147 | if (RAND_pseudo_bytes(buf, bytes) == -1) |
| 148 | goto err; | ||
| 149 | } | ||
| 150 | else | ||
| 151 | { | ||
| 152 | if (RAND_bytes(buf, bytes) <= 0) | ||
| 153 | goto err; | ||
| 154 | } | ||
| 155 | |||
| 156 | #if 1 | ||
| 157 | if (pseudorand == 2) | ||
| 158 | { | ||
| 159 | /* generate patterns that are more likely to trigger BN | ||
| 160 | library bugs */ | ||
| 161 | int i; | ||
| 162 | unsigned char c; | ||
| 163 | |||
| 164 | for (i = 0; i < bytes; i++) | ||
| 94 | { | 165 | { |
| 95 | buf[0]=1; | 166 | RAND_pseudo_bytes(&c, 1); |
| 96 | buf[1]|=0x80; | 167 | if (c >= 128 && i > 0) |
| 168 | buf[i] = buf[i-1]; | ||
| 169 | else if (c < 42) | ||
| 170 | buf[i] = 0; | ||
| 171 | else if (c < 84) | ||
| 172 | buf[i] = 255; | ||
| 173 | } | ||
| 174 | } | ||
| 175 | #endif | ||
| 176 | |||
| 177 | if (top != -1) | ||
| 178 | { | ||
| 179 | if (top) | ||
| 180 | { | ||
| 181 | if (bit == 0) | ||
| 182 | { | ||
| 183 | buf[0]=1; | ||
| 184 | buf[1]|=0x80; | ||
| 185 | } | ||
| 186 | else | ||
| 187 | { | ||
| 188 | buf[0]|=(3<<(bit-1)); | ||
| 189 | } | ||
| 97 | } | 190 | } |
| 98 | else | 191 | else |
| 99 | { | 192 | { |
| 100 | buf[0]|=(3<<(bit-1)); | 193 | buf[0]|=(1<<bit); |
| 101 | buf[0]&= ~(mask<<1); | ||
| 102 | } | 194 | } |
| 103 | } | 195 | } |
| 104 | else | 196 | buf[0] &= ~mask; |
| 105 | { | 197 | if (bottom) /* set bottom bit if requested */ |
| 106 | buf[0]|=(1<<bit); | ||
| 107 | buf[0]&= ~(mask<<1); | ||
| 108 | } | ||
| 109 | if (bottom) /* set bottom bits to whatever odd is */ | ||
| 110 | buf[bytes-1]|=1; | 198 | buf[bytes-1]|=1; |
| 111 | if (!BN_bin2bn(buf,bytes,rnd)) goto err; | 199 | if (!BN_bin2bn(buf,bytes,rnd)) goto err; |
| 112 | ret=1; | 200 | ret=1; |
| @@ -114,8 +202,90 @@ err: | |||
| 114 | if (buf != NULL) | 202 | if (buf != NULL) |
| 115 | { | 203 | { |
| 116 | memset(buf,0,bytes); | 204 | memset(buf,0,bytes); |
| 117 | Free(buf); | 205 | OPENSSL_free(buf); |
| 118 | } | 206 | } |
| 119 | return(ret); | 207 | return(ret); |
| 120 | } | 208 | } |
| 121 | 209 | ||
| 210 | int BN_rand(BIGNUM *rnd, int bits, int top, int bottom) | ||
| 211 | { | ||
| 212 | return bnrand(0, rnd, bits, top, bottom); | ||
| 213 | } | ||
| 214 | |||
| 215 | int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom) | ||
| 216 | { | ||
| 217 | return bnrand(1, rnd, bits, top, bottom); | ||
| 218 | } | ||
| 219 | |||
| 220 | #if 1 | ||
| 221 | int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom) | ||
| 222 | { | ||
| 223 | return bnrand(2, rnd, bits, top, bottom); | ||
| 224 | } | ||
| 225 | #endif | ||
| 226 | |||
| 227 | |||
| 228 | /* random number r: 0 <= r < range */ | ||
| 229 | static int bn_rand_range(int pseudo, BIGNUM *r, BIGNUM *range) | ||
| 230 | { | ||
| 231 | int (*bn_rand)(BIGNUM *, int, int, int) = pseudo ? BN_pseudo_rand : BN_rand; | ||
| 232 | int n; | ||
| 233 | |||
| 234 | if (range->neg || BN_is_zero(range)) | ||
| 235 | { | ||
| 236 | BNerr(BN_F_BN_RAND_RANGE, BN_R_INVALID_RANGE); | ||
| 237 | return 0; | ||
| 238 | } | ||
| 239 | |||
| 240 | n = BN_num_bits(range); /* n > 0 */ | ||
| 241 | |||
| 242 | /* BN_is_bit_set(range, n - 1) always holds */ | ||
| 243 | |||
| 244 | if (n == 1) | ||
| 245 | { | ||
| 246 | if (!BN_zero(r)) return 0; | ||
| 247 | } | ||
| 248 | else if (!BN_is_bit_set(range, n - 2) && !BN_is_bit_set(range, n - 3)) | ||
| 249 | { | ||
| 250 | /* range = 100..._2, | ||
| 251 | * so 3*range (= 11..._2) is exactly one bit longer than range */ | ||
| 252 | do | ||
| 253 | { | ||
| 254 | if (!bn_rand(r, n + 1, -1, 0)) return 0; | ||
| 255 | /* If r < 3*range, use r := r MOD range | ||
| 256 | * (which is either r, r - range, or r - 2*range). | ||
| 257 | * Otherwise, iterate once more. | ||
| 258 | * Since 3*range = 11..._2, each iteration succeeds with | ||
| 259 | * probability >= .75. */ | ||
| 260 | if (BN_cmp(r ,range) >= 0) | ||
| 261 | { | ||
| 262 | if (!BN_sub(r, r, range)) return 0; | ||
| 263 | if (BN_cmp(r, range) >= 0) | ||
| 264 | if (!BN_sub(r, r, range)) return 0; | ||
| 265 | } | ||
| 266 | } | ||
| 267 | while (BN_cmp(r, range) >= 0); | ||
| 268 | } | ||
| 269 | else | ||
| 270 | { | ||
| 271 | do | ||
| 272 | { | ||
| 273 | /* range = 11..._2 or range = 101..._2 */ | ||
| 274 | if (!bn_rand(r, n, -1, 0)) return 0; | ||
| 275 | } | ||
| 276 | while (BN_cmp(r, range) >= 0); | ||
| 277 | } | ||
| 278 | |||
| 279 | return 1; | ||
| 280 | } | ||
| 281 | |||
| 282 | |||
| 283 | int BN_rand_range(BIGNUM *r, BIGNUM *range) | ||
| 284 | { | ||
| 285 | return bn_rand_range(0, r, range); | ||
| 286 | } | ||
| 287 | |||
| 288 | int BN_pseudo_rand_range(BIGNUM *r, BIGNUM *range) | ||
| 289 | { | ||
| 290 | return bn_rand_range(1, r, range); | ||
| 291 | } | ||
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index 72cd69d3fc..ef5fdd4708 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c | |||
| @@ -60,66 +60,171 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | int BN_mod_mul_reciprocal(r, x, y, m, i, nb, ctx) | 63 | void BN_RECP_CTX_init(BN_RECP_CTX *recp) |
| 64 | BIGNUM *r; | ||
| 65 | BIGNUM *x; | ||
| 66 | BIGNUM *y; | ||
| 67 | BIGNUM *m; | ||
| 68 | BIGNUM *i; | ||
| 69 | int nb; | ||
| 70 | BN_CTX *ctx; | ||
| 71 | { | 64 | { |
| 72 | int ret=0,j; | 65 | BN_init(&(recp->N)); |
| 73 | BIGNUM *a,*b,*c,*d; | 66 | BN_init(&(recp->Nr)); |
| 67 | recp->num_bits=0; | ||
| 68 | recp->flags=0; | ||
| 69 | } | ||
| 70 | |||
| 71 | BN_RECP_CTX *BN_RECP_CTX_new(void) | ||
| 72 | { | ||
| 73 | BN_RECP_CTX *ret; | ||
| 74 | |||
| 75 | if ((ret=(BN_RECP_CTX *)OPENSSL_malloc(sizeof(BN_RECP_CTX))) == NULL) | ||
| 76 | return(NULL); | ||
| 77 | |||
| 78 | BN_RECP_CTX_init(ret); | ||
| 79 | ret->flags=BN_FLG_MALLOCED; | ||
| 80 | return(ret); | ||
| 81 | } | ||
| 82 | |||
| 83 | void BN_RECP_CTX_free(BN_RECP_CTX *recp) | ||
| 84 | { | ||
| 85 | if(recp == NULL) | ||
| 86 | return; | ||
| 87 | |||
| 88 | BN_free(&(recp->N)); | ||
| 89 | BN_free(&(recp->Nr)); | ||
| 90 | if (recp->flags & BN_FLG_MALLOCED) | ||
| 91 | OPENSSL_free(recp); | ||
| 92 | } | ||
| 74 | 93 | ||
| 75 | a=ctx->bn[ctx->tos++]; | 94 | int BN_RECP_CTX_set(BN_RECP_CTX *recp, const BIGNUM *d, BN_CTX *ctx) |
| 76 | b=ctx->bn[ctx->tos++]; | 95 | { |
| 77 | c=ctx->bn[ctx->tos++]; | 96 | if (!BN_copy(&(recp->N),d)) return 0; |
| 78 | d=ctx->bn[ctx->tos++]; | 97 | if (!BN_zero(&(recp->Nr))) return 0; |
| 98 | recp->num_bits=BN_num_bits(d); | ||
| 99 | recp->shift=0; | ||
| 100 | return(1); | ||
| 101 | } | ||
| 102 | |||
| 103 | int BN_mod_mul_reciprocal(BIGNUM *r, const BIGNUM *x, const BIGNUM *y, | ||
| 104 | BN_RECP_CTX *recp, BN_CTX *ctx) | ||
| 105 | { | ||
| 106 | int ret=0; | ||
| 107 | BIGNUM *a; | ||
| 108 | const BIGNUM *ca; | ||
| 79 | 109 | ||
| 80 | if (x == y) | 110 | BN_CTX_start(ctx); |
| 81 | { if (!BN_sqr(a,x,ctx)) goto err; } | 111 | if ((a = BN_CTX_get(ctx)) == NULL) goto err; |
| 112 | if (y != NULL) | ||
| 113 | { | ||
| 114 | if (x == y) | ||
| 115 | { if (!BN_sqr(a,x,ctx)) goto err; } | ||
| 116 | else | ||
| 117 | { if (!BN_mul(a,x,y,ctx)) goto err; } | ||
| 118 | ca = a; | ||
| 119 | } | ||
| 82 | else | 120 | else |
| 83 | { if (!BN_mul(a,x,y)) goto err; } | 121 | ca=x; /* Just do the mod */ |
| 84 | if (!BN_rshift(d,a,nb)) goto err; | 122 | |
| 85 | if (!BN_mul(b,d,i)) goto err; | 123 | ret = BN_div_recp(NULL,r,ca,recp,ctx); |
| 86 | if (!BN_rshift(c,b,nb)) goto err; | 124 | err: |
| 87 | if (!BN_mul(b,m,c)) goto err; | 125 | BN_CTX_end(ctx); |
| 88 | if (!BN_sub(r,a,b)) goto err; | 126 | return(ret); |
| 127 | } | ||
| 128 | |||
| 129 | int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, | ||
| 130 | BN_RECP_CTX *recp, BN_CTX *ctx) | ||
| 131 | { | ||
| 132 | int i,j,ret=0; | ||
| 133 | BIGNUM *a,*b,*d,*r; | ||
| 134 | |||
| 135 | BN_CTX_start(ctx); | ||
| 136 | a=BN_CTX_get(ctx); | ||
| 137 | b=BN_CTX_get(ctx); | ||
| 138 | if (dv != NULL) | ||
| 139 | d=dv; | ||
| 140 | else | ||
| 141 | d=BN_CTX_get(ctx); | ||
| 142 | if (rem != NULL) | ||
| 143 | r=rem; | ||
| 144 | else | ||
| 145 | r=BN_CTX_get(ctx); | ||
| 146 | if (a == NULL || b == NULL || d == NULL || r == NULL) goto err; | ||
| 147 | |||
| 148 | if (BN_ucmp(m,&(recp->N)) < 0) | ||
| 149 | { | ||
| 150 | if (!BN_zero(d)) return 0; | ||
| 151 | if (!BN_copy(r,m)) return 0; | ||
| 152 | BN_CTX_end(ctx); | ||
| 153 | return(1); | ||
| 154 | } | ||
| 155 | |||
| 156 | /* We want the remainder | ||
| 157 | * Given input of ABCDEF / ab | ||
| 158 | * we need multiply ABCDEF by 3 digests of the reciprocal of ab | ||
| 159 | * | ||
| 160 | */ | ||
| 161 | |||
| 162 | /* i := max(BN_num_bits(m), 2*BN_num_bits(N)) */ | ||
| 163 | i=BN_num_bits(m); | ||
| 164 | j=recp->num_bits<<1; | ||
| 165 | if (j>i) i=j; | ||
| 166 | |||
| 167 | /* Nr := round(2^i / N) */ | ||
| 168 | if (i != recp->shift) | ||
| 169 | recp->shift=BN_reciprocal(&(recp->Nr),&(recp->N), | ||
| 170 | i,ctx); /* BN_reciprocal returns i, or -1 for an error */ | ||
| 171 | if (recp->shift == -1) goto err; | ||
| 172 | |||
| 173 | /* d := |round(round(m / 2^BN_num_bits(N)) * recp->Nr / 2^(i - BN_num_bits(N)))| | ||
| 174 | * = |round(round(m / 2^BN_num_bits(N)) * round(2^i / N) / 2^(i - BN_num_bits(N)))| | ||
| 175 | * <= |(m / 2^BN_num_bits(N)) * (2^i / N) * (2^BN_num_bits(N) / 2^i)| | ||
| 176 | * = |m/N| | ||
| 177 | */ | ||
| 178 | if (!BN_rshift(a,m,recp->num_bits)) goto err; | ||
| 179 | if (!BN_mul(b,a,&(recp->Nr),ctx)) goto err; | ||
| 180 | if (!BN_rshift(d,b,i-recp->num_bits)) goto err; | ||
| 181 | d->neg=0; | ||
| 182 | |||
| 183 | if (!BN_mul(b,&(recp->N),d,ctx)) goto err; | ||
| 184 | if (!BN_usub(r,m,b)) goto err; | ||
| 185 | r->neg=0; | ||
| 186 | |||
| 187 | #if 1 | ||
| 89 | j=0; | 188 | j=0; |
| 90 | while (BN_cmp(r,m) >= 0) | 189 | while (BN_ucmp(r,&(recp->N)) >= 0) |
| 91 | { | 190 | { |
| 92 | if (j++ > 2) | 191 | if (j++ > 2) |
| 93 | { | 192 | { |
| 94 | BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); | 193 | BNerr(BN_F_BN_MOD_MUL_RECIPROCAL,BN_R_BAD_RECIPROCAL); |
| 95 | goto err; | 194 | goto err; |
| 96 | } | 195 | } |
| 97 | if (!BN_sub(r,r,m)) goto err; | 196 | if (!BN_usub(r,r,&(recp->N))) goto err; |
| 197 | if (!BN_add_word(d,1)) goto err; | ||
| 98 | } | 198 | } |
| 199 | #endif | ||
| 99 | 200 | ||
| 201 | r->neg=BN_is_zero(r)?0:m->neg; | ||
| 202 | d->neg=m->neg^recp->N.neg; | ||
| 100 | ret=1; | 203 | ret=1; |
| 101 | err: | 204 | err: |
| 102 | ctx->tos-=4; | 205 | BN_CTX_end(ctx); |
| 103 | return(ret); | 206 | return(ret); |
| 104 | } | 207 | } |
| 105 | 208 | ||
| 106 | int BN_reciprocal(r, m,ctx) | 209 | /* len is the expected size of the result |
| 107 | BIGNUM *r; | 210 | * We actually calculate with an extra word of precision, so |
| 108 | BIGNUM *m; | 211 | * we can do faster division if the remainder is not required. |
| 109 | BN_CTX *ctx; | 212 | */ |
| 213 | /* r := 2^len / m */ | ||
| 214 | int BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) | ||
| 110 | { | 215 | { |
| 111 | int nm,ret= -1; | 216 | int ret= -1; |
| 112 | BIGNUM *t; | 217 | BIGNUM t; |
| 113 | 218 | ||
| 114 | t=ctx->bn[ctx->tos++]; | 219 | BN_init(&t); |
| 115 | 220 | ||
| 116 | nm=BN_num_bits(m); | 221 | if (!BN_zero(&t)) goto err; |
| 117 | if (!BN_lshift(t,BN_value_one(),nm*2)) goto err; | 222 | if (!BN_set_bit(&t,len)) goto err; |
| 118 | 223 | ||
| 119 | if (!BN_div(r,NULL,t,m,ctx)) goto err; | 224 | if (!BN_div(r,NULL,&t,m,ctx)) goto err; |
| 120 | ret=nm; | 225 | |
| 226 | ret=len; | ||
| 121 | err: | 227 | err: |
| 122 | ctx->tos--; | 228 | BN_free(&t); |
| 123 | return(ret); | 229 | return(ret); |
| 124 | } | 230 | } |
| 125 | |||
diff --git a/src/lib/libcrypto/bn/bn_shift.c b/src/lib/libcrypto/bn/bn_shift.c index 944bf1794b..70f785ea18 100644 --- a/src/lib/libcrypto/bn/bn_shift.c +++ b/src/lib/libcrypto/bn/bn_shift.c | |||
| @@ -60,9 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | int BN_lshift1(r, a) | 63 | int BN_lshift1(BIGNUM *r, const BIGNUM *a) |
| 64 | BIGNUM *r; | ||
| 65 | BIGNUM *a; | ||
| 66 | { | 64 | { |
| 67 | register BN_ULONG *ap,*rp,t,c; | 65 | register BN_ULONG *ap,*rp,t,c; |
| 68 | int i; | 66 | int i; |
| @@ -94,9 +92,7 @@ BIGNUM *a; | |||
| 94 | return(1); | 92 | return(1); |
| 95 | } | 93 | } |
| 96 | 94 | ||
| 97 | int BN_rshift1(r, a) | 95 | int BN_rshift1(BIGNUM *r, const BIGNUM *a) |
| 98 | BIGNUM *r; | ||
| 99 | BIGNUM *a; | ||
| 100 | { | 96 | { |
| 101 | BN_ULONG *ap,*rp,t,c; | 97 | BN_ULONG *ap,*rp,t,c; |
| 102 | int i; | 98 | int i; |
| @@ -125,18 +121,15 @@ BIGNUM *a; | |||
| 125 | return(1); | 121 | return(1); |
| 126 | } | 122 | } |
| 127 | 123 | ||
| 128 | int BN_lshift(r, a, n) | 124 | int BN_lshift(BIGNUM *r, const BIGNUM *a, int n) |
| 129 | BIGNUM *r; | ||
| 130 | BIGNUM *a; | ||
| 131 | int n; | ||
| 132 | { | 125 | { |
| 133 | int i,nw,lb,rb; | 126 | int i,nw,lb,rb; |
| 134 | BN_ULONG *t,*f; | 127 | BN_ULONG *t,*f; |
| 135 | BN_ULONG l; | 128 | BN_ULONG l; |
| 136 | 129 | ||
| 137 | r->neg=a->neg; | 130 | r->neg=a->neg; |
| 138 | if (bn_wexpand(r,a->top+(n/BN_BITS2)+1) == NULL) return(0); | ||
| 139 | nw=n/BN_BITS2; | 131 | nw=n/BN_BITS2; |
| 132 | if (bn_wexpand(r,a->top+nw+1) == NULL) return(0); | ||
| 140 | lb=n%BN_BITS2; | 133 | lb=n%BN_BITS2; |
| 141 | rb=BN_BITS2-lb; | 134 | rb=BN_BITS2-lb; |
| 142 | f=a->d; | 135 | f=a->d; |
| @@ -160,10 +153,7 @@ int n; | |||
| 160 | return(1); | 153 | return(1); |
| 161 | } | 154 | } |
| 162 | 155 | ||
| 163 | int BN_rshift(r, a, n) | 156 | int BN_rshift(BIGNUM *r, const BIGNUM *a, int n) |
| 164 | BIGNUM *r; | ||
| 165 | BIGNUM *a; | ||
| 166 | int n; | ||
| 167 | { | 157 | { |
| 168 | int i,j,nw,lb,rb; | 158 | int i,j,nw,lb,rb; |
| 169 | BN_ULONG *t,*f; | 159 | BN_ULONG *t,*f; |
| @@ -172,7 +162,7 @@ int n; | |||
| 172 | nw=n/BN_BITS2; | 162 | nw=n/BN_BITS2; |
| 173 | rb=n%BN_BITS2; | 163 | rb=n%BN_BITS2; |
| 174 | lb=BN_BITS2-rb; | 164 | lb=BN_BITS2-rb; |
| 175 | if (nw > a->top) | 165 | if (nw > a->top || a->top == 0) |
| 176 | { | 166 | { |
| 177 | BN_zero(r); | 167 | BN_zero(r); |
| 178 | return(1); | 168 | return(1); |
| @@ -182,6 +172,11 @@ int n; | |||
| 182 | r->neg=a->neg; | 172 | r->neg=a->neg; |
| 183 | if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); | 173 | if (bn_wexpand(r,a->top-nw+1) == NULL) return(0); |
| 184 | } | 174 | } |
| 175 | else | ||
| 176 | { | ||
| 177 | if (n == 0) | ||
| 178 | return 1; /* or the copying loop will go berserk */ | ||
| 179 | } | ||
| 185 | 180 | ||
| 186 | f= &(a->d[nw]); | 181 | f= &(a->d[nw]); |
| 187 | t=r->d; | 182 | t=r->d; |
diff --git a/src/lib/libcrypto/bn/bn_sqr.c b/src/lib/libcrypto/bn/bn_sqr.c index a8464610e5..c1d0cca438 100644 --- a/src/lib/libcrypto/bn/bn_sqr.c +++ b/src/lib/libcrypto/bn/bn_sqr.c | |||
| @@ -62,35 +62,105 @@ | |||
| 62 | 62 | ||
| 63 | /* r must not be a */ | 63 | /* r must not be a */ |
| 64 | /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ | 64 | /* I've just gone over this and it is now %20 faster on x86 - eay - 27 Jun 96 */ |
| 65 | int BN_sqr(r, a, ctx) | 65 | int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) |
| 66 | BIGNUM *r; | ||
| 67 | BIGNUM *a; | ||
| 68 | BN_CTX *ctx; | ||
| 69 | { | 66 | { |
| 70 | int i,j,max,al; | 67 | int max,al; |
| 71 | BIGNUM *tmp; | 68 | int ret = 0; |
| 72 | BN_ULONG *ap,*rp; | 69 | BIGNUM *tmp,*rr; |
| 73 | 70 | ||
| 74 | tmp=ctx->bn[ctx->tos]; | 71 | #ifdef BN_COUNT |
| 72 | fprintf(stderr,"BN_sqr %d * %d\n",a->top,a->top); | ||
| 73 | #endif | ||
| 74 | bn_check_top(a); | ||
| 75 | 75 | ||
| 76 | al=a->top; | 76 | al=a->top; |
| 77 | if (al == 0) | 77 | if (al <= 0) |
| 78 | { | 78 | { |
| 79 | r->top=0; | 79 | r->top=0; |
| 80 | return(1); | 80 | return(1); |
| 81 | } | 81 | } |
| 82 | 82 | ||
| 83 | max=(al*2); | 83 | BN_CTX_start(ctx); |
| 84 | if (bn_wexpand(r,1+max) == NULL) return(0); | 84 | rr=(a != r) ? r : BN_CTX_get(ctx); |
| 85 | if (bn_wexpand(tmp,1+max) == NULL) return(0); | 85 | tmp=BN_CTX_get(ctx); |
| 86 | if (tmp == NULL) goto err; | ||
| 86 | 87 | ||
| 87 | r->neg=0; | 88 | max=(al+al); |
| 89 | if (bn_wexpand(rr,max+1) == NULL) goto err; | ||
| 88 | 90 | ||
| 89 | ap=a->d; | 91 | if (al == 4) |
| 90 | rp=r->d; | 92 | { |
| 93 | #ifndef BN_SQR_COMBA | ||
| 94 | BN_ULONG t[8]; | ||
| 95 | bn_sqr_normal(rr->d,a->d,4,t); | ||
| 96 | #else | ||
| 97 | bn_sqr_comba4(rr->d,a->d); | ||
| 98 | #endif | ||
| 99 | } | ||
| 100 | else if (al == 8) | ||
| 101 | { | ||
| 102 | #ifndef BN_SQR_COMBA | ||
| 103 | BN_ULONG t[16]; | ||
| 104 | bn_sqr_normal(rr->d,a->d,8,t); | ||
| 105 | #else | ||
| 106 | bn_sqr_comba8(rr->d,a->d); | ||
| 107 | #endif | ||
| 108 | } | ||
| 109 | else | ||
| 110 | { | ||
| 111 | #if defined(BN_RECURSION) | ||
| 112 | if (al < BN_SQR_RECURSIVE_SIZE_NORMAL) | ||
| 113 | { | ||
| 114 | BN_ULONG t[BN_SQR_RECURSIVE_SIZE_NORMAL*2]; | ||
| 115 | bn_sqr_normal(rr->d,a->d,al,t); | ||
| 116 | } | ||
| 117 | else | ||
| 118 | { | ||
| 119 | int j,k; | ||
| 120 | |||
| 121 | j=BN_num_bits_word((BN_ULONG)al); | ||
| 122 | j=1<<(j-1); | ||
| 123 | k=j+j; | ||
| 124 | if (al == j) | ||
| 125 | { | ||
| 126 | if (bn_wexpand(tmp,k*2) == NULL) goto err; | ||
| 127 | bn_sqr_recursive(rr->d,a->d,al,tmp->d); | ||
| 128 | } | ||
| 129 | else | ||
| 130 | { | ||
| 131 | if (bn_wexpand(tmp,max) == NULL) goto err; | ||
| 132 | bn_sqr_normal(rr->d,a->d,al,tmp->d); | ||
| 133 | } | ||
| 134 | } | ||
| 135 | #else | ||
| 136 | if (bn_wexpand(tmp,max) == NULL) goto err; | ||
| 137 | bn_sqr_normal(rr->d,a->d,al,tmp->d); | ||
| 138 | #endif | ||
| 139 | } | ||
| 140 | |||
| 141 | rr->top=max; | ||
| 142 | rr->neg=0; | ||
| 143 | if ((max > 0) && (rr->d[max-1] == 0)) rr->top--; | ||
| 144 | if (rr != r) BN_copy(r,rr); | ||
| 145 | ret = 1; | ||
| 146 | err: | ||
| 147 | BN_CTX_end(ctx); | ||
| 148 | return(ret); | ||
| 149 | } | ||
| 150 | |||
| 151 | /* tmp must have 2*n words */ | ||
| 152 | void bn_sqr_normal(BN_ULONG *r, const BN_ULONG *a, int n, BN_ULONG *tmp) | ||
| 153 | { | ||
| 154 | int i,j,max; | ||
| 155 | const BN_ULONG *ap; | ||
| 156 | BN_ULONG *rp; | ||
| 157 | |||
| 158 | max=n*2; | ||
| 159 | ap=a; | ||
| 160 | rp=r; | ||
| 91 | rp[0]=rp[max-1]=0; | 161 | rp[0]=rp[max-1]=0; |
| 92 | rp++; | 162 | rp++; |
| 93 | j=al; | 163 | j=n; |
| 94 | 164 | ||
| 95 | if (--j > 0) | 165 | if (--j > 0) |
| 96 | { | 166 | { |
| @@ -99,7 +169,7 @@ BN_CTX *ctx; | |||
| 99 | rp+=2; | 169 | rp+=2; |
| 100 | } | 170 | } |
| 101 | 171 | ||
| 102 | for (i=2; i<al; i++) | 172 | for (i=n-2; i>0; i--) |
| 103 | { | 173 | { |
| 104 | j--; | 174 | j--; |
| 105 | ap++; | 175 | ap++; |
| @@ -107,16 +177,112 @@ BN_CTX *ctx; | |||
| 107 | rp+=2; | 177 | rp+=2; |
| 108 | } | 178 | } |
| 109 | 179 | ||
| 110 | bn_add_words(r->d,r->d,r->d,max); | 180 | bn_add_words(r,r,r,max); |
| 111 | 181 | ||
| 112 | /* There will not be a carry */ | 182 | /* There will not be a carry */ |
| 113 | 183 | ||
| 114 | bn_sqr_words(tmp->d,a->d,al); | 184 | bn_sqr_words(tmp,a,n); |
| 115 | 185 | ||
| 116 | bn_add_words(r->d,r->d,tmp->d,max); | 186 | bn_add_words(r,r,tmp,max); |
| 117 | |||
| 118 | r->top=max; | ||
| 119 | if (r->d[max-1] == 0) r->top--; | ||
| 120 | return(1); | ||
| 121 | } | 187 | } |
| 122 | 188 | ||
| 189 | #ifdef BN_RECURSION | ||
| 190 | /* r is 2*n words in size, | ||
| 191 | * a and b are both n words in size. (There's not actually a 'b' here ...) | ||
| 192 | * n must be a power of 2. | ||
| 193 | * We multiply and return the result. | ||
| 194 | * t must be 2*n words in size | ||
| 195 | * We calculate | ||
| 196 | * a[0]*b[0] | ||
| 197 | * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0]) | ||
| 198 | * a[1]*b[1] | ||
| 199 | */ | ||
| 200 | void bn_sqr_recursive(BN_ULONG *r, const BN_ULONG *a, int n2, BN_ULONG *t) | ||
| 201 | { | ||
| 202 | int n=n2/2; | ||
| 203 | int zero,c1; | ||
| 204 | BN_ULONG ln,lo,*p; | ||
| 205 | |||
| 206 | #ifdef BN_COUNT | ||
| 207 | fprintf(stderr," bn_sqr_recursive %d * %d\n",n2,n2); | ||
| 208 | #endif | ||
| 209 | if (n2 == 4) | ||
| 210 | { | ||
| 211 | #ifndef BN_SQR_COMBA | ||
| 212 | bn_sqr_normal(r,a,4,t); | ||
| 213 | #else | ||
| 214 | bn_sqr_comba4(r,a); | ||
| 215 | #endif | ||
| 216 | return; | ||
| 217 | } | ||
| 218 | else if (n2 == 8) | ||
| 219 | { | ||
| 220 | #ifndef BN_SQR_COMBA | ||
| 221 | bn_sqr_normal(r,a,8,t); | ||
| 222 | #else | ||
| 223 | bn_sqr_comba8(r,a); | ||
| 224 | #endif | ||
| 225 | return; | ||
| 226 | } | ||
| 227 | if (n2 < BN_SQR_RECURSIVE_SIZE_NORMAL) | ||
| 228 | { | ||
| 229 | bn_sqr_normal(r,a,n2,t); | ||
| 230 | return; | ||
| 231 | } | ||
| 232 | /* r=(a[0]-a[1])*(a[1]-a[0]) */ | ||
| 233 | c1=bn_cmp_words(a,&(a[n]),n); | ||
| 234 | zero=0; | ||
| 235 | if (c1 > 0) | ||
| 236 | bn_sub_words(t,a,&(a[n]),n); | ||
| 237 | else if (c1 < 0) | ||
| 238 | bn_sub_words(t,&(a[n]),a,n); | ||
| 239 | else | ||
| 240 | zero=1; | ||
| 241 | |||
| 242 | /* The result will always be negative unless it is zero */ | ||
| 243 | p= &(t[n2*2]); | ||
| 244 | |||
| 245 | if (!zero) | ||
| 246 | bn_sqr_recursive(&(t[n2]),t,n,p); | ||
| 247 | else | ||
| 248 | memset(&(t[n2]),0,n2*sizeof(BN_ULONG)); | ||
| 249 | bn_sqr_recursive(r,a,n,p); | ||
| 250 | bn_sqr_recursive(&(r[n2]),&(a[n]),n,p); | ||
| 251 | |||
| 252 | /* t[32] holds (a[0]-a[1])*(a[1]-a[0]), it is negative or zero | ||
| 253 | * r[10] holds (a[0]*b[0]) | ||
| 254 | * r[32] holds (b[1]*b[1]) | ||
| 255 | */ | ||
| 256 | |||
| 257 | c1=(int)(bn_add_words(t,r,&(r[n2]),n2)); | ||
| 258 | |||
| 259 | /* t[32] is negative */ | ||
| 260 | c1-=(int)(bn_sub_words(&(t[n2]),t,&(t[n2]),n2)); | ||
| 261 | |||
| 262 | /* t[32] holds (a[0]-a[1])*(a[1]-a[0])+(a[0]*a[0])+(a[1]*a[1]) | ||
| 263 | * r[10] holds (a[0]*a[0]) | ||
| 264 | * r[32] holds (a[1]*a[1]) | ||
| 265 | * c1 holds the carry bits | ||
| 266 | */ | ||
| 267 | c1+=(int)(bn_add_words(&(r[n]),&(r[n]),&(t[n2]),n2)); | ||
| 268 | if (c1) | ||
| 269 | { | ||
| 270 | p= &(r[n+n2]); | ||
| 271 | lo= *p; | ||
| 272 | ln=(lo+c1)&BN_MASK2; | ||
| 273 | *p=ln; | ||
| 274 | |||
| 275 | /* The overflow will stop before we over write | ||
| 276 | * words we should not overwrite */ | ||
| 277 | if (ln < (BN_ULONG)c1) | ||
| 278 | { | ||
| 279 | do { | ||
| 280 | p++; | ||
| 281 | lo= *p; | ||
| 282 | ln=(lo+1)&BN_MASK2; | ||
| 283 | *p=ln; | ||
| 284 | } while (ln == 0); | ||
| 285 | } | ||
| 286 | } | ||
| 287 | } | ||
| 288 | #endif | ||
diff --git a/src/lib/libcrypto/bn/bn_word.c b/src/lib/libcrypto/bn/bn_word.c index 4b3d0f011d..cd59baa2c4 100644 --- a/src/lib/libcrypto/bn/bn_word.c +++ b/src/lib/libcrypto/bn/bn_word.c | |||
| @@ -60,9 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn_lcl.h" | 61 | #include "bn_lcl.h" |
| 62 | 62 | ||
| 63 | BN_ULONG BN_mod_word(a, w) | 63 | BN_ULONG BN_mod_word(const BIGNUM *a, BN_ULONG w) |
| 64 | BIGNUM *a; | ||
| 65 | unsigned long w; | ||
| 66 | { | 64 | { |
| 67 | #ifndef BN_LLONG | 65 | #ifndef BN_LLONG |
| 68 | BN_ULONG ret=0; | 66 | BN_ULONG ret=0; |
| @@ -75,8 +73,8 @@ unsigned long w; | |||
| 75 | for (i=a->top-1; i>=0; i--) | 73 | for (i=a->top-1; i>=0; i--) |
| 76 | { | 74 | { |
| 77 | #ifndef BN_LLONG | 75 | #ifndef BN_LLONG |
| 78 | ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%(unsigned long)w; | 76 | ret=((ret<<BN_BITS4)|((a->d[i]>>BN_BITS4)&BN_MASK2l))%w; |
| 79 | ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%(unsigned long)w; | 77 | ret=((ret<<BN_BITS4)|(a->d[i]&BN_MASK2l))%w; |
| 80 | #else | 78 | #else |
| 81 | ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% | 79 | ret=(BN_ULLONG)(((ret<<(BN_ULLONG)BN_BITS2)|a->d[i])% |
| 82 | (BN_ULLONG)w); | 80 | (BN_ULLONG)w); |
| @@ -85,9 +83,7 @@ unsigned long w; | |||
| 85 | return((BN_ULONG)ret); | 83 | return((BN_ULONG)ret); |
| 86 | } | 84 | } |
| 87 | 85 | ||
| 88 | BN_ULONG BN_div_word(a, w) | 86 | BN_ULONG BN_div_word(BIGNUM *a, BN_ULONG w) |
| 89 | BIGNUM *a; | ||
| 90 | unsigned long w; | ||
| 91 | { | 87 | { |
| 92 | BN_ULONG ret; | 88 | BN_ULONG ret; |
| 93 | int i; | 89 | int i; |
| @@ -100,18 +96,16 @@ unsigned long w; | |||
| 100 | BN_ULONG l,d; | 96 | BN_ULONG l,d; |
| 101 | 97 | ||
| 102 | l=a->d[i]; | 98 | l=a->d[i]; |
| 103 | d=bn_div64(ret,l,w); | 99 | d=bn_div_words(ret,l,w); |
| 104 | ret=(l-((d*w)&BN_MASK2))&BN_MASK2; | 100 | ret=(l-((d*w)&BN_MASK2))&BN_MASK2; |
| 105 | a->d[i]=d; | 101 | a->d[i]=d; |
| 106 | } | 102 | } |
| 107 | if (a->d[a->top-1] == 0) | 103 | if ((a->top > 0) && (a->d[a->top-1] == 0)) |
| 108 | a->top--; | 104 | a->top--; |
| 109 | return(ret); | 105 | return(ret); |
| 110 | } | 106 | } |
| 111 | 107 | ||
| 112 | int BN_add_word(a, w) | 108 | int BN_add_word(BIGNUM *a, BN_ULONG w) |
| 113 | BIGNUM *a; | ||
| 114 | unsigned long w; | ||
| 115 | { | 109 | { |
| 116 | BN_ULONG l; | 110 | BN_ULONG l; |
| 117 | int i; | 111 | int i; |
| @@ -121,7 +115,7 @@ unsigned long w; | |||
| 121 | a->neg=0; | 115 | a->neg=0; |
| 122 | i=BN_sub_word(a,w); | 116 | i=BN_sub_word(a,w); |
| 123 | if (!BN_is_zero(a)) | 117 | if (!BN_is_zero(a)) |
| 124 | a->neg=1; | 118 | a->neg=!(a->neg); |
| 125 | return(i); | 119 | return(i); |
| 126 | } | 120 | } |
| 127 | w&=BN_MASK2; | 121 | w&=BN_MASK2; |
| @@ -142,13 +136,11 @@ unsigned long w; | |||
| 142 | return(1); | 136 | return(1); |
| 143 | } | 137 | } |
| 144 | 138 | ||
| 145 | int BN_sub_word(a, w) | 139 | int BN_sub_word(BIGNUM *a, BN_ULONG w) |
| 146 | BIGNUM *a; | ||
| 147 | unsigned long w; | ||
| 148 | { | 140 | { |
| 149 | int i; | 141 | int i; |
| 150 | 142 | ||
| 151 | if (a->neg) | 143 | if (BN_is_zero(a) || a->neg) |
| 152 | { | 144 | { |
| 153 | a->neg=0; | 145 | a->neg=0; |
| 154 | i=BN_add_word(a,w); | 146 | i=BN_add_word(a,w); |
| @@ -183,22 +175,25 @@ unsigned long w; | |||
| 183 | return(1); | 175 | return(1); |
| 184 | } | 176 | } |
| 185 | 177 | ||
| 186 | int BN_mul_word(a,w) | 178 | int BN_mul_word(BIGNUM *a, BN_ULONG w) |
| 187 | BIGNUM *a; | ||
| 188 | unsigned long w; | ||
| 189 | { | 179 | { |
| 190 | BN_ULONG ll; | 180 | BN_ULONG ll; |
| 191 | 181 | ||
| 192 | w&=BN_MASK2; | 182 | w&=BN_MASK2; |
| 193 | if (a->top) | 183 | if (a->top) |
| 194 | { | 184 | { |
| 195 | ll=bn_mul_words(a->d,a->d,a->top,w); | 185 | if (w == 0) |
| 196 | if (ll) | 186 | BN_zero(a); |
| 187 | else | ||
| 197 | { | 188 | { |
| 198 | if (bn_wexpand(a,a->top+1) == NULL) return(0); | 189 | ll=bn_mul_words(a->d,a->d,a->top,w); |
| 199 | a->d[a->top++]=ll; | 190 | if (ll) |
| 191 | { | ||
| 192 | if (bn_wexpand(a,a->top+1) == NULL) return(0); | ||
| 193 | a->d[a->top++]=ll; | ||
| 194 | } | ||
| 200 | } | 195 | } |
| 201 | } | 196 | } |
| 202 | return(0); | 197 | return(1); |
| 203 | } | 198 | } |
| 204 | 199 | ||
diff --git a/src/lib/libcrypto/buffer/buf_err.c b/src/lib/libcrypto/buffer/buf_err.c index ff988852cc..5eee653e14 100644 --- a/src/lib/libcrypto/buffer/buf_err.c +++ b/src/lib/libcrypto/buffer/buf_err.c | |||
| @@ -1,86 +1,94 @@ | |||
| 1 | /* lib/buf/buf_err.c */ | 1 | /* crypto/buffer/buf_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 57 | */ | 59 | */ |
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA BUF_str_functs[]= | 67 | static ERR_STRING_DATA BUF_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, | 69 | {ERR_PACK(0,BUF_F_BUF_MEM_GROW,0), "BUF_MEM_grow"}, |
| 67 | {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, | 70 | {ERR_PACK(0,BUF_F_BUF_MEM_NEW,0), "BUF_MEM_new"}, |
| 68 | {ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, | 71 | {ERR_PACK(0,BUF_F_BUF_STRDUP,0), "BUF_strdup"}, |
| 69 | {ERR_PACK(0,BUF_F_PXYCLNT_READ,0), "PXYCLNT_READ"}, | 72 | {0,NULL} |
| 70 | {0,NULL}, | 73 | }; |
| 74 | |||
| 75 | static ERR_STRING_DATA BUF_str_reasons[]= | ||
| 76 | { | ||
| 77 | {0,NULL} | ||
| 71 | }; | 78 | }; |
| 72 | 79 | ||
| 73 | #endif | 80 | #endif |
| 74 | 81 | ||
| 75 | void ERR_load_BUF_strings() | 82 | void ERR_load_BUF_strings(void) |
| 76 | { | 83 | { |
| 77 | static int init=1; | 84 | static int init=1; |
| 78 | 85 | ||
| 79 | if (init); | 86 | if (init) |
| 80 | {; | 87 | { |
| 81 | init=0; | 88 | init=0; |
| 82 | #ifndef NO_ERR | 89 | #ifndef OPENSSL_NO_ERR |
| 83 | ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); | 90 | ERR_load_strings(ERR_LIB_BUF,BUF_str_functs); |
| 91 | ERR_load_strings(ERR_LIB_BUF,BUF_str_reasons); | ||
| 84 | #endif | 92 | #endif |
| 85 | 93 | ||
| 86 | } | 94 | } |
diff --git a/src/lib/libcrypto/buffer/buffer.c b/src/lib/libcrypto/buffer/buffer.c index 7e8af9e2fa..9299baba9e 100644 --- a/src/lib/libcrypto/buffer/buffer.c +++ b/src/lib/libcrypto/buffer/buffer.c | |||
| @@ -58,13 +58,13 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | 62 | ||
| 63 | BUF_MEM *BUF_MEM_new() | 63 | BUF_MEM *BUF_MEM_new(void) |
| 64 | { | 64 | { |
| 65 | BUF_MEM *ret; | 65 | BUF_MEM *ret; |
| 66 | 66 | ||
| 67 | ret=(BUF_MEM *)Malloc(sizeof(BUF_MEM)); | 67 | ret=OPENSSL_malloc(sizeof(BUF_MEM)); |
| 68 | if (ret == NULL) | 68 | if (ret == NULL) |
| 69 | { | 69 | { |
| 70 | BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); | 70 | BUFerr(BUF_F_BUF_MEM_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -76,20 +76,20 @@ BUF_MEM *BUF_MEM_new() | |||
| 76 | return(ret); | 76 | return(ret); |
| 77 | } | 77 | } |
| 78 | 78 | ||
| 79 | void BUF_MEM_free(a) | 79 | void BUF_MEM_free(BUF_MEM *a) |
| 80 | BUF_MEM *a; | ||
| 81 | { | 80 | { |
| 81 | if(a == NULL) | ||
| 82 | return; | ||
| 83 | |||
| 82 | if (a->data != NULL) | 84 | if (a->data != NULL) |
| 83 | { | 85 | { |
| 84 | memset(a->data,0,(unsigned int)a->max); | 86 | memset(a->data,0,(unsigned int)a->max); |
| 85 | Free(a->data); | 87 | OPENSSL_free(a->data); |
| 86 | } | 88 | } |
| 87 | Free(a); | 89 | OPENSSL_free(a); |
| 88 | } | 90 | } |
| 89 | 91 | ||
| 90 | int BUF_MEM_grow(str, len) | 92 | int BUF_MEM_grow(BUF_MEM *str, int len) |
| 91 | BUF_MEM *str; | ||
| 92 | int len; | ||
| 93 | { | 93 | { |
| 94 | char *ret; | 94 | char *ret; |
| 95 | unsigned int n; | 95 | unsigned int n; |
| @@ -101,15 +101,15 @@ int len; | |||
| 101 | } | 101 | } |
| 102 | if (str->max >= len) | 102 | if (str->max >= len) |
| 103 | { | 103 | { |
| 104 | memset(&(str->data[str->length]),0,len-str->length); | 104 | memset(&str->data[str->length],0,len-str->length); |
| 105 | str->length=len; | 105 | str->length=len; |
| 106 | return(len); | 106 | return(len); |
| 107 | } | 107 | } |
| 108 | n=(len+3)/3*4; | 108 | n=(len+3)/3*4; |
| 109 | if (str->data == NULL) | 109 | if (str->data == NULL) |
| 110 | ret=(char *)Malloc(n); | 110 | ret=OPENSSL_malloc(n); |
| 111 | else | 111 | else |
| 112 | ret=(char *)Realloc(str->data,n); | 112 | ret=OPENSSL_realloc(str->data,n); |
| 113 | if (ret == NULL) | 113 | if (ret == NULL) |
| 114 | { | 114 | { |
| 115 | BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); | 115 | BUFerr(BUF_F_BUF_MEM_GROW,ERR_R_MALLOC_FAILURE); |
| @@ -118,14 +118,14 @@ int len; | |||
| 118 | else | 118 | else |
| 119 | { | 119 | { |
| 120 | str->data=ret; | 120 | str->data=ret; |
| 121 | str->length=len; | ||
| 122 | str->max=n; | 121 | str->max=n; |
| 122 | memset(&str->data[str->length],0,len-str->length); | ||
| 123 | str->length=len; | ||
| 123 | } | 124 | } |
| 124 | return(len); | 125 | return(len); |
| 125 | } | 126 | } |
| 126 | 127 | ||
| 127 | char *BUF_strdup(str) | 128 | char *BUF_strdup(const char *str) |
| 128 | char *str; | ||
| 129 | { | 129 | { |
| 130 | char *ret; | 130 | char *ret; |
| 131 | int n; | 131 | int n; |
| @@ -133,7 +133,7 @@ char *str; | |||
| 133 | if (str == NULL) return(NULL); | 133 | if (str == NULL) return(NULL); |
| 134 | 134 | ||
| 135 | n=strlen(str); | 135 | n=strlen(str); |
| 136 | ret=Malloc(n+1); | 136 | ret=OPENSSL_malloc(n+1); |
| 137 | if (ret == NULL) | 137 | if (ret == NULL) |
| 138 | { | 138 | { |
| 139 | BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); | 139 | BUFerr(BUF_F_BUF_STRDUP,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/buffer/buffer.h b/src/lib/libcrypto/buffer/buffer.h index 417548c04a..11e2d0359a 100644 --- a/src/lib/libcrypto/buffer/buffer.h +++ b/src/lib/libcrypto/buffer/buffer.h | |||
| @@ -70,38 +70,27 @@ typedef struct buf_mem_st | |||
| 70 | int max; /* size of buffer */ | 70 | int max; /* size of buffer */ |
| 71 | } BUF_MEM; | 71 | } BUF_MEM; |
| 72 | 72 | ||
| 73 | #ifndef NOPROTO | ||
| 74 | BUF_MEM *BUF_MEM_new(void); | 73 | BUF_MEM *BUF_MEM_new(void); |
| 75 | void BUF_MEM_free(BUF_MEM *a); | 74 | void BUF_MEM_free(BUF_MEM *a); |
| 76 | int BUF_MEM_grow(BUF_MEM *str, int len); | 75 | int BUF_MEM_grow(BUF_MEM *str, int len); |
| 77 | char * BUF_strdup(char *str); | 76 | char * BUF_strdup(const char *str); |
| 78 | |||
| 79 | void ERR_load_BUF_strings(void ); | ||
| 80 | |||
| 81 | #else | ||
| 82 | |||
| 83 | BUF_MEM *BUF_MEM_new(); | ||
| 84 | void BUF_MEM_free(); | ||
| 85 | int BUF_MEM_grow(); | ||
| 86 | char * BUF_strdup(); | ||
| 87 | |||
| 88 | void ERR_load_BUF_strings(); | ||
| 89 | |||
| 90 | #endif | ||
| 91 | 77 | ||
| 92 | /* BEGIN ERROR CODES */ | 78 | /* BEGIN ERROR CODES */ |
| 79 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 80 | * made after this point may be overwritten when the script is next run. | ||
| 81 | */ | ||
| 82 | void ERR_load_BUF_strings(void); | ||
| 83 | |||
| 93 | /* Error codes for the BUF functions. */ | 84 | /* Error codes for the BUF functions. */ |
| 94 | 85 | ||
| 95 | /* Function codes. */ | 86 | /* Function codes. */ |
| 96 | #define BUF_F_BUF_MEM_GROW 100 | 87 | #define BUF_F_BUF_MEM_GROW 100 |
| 97 | #define BUF_F_BUF_MEM_NEW 101 | 88 | #define BUF_F_BUF_MEM_NEW 101 |
| 98 | #define BUF_F_BUF_STRDUP 102 | 89 | #define BUF_F_BUF_STRDUP 102 |
| 99 | #define BUF_F_PXYCLNT_READ 103 | ||
| 100 | 90 | ||
| 101 | /* Reason codes. */ | 91 | /* Reason codes. */ |
| 102 | 92 | ||
| 103 | #ifdef __cplusplus | 93 | #ifdef __cplusplus |
| 104 | } | 94 | } |
| 105 | #endif | 95 | #endif |
| 106 | #endif | 96 | #endif |
| 107 | |||
diff --git a/src/lib/libcrypto/cast/asm/cast-586.pl b/src/lib/libcrypto/cast/asm/cast-586.pl index d0be004c99..6be0bfe572 100644 --- a/src/lib/libcrypto/cast/asm/cast-586.pl +++ b/src/lib/libcrypto/cast/asm/cast-586.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # define for pentium pro friendly version | 3 | # define for pentium pro friendly version |
| 4 | $ppro=1; | 4 | $ppro=1; |
| @@ -7,7 +7,7 @@ push(@INC,"perlasm","../../perlasm"); | |||
| 7 | require "x86asm.pl"; | 7 | require "x86asm.pl"; |
| 8 | require "cbc.pl"; | 8 | require "cbc.pl"; |
| 9 | 9 | ||
| 10 | &asm_init($ARGV[0],"cast-586.pl"); | 10 | &asm_init($ARGV[0],"cast-586.pl",$ARGV[$#ARGV] eq "386"); |
| 11 | 11 | ||
| 12 | $CAST_ROUNDS=16; | 12 | $CAST_ROUNDS=16; |
| 13 | $L="edi"; | 13 | $L="edi"; |
| @@ -32,136 +32,145 @@ $S4="CAST_S_table3"; | |||
| 32 | 32 | ||
| 33 | &asm_finish(); | 33 | &asm_finish(); |
| 34 | 34 | ||
| 35 | sub CAST_encrypt | 35 | sub CAST_encrypt { |
| 36 | { | 36 | local($name,$enc)=@_; |
| 37 | local($name,$enc)=@_; | ||
| 38 | 37 | ||
| 39 | local($win_ex)=<<"EOF"; | 38 | local($win_ex)=<<"EOF"; |
| 40 | EXTERN _CAST_S_table0:DWORD | 39 | EXTERN _CAST_S_table0:DWORD |
| 41 | EXTERN _CAST_S_table1:DWORD | 40 | EXTERN _CAST_S_table1:DWORD |
| 42 | EXTERN _CAST_S_table2:DWORD | 41 | EXTERN _CAST_S_table2:DWORD |
| 43 | EXTERN _CAST_S_table3:DWORD | 42 | EXTERN _CAST_S_table3:DWORD |
| 44 | EOF | 43 | EOF |
| 45 | &main'external_label( | 44 | &main::external_label( |
| 46 | "CAST_S_table0", | 45 | "CAST_S_table0", |
| 47 | "CAST_S_table1", | 46 | "CAST_S_table1", |
| 48 | "CAST_S_table2", | 47 | "CAST_S_table2", |
| 49 | "CAST_S_table3", | 48 | "CAST_S_table3", |
| 50 | ); | 49 | ); |
| 51 | 50 | ||
| 52 | &function_begin_B($name,$win_ex); | 51 | &function_begin_B($name,$win_ex); |
| 53 | 52 | ||
| 54 | &comment(""); | 53 | &comment(""); |
| 55 | 54 | ||
| 56 | &push("ebp"); | 55 | &push("ebp"); |
| 57 | &push("ebx"); | 56 | &push("ebx"); |
| 58 | &mov($tmp2,&wparam(0)); | 57 | &mov($tmp2,&wparam(0)); |
| 59 | &mov($K,&wparam(1)); | 58 | &mov($K,&wparam(1)); |
| 60 | &push("esi"); | 59 | &push("esi"); |
| 61 | &push("edi"); | 60 | &push("edi"); |
| 62 | 61 | ||
| 63 | &comment("Load the 2 words"); | 62 | &comment("Load the 2 words"); |
| 64 | &mov($L,&DWP(0,$tmp2,"",0)); | 63 | &mov($L,&DWP(0,$tmp2,"",0)); |
| 65 | &mov($R,&DWP(4,$tmp2,"",0)); | 64 | &mov($R,&DWP(4,$tmp2,"",0)); |
| 66 | 65 | ||
| 67 | &xor( $tmp3, $tmp3); | 66 | &comment('Get short key flag'); |
| 68 | 67 | &mov($tmp3,&DWP(128,$K,"",0)); | |
| 69 | # encrypting part | 68 | if($enc) { |
| 70 | 69 | &push($tmp3); | |
| 71 | if ($enc) | 70 | } else { |
| 72 | { | 71 | &or($tmp3,$tmp3); |
| 73 | &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 72 | &jnz(&label('cast_dec_skip')); |
| 74 | &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 73 | } |
| 75 | &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 74 | |
| 76 | &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 75 | &xor($tmp3, $tmp3); |
| 77 | &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 76 | |
| 78 | &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 77 | # encrypting part |
| 79 | &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 78 | |
| 80 | &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 79 | if ($enc) { |
| 81 | &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 80 | &E_CAST( 0,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 82 | &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 81 | &E_CAST( 1,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 83 | &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 82 | &E_CAST( 2,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 84 | &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 83 | &E_CAST( 3,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 85 | &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 84 | &E_CAST( 4,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 86 | &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 85 | &E_CAST( 5,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 87 | &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 86 | &E_CAST( 6,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 88 | &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1); | 87 | &E_CAST( 7,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 89 | } | 88 | &E_CAST( 8,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 90 | else | 89 | &E_CAST( 9,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 91 | { | 90 | &E_CAST(10,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 92 | &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 91 | &E_CAST(11,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 93 | &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 92 | &comment('test short key flag'); |
| 94 | &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 93 | &pop($tmp4); |
| 95 | &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 94 | &or($tmp4,$tmp4); |
| 96 | &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 95 | &jnz(&label('cast_enc_done')); |
| 97 | &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 96 | &E_CAST(12,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 98 | &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 97 | &E_CAST(13,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 99 | &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 98 | &E_CAST(14,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 100 | &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 99 | &E_CAST(15,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 101 | &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 100 | } else { |
| 102 | &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 101 | &E_CAST(15,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 103 | &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 102 | &E_CAST(14,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 104 | &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | 103 | &E_CAST(13,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 105 | &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); | 104 | &E_CAST(12,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 106 | &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); | 105 | &set_label('cast_dec_skip'); |
| 107 | &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4,1); | 106 | &E_CAST(11,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 108 | } | 107 | &E_CAST(10,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 109 | 108 | &E_CAST( 9,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | |
| 110 | &nop(); | 109 | &E_CAST( 8,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 111 | &mov(&DWP(4,$tmp3,"",0),$L); | 110 | &E_CAST( 7,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 112 | &mov(&DWP(0,$tmp3,"",0),$R); | 111 | &E_CAST( 6,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 113 | &function_end($name); | 112 | &E_CAST( 5,$S,$L,$R,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 114 | } | 113 | &E_CAST( 4,$S,$R,$L,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 115 | 114 | &E_CAST( 3,$S,$L,$R,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); | |
| 116 | sub E_CAST | 115 | &E_CAST( 2,$S,$R,$L,$K,@F3,$tmp1,$tmp2,$tmp3,$tmp4); |
| 117 | { | 116 | &E_CAST( 1,$S,$L,$R,$K,@F2,$tmp1,$tmp2,$tmp3,$tmp4); |
| 118 | local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4,$lst)=@_; | 117 | &E_CAST( 0,$S,$R,$L,$K,@F1,$tmp1,$tmp2,$tmp3,$tmp4); |
| 119 | # Ri needs to have 16 pre added. | 118 | } |
| 120 | 119 | ||
| 121 | &comment("round $i"); | 120 | &set_label('cast_enc_done') if $enc; |
| 122 | &mov( $tmp4, &DWP($i*8,$K,"",1)); | 121 | # Why the nop? - Ben 17/1/99 |
| 123 | 122 | &nop(); | |
| 124 | &mov( $tmp1, &DWP($i*8+4,$K,"",1));# must be word | 123 | &mov($tmp3,&wparam(0)); |
| 125 | &$OP1( $tmp4, $R); | 124 | &mov(&DWP(4,$tmp3,"",0),$L); |
| 126 | 125 | &mov(&DWP(0,$tmp3,"",0),$R); | |
| 127 | &rotl( $tmp4, &LB($tmp1)); | 126 | &function_end($name); |
| 128 | 127 | } | |
| 129 | if ($ppro) | 128 | |
| 130 | { | 129 | sub E_CAST { |
| 131 | &mov( $tmp2, $tmp4); # B | 130 | local($i,$S,$L,$R,$K,$OP1,$OP2,$OP3,$tmp1,$tmp2,$tmp3,$tmp4)=@_; |
| 132 | &xor( $tmp1, $tmp1); | 131 | # Ri needs to have 16 pre added. |
| 133 | 132 | ||
| 134 | &movb( &LB($tmp1), &HB($tmp4)); # A | 133 | &comment("round $i"); |
| 135 | &and( $tmp2, 0xff); | 134 | &mov( $tmp4, &DWP($i*8,$K,"",1)); |
| 136 | 135 | ||
| 137 | &shr( $tmp4, 16); # | 136 | &mov( $tmp1, &DWP($i*8+4,$K,"",1)); |
| 138 | &xor( $tmp3, $tmp3); | 137 | &$OP1( $tmp4, $R); |
| 139 | } | 138 | |
| 140 | else | 139 | &rotl( $tmp4, &LB($tmp1)); |
| 141 | { | 140 | |
| 142 | &mov( $tmp2, $tmp4); # B | 141 | if ($ppro) { |
| 143 | &movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD | 142 | &mov( $tmp2, $tmp4); # B |
| 144 | 143 | &xor( $tmp1, $tmp1); | |
| 145 | &shr( $tmp4, 16); # | 144 | |
| 146 | &and( $tmp2, 0xff); | 145 | &movb( &LB($tmp1), &HB($tmp4)); # A |
| 147 | } | 146 | &and( $tmp2, 0xff); |
| 148 | 147 | ||
| 149 | &movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD | 148 | &shr( $tmp4, 16); # |
| 150 | &and( $tmp4, 0xff); # D | 149 | &xor( $tmp3, $tmp3); |
| 151 | 150 | } else { | |
| 152 | &mov( $tmp1, &DWP($S1,"",$tmp1,4)); | 151 | &mov( $tmp2, $tmp4); # B |
| 153 | &mov( $tmp2, &DWP($S2,"",$tmp2,4)); | 152 | &movb( &LB($tmp1), &HB($tmp4)); # A # BAD BAD BAD |
| 154 | 153 | ||
| 155 | &$OP2( $tmp1, $tmp2); | 154 | &shr( $tmp4, 16); # |
| 156 | &mov( $tmp2, &DWP($S3,"",$tmp3,4)); | 155 | &and( $tmp2, 0xff); |
| 157 | 156 | } | |
| 158 | &$OP3( $tmp1, $tmp2); | 157 | |
| 159 | &mov( $tmp2, &DWP($S4,"",$tmp4,4)); | 158 | &movb( &LB($tmp3), &HB($tmp4)); # C # BAD BAD BAD |
| 160 | 159 | &and( $tmp4, 0xff); # D | |
| 161 | &$OP1( $tmp1, $tmp2); | 160 | |
| 162 | &mov($tmp3,&wparam(0)) if $lst; | 161 | &mov( $tmp1, &DWP($S1,"",$tmp1,4)); |
| 163 | # XXX | 162 | &mov( $tmp2, &DWP($S2,"",$tmp2,4)); |
| 164 | 163 | ||
| 165 | &xor( $L, $tmp1); | 164 | &$OP2( $tmp1, $tmp2); |
| 166 | # XXX | 165 | &mov( $tmp2, &DWP($S3,"",$tmp3,4)); |
| 167 | } | 166 | |
| 167 | &$OP3( $tmp1, $tmp2); | ||
| 168 | &mov( $tmp2, &DWP($S4,"",$tmp4,4)); | ||
| 169 | |||
| 170 | &$OP1( $tmp1, $tmp2); | ||
| 171 | # XXX | ||
| 172 | |||
| 173 | &xor( $L, $tmp1); | ||
| 174 | # XXX | ||
| 175 | } | ||
| 176 | |||
diff --git a/src/lib/libcrypto/cast/c_cfb64.c b/src/lib/libcrypto/cast/c_cfb64.c index c46c375f75..514c005c32 100644 --- a/src/lib/libcrypto/cast/c_cfb64.c +++ b/src/lib/libcrypto/cast/c_cfb64.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "cast.h" | 59 | #include <openssl/cast.h> |
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit cfb mode is being | 62 | /* The input and output encrypted as though 64bit cfb mode is being |
| @@ -64,14 +64,9 @@ | |||
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | 66 | ||
| 67 | void CAST_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) | 67 | void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 68 | unsigned char *in; | 68 | long length, CAST_KEY *schedule, unsigned char *ivec, |
| 69 | unsigned char *out; | 69 | int *num, int enc) |
| 70 | long length; | ||
| 71 | CAST_KEY *schedule; | ||
| 72 | unsigned char *ivec; | ||
| 73 | int *num; | ||
| 74 | int encrypt; | ||
| 75 | { | 70 | { |
| 76 | register CAST_LONG v0,v1,t; | 71 | register CAST_LONG v0,v1,t; |
| 77 | register int n= *num; | 72 | register int n= *num; |
| @@ -79,8 +74,8 @@ int encrypt; | |||
| 79 | CAST_LONG ti[2]; | 74 | CAST_LONG ti[2]; |
| 80 | unsigned char *iv,c,cc; | 75 | unsigned char *iv,c,cc; |
| 81 | 76 | ||
| 82 | iv=(unsigned char *)ivec; | 77 | iv=ivec; |
| 83 | if (encrypt) | 78 | if (enc) |
| 84 | { | 79 | { |
| 85 | while (l--) | 80 | while (l--) |
| 86 | { | 81 | { |
| @@ -89,10 +84,10 @@ int encrypt; | |||
| 89 | n2l(iv,v0); ti[0]=v0; | 84 | n2l(iv,v0); ti[0]=v0; |
| 90 | n2l(iv,v1); ti[1]=v1; | 85 | n2l(iv,v1); ti[1]=v1; |
| 91 | CAST_encrypt((CAST_LONG *)ti,schedule); | 86 | CAST_encrypt((CAST_LONG *)ti,schedule); |
| 92 | iv=(unsigned char *)ivec; | 87 | iv=ivec; |
| 93 | t=ti[0]; l2n(t,iv); | 88 | t=ti[0]; l2n(t,iv); |
| 94 | t=ti[1]; l2n(t,iv); | 89 | t=ti[1]; l2n(t,iv); |
| 95 | iv=(unsigned char *)ivec; | 90 | iv=ivec; |
| 96 | } | 91 | } |
| 97 | c= *(in++)^iv[n]; | 92 | c= *(in++)^iv[n]; |
| 98 | *(out++)=c; | 93 | *(out++)=c; |
| @@ -109,10 +104,10 @@ int encrypt; | |||
| 109 | n2l(iv,v0); ti[0]=v0; | 104 | n2l(iv,v0); ti[0]=v0; |
| 110 | n2l(iv,v1); ti[1]=v1; | 105 | n2l(iv,v1); ti[1]=v1; |
| 111 | CAST_encrypt((CAST_LONG *)ti,schedule); | 106 | CAST_encrypt((CAST_LONG *)ti,schedule); |
| 112 | iv=(unsigned char *)ivec; | 107 | iv=ivec; |
| 113 | t=ti[0]; l2n(t,iv); | 108 | t=ti[0]; l2n(t,iv); |
| 114 | t=ti[1]; l2n(t,iv); | 109 | t=ti[1]; l2n(t,iv); |
| 115 | iv=(unsigned char *)ivec; | 110 | iv=ivec; |
| 116 | } | 111 | } |
| 117 | cc= *(in++); | 112 | cc= *(in++); |
| 118 | c=iv[n]; | 113 | c=iv[n]; |
diff --git a/src/lib/libcrypto/cast/c_ecb.c b/src/lib/libcrypto/cast/c_ecb.c index f0f2f4df0e..0b3da9ad87 100644 --- a/src/lib/libcrypto/cast/c_ecb.c +++ b/src/lib/libcrypto/cast/c_ecb.c | |||
| @@ -56,22 +56,20 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "cast.h" | 59 | #include <openssl/cast.h> |
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *CAST_version="CAST part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *CAST_version="CAST" OPENSSL_VERSION_PTEXT; |
| 63 | 64 | ||
| 64 | void CAST_ecb_encrypt(in, out, ks, encrypt) | 65 | void CAST_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 65 | unsigned char *in; | 66 | CAST_KEY *ks, int enc) |
| 66 | unsigned char *out; | ||
| 67 | CAST_KEY *ks; | ||
| 68 | int encrypt; | ||
| 69 | { | 67 | { |
| 70 | CAST_LONG l,d[2]; | 68 | CAST_LONG l,d[2]; |
| 71 | 69 | ||
| 72 | n2l(in,l); d[0]=l; | 70 | n2l(in,l); d[0]=l; |
| 73 | n2l(in,l); d[1]=l; | 71 | n2l(in,l); d[1]=l; |
| 74 | if (encrypt) | 72 | if (enc) |
| 75 | CAST_encrypt(d,ks); | 73 | CAST_encrypt(d,ks); |
| 76 | else | 74 | else |
| 77 | CAST_decrypt(d,ks); | 75 | CAST_decrypt(d,ks); |
diff --git a/src/lib/libcrypto/cast/c_enc.c b/src/lib/libcrypto/cast/c_enc.c index d998dd4953..0fe2cffecc 100644 --- a/src/lib/libcrypto/cast/c_enc.c +++ b/src/lib/libcrypto/cast/c_enc.c | |||
| @@ -56,12 +56,10 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "cast.h" | 59 | #include <openssl/cast.h> |
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | 61 | ||
| 62 | void CAST_encrypt(data,key) | 62 | void CAST_encrypt(CAST_LONG *data, CAST_KEY *key) |
| 63 | CAST_LONG *data; | ||
| 64 | CAST_KEY *key; | ||
| 65 | { | 63 | { |
| 66 | register CAST_LONG l,r,*k,t; | 64 | register CAST_LONG l,r,*k,t; |
| 67 | 65 | ||
| @@ -81,18 +79,19 @@ CAST_KEY *key; | |||
| 81 | E_CAST( 9,k,r,l,+,^,-); | 79 | E_CAST( 9,k,r,l,+,^,-); |
| 82 | E_CAST(10,k,l,r,^,-,+); | 80 | E_CAST(10,k,l,r,^,-,+); |
| 83 | E_CAST(11,k,r,l,-,+,^); | 81 | E_CAST(11,k,r,l,-,+,^); |
| 84 | E_CAST(12,k,l,r,+,^,-); | 82 | if(!key->short_key) |
| 85 | E_CAST(13,k,r,l,^,-,+); | 83 | { |
| 86 | E_CAST(14,k,l,r,-,+,^); | 84 | E_CAST(12,k,l,r,+,^,-); |
| 87 | E_CAST(15,k,r,l,+,^,-); | 85 | E_CAST(13,k,r,l,^,-,+); |
| 86 | E_CAST(14,k,l,r,-,+,^); | ||
| 87 | E_CAST(15,k,r,l,+,^,-); | ||
| 88 | } | ||
| 88 | 89 | ||
| 89 | data[1]=l&0xffffffffL; | 90 | data[1]=l&0xffffffffL; |
| 90 | data[0]=r&0xffffffffL; | 91 | data[0]=r&0xffffffffL; |
| 91 | } | 92 | } |
| 92 | 93 | ||
| 93 | void CAST_decrypt(data,key) | 94 | void CAST_decrypt(CAST_LONG *data, CAST_KEY *key) |
| 94 | CAST_LONG *data; | ||
| 95 | CAST_KEY *key; | ||
| 96 | { | 95 | { |
| 97 | register CAST_LONG l,r,*k,t; | 96 | register CAST_LONG l,r,*k,t; |
| 98 | 97 | ||
| @@ -100,10 +99,13 @@ CAST_KEY *key; | |||
| 100 | l=data[0]; | 99 | l=data[0]; |
| 101 | r=data[1]; | 100 | r=data[1]; |
| 102 | 101 | ||
| 103 | E_CAST(15,k,l,r,+,^,-); | 102 | if(!key->short_key) |
| 104 | E_CAST(14,k,r,l,-,+,^); | 103 | { |
| 105 | E_CAST(13,k,l,r,^,-,+); | 104 | E_CAST(15,k,l,r,+,^,-); |
| 106 | E_CAST(12,k,r,l,+,^,-); | 105 | E_CAST(14,k,r,l,-,+,^); |
| 106 | E_CAST(13,k,l,r,^,-,+); | ||
| 107 | E_CAST(12,k,r,l,+,^,-); | ||
| 108 | } | ||
| 107 | E_CAST(11,k,l,r,-,+,^); | 109 | E_CAST(11,k,l,r,-,+,^); |
| 108 | E_CAST(10,k,r,l,^,-,+); | 110 | E_CAST(10,k,r,l,^,-,+); |
| 109 | E_CAST( 9,k,l,r,+,^,-); | 111 | E_CAST( 9,k,l,r,+,^,-); |
| @@ -121,20 +123,15 @@ CAST_KEY *key; | |||
| 121 | data[0]=r&0xffffffffL; | 123 | data[0]=r&0xffffffffL; |
| 122 | } | 124 | } |
| 123 | 125 | ||
| 124 | void CAST_cbc_encrypt(in, out, length, ks, iv, encrypt) | 126 | void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 125 | unsigned char *in; | 127 | CAST_KEY *ks, unsigned char *iv, int enc) |
| 126 | unsigned char *out; | ||
| 127 | long length; | ||
| 128 | CAST_KEY *ks; | ||
| 129 | unsigned char *iv; | ||
| 130 | int encrypt; | ||
| 131 | { | 128 | { |
| 132 | register CAST_LONG tin0,tin1; | 129 | register CAST_LONG tin0,tin1; |
| 133 | register CAST_LONG tout0,tout1,xor0,xor1; | 130 | register CAST_LONG tout0,tout1,xor0,xor1; |
| 134 | register long l=length; | 131 | register long l=length; |
| 135 | CAST_LONG tin[2]; | 132 | CAST_LONG tin[2]; |
| 136 | 133 | ||
| 137 | if (encrypt) | 134 | if (enc) |
| 138 | { | 135 | { |
| 139 | n2l(iv,tout0); | 136 | n2l(iv,tout0); |
| 140 | n2l(iv,tout1); | 137 | n2l(iv,tout1); |
diff --git a/src/lib/libcrypto/cast/c_ofb64.c b/src/lib/libcrypto/cast/c_ofb64.c index 2aad2d6d96..fd0469a62f 100644 --- a/src/lib/libcrypto/cast/c_ofb64.c +++ b/src/lib/libcrypto/cast/c_ofb64.c | |||
| @@ -56,20 +56,16 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "cast.h" | 59 | #include <openssl/cast.h> |
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit ofb mode is being | 62 | /* The input and output encrypted as though 64bit ofb mode is being |
| 63 | * used. The extra state information to record how much of the | 63 | * used. The extra state information to record how much of the |
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | void CAST_ofb64_encrypt(in, out, length, schedule, ivec, num) | 66 | void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 67 | unsigned char *in; | 67 | long length, CAST_KEY *schedule, unsigned char *ivec, |
| 68 | unsigned char *out; | 68 | int *num) |
| 69 | long length; | ||
| 70 | CAST_KEY *schedule; | ||
| 71 | unsigned char *ivec; | ||
| 72 | int *num; | ||
| 73 | { | 69 | { |
| 74 | register CAST_LONG v0,v1,t; | 70 | register CAST_LONG v0,v1,t; |
| 75 | register int n= *num; | 71 | register int n= *num; |
| @@ -80,7 +76,7 @@ int *num; | |||
| 80 | unsigned char *iv; | 76 | unsigned char *iv; |
| 81 | int save=0; | 77 | int save=0; |
| 82 | 78 | ||
| 83 | iv=(unsigned char *)ivec; | 79 | iv=ivec; |
| 84 | n2l(iv,v0); | 80 | n2l(iv,v0); |
| 85 | n2l(iv,v1); | 81 | n2l(iv,v1); |
| 86 | ti[0]=v0; | 82 | ti[0]=v0; |
| @@ -105,7 +101,7 @@ int *num; | |||
| 105 | { | 101 | { |
| 106 | v0=ti[0]; | 102 | v0=ti[0]; |
| 107 | v1=ti[1]; | 103 | v1=ti[1]; |
| 108 | iv=(unsigned char *)ivec; | 104 | iv=ivec; |
| 109 | l2n(v0,iv); | 105 | l2n(v0,iv); |
| 110 | l2n(v1,iv); | 106 | l2n(v1,iv); |
| 111 | } | 107 | } |
diff --git a/src/lib/libcrypto/cast/c_skey.c b/src/lib/libcrypto/cast/c_skey.c index 2fc3363dcd..76e40005c9 100644 --- a/src/lib/libcrypto/cast/c_skey.c +++ b/src/lib/libcrypto/cast/c_skey.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "cast.h" | 59 | #include <openssl/cast.h> |
| 60 | #include "cast_lcl.h" | 60 | #include "cast_lcl.h" |
| 61 | #include "cast_s.h" | 61 | #include "cast_s.h" |
| 62 | 62 | ||
| @@ -72,10 +72,7 @@ | |||
| 72 | #define S6 CAST_S_table6 | 72 | #define S6 CAST_S_table6 |
| 73 | #define S7 CAST_S_table7 | 73 | #define S7 CAST_S_table7 |
| 74 | 74 | ||
| 75 | void CAST_set_key(key,len,data) | 75 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data) |
| 76 | CAST_KEY *key; | ||
| 77 | int len; | ||
| 78 | unsigned char *data; | ||
| 79 | { | 76 | { |
| 80 | CAST_LONG x[16]; | 77 | CAST_LONG x[16]; |
| 81 | CAST_LONG z[16]; | 78 | CAST_LONG z[16]; |
| @@ -88,6 +85,10 @@ unsigned char *data; | |||
| 88 | if (len > 16) len=16; | 85 | if (len > 16) len=16; |
| 89 | for (i=0; i<len; i++) | 86 | for (i=0; i<len; i++) |
| 90 | x[i]=data[i]; | 87 | x[i]=data[i]; |
| 88 | if(len <= 10) | ||
| 89 | key->short_key=1; | ||
| 90 | else | ||
| 91 | key->short_key=0; | ||
| 91 | 92 | ||
| 92 | K= &k[0]; | 93 | K= &k[0]; |
| 93 | X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; | 94 | X[0]=((x[ 0]<<24)|(x[ 1]<<16)|(x[ 2]<<8)|x[ 3])&0xffffffffL; |
diff --git a/src/lib/libcrypto/cast/cast.h b/src/lib/libcrypto/cast/cast.h index 528cb7c824..b28e4e4f3b 100644 --- a/src/lib/libcrypto/cast/cast.h +++ b/src/lib/libcrypto/cast/cast.h | |||
| @@ -63,6 +63,10 @@ | |||
| 63 | extern "C" { | 63 | extern "C" { |
| 64 | #endif | 64 | #endif |
| 65 | 65 | ||
| 66 | #ifdef OPENSSL_NO_CAST | ||
| 67 | #error CAST is disabled. | ||
| 68 | #endif | ||
| 69 | |||
| 66 | #define CAST_ENCRYPT 1 | 70 | #define CAST_ENCRYPT 1 |
| 67 | #define CAST_DECRYPT 0 | 71 | #define CAST_DECRYPT 0 |
| 68 | 72 | ||
| @@ -74,33 +78,23 @@ extern "C" { | |||
| 74 | typedef struct cast_key_st | 78 | typedef struct cast_key_st |
| 75 | { | 79 | { |
| 76 | CAST_LONG data[32]; | 80 | CAST_LONG data[32]; |
| 81 | int short_key; /* Use reduced rounds for short key */ | ||
| 77 | } CAST_KEY; | 82 | } CAST_KEY; |
| 78 | 83 | ||
| 79 | #ifndef NOPROTO | ||
| 80 | 84 | ||
| 81 | void CAST_set_key(CAST_KEY *key, int len, unsigned char *data); | 85 | void CAST_set_key(CAST_KEY *key, int len, const unsigned char *data); |
| 82 | void CAST_ecb_encrypt(unsigned char *in,unsigned char *out,CAST_KEY *key, | 86 | void CAST_ecb_encrypt(const unsigned char *in,unsigned char *out,CAST_KEY *key, |
| 83 | int enc); | 87 | int enc); |
| 84 | void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); | 88 | void CAST_encrypt(CAST_LONG *data,CAST_KEY *key); |
| 85 | void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); | 89 | void CAST_decrypt(CAST_LONG *data,CAST_KEY *key); |
| 86 | void CAST_cbc_encrypt(unsigned char *in, unsigned char *out, long length, | 90 | void CAST_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 87 | CAST_KEY *ks, unsigned char *iv, int enc); | 91 | CAST_KEY *ks, unsigned char *iv, int enc); |
| 88 | void CAST_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | 92 | void CAST_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 89 | CAST_KEY *schedule, unsigned char *ivec, int *num, int enc); | 93 | long length, CAST_KEY *schedule, unsigned char *ivec, |
| 90 | void CAST_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, | 94 | int *num, int enc); |
| 91 | CAST_KEY *schedule, unsigned char *ivec, int *num); | 95 | void CAST_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 92 | 96 | long length, CAST_KEY *schedule, unsigned char *ivec, | |
| 93 | #else | 97 | int *num); |
| 94 | |||
| 95 | void CAST_set_key(); | ||
| 96 | void CAST_ecb_encrypt(); | ||
| 97 | void CAST_encrypt(); | ||
| 98 | void CAST_decrypt(); | ||
| 99 | void CAST_cbc_encrypt(); | ||
| 100 | void CAST_cfb64_encrypt(); | ||
| 101 | void CAST_ofb64_encrypt(); | ||
| 102 | |||
| 103 | #endif | ||
| 104 | 98 | ||
| 105 | #ifdef __cplusplus | 99 | #ifdef __cplusplus |
| 106 | } | 100 | } |
diff --git a/src/lib/libcrypto/cast/cast_lcl.h b/src/lib/libcrypto/cast/cast_lcl.h index 6587952a96..37f41cc6a4 100644 --- a/src/lib/libcrypto/cast/cast_lcl.h +++ b/src/lib/libcrypto/cast/cast_lcl.h | |||
| @@ -56,10 +56,19 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifdef WIN32 | 59 | |
| 60 | #include "e_os.h" | ||
| 61 | |||
| 62 | #ifdef OPENSSL_SYS_WIN32 | ||
| 60 | #include <stdlib.h> | 63 | #include <stdlib.h> |
| 61 | #endif | 64 | #endif |
| 62 | 65 | ||
| 66 | |||
| 67 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | ||
| 68 | # undef OPENSSL_EXTERN | ||
| 69 | # define OPENSSL_EXTERN OPENSSL_EXPORT | ||
| 70 | #endif | ||
| 71 | |||
| 63 | #undef c2l | 72 | #undef c2l |
| 64 | #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ | 73 | #define c2l(c,l) (l =((unsigned long)(*((c)++))) , \ |
| 65 | l|=((unsigned long)(*((c)++)))<< 8L, \ | 74 | l|=((unsigned long)(*((c)++)))<< 8L, \ |
| @@ -148,7 +157,7 @@ | |||
| 148 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ | 157 | *((c)++)=(unsigned char)(((l)>> 8L)&0xff), \ |
| 149 | *((c)++)=(unsigned char)(((l) )&0xff)) | 158 | *((c)++)=(unsigned char)(((l) )&0xff)) |
| 150 | 159 | ||
| 151 | #if defined(WIN32) | 160 | #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) |
| 152 | #define ROTL(a,n) (_lrotl(a,n)) | 161 | #define ROTL(a,n) (_lrotl(a,n)) |
| 153 | #else | 162 | #else |
| 154 | #define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n)))) | 163 | #define ROTL(a,n) ((((a)<<(n))&0xffffffffL)|((a)>>(32-(n)))) |
| @@ -213,12 +222,11 @@ | |||
| 213 | } | 222 | } |
| 214 | #endif | 223 | #endif |
| 215 | 224 | ||
| 216 | extern CAST_LONG CAST_S_table0[256]; | 225 | OPENSSL_EXTERN const CAST_LONG CAST_S_table0[256]; |
| 217 | extern CAST_LONG CAST_S_table1[256]; | 226 | OPENSSL_EXTERN const CAST_LONG CAST_S_table1[256]; |
| 218 | extern CAST_LONG CAST_S_table2[256]; | 227 | OPENSSL_EXTERN const CAST_LONG CAST_S_table2[256]; |
| 219 | extern CAST_LONG CAST_S_table3[256]; | 228 | OPENSSL_EXTERN const CAST_LONG CAST_S_table3[256]; |
| 220 | extern CAST_LONG CAST_S_table4[256]; | 229 | OPENSSL_EXTERN const CAST_LONG CAST_S_table4[256]; |
| 221 | extern CAST_LONG CAST_S_table5[256]; | 230 | OPENSSL_EXTERN const CAST_LONG CAST_S_table5[256]; |
| 222 | extern CAST_LONG CAST_S_table6[256]; | 231 | OPENSSL_EXTERN const CAST_LONG CAST_S_table6[256]; |
| 223 | extern CAST_LONG CAST_S_table7[256]; | 232 | OPENSSL_EXTERN const CAST_LONG CAST_S_table7[256]; |
| 224 | |||
diff --git a/src/lib/libcrypto/cast/cast_s.h b/src/lib/libcrypto/cast/cast_s.h index 8fe0152149..c483fd5e43 100644 --- a/src/lib/libcrypto/cast/cast_s.h +++ b/src/lib/libcrypto/cast/cast_s.h | |||
| @@ -55,7 +55,7 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | CAST_LONG CAST_S_table0[256]={ | 58 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table0[256]={ |
| 59 | 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a, | 59 | 0x30fb40d4,0x9fa0ff0b,0x6beccd2f,0x3f258c7a, |
| 60 | 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949, | 60 | 0x1e213f2f,0x9c004dd3,0x6003e540,0xcf9fc949, |
| 61 | 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675, | 61 | 0xbfd4af27,0x88bbbdb5,0xe2034090,0x98d09675, |
| @@ -121,7 +121,7 @@ CAST_LONG CAST_S_table0[256]={ | |||
| 121 | 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d, | 121 | 0x1a69e783,0x02cc4843,0xa2f7c579,0x429ef47d, |
| 122 | 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf, | 122 | 0x427b169c,0x5ac9f049,0xdd8f0f00,0x5c8165bf, |
| 123 | }; | 123 | }; |
| 124 | CAST_LONG CAST_S_table1[256]={ | 124 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table1[256]={ |
| 125 | 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380, | 125 | 0x1f201094,0xef0ba75b,0x69e3cf7e,0x393f4380, |
| 126 | 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651, | 126 | 0xfe61cf7a,0xeec5207a,0x55889c94,0x72fc0651, |
| 127 | 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba, | 127 | 0xada7ef79,0x4e1d7235,0xd55a63ce,0xde0436ba, |
| @@ -187,7 +187,7 @@ CAST_LONG CAST_S_table1[256]={ | |||
| 187 | 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef, | 187 | 0x43d79572,0x7e6dd07c,0x06dfdf1e,0x6c6cc4ef, |
| 188 | 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1, | 188 | 0x7160a539,0x73bfbe70,0x83877605,0x4523ecf1, |
| 189 | }; | 189 | }; |
| 190 | CAST_LONG CAST_S_table2[256]={ | 190 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table2[256]={ |
| 191 | 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907, | 191 | 0x8defc240,0x25fa5d9f,0xeb903dbf,0xe810c907, |
| 192 | 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90, | 192 | 0x47607fff,0x369fe44b,0x8c1fc644,0xaececa90, |
| 193 | 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae, | 193 | 0xbeb1f9bf,0xeefbcaea,0xe8cf1950,0x51df07ae, |
| @@ -253,7 +253,7 @@ CAST_LONG CAST_S_table2[256]={ | |||
| 253 | 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5, | 253 | 0xf7baefd5,0x4142ed9c,0xa4315c11,0x83323ec5, |
| 254 | 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783, | 254 | 0xdfef4636,0xa133c501,0xe9d3531c,0xee353783, |
| 255 | }; | 255 | }; |
| 256 | CAST_LONG CAST_S_table3[256]={ | 256 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table3[256]={ |
| 257 | 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298, | 257 | 0x9db30420,0x1fb6e9de,0xa7be7bef,0xd273a298, |
| 258 | 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1, | 258 | 0x4a4f7bdb,0x64ad8c57,0x85510443,0xfa020ed1, |
| 259 | 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120, | 259 | 0x7e287aff,0xe60fb663,0x095f35a1,0x79ebf120, |
| @@ -319,7 +319,7 @@ CAST_LONG CAST_S_table3[256]={ | |||
| 319 | 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e, | 319 | 0x7ae5290c,0x3cb9536b,0x851e20fe,0x9833557e, |
| 320 | 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2, | 320 | 0x13ecf0b0,0xd3ffb372,0x3f85c5c1,0x0aef7ed2, |
| 321 | }; | 321 | }; |
| 322 | CAST_LONG CAST_S_table4[256]={ | 322 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table4[256]={ |
| 323 | 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911, | 323 | 0x7ec90c04,0x2c6e74b9,0x9b0e66df,0xa6337911, |
| 324 | 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f, | 324 | 0xb86a7fff,0x1dd358f5,0x44dd9d44,0x1731167f, |
| 325 | 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00, | 325 | 0x08fbf1fa,0xe7f511cc,0xd2051b00,0x735aba00, |
| @@ -385,7 +385,7 @@ CAST_LONG CAST_S_table4[256]={ | |||
| 385 | 0xe822fe15,0x88570983,0x750e6249,0xda627e55, | 385 | 0xe822fe15,0x88570983,0x750e6249,0xda627e55, |
| 386 | 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4, | 386 | 0x5e76ffa8,0xb1534546,0x6d47de08,0xefe9e7d4, |
| 387 | }; | 387 | }; |
| 388 | CAST_LONG CAST_S_table5[256]={ | 388 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table5[256]={ |
| 389 | 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c, | 389 | 0xf6fa8f9d,0x2cac6ce1,0x4ca34867,0xe2337f7c, |
| 390 | 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac, | 390 | 0x95db08e7,0x016843b4,0xeced5cbc,0x325553ac, |
| 391 | 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9, | 391 | 0xbf9f0960,0xdfa1e2ed,0x83f0579d,0x63ed86b9, |
| @@ -451,7 +451,7 @@ CAST_LONG CAST_S_table5[256]={ | |||
| 451 | 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454, | 451 | 0xa2d762cf,0x49c92f54,0x38b5f331,0x7128a454, |
| 452 | 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f, | 452 | 0x48392905,0xa65b1db8,0x851c97bd,0xd675cf2f, |
| 453 | }; | 453 | }; |
| 454 | CAST_LONG CAST_S_table6[256]={ | 454 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table6[256]={ |
| 455 | 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693, | 455 | 0x85e04019,0x332bf567,0x662dbfff,0xcfc65693, |
| 456 | 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f, | 456 | 0x2a8d7f6f,0xab9bc912,0xde6008a1,0x2028da1f, |
| 457 | 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82, | 457 | 0x0227bce7,0x4d642916,0x18fac300,0x50f18b82, |
| @@ -517,7 +517,7 @@ CAST_LONG CAST_S_table6[256]={ | |||
| 517 | 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada, | 517 | 0x518f36b2,0x84b1d370,0x0fedce83,0x878ddada, |
| 518 | 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3, | 518 | 0xf2a279c7,0x94e01be8,0x90716f4b,0x954b8aa3, |
| 519 | }; | 519 | }; |
| 520 | CAST_LONG CAST_S_table7[256]={ | 520 | OPENSSL_GLOBAL const CAST_LONG CAST_S_table7[256]={ |
| 521 | 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095, | 521 | 0xe216300d,0xbbddfffc,0xa7ebdabd,0x35648095, |
| 522 | 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5, | 522 | 0x7789f8b7,0xe6c1121b,0x0e241600,0x052ce8b5, |
| 523 | 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174, | 523 | 0x11a9cfb0,0xe5952f11,0xece7990a,0x9386d174, |
diff --git a/src/lib/libcrypto/comp/c_rle.c b/src/lib/libcrypto/comp/c_rle.c index 1a819e3737..efd366fa22 100644 --- a/src/lib/libcrypto/comp/c_rle.c +++ b/src/lib/libcrypto/comp/c_rle.c | |||
| @@ -17,6 +17,7 @@ static COMP_METHOD rle_method={ | |||
| 17 | rle_compress_block, | 17 | rle_compress_block, |
| 18 | rle_expand_block, | 18 | rle_expand_block, |
| 19 | NULL, | 19 | NULL, |
| 20 | NULL, | ||
| 20 | }; | 21 | }; |
| 21 | 22 | ||
| 22 | COMP_METHOD *COMP_rle(void) | 23 | COMP_METHOD *COMP_rle(void) |
diff --git a/src/lib/libcrypto/comp/c_zlib.c b/src/lib/libcrypto/comp/c_zlib.c index 6684ab4841..cd2f8a491b 100644 --- a/src/lib/libcrypto/comp/c_zlib.c +++ b/src/lib/libcrypto/comp/c_zlib.c | |||
| @@ -6,11 +6,10 @@ | |||
| 6 | 6 | ||
| 7 | COMP_METHOD *COMP_zlib(void ); | 7 | COMP_METHOD *COMP_zlib(void ); |
| 8 | 8 | ||
| 9 | #ifndef ZLIB | 9 | static COMP_METHOD zlib_method_nozlib={ |
| 10 | |||
| 11 | static COMP_METHOD zlib_method={ | ||
| 12 | NID_undef, | 10 | NID_undef, |
| 13 | "(null)", | 11 | "(undef)", |
| 12 | NULL, | ||
| 14 | NULL, | 13 | NULL, |
| 15 | NULL, | 14 | NULL, |
| 16 | NULL, | 15 | NULL, |
| @@ -18,6 +17,8 @@ static COMP_METHOD zlib_method={ | |||
| 18 | NULL, | 17 | NULL, |
| 19 | }; | 18 | }; |
| 20 | 19 | ||
| 20 | #ifndef ZLIB | ||
| 21 | #undef ZLIB_SHARED | ||
| 21 | #else | 22 | #else |
| 22 | 23 | ||
| 23 | #include <zlib.h> | 24 | #include <zlib.h> |
| @@ -38,8 +39,56 @@ static COMP_METHOD zlib_method={ | |||
| 38 | zlib_compress_block, | 39 | zlib_compress_block, |
| 39 | zlib_expand_block, | 40 | zlib_expand_block, |
| 40 | NULL, | 41 | NULL, |
| 42 | NULL, | ||
| 41 | }; | 43 | }; |
| 42 | 44 | ||
| 45 | /* | ||
| 46 | * When OpenSSL is built on Windows, we do not want to require that | ||
| 47 | * the ZLIB.DLL be available in order for the OpenSSL DLLs to | ||
| 48 | * work. Therefore, all ZLIB routines are loaded at run time | ||
| 49 | * and we do not link to a .LIB file. | ||
| 50 | */ | ||
| 51 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | ||
| 52 | # include <windows.h> | ||
| 53 | |||
| 54 | # define Z_CALLCONV _stdcall | ||
| 55 | # define ZLIB_SHARED | ||
| 56 | #else | ||
| 57 | # define Z_CALLCONV | ||
| 58 | #endif /* !(OPENSSL_SYS_WINDOWS || OPENSSL_SYS_WIN32) */ | ||
| 59 | |||
| 60 | #ifdef ZLIB_SHARED | ||
| 61 | #include <openssl/dso.h> | ||
| 62 | |||
| 63 | /* Prototypes for built in stubs */ | ||
| 64 | static int stub_compress(Bytef *dest,uLongf *destLen, | ||
| 65 | const Bytef *source, uLong sourceLen); | ||
| 66 | static int stub_inflateEnd(z_streamp strm); | ||
| 67 | static int stub_inflate(z_streamp strm, int flush); | ||
| 68 | static int stub_inflateInit_(z_streamp strm, const char * version, | ||
| 69 | int stream_size); | ||
| 70 | |||
| 71 | /* Function pointers */ | ||
| 72 | typedef int (Z_CALLCONV *compress_ft)(Bytef *dest,uLongf *destLen, | ||
| 73 | const Bytef *source, uLong sourceLen); | ||
| 74 | typedef int (Z_CALLCONV *inflateEnd_ft)(z_streamp strm); | ||
| 75 | typedef int (Z_CALLCONV *inflate_ft)(z_streamp strm, int flush); | ||
| 76 | typedef int (Z_CALLCONV *inflateInit__ft)(z_streamp strm, | ||
| 77 | const char * version, int stream_size); | ||
| 78 | static compress_ft p_compress=NULL; | ||
| 79 | static inflateEnd_ft p_inflateEnd=NULL; | ||
| 80 | static inflate_ft p_inflate=NULL; | ||
| 81 | static inflateInit__ft p_inflateInit_=NULL; | ||
| 82 | |||
| 83 | static int zlib_loaded = 0; /* only attempt to init func pts once */ | ||
| 84 | static DSO *zlib_dso = NULL; | ||
| 85 | |||
| 86 | #define compress stub_compress | ||
| 87 | #define inflateEnd stub_inflateEnd | ||
| 88 | #define inflate stub_inflate | ||
| 89 | #define inflateInit_ stub_inflateInit_ | ||
| 90 | #endif /* ZLIB_SHARED */ | ||
| 91 | |||
| 43 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, | 92 | static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, |
| 44 | unsigned int olen, unsigned char *in, unsigned int ilen) | 93 | unsigned int olen, unsigned char *in, unsigned int ilen) |
| 45 | { | 94 | { |
| @@ -66,7 +115,10 @@ static int zlib_compress_block(COMP_CTX *ctx, unsigned char *out, | |||
| 66 | memcpy(&(out[1]),in,ilen); | 115 | memcpy(&(out[1]),in,ilen); |
| 67 | l=ilen+1; | 116 | l=ilen+1; |
| 68 | } | 117 | } |
| 69 | fprintf(stderr,"compress(%4d)->%4d %s\n",ilen,(int)l,(clear)?"clear":"zlib"); | 118 | #ifdef DEBUG_ZLIB |
| 119 | fprintf(stderr,"compress(%4d)->%4d %s\n", | ||
| 120 | ilen,(int)l,(clear)?"clear":"zlib"); | ||
| 121 | #endif | ||
| 70 | return((int)l); | 122 | return((int)l); |
| 71 | } | 123 | } |
| 72 | 124 | ||
| @@ -88,7 +140,10 @@ static int zlib_expand_block(COMP_CTX *ctx, unsigned char *out, | |||
| 88 | memcpy(out,&(in[1]),ilen-1); | 140 | memcpy(out,&(in[1]),ilen-1); |
| 89 | l=ilen-1; | 141 | l=ilen-1; |
| 90 | } | 142 | } |
| 91 | fprintf(stderr,"expand (%4d)->%4d %s\n",ilen,(int)l,in[0]?"zlib":"clear"); | 143 | #ifdef DEBUG_ZLIB |
| 144 | fprintf(stderr,"expand (%4d)->%4d %s\n", | ||
| 145 | ilen,(int)l,in[0]?"zlib":"clear"); | ||
| 146 | #endif | ||
| 92 | return((int)l); | 147 | return((int)l); |
| 93 | } | 148 | } |
| 94 | 149 | ||
| @@ -128,6 +183,78 @@ static int zz_uncompress (Bytef *dest, uLongf *destLen, const Bytef *source, | |||
| 128 | 183 | ||
| 129 | COMP_METHOD *COMP_zlib(void) | 184 | COMP_METHOD *COMP_zlib(void) |
| 130 | { | 185 | { |
| 131 | return(&zlib_method); | 186 | COMP_METHOD *meth = &zlib_method_nozlib; |
| 187 | |||
| 188 | #ifdef ZLIB_SHARED | ||
| 189 | if (!zlib_loaded) | ||
| 190 | { | ||
| 191 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | ||
| 192 | zlib_dso = DSO_load(NULL, "ZLIB", NULL, 0); | ||
| 193 | #else | ||
| 194 | zlib_dso = DSO_load(NULL, "z", NULL, 0); | ||
| 195 | #endif | ||
| 196 | if (zlib_dso != NULL) | ||
| 197 | { | ||
| 198 | p_compress | ||
| 199 | = (compress_ft) DSO_bind_func(zlib_dso, | ||
| 200 | "compress"); | ||
| 201 | p_inflateEnd | ||
| 202 | = (inflateEnd_ft) DSO_bind_func(zlib_dso, | ||
| 203 | "inflateEnd"); | ||
| 204 | p_inflate | ||
| 205 | = (inflate_ft) DSO_bind_func(zlib_dso, | ||
| 206 | "inflate"); | ||
| 207 | p_inflateInit_ | ||
| 208 | = (inflateInit__ft) DSO_bind_func(zlib_dso, | ||
| 209 | "inflateInit_"); | ||
| 210 | zlib_loaded++; | ||
| 211 | meth = &zlib_method; | ||
| 212 | } | ||
| 213 | } | ||
| 214 | |||
| 215 | #elif defined(ZLIB) | ||
| 216 | meth = &zlib_method; | ||
| 217 | #endif | ||
| 218 | |||
| 219 | return(meth); | ||
| 220 | } | ||
| 221 | |||
| 222 | #ifdef ZLIB_SHARED | ||
| 223 | /* Stubs for each function to be dynamicly loaded */ | ||
| 224 | static int | ||
| 225 | stub_compress(Bytef *dest,uLongf *destLen,const Bytef *source, uLong sourceLen) | ||
| 226 | { | ||
| 227 | if (p_compress) | ||
| 228 | return(p_compress(dest,destLen,source,sourceLen)); | ||
| 229 | else | ||
| 230 | return(Z_MEM_ERROR); | ||
| 231 | } | ||
| 232 | |||
| 233 | static int | ||
| 234 | stub_inflateEnd(z_streamp strm) | ||
| 235 | { | ||
| 236 | if ( p_inflateEnd ) | ||
| 237 | return(p_inflateEnd(strm)); | ||
| 238 | else | ||
| 239 | return(Z_MEM_ERROR); | ||
| 240 | } | ||
| 241 | |||
| 242 | static int | ||
| 243 | stub_inflate(z_streamp strm, int flush) | ||
| 244 | { | ||
| 245 | if ( p_inflate ) | ||
| 246 | return(p_inflate(strm,flush)); | ||
| 247 | else | ||
| 248 | return(Z_MEM_ERROR); | ||
| 249 | } | ||
| 250 | |||
| 251 | static int | ||
| 252 | stub_inflateInit_(z_streamp strm, const char * version, int stream_size) | ||
| 253 | { | ||
| 254 | if ( p_inflateInit_ ) | ||
| 255 | return(p_inflateInit_(strm,version,stream_size)); | ||
| 256 | else | ||
| 257 | return(Z_MEM_ERROR); | ||
| 132 | } | 258 | } |
| 133 | 259 | ||
| 260 | #endif /* ZLIB_SHARED */ | ||
diff --git a/src/lib/libcrypto/comp/comp.h b/src/lib/libcrypto/comp/comp.h index 93bd9c34c8..ab48b78ae9 100644 --- a/src/lib/libcrypto/comp/comp.h +++ b/src/lib/libcrypto/comp/comp.h | |||
| @@ -2,12 +2,12 @@ | |||
| 2 | #ifndef HEADER_COMP_H | 2 | #ifndef HEADER_COMP_H |
| 3 | #define HEADER_COMP_H | 3 | #define HEADER_COMP_H |
| 4 | 4 | ||
| 5 | #include <openssl/crypto.h> | ||
| 6 | |||
| 5 | #ifdef __cplusplus | 7 | #ifdef __cplusplus |
| 6 | extern "C" { | 8 | extern "C" { |
| 7 | #endif | 9 | #endif |
| 8 | 10 | ||
| 9 | #include <openssl/crypto.h> | ||
| 10 | |||
| 11 | typedef struct comp_method_st | 11 | typedef struct comp_method_st |
| 12 | { | 12 | { |
| 13 | int type; /* NID for compression library */ | 13 | int type; /* NID for compression library */ |
| @@ -17,6 +17,7 @@ typedef struct comp_method_st | |||
| 17 | int (*compress)(); | 17 | int (*compress)(); |
| 18 | int (*expand)(); | 18 | int (*expand)(); |
| 19 | long (*ctrl)(); | 19 | long (*ctrl)(); |
| 20 | long (*callback_ctrl)(); | ||
| 20 | } COMP_METHOD; | 21 | } COMP_METHOD; |
| 21 | 22 | ||
| 22 | typedef struct comp_ctx_st | 23 | typedef struct comp_ctx_st |
| @@ -38,14 +39,13 @@ int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, | |||
| 38 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, | 39 | int COMP_expand_block(COMP_CTX *ctx, unsigned char *out, int olen, |
| 39 | unsigned char *in, int ilen); | 40 | unsigned char *in, int ilen); |
| 40 | COMP_METHOD *COMP_rle(void ); | 41 | COMP_METHOD *COMP_rle(void ); |
| 41 | #ifdef ZLIB | ||
| 42 | COMP_METHOD *COMP_zlib(void ); | 42 | COMP_METHOD *COMP_zlib(void ); |
| 43 | #endif | ||
| 44 | 43 | ||
| 45 | /* BEGIN ERROR CODES */ | 44 | /* BEGIN ERROR CODES */ |
| 46 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 45 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 47 | * made after this point may be overwritten when the script is next run. | 46 | * made after this point may be overwritten when the script is next run. |
| 48 | */ | 47 | */ |
| 48 | void ERR_load_COMP_strings(void); | ||
| 49 | 49 | ||
| 50 | /* Error codes for the COMP functions. */ | 50 | /* Error codes for the COMP functions. */ |
| 51 | 51 | ||
| @@ -57,4 +57,3 @@ COMP_METHOD *COMP_zlib(void ); | |||
| 57 | } | 57 | } |
| 58 | #endif | 58 | #endif |
| 59 | #endif | 59 | #endif |
| 60 | |||
diff --git a/src/lib/libcrypto/comp/comp_err.c b/src/lib/libcrypto/comp/comp_err.c index 77a3f7070c..1652b8c2c4 100644 --- a/src/lib/libcrypto/comp/comp_err.c +++ b/src/lib/libcrypto/comp/comp_err.c | |||
| @@ -54,7 +54,8 @@ | |||
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes |
| 57 | * made to it will be overwritten when the script next updates this file. | 57 | * made to it will be overwritten when the script next updates this file, |
| 58 | * only reason strings will be preserved. | ||
| 58 | */ | 59 | */ |
| 59 | 60 | ||
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| @@ -62,7 +63,7 @@ | |||
| 62 | #include <openssl/comp.h> | 63 | #include <openssl/comp.h> |
| 63 | 64 | ||
| 64 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 65 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | static ERR_STRING_DATA COMP_str_functs[]= | 67 | static ERR_STRING_DATA COMP_str_functs[]= |
| 67 | { | 68 | { |
| 68 | {0,NULL} | 69 | {0,NULL} |
| @@ -82,7 +83,7 @@ void ERR_load_COMP_strings(void) | |||
| 82 | if (init) | 83 | if (init) |
| 83 | { | 84 | { |
| 84 | init=0; | 85 | init=0; |
| 85 | #ifndef NO_ERR | 86 | #ifndef OPENSSL_NO_ERR |
| 86 | ERR_load_strings(ERR_LIB_COMP,COMP_str_functs); | 87 | ERR_load_strings(ERR_LIB_COMP,COMP_str_functs); |
| 87 | ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons); | 88 | ERR_load_strings(ERR_LIB_COMP,COMP_str_reasons); |
| 88 | #endif | 89 | #endif |
diff --git a/src/lib/libcrypto/comp/comp_lib.c b/src/lib/libcrypto/comp/comp_lib.c index a67ef23bc0..beb98ce8cc 100644 --- a/src/lib/libcrypto/comp/comp_lib.c +++ b/src/lib/libcrypto/comp/comp_lib.c | |||
| @@ -8,7 +8,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) | |||
| 8 | { | 8 | { |
| 9 | COMP_CTX *ret; | 9 | COMP_CTX *ret; |
| 10 | 10 | ||
| 11 | if ((ret=(COMP_CTX *)Malloc(sizeof(COMP_CTX))) == NULL) | 11 | if ((ret=(COMP_CTX *)OPENSSL_malloc(sizeof(COMP_CTX))) == NULL) |
| 12 | { | 12 | { |
| 13 | /* ZZZZZZZZZZZZZZZZ */ | 13 | /* ZZZZZZZZZZZZZZZZ */ |
| 14 | return(NULL); | 14 | return(NULL); |
| @@ -17,7 +17,7 @@ COMP_CTX *COMP_CTX_new(COMP_METHOD *meth) | |||
| 17 | ret->meth=meth; | 17 | ret->meth=meth; |
| 18 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) | 18 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) |
| 19 | { | 19 | { |
| 20 | Free(ret); | 20 | OPENSSL_free(ret); |
| 21 | ret=NULL; | 21 | ret=NULL; |
| 22 | } | 22 | } |
| 23 | #if 0 | 23 | #if 0 |
| @@ -37,7 +37,7 @@ void COMP_CTX_free(COMP_CTX *ctx) | |||
| 37 | if (ctx->meth->finish != NULL) | 37 | if (ctx->meth->finish != NULL) |
| 38 | ctx->meth->finish(ctx); | 38 | ctx->meth->finish(ctx); |
| 39 | 39 | ||
| 40 | Free(ctx); | 40 | OPENSSL_free(ctx); |
| 41 | } | 41 | } |
| 42 | 42 | ||
| 43 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, | 43 | int COMP_compress_block(COMP_CTX *ctx, unsigned char *out, int olen, |
diff --git a/src/lib/libcrypto/conf/conf.h b/src/lib/libcrypto/conf/conf.h index 1446226a16..3c03fb19c0 100644 --- a/src/lib/libcrypto/conf/conf.h +++ b/src/lib/libcrypto/conf/conf.h | |||
| @@ -59,13 +59,16 @@ | |||
| 59 | #ifndef HEADER_CONF_H | 59 | #ifndef HEADER_CONF_H |
| 60 | #define HEADER_CONF_H | 60 | #define HEADER_CONF_H |
| 61 | 61 | ||
| 62 | #include <openssl/bio.h> | ||
| 63 | #include <openssl/lhash.h> | ||
| 64 | #include <openssl/stack.h> | ||
| 65 | #include <openssl/safestack.h> | ||
| 66 | #include <openssl/e_os2.h> | ||
| 67 | |||
| 62 | #ifdef __cplusplus | 68 | #ifdef __cplusplus |
| 63 | extern "C" { | 69 | extern "C" { |
| 64 | #endif | 70 | #endif |
| 65 | 71 | ||
| 66 | #include "stack.h" | ||
| 67 | #include "lhash.h" | ||
| 68 | |||
| 69 | typedef struct | 72 | typedef struct |
| 70 | { | 73 | { |
| 71 | char *section; | 74 | char *section; |
| @@ -73,42 +76,173 @@ typedef struct | |||
| 73 | char *value; | 76 | char *value; |
| 74 | } CONF_VALUE; | 77 | } CONF_VALUE; |
| 75 | 78 | ||
| 76 | #ifndef NOPROTO | 79 | DECLARE_STACK_OF(CONF_VALUE) |
| 80 | DECLARE_STACK_OF(CONF_MODULE) | ||
| 81 | DECLARE_STACK_OF(CONF_IMODULE) | ||
| 82 | |||
| 83 | struct conf_st; | ||
| 84 | typedef struct conf_st CONF; | ||
| 85 | struct conf_method_st; | ||
| 86 | typedef struct conf_method_st CONF_METHOD; | ||
| 87 | |||
| 88 | struct conf_method_st | ||
| 89 | { | ||
| 90 | const char *name; | ||
| 91 | CONF *(*create)(CONF_METHOD *meth); | ||
| 92 | int (*init)(CONF *conf); | ||
| 93 | int (*destroy)(CONF *conf); | ||
| 94 | int (*destroy_data)(CONF *conf); | ||
| 95 | int (*load_bio)(CONF *conf, BIO *bp, long *eline); | ||
| 96 | int (*dump)(const CONF *conf, BIO *bp); | ||
| 97 | int (*is_number)(const CONF *conf, char c); | ||
| 98 | int (*to_int)(const CONF *conf, char c); | ||
| 99 | int (*load)(CONF *conf, const char *name, long *eline); | ||
| 100 | }; | ||
| 101 | |||
| 102 | /* Module definitions */ | ||
| 103 | |||
| 104 | typedef struct conf_imodule_st CONF_IMODULE; | ||
| 105 | typedef struct conf_module_st CONF_MODULE; | ||
| 77 | 106 | ||
| 78 | LHASH *CONF_load(LHASH *conf,char *file,long *eline); | 107 | /* DSO module function typedefs */ |
| 79 | STACK *CONF_get_section(LHASH *conf,char *section); | 108 | typedef int conf_init_func(CONF_IMODULE *md, const CONF *cnf); |
| 80 | char *CONF_get_string(LHASH *conf,char *group,char *name); | 109 | typedef void conf_finish_func(CONF_IMODULE *md); |
| 81 | long CONF_get_number(LHASH *conf,char *group,char *name); | 110 | |
| 111 | #define CONF_MFLAGS_IGNORE_ERRORS 0x1 | ||
| 112 | #define CONF_MFLAGS_IGNORE_RETURN_CODES 0x2 | ||
| 113 | #define CONF_MFLAGS_SILENT 0x4 | ||
| 114 | #define CONF_MFLAGS_NO_DSO 0x8 | ||
| 115 | #define CONF_MFLAGS_IGNORE_MISSING_FILE 0x10 | ||
| 116 | |||
| 117 | int CONF_set_default_method(CONF_METHOD *meth); | ||
| 118 | void CONF_set_nconf(CONF *conf,LHASH *hash); | ||
| 119 | LHASH *CONF_load(LHASH *conf,const char *file,long *eline); | ||
| 120 | #ifndef OPENSSL_NO_FP_API | ||
| 121 | LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline); | ||
| 122 | #endif | ||
| 123 | LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline); | ||
| 124 | STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section); | ||
| 125 | char *CONF_get_string(LHASH *conf,const char *group,const char *name); | ||
| 126 | long CONF_get_number(LHASH *conf,const char *group,const char *name); | ||
| 82 | void CONF_free(LHASH *conf); | 127 | void CONF_free(LHASH *conf); |
| 83 | void ERR_load_CONF_strings(void ); | 128 | int CONF_dump_fp(LHASH *conf, FILE *out); |
| 129 | int CONF_dump_bio(LHASH *conf, BIO *out); | ||
| 84 | 130 | ||
| 85 | #else | 131 | void OPENSSL_config(const char *config_name); |
| 86 | 132 | ||
| 87 | LHASH *CONF_load(); | 133 | /* New conf code. The semantics are different from the functions above. |
| 88 | STACK *CONF_get_section(); | 134 | If that wasn't the case, the above functions would have been replaced */ |
| 89 | char *CONF_get_string(); | ||
| 90 | long CONF_get_number(); | ||
| 91 | void CONF_free(); | ||
| 92 | void ERR_load_CONF_strings(); | ||
| 93 | 135 | ||
| 136 | struct conf_st | ||
| 137 | { | ||
| 138 | CONF_METHOD *meth; | ||
| 139 | void *meth_data; | ||
| 140 | LHASH *data; | ||
| 141 | }; | ||
| 142 | |||
| 143 | CONF *NCONF_new(CONF_METHOD *meth); | ||
| 144 | CONF_METHOD *NCONF_default(); | ||
| 145 | CONF_METHOD *NCONF_WIN32(); | ||
| 146 | #if 0 /* Just to give you an idea of what I have in mind */ | ||
| 147 | CONF_METHOD *NCONF_XML(); | ||
| 94 | #endif | 148 | #endif |
| 149 | void NCONF_free(CONF *conf); | ||
| 150 | void NCONF_free_data(CONF *conf); | ||
| 151 | |||
| 152 | int NCONF_load(CONF *conf,const char *file,long *eline); | ||
| 153 | #ifndef OPENSSL_NO_FP_API | ||
| 154 | int NCONF_load_fp(CONF *conf, FILE *fp,long *eline); | ||
| 155 | #endif | ||
| 156 | int NCONF_load_bio(CONF *conf, BIO *bp,long *eline); | ||
| 157 | STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section); | ||
| 158 | char *NCONF_get_string(const CONF *conf,const char *group,const char *name); | ||
| 159 | int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, | ||
| 160 | long *result); | ||
| 161 | int NCONF_dump_fp(const CONF *conf, FILE *out); | ||
| 162 | int NCONF_dump_bio(const CONF *conf, BIO *out); | ||
| 163 | |||
| 164 | #if 0 /* The following function has no error checking, | ||
| 165 | and should therefore be avoided */ | ||
| 166 | long NCONF_get_number(CONF *conf,char *group,char *name); | ||
| 167 | #else | ||
| 168 | #define NCONF_get_number(c,g,n,r) NCONF_get_number_e(c,g,n,r) | ||
| 169 | #endif | ||
| 170 | |||
| 171 | /* Module functions */ | ||
| 172 | |||
| 173 | int CONF_modules_load(const CONF *cnf, const char *appname, | ||
| 174 | unsigned long flags); | ||
| 175 | int CONF_modules_load_file(const char *filename, const char *appname, | ||
| 176 | unsigned long flags); | ||
| 177 | void CONF_modules_unload(int all); | ||
| 178 | void CONF_modules_finish(void); | ||
| 179 | int CONF_module_add(const char *name, conf_init_func *ifunc, | ||
| 180 | conf_finish_func *ffunc); | ||
| 181 | |||
| 182 | const char *CONF_imodule_get_name(const CONF_IMODULE *md); | ||
| 183 | const char *CONF_imodule_get_value(const CONF_IMODULE *md); | ||
| 184 | void *CONF_imodule_get_usr_data(const CONF_IMODULE *md); | ||
| 185 | void CONF_imodule_set_usr_data(CONF_IMODULE *md, void *usr_data); | ||
| 186 | CONF_MODULE *CONF_imodule_get_module(const CONF_IMODULE *md); | ||
| 187 | unsigned long CONF_imodule_get_flags(const CONF_IMODULE *md); | ||
| 188 | void CONF_imodule_set_flags(CONF_IMODULE *md, unsigned long flags); | ||
| 189 | void *CONF_module_get_usr_data(CONF_MODULE *pmod); | ||
| 190 | void CONF_module_set_usr_data(CONF_MODULE *pmod, void *usr_data); | ||
| 191 | |||
| 192 | char *CONF_get1_default_config_file(void); | ||
| 193 | |||
| 194 | int CONF_parse_list(const char *list, int sep, int nospc, | ||
| 195 | int (*list_cb)(const char *elem, int len, void *usr), void *arg); | ||
| 196 | |||
| 197 | void OPENSSL_load_builtin_modules(void); | ||
| 95 | 198 | ||
| 96 | /* BEGIN ERROR CODES */ | 199 | /* BEGIN ERROR CODES */ |
| 200 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 201 | * made after this point may be overwritten when the script is next run. | ||
| 202 | */ | ||
| 203 | void ERR_load_CONF_strings(void); | ||
| 204 | |||
| 97 | /* Error codes for the CONF functions. */ | 205 | /* Error codes for the CONF functions. */ |
| 98 | 206 | ||
| 99 | /* Function codes. */ | 207 | /* Function codes. */ |
| 208 | #define CONF_F_CONF_DUMP_FP 104 | ||
| 100 | #define CONF_F_CONF_LOAD 100 | 209 | #define CONF_F_CONF_LOAD 100 |
| 210 | #define CONF_F_CONF_LOAD_BIO 102 | ||
| 211 | #define CONF_F_CONF_LOAD_FP 103 | ||
| 212 | #define CONF_F_CONF_MODULES_LOAD 116 | ||
| 213 | #define CONF_F_MODULE_INIT 115 | ||
| 214 | #define CONF_F_MODULE_LOAD_DSO 117 | ||
| 215 | #define CONF_F_MODULE_RUN 118 | ||
| 216 | #define CONF_F_NCONF_DUMP_BIO 105 | ||
| 217 | #define CONF_F_NCONF_DUMP_FP 106 | ||
| 218 | #define CONF_F_NCONF_GET_NUMBER 107 | ||
| 219 | #define CONF_F_NCONF_GET_NUMBER_E 112 | ||
| 220 | #define CONF_F_NCONF_GET_SECTION 108 | ||
| 221 | #define CONF_F_NCONF_GET_STRING 109 | ||
| 222 | #define CONF_F_NCONF_LOAD 113 | ||
| 223 | #define CONF_F_NCONF_LOAD_BIO 110 | ||
| 224 | #define CONF_F_NCONF_LOAD_FP 114 | ||
| 225 | #define CONF_F_NCONF_NEW 111 | ||
| 101 | #define CONF_F_STR_COPY 101 | 226 | #define CONF_F_STR_COPY 101 |
| 102 | 227 | ||
| 103 | /* Reason codes. */ | 228 | /* Reason codes. */ |
| 229 | #define CONF_R_ERROR_LOADING_DSO 110 | ||
| 104 | #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 | 230 | #define CONF_R_MISSING_CLOSE_SQUARE_BRACKET 100 |
| 105 | #define CONF_R_MISSING_EQUAL_SIGN 101 | 231 | #define CONF_R_MISSING_EQUAL_SIGN 101 |
| 232 | #define CONF_R_MISSING_FINISH_FUNCTION 111 | ||
| 233 | #define CONF_R_MISSING_INIT_FUNCTION 112 | ||
| 234 | #define CONF_R_MODULE_INITIALIZATION_ERROR 109 | ||
| 106 | #define CONF_R_NO_CLOSE_BRACE 102 | 235 | #define CONF_R_NO_CLOSE_BRACE 102 |
| 236 | #define CONF_R_NO_CONF 105 | ||
| 237 | #define CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE 106 | ||
| 238 | #define CONF_R_NO_SECTION 107 | ||
| 239 | #define CONF_R_NO_SUCH_FILE 114 | ||
| 240 | #define CONF_R_NO_VALUE 108 | ||
| 107 | #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 | 241 | #define CONF_R_UNABLE_TO_CREATE_NEW_SECTION 103 |
| 242 | #define CONF_R_UNKNOWN_MODULE_NAME 113 | ||
| 108 | #define CONF_R_VARIABLE_HAS_NO_VALUE 104 | 243 | #define CONF_R_VARIABLE_HAS_NO_VALUE 104 |
| 109 | 244 | ||
| 110 | #ifdef __cplusplus | 245 | #ifdef __cplusplus |
| 111 | } | 246 | } |
| 112 | #endif | 247 | #endif |
| 113 | #endif | 248 | #endif |
| 114 | |||
diff --git a/src/lib/libcrypto/conf/conf_api.c b/src/lib/libcrypto/conf/conf_api.c index d05a778ff6..0032baa711 100644 --- a/src/lib/libcrypto/conf/conf_api.c +++ b/src/lib/libcrypto/conf/conf_api.c | |||
| @@ -67,26 +67,34 @@ | |||
| 67 | #include <string.h> | 67 | #include <string.h> |
| 68 | #include <openssl/conf.h> | 68 | #include <openssl/conf.h> |
| 69 | #include <openssl/conf_api.h> | 69 | #include <openssl/conf_api.h> |
| 70 | #include "e_os.h" | ||
| 70 | 71 | ||
| 71 | static void value_free_hash(CONF_VALUE *a, LHASH *conf); | 72 | static void value_free_hash(CONF_VALUE *a, LHASH *conf); |
| 72 | static void value_free_stack(CONF_VALUE *a,LHASH *conf); | 73 | static void value_free_stack(CONF_VALUE *a,LHASH *conf); |
| 73 | static unsigned long hash(CONF_VALUE *v); | 74 | static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_hash, CONF_VALUE *, LHASH *) |
| 74 | static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); | 75 | static IMPLEMENT_LHASH_DOALL_ARG_FN(value_free_stack, CONF_VALUE *, LHASH *) |
| 76 | /* We don't use function pointer casting or wrapper functions - but cast each | ||
| 77 | * callback parameter inside the callback functions. */ | ||
| 78 | /* static unsigned long hash(CONF_VALUE *v); */ | ||
| 79 | static unsigned long hash(const void *v_void); | ||
| 80 | /* static int cmp_conf(CONF_VALUE *a,CONF_VALUE *b); */ | ||
| 81 | static int cmp_conf(const void *a_void,const void *b_void); | ||
| 75 | 82 | ||
| 76 | /* Up until OpenSSL 0.9.5a, this was get_section */ | 83 | /* Up until OpenSSL 0.9.5a, this was get_section */ |
| 77 | CONF_VALUE *_CONF_get_section(CONF *conf, char *section) | 84 | CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section) |
| 78 | { | 85 | { |
| 79 | CONF_VALUE *v,vv; | 86 | CONF_VALUE *v,vv; |
| 80 | 87 | ||
| 81 | if ((conf == NULL) || (section == NULL)) return(NULL); | 88 | if ((conf == NULL) || (section == NULL)) return(NULL); |
| 82 | vv.name=NULL; | 89 | vv.name=NULL; |
| 83 | vv.section=section; | 90 | vv.section=(char *)section; |
| 84 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); | 91 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); |
| 85 | return(v); | 92 | return(v); |
| 86 | } | 93 | } |
| 87 | 94 | ||
| 88 | /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ | 95 | /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ |
| 89 | STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section) | 96 | STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, |
| 97 | const char *section) | ||
| 90 | { | 98 | { |
| 91 | CONF_VALUE *v; | 99 | CONF_VALUE *v; |
| 92 | 100 | ||
| @@ -121,7 +129,7 @@ int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value) | |||
| 121 | return 1; | 129 | return 1; |
| 122 | } | 130 | } |
| 123 | 131 | ||
| 124 | char *_CONF_get_string(CONF *conf, char *section, char *name) | 132 | char *_CONF_get_string(const CONF *conf, const char *section, const char *name) |
| 125 | { | 133 | { |
| 126 | CONF_VALUE *v,vv; | 134 | CONF_VALUE *v,vv; |
| 127 | char *p; | 135 | char *p; |
| @@ -131,8 +139,8 @@ char *_CONF_get_string(CONF *conf, char *section, char *name) | |||
| 131 | { | 139 | { |
| 132 | if (section != NULL) | 140 | if (section != NULL) |
| 133 | { | 141 | { |
| 134 | vv.name=name; | 142 | vv.name=(char *)name; |
| 135 | vv.section=section; | 143 | vv.section=(char *)section; |
| 136 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); | 144 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); |
| 137 | if (v != NULL) return(v->value); | 145 | if (v != NULL) return(v->value); |
| 138 | if (strcmp(section,"ENV") == 0) | 146 | if (strcmp(section,"ENV") == 0) |
| @@ -142,7 +150,7 @@ char *_CONF_get_string(CONF *conf, char *section, char *name) | |||
| 142 | } | 150 | } |
| 143 | } | 151 | } |
| 144 | vv.section="default"; | 152 | vv.section="default"; |
| 145 | vv.name=name; | 153 | vv.name=(char *)name; |
| 146 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); | 154 | v=(CONF_VALUE *)lh_retrieve(conf->data,&vv); |
| 147 | if (v != NULL) | 155 | if (v != NULL) |
| 148 | return(v->value); | 156 | return(v->value); |
| @@ -153,6 +161,9 @@ char *_CONF_get_string(CONF *conf, char *section, char *name) | |||
| 153 | return(Getenv(name)); | 161 | return(Getenv(name)); |
| 154 | } | 162 | } |
| 155 | 163 | ||
| 164 | #if 0 /* There's no way to provide error checking with this function, so | ||
| 165 | force implementors of the higher levels to get a string and read | ||
| 166 | the number themselves. */ | ||
| 156 | long _CONF_get_number(CONF *conf, char *section, char *name) | 167 | long _CONF_get_number(CONF *conf, char *section, char *name) |
| 157 | { | 168 | { |
| 158 | char *str; | 169 | char *str; |
| @@ -169,6 +180,7 @@ long _CONF_get_number(CONF *conf, char *section, char *name) | |||
| 169 | str++; | 180 | str++; |
| 170 | } | 181 | } |
| 171 | } | 182 | } |
| 183 | #endif | ||
| 172 | 184 | ||
| 173 | int _CONF_new_data(CONF *conf) | 185 | int _CONF_new_data(CONF *conf) |
| 174 | { | 186 | { |
| @@ -177,7 +189,7 @@ int _CONF_new_data(CONF *conf) | |||
| 177 | return 0; | 189 | return 0; |
| 178 | } | 190 | } |
| 179 | if (conf->data == NULL) | 191 | if (conf->data == NULL) |
| 180 | if ((conf->data = lh_new(hash,cmp_conf)) == NULL) | 192 | if ((conf->data = lh_new(hash, cmp_conf)) == NULL) |
| 181 | { | 193 | { |
| 182 | return 0; | 194 | return 0; |
| 183 | } | 195 | } |
| @@ -190,12 +202,14 @@ void _CONF_free_data(CONF *conf) | |||
| 190 | 202 | ||
| 191 | conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' | 203 | conf->data->down_load=0; /* evil thing to make sure the 'OPENSSL_free()' |
| 192 | * works as expected */ | 204 | * works as expected */ |
| 193 | lh_doall_arg(conf->data,(void (*)())value_free_hash,conf->data); | 205 | lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_hash), |
| 206 | conf->data); | ||
| 194 | 207 | ||
| 195 | /* We now have only 'section' entries in the hash table. | 208 | /* We now have only 'section' entries in the hash table. |
| 196 | * Due to problems with */ | 209 | * Due to problems with */ |
| 197 | 210 | ||
| 198 | lh_doall_arg(conf->data,(void (*)())value_free_stack,conf->data); | 211 | lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(value_free_stack), |
| 212 | conf->data); | ||
| 199 | lh_free(conf->data); | 213 | lh_free(conf->data); |
| 200 | } | 214 | } |
| 201 | 215 | ||
| @@ -228,14 +242,19 @@ static void value_free_stack(CONF_VALUE *a, LHASH *conf) | |||
| 228 | OPENSSL_free(a); | 242 | OPENSSL_free(a); |
| 229 | } | 243 | } |
| 230 | 244 | ||
| 231 | static unsigned long hash(CONF_VALUE *v) | 245 | /* static unsigned long hash(CONF_VALUE *v) */ |
| 246 | static unsigned long hash(const void *v_void) | ||
| 232 | { | 247 | { |
| 248 | CONF_VALUE *v = (CONF_VALUE *)v_void; | ||
| 233 | return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); | 249 | return((lh_strhash(v->section)<<2)^lh_strhash(v->name)); |
| 234 | } | 250 | } |
| 235 | 251 | ||
| 236 | static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) | 252 | /* static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) */ |
| 253 | static int cmp_conf(const void *a_void,const void *b_void) | ||
| 237 | { | 254 | { |
| 238 | int i; | 255 | int i; |
| 256 | CONF_VALUE *a = (CONF_VALUE *)a_void; | ||
| 257 | CONF_VALUE *b = (CONF_VALUE *)b_void; | ||
| 239 | 258 | ||
| 240 | if (a->section != b->section) | 259 | if (a->section != b->section) |
| 241 | { | 260 | { |
| @@ -255,7 +274,7 @@ static int cmp_conf(CONF_VALUE *a, CONF_VALUE *b) | |||
| 255 | } | 274 | } |
| 256 | 275 | ||
| 257 | /* Up until OpenSSL 0.9.5a, this was new_section */ | 276 | /* Up until OpenSSL 0.9.5a, this was new_section */ |
| 258 | CONF_VALUE *_CONF_new_section(CONF *conf, char *section) | 277 | CONF_VALUE *_CONF_new_section(CONF *conf, const char *section) |
| 259 | { | 278 | { |
| 260 | STACK *sk=NULL; | 279 | STACK *sk=NULL; |
| 261 | int ok=0,i; | 280 | int ok=0,i; |
diff --git a/src/lib/libcrypto/conf/conf_api.h b/src/lib/libcrypto/conf/conf_api.h index a5cc17b233..87a954aff6 100644 --- a/src/lib/libcrypto/conf/conf_api.h +++ b/src/lib/libcrypto/conf/conf_api.h | |||
| @@ -67,15 +67,17 @@ extern "C" { | |||
| 67 | #endif | 67 | #endif |
| 68 | 68 | ||
| 69 | /* Up until OpenSSL 0.9.5a, this was new_section */ | 69 | /* Up until OpenSSL 0.9.5a, this was new_section */ |
| 70 | CONF_VALUE *_CONF_new_section(CONF *conf, char *section); | 70 | CONF_VALUE *_CONF_new_section(CONF *conf, const char *section); |
| 71 | /* Up until OpenSSL 0.9.5a, this was get_section */ | 71 | /* Up until OpenSSL 0.9.5a, this was get_section */ |
| 72 | CONF_VALUE *_CONF_get_section(CONF *conf, char *section); | 72 | CONF_VALUE *_CONF_get_section(const CONF *conf, const char *section); |
| 73 | /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ | 73 | /* Up until OpenSSL 0.9.5a, this was CONF_get_section */ |
| 74 | STACK_OF(CONF_VALUE) *_CONF_get_section_values(CONF *conf, char *section); | 74 | STACK_OF(CONF_VALUE) *_CONF_get_section_values(const CONF *conf, |
| 75 | const char *section); | ||
| 75 | 76 | ||
| 76 | int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); | 77 | int _CONF_add_string(CONF *conf, CONF_VALUE *section, CONF_VALUE *value); |
| 77 | char *_CONF_get_string(CONF *conf, char *section, char *name); | 78 | char *_CONF_get_string(const CONF *conf, const char *section, |
| 78 | long _CONF_get_number(CONF *conf, char *section, char *name); | 79 | const char *name); |
| 80 | long _CONF_get_number(const CONF *conf, const char *section, const char *name); | ||
| 79 | 81 | ||
| 80 | int _CONF_new_data(CONF *conf); | 82 | int _CONF_new_data(CONF *conf); |
| 81 | void _CONF_free_data(CONF *conf); | 83 | void _CONF_free_data(CONF *conf); |
diff --git a/src/lib/libcrypto/conf/conf_def.c b/src/lib/libcrypto/conf/conf_def.c index 773df32c68..31f2766246 100644 --- a/src/lib/libcrypto/conf/conf_def.c +++ b/src/lib/libcrypto/conf/conf_def.c | |||
| @@ -81,10 +81,11 @@ static int def_init_default(CONF *conf); | |||
| 81 | static int def_init_WIN32(CONF *conf); | 81 | static int def_init_WIN32(CONF *conf); |
| 82 | static int def_destroy(CONF *conf); | 82 | static int def_destroy(CONF *conf); |
| 83 | static int def_destroy_data(CONF *conf); | 83 | static int def_destroy_data(CONF *conf); |
| 84 | static int def_load(CONF *conf, BIO *bp, long *eline); | 84 | static int def_load(CONF *conf, const char *name, long *eline); |
| 85 | static int def_dump(CONF *conf, BIO *bp); | 85 | static int def_load_bio(CONF *conf, BIO *bp, long *eline); |
| 86 | static int def_is_number(CONF *conf, char c); | 86 | static int def_dump(const CONF *conf, BIO *bp); |
| 87 | static int def_to_int(CONF *conf, char c); | 87 | static int def_is_number(const CONF *conf, char c); |
| 88 | static int def_to_int(const CONF *conf, char c); | ||
| 88 | 89 | ||
| 89 | const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT; | 90 | const char *CONF_def_version="CONF_def" OPENSSL_VERSION_PTEXT; |
| 90 | 91 | ||
| @@ -94,10 +95,11 @@ static CONF_METHOD default_method = { | |||
| 94 | def_init_default, | 95 | def_init_default, |
| 95 | def_destroy, | 96 | def_destroy, |
| 96 | def_destroy_data, | 97 | def_destroy_data, |
| 97 | def_load, | 98 | def_load_bio, |
| 98 | def_dump, | 99 | def_dump, |
| 99 | def_is_number, | 100 | def_is_number, |
| 100 | def_to_int | 101 | def_to_int, |
| 102 | def_load | ||
| 101 | }; | 103 | }; |
| 102 | 104 | ||
| 103 | static CONF_METHOD WIN32_method = { | 105 | static CONF_METHOD WIN32_method = { |
| @@ -106,10 +108,11 @@ static CONF_METHOD WIN32_method = { | |||
| 106 | def_init_WIN32, | 108 | def_init_WIN32, |
| 107 | def_destroy, | 109 | def_destroy, |
| 108 | def_destroy_data, | 110 | def_destroy_data, |
| 109 | def_load, | 111 | def_load_bio, |
| 110 | def_dump, | 112 | def_dump, |
| 111 | def_is_number, | 113 | def_is_number, |
| 112 | def_to_int | 114 | def_to_int, |
| 115 | def_load | ||
| 113 | }; | 116 | }; |
| 114 | 117 | ||
| 115 | CONF_METHOD *NCONF_default() | 118 | CONF_METHOD *NCONF_default() |
| @@ -177,7 +180,32 @@ static int def_destroy_data(CONF *conf) | |||
| 177 | return 1; | 180 | return 1; |
| 178 | } | 181 | } |
| 179 | 182 | ||
| 180 | static int def_load(CONF *conf, BIO *in, long *line) | 183 | static int def_load(CONF *conf, const char *name, long *line) |
| 184 | { | ||
| 185 | int ret; | ||
| 186 | BIO *in=NULL; | ||
| 187 | |||
| 188 | #ifdef OPENSSL_SYS_VMS | ||
| 189 | in=BIO_new_file(name, "r"); | ||
| 190 | #else | ||
| 191 | in=BIO_new_file(name, "rb"); | ||
| 192 | #endif | ||
| 193 | if (in == NULL) | ||
| 194 | { | ||
| 195 | if (ERR_GET_REASON(ERR_peek_last_error()) == BIO_R_NO_SUCH_FILE) | ||
| 196 | CONFerr(CONF_F_CONF_LOAD,CONF_R_NO_SUCH_FILE); | ||
| 197 | else | ||
| 198 | CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); | ||
| 199 | return 0; | ||
| 200 | } | ||
| 201 | |||
| 202 | ret = def_load_bio(conf, in, line); | ||
| 203 | BIO_free(in); | ||
| 204 | |||
| 205 | return ret; | ||
| 206 | } | ||
| 207 | |||
| 208 | static int def_load_bio(CONF *conf, BIO *in, long *line) | ||
| 181 | { | 209 | { |
| 182 | #define BUFSIZE 512 | 210 | #define BUFSIZE 512 |
| 183 | char btmp[16]; | 211 | char btmp[16]; |
| @@ -418,7 +446,11 @@ err: | |||
| 418 | if (line != NULL) *line=eline; | 446 | if (line != NULL) *line=eline; |
| 419 | sprintf(btmp,"%ld",eline); | 447 | sprintf(btmp,"%ld",eline); |
| 420 | ERR_add_error_data(2,"line ",btmp); | 448 | ERR_add_error_data(2,"line ",btmp); |
| 421 | if ((h != conf->data) && (conf->data != NULL)) CONF_free(conf->data); | 449 | if ((h != conf->data) && (conf->data != NULL)) |
| 450 | { | ||
| 451 | CONF_free(conf->data); | ||
| 452 | conf->data=NULL; | ||
| 453 | } | ||
| 422 | if (v != NULL) | 454 | if (v != NULL) |
| 423 | { | 455 | { |
| 424 | if (v->name != NULL) OPENSSL_free(v->name); | 456 | if (v->name != NULL) OPENSSL_free(v->name); |
| @@ -685,18 +717,20 @@ static void dump_value(CONF_VALUE *a, BIO *out) | |||
| 685 | BIO_printf(out, "[[%s]]\n", a->section); | 717 | BIO_printf(out, "[[%s]]\n", a->section); |
| 686 | } | 718 | } |
| 687 | 719 | ||
| 688 | static int def_dump(CONF *conf, BIO *out) | 720 | static IMPLEMENT_LHASH_DOALL_ARG_FN(dump_value, CONF_VALUE *, BIO *) |
| 721 | |||
| 722 | static int def_dump(const CONF *conf, BIO *out) | ||
| 689 | { | 723 | { |
| 690 | lh_doall_arg(conf->data, (void (*)())dump_value, out); | 724 | lh_doall_arg(conf->data, LHASH_DOALL_ARG_FN(dump_value), out); |
| 691 | return 1; | 725 | return 1; |
| 692 | } | 726 | } |
| 693 | 727 | ||
| 694 | static int def_is_number(CONF *conf, char c) | 728 | static int def_is_number(const CONF *conf, char c) |
| 695 | { | 729 | { |
| 696 | return IS_NUMBER(conf,c); | 730 | return IS_NUMBER(conf,c); |
| 697 | } | 731 | } |
| 698 | 732 | ||
| 699 | static int def_to_int(CONF *conf, char c) | 733 | static int def_to_int(const CONF *conf, char c) |
| 700 | { | 734 | { |
| 701 | return c - '0'; | 735 | return c - '0'; |
| 702 | } | 736 | } |
diff --git a/src/lib/libcrypto/conf/conf_def.h b/src/lib/libcrypto/conf/conf_def.h index 3244d9a331..92a7d8ad77 100644 --- a/src/lib/libcrypto/conf/conf_def.h +++ b/src/lib/libcrypto/conf/conf_def.h | |||
| @@ -71,6 +71,7 @@ | |||
| 71 | #define CONF_COMMENT 128 | 71 | #define CONF_COMMENT 128 |
| 72 | #define CONF_FCOMMENT 2048 | 72 | #define CONF_FCOMMENT 2048 |
| 73 | #define CONF_EOF 8 | 73 | #define CONF_EOF 8 |
| 74 | #define CONF_HIGHBIT 4096 | ||
| 74 | #define CONF_ALPHA (CONF_UPPER|CONF_LOWER) | 75 | #define CONF_ALPHA (CONF_UPPER|CONF_LOWER) |
| 75 | #define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) | 76 | #define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) |
| 76 | #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ | 77 | #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \ |
| @@ -78,68 +79,102 @@ | |||
| 78 | 79 | ||
| 79 | #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) | 80 | #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) |
| 80 | #ifndef CHARSET_EBCDIC | 81 | #ifndef CHARSET_EBCDIC |
| 81 | #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_COMMENT) | 82 | #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) |
| 82 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_FCOMMENT) | 83 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) |
| 83 | #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_EOF) | 84 | #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) |
| 84 | #define IS_ESC(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_ESC) | 85 | #define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) |
| 85 | #define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_NUMBER) | 86 | #define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) |
| 86 | #define IS_WS(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_WS) | 87 | #define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) |
| 87 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC) | 88 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) |
| 88 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \ | 89 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \ |
| 89 | (KEYTYPES(c)[(a)&0x7f]&CONF_ALPHA_NUMERIC_PUNCT) | 90 | (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) |
| 90 | #define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_QUOTE) | 91 | #define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) |
| 91 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0x7f]&CONF_DQUOTE) | 92 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) |
| 93 | #define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) | ||
| 92 | 94 | ||
| 93 | #else /*CHARSET_EBCDIC*/ | 95 | #else /*CHARSET_EBCDIC*/ |
| 94 | 96 | ||
| 95 | #define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_COMMENT) | 97 | #define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) |
| 96 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_FCOMMENT) | 98 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) |
| 97 | #define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_EOF) | 99 | #define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) |
| 98 | #define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ESC) | 100 | #define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) |
| 99 | #define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_NUMBER) | 101 | #define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) |
| 100 | #define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_WS) | 102 | #define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) |
| 101 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC) | 103 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) |
| 102 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \ | 104 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \ |
| 103 | (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_ALPHA_NUMERIC_PUNCT) | 105 | (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) |
| 104 | #define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_QUOTE) | 106 | #define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) |
| 105 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0x7f]&CONF_DQUOTE) | 107 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) |
| 108 | #define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) | ||
| 106 | #endif /*CHARSET_EBCDIC*/ | 109 | #endif /*CHARSET_EBCDIC*/ |
| 107 | 110 | ||
| 108 | static unsigned short CONF_type_default[128]={ | 111 | static unsigned short CONF_type_default[256]={ |
| 109 | 0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 112 | 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 110 | 0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000, | 113 | 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, |
| 111 | 0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 114 | 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 112 | 0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 115 | 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 113 | 0x010,0x200,0x040,0x080,0x000,0x200,0x200,0x040, | 116 | 0x0010,0x0200,0x0040,0x0080,0x0000,0x0200,0x0200,0x0040, |
| 114 | 0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200, | 117 | 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, |
| 115 | 0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001, | 118 | 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, |
| 116 | 0x001,0x001,0x000,0x200,0x000,0x000,0x000,0x200, | 119 | 0x0001,0x0001,0x0000,0x0200,0x0000,0x0000,0x0000,0x0200, |
| 117 | 0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 120 | 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 118 | 0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 121 | 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 119 | 0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 122 | 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 120 | 0x002,0x002,0x002,0x000,0x020,0x000,0x200,0x100, | 123 | 0x0002,0x0002,0x0002,0x0000,0x0020,0x0000,0x0200,0x0100, |
| 121 | 0x040,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 124 | 0x0040,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 122 | 0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 125 | 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 123 | 0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 126 | 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 124 | 0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000, | 127 | 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, |
| 128 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 129 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 130 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 131 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 132 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 133 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 134 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 135 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 136 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 137 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 138 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 139 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 140 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 141 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 142 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 143 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 125 | }; | 144 | }; |
| 126 | 145 | ||
| 127 | static unsigned short CONF_type_win32[128]={ | 146 | static unsigned short CONF_type_win32[256]={ |
| 128 | 0x008,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 147 | 0x0008,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 129 | 0x000,0x010,0x010,0x000,0x000,0x010,0x000,0x000, | 148 | 0x0000,0x0010,0x0010,0x0000,0x0000,0x0010,0x0000,0x0000, |
| 130 | 0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 149 | 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 131 | 0x000,0x000,0x000,0x000,0x000,0x000,0x000,0x000, | 150 | 0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000,0x0000, |
| 132 | 0x010,0x200,0x400,0x000,0x000,0x200,0x200,0x000, | 151 | 0x0010,0x0200,0x0400,0x0000,0x0000,0x0200,0x0200,0x0000, |
| 133 | 0x000,0x000,0x200,0x200,0x200,0x200,0x200,0x200, | 152 | 0x0000,0x0000,0x0200,0x0200,0x0200,0x0200,0x0200,0x0200, |
| 134 | 0x001,0x001,0x001,0x001,0x001,0x001,0x001,0x001, | 153 | 0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001,0x0001, |
| 135 | 0x001,0x001,0x000,0xA00,0x000,0x000,0x000,0x200, | 154 | 0x0001,0x0001,0x0000,0x0A00,0x0000,0x0000,0x0000,0x0200, |
| 136 | 0x200,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 155 | 0x0200,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 137 | 0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 156 | 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 138 | 0x002,0x002,0x002,0x002,0x002,0x002,0x002,0x002, | 157 | 0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002,0x0002, |
| 139 | 0x002,0x002,0x002,0x000,0x000,0x000,0x200,0x100, | 158 | 0x0002,0x0002,0x0002,0x0000,0x0000,0x0000,0x0200,0x0100, |
| 140 | 0x000,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 159 | 0x0000,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 141 | 0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 160 | 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 142 | 0x004,0x004,0x004,0x004,0x004,0x004,0x004,0x004, | 161 | 0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004,0x0004, |
| 143 | 0x004,0x004,0x004,0x000,0x200,0x000,0x200,0x000, | 162 | 0x0004,0x0004,0x0004,0x0000,0x0200,0x0000,0x0200,0x0000, |
| 163 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 164 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 165 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 166 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 167 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 168 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 169 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 170 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 171 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 172 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 173 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 174 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 175 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 176 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 177 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 178 | 0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000,0x1000, | ||
| 144 | }; | 179 | }; |
| 145 | 180 | ||
diff --git a/src/lib/libcrypto/conf/conf_err.c b/src/lib/libcrypto/conf/conf_err.c index a8db8f266f..ee07bfe9d9 100644 --- a/src/lib/libcrypto/conf/conf_err.c +++ b/src/lib/libcrypto/conf/conf_err.c | |||
| @@ -1,93 +1,123 @@ | |||
| 1 | /* lib/conf/conf_err.c */ | 1 | /* crypto/conf/conf_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "conf.h" | 63 | #include <openssl/conf.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA CONF_str_functs[]= | 67 | static ERR_STRING_DATA CONF_str_functs[]= |
| 65 | { | 68 | { |
| 69 | {ERR_PACK(0,CONF_F_CONF_DUMP_FP,0), "CONF_dump_fp"}, | ||
| 66 | {ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, | 70 | {ERR_PACK(0,CONF_F_CONF_LOAD,0), "CONF_load"}, |
| 71 | {ERR_PACK(0,CONF_F_CONF_LOAD_BIO,0), "CONF_load_bio"}, | ||
| 72 | {ERR_PACK(0,CONF_F_CONF_LOAD_FP,0), "CONF_load_fp"}, | ||
| 73 | {ERR_PACK(0,CONF_F_CONF_MODULES_LOAD,0), "CONF_modules_load"}, | ||
| 74 | {ERR_PACK(0,CONF_F_MODULE_INIT,0), "MODULE_INIT"}, | ||
| 75 | {ERR_PACK(0,CONF_F_MODULE_LOAD_DSO,0), "MODULE_LOAD_DSO"}, | ||
| 76 | {ERR_PACK(0,CONF_F_MODULE_RUN,0), "MODULE_RUN"}, | ||
| 77 | {ERR_PACK(0,CONF_F_NCONF_DUMP_BIO,0), "NCONF_dump_bio"}, | ||
| 78 | {ERR_PACK(0,CONF_F_NCONF_DUMP_FP,0), "NCONF_dump_fp"}, | ||
| 79 | {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER,0), "NCONF_get_number"}, | ||
| 80 | {ERR_PACK(0,CONF_F_NCONF_GET_NUMBER_E,0), "NCONF_get_number_e"}, | ||
| 81 | {ERR_PACK(0,CONF_F_NCONF_GET_SECTION,0), "NCONF_get_section"}, | ||
| 82 | {ERR_PACK(0,CONF_F_NCONF_GET_STRING,0), "NCONF_get_string"}, | ||
| 83 | {ERR_PACK(0,CONF_F_NCONF_LOAD,0), "NCONF_load"}, | ||
| 84 | {ERR_PACK(0,CONF_F_NCONF_LOAD_BIO,0), "NCONF_load_bio"}, | ||
| 85 | {ERR_PACK(0,CONF_F_NCONF_LOAD_FP,0), "NCONF_load_fp"}, | ||
| 86 | {ERR_PACK(0,CONF_F_NCONF_NEW,0), "NCONF_new"}, | ||
| 67 | {ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, | 87 | {ERR_PACK(0,CONF_F_STR_COPY,0), "STR_COPY"}, |
| 68 | {0,NULL}, | 88 | {0,NULL} |
| 69 | }; | 89 | }; |
| 70 | 90 | ||
| 71 | static ERR_STRING_DATA CONF_str_reasons[]= | 91 | static ERR_STRING_DATA CONF_str_reasons[]= |
| 72 | { | 92 | { |
| 93 | {CONF_R_ERROR_LOADING_DSO ,"error loading dso"}, | ||
| 73 | {CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, | 94 | {CONF_R_MISSING_CLOSE_SQUARE_BRACKET ,"missing close square bracket"}, |
| 74 | {CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, | 95 | {CONF_R_MISSING_EQUAL_SIGN ,"missing equal sign"}, |
| 96 | {CONF_R_MISSING_FINISH_FUNCTION ,"missing finish function"}, | ||
| 97 | {CONF_R_MISSING_INIT_FUNCTION ,"missing init function"}, | ||
| 98 | {CONF_R_MODULE_INITIALIZATION_ERROR ,"module initialization error"}, | ||
| 75 | {CONF_R_NO_CLOSE_BRACE ,"no close brace"}, | 99 | {CONF_R_NO_CLOSE_BRACE ,"no close brace"}, |
| 100 | {CONF_R_NO_CONF ,"no conf"}, | ||
| 101 | {CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE ,"no conf or environment variable"}, | ||
| 102 | {CONF_R_NO_SECTION ,"no section"}, | ||
| 103 | {CONF_R_NO_SUCH_FILE ,"no such file"}, | ||
| 104 | {CONF_R_NO_VALUE ,"no value"}, | ||
| 76 | {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, | 105 | {CONF_R_UNABLE_TO_CREATE_NEW_SECTION ,"unable to create new section"}, |
| 106 | {CONF_R_UNKNOWN_MODULE_NAME ,"unknown module name"}, | ||
| 77 | {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, | 107 | {CONF_R_VARIABLE_HAS_NO_VALUE ,"variable has no value"}, |
| 78 | {0,NULL}, | 108 | {0,NULL} |
| 79 | }; | 109 | }; |
| 80 | 110 | ||
| 81 | #endif | 111 | #endif |
| 82 | 112 | ||
| 83 | void ERR_load_CONF_strings() | 113 | void ERR_load_CONF_strings(void) |
| 84 | { | 114 | { |
| 85 | static int init=1; | 115 | static int init=1; |
| 86 | 116 | ||
| 87 | if (init); | 117 | if (init) |
| 88 | {; | 118 | { |
| 89 | init=0; | 119 | init=0; |
| 90 | #ifndef NO_ERR | 120 | #ifndef OPENSSL_NO_ERR |
| 91 | ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); | 121 | ERR_load_strings(ERR_LIB_CONF,CONF_str_functs); |
| 92 | ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); | 122 | ERR_load_strings(ERR_LIB_CONF,CONF_str_reasons); |
| 93 | #endif | 123 | #endif |
diff --git a/src/lib/libcrypto/conf/conf_lib.c b/src/lib/libcrypto/conf/conf_lib.c index 4c8ca9e9ae..7998f34c7b 100644 --- a/src/lib/libcrypto/conf/conf_lib.c +++ b/src/lib/libcrypto/conf/conf_lib.c | |||
| @@ -67,6 +67,17 @@ const char *CONF_version="CONF" OPENSSL_VERSION_PTEXT; | |||
| 67 | 67 | ||
| 68 | static CONF_METHOD *default_CONF_method=NULL; | 68 | static CONF_METHOD *default_CONF_method=NULL; |
| 69 | 69 | ||
| 70 | /* Init a 'CONF' structure from an old LHASH */ | ||
| 71 | |||
| 72 | void CONF_set_nconf(CONF *conf, LHASH *hash) | ||
| 73 | { | ||
| 74 | if (default_CONF_method == NULL) | ||
| 75 | default_CONF_method = NCONF_default(); | ||
| 76 | |||
| 77 | default_CONF_method->init(conf); | ||
| 78 | conf->data = hash; | ||
| 79 | } | ||
| 80 | |||
| 70 | /* The following section contains the "CONF classic" functions, | 81 | /* The following section contains the "CONF classic" functions, |
| 71 | rewritten in terms of the new CONF interface. */ | 82 | rewritten in terms of the new CONF interface. */ |
| 72 | 83 | ||
| @@ -81,7 +92,7 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline) | |||
| 81 | LHASH *ltmp; | 92 | LHASH *ltmp; |
| 82 | BIO *in=NULL; | 93 | BIO *in=NULL; |
| 83 | 94 | ||
| 84 | #ifdef VMS | 95 | #ifdef OPENSSL_SYS_VMS |
| 85 | in=BIO_new_file(file, "r"); | 96 | in=BIO_new_file(file, "r"); |
| 86 | #else | 97 | #else |
| 87 | in=BIO_new_file(file, "rb"); | 98 | in=BIO_new_file(file, "rb"); |
| @@ -98,7 +109,7 @@ LHASH *CONF_load(LHASH *conf, const char *file, long *eline) | |||
| 98 | return ltmp; | 109 | return ltmp; |
| 99 | } | 110 | } |
| 100 | 111 | ||
| 101 | #ifndef NO_FP_API | 112 | #ifndef OPENSSL_NO_FP_API |
| 102 | LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) | 113 | LHASH *CONF_load_fp(LHASH *conf, FILE *fp,long *eline) |
| 103 | { | 114 | { |
| 104 | BIO *btmp; | 115 | BIO *btmp; |
| @@ -118,66 +129,74 @@ LHASH *CONF_load_bio(LHASH *conf, BIO *bp,long *eline) | |||
| 118 | CONF ctmp; | 129 | CONF ctmp; |
| 119 | int ret; | 130 | int ret; |
| 120 | 131 | ||
| 121 | if (default_CONF_method == NULL) | 132 | CONF_set_nconf(&ctmp, conf); |
| 122 | default_CONF_method = NCONF_default(); | ||
| 123 | 133 | ||
| 124 | default_CONF_method->init(&ctmp); | ||
| 125 | ctmp.data = conf; | ||
| 126 | ret = NCONF_load_bio(&ctmp, bp, eline); | 134 | ret = NCONF_load_bio(&ctmp, bp, eline); |
| 127 | if (ret) | 135 | if (ret) |
| 128 | return ctmp.data; | 136 | return ctmp.data; |
| 129 | return NULL; | 137 | return NULL; |
| 130 | } | 138 | } |
| 131 | 139 | ||
| 132 | STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,char *section) | 140 | STACK_OF(CONF_VALUE) *CONF_get_section(LHASH *conf,const char *section) |
| 133 | { | 141 | { |
| 134 | CONF ctmp; | 142 | if (conf == NULL) |
| 135 | 143 | { | |
| 136 | if (default_CONF_method == NULL) | 144 | return NULL; |
| 137 | default_CONF_method = NCONF_default(); | 145 | } |
| 138 | 146 | else | |
| 139 | default_CONF_method->init(&ctmp); | 147 | { |
| 140 | ctmp.data = conf; | 148 | CONF ctmp; |
| 141 | return NCONF_get_section(&ctmp, section); | 149 | CONF_set_nconf(&ctmp, conf); |
| 150 | return NCONF_get_section(&ctmp, section); | ||
| 151 | } | ||
| 142 | } | 152 | } |
| 143 | 153 | ||
| 144 | char *CONF_get_string(LHASH *conf,char *group,char *name) | 154 | char *CONF_get_string(LHASH *conf,const char *group,const char *name) |
| 145 | { | 155 | { |
| 146 | CONF ctmp; | 156 | if (conf == NULL) |
| 147 | 157 | { | |
| 148 | if (default_CONF_method == NULL) | 158 | return NCONF_get_string(NULL, group, name); |
| 149 | default_CONF_method = NCONF_default(); | 159 | } |
| 150 | 160 | else | |
| 151 | default_CONF_method->init(&ctmp); | 161 | { |
| 152 | ctmp.data = conf; | 162 | CONF ctmp; |
| 153 | return NCONF_get_string(&ctmp, group, name); | 163 | CONF_set_nconf(&ctmp, conf); |
| 164 | return NCONF_get_string(&ctmp, group, name); | ||
| 165 | } | ||
| 154 | } | 166 | } |
| 155 | 167 | ||
| 156 | long CONF_get_number(LHASH *conf,char *group,char *name) | 168 | long CONF_get_number(LHASH *conf,const char *group,const char *name) |
| 157 | { | 169 | { |
| 158 | CONF ctmp; | 170 | int status; |
| 171 | long result = 0; | ||
| 159 | 172 | ||
| 160 | if (default_CONF_method == NULL) | 173 | if (conf == NULL) |
| 161 | default_CONF_method = NCONF_default(); | 174 | { |
| 175 | status = NCONF_get_number_e(NULL, group, name, &result); | ||
| 176 | } | ||
| 177 | else | ||
| 178 | { | ||
| 179 | CONF ctmp; | ||
| 180 | CONF_set_nconf(&ctmp, conf); | ||
| 181 | status = NCONF_get_number_e(&ctmp, group, name, &result); | ||
| 182 | } | ||
| 162 | 183 | ||
| 163 | default_CONF_method->init(&ctmp); | 184 | if (status == 0) |
| 164 | ctmp.data = conf; | 185 | { |
| 165 | return NCONF_get_number(&ctmp, group, name); | 186 | /* This function does not believe in errors... */ |
| 187 | ERR_get_error(); | ||
| 188 | } | ||
| 189 | return result; | ||
| 166 | } | 190 | } |
| 167 | 191 | ||
| 168 | void CONF_free(LHASH *conf) | 192 | void CONF_free(LHASH *conf) |
| 169 | { | 193 | { |
| 170 | CONF ctmp; | 194 | CONF ctmp; |
| 171 | 195 | CONF_set_nconf(&ctmp, conf); | |
| 172 | if (default_CONF_method == NULL) | ||
| 173 | default_CONF_method = NCONF_default(); | ||
| 174 | |||
| 175 | default_CONF_method->init(&ctmp); | ||
| 176 | ctmp.data = conf; | ||
| 177 | NCONF_free_data(&ctmp); | 196 | NCONF_free_data(&ctmp); |
| 178 | } | 197 | } |
| 179 | 198 | ||
| 180 | #ifndef NO_FP_API | 199 | #ifndef OPENSSL_NO_FP_API |
| 181 | int CONF_dump_fp(LHASH *conf, FILE *out) | 200 | int CONF_dump_fp(LHASH *conf, FILE *out) |
| 182 | { | 201 | { |
| 183 | BIO *btmp; | 202 | BIO *btmp; |
| @@ -196,12 +215,7 @@ int CONF_dump_fp(LHASH *conf, FILE *out) | |||
| 196 | int CONF_dump_bio(LHASH *conf, BIO *out) | 215 | int CONF_dump_bio(LHASH *conf, BIO *out) |
| 197 | { | 216 | { |
| 198 | CONF ctmp; | 217 | CONF ctmp; |
| 199 | 218 | CONF_set_nconf(&ctmp, conf); | |
| 200 | if (default_CONF_method == NULL) | ||
| 201 | default_CONF_method = NCONF_default(); | ||
| 202 | |||
| 203 | default_CONF_method->init(&ctmp); | ||
| 204 | ctmp.data = conf; | ||
| 205 | return NCONF_dump_bio(&ctmp, out); | 219 | return NCONF_dump_bio(&ctmp, out); |
| 206 | } | 220 | } |
| 207 | 221 | ||
| @@ -244,34 +258,23 @@ void NCONF_free_data(CONF *conf) | |||
| 244 | 258 | ||
| 245 | int NCONF_load(CONF *conf, const char *file, long *eline) | 259 | int NCONF_load(CONF *conf, const char *file, long *eline) |
| 246 | { | 260 | { |
| 247 | int ret; | 261 | if (conf == NULL) |
| 248 | BIO *in=NULL; | ||
| 249 | |||
| 250 | #ifdef VMS | ||
| 251 | in=BIO_new_file(file, "r"); | ||
| 252 | #else | ||
| 253 | in=BIO_new_file(file, "rb"); | ||
| 254 | #endif | ||
| 255 | if (in == NULL) | ||
| 256 | { | 262 | { |
| 257 | CONFerr(CONF_F_CONF_LOAD,ERR_R_SYS_LIB); | 263 | CONFerr(CONF_F_NCONF_LOAD,CONF_R_NO_CONF); |
| 258 | return 0; | 264 | return 0; |
| 259 | } | 265 | } |
| 260 | 266 | ||
| 261 | ret = NCONF_load_bio(conf, in, eline); | 267 | return conf->meth->load(conf, file, eline); |
| 262 | BIO_free(in); | ||
| 263 | |||
| 264 | return ret; | ||
| 265 | } | 268 | } |
| 266 | 269 | ||
| 267 | #ifndef NO_FP_API | 270 | #ifndef OPENSSL_NO_FP_API |
| 268 | int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) | 271 | int NCONF_load_fp(CONF *conf, FILE *fp,long *eline) |
| 269 | { | 272 | { |
| 270 | BIO *btmp; | 273 | BIO *btmp; |
| 271 | int ret; | 274 | int ret; |
| 272 | if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) | 275 | if(!(btmp = BIO_new_fp(fp, BIO_NOCLOSE))) |
| 273 | { | 276 | { |
| 274 | CONFerr(CONF_F_CONF_LOAD_FP,ERR_R_BUF_LIB); | 277 | CONFerr(CONF_F_NCONF_LOAD_FP,ERR_R_BUF_LIB); |
| 275 | return 0; | 278 | return 0; |
| 276 | } | 279 | } |
| 277 | ret = NCONF_load_bio(conf, btmp, eline); | 280 | ret = NCONF_load_bio(conf, btmp, eline); |
| @@ -288,10 +291,10 @@ int NCONF_load_bio(CONF *conf, BIO *bp,long *eline) | |||
| 288 | return 0; | 291 | return 0; |
| 289 | } | 292 | } |
| 290 | 293 | ||
| 291 | return conf->meth->load(conf, bp, eline); | 294 | return conf->meth->load_bio(conf, bp, eline); |
| 292 | } | 295 | } |
| 293 | 296 | ||
| 294 | STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section) | 297 | STACK_OF(CONF_VALUE) *NCONF_get_section(const CONF *conf,const char *section) |
| 295 | { | 298 | { |
| 296 | if (conf == NULL) | 299 | if (conf == NULL) |
| 297 | { | 300 | { |
| @@ -299,33 +302,62 @@ STACK_OF(CONF_VALUE) *NCONF_get_section(CONF *conf,char *section) | |||
| 299 | return NULL; | 302 | return NULL; |
| 300 | } | 303 | } |
| 301 | 304 | ||
| 305 | if (section == NULL) | ||
| 306 | { | ||
| 307 | CONFerr(CONF_F_NCONF_GET_SECTION,CONF_R_NO_SECTION); | ||
| 308 | return NULL; | ||
| 309 | } | ||
| 310 | |||
| 302 | return _CONF_get_section_values(conf, section); | 311 | return _CONF_get_section_values(conf, section); |
| 303 | } | 312 | } |
| 304 | 313 | ||
| 305 | char *NCONF_get_string(CONF *conf,char *group,char *name) | 314 | char *NCONF_get_string(const CONF *conf,const char *group,const char *name) |
| 306 | { | 315 | { |
| 316 | char *s = _CONF_get_string(conf, group, name); | ||
| 317 | |||
| 318 | /* Since we may get a value from an environment variable even | ||
| 319 | if conf is NULL, let's check the value first */ | ||
| 320 | if (s) return s; | ||
| 321 | |||
| 307 | if (conf == NULL) | 322 | if (conf == NULL) |
| 308 | { | 323 | { |
| 309 | CONFerr(CONF_F_NCONF_GET_STRING,CONF_R_NO_CONF); | 324 | CONFerr(CONF_F_NCONF_GET_STRING, |
| 325 | CONF_R_NO_CONF_OR_ENVIRONMENT_VARIABLE); | ||
| 310 | return NULL; | 326 | return NULL; |
| 311 | } | 327 | } |
| 312 | 328 | CONFerr(CONF_F_NCONF_GET_STRING, | |
| 313 | return _CONF_get_string(conf, group, name); | 329 | CONF_R_NO_VALUE); |
| 330 | ERR_add_error_data(4,"group=",group," name=",name); | ||
| 331 | return NULL; | ||
| 314 | } | 332 | } |
| 315 | 333 | ||
| 316 | long NCONF_get_number(CONF *conf,char *group,char *name) | 334 | int NCONF_get_number_e(const CONF *conf,const char *group,const char *name, |
| 335 | long *result) | ||
| 317 | { | 336 | { |
| 318 | if (conf == NULL) | 337 | char *str; |
| 338 | |||
| 339 | if (result == NULL) | ||
| 319 | { | 340 | { |
| 320 | CONFerr(CONF_F_NCONF_GET_NUMBER,CONF_R_NO_CONF); | 341 | CONFerr(CONF_F_NCONF_GET_NUMBER_E,ERR_R_PASSED_NULL_PARAMETER); |
| 321 | return 0; | 342 | return 0; |
| 322 | } | 343 | } |
| 323 | 344 | ||
| 324 | return _CONF_get_number(conf, group, name); | 345 | str = NCONF_get_string(conf,group,name); |
| 346 | |||
| 347 | if (str == NULL) | ||
| 348 | return 0; | ||
| 349 | |||
| 350 | for (*result = 0;conf->meth->is_number(conf, *str);) | ||
| 351 | { | ||
| 352 | *result = (*result)*10 + conf->meth->to_int(conf, *str); | ||
| 353 | str++; | ||
| 354 | } | ||
| 355 | |||
| 356 | return 1; | ||
| 325 | } | 357 | } |
| 326 | 358 | ||
| 327 | #ifndef NO_FP_API | 359 | #ifndef OPENSSL_NO_FP_API |
| 328 | int NCONF_dump_fp(CONF *conf, FILE *out) | 360 | int NCONF_dump_fp(const CONF *conf, FILE *out) |
| 329 | { | 361 | { |
| 330 | BIO *btmp; | 362 | BIO *btmp; |
| 331 | int ret; | 363 | int ret; |
| @@ -339,7 +371,7 @@ int NCONF_dump_fp(CONF *conf, FILE *out) | |||
| 339 | } | 371 | } |
| 340 | #endif | 372 | #endif |
| 341 | 373 | ||
| 342 | int NCONF_dump_bio(CONF *conf, BIO *out) | 374 | int NCONF_dump_bio(const CONF *conf, BIO *out) |
| 343 | { | 375 | { |
| 344 | if (conf == NULL) | 376 | if (conf == NULL) |
| 345 | { | 377 | { |
| @@ -350,3 +382,19 @@ int NCONF_dump_bio(CONF *conf, BIO *out) | |||
| 350 | return conf->meth->dump(conf, out); | 382 | return conf->meth->dump(conf, out); |
| 351 | } | 383 | } |
| 352 | 384 | ||
| 385 | /* This function should be avoided */ | ||
| 386 | #undef NCONF_get_number | ||
| 387 | long NCONF_get_number(CONF *conf,char *group,char *name) | ||
| 388 | { | ||
| 389 | int status; | ||
| 390 | long ret=0; | ||
| 391 | |||
| 392 | status = NCONF_get_number_e(conf, group, name, &ret); | ||
| 393 | if (status == 0) | ||
| 394 | { | ||
| 395 | /* This function does not believe in errors... */ | ||
| 396 | ERR_get_error(); | ||
| 397 | } | ||
| 398 | return ret; | ||
| 399 | } | ||
| 400 | |||
diff --git a/src/lib/libcrypto/conf/keysets.pl b/src/lib/libcrypto/conf/keysets.pl index e40fed0ca1..50ed67fa52 100644 --- a/src/lib/libcrypto/conf/keysets.pl +++ b/src/lib/libcrypto/conf/keysets.pl | |||
| @@ -1,16 +1,20 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | $NUMBER=0x01; | 3 | $NUMBER=0x01; |
| 4 | $UPPER=0x02; | 4 | $UPPER=0x02; |
| 5 | $LOWER=0x04; | 5 | $LOWER=0x04; |
| 6 | $EOF=0x08; | 6 | $UNDER=0x100; |
| 7 | $PUNCTUATION=0x200; | ||
| 7 | $WS=0x10; | 8 | $WS=0x10; |
| 8 | $ESC=0x20; | 9 | $ESC=0x20; |
| 9 | $QUOTE=0x40; | 10 | $QUOTE=0x40; |
| 11 | $DQUOTE=0x400; | ||
| 10 | $COMMENT=0x80; | 12 | $COMMENT=0x80; |
| 11 | $UNDER=0x100; | 13 | $FCOMMENT=0x800; |
| 14 | $EOF=0x08; | ||
| 15 | $HIGHBIT=0x1000; | ||
| 12 | 16 | ||
| 13 | foreach (0 .. 127) | 17 | foreach (0 .. 255) |
| 14 | { | 18 | { |
| 15 | $v=0; | 19 | $v=0; |
| 16 | $c=sprintf("%c",$_); | 20 | $c=sprintf("%c",$_); |
| @@ -18,44 +22,164 @@ foreach (0 .. 127) | |||
| 18 | $v|=$UPPER if ($c =~ /[A-Z]/); | 22 | $v|=$UPPER if ($c =~ /[A-Z]/); |
| 19 | $v|=$LOWER if ($c =~ /[a-z]/); | 23 | $v|=$LOWER if ($c =~ /[a-z]/); |
| 20 | $v|=$UNDER if ($c =~ /_/); | 24 | $v|=$UNDER if ($c =~ /_/); |
| 21 | $v|=$WS if ($c =~ / \t\r\n/); | 25 | $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/); |
| 26 | $v|=$WS if ($c =~ /[ \t\r\n]/); | ||
| 22 | $v|=$ESC if ($c =~ /\\/); | 27 | $v|=$ESC if ($c =~ /\\/); |
| 23 | $v|=$QUOTE if ($c =~ /['`"]/); | 28 | $v|=$QUOTE if ($c =~ /['`"]/); # for emacs: "`'}/) |
| 24 | $v|=$COMMENT if ($c =~ /\#/); | 29 | $v|=$COMMENT if ($c =~ /\#/); |
| 25 | $v|=$EOF if ($c =~ /\0/); | 30 | $v|=$EOF if ($c =~ /\0/); |
| 31 | $v|=$HIGHBIT if ($c =~/[\x80-\xff]/); | ||
| 32 | |||
| 33 | push(@V_def,$v); | ||
| 34 | } | ||
| 35 | |||
| 36 | foreach (0 .. 255) | ||
| 37 | { | ||
| 38 | $v=0; | ||
| 39 | $c=sprintf("%c",$_); | ||
| 40 | $v|=$NUMBER if ($c =~ /[0-9]/); | ||
| 41 | $v|=$UPPER if ($c =~ /[A-Z]/); | ||
| 42 | $v|=$LOWER if ($c =~ /[a-z]/); | ||
| 43 | $v|=$UNDER if ($c =~ /_/); | ||
| 44 | $v|=$PUNCTUATION if ($c =~ /[!\.%&\*\+,\/;\?\@\^\~\|-]/); | ||
| 45 | $v|=$WS if ($c =~ /[ \t\r\n]/); | ||
| 46 | $v|=$DQUOTE if ($c =~ /["]/); # for emacs: "}/) | ||
| 47 | $v|=$FCOMMENT if ($c =~ /;/); | ||
| 48 | $v|=$EOF if ($c =~ /\0/); | ||
| 49 | $v|=$HIGHBIT if ($c =~/[\x80-\xff]/); | ||
| 26 | 50 | ||
| 27 | push(@V,$v); | 51 | push(@V_w32,$v); |
| 28 | } | 52 | } |
| 29 | 53 | ||
| 30 | print <<"EOF"; | 54 | print <<"EOF"; |
| 55 | /* crypto/conf/conf_def.h */ | ||
| 56 | /* Copyright (C) 1995-1998 Eric Young (eay\@cryptsoft.com) | ||
| 57 | * All rights reserved. | ||
| 58 | * | ||
| 59 | * This package is an SSL implementation written | ||
| 60 | * by Eric Young (eay\@cryptsoft.com). | ||
| 61 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 62 | * | ||
| 63 | * This library is free for commercial and non-commercial use as long as | ||
| 64 | * the following conditions are aheared to. The following conditions | ||
| 65 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 66 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 67 | * included with this distribution is covered by the same copyright terms | ||
| 68 | * except that the holder is Tim Hudson (tjh\@cryptsoft.com). | ||
| 69 | * | ||
| 70 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 71 | * the code are not to be removed. | ||
| 72 | * If this package is used in a product, Eric Young should be given attribution | ||
| 73 | * as the author of the parts of the library used. | ||
| 74 | * This can be in the form of a textual message at program startup or | ||
| 75 | * in documentation (online or textual) provided with the package. | ||
| 76 | * | ||
| 77 | * Redistribution and use in source and binary forms, with or without | ||
| 78 | * modification, are permitted provided that the following conditions | ||
| 79 | * are met: | ||
| 80 | * 1. Redistributions of source code must retain the copyright | ||
| 81 | * notice, this list of conditions and the following disclaimer. | ||
| 82 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 83 | * notice, this list of conditions and the following disclaimer in the | ||
| 84 | * documentation and/or other materials provided with the distribution. | ||
| 85 | * 3. All advertising materials mentioning features or use of this software | ||
| 86 | * must display the following acknowledgement: | ||
| 87 | * "This product includes cryptographic software written by | ||
| 88 | * Eric Young (eay\@cryptsoft.com)" | ||
| 89 | * The word 'cryptographic' can be left out if the rouines from the library | ||
| 90 | * being used are not cryptographic related :-). | ||
| 91 | * 4. If you include any Windows specific code (or a derivative thereof) from | ||
| 92 | * the apps directory (application code) you must include an acknowledgement: | ||
| 93 | * "This product includes software written by Tim Hudson (tjh\@cryptsoft.com)" | ||
| 94 | * | ||
| 95 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | ||
| 96 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 97 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | ||
| 98 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | ||
| 99 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | ||
| 100 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | ||
| 101 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 102 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | ||
| 103 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | ||
| 104 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | ||
| 105 | * SUCH DAMAGE. | ||
| 106 | * | ||
| 107 | * The licence and distribution terms for any publically available version or | ||
| 108 | * derivative of this code cannot be changed. i.e. this code cannot simply be | ||
| 109 | * copied and put under another distribution licence | ||
| 110 | * [including the GNU Public Licence.] | ||
| 111 | */ | ||
| 112 | |||
| 113 | /* THIS FILE WAS AUTOMAGICALLY GENERATED! | ||
| 114 | Please modify and use keysets.pl to regenerate it. */ | ||
| 115 | |||
| 31 | #define CONF_NUMBER $NUMBER | 116 | #define CONF_NUMBER $NUMBER |
| 32 | #define CONF_UPPER $UPPER | 117 | #define CONF_UPPER $UPPER |
| 33 | #define CONF_LOWER $LOWER | 118 | #define CONF_LOWER $LOWER |
| 34 | #define CONF_EOF $EOF | 119 | #define CONF_UNDER $UNDER |
| 120 | #define CONF_PUNCTUATION $PUNCTUATION | ||
| 35 | #define CONF_WS $WS | 121 | #define CONF_WS $WS |
| 36 | #define CONF_ESC $ESC | 122 | #define CONF_ESC $ESC |
| 37 | #define CONF_QUOTE $QUOTE | 123 | #define CONF_QUOTE $QUOTE |
| 124 | #define CONF_DQUOTE $DQUOTE | ||
| 38 | #define CONF_COMMENT $COMMENT | 125 | #define CONF_COMMENT $COMMENT |
| 126 | #define CONF_FCOMMENT $FCOMMENT | ||
| 127 | #define CONF_EOF $EOF | ||
| 128 | #define CONF_HIGHBIT $HIGHBIT | ||
| 39 | #define CONF_ALPHA (CONF_UPPER|CONF_LOWER) | 129 | #define CONF_ALPHA (CONF_UPPER|CONF_LOWER) |
| 40 | #define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) | 130 | #define CONF_ALPHA_NUMERIC (CONF_ALPHA|CONF_NUMBER|CONF_UNDER) |
| 41 | #define CONF_UNDER $UNDER | 131 | #define CONF_ALPHA_NUMERIC_PUNCT (CONF_ALPHA|CONF_NUMBER|CONF_UNDER| \\ |
| 132 | CONF_PUNCTUATION) | ||
| 133 | |||
| 134 | #define KEYTYPES(c) ((unsigned short *)((c)->meth_data)) | ||
| 135 | #ifndef CHARSET_EBCDIC | ||
| 136 | #define IS_COMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_COMMENT) | ||
| 137 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_FCOMMENT) | ||
| 138 | #define IS_EOF(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_EOF) | ||
| 139 | #define IS_ESC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ESC) | ||
| 140 | #define IS_NUMBER(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_NUMBER) | ||
| 141 | #define IS_WS(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_WS) | ||
| 142 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC) | ||
| 143 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\ | ||
| 144 | (KEYTYPES(c)[(a)&0xff]&CONF_ALPHA_NUMERIC_PUNCT) | ||
| 145 | #define IS_QUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_QUOTE) | ||
| 146 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_DQUOTE) | ||
| 147 | #define IS_HIGHBIT(c,a) (KEYTYPES(c)[(a)&0xff]&CONF_HIGHBIT) | ||
| 42 | 148 | ||
| 43 | #define IS_COMMENT(a) (CONF_COMMENT&(CONF_type[(a)&0x7f])) | 149 | #else /*CHARSET_EBCDIC*/ |
| 44 | #define IS_EOF(a) ((a) == '\\0') | 150 | |
| 45 | #define IS_ESC(a) ((a) == '\\\\') | 151 | #define IS_COMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_COMMENT) |
| 46 | #define IS_NUMER(a) (CONF_type[(a)&0x7f]&CONF_NUMBER) | 152 | #define IS_FCOMMENT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_FCOMMENT) |
| 47 | #define IS_WS(a) (CONF_type[(a)&0x7f]&CONF_WS) | 153 | #define IS_EOF(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_EOF) |
| 48 | #define IS_ALPHA_NUMERIC(a) (CONF_type[(a)&0x7f]&CONF_ALPHA_NUMERIC) | 154 | #define IS_ESC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ESC) |
| 49 | #define IS_QUOTE(a) (CONF_type[(a)&0x7f]&CONF_QUOTE) | 155 | #define IS_NUMBER(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_NUMBER) |
| 156 | #define IS_WS(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_WS) | ||
| 157 | #define IS_ALPHA_NUMERIC(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC) | ||
| 158 | #define IS_ALPHA_NUMERIC_PUNCT(c,a) \\ | ||
| 159 | (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_ALPHA_NUMERIC_PUNCT) | ||
| 160 | #define IS_QUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_QUOTE) | ||
| 161 | #define IS_DQUOTE(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_DQUOTE) | ||
| 162 | #define IS_HIGHBIT(c,a) (KEYTYPES(c)[os_toascii[a]&0xff]&CONF_HIGHBIT) | ||
| 163 | #endif /*CHARSET_EBCDIC*/ | ||
| 50 | 164 | ||
| 51 | EOF | 165 | EOF |
| 52 | 166 | ||
| 53 | print "static unsigned short CONF_type[128]={"; | 167 | print "static unsigned short CONF_type_default[256]={"; |
| 168 | |||
| 169 | for ($i=0; $i<256; $i++) | ||
| 170 | { | ||
| 171 | print "\n\t" if ($i % 8) == 0; | ||
| 172 | printf "0x%04X,",$V_def[$i]; | ||
| 173 | } | ||
| 174 | |||
| 175 | print "\n\t};\n\n"; | ||
| 176 | |||
| 177 | print "static unsigned short CONF_type_win32[256]={"; | ||
| 54 | 178 | ||
| 55 | for ($i=0; $i<128; $i++) | 179 | for ($i=0; $i<256; $i++) |
| 56 | { | 180 | { |
| 57 | print "\n\t" if ($i % 8) == 0; | 181 | print "\n\t" if ($i % 8) == 0; |
| 58 | printf "0x%03X,",$V[$i]; | 182 | printf "0x%04X,",$V_w32[$i]; |
| 59 | } | 183 | } |
| 60 | 184 | ||
| 61 | print "\n\t};\n"; | 185 | print "\n\t};\n\n"; |
diff --git a/src/lib/libcrypto/cpt_err.c b/src/lib/libcrypto/cpt_err.c index ea3c135d39..1b4a1cb4d4 100644 --- a/src/lib/libcrypto/cpt_err.c +++ b/src/lib/libcrypto/cpt_err.c | |||
| @@ -1,85 +1,101 @@ | |||
| 1 | /* lib/crypto/crypto_err.c */ | 1 | /* crypto/cpt_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 54 | */ | ||
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 57 | */ | 59 | */ |
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "crypto.h" | 63 | #include <openssl/crypto.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA CRYPTO_str_functs[]= | 67 | static ERR_STRING_DATA CRYPTO_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, | 69 | {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,0), "CRYPTO_get_ex_new_index"}, |
| 70 | {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,0), "CRYPTO_get_new_dynlockid"}, | ||
| 67 | {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, | 71 | {ERR_PACK(0,CRYPTO_F_CRYPTO_GET_NEW_LOCKID,0), "CRYPTO_get_new_lockid"}, |
| 68 | {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, | 72 | {ERR_PACK(0,CRYPTO_F_CRYPTO_SET_EX_DATA,0), "CRYPTO_set_ex_data"}, |
| 69 | {0,NULL}, | 73 | {ERR_PACK(0,CRYPTO_F_DEF_ADD_INDEX,0), "DEF_ADD_INDEX"}, |
| 74 | {ERR_PACK(0,CRYPTO_F_DEF_GET_CLASS,0), "DEF_GET_CLASS"}, | ||
| 75 | {ERR_PACK(0,CRYPTO_F_INT_DUP_EX_DATA,0), "INT_DUP_EX_DATA"}, | ||
| 76 | {ERR_PACK(0,CRYPTO_F_INT_FREE_EX_DATA,0), "INT_FREE_EX_DATA"}, | ||
| 77 | {ERR_PACK(0,CRYPTO_F_INT_NEW_EX_DATA,0), "INT_NEW_EX_DATA"}, | ||
| 78 | {0,NULL} | ||
| 79 | }; | ||
| 80 | |||
| 81 | static ERR_STRING_DATA CRYPTO_str_reasons[]= | ||
| 82 | { | ||
| 83 | {CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK ,"no dynlock create callback"}, | ||
| 84 | {0,NULL} | ||
| 70 | }; | 85 | }; |
| 71 | 86 | ||
| 72 | #endif | 87 | #endif |
| 73 | 88 | ||
| 74 | void ERR_load_CRYPTO_strings() | 89 | void ERR_load_CRYPTO_strings(void) |
| 75 | { | 90 | { |
| 76 | static int init=1; | 91 | static int init=1; |
| 77 | 92 | ||
| 78 | if (init); | 93 | if (init) |
| 79 | {; | 94 | { |
| 80 | init=0; | 95 | init=0; |
| 81 | #ifndef NO_ERR | 96 | #ifndef OPENSSL_NO_ERR |
| 82 | ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); | 97 | ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_functs); |
| 98 | ERR_load_strings(ERR_LIB_CRYPTO,CRYPTO_str_reasons); | ||
| 83 | #endif | 99 | #endif |
| 84 | 100 | ||
| 85 | } | 101 | } |
diff --git a/src/lib/libcrypto/cryptlib.c b/src/lib/libcrypto/cryptlib.c index 9a7e80b7f8..612b3b93b4 100644 --- a/src/lib/libcrypto/cryptlib.c +++ b/src/lib/libcrypto/cryptlib.c | |||
| @@ -59,19 +59,22 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "crypto.h" | 62 | #include <openssl/crypto.h> |
| 63 | #include "date.h" | 63 | #include <openssl/safestack.h> |
| 64 | 64 | ||
| 65 | #if defined(WIN32) || defined(WIN16) | 65 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) |
| 66 | static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ | 66 | static double SSLeay_MSVC5_hack=0.0; /* and for VC1.5 */ |
| 67 | #endif | 67 | #endif |
| 68 | 68 | ||
| 69 | DECLARE_STACK_OF(CRYPTO_dynlock) | ||
| 70 | IMPLEMENT_STACK_OF(CRYPTO_dynlock) | ||
| 71 | |||
| 69 | /* real #defines in crypto.h, keep these upto date */ | 72 | /* real #defines in crypto.h, keep these upto date */ |
| 70 | static char* lock_names[CRYPTO_NUM_LOCKS] = | 73 | static const char* lock_names[CRYPTO_NUM_LOCKS] = |
| 71 | { | 74 | { |
| 72 | "<<ERROR>>", | 75 | "<<ERROR>>", |
| 73 | "err", | 76 | "err", |
| 74 | "err_hash", | 77 | "ex_data", |
| 75 | "x509", | 78 | "x509", |
| 76 | "x509_info", | 79 | "x509_info", |
| 77 | "x509_pkey", | 80 | "x509_pkey", |
| @@ -84,100 +87,283 @@ static char* lock_names[CRYPTO_NUM_LOCKS] = | |||
| 84 | "ssl_ctx", | 87 | "ssl_ctx", |
| 85 | "ssl_cert", | 88 | "ssl_cert", |
| 86 | "ssl_session", | 89 | "ssl_session", |
| 90 | "ssl_sess_cert", | ||
| 87 | "ssl", | 91 | "ssl", |
| 88 | "rand", | 92 | "rand", |
| 93 | "rand2", | ||
| 89 | "debug_malloc", | 94 | "debug_malloc", |
| 90 | "BIO", | 95 | "BIO", |
| 91 | "bio_gethostbyname", | 96 | "gethostbyname", |
| 97 | "getservbyname", | ||
| 98 | "readdir", | ||
| 92 | "RSA_blinding", | 99 | "RSA_blinding", |
| 100 | "dh", | ||
| 101 | "debug_malloc2", | ||
| 102 | "dso", | ||
| 103 | "dynlock", | ||
| 104 | "engine", | ||
| 105 | "ui", | ||
| 106 | #if CRYPTO_NUM_LOCKS != 31 | ||
| 107 | # error "Inconsistency between crypto.h and cryptlib.c" | ||
| 108 | #endif | ||
| 93 | }; | 109 | }; |
| 94 | 110 | ||
| 111 | /* This is for applications to allocate new type names in the non-dynamic | ||
| 112 | array of lock names. These are numbered with positive numbers. */ | ||
| 95 | static STACK *app_locks=NULL; | 113 | static STACK *app_locks=NULL; |
| 96 | 114 | ||
| 97 | #ifndef NOPROTO | 115 | /* For applications that want a more dynamic way of handling threads, the |
| 116 | following stack is used. These are externally numbered with negative | ||
| 117 | numbers. */ | ||
| 118 | static STACK_OF(CRYPTO_dynlock) *dyn_locks=NULL; | ||
| 119 | |||
| 120 | |||
| 98 | static void (MS_FAR *locking_callback)(int mode,int type, | 121 | static void (MS_FAR *locking_callback)(int mode,int type, |
| 99 | char *file,int line)=NULL; | 122 | const char *file,int line)=NULL; |
| 100 | static int (MS_FAR *add_lock_callback)(int *pointer,int amount, | 123 | static int (MS_FAR *add_lock_callback)(int *pointer,int amount, |
| 101 | int type,char *file,int line)=NULL; | 124 | int type,const char *file,int line)=NULL; |
| 102 | static unsigned long (MS_FAR *id_callback)(void)=NULL; | 125 | static unsigned long (MS_FAR *id_callback)(void)=NULL; |
| 103 | #else | 126 | static struct CRYPTO_dynlock_value *(MS_FAR *dynlock_create_callback) |
| 104 | static void (MS_FAR *locking_callback)()=NULL; | 127 | (const char *file,int line)=NULL; |
| 105 | static int (MS_FAR *add_lock_callback)()=NULL; | 128 | static void (MS_FAR *dynlock_lock_callback)(int mode, |
| 106 | static unsigned long (MS_FAR *id_callback)()=NULL; | 129 | struct CRYPTO_dynlock_value *l, const char *file,int line)=NULL; |
| 107 | #endif | 130 | static void (MS_FAR *dynlock_destroy_callback)(struct CRYPTO_dynlock_value *l, |
| 131 | const char *file,int line)=NULL; | ||
| 108 | 132 | ||
| 109 | int CRYPTO_get_new_lockid(name) | 133 | int CRYPTO_get_new_lockid(char *name) |
| 110 | char *name; | ||
| 111 | { | 134 | { |
| 112 | char *str; | 135 | char *str; |
| 113 | int i; | 136 | int i; |
| 114 | 137 | ||
| 138 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) | ||
| 115 | /* A hack to make Visual C++ 5.0 work correctly when linking as | 139 | /* A hack to make Visual C++ 5.0 work correctly when linking as |
| 116 | * a DLL using /MT. Without this, the application cannot use | 140 | * a DLL using /MT. Without this, the application cannot use |
| 117 | * and floating point printf's. | 141 | * and floating point printf's. |
| 118 | * It also seems to be needed for Visual C 1.5 (win16) */ | 142 | * It also seems to be needed for Visual C 1.5 (win16) */ |
| 119 | #if defined(WIN32) || defined(WIN16) | ||
| 120 | SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; | 143 | SSLeay_MSVC5_hack=(double)name[0]*(double)name[1]; |
| 121 | #endif | 144 | #endif |
| 122 | 145 | ||
| 123 | if (app_locks == NULL) | 146 | if ((app_locks == NULL) && ((app_locks=sk_new_null()) == NULL)) |
| 124 | if ((app_locks=sk_new_null()) == NULL) | 147 | { |
| 125 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); | 148 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); |
| 126 | return(0); | 149 | return(0); |
| 150 | } | ||
| 127 | if ((str=BUF_strdup(name)) == NULL) | 151 | if ((str=BUF_strdup(name)) == NULL) |
| 152 | { | ||
| 153 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_LOCKID,ERR_R_MALLOC_FAILURE); | ||
| 128 | return(0); | 154 | return(0); |
| 155 | } | ||
| 129 | i=sk_push(app_locks,str); | 156 | i=sk_push(app_locks,str); |
| 130 | if (!i) | 157 | if (!i) |
| 131 | Free(str); | 158 | OPENSSL_free(str); |
| 132 | else | 159 | else |
| 133 | i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ | 160 | i+=CRYPTO_NUM_LOCKS; /* gap of one :-) */ |
| 134 | return(i); | 161 | return(i); |
| 135 | } | 162 | } |
| 136 | 163 | ||
| 137 | void (*CRYPTO_get_locking_callback(P_V))(P_I_I_P_I) | 164 | int CRYPTO_num_locks(void) |
| 165 | { | ||
| 166 | return CRYPTO_NUM_LOCKS; | ||
| 167 | } | ||
| 168 | |||
| 169 | int CRYPTO_get_new_dynlockid(void) | ||
| 170 | { | ||
| 171 | int i = 0; | ||
| 172 | CRYPTO_dynlock *pointer = NULL; | ||
| 173 | |||
| 174 | if (dynlock_create_callback == NULL) | ||
| 175 | { | ||
| 176 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK); | ||
| 177 | return(0); | ||
| 178 | } | ||
| 179 | CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); | ||
| 180 | if ((dyn_locks == NULL) | ||
| 181 | && ((dyn_locks=sk_CRYPTO_dynlock_new_null()) == NULL)) | ||
| 182 | { | ||
| 183 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 184 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); | ||
| 185 | return(0); | ||
| 186 | } | ||
| 187 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 188 | |||
| 189 | pointer = (CRYPTO_dynlock *)OPENSSL_malloc(sizeof(CRYPTO_dynlock)); | ||
| 190 | if (pointer == NULL) | ||
| 191 | { | ||
| 192 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); | ||
| 193 | return(0); | ||
| 194 | } | ||
| 195 | pointer->references = 1; | ||
| 196 | pointer->data = dynlock_create_callback(__FILE__,__LINE__); | ||
| 197 | if (pointer->data == NULL) | ||
| 198 | { | ||
| 199 | OPENSSL_free(pointer); | ||
| 200 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID,ERR_R_MALLOC_FAILURE); | ||
| 201 | return(0); | ||
| 202 | } | ||
| 203 | |||
| 204 | CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); | ||
| 205 | /* First, try to find an existing empty slot */ | ||
| 206 | i=sk_CRYPTO_dynlock_find(dyn_locks,NULL); | ||
| 207 | /* If there was none, push, thereby creating a new one */ | ||
| 208 | if (i == -1) | ||
| 209 | i=sk_CRYPTO_dynlock_push(dyn_locks,pointer); | ||
| 210 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 211 | |||
| 212 | if (!i) | ||
| 213 | { | ||
| 214 | dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); | ||
| 215 | OPENSSL_free(pointer); | ||
| 216 | } | ||
| 217 | else | ||
| 218 | i += 1; /* to avoid 0 */ | ||
| 219 | return -i; | ||
| 220 | } | ||
| 221 | |||
| 222 | void CRYPTO_destroy_dynlockid(int i) | ||
| 223 | { | ||
| 224 | CRYPTO_dynlock *pointer = NULL; | ||
| 225 | if (i) | ||
| 226 | i = -i-1; | ||
| 227 | if (dynlock_destroy_callback == NULL) | ||
| 228 | return; | ||
| 229 | |||
| 230 | CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); | ||
| 231 | |||
| 232 | if (dyn_locks == NULL || i >= sk_CRYPTO_dynlock_num(dyn_locks)) | ||
| 233 | { | ||
| 234 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 235 | return; | ||
| 236 | } | ||
| 237 | pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); | ||
| 238 | if (pointer != NULL) | ||
| 239 | { | ||
| 240 | --pointer->references; | ||
| 241 | #ifdef REF_CHECK | ||
| 242 | if (pointer->references < 0) | ||
| 243 | { | ||
| 244 | fprintf(stderr,"CRYPTO_destroy_dynlockid, bad reference count\n"); | ||
| 245 | abort(); | ||
| 246 | } | ||
| 247 | else | ||
| 248 | #endif | ||
| 249 | if (pointer->references <= 0) | ||
| 250 | { | ||
| 251 | sk_CRYPTO_dynlock_set(dyn_locks, i, NULL); | ||
| 252 | } | ||
| 253 | else | ||
| 254 | pointer = NULL; | ||
| 255 | } | ||
| 256 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 257 | |||
| 258 | if (pointer) | ||
| 259 | { | ||
| 260 | dynlock_destroy_callback(pointer->data,__FILE__,__LINE__); | ||
| 261 | OPENSSL_free(pointer); | ||
| 262 | } | ||
| 263 | } | ||
| 264 | |||
| 265 | struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i) | ||
| 266 | { | ||
| 267 | CRYPTO_dynlock *pointer = NULL; | ||
| 268 | if (i) | ||
| 269 | i = -i-1; | ||
| 270 | |||
| 271 | CRYPTO_w_lock(CRYPTO_LOCK_DYNLOCK); | ||
| 272 | |||
| 273 | if (dyn_locks != NULL && i < sk_CRYPTO_dynlock_num(dyn_locks)) | ||
| 274 | pointer = sk_CRYPTO_dynlock_value(dyn_locks, i); | ||
| 275 | if (pointer) | ||
| 276 | pointer->references++; | ||
| 277 | |||
| 278 | CRYPTO_w_unlock(CRYPTO_LOCK_DYNLOCK); | ||
| 279 | |||
| 280 | if (pointer) | ||
| 281 | return pointer->data; | ||
| 282 | return NULL; | ||
| 283 | } | ||
| 284 | |||
| 285 | struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void)) | ||
| 286 | (const char *file,int line) | ||
| 287 | { | ||
| 288 | return(dynlock_create_callback); | ||
| 289 | } | ||
| 290 | |||
| 291 | void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, | ||
| 292 | struct CRYPTO_dynlock_value *l, const char *file,int line) | ||
| 293 | { | ||
| 294 | return(dynlock_lock_callback); | ||
| 295 | } | ||
| 296 | |||
| 297 | void (*CRYPTO_get_dynlock_destroy_callback(void)) | ||
| 298 | (struct CRYPTO_dynlock_value *l, const char *file,int line) | ||
| 299 | { | ||
| 300 | return(dynlock_destroy_callback); | ||
| 301 | } | ||
| 302 | |||
| 303 | void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*func) | ||
| 304 | (const char *file, int line)) | ||
| 305 | { | ||
| 306 | dynlock_create_callback=func; | ||
| 307 | } | ||
| 308 | |||
| 309 | void CRYPTO_set_dynlock_lock_callback(void (*func)(int mode, | ||
| 310 | struct CRYPTO_dynlock_value *l, const char *file, int line)) | ||
| 311 | { | ||
| 312 | dynlock_lock_callback=func; | ||
| 313 | } | ||
| 314 | |||
| 315 | void CRYPTO_set_dynlock_destroy_callback(void (*func) | ||
| 316 | (struct CRYPTO_dynlock_value *l, const char *file, int line)) | ||
| 317 | { | ||
| 318 | dynlock_destroy_callback=func; | ||
| 319 | } | ||
| 320 | |||
| 321 | |||
| 322 | void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, | ||
| 323 | int line) | ||
| 138 | { | 324 | { |
| 139 | return(locking_callback); | 325 | return(locking_callback); |
| 140 | } | 326 | } |
| 141 | 327 | ||
| 142 | int (*CRYPTO_get_add_lock_callback(P_V))(P_IP_I_I_P_I) | 328 | int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, |
| 329 | const char *file,int line) | ||
| 143 | { | 330 | { |
| 144 | return(add_lock_callback); | 331 | return(add_lock_callback); |
| 145 | } | 332 | } |
| 146 | 333 | ||
| 147 | void CRYPTO_set_locking_callback(func) | 334 | void CRYPTO_set_locking_callback(void (*func)(int mode,int type, |
| 148 | void (*func)(P_I_I_P_I); | 335 | const char *file,int line)) |
| 149 | { | 336 | { |
| 150 | locking_callback=func; | 337 | locking_callback=func; |
| 151 | } | 338 | } |
| 152 | 339 | ||
| 153 | void CRYPTO_set_add_lock_callback(func) | 340 | void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, |
| 154 | int (*func)(P_IP_I_I_P_I); | 341 | const char *file,int line)) |
| 155 | { | 342 | { |
| 156 | add_lock_callback=func; | 343 | add_lock_callback=func; |
| 157 | } | 344 | } |
| 158 | 345 | ||
| 159 | unsigned long (*CRYPTO_get_id_callback(P_V))(P_V) | 346 | unsigned long (*CRYPTO_get_id_callback(void))(void) |
| 160 | { | 347 | { |
| 161 | return(id_callback); | 348 | return(id_callback); |
| 162 | } | 349 | } |
| 163 | 350 | ||
| 164 | void CRYPTO_set_id_callback(func) | 351 | void CRYPTO_set_id_callback(unsigned long (*func)(void)) |
| 165 | unsigned long (*func)(P_V); | ||
| 166 | { | 352 | { |
| 167 | id_callback=func; | 353 | id_callback=func; |
| 168 | } | 354 | } |
| 169 | 355 | ||
| 170 | unsigned long CRYPTO_thread_id() | 356 | unsigned long CRYPTO_thread_id(void) |
| 171 | { | 357 | { |
| 172 | unsigned long ret=0; | 358 | unsigned long ret=0; |
| 173 | 359 | ||
| 174 | if (id_callback == NULL) | 360 | if (id_callback == NULL) |
| 175 | { | 361 | { |
| 176 | #ifdef WIN16 | 362 | #ifdef OPENSSL_SYS_WIN16 |
| 177 | ret=(unsigned long)GetCurrentTask(); | 363 | ret=(unsigned long)GetCurrentTask(); |
| 178 | #elif defined(WIN32) | 364 | #elif defined(OPENSSL_SYS_WIN32) |
| 179 | ret=(unsigned long)GetCurrentThreadId(); | 365 | ret=(unsigned long)GetCurrentThreadId(); |
| 180 | #elif defined(MSDOS) | 366 | #elif defined(GETPID_IS_MEANINGLESS) |
| 181 | ret=1L; | 367 | ret=1L; |
| 182 | #else | 368 | #else |
| 183 | ret=(unsigned long)getpid(); | 369 | ret=(unsigned long)getpid(); |
| @@ -188,11 +374,7 @@ unsigned long CRYPTO_thread_id() | |||
| 188 | return(ret); | 374 | return(ret); |
| 189 | } | 375 | } |
| 190 | 376 | ||
| 191 | void CRYPTO_lock(mode,type,file,line) | 377 | void CRYPTO_lock(int mode, int type, const char *file, int line) |
| 192 | int mode; | ||
| 193 | int type; | ||
| 194 | char *file; | ||
| 195 | int line; | ||
| 196 | { | 378 | { |
| 197 | #ifdef LOCK_DEBUG | 379 | #ifdef LOCK_DEBUG |
| 198 | { | 380 | { |
| @@ -217,18 +399,27 @@ int line; | |||
| 217 | CRYPTO_get_lock_name(type), file, line); | 399 | CRYPTO_get_lock_name(type), file, line); |
| 218 | } | 400 | } |
| 219 | #endif | 401 | #endif |
| 220 | if (locking_callback != NULL) | 402 | if (type < 0) |
| 221 | locking_callback(mode,type,file,line); | 403 | { |
| 404 | struct CRYPTO_dynlock_value *pointer | ||
| 405 | = CRYPTO_get_dynlock_value(type); | ||
| 406 | |||
| 407 | if (pointer && dynlock_lock_callback) | ||
| 408 | { | ||
| 409 | dynlock_lock_callback(mode, pointer, file, line); | ||
| 410 | } | ||
| 411 | |||
| 412 | CRYPTO_destroy_dynlockid(type); | ||
| 413 | } | ||
| 414 | else | ||
| 415 | if (locking_callback != NULL) | ||
| 416 | locking_callback(mode,type,file,line); | ||
| 222 | } | 417 | } |
| 223 | 418 | ||
| 224 | int CRYPTO_add_lock(pointer,amount,type,file,line) | 419 | int CRYPTO_add_lock(int *pointer, int amount, int type, const char *file, |
| 225 | int *pointer; | 420 | int line) |
| 226 | int amount; | ||
| 227 | int type; | ||
| 228 | char *file; | ||
| 229 | int line; | ||
| 230 | { | 421 | { |
| 231 | int ret; | 422 | int ret = 0; |
| 232 | 423 | ||
| 233 | if (add_lock_callback != NULL) | 424 | if (add_lock_callback != NULL) |
| 234 | { | 425 | { |
| @@ -244,7 +435,6 @@ int line; | |||
| 244 | CRYPTO_get_lock_name(type), | 435 | CRYPTO_get_lock_name(type), |
| 245 | file,line); | 436 | file,line); |
| 246 | #endif | 437 | #endif |
| 247 | *pointer=ret; | ||
| 248 | } | 438 | } |
| 249 | else | 439 | else |
| 250 | { | 440 | { |
| @@ -264,11 +454,10 @@ int line; | |||
| 264 | return(ret); | 454 | return(ret); |
| 265 | } | 455 | } |
| 266 | 456 | ||
| 267 | char *CRYPTO_get_lock_name(type) | 457 | const char *CRYPTO_get_lock_name(int type) |
| 268 | int type; | ||
| 269 | { | 458 | { |
| 270 | if (type < 0) | 459 | if (type < 0) |
| 271 | return("ERROR"); | 460 | return("dynamic"); |
| 272 | else if (type < CRYPTO_NUM_LOCKS) | 461 | else if (type < CRYPTO_NUM_LOCKS) |
| 273 | return(lock_names[type]); | 462 | return(lock_names[type]); |
| 274 | else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) | 463 | else if (type-CRYPTO_NUM_LOCKS >= sk_num(app_locks)) |
| @@ -278,15 +467,13 @@ int type; | |||
| 278 | } | 467 | } |
| 279 | 468 | ||
| 280 | #ifdef _DLL | 469 | #ifdef _DLL |
| 281 | #ifdef WIN32 | 470 | #ifdef OPENSSL_SYS_WIN32 |
| 282 | 471 | ||
| 283 | /* All we really need to do is remove the 'error' state when a thread | 472 | /* All we really need to do is remove the 'error' state when a thread |
| 284 | * detaches */ | 473 | * detaches */ |
| 285 | 474 | ||
| 286 | BOOL WINAPI DLLEntryPoint(hinstDLL,fdwReason,lpvReserved) | 475 | BOOL WINAPI DLLEntryPoint(HINSTANCE hinstDLL, DWORD fdwReason, |
| 287 | HINSTANCE hinstDLL; | 476 | LPVOID lpvReserved) |
| 288 | DWORD fdwReason; | ||
| 289 | LPVOID lpvReserved; | ||
| 290 | { | 477 | { |
| 291 | switch(fdwReason) | 478 | switch(fdwReason) |
| 292 | { | 479 | { |
diff --git a/src/lib/libcrypto/cryptlib.h b/src/lib/libcrypto/cryptlib.h index 32757c9efb..a0489e57fc 100644 --- a/src/lib/libcrypto/cryptlib.h +++ b/src/lib/libcrypto/cryptlib.h | |||
| @@ -62,33 +62,29 @@ | |||
| 62 | #include <stdlib.h> | 62 | #include <stdlib.h> |
| 63 | #include <string.h> | 63 | #include <string.h> |
| 64 | 64 | ||
| 65 | #include "e_os.h" | ||
| 66 | |||
| 67 | #include <openssl/crypto.h> | ||
| 68 | #include <openssl/buffer.h> | ||
| 69 | #include <openssl/bio.h> | ||
| 70 | #include <openssl/err.h> | ||
| 71 | #include <openssl/opensslconf.h> | ||
| 72 | |||
| 65 | #ifdef __cplusplus | 73 | #ifdef __cplusplus |
| 66 | extern "C" { | 74 | extern "C" { |
| 67 | #endif | 75 | #endif |
| 68 | 76 | ||
| 69 | /* #ifdef FLAT_INC */ | 77 | #ifndef OPENSSL_SYS_VMS |
| 70 | 78 | #define X509_CERT_AREA OPENSSLDIR | |
| 71 | #include "e_os.h" | 79 | #define X509_CERT_DIR OPENSSLDIR "/certs" |
| 72 | #include "crypto.h" | 80 | #define X509_CERT_FILE OPENSSLDIR "/cert.pem" |
| 73 | #include "buffer.h" | 81 | #define X509_PRIVATE_DIR OPENSSLDIR "/private" |
| 74 | #include "bio.h" | ||
| 75 | #include "err.h" | ||
| 76 | |||
| 77 | /* | ||
| 78 | #else | 82 | #else |
| 79 | 83 | #define X509_CERT_AREA "SSLROOT:[000000]" | |
| 80 | #include "../e_os.h" | 84 | #define X509_CERT_DIR "SSLCERTS:" |
| 81 | #include "crypto.h" | 85 | #define X509_CERT_FILE "SSLCERTS:cert.pem" |
| 82 | #include "buffer/buffer.h" | 86 | #define X509_PRIVATE_DIR "SSLPRIVATE:" |
| 83 | #include "bio/bio.h" | ||
| 84 | #include "err/err.h" | ||
| 85 | #endif | 87 | #endif |
| 86 | */ | ||
| 87 | |||
| 88 | #define X509_CERT_AREA "/etc/ssl" | ||
| 89 | #define X509_CERT_DIR "/etc/ssl/certs" | ||
| 90 | #define X509_CERT_FILE "/etc/ssl/cert.pem" | ||
| 91 | #define X509_PRIVATE_DIR "/etc/ssl/private" | ||
| 92 | 88 | ||
| 93 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" | 89 | #define X509_CERT_DIR_EVP "SSL_CERT_DIR" |
| 94 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" | 90 | #define X509_CERT_FILE_EVP "SSL_CERT_FILE" |
diff --git a/src/lib/libcrypto/crypto.h b/src/lib/libcrypto/crypto.h index 0a38b5b87c..fc6ff860af 100644 --- a/src/lib/libcrypto/crypto.h +++ b/src/lib/libcrypto/crypto.h | |||
| @@ -59,27 +59,45 @@ | |||
| 59 | #ifndef HEADER_CRYPTO_H | 59 | #ifndef HEADER_CRYPTO_H |
| 60 | #define HEADER_CRYPTO_H | 60 | #define HEADER_CRYPTO_H |
| 61 | 61 | ||
| 62 | #include <stdlib.h> | ||
| 63 | |||
| 64 | #ifndef OPENSSL_NO_FP_API | ||
| 65 | #include <stdio.h> | ||
| 66 | #endif | ||
| 67 | |||
| 68 | #include <openssl/stack.h> | ||
| 69 | #include <openssl/safestack.h> | ||
| 70 | #include <openssl/opensslv.h> | ||
| 71 | |||
| 72 | #ifdef CHARSET_EBCDIC | ||
| 73 | #include <openssl/ebcdic.h> | ||
| 74 | #endif | ||
| 75 | |||
| 76 | /* Resolve problems on some operating systems with symbol names that clash | ||
| 77 | one way or another */ | ||
| 78 | #include <openssl/symhacks.h> | ||
| 79 | |||
| 62 | #ifdef __cplusplus | 80 | #ifdef __cplusplus |
| 63 | extern "C" { | 81 | extern "C" { |
| 64 | #endif | 82 | #endif |
| 65 | 83 | ||
| 66 | #include "stack.h" | 84 | /* Backward compatibility to SSLeay */ |
| 67 | |||
| 68 | /* This is more to be used to check the correct DLL is being used | 85 | /* This is more to be used to check the correct DLL is being used |
| 69 | * in the MS world. */ | 86 | * in the MS world. */ |
| 70 | #define SSLEAY_VERSION_NUMBER 0x0902 /* Version 0.5.1c would be 0513 */ | 87 | #define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER |
| 71 | |||
| 72 | #define SSLEAY_VERSION 0 | 88 | #define SSLEAY_VERSION 0 |
| 73 | /* #define SSLEAY_OPTIONS 1 no longer supported */ | 89 | /* #define SSLEAY_OPTIONS 1 no longer supported */ |
| 74 | #define SSLEAY_CFLAGS 2 | 90 | #define SSLEAY_CFLAGS 2 |
| 75 | #define SSLEAY_BUILT_ON 3 | 91 | #define SSLEAY_BUILT_ON 3 |
| 92 | #define SSLEAY_PLATFORM 4 | ||
| 93 | #define SSLEAY_DIR 5 | ||
| 76 | 94 | ||
| 77 | /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock | 95 | /* When changing the CRYPTO_LOCK_* list, be sure to maintin the text lock |
| 78 | * names in cryptlib.c | 96 | * names in cryptlib.c |
| 79 | */ | 97 | */ |
| 80 | 98 | ||
| 81 | #define CRYPTO_LOCK_ERR 1 | 99 | #define CRYPTO_LOCK_ERR 1 |
| 82 | #define CRYPTO_LOCK_ERR_HASH 2 | 100 | #define CRYPTO_LOCK_EX_DATA 2 |
| 83 | #define CRYPTO_LOCK_X509 3 | 101 | #define CRYPTO_LOCK_X509 3 |
| 84 | #define CRYPTO_LOCK_X509_INFO 4 | 102 | #define CRYPTO_LOCK_X509_INFO 4 |
| 85 | #define CRYPTO_LOCK_X509_PKEY 5 | 103 | #define CRYPTO_LOCK_X509_PKEY 5 |
| @@ -92,19 +110,30 @@ extern "C" { | |||
| 92 | #define CRYPTO_LOCK_SSL_CTX 12 | 110 | #define CRYPTO_LOCK_SSL_CTX 12 |
| 93 | #define CRYPTO_LOCK_SSL_CERT 13 | 111 | #define CRYPTO_LOCK_SSL_CERT 13 |
| 94 | #define CRYPTO_LOCK_SSL_SESSION 14 | 112 | #define CRYPTO_LOCK_SSL_SESSION 14 |
| 95 | #define CRYPTO_LOCK_SSL 15 | 113 | #define CRYPTO_LOCK_SSL_SESS_CERT 15 |
| 96 | #define CRYPTO_LOCK_RAND 16 | 114 | #define CRYPTO_LOCK_SSL 16 |
| 97 | #define CRYPTO_LOCK_MALLOC 17 | 115 | #define CRYPTO_LOCK_RAND 17 |
| 98 | #define CRYPTO_LOCK_BIO 18 | 116 | #define CRYPTO_LOCK_RAND2 18 |
| 99 | #define CRYPTO_LOCK_BIO_GETHOSTBYNAME 19 | 117 | #define CRYPTO_LOCK_MALLOC 19 |
| 100 | #define CRYPTO_LOCK_RSA_BLINDING 20 | 118 | #define CRYPTO_LOCK_BIO 20 |
| 101 | #define CRYPTO_NUM_LOCKS 21 | 119 | #define CRYPTO_LOCK_GETHOSTBYNAME 21 |
| 120 | #define CRYPTO_LOCK_GETSERVBYNAME 22 | ||
| 121 | #define CRYPTO_LOCK_READDIR 23 | ||
| 122 | #define CRYPTO_LOCK_RSA_BLINDING 24 | ||
| 123 | #define CRYPTO_LOCK_DH 25 | ||
| 124 | #define CRYPTO_LOCK_MALLOC2 26 | ||
| 125 | #define CRYPTO_LOCK_DSO 27 | ||
| 126 | #define CRYPTO_LOCK_DYNLOCK 28 | ||
| 127 | #define CRYPTO_LOCK_ENGINE 29 | ||
| 128 | #define CRYPTO_LOCK_UI 30 | ||
| 129 | #define CRYPTO_NUM_LOCKS 31 | ||
| 102 | 130 | ||
| 103 | #define CRYPTO_LOCK 1 | 131 | #define CRYPTO_LOCK 1 |
| 104 | #define CRYPTO_UNLOCK 2 | 132 | #define CRYPTO_UNLOCK 2 |
| 105 | #define CRYPTO_READ 4 | 133 | #define CRYPTO_READ 4 |
| 106 | #define CRYPTO_WRITE 8 | 134 | #define CRYPTO_WRITE 8 |
| 107 | 135 | ||
| 136 | #ifndef OPENSSL_NO_LOCKING | ||
| 108 | #ifndef CRYPTO_w_lock | 137 | #ifndef CRYPTO_w_lock |
| 109 | #define CRYPTO_w_lock(type) \ | 138 | #define CRYPTO_w_lock(type) \ |
| 110 | CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) | 139 | CRYPTO_lock(CRYPTO_LOCK|CRYPTO_WRITE,type,__FILE__,__LINE__) |
| @@ -116,23 +145,44 @@ extern "C" { | |||
| 116 | CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) | 145 | CRYPTO_lock(CRYPTO_UNLOCK|CRYPTO_READ,type,__FILE__,__LINE__) |
| 117 | #define CRYPTO_add(addr,amount,type) \ | 146 | #define CRYPTO_add(addr,amount,type) \ |
| 118 | CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) | 147 | CRYPTO_add_lock(addr,amount,type,__FILE__,__LINE__) |
| 119 | 148 | #endif | |
| 149 | #else | ||
| 150 | #define CRYPTO_w_lock(a) | ||
| 151 | #define CRYPTO_w_unlock(a) | ||
| 152 | #define CRYPTO_r_lock(a) | ||
| 153 | #define CRYPTO_r_unlock(a) | ||
| 154 | #define CRYPTO_add(a,b,c) ((*(a))+=(b)) | ||
| 120 | #endif | 155 | #endif |
| 121 | 156 | ||
| 157 | /* Some applications as well as some parts of OpenSSL need to allocate | ||
| 158 | and deallocate locks in a dynamic fashion. The following typedef | ||
| 159 | makes this possible in a type-safe manner. */ | ||
| 160 | /* struct CRYPTO_dynlock_value has to be defined by the application. */ | ||
| 161 | typedef struct | ||
| 162 | { | ||
| 163 | int references; | ||
| 164 | struct CRYPTO_dynlock_value *data; | ||
| 165 | } CRYPTO_dynlock; | ||
| 166 | |||
| 167 | |||
| 122 | /* The following can be used to detect memory leaks in the SSLeay library. | 168 | /* The following can be used to detect memory leaks in the SSLeay library. |
| 123 | * It used, it turns on malloc checking */ | 169 | * It used, it turns on malloc checking */ |
| 124 | 170 | ||
| 125 | #define CRYPTO_MEM_CHECK_OFF 0x0 | 171 | #define CRYPTO_MEM_CHECK_OFF 0x0 /* an enume */ |
| 126 | #define CRYPTO_MEM_CHECK_ON 0x1 | 172 | #define CRYPTO_MEM_CHECK_ON 0x1 /* a bit */ |
| 173 | #define CRYPTO_MEM_CHECK_ENABLE 0x2 /* a bit */ | ||
| 174 | #define CRYPTO_MEM_CHECK_DISABLE 0x3 /* an enume */ | ||
| 175 | |||
| 176 | /* The following are bit values to turn on or off options connected to the | ||
| 177 | * malloc checking functionality */ | ||
| 178 | |||
| 179 | /* Adds time to the memory checking information */ | ||
| 180 | #define V_CRYPTO_MDEBUG_TIME 0x1 /* a bit */ | ||
| 181 | /* Adds thread number to the memory checking information */ | ||
| 182 | #define V_CRYPTO_MDEBUG_THREAD 0x2 /* a bit */ | ||
| 183 | |||
| 184 | #define V_CRYPTO_MDEBUG_ALL (V_CRYPTO_MDEBUG_TIME | V_CRYPTO_MDEBUG_THREAD) | ||
| 127 | 185 | ||
| 128 | /* | ||
| 129 | typedef struct crypto_mem_st | ||
| 130 | { | ||
| 131 | char *(*malloc_func)(); | ||
| 132 | char *(*realloc_func)(); | ||
| 133 | void (*free_func)(); | ||
| 134 | } CRYPTO_MEM_FUNC; | ||
| 135 | */ | ||
| 136 | 186 | ||
| 137 | /* predec of the BIO type */ | 187 | /* predec of the BIO type */ |
| 138 | typedef struct bio_st BIO_dummy; | 188 | typedef struct bio_st BIO_dummy; |
| @@ -143,24 +193,30 @@ typedef struct crypto_ex_data_st | |||
| 143 | int dummy; /* gcc is screwing up this data structure :-( */ | 193 | int dummy; /* gcc is screwing up this data structure :-( */ |
| 144 | } CRYPTO_EX_DATA; | 194 | } CRYPTO_EX_DATA; |
| 145 | 195 | ||
| 196 | /* Called when a new object is created */ | ||
| 197 | typedef int CRYPTO_EX_new(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 198 | int idx, long argl, void *argp); | ||
| 199 | /* Called when an object is free()ed */ | ||
| 200 | typedef void CRYPTO_EX_free(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | ||
| 201 | int idx, long argl, void *argp); | ||
| 202 | /* Called when we need to dup an object */ | ||
| 203 | typedef int CRYPTO_EX_dup(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 204 | int idx, long argl, void *argp); | ||
| 205 | |||
| 146 | /* This stuff is basically class callback functions | 206 | /* This stuff is basically class callback functions |
| 147 | * The current classes are SSL_CTX, SSL, SSL_SESION, and a few more */ | 207 | * The current classes are SSL_CTX, SSL, SSL_SESSION, and a few more */ |
| 208 | |||
| 148 | typedef struct crypto_ex_data_func_st | 209 | typedef struct crypto_ex_data_func_st |
| 149 | { | 210 | { |
| 150 | long argl; /* Arbitary long */ | 211 | long argl; /* Arbitary long */ |
| 151 | char *argp; /* Arbitary char * */ | 212 | void *argp; /* Arbitary void * */ |
| 152 | /* Called when a new object is created */ | 213 | CRYPTO_EX_new *new_func; |
| 153 | int (*new_func)(/*char *obj, | 214 | CRYPTO_EX_free *free_func; |
| 154 | char *item,int index,long argl,char *argp*/); | 215 | CRYPTO_EX_dup *dup_func; |
| 155 | /* Called when this object is free()ed */ | ||
| 156 | void (*free_func)(/*char *obj, | ||
| 157 | char *item,int index,long argl,char *argp*/); | ||
| 158 | |||
| 159 | /* Called when we need to dup this one */ | ||
| 160 | int (*dup_func)(/*char *obj_to,char *obj_from, | ||
| 161 | char **new,int index,long argl,char *argp*/); | ||
| 162 | } CRYPTO_EX_DATA_FUNCS; | 216 | } CRYPTO_EX_DATA_FUNCS; |
| 163 | 217 | ||
| 218 | DECLARE_STACK_OF(CRYPTO_EX_DATA_FUNCS) | ||
| 219 | |||
| 164 | /* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA | 220 | /* Per class, we have a STACK of CRYPTO_EX_DATA_FUNCS for each CRYPTO_EX_DATA |
| 165 | * entry. | 221 | * entry. |
| 166 | */ | 222 | */ |
| @@ -171,149 +227,225 @@ typedef struct crypto_ex_data_func_st | |||
| 171 | #define CRYPTO_EX_INDEX_SSL_SESSION 3 | 227 | #define CRYPTO_EX_INDEX_SSL_SESSION 3 |
| 172 | #define CRYPTO_EX_INDEX_X509_STORE 4 | 228 | #define CRYPTO_EX_INDEX_X509_STORE 4 |
| 173 | #define CRYPTO_EX_INDEX_X509_STORE_CTX 5 | 229 | #define CRYPTO_EX_INDEX_X509_STORE_CTX 5 |
| 230 | #define CRYPTO_EX_INDEX_RSA 6 | ||
| 231 | #define CRYPTO_EX_INDEX_DSA 7 | ||
| 232 | #define CRYPTO_EX_INDEX_DH 8 | ||
| 233 | #define CRYPTO_EX_INDEX_ENGINE 9 | ||
| 234 | #define CRYPTO_EX_INDEX_X509 10 | ||
| 235 | #define CRYPTO_EX_INDEX_UI 11 | ||
| 174 | 236 | ||
| 175 | /* Use this for win32 DLL's */ | 237 | /* Dynamically assigned indexes start from this value (don't use directly, use |
| 238 | * via CRYPTO_ex_data_new_class). */ | ||
| 239 | #define CRYPTO_EX_INDEX_USER 100 | ||
| 240 | |||
| 241 | |||
| 242 | /* This is the default callbacks, but we can have others as well: | ||
| 243 | * this is needed in Win32 where the application malloc and the | ||
| 244 | * library malloc may not be the same. | ||
| 245 | */ | ||
| 176 | #define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ | 246 | #define CRYPTO_malloc_init() CRYPTO_set_mem_functions(\ |
| 177 | (char *(*)())malloc,\ | 247 | malloc, realloc, free) |
| 178 | (char *(*)())realloc,\ | 248 | |
| 179 | (void (*)())free) | 249 | #if defined CRYPTO_MDEBUG_ALL || defined CRYPTO_MDEBUG_TIME || defined CRYPTO_MDEBUG_THREAD |
| 180 | 250 | # ifndef CRYPTO_MDEBUG /* avoid duplicate #define */ | |
| 181 | #ifdef CRYPTO_MDEBUG | 251 | # define CRYPTO_MDEBUG |
| 182 | #define Malloc(num) CRYPTO_dbg_malloc((int)num,__FILE__,__LINE__) | 252 | # endif |
| 183 | #define Realloc(addr,num) \ | ||
| 184 | CRYPTO_dbg_realloc((char *)addr,(int)num,__FILE__,__LINE__) | ||
| 185 | #define Remalloc(addr,num) \ | ||
| 186 | CRYPTO_dbg_remalloc((char **)addr,(int)num,__FILE__,__LINE__) | ||
| 187 | #define FreeFunc CRYPTO_dbg_free | ||
| 188 | #define Free(addr) CRYPTO_dbg_free((char *)(addr)) | ||
| 189 | #else | ||
| 190 | #define Remalloc CRYPTO_remalloc | ||
| 191 | #if defined(WIN32) || defined(MFUNC) | ||
| 192 | #define Malloc CRYPTO_malloc | ||
| 193 | #define Realloc(a,n) CRYPTO_realloc((char *)(a),(n)) | ||
| 194 | #define FreeFunc CRYPTO_free | ||
| 195 | #define Free(addr) CRYPTO_free((char *)(addr)) | ||
| 196 | #else | ||
| 197 | #define Malloc malloc | ||
| 198 | #define Realloc realloc | ||
| 199 | #define FreeFunc free | ||
| 200 | #define Free(addr) free((char *)(addr)) | ||
| 201 | #endif /* WIN32 || MFUNC */ | ||
| 202 | #endif /* MDEBUG */ | ||
| 203 | |||
| 204 | /* Case insensiteve linking causes problems.... */ | ||
| 205 | #ifdef WIN16 | ||
| 206 | #define ERR_load_CRYPTO_strings ERR_load_CRYPTOlib_strings | ||
| 207 | #endif | 253 | #endif |
| 208 | 254 | ||
| 209 | #ifndef NOPROTO | 255 | /* Set standard debugging functions (not done by default |
| 256 | * unless CRYPTO_MDEBUG is defined) */ | ||
| 257 | #define CRYPTO_malloc_debug_init() do {\ | ||
| 258 | CRYPTO_set_mem_debug_functions(\ | ||
| 259 | CRYPTO_dbg_malloc,\ | ||
| 260 | CRYPTO_dbg_realloc,\ | ||
| 261 | CRYPTO_dbg_free,\ | ||
| 262 | CRYPTO_dbg_set_options,\ | ||
| 263 | CRYPTO_dbg_get_options);\ | ||
| 264 | } while(0) | ||
| 265 | |||
| 266 | int CRYPTO_mem_ctrl(int mode); | ||
| 267 | int CRYPTO_is_mem_check_on(void); | ||
| 268 | |||
| 269 | /* for applications */ | ||
| 270 | #define MemCheck_start() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON) | ||
| 271 | #define MemCheck_stop() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_OFF) | ||
| 272 | |||
| 273 | /* for library-internal use */ | ||
| 274 | #define MemCheck_on() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ENABLE) | ||
| 275 | #define MemCheck_off() CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_DISABLE) | ||
| 276 | #define is_MemCheck_on() CRYPTO_is_mem_check_on() | ||
| 210 | 277 | ||
| 211 | char *SSLeay_version(int type); | 278 | #define OPENSSL_malloc(num) CRYPTO_malloc((int)num,__FILE__,__LINE__) |
| 279 | #define OPENSSL_realloc(addr,num) \ | ||
| 280 | CRYPTO_realloc((char *)addr,(int)num,__FILE__,__LINE__) | ||
| 281 | #define OPENSSL_remalloc(addr,num) \ | ||
| 282 | CRYPTO_remalloc((char **)addr,(int)num,__FILE__,__LINE__) | ||
| 283 | #define OPENSSL_freeFunc CRYPTO_free | ||
| 284 | #define OPENSSL_free(addr) CRYPTO_free(addr) | ||
| 285 | |||
| 286 | #define OPENSSL_malloc_locked(num) \ | ||
| 287 | CRYPTO_malloc_locked((int)num,__FILE__,__LINE__) | ||
| 288 | #define OPENSSL_free_locked(addr) CRYPTO_free_locked(addr) | ||
| 289 | |||
| 290 | |||
| 291 | const char *SSLeay_version(int type); | ||
| 212 | unsigned long SSLeay(void); | 292 | unsigned long SSLeay(void); |
| 213 | 293 | ||
| 214 | int CRYPTO_get_ex_new_index(int idx,STACK **sk,long argl,char *argp, | 294 | int OPENSSL_issetugid(void); |
| 215 | int (*new_func)(),int (*dup_func)(),void (*free_func)()); | 295 | |
| 216 | int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad,int idx,char *val); | 296 | /* An opaque type representing an implementation of "ex_data" support */ |
| 217 | char *CRYPTO_get_ex_data(CRYPTO_EX_DATA *ad,int idx); | 297 | typedef struct st_CRYPTO_EX_DATA_IMPL CRYPTO_EX_DATA_IMPL; |
| 218 | int CRYPTO_dup_ex_data(STACK *meth,CRYPTO_EX_DATA *from,CRYPTO_EX_DATA *to); | 298 | /* Return an opaque pointer to the current "ex_data" implementation */ |
| 219 | void CRYPTO_free_ex_data(STACK *meth,char *obj,CRYPTO_EX_DATA *ad); | 299 | const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void); |
| 220 | void CRYPTO_new_ex_data(STACK *meth, char *obj, CRYPTO_EX_DATA *ad); | 300 | /* Sets the "ex_data" implementation to be used (if it's not too late) */ |
| 301 | int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i); | ||
| 302 | /* Get a new "ex_data" class, and return the corresponding "class_index" */ | ||
| 303 | int CRYPTO_ex_data_new_class(void); | ||
| 304 | /* Within a given class, get/register a new index */ | ||
| 305 | int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, | ||
| 306 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 307 | CRYPTO_EX_free *free_func); | ||
| 308 | /* Initialise/duplicate/free CRYPTO_EX_DATA variables corresponding to a given | ||
| 309 | * class (invokes whatever per-class callbacks are applicable) */ | ||
| 310 | int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); | ||
| 311 | int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, | ||
| 312 | CRYPTO_EX_DATA *from); | ||
| 313 | void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad); | ||
| 314 | /* Get/set data in a CRYPTO_EX_DATA variable corresponding to a particular index | ||
| 315 | * (relative to the class type involved) */ | ||
| 316 | int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val); | ||
| 317 | void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad,int idx); | ||
| 318 | /* This function cleans up all "ex_data" state. It mustn't be called under | ||
| 319 | * potential race-conditions. */ | ||
| 320 | void CRYPTO_cleanup_all_ex_data(void); | ||
| 221 | 321 | ||
| 222 | int CRYPTO_mem_ctrl(int mode); | ||
| 223 | int CRYPTO_get_new_lockid(char *name); | 322 | int CRYPTO_get_new_lockid(char *name); |
| 224 | void CRYPTO_lock(int mode, int type,char *file,int line); | 323 | |
| 225 | void CRYPTO_set_locking_callback(void (*func)(int mode,int type,char *file, | 324 | int CRYPTO_num_locks(void); /* return CRYPTO_NUM_LOCKS (shared libs!) */ |
| 226 | int line)); | 325 | void CRYPTO_lock(int mode, int type,const char *file,int line); |
| 227 | void (*CRYPTO_get_locking_callback(void))(int mode,int type,char *file, | 326 | void CRYPTO_set_locking_callback(void (*func)(int mode,int type, |
| 327 | const char *file,int line)); | ||
| 328 | void (*CRYPTO_get_locking_callback(void))(int mode,int type,const char *file, | ||
| 228 | int line); | 329 | int line); |
| 229 | void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount, | 330 | void CRYPTO_set_add_lock_callback(int (*func)(int *num,int mount,int type, |
| 230 | int type,char *file, int line)); | 331 | const char *file, int line)); |
| 231 | int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount, | 332 | int (*CRYPTO_get_add_lock_callback(void))(int *num,int mount,int type, |
| 232 | int type,char *file,int line); | 333 | const char *file,int line); |
| 233 | void CRYPTO_set_id_callback(unsigned long (*func)(void)); | 334 | void CRYPTO_set_id_callback(unsigned long (*func)(void)); |
| 234 | unsigned long (*CRYPTO_get_id_callback(void))(void); | 335 | unsigned long (*CRYPTO_get_id_callback(void))(void); |
| 235 | unsigned long CRYPTO_thread_id(void); | 336 | unsigned long CRYPTO_thread_id(void); |
| 236 | char *CRYPTO_get_lock_name(int type); | 337 | const char *CRYPTO_get_lock_name(int type); |
| 237 | int CRYPTO_add_lock(int *pointer,int amount,int type, char *file,int line); | 338 | int CRYPTO_add_lock(int *pointer,int amount,int type, const char *file, |
| 238 | 339 | int line); | |
| 239 | void CRYPTO_set_mem_functions(char *(*m)(),char *(*r)(), void (*free_func)()); | 340 | |
| 240 | void CRYPTO_get_mem_functions(char *(**m)(),char *(**r)(), void (**f)()); | 341 | int CRYPTO_get_new_dynlockid(void); |
| 241 | 342 | void CRYPTO_destroy_dynlockid(int i); | |
| 242 | char *CRYPTO_malloc(int num); | 343 | struct CRYPTO_dynlock_value *CRYPTO_get_dynlock_value(int i); |
| 243 | char *CRYPTO_realloc(char *addr,int num); | 344 | void CRYPTO_set_dynlock_create_callback(struct CRYPTO_dynlock_value *(*dyn_create_function)(const char *file, int line)); |
| 244 | void CRYPTO_free(char *); | 345 | void CRYPTO_set_dynlock_lock_callback(void (*dyn_lock_function)(int mode, struct CRYPTO_dynlock_value *l, const char *file, int line)); |
| 245 | char *CRYPTO_remalloc(char *addr,int num); | 346 | void CRYPTO_set_dynlock_destroy_callback(void (*dyn_destroy_function)(struct CRYPTO_dynlock_value *l, const char *file, int line)); |
| 246 | 347 | struct CRYPTO_dynlock_value *(*CRYPTO_get_dynlock_create_callback(void))(const char *file,int line); | |
| 247 | char *CRYPTO_dbg_malloc(int num,char *file,int line); | 348 | void (*CRYPTO_get_dynlock_lock_callback(void))(int mode, struct CRYPTO_dynlock_value *l, const char *file,int line); |
| 248 | char *CRYPTO_dbg_realloc(char *addr,int num,char *file,int line); | 349 | void (*CRYPTO_get_dynlock_destroy_callback(void))(struct CRYPTO_dynlock_value *l, const char *file,int line); |
| 249 | void CRYPTO_dbg_free(char *); | 350 | |
| 250 | char *CRYPTO_dbg_remalloc(char *addr,int num,char *file,int line); | 351 | /* CRYPTO_set_mem_functions includes CRYPTO_set_locked_mem_functions -- |
| 251 | #ifndef NO_FP_API | 352 | * call the latter last if you need different functions */ |
| 353 | int CRYPTO_set_mem_functions(void *(*m)(size_t),void *(*r)(void *,size_t), void (*f)(void *)); | ||
| 354 | int CRYPTO_set_locked_mem_functions(void *(*m)(size_t), void (*free_func)(void *)); | ||
| 355 | int CRYPTO_set_mem_ex_functions(void *(*m)(size_t,const char *,int), | ||
| 356 | void *(*r)(void *,size_t,const char *,int), | ||
| 357 | void (*f)(void *)); | ||
| 358 | int CRYPTO_set_locked_mem_ex_functions(void *(*m)(size_t,const char *,int), | ||
| 359 | void (*free_func)(void *)); | ||
| 360 | int CRYPTO_set_mem_debug_functions(void (*m)(void *,int,const char *,int,int), | ||
| 361 | void (*r)(void *,void *,int,const char *,int,int), | ||
| 362 | void (*f)(void *,int), | ||
| 363 | void (*so)(long), | ||
| 364 | long (*go)(void)); | ||
| 365 | void CRYPTO_get_mem_functions(void *(**m)(size_t),void *(**r)(void *, size_t), void (**f)(void *)); | ||
| 366 | void CRYPTO_get_locked_mem_functions(void *(**m)(size_t), void (**f)(void *)); | ||
| 367 | void CRYPTO_get_mem_ex_functions(void *(**m)(size_t,const char *,int), | ||
| 368 | void *(**r)(void *, size_t,const char *,int), | ||
| 369 | void (**f)(void *)); | ||
| 370 | void CRYPTO_get_locked_mem_ex_functions(void *(**m)(size_t,const char *,int), | ||
| 371 | void (**f)(void *)); | ||
| 372 | void CRYPTO_get_mem_debug_functions(void (**m)(void *,int,const char *,int,int), | ||
| 373 | void (**r)(void *,void *,int,const char *,int,int), | ||
| 374 | void (**f)(void *,int), | ||
| 375 | void (**so)(long), | ||
| 376 | long (**go)(void)); | ||
| 377 | |||
| 378 | void *CRYPTO_malloc_locked(int num, const char *file, int line); | ||
| 379 | void CRYPTO_free_locked(void *); | ||
| 380 | void *CRYPTO_malloc(int num, const char *file, int line); | ||
| 381 | void CRYPTO_free(void *); | ||
| 382 | void *CRYPTO_realloc(void *addr,int num, const char *file, int line); | ||
| 383 | void *CRYPTO_remalloc(void *addr,int num, const char *file, int line); | ||
| 384 | |||
| 385 | void CRYPTO_set_mem_debug_options(long bits); | ||
| 386 | long CRYPTO_get_mem_debug_options(void); | ||
| 387 | |||
| 388 | #define CRYPTO_push_info(info) \ | ||
| 389 | CRYPTO_push_info_(info, __FILE__, __LINE__); | ||
| 390 | int CRYPTO_push_info_(const char *info, const char *file, int line); | ||
| 391 | int CRYPTO_pop_info(void); | ||
| 392 | int CRYPTO_remove_all_info(void); | ||
| 393 | |||
| 394 | |||
| 395 | /* Default debugging functions (enabled by CRYPTO_malloc_debug_init() macro; | ||
| 396 | * used as default in CRYPTO_MDEBUG compilations): */ | ||
| 397 | /* The last argument has the following significance: | ||
| 398 | * | ||
| 399 | * 0: called before the actual memory allocation has taken place | ||
| 400 | * 1: called after the actual memory allocation has taken place | ||
| 401 | */ | ||
| 402 | void CRYPTO_dbg_malloc(void *addr,int num,const char *file,int line,int before_p); | ||
| 403 | void CRYPTO_dbg_realloc(void *addr1,void *addr2,int num,const char *file,int line,int before_p); | ||
| 404 | void CRYPTO_dbg_free(void *addr,int before_p); | ||
| 405 | /* Tell the debugging code about options. By default, the following values | ||
| 406 | * apply: | ||
| 407 | * | ||
| 408 | * 0: Clear all options. | ||
| 409 | * V_CRYPTO_MDEBUG_TIME (1): Set the "Show Time" option. | ||
| 410 | * V_CRYPTO_MDEBUG_THREAD (2): Set the "Show Thread Number" option. | ||
| 411 | * V_CRYPTO_MDEBUG_ALL (3): 1 + 2 | ||
| 412 | */ | ||
| 413 | void CRYPTO_dbg_set_options(long bits); | ||
| 414 | long CRYPTO_dbg_get_options(void); | ||
| 415 | |||
| 416 | |||
| 417 | #ifndef OPENSSL_NO_FP_API | ||
| 252 | void CRYPTO_mem_leaks_fp(FILE *); | 418 | void CRYPTO_mem_leaks_fp(FILE *); |
| 253 | #endif | 419 | #endif |
| 254 | void CRYPTO_mem_leaks(struct bio_st *bio); | 420 | void CRYPTO_mem_leaks(struct bio_st *bio); |
| 255 | /* unsigned long order, char *file, int line, int num_bytes, char *addr */ | 421 | /* unsigned long order, char *file, int line, int num_bytes, char *addr */ |
| 256 | void CRYPTO_mem_leaks_cb(void (*cb)()); | 422 | typedef void *CRYPTO_MEM_LEAK_CB(unsigned long, const char *, int, int, void *); |
| 257 | 423 | void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb); | |
| 258 | void ERR_load_CRYPTO_strings(void ); | ||
| 259 | |||
| 260 | #else | ||
| 261 | |||
| 262 | int CRYPTO_get_ex_new_index(); | ||
| 263 | int CRYPTO_set_ex_data(); | ||
| 264 | char *CRYPTO_get_ex_data(); | ||
| 265 | int CRYPTO_dup_ex_data(); | ||
| 266 | void CRYPTO_free_ex_data(); | ||
| 267 | void CRYPTO_new_ex_data(); | ||
| 268 | |||
| 269 | int CRYPTO_mem_ctrl(); | ||
| 270 | char *SSLeay_version(); | ||
| 271 | unsigned long SSLeay(); | ||
| 272 | |||
| 273 | int CRYPTO_get_new_lockid(); | ||
| 274 | void CRYPTO_lock(); | ||
| 275 | void CRYPTO_set_locking_callback(); | ||
| 276 | void (*CRYPTO_get_locking_callback())(); | ||
| 277 | void CRYPTO_set_add_lock_callback(); | ||
| 278 | int (*CRYPTO_get_add_lock_callback())(); | ||
| 279 | void CRYPTO_set_id_callback(); | ||
| 280 | unsigned long (*CRYPTO_get_id_callback())(); | ||
| 281 | unsigned long CRYPTO_thread_id(); | ||
| 282 | char *CRYPTO_get_lock_name(); | ||
| 283 | int CRYPTO_add_lock(); | ||
| 284 | |||
| 285 | void CRYPTO_set_mem_functions(); | ||
| 286 | void CRYPTO_get_mem_functions(); | ||
| 287 | char *CRYPTO_malloc(); | ||
| 288 | char *CRYPTO_realloc(); | ||
| 289 | void CRYPTO_free(); | ||
| 290 | char *CRYPTO_remalloc(); | ||
| 291 | char *CRYPTO_dbg_remalloc(); | ||
| 292 | char *CRYPTO_dbg_malloc(); | ||
| 293 | char *CRYPTO_dbg_realloc(); | ||
| 294 | void CRYPTO_dbg_free(); | ||
| 295 | #ifndef NO_FP_API | ||
| 296 | void CRYPTO_mem_leaks_fp(); | ||
| 297 | #endif | ||
| 298 | void CRYPTO_mem_leaks(); | ||
| 299 | void CRYPTO_mem_leaks_cb(); | ||
| 300 | 424 | ||
| 301 | void ERR_load_CRYPTO_strings(); | ||
| 302 | |||
| 303 | #endif | ||
| 304 | 425 | ||
| 305 | /* BEGIN ERROR CODES */ | 426 | /* BEGIN ERROR CODES */ |
| 427 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 428 | * made after this point may be overwritten when the script is next run. | ||
| 429 | */ | ||
| 430 | void ERR_load_CRYPTO_strings(void); | ||
| 431 | |||
| 306 | /* Error codes for the CRYPTO functions. */ | 432 | /* Error codes for the CRYPTO functions. */ |
| 307 | 433 | ||
| 308 | /* Function codes. */ | 434 | /* Function codes. */ |
| 309 | #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 | 435 | #define CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX 100 |
| 436 | #define CRYPTO_F_CRYPTO_GET_NEW_DYNLOCKID 103 | ||
| 310 | #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 | 437 | #define CRYPTO_F_CRYPTO_GET_NEW_LOCKID 101 |
| 311 | #define CRYPTO_F_CRYPTO_SET_EX_DATA 102 | 438 | #define CRYPTO_F_CRYPTO_SET_EX_DATA 102 |
| 439 | #define CRYPTO_F_DEF_ADD_INDEX 104 | ||
| 440 | #define CRYPTO_F_DEF_GET_CLASS 105 | ||
| 441 | #define CRYPTO_F_INT_DUP_EX_DATA 106 | ||
| 442 | #define CRYPTO_F_INT_FREE_EX_DATA 107 | ||
| 443 | #define CRYPTO_F_INT_NEW_EX_DATA 108 | ||
| 312 | 444 | ||
| 313 | /* Reason codes. */ | 445 | /* Reason codes. */ |
| 314 | 446 | #define CRYPTO_R_NO_DYNLOCK_CREATE_CALLBACK 100 | |
| 447 | |||
| 315 | #ifdef __cplusplus | 448 | #ifdef __cplusplus |
| 316 | } | 449 | } |
| 317 | #endif | 450 | #endif |
| 318 | #endif | 451 | #endif |
| 319 | |||
diff --git a/src/lib/libcrypto/cversion.c b/src/lib/libcrypto/cversion.c index 4e823be52f..8ecfba7b16 100644 --- a/src/lib/libcrypto/cversion.c +++ b/src/lib/libcrypto/cversion.c | |||
| @@ -59,40 +59,59 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "crypto.h" | 62 | #include <openssl/crypto.h> |
| 63 | #include "date.h" | ||
| 64 | 63 | ||
| 65 | char *SSLeay_version(t) | 64 | #include "buildinf.h" |
| 66 | int t; | 65 | |
| 66 | const char *SSLeay_version(int t) | ||
| 67 | { | 67 | { |
| 68 | if (t == SSLEAY_VERSION) | 68 | if (t == SSLEAY_VERSION) |
| 69 | return("SSLeay 0.9.0b 29-Jun-1998"); | 69 | return OPENSSL_VERSION_TEXT; |
| 70 | if (t == SSLEAY_BUILT_ON) | 70 | if (t == SSLEAY_BUILT_ON) |
| 71 | { | 71 | { |
| 72 | #ifdef DATE | 72 | #ifdef DATE |
| 73 | static char buf[sizeof(DATE)+10]; | 73 | static char buf[sizeof(DATE)+11]; |
| 74 | 74 | ||
| 75 | sprintf(buf,"built on %s",DATE); | 75 | sprintf(buf,"built on: %s",DATE); |
| 76 | return(buf); | 76 | return(buf); |
| 77 | #else | 77 | #else |
| 78 | return("build date not available"); | 78 | return("built on: date not available"); |
| 79 | #endif | 79 | #endif |
| 80 | } | 80 | } |
| 81 | if (t == SSLEAY_CFLAGS) | 81 | if (t == SSLEAY_CFLAGS) |
| 82 | { | 82 | { |
| 83 | #ifdef CFLAGS | 83 | #ifdef CFLAGS |
| 84 | static char buf[sizeof(CFLAGS)+10]; | 84 | static char buf[sizeof(CFLAGS)+11]; |
| 85 | |||
| 86 | sprintf(buf,"compiler: %s",CFLAGS); | ||
| 87 | return(buf); | ||
| 88 | #else | ||
| 89 | return("compiler: information not available"); | ||
| 90 | #endif | ||
| 91 | } | ||
| 92 | if (t == SSLEAY_PLATFORM) | ||
| 93 | { | ||
| 94 | #ifdef PLATFORM | ||
| 95 | static char buf[sizeof(PLATFORM)+11]; | ||
| 85 | 96 | ||
| 86 | sprintf(buf,"C flags:%s",CFLAGS); | 97 | sprintf(buf,"platform: %s", PLATFORM); |
| 87 | return(buf); | 98 | return(buf); |
| 88 | #else | 99 | #else |
| 89 | return("C flags not available"); | 100 | return("platform: information not available"); |
| 101 | #endif | ||
| 102 | } | ||
| 103 | if (t == SSLEAY_DIR) | ||
| 104 | { | ||
| 105 | #ifdef OPENSSLDIR | ||
| 106 | return "OPENSSLDIR: \"" OPENSSLDIR "\""; | ||
| 107 | #else | ||
| 108 | return "OPENSSLDIR: N/A"; | ||
| 90 | #endif | 109 | #endif |
| 91 | } | 110 | } |
| 92 | return("not available"); | 111 | return("not available"); |
| 93 | } | 112 | } |
| 94 | 113 | ||
| 95 | unsigned long SSLeay() | 114 | unsigned long SSLeay(void) |
| 96 | { | 115 | { |
| 97 | return(SSLEAY_VERSION_NUMBER); | 116 | return(SSLEAY_VERSION_NUMBER); |
| 98 | } | 117 | } |
diff --git a/src/lib/libcrypto/des/asm/crypt586.pl b/src/lib/libcrypto/des/asm/crypt586.pl index 297e38dec8..3d41d82f69 100644 --- a/src/lib/libcrypto/des/asm/crypt586.pl +++ b/src/lib/libcrypto/des/asm/crypt586.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | # | 2 | # |
| 3 | # The inner loop instruction sequence and the IP/FP modifications are from | 3 | # The inner loop instruction sequence and the IP/FP modifications are from |
| 4 | # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | 4 | # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> |
| @@ -14,7 +14,7 @@ require "x86asm.pl"; | |||
| 14 | $L="edi"; | 14 | $L="edi"; |
| 15 | $R="esi"; | 15 | $R="esi"; |
| 16 | 16 | ||
| 17 | &external_label("des_SPtrans"); | 17 | &external_label("DES_SPtrans"); |
| 18 | &fcrypt_body("fcrypt_body"); | 18 | &fcrypt_body("fcrypt_body"); |
| 19 | &asm_finish(); | 19 | &asm_finish(); |
| 20 | 20 | ||
| @@ -22,7 +22,7 @@ sub fcrypt_body | |||
| 22 | { | 22 | { |
| 23 | local($name,$do_ip)=@_; | 23 | local($name,$do_ip)=@_; |
| 24 | 24 | ||
| 25 | &function_begin($name,"EXTRN _des_SPtrans:DWORD"); | 25 | &function_begin($name,"EXTRN _DES_SPtrans:DWORD"); |
| 26 | 26 | ||
| 27 | &comment(""); | 27 | &comment(""); |
| 28 | &comment("Load the 2 words"); | 28 | &comment("Load the 2 words"); |
| @@ -32,18 +32,18 @@ sub fcrypt_body | |||
| 32 | &xor( $R, $R); | 32 | &xor( $R, $R); |
| 33 | &mov($ks,&wparam(1)); | 33 | &mov($ks,&wparam(1)); |
| 34 | 34 | ||
| 35 | &push(25); # add a variable | 35 | &push(&DWC(25)); # add a variable |
| 36 | 36 | ||
| 37 | &set_label("start"); | 37 | &set_label("start"); |
| 38 | for ($i=0; $i<16; $i+=2) | 38 | for ($i=0; $i<16; $i+=2) |
| 39 | { | 39 | { |
| 40 | &comment(""); | 40 | &comment(""); |
| 41 | &comment("Round $i"); | 41 | &comment("Round $i"); |
| 42 | &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 42 | &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 43 | 43 | ||
| 44 | &comment(""); | 44 | &comment(""); |
| 45 | &comment("Round ".sprintf("%d",$i+1)); | 45 | &comment("Round ".sprintf("%d",$i+1)); |
| 46 | &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 46 | &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 47 | } | 47 | } |
| 48 | &mov("ebx", &swtmp(0)); | 48 | &mov("ebx", &swtmp(0)); |
| 49 | &mov("eax", $L); | 49 | &mov("eax", $L); |
diff --git a/src/lib/libcrypto/des/asm/des-586.pl b/src/lib/libcrypto/des/asm/des-586.pl index 7f2e09fa7a..0d08e8a3a9 100644 --- a/src/lib/libcrypto/des/asm/des-586.pl +++ b/src/lib/libcrypto/des/asm/des-586.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | # | 2 | # |
| 3 | # The inner loop instruction sequence and the IP/FP modifications are from | 3 | # The inner loop instruction sequence and the IP/FP modifications are from |
| 4 | # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> | 4 | # Svend Olaf Mikkelsen <svolaf@inet.uni-c.dk> |
| @@ -19,21 +19,21 @@ require "desboth.pl"; | |||
| 19 | $L="edi"; | 19 | $L="edi"; |
| 20 | $R="esi"; | 20 | $R="esi"; |
| 21 | 21 | ||
| 22 | &external_label("des_SPtrans"); | 22 | &external_label("DES_SPtrans"); |
| 23 | &des_encrypt("des_encrypt",1); | 23 | &DES_encrypt("DES_encrypt1",1); |
| 24 | &des_encrypt("des_encrypt2",0); | 24 | &DES_encrypt("DES_encrypt2",0); |
| 25 | &des_encrypt3("des_encrypt3",1); | 25 | &DES_encrypt3("DES_encrypt3",1); |
| 26 | &des_encrypt3("des_decrypt3",0); | 26 | &DES_encrypt3("DES_decrypt3",0); |
| 27 | &cbc("des_ncbc_encrypt","des_encrypt","des_encrypt",0,4,5,3,5,-1); | 27 | &cbc("DES_ncbc_encrypt","DES_encrypt1","DES_encrypt1",0,4,5,3,5,-1); |
| 28 | &cbc("des_ede3_cbc_encrypt","des_encrypt3","des_decrypt3",0,6,7,3,4,5); | 28 | &cbc("DES_ede3_cbc_encrypt","DES_encrypt3","DES_decrypt3",0,6,7,3,4,5); |
| 29 | 29 | ||
| 30 | &asm_finish(); | 30 | &asm_finish(); |
| 31 | 31 | ||
| 32 | sub des_encrypt | 32 | sub DES_encrypt |
| 33 | { | 33 | { |
| 34 | local($name,$do_ip)=@_; | 34 | local($name,$do_ip)=@_; |
| 35 | 35 | ||
| 36 | &function_begin_B($name,"EXTRN _des_SPtrans:DWORD"); | 36 | &function_begin_B($name,"EXTRN _DES_SPtrans:DWORD"); |
| 37 | 37 | ||
| 38 | &push("esi"); | 38 | &push("esi"); |
| 39 | &push("edi"); | 39 | &push("edi"); |
| @@ -80,11 +80,11 @@ sub des_encrypt | |||
| 80 | { | 80 | { |
| 81 | &comment(""); | 81 | &comment(""); |
| 82 | &comment("Round $i"); | 82 | &comment("Round $i"); |
| 83 | &D_ENCRYPT($i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 83 | &D_ENCRYPT($i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 84 | 84 | ||
| 85 | &comment(""); | 85 | &comment(""); |
| 86 | &comment("Round ".sprintf("%d",$i+1)); | 86 | &comment("Round ".sprintf("%d",$i+1)); |
| 87 | &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 87 | &D_ENCRYPT($i+1,$R,$L,($i+1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 88 | } | 88 | } |
| 89 | &jmp(&label("end")); | 89 | &jmp(&label("end")); |
| 90 | 90 | ||
| @@ -94,10 +94,10 @@ sub des_encrypt | |||
| 94 | { | 94 | { |
| 95 | &comment(""); | 95 | &comment(""); |
| 96 | &comment("Round $i"); | 96 | &comment("Round $i"); |
| 97 | &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 97 | &D_ENCRYPT(15-$i,$L,$R,$i*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 98 | &comment(""); | 98 | &comment(""); |
| 99 | &comment("Round ".sprintf("%d",$i-1)); | 99 | &comment("Round ".sprintf("%d",$i-1)); |
| 100 | &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"des_SPtrans","eax","ebx","ecx","edx"); | 100 | &D_ENCRYPT(15-$i+1,$R,$L,($i-1)*2,$ks,"DES_SPtrans","eax","ebx","ecx","edx"); |
| 101 | } | 101 | } |
| 102 | 102 | ||
| 103 | &set_label("end"); | 103 | &set_label("end"); |
| @@ -187,6 +187,8 @@ sub R_PERM_OP | |||
| 187 | &mov( $tt, $a ); | 187 | &mov( $tt, $a ); |
| 188 | &xor( $a, $b ); | 188 | &xor( $a, $b ); |
| 189 | &and( $a, $mask ); | 189 | &and( $a, $mask ); |
| 190 | # This can never succeed, and besides it is difficult to see what the | ||
| 191 | # idea was - Ben 13 Feb 99 | ||
| 190 | if (!$last eq $b) | 192 | if (!$last eq $b) |
| 191 | { | 193 | { |
| 192 | &xor( $b, $a ); | 194 | &xor( $b, $a ); |
diff --git a/src/lib/libcrypto/des/asm/desboth.pl b/src/lib/libcrypto/des/asm/desboth.pl index 8f939953a6..eec00886e4 100644 --- a/src/lib/libcrypto/des/asm/desboth.pl +++ b/src/lib/libcrypto/des/asm/desboth.pl | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | $L="edi"; | 3 | $L="edi"; |
| 4 | $R="esi"; | 4 | $R="esi"; |
| 5 | 5 | ||
| 6 | sub des_encrypt3 | 6 | sub DES_encrypt3 |
| 7 | { | 7 | { |
| 8 | local($name,$enc)=@_; | 8 | local($name,$enc)=@_; |
| 9 | 9 | ||
| @@ -44,18 +44,18 @@ sub des_encrypt3 | |||
| 44 | &mov("edi",&wparam(2)); | 44 | &mov("edi",&wparam(2)); |
| 45 | &mov("eax",&wparam(3)); | 45 | &mov("eax",&wparam(3)); |
| 46 | } | 46 | } |
| 47 | &mov(&swtmp(2), (($enc)?"1":"0")); | 47 | &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); |
| 48 | &mov(&swtmp(1), "eax"); | 48 | &mov(&swtmp(1), "eax"); |
| 49 | &mov(&swtmp(0), "ebx"); | 49 | &mov(&swtmp(0), "ebx"); |
| 50 | &call("des_encrypt2"); | 50 | &call("DES_encrypt2"); |
| 51 | &mov(&swtmp(2), (($enc)?"0":"1")); | 51 | &mov(&swtmp(2), (DWC(($enc)?"0":"1"))); |
| 52 | &mov(&swtmp(1), "edi"); | 52 | &mov(&swtmp(1), "edi"); |
| 53 | &mov(&swtmp(0), "ebx"); | 53 | &mov(&swtmp(0), "ebx"); |
| 54 | &call("des_encrypt2"); | 54 | &call("DES_encrypt2"); |
| 55 | &mov(&swtmp(2), (($enc)?"1":"0")); | 55 | &mov(&swtmp(2), (DWC(($enc)?"1":"0"))); |
| 56 | &mov(&swtmp(1), "esi"); | 56 | &mov(&swtmp(1), "esi"); |
| 57 | &mov(&swtmp(0), "ebx"); | 57 | &mov(&swtmp(0), "ebx"); |
| 58 | &call("des_encrypt2"); | 58 | &call("DES_encrypt2"); |
| 59 | 59 | ||
| 60 | &stack_pop(3); | 60 | &stack_pop(3); |
| 61 | &mov($L,&DWP(0,"ebx","",0)); | 61 | &mov($L,&DWP(0,"ebx","",0)); |
diff --git a/src/lib/libcrypto/des/cbc_cksm.c b/src/lib/libcrypto/des/cbc_cksm.c index edfdec8a0f..6c5305b99d 100644 --- a/src/lib/libcrypto/des/cbc_cksm.c +++ b/src/lib/libcrypto/des/cbc_cksm.c | |||
| @@ -58,21 +58,15 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | DES_LONG des_cbc_cksum(input, output, length, schedule, ivec) | 61 | DES_LONG DES_cbc_cksum(const unsigned char *in, DES_cblock *output, |
| 62 | des_cblock (*input); | 62 | long length, DES_key_schedule *schedule, |
| 63 | des_cblock (*output); | 63 | const_DES_cblock *ivec) |
| 64 | long length; | ||
| 65 | des_key_schedule schedule; | ||
| 66 | des_cblock (*ivec); | ||
| 67 | { | 64 | { |
| 68 | register DES_LONG tout0,tout1,tin0,tin1; | 65 | register DES_LONG tout0,tout1,tin0,tin1; |
| 69 | register long l=length; | 66 | register long l=length; |
| 70 | DES_LONG tin[2]; | 67 | DES_LONG tin[2]; |
| 71 | unsigned char *in,*out,*iv; | 68 | unsigned char *out = &(*output)[0]; |
| 72 | 69 | const unsigned char *iv = &(*ivec)[0]; | |
| 73 | in=(unsigned char *)input; | ||
| 74 | out=(unsigned char *)output; | ||
| 75 | iv=(unsigned char *)ivec; | ||
| 76 | 70 | ||
| 77 | c2l(iv,tout0); | 71 | c2l(iv,tout0); |
| 78 | c2l(iv,tout1); | 72 | c2l(iv,tout1); |
| @@ -88,7 +82,7 @@ des_cblock (*ivec); | |||
| 88 | 82 | ||
| 89 | tin0^=tout0; tin[0]=tin0; | 83 | tin0^=tout0; tin[0]=tin0; |
| 90 | tin1^=tout1; tin[1]=tin1; | 84 | tin1^=tout1; tin[1]=tin1; |
| 91 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 85 | DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); |
| 92 | /* fix 15/10/91 eay - thanks to keithr@sco.COM */ | 86 | /* fix 15/10/91 eay - thanks to keithr@sco.COM */ |
| 93 | tout0=tin[0]; | 87 | tout0=tin[0]; |
| 94 | tout1=tin[1]; | 88 | tout1=tin[1]; |
diff --git a/src/lib/libcrypto/des/cbc_enc.c b/src/lib/libcrypto/des/cbc_enc.c index a84a53633c..677903ae4e 100644 --- a/src/lib/libcrypto/des/cbc_enc.c +++ b/src/lib/libcrypto/des/cbc_enc.c | |||
| @@ -56,80 +56,6 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #define CBC_ENC_C__DONT_UPDATE_IV |
| 60 | |||
| 61 | void des_cbc_encrypt(input, output, length, schedule, ivec, enc) | ||
| 62 | des_cblock (*input); | ||
| 63 | des_cblock (*output); | ||
| 64 | long length; | ||
| 65 | des_key_schedule schedule; | ||
| 66 | des_cblock (*ivec); | ||
| 67 | int enc; | ||
| 68 | { | ||
| 69 | register DES_LONG tin0,tin1; | ||
| 70 | register DES_LONG tout0,tout1,xor0,xor1; | ||
| 71 | register unsigned char *in,*out; | ||
| 72 | register long l=length; | ||
| 73 | DES_LONG tin[2]; | ||
| 74 | unsigned char *iv; | ||
| 75 | |||
| 76 | in=(unsigned char *)input; | ||
| 77 | out=(unsigned char *)output; | ||
| 78 | iv=(unsigned char *)ivec; | ||
| 79 | |||
| 80 | if (enc) | ||
| 81 | { | ||
| 82 | c2l(iv,tout0); | ||
| 83 | c2l(iv,tout1); | ||
| 84 | for (l-=8; l>=0; l-=8) | ||
| 85 | { | ||
| 86 | c2l(in,tin0); | ||
| 87 | c2l(in,tin1); | ||
| 88 | tin0^=tout0; tin[0]=tin0; | ||
| 89 | tin1^=tout1; tin[1]=tin1; | ||
| 90 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | ||
| 91 | tout0=tin[0]; l2c(tout0,out); | ||
| 92 | tout1=tin[1]; l2c(tout1,out); | ||
| 93 | } | ||
| 94 | if (l != -8) | ||
| 95 | { | ||
| 96 | c2ln(in,tin0,tin1,l+8); | ||
| 97 | tin0^=tout0; tin[0]=tin0; | ||
| 98 | tin1^=tout1; tin[1]=tin1; | ||
| 99 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | ||
| 100 | tout0=tin[0]; l2c(tout0,out); | ||
| 101 | tout1=tin[1]; l2c(tout1,out); | ||
| 102 | } | ||
| 103 | } | ||
| 104 | else | ||
| 105 | { | ||
| 106 | c2l(iv,xor0); | ||
| 107 | c2l(iv,xor1); | ||
| 108 | for (l-=8; l>=0; l-=8) | ||
| 109 | { | ||
| 110 | c2l(in,tin0); tin[0]=tin0; | ||
| 111 | c2l(in,tin1); tin[1]=tin1; | ||
| 112 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | ||
| 113 | tout0=tin[0]^xor0; | ||
| 114 | tout1=tin[1]^xor1; | ||
| 115 | l2c(tout0,out); | ||
| 116 | l2c(tout1,out); | ||
| 117 | xor0=tin0; | ||
| 118 | xor1=tin1; | ||
| 119 | } | ||
| 120 | if (l != -8) | ||
| 121 | { | ||
| 122 | c2l(in,tin0); tin[0]=tin0; | ||
| 123 | c2l(in,tin1); tin[1]=tin1; | ||
| 124 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | ||
| 125 | tout0=tin[0]^xor0; | ||
| 126 | tout1=tin[1]^xor1; | ||
| 127 | l2cn(tout0,tout1,out,l+8); | ||
| 128 | /* xor0=tin0; | ||
| 129 | xor1=tin1; */ | ||
| 130 | } | ||
| 131 | } | ||
| 132 | tin0=tin1=tout0=tout1=xor0=xor1=0; | ||
| 133 | tin[0]=tin[1]=0; | ||
| 134 | } | ||
| 135 | 60 | ||
| 61 | #include "ncbc_enc.c" /* des_cbc_encrypt */ | ||
diff --git a/src/lib/libcrypto/des/cfb64ede.c b/src/lib/libcrypto/des/cfb64ede.c index 80b8a9eaaa..60c1aa08db 100644 --- a/src/lib/libcrypto/des/cfb64ede.c +++ b/src/lib/libcrypto/des/cfb64ede.c | |||
| @@ -63,14 +63,10 @@ | |||
| 63 | * 64bit block we have used is contained in *num; | 63 | * 64bit block we have used is contained in *num; |
| 64 | */ | 64 | */ |
| 65 | 65 | ||
| 66 | void des_ede3_cfb64_encrypt(in, out, length, ks1,ks2,ks3, ivec, num, enc) | 66 | void DES_ede3_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 67 | unsigned char *in; | 67 | long length, DES_key_schedule *ks1, |
| 68 | unsigned char *out; | 68 | DES_key_schedule *ks2, DES_key_schedule *ks3, |
| 69 | long length; | 69 | DES_cblock *ivec, int *num, int enc) |
| 70 | des_key_schedule ks1,ks2,ks3; | ||
| 71 | des_cblock (*ivec); | ||
| 72 | int *num; | ||
| 73 | int enc; | ||
| 74 | { | 70 | { |
| 75 | register DES_LONG v0,v1; | 71 | register DES_LONG v0,v1; |
| 76 | register long l=length; | 72 | register long l=length; |
| @@ -78,7 +74,7 @@ int enc; | |||
| 78 | DES_LONG ti[2]; | 74 | DES_LONG ti[2]; |
| 79 | unsigned char *iv,c,cc; | 75 | unsigned char *iv,c,cc; |
| 80 | 76 | ||
| 81 | iv=(unsigned char *)ivec; | 77 | iv=&(*ivec)[0]; |
| 82 | if (enc) | 78 | if (enc) |
| 83 | { | 79 | { |
| 84 | while (l--) | 80 | while (l--) |
| @@ -90,14 +86,14 @@ int enc; | |||
| 90 | 86 | ||
| 91 | ti[0]=v0; | 87 | ti[0]=v0; |
| 92 | ti[1]=v1; | 88 | ti[1]=v1; |
| 93 | des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3); | 89 | DES_encrypt3(ti,ks1,ks2,ks3); |
| 94 | v0=ti[0]; | 90 | v0=ti[0]; |
| 95 | v1=ti[1]; | 91 | v1=ti[1]; |
| 96 | 92 | ||
| 97 | iv=(unsigned char *)ivec; | 93 | iv = &(*ivec)[0]; |
| 98 | l2c(v0,iv); | 94 | l2c(v0,iv); |
| 99 | l2c(v1,iv); | 95 | l2c(v1,iv); |
| 100 | iv=(unsigned char *)ivec; | 96 | iv = &(*ivec)[0]; |
| 101 | } | 97 | } |
| 102 | c= *(in++)^iv[n]; | 98 | c= *(in++)^iv[n]; |
| 103 | *(out++)=c; | 99 | *(out++)=c; |
| @@ -116,14 +112,14 @@ int enc; | |||
| 116 | 112 | ||
| 117 | ti[0]=v0; | 113 | ti[0]=v0; |
| 118 | ti[1]=v1; | 114 | ti[1]=v1; |
| 119 | des_encrypt3((DES_LONG *)ti,ks1,ks2,ks3); | 115 | DES_encrypt3(ti,ks1,ks2,ks3); |
| 120 | v0=ti[0]; | 116 | v0=ti[0]; |
| 121 | v1=ti[1]; | 117 | v1=ti[1]; |
| 122 | 118 | ||
| 123 | iv=(unsigned char *)ivec; | 119 | iv = &(*ivec)[0]; |
| 124 | l2c(v0,iv); | 120 | l2c(v0,iv); |
| 125 | l2c(v1,iv); | 121 | l2c(v1,iv); |
| 126 | iv=(unsigned char *)ivec; | 122 | iv = &(*ivec)[0]; |
| 127 | } | 123 | } |
| 128 | cc= *(in++); | 124 | cc= *(in++); |
| 129 | c=iv[n]; | 125 | c=iv[n]; |
| @@ -137,15 +133,10 @@ int enc; | |||
| 137 | } | 133 | } |
| 138 | 134 | ||
| 139 | #ifdef undef /* MACRO */ | 135 | #ifdef undef /* MACRO */ |
| 140 | void des_ede2_cfb64_encrypt(in, out, length, ks1,ks2, ivec, num, enc) | 136 | void DES_ede2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, |
| 141 | unsigned char *in; | 137 | DES_key_schedule ks1, DES_key_schedule ks2, DES_cblock (*ivec), |
| 142 | unsigned char *out; | 138 | int *num, int enc) |
| 143 | long length; | ||
| 144 | des_key_schedule ks1,ks2; | ||
| 145 | des_cblock (*ivec); | ||
| 146 | int *num; | ||
| 147 | int enc; | ||
| 148 | { | 139 | { |
| 149 | des_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); | 140 | DES_ede3_cfb64_encrypt(in,out,length,ks1,ks2,ks1,ivec,num,enc); |
| 150 | } | 141 | } |
| 151 | #endif | 142 | #endif |
diff --git a/src/lib/libcrypto/des/cfb64enc.c b/src/lib/libcrypto/des/cfb64enc.c index 403da479df..5ec8683e40 100644 --- a/src/lib/libcrypto/des/cfb64enc.c +++ b/src/lib/libcrypto/des/cfb64enc.c | |||
| @@ -63,14 +63,9 @@ | |||
| 63 | * 64bit block we have used is contained in *num; | 63 | * 64bit block we have used is contained in *num; |
| 64 | */ | 64 | */ |
| 65 | 65 | ||
| 66 | void des_cfb64_encrypt(in, out, length, schedule, ivec, num, enc) | 66 | void DES_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 67 | unsigned char *in; | 67 | long length, DES_key_schedule *schedule, |
| 68 | unsigned char *out; | 68 | DES_cblock *ivec, int *num, int enc) |
| 69 | long length; | ||
| 70 | des_key_schedule schedule; | ||
| 71 | des_cblock (*ivec); | ||
| 72 | int *num; | ||
| 73 | int enc; | ||
| 74 | { | 69 | { |
| 75 | register DES_LONG v0,v1; | 70 | register DES_LONG v0,v1; |
| 76 | register long l=length; | 71 | register long l=length; |
| @@ -78,7 +73,7 @@ int enc; | |||
| 78 | DES_LONG ti[2]; | 73 | DES_LONG ti[2]; |
| 79 | unsigned char *iv,c,cc; | 74 | unsigned char *iv,c,cc; |
| 80 | 75 | ||
| 81 | iv=(unsigned char *)ivec; | 76 | iv = &(*ivec)[0]; |
| 82 | if (enc) | 77 | if (enc) |
| 83 | { | 78 | { |
| 84 | while (l--) | 79 | while (l--) |
| @@ -87,12 +82,11 @@ int enc; | |||
| 87 | { | 82 | { |
| 88 | c2l(iv,v0); ti[0]=v0; | 83 | c2l(iv,v0); ti[0]=v0; |
| 89 | c2l(iv,v1); ti[1]=v1; | 84 | c2l(iv,v1); ti[1]=v1; |
| 90 | des_encrypt((DES_LONG *)ti, | 85 | DES_encrypt1(ti,schedule,DES_ENCRYPT); |
| 91 | schedule,DES_ENCRYPT); | 86 | iv = &(*ivec)[0]; |
| 92 | iv=(unsigned char *)ivec; | ||
| 93 | v0=ti[0]; l2c(v0,iv); | 87 | v0=ti[0]; l2c(v0,iv); |
| 94 | v0=ti[1]; l2c(v0,iv); | 88 | v0=ti[1]; l2c(v0,iv); |
| 95 | iv=(unsigned char *)ivec; | 89 | iv = &(*ivec)[0]; |
| 96 | } | 90 | } |
| 97 | c= *(in++)^iv[n]; | 91 | c= *(in++)^iv[n]; |
| 98 | *(out++)=c; | 92 | *(out++)=c; |
| @@ -108,12 +102,11 @@ int enc; | |||
| 108 | { | 102 | { |
| 109 | c2l(iv,v0); ti[0]=v0; | 103 | c2l(iv,v0); ti[0]=v0; |
| 110 | c2l(iv,v1); ti[1]=v1; | 104 | c2l(iv,v1); ti[1]=v1; |
| 111 | des_encrypt((DES_LONG *)ti, | 105 | DES_encrypt1(ti,schedule,DES_ENCRYPT); |
| 112 | schedule,DES_ENCRYPT); | 106 | iv = &(*ivec)[0]; |
| 113 | iv=(unsigned char *)ivec; | ||
| 114 | v0=ti[0]; l2c(v0,iv); | 107 | v0=ti[0]; l2c(v0,iv); |
| 115 | v0=ti[1]; l2c(v0,iv); | 108 | v0=ti[1]; l2c(v0,iv); |
| 116 | iv=(unsigned char *)ivec; | 109 | iv = &(*ivec)[0]; |
| 117 | } | 110 | } |
| 118 | cc= *(in++); | 111 | cc= *(in++); |
| 119 | c=iv[n]; | 112 | c=iv[n]; |
diff --git a/src/lib/libcrypto/des/cfb_enc.c b/src/lib/libcrypto/des/cfb_enc.c index 342e785691..17bf77ca9e 100644 --- a/src/lib/libcrypto/des/cfb_enc.c +++ b/src/lib/libcrypto/des/cfb_enc.c | |||
| @@ -64,14 +64,8 @@ | |||
| 64 | * the second. The second 12 bits will come from the 3rd and half the 4th | 64 | * the second. The second 12 bits will come from the 3rd and half the 4th |
| 65 | * byte. | 65 | * byte. |
| 66 | */ | 66 | */ |
| 67 | void des_cfb_encrypt(in, out, numbits, length, schedule, ivec, enc) | 67 | void DES_cfb_encrypt(const unsigned char *in, unsigned char *out, int numbits, |
| 68 | unsigned char *in; | 68 | long length, DES_key_schedule *schedule, DES_cblock *ivec, int enc) |
| 69 | unsigned char *out; | ||
| 70 | int numbits; | ||
| 71 | long length; | ||
| 72 | des_key_schedule schedule; | ||
| 73 | des_cblock (*ivec); | ||
| 74 | int enc; | ||
| 75 | { | 69 | { |
| 76 | register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; | 70 | register DES_LONG d0,d1,v0,v1,n=(numbits+7)/8; |
| 77 | register DES_LONG mask0,mask1; | 71 | register DES_LONG mask0,mask1; |
| @@ -96,7 +90,7 @@ int enc; | |||
| 96 | mask1=0x00000000L; | 90 | mask1=0x00000000L; |
| 97 | } | 91 | } |
| 98 | 92 | ||
| 99 | iv=(unsigned char *)ivec; | 93 | iv = &(*ivec)[0]; |
| 100 | c2l(iv,v0); | 94 | c2l(iv,v0); |
| 101 | c2l(iv,v1); | 95 | c2l(iv,v1); |
| 102 | if (enc) | 96 | if (enc) |
| @@ -106,7 +100,7 @@ int enc; | |||
| 106 | l-=n; | 100 | l-=n; |
| 107 | ti[0]=v0; | 101 | ti[0]=v0; |
| 108 | ti[1]=v1; | 102 | ti[1]=v1; |
| 109 | des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); | 103 | DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); |
| 110 | c2ln(in,d0,d1,n); | 104 | c2ln(in,d0,d1,n); |
| 111 | in+=n; | 105 | in+=n; |
| 112 | d0=(d0^ti[0])&mask0; | 106 | d0=(d0^ti[0])&mask0; |
| @@ -138,7 +132,7 @@ int enc; | |||
| 138 | l-=n; | 132 | l-=n; |
| 139 | ti[0]=v0; | 133 | ti[0]=v0; |
| 140 | ti[1]=v1; | 134 | ti[1]=v1; |
| 141 | des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); | 135 | DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); |
| 142 | c2ln(in,d0,d1,n); | 136 | c2ln(in,d0,d1,n); |
| 143 | in+=n; | 137 | in+=n; |
| 144 | /* 30-08-94 - eay - changed because l>>32 and | 138 | /* 30-08-94 - eay - changed because l>>32 and |
| @@ -163,7 +157,7 @@ int enc; | |||
| 163 | out+=n; | 157 | out+=n; |
| 164 | } | 158 | } |
| 165 | } | 159 | } |
| 166 | iv=(unsigned char *)ivec; | 160 | iv = &(*ivec)[0]; |
| 167 | l2c(v0,iv); | 161 | l2c(v0,iv); |
| 168 | l2c(v1,iv); | 162 | l2c(v1,iv); |
| 169 | v0=v1=d0=d1=ti[0]=ti[1]=0; | 163 | v0=v1=d0=d1=ti[0]=ti[1]=0; |
diff --git a/src/lib/libcrypto/des/des.h b/src/lib/libcrypto/des/des.h index 67f90aaf17..4cb9d84fdf 100644 --- a/src/lib/libcrypto/des/des.h +++ b/src/lib/libcrypto/des/des.h | |||
| @@ -59,43 +59,50 @@ | |||
| 59 | #ifndef HEADER_DES_H | 59 | #ifndef HEADER_DES_H |
| 60 | #define HEADER_DES_H | 60 | #define HEADER_DES_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifdef OPENSSL_NO_DES |
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | #ifdef NO_DES | ||
| 67 | #error DES is disabled. | 63 | #error DES is disabled. |
| 68 | #endif | 64 | #endif |
| 69 | 65 | ||
| 70 | #ifdef _KERBEROS_DES_H | ||
| 71 | #error <openssl/des.h> replaces <kerberos/des.h>. | ||
| 72 | #endif | ||
| 73 | |||
| 74 | #include <stdio.h> | ||
| 75 | #include <openssl/opensslconf.h> /* DES_LONG */ | 66 | #include <openssl/opensslconf.h> /* DES_LONG */ |
| 76 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN */ | 67 | #include <openssl/e_os2.h> /* OPENSSL_EXTERN */ |
| 77 | 68 | ||
| 78 | typedef unsigned char des_cblock[8]; | 69 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO |
| 79 | typedef /* const */ unsigned char const_des_cblock[8]; | 70 | # undef OPENSSL_EXTERN |
| 80 | /* With "const", gcc 2.8.1 on Solaris thinks that des_cblock * | 71 | # define OPENSSL_EXTERN OPENSSL_EXPORT |
| 81 | * and const_des_cblock * are incompatible pointer types. | 72 | #endif |
| 82 | * I haven't seen that warning on other systems ... I'll look | 73 | |
| 83 | * what the standard says. */ | 74 | #ifdef __cplusplus |
| 75 | extern "C" { | ||
| 76 | #endif | ||
| 84 | 77 | ||
| 78 | typedef unsigned char DES_cblock[8]; | ||
| 79 | typedef /* const */ unsigned char const_DES_cblock[8]; | ||
| 80 | /* With "const", gcc 2.8.1 on Solaris thinks that DES_cblock * | ||
| 81 | * and const_DES_cblock * are incompatible pointer types. */ | ||
| 85 | 82 | ||
| 86 | typedef struct des_ks_struct | 83 | typedef struct DES_ks |
| 84 | { | ||
| 85 | union | ||
| 87 | { | 86 | { |
| 88 | union { | 87 | DES_cblock cblock; |
| 89 | des_cblock cblock; | 88 | /* make sure things are correct size on machines with |
| 90 | /* make sure things are correct size on machines with | 89 | * 8 byte longs */ |
| 91 | * 8 byte longs */ | 90 | DES_LONG deslong[2]; |
| 92 | DES_LONG deslong[2]; | 91 | } ks[16]; |
| 93 | } ks; | 92 | } DES_key_schedule; |
| 94 | int weak_key; | 93 | |
| 95 | } des_key_schedule[16]; | 94 | #ifndef OPENSSL_DISABLE_OLD_DES_SUPPORT |
| 96 | 95 | # ifndef OPENSSL_ENABLE_OLD_DES_SUPPORT | |
| 97 | #define DES_KEY_SZ (sizeof(des_cblock)) | 96 | # define OPENSSL_ENABLE_OLD_DES_SUPPORT |
| 98 | #define DES_SCHEDULE_SZ (sizeof(des_key_schedule)) | 97 | # endif |
| 98 | #endif | ||
| 99 | |||
| 100 | #ifdef OPENSSL_ENABLE_OLD_DES_SUPPORT | ||
| 101 | # include <openssl/des_old.h> | ||
| 102 | #endif | ||
| 103 | |||
| 104 | #define DES_KEY_SZ (sizeof(DES_cblock)) | ||
| 105 | #define DES_SCHEDULE_SZ (sizeof(DES_key_schedule)) | ||
| 99 | 106 | ||
| 100 | #define DES_ENCRYPT 1 | 107 | #define DES_ENCRYPT 1 |
| 101 | #define DES_DECRYPT 0 | 108 | #define DES_DECRYPT 0 |
| @@ -103,144 +110,128 @@ typedef struct des_ks_struct | |||
| 103 | #define DES_CBC_MODE 0 | 110 | #define DES_CBC_MODE 0 |
| 104 | #define DES_PCBC_MODE 1 | 111 | #define DES_PCBC_MODE 1 |
| 105 | 112 | ||
| 106 | #define des_ecb2_encrypt(i,o,k1,k2,e) \ | 113 | #define DES_ecb2_encrypt(i,o,k1,k2,e) \ |
| 107 | des_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) | 114 | DES_ecb3_encrypt((i),(o),(k1),(k2),(k1),(e)) |
| 108 | 115 | ||
| 109 | #define des_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ | 116 | #define DES_ede2_cbc_encrypt(i,o,l,k1,k2,iv,e) \ |
| 110 | des_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) | 117 | DES_ede3_cbc_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(e)) |
| 111 | 118 | ||
| 112 | #define des_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ | 119 | #define DES_ede2_cfb64_encrypt(i,o,l,k1,k2,iv,n,e) \ |
| 113 | des_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) | 120 | DES_ede3_cfb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n),(e)) |
| 114 | 121 | ||
| 115 | #define des_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ | 122 | #define DES_ede2_ofb64_encrypt(i,o,l,k1,k2,iv,n) \ |
| 116 | des_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) | 123 | DES_ede3_ofb64_encrypt((i),(o),(l),(k1),(k2),(k1),(iv),(n)) |
| 117 | 124 | ||
| 118 | OPENSSL_EXTERN int des_check_key; /* defaults to false */ | 125 | OPENSSL_DECLARE_GLOBAL(int,DES_check_key); /* defaults to false */ |
| 119 | OPENSSL_EXTERN int des_rw_mode; /* defaults to DES_PCBC_MODE */ | 126 | #define DES_check_key OPENSSL_GLOBAL_REF(DES_check_key) |
| 120 | OPENSSL_EXTERN int des_set_weak_key_flag; /* set the weak key flag */ | 127 | OPENSSL_DECLARE_GLOBAL(int,DES_rw_mode); /* defaults to DES_PCBC_MODE */ |
| 121 | 128 | #define DES_rw_mode OPENSSL_GLOBAL_REF(DES_rw_mode) | |
| 122 | const char *des_options(void); | 129 | |
| 123 | void des_ecb3_encrypt(const_des_cblock *input, des_cblock *output, | 130 | const char *DES_options(void); |
| 124 | des_key_schedule ks1,des_key_schedule ks2, | 131 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, |
| 125 | des_key_schedule ks3, int enc); | 132 | DES_key_schedule *ks1,DES_key_schedule *ks2, |
| 126 | DES_LONG des_cbc_cksum(const unsigned char *input,des_cblock *output, | 133 | DES_key_schedule *ks3, int enc); |
| 127 | long length,des_key_schedule schedule, | 134 | DES_LONG DES_cbc_cksum(const unsigned char *input,DES_cblock *output, |
| 128 | const_des_cblock *ivec); | 135 | long length,DES_key_schedule *schedule, |
| 129 | /* des_cbc_encrypt does not update the IV! Use des_ncbc_encrypt instead. */ | 136 | const_DES_cblock *ivec); |
| 130 | void des_cbc_encrypt(const unsigned char *input,unsigned char *output, | 137 | /* DES_cbc_encrypt does not update the IV! Use DES_ncbc_encrypt instead. */ |
| 131 | long length,des_key_schedule schedule,des_cblock *ivec, | 138 | void DES_cbc_encrypt(const unsigned char *input,unsigned char *output, |
| 139 | long length,DES_key_schedule *schedule,DES_cblock *ivec, | ||
| 132 | int enc); | 140 | int enc); |
| 133 | void des_ncbc_encrypt(const unsigned char *input,unsigned char *output, | 141 | void DES_ncbc_encrypt(const unsigned char *input,unsigned char *output, |
| 134 | long length,des_key_schedule schedule,des_cblock *ivec, | 142 | long length,DES_key_schedule *schedule,DES_cblock *ivec, |
| 135 | int enc); | 143 | int enc); |
| 136 | void des_xcbc_encrypt(const unsigned char *input,unsigned char *output, | 144 | void DES_xcbc_encrypt(const unsigned char *input,unsigned char *output, |
| 137 | long length,des_key_schedule schedule,des_cblock *ivec, | 145 | long length,DES_key_schedule *schedule,DES_cblock *ivec, |
| 138 | const_des_cblock *inw,const_des_cblock *outw,int enc); | 146 | const_DES_cblock *inw,const_DES_cblock *outw,int enc); |
| 139 | void des_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, | 147 | void DES_cfb_encrypt(const unsigned char *in,unsigned char *out,int numbits, |
| 140 | long length,des_key_schedule schedule,des_cblock *ivec, | 148 | long length,DES_key_schedule *schedule,DES_cblock *ivec, |
| 141 | int enc); | 149 | int enc); |
| 142 | void des_ecb_encrypt(const_des_cblock *input,des_cblock *output, | 150 | void DES_ecb_encrypt(const_DES_cblock *input,DES_cblock *output, |
| 143 | des_key_schedule ks,int enc); | 151 | DES_key_schedule *ks,int enc); |
| 144 | void des_encrypt(DES_LONG *data,des_key_schedule ks, int enc); | 152 | |
| 145 | void des_encrypt2(DES_LONG *data,des_key_schedule ks, int enc); | 153 | /* This is the DES encryption function that gets called by just about |
| 146 | void des_encrypt3(DES_LONG *data, des_key_schedule ks1, | 154 | every other DES routine in the library. You should not use this |
| 147 | des_key_schedule ks2, des_key_schedule ks3); | 155 | function except to implement 'modes' of DES. I say this because the |
| 148 | void des_decrypt3(DES_LONG *data, des_key_schedule ks1, | 156 | functions that call this routine do the conversion from 'char *' to |
| 149 | des_key_schedule ks2, des_key_schedule ks3); | 157 | long, and this needs to be done to make sure 'non-aligned' memory |
| 150 | void des_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, | 158 | access do not occur. The characters are loaded 'little endian'. |
| 159 | Data is a pointer to 2 unsigned long's and ks is the | ||
| 160 | DES_key_schedule to use. enc, is non zero specifies encryption, | ||
| 161 | zero if decryption. */ | ||
| 162 | void DES_encrypt1(DES_LONG *data,DES_key_schedule *ks, int enc); | ||
| 163 | |||
| 164 | /* This functions is the same as DES_encrypt1() except that the DES | ||
| 165 | initial permutation (IP) and final permutation (FP) have been left | ||
| 166 | out. As for DES_encrypt1(), you should not use this function. | ||
| 167 | It is used by the routines in the library that implement triple DES. | ||
| 168 | IP() DES_encrypt2() DES_encrypt2() DES_encrypt2() FP() is the same | ||
| 169 | as DES_encrypt1() DES_encrypt1() DES_encrypt1() except faster :-). */ | ||
| 170 | void DES_encrypt2(DES_LONG *data,DES_key_schedule *ks, int enc); | ||
| 171 | |||
| 172 | void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, | ||
| 173 | DES_key_schedule *ks2, DES_key_schedule *ks3); | ||
| 174 | void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, | ||
| 175 | DES_key_schedule *ks2, DES_key_schedule *ks3); | ||
| 176 | void DES_ede3_cbc_encrypt(const unsigned char *input,unsigned char *output, | ||
| 151 | long length, | 177 | long length, |
| 152 | des_key_schedule ks1,des_key_schedule ks2, | 178 | DES_key_schedule *ks1,DES_key_schedule *ks2, |
| 153 | des_key_schedule ks3,des_cblock *ivec,int enc); | 179 | DES_key_schedule *ks3,DES_cblock *ivec,int enc); |
| 154 | void des_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, | 180 | void DES_ede3_cbcm_encrypt(const unsigned char *in,unsigned char *out, |
| 155 | long length, | 181 | long length, |
| 156 | des_key_schedule ks1,des_key_schedule ks2, | 182 | DES_key_schedule *ks1,DES_key_schedule *ks2, |
| 157 | des_key_schedule ks3, | 183 | DES_key_schedule *ks3, |
| 158 | des_cblock *ivec1,des_cblock *ivec2, | 184 | DES_cblock *ivec1,DES_cblock *ivec2, |
| 159 | int enc); | 185 | int enc); |
| 160 | void des_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, | 186 | void DES_ede3_cfb64_encrypt(const unsigned char *in,unsigned char *out, |
| 161 | long length,des_key_schedule ks1, | 187 | long length,DES_key_schedule *ks1, |
| 162 | des_key_schedule ks2,des_key_schedule ks3, | 188 | DES_key_schedule *ks2,DES_key_schedule *ks3, |
| 163 | des_cblock *ivec,int *num,int enc); | 189 | DES_cblock *ivec,int *num,int enc); |
| 164 | void des_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, | 190 | void DES_ede3_ofb64_encrypt(const unsigned char *in,unsigned char *out, |
| 165 | long length,des_key_schedule ks1, | 191 | long length,DES_key_schedule *ks1, |
| 166 | des_key_schedule ks2,des_key_schedule ks3, | 192 | DES_key_schedule *ks2,DES_key_schedule *ks3, |
| 167 | des_cblock *ivec,int *num); | 193 | DES_cblock *ivec,int *num); |
| 168 | 194 | ||
| 169 | void des_xwhite_in2out(const_des_cblock *des_key,const_des_cblock *in_white, | 195 | void DES_xwhite_in2out(const_DES_cblock *DES_key,const_DES_cblock *in_white, |
| 170 | des_cblock *out_white); | 196 | DES_cblock *out_white); |
| 171 | 197 | ||
| 172 | int des_enc_read(int fd,void *buf,int len,des_key_schedule sched, | 198 | int DES_enc_read(int fd,void *buf,int len,DES_key_schedule *sched, |
| 173 | des_cblock *iv); | 199 | DES_cblock *iv); |
| 174 | int des_enc_write(int fd,const void *buf,int len,des_key_schedule sched, | 200 | int DES_enc_write(int fd,const void *buf,int len,DES_key_schedule *sched, |
| 175 | des_cblock *iv); | 201 | DES_cblock *iv); |
| 176 | char *des_fcrypt(const char *buf,const char *salt, char *ret); | 202 | char *DES_fcrypt(const char *buf,const char *salt, char *ret); |
| 177 | char *des_crypt(const char *buf,const char *salt); | 203 | char *DES_crypt(const char *buf,const char *salt); |
| 178 | #if !defined(PERL5) && !defined(__FreeBSD__) && !defined(NeXT) | 204 | void DES_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, |
| 179 | char *crypt(const char *buf,const char *salt); | 205 | long length,DES_key_schedule *schedule,DES_cblock *ivec); |
| 180 | #endif | 206 | void DES_pcbc_encrypt(const unsigned char *input,unsigned char *output, |
| 181 | void des_ofb_encrypt(const unsigned char *in,unsigned char *out,int numbits, | 207 | long length,DES_key_schedule *schedule,DES_cblock *ivec, |
| 182 | long length,des_key_schedule schedule,des_cblock *ivec); | ||
| 183 | void des_pcbc_encrypt(const unsigned char *input,unsigned char *output, | ||
| 184 | long length,des_key_schedule schedule,des_cblock *ivec, | ||
| 185 | int enc); | 208 | int enc); |
| 186 | DES_LONG des_quad_cksum(const unsigned char *input,des_cblock output[], | 209 | DES_LONG DES_quad_cksum(const unsigned char *input,DES_cblock output[], |
| 187 | long length,int out_count,des_cblock *seed); | 210 | long length,int out_count,DES_cblock *seed); |
| 188 | void des_random_seed(des_cblock *key); | 211 | int DES_random_key(DES_cblock *ret); |
| 189 | void des_random_key(des_cblock *ret); | 212 | void DES_set_odd_parity(DES_cblock *key); |
| 190 | int des_read_password(des_cblock *key,const char *prompt,int verify); | 213 | int DES_check_key_parity(const_DES_cblock *key); |
| 191 | int des_read_2passwords(des_cblock *key1,des_cblock *key2, | 214 | int DES_is_weak_key(const_DES_cblock *key); |
| 192 | const char *prompt,int verify); | 215 | /* DES_set_key (= set_key = DES_key_sched = key_sched) calls |
| 193 | int des_read_pw_string(char *buf,int length,const char *prompt,int verify); | 216 | * DES_set_key_checked if global variable DES_check_key is set, |
| 194 | void des_set_odd_parity(des_cblock *key); | 217 | * DES_set_key_unchecked otherwise. */ |
| 195 | int des_is_weak_key(const_des_cblock *key); | 218 | int DES_set_key(const_DES_cblock *key,DES_key_schedule *schedule); |
| 196 | int des_set_key(const_des_cblock *key,des_key_schedule schedule); | 219 | int DES_key_sched(const_DES_cblock *key,DES_key_schedule *schedule); |
| 197 | int des_key_sched(const_des_cblock *key,des_key_schedule schedule); | 220 | int DES_set_key_checked(const_DES_cblock *key,DES_key_schedule *schedule); |
| 198 | void des_string_to_key(const char *str,des_cblock *key); | 221 | void DES_set_key_unchecked(const_DES_cblock *key,DES_key_schedule *schedule); |
| 199 | void des_string_to_2keys(const char *str,des_cblock *key1,des_cblock *key2); | 222 | void DES_string_to_key(const char *str,DES_cblock *key); |
| 200 | void des_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, | 223 | void DES_string_to_2keys(const char *str,DES_cblock *key1,DES_cblock *key2); |
| 201 | des_key_schedule schedule,des_cblock *ivec,int *num, | 224 | void DES_cfb64_encrypt(const unsigned char *in,unsigned char *out,long length, |
| 225 | DES_key_schedule *schedule,DES_cblock *ivec,int *num, | ||
| 202 | int enc); | 226 | int enc); |
| 203 | void des_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, | 227 | void DES_ofb64_encrypt(const unsigned char *in,unsigned char *out,long length, |
| 204 | des_key_schedule schedule,des_cblock *ivec,int *num); | 228 | DES_key_schedule *schedule,DES_cblock *ivec,int *num); |
| 205 | int des_read_pw(char *buf,char *buff,int size,const char *prompt,int verify); | ||
| 206 | 229 | ||
| 207 | /* Extra functions from Mark Murray <mark@grondar.za> */ | 230 | int DES_read_password(DES_cblock *key, const char *prompt, int verify); |
| 208 | void des_cblock_print_file(const_des_cblock *cb, FILE *fp); | 231 | int DES_read_2passwords(DES_cblock *key1, DES_cblock *key2, const char *prompt, |
| 209 | 232 | int verify); | |
| 210 | /* The following definitions provide compatibility with the MIT Kerberos | ||
| 211 | * library. The des_key_schedule structure is not binary compatible. */ | ||
| 212 | |||
| 213 | #define _KERBEROS_DES_H | ||
| 214 | |||
| 215 | #define KRBDES_ENCRYPT DES_ENCRYPT | ||
| 216 | #define KRBDES_DECRYPT DES_DECRYPT | ||
| 217 | |||
| 218 | #ifdef KERBEROS | ||
| 219 | # define ENCRYPT DES_ENCRYPT | ||
| 220 | # define DECRYPT DES_DECRYPT | ||
| 221 | #endif | ||
| 222 | |||
| 223 | #ifndef NCOMPAT | ||
| 224 | # define C_Block des_cblock | ||
| 225 | # define Key_schedule des_key_schedule | ||
| 226 | # define KEY_SZ DES_KEY_SZ | ||
| 227 | # define string_to_key des_string_to_key | ||
| 228 | # define read_pw_string des_read_pw_string | ||
| 229 | # define random_key des_random_key | ||
| 230 | # define pcbc_encrypt des_pcbc_encrypt | ||
| 231 | # define set_key des_set_key | ||
| 232 | # define key_sched des_key_sched | ||
| 233 | # define ecb_encrypt des_ecb_encrypt | ||
| 234 | # define cbc_encrypt des_cbc_encrypt | ||
| 235 | # define ncbc_encrypt des_ncbc_encrypt | ||
| 236 | # define xcbc_encrypt des_xcbc_encrypt | ||
| 237 | # define cbc_cksum des_cbc_cksum | ||
| 238 | # define quad_cksum des_quad_cksum | ||
| 239 | #endif | ||
| 240 | 233 | ||
| 241 | typedef des_key_schedule bit_64; | 234 | #define DES_fixup_key_parity DES_set_odd_parity |
| 242 | #define des_fixup_key_parity des_set_odd_parity | ||
| 243 | #define des_check_key_parity check_parity | ||
| 244 | 235 | ||
| 245 | #ifdef __cplusplus | 236 | #ifdef __cplusplus |
| 246 | } | 237 | } |
diff --git a/src/lib/libcrypto/des/des_enc.c b/src/lib/libcrypto/des/des_enc.c index e4db09299e..1c37ab96d3 100644 --- a/src/lib/libcrypto/des/des_enc.c +++ b/src/lib/libcrypto/des/des_enc.c | |||
| @@ -58,14 +58,11 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | void des_encrypt(data, ks, enc) | 61 | void DES_encrypt1(DES_LONG *data, DES_key_schedule *ks, int enc) |
| 62 | DES_LONG *data; | ||
| 63 | des_key_schedule ks; | ||
| 64 | int enc; | ||
| 65 | { | 62 | { |
| 66 | register DES_LONG l,r,t,u; | 63 | register DES_LONG l,r,t,u; |
| 67 | #ifdef DES_PTR | 64 | #ifdef DES_PTR |
| 68 | register unsigned char *des_SP=(unsigned char *)des_SPtrans; | 65 | register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; |
| 69 | #endif | 66 | #endif |
| 70 | #ifndef DES_UNROLL | 67 | #ifndef DES_UNROLL |
| 71 | register int i; | 68 | register int i; |
| @@ -78,7 +75,7 @@ int enc; | |||
| 78 | IP(r,l); | 75 | IP(r,l); |
| 79 | /* Things have been modified so that the initial rotate is | 76 | /* Things have been modified so that the initial rotate is |
| 80 | * done outside the loop. This required the | 77 | * done outside the loop. This required the |
| 81 | * des_SPtrans values in sp.h to be rotated 1 bit to the right. | 78 | * DES_SPtrans values in sp.h to be rotated 1 bit to the right. |
| 82 | * One perl script later and things have a 5% speed up on a sparc2. | 79 | * One perl script later and things have a 5% speed up on a sparc2. |
| 83 | * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | 80 | * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> |
| 84 | * for pointing this out. */ | 81 | * for pointing this out. */ |
| @@ -87,7 +84,7 @@ int enc; | |||
| 87 | r=ROTATE(r,29)&0xffffffffL; | 84 | r=ROTATE(r,29)&0xffffffffL; |
| 88 | l=ROTATE(l,29)&0xffffffffL; | 85 | l=ROTATE(l,29)&0xffffffffL; |
| 89 | 86 | ||
| 90 | s=(DES_LONG *)ks; | 87 | s=ks->ks->deslong; |
| 91 | /* I don't know if it is worth the effort of loop unrolling the | 88 | /* I don't know if it is worth the effort of loop unrolling the |
| 92 | * inner loop */ | 89 | * inner loop */ |
| 93 | if (enc) | 90 | if (enc) |
| @@ -159,14 +156,11 @@ int enc; | |||
| 159 | l=r=t=u=0; | 156 | l=r=t=u=0; |
| 160 | } | 157 | } |
| 161 | 158 | ||
| 162 | void des_encrypt2(data, ks, enc) | 159 | void DES_encrypt2(DES_LONG *data, DES_key_schedule *ks, int enc) |
| 163 | DES_LONG *data; | ||
| 164 | des_key_schedule ks; | ||
| 165 | int enc; | ||
| 166 | { | 160 | { |
| 167 | register DES_LONG l,r,t,u; | 161 | register DES_LONG l,r,t,u; |
| 168 | #ifdef DES_PTR | 162 | #ifdef DES_PTR |
| 169 | register unsigned char *des_SP=(unsigned char *)des_SPtrans; | 163 | register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; |
| 170 | #endif | 164 | #endif |
| 171 | #ifndef DES_UNROLL | 165 | #ifndef DES_UNROLL |
| 172 | register int i; | 166 | register int i; |
| @@ -178,7 +172,7 @@ int enc; | |||
| 178 | 172 | ||
| 179 | /* Things have been modified so that the initial rotate is | 173 | /* Things have been modified so that the initial rotate is |
| 180 | * done outside the loop. This required the | 174 | * done outside the loop. This required the |
| 181 | * des_SPtrans values in sp.h to be rotated 1 bit to the right. | 175 | * DES_SPtrans values in sp.h to be rotated 1 bit to the right. |
| 182 | * One perl script later and things have a 5% speed up on a sparc2. | 176 | * One perl script later and things have a 5% speed up on a sparc2. |
| 183 | * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> | 177 | * Thanks to Richard Outerbridge <71755.204@CompuServe.COM> |
| 184 | * for pointing this out. */ | 178 | * for pointing this out. */ |
| @@ -186,7 +180,7 @@ int enc; | |||
| 186 | r=ROTATE(r,29)&0xffffffffL; | 180 | r=ROTATE(r,29)&0xffffffffL; |
| 187 | l=ROTATE(l,29)&0xffffffffL; | 181 | l=ROTATE(l,29)&0xffffffffL; |
| 188 | 182 | ||
| 189 | s=(DES_LONG *)ks; | 183 | s=ks->ks->deslong; |
| 190 | /* I don't know if it is worth the effort of loop unrolling the | 184 | /* I don't know if it is worth the effort of loop unrolling the |
| 191 | * inner loop */ | 185 | * inner loop */ |
| 192 | if (enc) | 186 | if (enc) |
| @@ -253,11 +247,8 @@ int enc; | |||
| 253 | l=r=t=u=0; | 247 | l=r=t=u=0; |
| 254 | } | 248 | } |
| 255 | 249 | ||
| 256 | void des_encrypt3(data,ks1,ks2,ks3) | 250 | void DES_encrypt3(DES_LONG *data, DES_key_schedule *ks1, |
| 257 | DES_LONG *data; | 251 | DES_key_schedule *ks2, DES_key_schedule *ks3) |
| 258 | des_key_schedule ks1; | ||
| 259 | des_key_schedule ks2; | ||
| 260 | des_key_schedule ks3; | ||
| 261 | { | 252 | { |
| 262 | register DES_LONG l,r; | 253 | register DES_LONG l,r; |
| 263 | 254 | ||
| @@ -266,9 +257,9 @@ des_key_schedule ks3; | |||
| 266 | IP(l,r); | 257 | IP(l,r); |
| 267 | data[0]=l; | 258 | data[0]=l; |
| 268 | data[1]=r; | 259 | data[1]=r; |
| 269 | des_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); | 260 | DES_encrypt2((DES_LONG *)data,ks1,DES_ENCRYPT); |
| 270 | des_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); | 261 | DES_encrypt2((DES_LONG *)data,ks2,DES_DECRYPT); |
| 271 | des_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); | 262 | DES_encrypt2((DES_LONG *)data,ks3,DES_ENCRYPT); |
| 272 | l=data[0]; | 263 | l=data[0]; |
| 273 | r=data[1]; | 264 | r=data[1]; |
| 274 | FP(r,l); | 265 | FP(r,l); |
| @@ -276,11 +267,8 @@ des_key_schedule ks3; | |||
| 276 | data[1]=r; | 267 | data[1]=r; |
| 277 | } | 268 | } |
| 278 | 269 | ||
| 279 | void des_decrypt3(data,ks1,ks2,ks3) | 270 | void DES_decrypt3(DES_LONG *data, DES_key_schedule *ks1, |
| 280 | DES_LONG *data; | 271 | DES_key_schedule *ks2, DES_key_schedule *ks3) |
| 281 | des_key_schedule ks1; | ||
| 282 | des_key_schedule ks2; | ||
| 283 | des_key_schedule ks3; | ||
| 284 | { | 272 | { |
| 285 | register DES_LONG l,r; | 273 | register DES_LONG l,r; |
| 286 | 274 | ||
| @@ -289,9 +277,9 @@ des_key_schedule ks3; | |||
| 289 | IP(l,r); | 277 | IP(l,r); |
| 290 | data[0]=l; | 278 | data[0]=l; |
| 291 | data[1]=r; | 279 | data[1]=r; |
| 292 | des_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); | 280 | DES_encrypt2((DES_LONG *)data,ks3,DES_DECRYPT); |
| 293 | des_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); | 281 | DES_encrypt2((DES_LONG *)data,ks2,DES_ENCRYPT); |
| 294 | des_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); | 282 | DES_encrypt2((DES_LONG *)data,ks1,DES_DECRYPT); |
| 295 | l=data[0]; | 283 | l=data[0]; |
| 296 | r=data[1]; | 284 | r=data[1]; |
| 297 | FP(r,l); | 285 | FP(r,l); |
| @@ -301,108 +289,25 @@ des_key_schedule ks3; | |||
| 301 | 289 | ||
| 302 | #ifndef DES_DEFAULT_OPTIONS | 290 | #ifndef DES_DEFAULT_OPTIONS |
| 303 | 291 | ||
| 304 | void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | 292 | #undef CBC_ENC_C__DONT_UPDATE_IV |
| 305 | des_cblock (*input); | 293 | #include "ncbc_enc.c" /* DES_ncbc_encrypt */ |
| 306 | des_cblock (*output); | ||
| 307 | long length; | ||
| 308 | des_key_schedule schedule; | ||
| 309 | des_cblock (*ivec); | ||
| 310 | int enc; | ||
| 311 | { | ||
| 312 | register DES_LONG tin0,tin1; | ||
| 313 | register DES_LONG tout0,tout1,xor0,xor1; | ||
| 314 | register unsigned char *in,*out; | ||
| 315 | register long l=length; | ||
| 316 | DES_LONG tin[2]; | ||
| 317 | unsigned char *iv; | ||
| 318 | |||
| 319 | in=(unsigned char *)input; | ||
| 320 | out=(unsigned char *)output; | ||
| 321 | iv=(unsigned char *)ivec; | ||
| 322 | |||
| 323 | if (enc) | ||
| 324 | { | ||
| 325 | c2l(iv,tout0); | ||
| 326 | c2l(iv,tout1); | ||
| 327 | for (l-=8; l>=0; l-=8) | ||
| 328 | { | ||
| 329 | c2l(in,tin0); | ||
| 330 | c2l(in,tin1); | ||
| 331 | tin0^=tout0; tin[0]=tin0; | ||
| 332 | tin1^=tout1; tin[1]=tin1; | ||
| 333 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | ||
| 334 | tout0=tin[0]; l2c(tout0,out); | ||
| 335 | tout1=tin[1]; l2c(tout1,out); | ||
| 336 | } | ||
| 337 | if (l != -8) | ||
| 338 | { | ||
| 339 | c2ln(in,tin0,tin1,l+8); | ||
| 340 | tin0^=tout0; tin[0]=tin0; | ||
| 341 | tin1^=tout1; tin[1]=tin1; | ||
| 342 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | ||
| 343 | tout0=tin[0]; l2c(tout0,out); | ||
| 344 | tout1=tin[1]; l2c(tout1,out); | ||
| 345 | } | ||
| 346 | iv=(unsigned char *)ivec; | ||
| 347 | l2c(tout0,iv); | ||
| 348 | l2c(tout1,iv); | ||
| 349 | } | ||
| 350 | else | ||
| 351 | { | ||
| 352 | c2l(iv,xor0); | ||
| 353 | c2l(iv,xor1); | ||
| 354 | for (l-=8; l>=0; l-=8) | ||
| 355 | { | ||
| 356 | c2l(in,tin0); tin[0]=tin0; | ||
| 357 | c2l(in,tin1); tin[1]=tin1; | ||
| 358 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | ||
| 359 | tout0=tin[0]^xor0; | ||
| 360 | tout1=tin[1]^xor1; | ||
| 361 | l2c(tout0,out); | ||
| 362 | l2c(tout1,out); | ||
| 363 | xor0=tin0; | ||
| 364 | xor1=tin1; | ||
| 365 | } | ||
| 366 | if (l != -8) | ||
| 367 | { | ||
| 368 | c2l(in,tin0); tin[0]=tin0; | ||
| 369 | c2l(in,tin1); tin[1]=tin1; | ||
| 370 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | ||
| 371 | tout0=tin[0]^xor0; | ||
| 372 | tout1=tin[1]^xor1; | ||
| 373 | l2cn(tout0,tout1,out,l+8); | ||
| 374 | xor0=tin0; | ||
| 375 | xor1=tin1; | ||
| 376 | } | ||
| 377 | |||
| 378 | iv=(unsigned char *)ivec; | ||
| 379 | l2c(xor0,iv); | ||
| 380 | l2c(xor1,iv); | ||
| 381 | } | ||
| 382 | tin0=tin1=tout0=tout1=xor0=xor1=0; | ||
| 383 | tin[0]=tin[1]=0; | ||
| 384 | } | ||
| 385 | 294 | ||
| 386 | void des_ede3_cbc_encrypt(input, output, length, ks1, ks2, ks3, ivec, enc) | 295 | void DES_ede3_cbc_encrypt(const unsigned char *input, unsigned char *output, |
| 387 | des_cblock (*input); | 296 | long length, DES_key_schedule *ks1, |
| 388 | des_cblock (*output); | 297 | DES_key_schedule *ks2, DES_key_schedule *ks3, |
| 389 | long length; | 298 | DES_cblock *ivec, int enc) |
| 390 | des_key_schedule ks1; | ||
| 391 | des_key_schedule ks2; | ||
| 392 | des_key_schedule ks3; | ||
| 393 | des_cblock (*ivec); | ||
| 394 | int enc; | ||
| 395 | { | 299 | { |
| 396 | register DES_LONG tin0,tin1; | 300 | register DES_LONG tin0,tin1; |
| 397 | register DES_LONG tout0,tout1,xor0,xor1; | 301 | register DES_LONG tout0,tout1,xor0,xor1; |
| 398 | register unsigned char *in,*out; | 302 | register const unsigned char *in; |
| 303 | unsigned char *out; | ||
| 399 | register long l=length; | 304 | register long l=length; |
| 400 | DES_LONG tin[2]; | 305 | DES_LONG tin[2]; |
| 401 | unsigned char *iv; | 306 | unsigned char *iv; |
| 402 | 307 | ||
| 403 | in=(unsigned char *)input; | 308 | in=input; |
| 404 | out=(unsigned char *)output; | 309 | out=output; |
| 405 | iv=(unsigned char *)ivec; | 310 | iv = &(*ivec)[0]; |
| 406 | 311 | ||
| 407 | if (enc) | 312 | if (enc) |
| 408 | { | 313 | { |
| @@ -417,7 +322,7 @@ int enc; | |||
| 417 | 322 | ||
| 418 | tin[0]=tin0; | 323 | tin[0]=tin0; |
| 419 | tin[1]=tin1; | 324 | tin[1]=tin1; |
| 420 | des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | 325 | DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); |
| 421 | tout0=tin[0]; | 326 | tout0=tin[0]; |
| 422 | tout1=tin[1]; | 327 | tout1=tin[1]; |
| 423 | 328 | ||
| @@ -432,14 +337,14 @@ int enc; | |||
| 432 | 337 | ||
| 433 | tin[0]=tin0; | 338 | tin[0]=tin0; |
| 434 | tin[1]=tin1; | 339 | tin[1]=tin1; |
| 435 | des_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); | 340 | DES_encrypt3((DES_LONG *)tin,ks1,ks2,ks3); |
| 436 | tout0=tin[0]; | 341 | tout0=tin[0]; |
| 437 | tout1=tin[1]; | 342 | tout1=tin[1]; |
| 438 | 343 | ||
| 439 | l2c(tout0,out); | 344 | l2c(tout0,out); |
| 440 | l2c(tout1,out); | 345 | l2c(tout1,out); |
| 441 | } | 346 | } |
| 442 | iv=(unsigned char *)ivec; | 347 | iv = &(*ivec)[0]; |
| 443 | l2c(tout0,iv); | 348 | l2c(tout0,iv); |
| 444 | l2c(tout1,iv); | 349 | l2c(tout1,iv); |
| 445 | } | 350 | } |
| @@ -459,7 +364,7 @@ int enc; | |||
| 459 | 364 | ||
| 460 | tin[0]=tin0; | 365 | tin[0]=tin0; |
| 461 | tin[1]=tin1; | 366 | tin[1]=tin1; |
| 462 | des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | 367 | DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); |
| 463 | tout0=tin[0]; | 368 | tout0=tin[0]; |
| 464 | tout1=tin[1]; | 369 | tout1=tin[1]; |
| 465 | 370 | ||
| @@ -480,7 +385,7 @@ int enc; | |||
| 480 | 385 | ||
| 481 | tin[0]=tin0; | 386 | tin[0]=tin0; |
| 482 | tin[1]=tin1; | 387 | tin[1]=tin1; |
| 483 | des_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); | 388 | DES_decrypt3((DES_LONG *)tin,ks1,ks2,ks3); |
| 484 | tout0=tin[0]; | 389 | tout0=tin[0]; |
| 485 | tout1=tin[1]; | 390 | tout1=tin[1]; |
| 486 | 391 | ||
| @@ -491,7 +396,7 @@ int enc; | |||
| 491 | xor1=t1; | 396 | xor1=t1; |
| 492 | } | 397 | } |
| 493 | 398 | ||
| 494 | iv=(unsigned char *)ivec; | 399 | iv = &(*ivec)[0]; |
| 495 | l2c(xor0,iv); | 400 | l2c(xor0,iv); |
| 496 | l2c(xor1,iv); | 401 | l2c(xor1,iv); |
| 497 | } | 402 | } |
diff --git a/src/lib/libcrypto/des/des_locl.h b/src/lib/libcrypto/des/des_locl.h index d6ea17cb68..70e833be3f 100644 --- a/src/lib/libcrypto/des/des_locl.h +++ b/src/lib/libcrypto/des/des_locl.h | |||
| @@ -59,36 +59,45 @@ | |||
| 59 | #ifndef HEADER_DES_LOCL_H | 59 | #ifndef HEADER_DES_LOCL_H |
| 60 | #define HEADER_DES_LOCL_H | 60 | #define HEADER_DES_LOCL_H |
| 61 | 61 | ||
| 62 | #if defined(WIN32) || defined(WIN16) | 62 | #include <openssl/e_os2.h> |
| 63 | #ifndef MSDOS | 63 | |
| 64 | #define MSDOS | 64 | #if defined(OPENSSL_SYS_WIN32) || defined(OPENSSL_SYS_WIN16) |
| 65 | #ifndef OPENSSL_SYS_MSDOS | ||
| 66 | #define OPENSSL_SYS_MSDOS | ||
| 65 | #endif | 67 | #endif |
| 66 | #endif | 68 | #endif |
| 67 | 69 | ||
| 68 | #include <stdio.h> | 70 | #include <stdio.h> |
| 69 | #include <stdlib.h> | 71 | #include <stdlib.h> |
| 70 | 72 | ||
| 71 | #include <openssl/opensslconf.h> | 73 | #ifndef OPENSSL_SYS_MSDOS |
| 72 | 74 | #if !defined(OPENSSL_SYS_VMS) || defined(__DECC) | |
| 73 | #ifndef MSDOS | 75 | #ifdef OPENSSL_UNISTD |
| 74 | #if !defined(VMS) || defined(__DECC) | 76 | # include OPENSSL_UNISTD |
| 75 | #include OPENSSL_UNISTD | 77 | #else |
| 78 | # include <unistd.h> | ||
| 79 | #endif | ||
| 76 | #include <math.h> | 80 | #include <math.h> |
| 77 | #endif | 81 | #endif |
| 78 | #endif | 82 | #endif |
| 79 | #include <openssl/des.h> | 83 | #include <openssl/des.h> |
| 80 | 84 | ||
| 81 | #ifdef MSDOS /* Visual C++ 2.1 (Windows NT/95) */ | 85 | #ifdef OPENSSL_SYS_MSDOS /* Visual C++ 2.1 (Windows NT/95) */ |
| 82 | #include <stdlib.h> | 86 | #include <stdlib.h> |
| 83 | #include <errno.h> | 87 | #include <errno.h> |
| 84 | #include <time.h> | 88 | #include <time.h> |
| 85 | #include <io.h> | 89 | #include <io.h> |
| 86 | #endif | 90 | #endif |
| 87 | 91 | ||
| 88 | #if defined(__STDC__) || defined(VMS) || defined(M_XENIX) || defined(MSDOS) | 92 | #if defined(__STDC__) || defined(OPENSSL_SYS_VMS) || defined(M_XENIX) || defined(OPENSSL_SYS_MSDOS) |
| 89 | #include <string.h> | 93 | #include <string.h> |
| 90 | #endif | 94 | #endif |
| 91 | 95 | ||
| 96 | #ifdef OPENSSL_BUILD_SHLIBCRYPTO | ||
| 97 | # undef OPENSSL_EXTERN | ||
| 98 | # define OPENSSL_EXTERN OPENSSL_EXPORT | ||
| 99 | #endif | ||
| 100 | |||
| 92 | #define ITERATIONS 16 | 101 | #define ITERATIONS 16 |
| 93 | #define HALF_ITERATIONS 8 | 102 | #define HALF_ITERATIONS 8 |
| 94 | 103 | ||
| @@ -151,7 +160,7 @@ | |||
| 151 | } \ | 160 | } \ |
| 152 | } | 161 | } |
| 153 | 162 | ||
| 154 | #if defined(WIN32) | 163 | #if defined(OPENSSL_SYS_WIN32) && defined(_MSC_VER) |
| 155 | #define ROTATE(a,n) (_lrotr(a,n)) | 164 | #define ROTATE(a,n) (_lrotr(a,n)) |
| 156 | #else | 165 | #else |
| 157 | #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) | 166 | #define ROTATE(a,n) (((a)>>(n))+((a)<<(32-(n)))) |
| @@ -178,14 +187,14 @@ | |||
| 178 | #endif | 187 | #endif |
| 179 | 188 | ||
| 180 | /* The changes to this macro may help or hinder, depending on the | 189 | /* The changes to this macro may help or hinder, depending on the |
| 181 | * compiler and the achitecture. gcc2 always seems to do well :-). | 190 | * compiler and the architecture. gcc2 always seems to do well :-). |
| 182 | * Inspired by Dana How <how@isl.stanford.edu> | 191 | * Inspired by Dana How <how@isl.stanford.edu> |
| 183 | * DO NOT use the alternative version on machines with 8 byte longs. | 192 | * DO NOT use the alternative version on machines with 8 byte longs. |
| 184 | * It does not seem to work on the Alpha, even when DES_LONG is 4 | 193 | * It does not seem to work on the Alpha, even when DES_LONG is 4 |
| 185 | * bytes, probably an issue of accessing non-word aligned objects :-( */ | 194 | * bytes, probably an issue of accessing non-word aligned objects :-( */ |
| 186 | #ifdef DES_PTR | 195 | #ifdef DES_PTR |
| 187 | 196 | ||
| 188 | /* It recently occured to me that 0^0^0^0^0^0^0 == 0, so there | 197 | /* It recently occurred to me that 0^0^0^0^0^0^0 == 0, so there |
| 189 | * is no reason to not xor all the sub items together. This potentially | 198 | * is no reason to not xor all the sub items together. This potentially |
| 190 | * saves a register since things can be xored directly into L */ | 199 | * saves a register since things can be xored directly into L */ |
| 191 | 200 | ||
| @@ -274,24 +283,24 @@ | |||
| 274 | u1=(int)u&0x3f; \ | 283 | u1=(int)u&0x3f; \ |
| 275 | u2&=0x3f; \ | 284 | u2&=0x3f; \ |
| 276 | u>>=16L; \ | 285 | u>>=16L; \ |
| 277 | LL^=des_SPtrans[0][u1]; \ | 286 | LL^=DES_SPtrans[0][u1]; \ |
| 278 | LL^=des_SPtrans[2][u2]; \ | 287 | LL^=DES_SPtrans[2][u2]; \ |
| 279 | u3=(int)u>>8L; \ | 288 | u3=(int)u>>8L; \ |
| 280 | u1=(int)u&0x3f; \ | 289 | u1=(int)u&0x3f; \ |
| 281 | u3&=0x3f; \ | 290 | u3&=0x3f; \ |
| 282 | LL^=des_SPtrans[4][u1]; \ | 291 | LL^=DES_SPtrans[4][u1]; \ |
| 283 | LL^=des_SPtrans[6][u3]; \ | 292 | LL^=DES_SPtrans[6][u3]; \ |
| 284 | u2=(int)t>>8L; \ | 293 | u2=(int)t>>8L; \ |
| 285 | u1=(int)t&0x3f; \ | 294 | u1=(int)t&0x3f; \ |
| 286 | u2&=0x3f; \ | 295 | u2&=0x3f; \ |
| 287 | t>>=16L; \ | 296 | t>>=16L; \ |
| 288 | LL^=des_SPtrans[1][u1]; \ | 297 | LL^=DES_SPtrans[1][u1]; \ |
| 289 | LL^=des_SPtrans[3][u2]; \ | 298 | LL^=DES_SPtrans[3][u2]; \ |
| 290 | u3=(int)t>>8L; \ | 299 | u3=(int)t>>8L; \ |
| 291 | u1=(int)t&0x3f; \ | 300 | u1=(int)t&0x3f; \ |
| 292 | u3&=0x3f; \ | 301 | u3&=0x3f; \ |
| 293 | LL^=des_SPtrans[5][u1]; \ | 302 | LL^=DES_SPtrans[5][u1]; \ |
| 294 | LL^=des_SPtrans[7][u3]; } | 303 | LL^=DES_SPtrans[7][u3]; } |
| 295 | #endif | 304 | #endif |
| 296 | #ifdef DES_RISC2 | 305 | #ifdef DES_RISC2 |
| 297 | #define D_ENCRYPT(LL,R,S) {\ | 306 | #define D_ENCRYPT(LL,R,S) {\ |
| @@ -302,25 +311,25 @@ | |||
| 302 | u2=(int)u>>8L; \ | 311 | u2=(int)u>>8L; \ |
| 303 | u1=(int)u&0x3f; \ | 312 | u1=(int)u&0x3f; \ |
| 304 | u2&=0x3f; \ | 313 | u2&=0x3f; \ |
| 305 | LL^=des_SPtrans[0][u1]; \ | 314 | LL^=DES_SPtrans[0][u1]; \ |
| 306 | LL^=des_SPtrans[2][u2]; \ | 315 | LL^=DES_SPtrans[2][u2]; \ |
| 307 | s1=(int)u>>16L; \ | 316 | s1=(int)u>>16L; \ |
| 308 | s2=(int)u>>24L; \ | 317 | s2=(int)u>>24L; \ |
| 309 | s1&=0x3f; \ | 318 | s1&=0x3f; \ |
| 310 | s2&=0x3f; \ | 319 | s2&=0x3f; \ |
| 311 | LL^=des_SPtrans[4][s1]; \ | 320 | LL^=DES_SPtrans[4][s1]; \ |
| 312 | LL^=des_SPtrans[6][s2]; \ | 321 | LL^=DES_SPtrans[6][s2]; \ |
| 313 | u2=(int)t>>8L; \ | 322 | u2=(int)t>>8L; \ |
| 314 | u1=(int)t&0x3f; \ | 323 | u1=(int)t&0x3f; \ |
| 315 | u2&=0x3f; \ | 324 | u2&=0x3f; \ |
| 316 | LL^=des_SPtrans[1][u1]; \ | 325 | LL^=DES_SPtrans[1][u1]; \ |
| 317 | LL^=des_SPtrans[3][u2]; \ | 326 | LL^=DES_SPtrans[3][u2]; \ |
| 318 | s1=(int)t>>16; \ | 327 | s1=(int)t>>16; \ |
| 319 | s2=(int)t>>24L; \ | 328 | s2=(int)t>>24L; \ |
| 320 | s1&=0x3f; \ | 329 | s1&=0x3f; \ |
| 321 | s2&=0x3f; \ | 330 | s2&=0x3f; \ |
| 322 | LL^=des_SPtrans[5][s1]; \ | 331 | LL^=DES_SPtrans[5][s1]; \ |
| 323 | LL^=des_SPtrans[7][s2]; } | 332 | LL^=DES_SPtrans[7][s2]; } |
| 324 | #endif | 333 | #endif |
| 325 | 334 | ||
| 326 | #else | 335 | #else |
| @@ -329,14 +338,14 @@ | |||
| 329 | LOAD_DATA_tmp(R,S,u,t,E0,E1); \ | 338 | LOAD_DATA_tmp(R,S,u,t,E0,E1); \ |
| 330 | t=ROTATE(t,4); \ | 339 | t=ROTATE(t,4); \ |
| 331 | LL^=\ | 340 | LL^=\ |
| 332 | des_SPtrans[0][(u>> 2L)&0x3f]^ \ | 341 | DES_SPtrans[0][(u>> 2L)&0x3f]^ \ |
| 333 | des_SPtrans[2][(u>>10L)&0x3f]^ \ | 342 | DES_SPtrans[2][(u>>10L)&0x3f]^ \ |
| 334 | des_SPtrans[4][(u>>18L)&0x3f]^ \ | 343 | DES_SPtrans[4][(u>>18L)&0x3f]^ \ |
| 335 | des_SPtrans[6][(u>>26L)&0x3f]^ \ | 344 | DES_SPtrans[6][(u>>26L)&0x3f]^ \ |
| 336 | des_SPtrans[1][(t>> 2L)&0x3f]^ \ | 345 | DES_SPtrans[1][(t>> 2L)&0x3f]^ \ |
| 337 | des_SPtrans[3][(t>>10L)&0x3f]^ \ | 346 | DES_SPtrans[3][(t>>10L)&0x3f]^ \ |
| 338 | des_SPtrans[5][(t>>18L)&0x3f]^ \ | 347 | DES_SPtrans[5][(t>>18L)&0x3f]^ \ |
| 339 | des_SPtrans[7][(t>>26L)&0x3f]; } | 348 | DES_SPtrans[7][(t>>26L)&0x3f]; } |
| 340 | #endif | 349 | #endif |
| 341 | #endif | 350 | #endif |
| 342 | 351 | ||
| @@ -401,8 +410,8 @@ | |||
| 401 | PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ | 410 | PERM_OP(l,r,tt, 4,0x0f0f0f0fL); \ |
| 402 | } | 411 | } |
| 403 | 412 | ||
| 404 | OPENSSL_EXTERN const DES_LONG des_SPtrans[8][64]; | 413 | OPENSSL_EXTERN const DES_LONG DES_SPtrans[8][64]; |
| 405 | 414 | ||
| 406 | void fcrypt_body(DES_LONG *out,des_key_schedule ks, | 415 | void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, |
| 407 | DES_LONG Eswap0, DES_LONG Eswap1); | 416 | DES_LONG Eswap0, DES_LONG Eswap1); |
| 408 | #endif | 417 | #endif |
diff --git a/src/lib/libcrypto/des/ecb3_enc.c b/src/lib/libcrypto/des/ecb3_enc.c index 140f6b5285..c3437bc606 100644 --- a/src/lib/libcrypto/des/ecb3_enc.c +++ b/src/lib/libcrypto/des/ecb3_enc.c | |||
| @@ -58,28 +58,24 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | void des_ecb3_encrypt(input, output, ks1, ks2, ks3, enc) | 61 | void DES_ecb3_encrypt(const_DES_cblock *input, DES_cblock *output, |
| 62 | des_cblock (*input); | 62 | DES_key_schedule *ks1, DES_key_schedule *ks2, |
| 63 | des_cblock (*output); | 63 | DES_key_schedule *ks3, |
| 64 | des_key_schedule ks1; | 64 | int enc) |
| 65 | des_key_schedule ks2; | ||
| 66 | des_key_schedule ks3; | ||
| 67 | int enc; | ||
| 68 | { | 65 | { |
| 69 | register DES_LONG l0,l1; | 66 | register DES_LONG l0,l1; |
| 70 | register unsigned char *in,*out; | ||
| 71 | DES_LONG ll[2]; | 67 | DES_LONG ll[2]; |
| 68 | const unsigned char *in = &(*input)[0]; | ||
| 69 | unsigned char *out = &(*output)[0]; | ||
| 72 | 70 | ||
| 73 | in=(unsigned char *)input; | ||
| 74 | out=(unsigned char *)output; | ||
| 75 | c2l(in,l0); | 71 | c2l(in,l0); |
| 76 | c2l(in,l1); | 72 | c2l(in,l1); |
| 77 | ll[0]=l0; | 73 | ll[0]=l0; |
| 78 | ll[1]=l1; | 74 | ll[1]=l1; |
| 79 | if (enc) | 75 | if (enc) |
| 80 | des_encrypt3(ll,ks1,ks2,ks3); | 76 | DES_encrypt3(ll,ks1,ks2,ks3); |
| 81 | else | 77 | else |
| 82 | des_decrypt3(ll,ks1,ks2,ks3); | 78 | DES_decrypt3(ll,ks1,ks2,ks3); |
| 83 | l0=ll[0]; | 79 | l0=ll[0]; |
| 84 | l1=ll[1]; | 80 | l1=ll[1]; |
| 85 | l2c(l0,out); | 81 | l2c(l0,out); |
diff --git a/src/lib/libcrypto/des/ecb_enc.c b/src/lib/libcrypto/des/ecb_enc.c index acf23fdd00..4650f2fa0f 100644 --- a/src/lib/libcrypto/des/ecb_enc.c +++ b/src/lib/libcrypto/des/ecb_enc.c | |||
| @@ -58,20 +58,20 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | #include "spr.h" | 60 | #include "spr.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *libdes_version="libdes v 3.24 - 20-Apr-1996 - eay"; | 63 | OPENSSL_GLOBAL const char *libdes_version="libdes" OPENSSL_VERSION_PTEXT; |
| 63 | char *DES_version="DES part of SSLeay 0.9.0b 29-Jun-1998"; | 64 | OPENSSL_GLOBAL const char *DES_version="DES" OPENSSL_VERSION_PTEXT; |
| 64 | 65 | ||
| 65 | char *des_options() | 66 | const char *DES_options(void) |
| 66 | { | 67 | { |
| 67 | static int init=1; | 68 | static int init=1; |
| 68 | static char buf[32]; | 69 | static char buf[32]; |
| 69 | 70 | ||
| 70 | if (init) | 71 | if (init) |
| 71 | { | 72 | { |
| 72 | char *ptr,*unroll,*risc,*size; | 73 | const char *ptr,*unroll,*risc,*size; |
| 73 | 74 | ||
| 74 | init=0; | ||
| 75 | #ifdef DES_PTR | 75 | #ifdef DES_PTR |
| 76 | ptr="ptr"; | 76 | ptr="ptr"; |
| 77 | #else | 77 | #else |
| @@ -97,28 +97,24 @@ char *des_options() | |||
| 97 | else | 97 | else |
| 98 | size="long"; | 98 | size="long"; |
| 99 | sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); | 99 | sprintf(buf,"des(%s,%s,%s,%s)",ptr,risc,unroll,size); |
| 100 | init=0; | ||
| 100 | } | 101 | } |
| 101 | return(buf); | 102 | return(buf); |
| 102 | } | 103 | } |
| 103 | 104 | ||
| 104 | 105 | ||
| 105 | void des_ecb_encrypt(input, output, ks, enc) | 106 | void DES_ecb_encrypt(const_DES_cblock *input, DES_cblock *output, |
| 106 | des_cblock (*input); | 107 | DES_key_schedule *ks, int enc) |
| 107 | des_cblock (*output); | ||
| 108 | des_key_schedule ks; | ||
| 109 | int enc; | ||
| 110 | { | 108 | { |
| 111 | register DES_LONG l; | 109 | register DES_LONG l; |
| 112 | register unsigned char *in,*out; | ||
| 113 | DES_LONG ll[2]; | 110 | DES_LONG ll[2]; |
| 111 | const unsigned char *in = &(*input)[0]; | ||
| 112 | unsigned char *out = &(*output)[0]; | ||
| 114 | 113 | ||
| 115 | in=(unsigned char *)input; | ||
| 116 | out=(unsigned char *)output; | ||
| 117 | c2l(in,l); ll[0]=l; | 114 | c2l(in,l); ll[0]=l; |
| 118 | c2l(in,l); ll[1]=l; | 115 | c2l(in,l); ll[1]=l; |
| 119 | des_encrypt(ll,ks,enc); | 116 | DES_encrypt1(ll,ks,enc); |
| 120 | l=ll[0]; l2c(l,out); | 117 | l=ll[0]; l2c(l,out); |
| 121 | l=ll[1]; l2c(l,out); | 118 | l=ll[1]; l2c(l,out); |
| 122 | l=ll[0]=ll[1]=0; | 119 | l=ll[0]=ll[1]=0; |
| 123 | } | 120 | } |
| 124 | |||
diff --git a/src/lib/libcrypto/des/ede_cbcm_enc.c b/src/lib/libcrypto/des/ede_cbcm_enc.c index c53062481d..fa45aa272b 100644 --- a/src/lib/libcrypto/des/ede_cbcm_enc.c +++ b/src/lib/libcrypto/des/ede_cbcm_enc.c | |||
| @@ -68,12 +68,12 @@ http://www.cs.technion.ac.il/users/wwwb/cgi-bin/tr-get.cgi/1998/CS/CS0928.ps.gz | |||
| 68 | 68 | ||
| 69 | */ | 69 | */ |
| 70 | 70 | ||
| 71 | #ifndef NO_DESCBCM | 71 | #ifndef OPENSSL_NO_DESCBCM |
| 72 | #include "des_locl.h" | 72 | #include "des_locl.h" |
| 73 | 73 | ||
| 74 | void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, | 74 | void DES_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, |
| 75 | long length, des_key_schedule ks1, des_key_schedule ks2, | 75 | long length, DES_key_schedule *ks1, DES_key_schedule *ks2, |
| 76 | des_key_schedule ks3, des_cblock *ivec1, des_cblock *ivec2, | 76 | DES_key_schedule *ks3, DES_cblock *ivec1, DES_cblock *ivec2, |
| 77 | int enc) | 77 | int enc) |
| 78 | { | 78 | { |
| 79 | register DES_LONG tin0,tin1; | 79 | register DES_LONG tin0,tin1; |
| @@ -95,7 +95,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, | |||
| 95 | { | 95 | { |
| 96 | tin[0]=m0; | 96 | tin[0]=m0; |
| 97 | tin[1]=m1; | 97 | tin[1]=m1; |
| 98 | des_encrypt(tin,ks3,1); | 98 | DES_encrypt1(tin,ks3,1); |
| 99 | m0=tin[0]; | 99 | m0=tin[0]; |
| 100 | m1=tin[1]; | 100 | m1=tin[1]; |
| 101 | 101 | ||
| @@ -113,13 +113,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, | |||
| 113 | 113 | ||
| 114 | tin[0]=tin0; | 114 | tin[0]=tin0; |
| 115 | tin[1]=tin1; | 115 | tin[1]=tin1; |
| 116 | des_encrypt(tin,ks1,1); | 116 | DES_encrypt1(tin,ks1,1); |
| 117 | tin[0]^=m0; | 117 | tin[0]^=m0; |
| 118 | tin[1]^=m1; | 118 | tin[1]^=m1; |
| 119 | des_encrypt(tin,ks2,0); | 119 | DES_encrypt1(tin,ks2,0); |
| 120 | tin[0]^=m0; | 120 | tin[0]^=m0; |
| 121 | tin[1]^=m1; | 121 | tin[1]^=m1; |
| 122 | des_encrypt(tin,ks1,1); | 122 | DES_encrypt1(tin,ks1,1); |
| 123 | tout0=tin[0]; | 123 | tout0=tin[0]; |
| 124 | tout1=tin[1]; | 124 | tout1=tin[1]; |
| 125 | 125 | ||
| @@ -146,7 +146,7 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, | |||
| 146 | { | 146 | { |
| 147 | tin[0]=m0; | 147 | tin[0]=m0; |
| 148 | tin[1]=m1; | 148 | tin[1]=m1; |
| 149 | des_encrypt(tin,ks3,1); | 149 | DES_encrypt1(tin,ks3,1); |
| 150 | m0=tin[0]; | 150 | m0=tin[0]; |
| 151 | m1=tin[1]; | 151 | m1=tin[1]; |
| 152 | 152 | ||
| @@ -158,13 +158,13 @@ void des_ede3_cbcm_encrypt(const unsigned char *in, unsigned char *out, | |||
| 158 | 158 | ||
| 159 | tin[0]=tin0; | 159 | tin[0]=tin0; |
| 160 | tin[1]=tin1; | 160 | tin[1]=tin1; |
| 161 | des_encrypt(tin,ks1,0); | 161 | DES_encrypt1(tin,ks1,0); |
| 162 | tin[0]^=m0; | 162 | tin[0]^=m0; |
| 163 | tin[1]^=m1; | 163 | tin[1]^=m1; |
| 164 | des_encrypt(tin,ks2,1); | 164 | DES_encrypt1(tin,ks2,1); |
| 165 | tin[0]^=m0; | 165 | tin[0]^=m0; |
| 166 | tin[1]^=m1; | 166 | tin[1]^=m1; |
| 167 | des_encrypt(tin,ks1,0); | 167 | DES_encrypt1(tin,ks1,0); |
| 168 | tout0=tin[0]; | 168 | tout0=tin[0]; |
| 169 | tout1=tin[1]; | 169 | tout1=tin[1]; |
| 170 | 170 | ||
diff --git a/src/lib/libcrypto/des/enc_read.c b/src/lib/libcrypto/des/enc_read.c index e08a904d75..c70fb686b8 100644 --- a/src/lib/libcrypto/des/enc_read.c +++ b/src/lib/libcrypto/des/enc_read.c | |||
| @@ -58,18 +58,34 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | ||
| 61 | #include "des_locl.h" | 62 | #include "des_locl.h" |
| 62 | 63 | ||
| 63 | /* This has some uglies in it but it works - even over sockets. */ | 64 | /* This has some uglies in it but it works - even over sockets. */ |
| 64 | /*extern int errno;*/ | 65 | /*extern int errno;*/ |
| 65 | int des_rw_mode=DES_PCBC_MODE; | 66 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_rw_mode)=DES_PCBC_MODE; |
| 66 | 67 | ||
| 67 | int des_enc_read(fd, buf, len, sched, iv) | 68 | |
| 68 | int fd; | 69 | /* |
| 69 | char *buf; | 70 | * WARNINGS: |
| 70 | int len; | 71 | * |
| 71 | des_key_schedule sched; | 72 | * - The data format used by DES_enc_write() and DES_enc_read() |
| 72 | des_cblock (*iv); | 73 | * has a cryptographic weakness: When asked to write more |
| 74 | * than MAXWRITE bytes, DES_enc_write will split the data | ||
| 75 | * into several chunks that are all encrypted | ||
| 76 | * using the same IV. So don't use these functions unless you | ||
| 77 | * are sure you know what you do (in which case you might | ||
| 78 | * not want to use them anyway). | ||
| 79 | * | ||
| 80 | * - This code cannot handle non-blocking sockets. | ||
| 81 | * | ||
| 82 | * - This function uses an internal state and thus cannot be | ||
| 83 | * used on multiple files. | ||
| 84 | */ | ||
| 85 | |||
| 86 | |||
| 87 | int DES_enc_read(int fd, void *buf, int len, DES_key_schedule *sched, | ||
| 88 | DES_cblock *iv) | ||
| 73 | { | 89 | { |
| 74 | /* data to be unencrypted */ | 90 | /* data to be unencrypted */ |
| 75 | int net_num=0; | 91 | int net_num=0; |
| @@ -77,27 +93,27 @@ des_cblock (*iv); | |||
| 77 | /* extra unencrypted data | 93 | /* extra unencrypted data |
| 78 | * for when a block of 100 comes in but is des_read one byte at | 94 | * for when a block of 100 comes in but is des_read one byte at |
| 79 | * a time. */ | 95 | * a time. */ |
| 80 | static char *unnet=NULL; | 96 | static unsigned char *unnet=NULL; |
| 81 | static int unnet_start=0; | 97 | static int unnet_start=0; |
| 82 | static int unnet_left=0; | 98 | static int unnet_left=0; |
| 83 | static char *tmpbuf=NULL; | 99 | static unsigned char *tmpbuf=NULL; |
| 84 | int i; | 100 | int i; |
| 85 | long num=0,rnum; | 101 | long num=0,rnum; |
| 86 | unsigned char *p; | 102 | unsigned char *p; |
| 87 | 103 | ||
| 88 | if (tmpbuf == NULL) | 104 | if (tmpbuf == NULL) |
| 89 | { | 105 | { |
| 90 | tmpbuf=(char *)malloc(BSIZE); | 106 | tmpbuf=OPENSSL_malloc(BSIZE); |
| 91 | if (tmpbuf == NULL) return(-1); | 107 | if (tmpbuf == NULL) return(-1); |
| 92 | } | 108 | } |
| 93 | if (net == NULL) | 109 | if (net == NULL) |
| 94 | { | 110 | { |
| 95 | net=(unsigned char *)malloc(BSIZE); | 111 | net=OPENSSL_malloc(BSIZE); |
| 96 | if (net == NULL) return(-1); | 112 | if (net == NULL) return(-1); |
| 97 | } | 113 | } |
| 98 | if (unnet == NULL) | 114 | if (unnet == NULL) |
| 99 | { | 115 | { |
| 100 | unnet=(char *)malloc(BSIZE); | 116 | unnet=OPENSSL_malloc(BSIZE); |
| 101 | if (unnet == NULL) return(-1); | 117 | if (unnet == NULL) return(-1); |
| 102 | } | 118 | } |
| 103 | /* left over data from last decrypt */ | 119 | /* left over data from last decrypt */ |
| @@ -109,7 +125,7 @@ des_cblock (*iv); | |||
| 109 | * with the number of bytes we have - should always | 125 | * with the number of bytes we have - should always |
| 110 | * check the return value */ | 126 | * check the return value */ |
| 111 | memcpy(buf,&(unnet[unnet_start]), | 127 | memcpy(buf,&(unnet[unnet_start]), |
| 112 | (unsigned int)unnet_left); | 128 | unnet_left); |
| 113 | /* eay 26/08/92 I had the next 2 lines | 129 | /* eay 26/08/92 I had the next 2 lines |
| 114 | * reversed :-( */ | 130 | * reversed :-( */ |
| 115 | i=unnet_left; | 131 | i=unnet_left; |
| @@ -117,7 +133,7 @@ des_cblock (*iv); | |||
| 117 | } | 133 | } |
| 118 | else | 134 | else |
| 119 | { | 135 | { |
| 120 | memcpy(buf,&(unnet[unnet_start]),(unsigned int)len); | 136 | memcpy(buf,&(unnet[unnet_start]),len); |
| 121 | unnet_start+=len; | 137 | unnet_start+=len; |
| 122 | unnet_left-=len; | 138 | unnet_left-=len; |
| 123 | i=len; | 139 | i=len; |
| @@ -131,7 +147,7 @@ des_cblock (*iv); | |||
| 131 | /* first - get the length */ | 147 | /* first - get the length */ |
| 132 | while (net_num < HDRSIZE) | 148 | while (net_num < HDRSIZE) |
| 133 | { | 149 | { |
| 134 | i=read(fd,&(net[net_num]),(unsigned int)HDRSIZE-net_num); | 150 | i=read(fd,(void *)&(net[net_num]),HDRSIZE-net_num); |
| 135 | #ifdef EINTR | 151 | #ifdef EINTR |
| 136 | if ((i == -1) && (errno == EINTR)) continue; | 152 | if ((i == -1) && (errno == EINTR)) continue; |
| 137 | #endif | 153 | #endif |
| @@ -153,7 +169,7 @@ des_cblock (*iv); | |||
| 153 | net_num=0; | 169 | net_num=0; |
| 154 | while (net_num < rnum) | 170 | while (net_num < rnum) |
| 155 | { | 171 | { |
| 156 | i=read(fd,&(net[net_num]),(unsigned int)rnum-net_num); | 172 | i=read(fd,(void *)&(net[net_num]),rnum-net_num); |
| 157 | #ifdef EINTR | 173 | #ifdef EINTR |
| 158 | if ((i == -1) && (errno == EINTR)) continue; | 174 | if ((i == -1) && (errno == EINTR)) continue; |
| 159 | #endif | 175 | #endif |
| @@ -164,15 +180,13 @@ des_cblock (*iv); | |||
| 164 | /* Check if there will be data left over. */ | 180 | /* Check if there will be data left over. */ |
| 165 | if (len < num) | 181 | if (len < num) |
| 166 | { | 182 | { |
| 167 | if (des_rw_mode & DES_PCBC_MODE) | 183 | if (DES_rw_mode & DES_PCBC_MODE) |
| 168 | des_pcbc_encrypt((des_cblock *)net,(des_cblock *)unnet, | 184 | DES_pcbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); |
| 169 | num,sched,iv,DES_DECRYPT); | ||
| 170 | else | 185 | else |
| 171 | des_cbc_encrypt((des_cblock *)net,(des_cblock *)unnet, | 186 | DES_cbc_encrypt(net,unnet,num,sched,iv,DES_DECRYPT); |
| 172 | num,sched,iv,DES_DECRYPT); | 187 | memcpy(buf,unnet,len); |
| 173 | memcpy(buf,unnet,(unsigned int)len); | ||
| 174 | unnet_start=len; | 188 | unnet_start=len; |
| 175 | unnet_left=(int)num-len; | 189 | unnet_left=num-len; |
| 176 | 190 | ||
| 177 | /* The following line is done because we return num | 191 | /* The following line is done because we return num |
| 178 | * as the number of bytes read. */ | 192 | * as the number of bytes read. */ |
| @@ -188,31 +202,27 @@ des_cblock (*iv); | |||
| 188 | if (len < rnum) | 202 | if (len < rnum) |
| 189 | { | 203 | { |
| 190 | 204 | ||
| 191 | if (des_rw_mode & DES_PCBC_MODE) | 205 | if (DES_rw_mode & DES_PCBC_MODE) |
| 192 | des_pcbc_encrypt((des_cblock *)net, | 206 | DES_pcbc_encrypt(net,tmpbuf,num,sched,iv, |
| 193 | (des_cblock *)tmpbuf, | 207 | DES_DECRYPT); |
| 194 | num,sched,iv,DES_DECRYPT); | ||
| 195 | else | 208 | else |
| 196 | des_cbc_encrypt((des_cblock *)net, | 209 | DES_cbc_encrypt(net,tmpbuf,num,sched,iv, |
| 197 | (des_cblock *)tmpbuf, | 210 | DES_DECRYPT); |
| 198 | num,sched,iv,DES_DECRYPT); | ||
| 199 | 211 | ||
| 200 | /* eay 26/08/92 fix a bug that returned more | 212 | /* eay 26/08/92 fix a bug that returned more |
| 201 | * bytes than you asked for (returned len bytes :-( */ | 213 | * bytes than you asked for (returned len bytes :-( */ |
| 202 | memcpy(buf,tmpbuf,(unsigned int)num); | 214 | memcpy(buf,tmpbuf,num); |
| 203 | } | 215 | } |
| 204 | else | 216 | else |
| 205 | { | 217 | { |
| 206 | if (des_rw_mode & DES_PCBC_MODE) | 218 | if (DES_rw_mode & DES_PCBC_MODE) |
| 207 | des_pcbc_encrypt((des_cblock *)net, | 219 | DES_pcbc_encrypt(net,buf,num,sched,iv, |
| 208 | (des_cblock *)buf,num,sched,iv, | 220 | DES_DECRYPT); |
| 209 | DES_DECRYPT); | ||
| 210 | else | 221 | else |
| 211 | des_cbc_encrypt((des_cblock *)net, | 222 | DES_cbc_encrypt(net,buf,num,sched,iv, |
| 212 | (des_cblock *)buf,num,sched,iv, | 223 | DES_DECRYPT); |
| 213 | DES_DECRYPT); | ||
| 214 | } | 224 | } |
| 215 | } | 225 | } |
| 216 | return((int)num); | 226 | return num; |
| 217 | } | 227 | } |
| 218 | 228 | ||
diff --git a/src/lib/libcrypto/des/enc_writ.c b/src/lib/libcrypto/des/enc_writ.c index 29a7330fb0..af5b8c2349 100644 --- a/src/lib/libcrypto/des/enc_writ.c +++ b/src/lib/libcrypto/des/enc_writ.c | |||
| @@ -58,32 +58,44 @@ | |||
| 58 | 58 | ||
| 59 | #include <errno.h> | 59 | #include <errno.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <stdio.h> | ||
| 62 | #include "cryptlib.h" | ||
| 61 | #include "des_locl.h" | 63 | #include "des_locl.h" |
| 64 | #include <openssl/rand.h> | ||
| 62 | 65 | ||
| 63 | int des_enc_write(fd, buf, len, sched, iv) | 66 | /* |
| 64 | int fd; | 67 | * WARNINGS: |
| 65 | char *buf; | 68 | * |
| 66 | int len; | 69 | * - The data format used by DES_enc_write() and DES_enc_read() |
| 67 | des_key_schedule sched; | 70 | * has a cryptographic weakness: When asked to write more |
| 68 | des_cblock (*iv); | 71 | * than MAXWRITE bytes, DES_enc_write will split the data |
| 72 | * into several chunks that are all encrypted | ||
| 73 | * using the same IV. So don't use these functions unless you | ||
| 74 | * are sure you know what you do (in which case you might | ||
| 75 | * not want to use them anyway). | ||
| 76 | * | ||
| 77 | * - This code cannot handle non-blocking sockets. | ||
| 78 | */ | ||
| 79 | |||
| 80 | int DES_enc_write(int fd, const void *_buf, int len, | ||
| 81 | DES_key_schedule *sched, DES_cblock *iv) | ||
| 69 | { | 82 | { |
| 70 | #ifdef _LIBC | 83 | #ifdef _LIBC |
| 71 | extern int srandom(); | ||
| 72 | extern unsigned long time(); | 84 | extern unsigned long time(); |
| 73 | extern int random(); | ||
| 74 | extern int write(); | 85 | extern int write(); |
| 75 | #endif | 86 | #endif |
| 76 | 87 | const unsigned char *buf=_buf; | |
| 77 | long rnum; | 88 | long rnum; |
| 78 | int i,j,k,outnum; | 89 | int i,j,k,outnum; |
| 79 | static char *outbuf=NULL; | 90 | static unsigned char *outbuf=NULL; |
| 80 | char shortbuf[8]; | 91 | unsigned char shortbuf[8]; |
| 81 | char *p; | 92 | unsigned char *p; |
| 93 | const unsigned char *cp; | ||
| 82 | static int start=1; | 94 | static int start=1; |
| 83 | 95 | ||
| 84 | if (outbuf == NULL) | 96 | if (outbuf == NULL) |
| 85 | { | 97 | { |
| 86 | outbuf=(char *)malloc(BSIZE+HDRSIZE); | 98 | outbuf=OPENSSL_malloc(BSIZE+HDRSIZE); |
| 87 | if (outbuf == NULL) return(-1); | 99 | if (outbuf == NULL) return(-1); |
| 88 | } | 100 | } |
| 89 | /* If we are sending less than 8 bytes, the same char will look | 101 | /* If we are sending less than 8 bytes, the same char will look |
| @@ -91,7 +103,6 @@ des_cblock (*iv); | |||
| 91 | if (start) | 103 | if (start) |
| 92 | { | 104 | { |
| 93 | start=0; | 105 | start=0; |
| 94 | srandom((unsigned int)time(NULL)); | ||
| 95 | } | 106 | } |
| 96 | 107 | ||
| 97 | /* lets recurse if we want to send the data in small chunks */ | 108 | /* lets recurse if we want to send the data in small chunks */ |
| @@ -100,7 +111,7 @@ des_cblock (*iv); | |||
| 100 | j=0; | 111 | j=0; |
| 101 | for (i=0; i<len; i+=k) | 112 | for (i=0; i<len; i+=k) |
| 102 | { | 113 | { |
| 103 | k=des_enc_write(fd,&(buf[i]), | 114 | k=DES_enc_write(fd,&(buf[i]), |
| 104 | ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv); | 115 | ((len-i) > MAXWRITE)?MAXWRITE:(len-i),sched,iv); |
| 105 | if (k < 0) | 116 | if (k < 0) |
| 106 | return(k); | 117 | return(k); |
| @@ -117,40 +128,40 @@ des_cblock (*iv); | |||
| 117 | /* pad short strings */ | 128 | /* pad short strings */ |
| 118 | if (len < 8) | 129 | if (len < 8) |
| 119 | { | 130 | { |
| 120 | p=shortbuf; | 131 | cp=shortbuf; |
| 121 | memcpy(shortbuf,buf,(unsigned int)len); | 132 | memcpy(shortbuf,buf,len); |
| 122 | for (i=len; i<8; i++) | 133 | RAND_pseudo_bytes(shortbuf+len, 8-len); |
| 123 | shortbuf[i]=random(); | ||
| 124 | rnum=8; | 134 | rnum=8; |
| 125 | } | 135 | } |
| 126 | else | 136 | else |
| 127 | { | 137 | { |
| 128 | p=buf; | 138 | cp=buf; |
| 129 | rnum=((len+7)/8*8); /* round up to nearest eight */ | 139 | rnum=((len+7)/8*8); /* round up to nearest eight */ |
| 130 | } | 140 | } |
| 131 | 141 | ||
| 132 | if (des_rw_mode & DES_PCBC_MODE) | 142 | if (DES_rw_mode & DES_PCBC_MODE) |
| 133 | des_pcbc_encrypt((des_cblock *)p, | 143 | DES_pcbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, |
| 134 | (des_cblock *)&(outbuf[HDRSIZE]), | 144 | DES_ENCRYPT); |
| 135 | (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); | ||
| 136 | else | 145 | else |
| 137 | des_cbc_encrypt((des_cblock *)p, | 146 | DES_cbc_encrypt(cp,&(outbuf[HDRSIZE]),(len<8)?8:len,sched,iv, |
| 138 | (des_cblock *)&(outbuf[HDRSIZE]), | 147 | DES_ENCRYPT); |
| 139 | (long)((len<8)?8:len),sched,iv,DES_ENCRYPT); | ||
| 140 | 148 | ||
| 141 | /* output */ | 149 | /* output */ |
| 142 | outnum=(int)rnum+HDRSIZE; | 150 | outnum=rnum+HDRSIZE; |
| 143 | 151 | ||
| 144 | for (j=0; j<outnum; j+=i) | 152 | for (j=0; j<outnum; j+=i) |
| 145 | { | 153 | { |
| 146 | /* eay 26/08/92 I was not doing writing from where we | 154 | /* eay 26/08/92 I was not doing writing from where we |
| 147 | * got upto. */ | 155 | * got up to. */ |
| 148 | i=write(fd,&(outbuf[j]),(unsigned int)(outnum-j)); | 156 | i=write(fd,(void *)&(outbuf[j]),outnum-j); |
| 149 | if (i == -1) | 157 | if (i == -1) |
| 150 | { | 158 | { |
| 159 | #ifdef EINTR | ||
| 151 | if (errno == EINTR) | 160 | if (errno == EINTR) |
| 152 | i=0; | 161 | i=0; |
| 153 | else /* This is really a bad error - very bad | 162 | else |
| 163 | #endif | ||
| 164 | /* This is really a bad error - very bad | ||
| 154 | * It will stuff-up both ends. */ | 165 | * It will stuff-up both ends. */ |
| 155 | return(-1); | 166 | return(-1); |
| 156 | } | 167 | } |
diff --git a/src/lib/libcrypto/des/fcrypt.c b/src/lib/libcrypto/des/fcrypt.c index 129beb27da..2758c32656 100644 --- a/src/lib/libcrypto/des/fcrypt.c +++ b/src/lib/libcrypto/des/fcrypt.c | |||
| @@ -1,9 +1,16 @@ | |||
| 1 | /* NOCW */ | 1 | /* NOCW */ |
| 2 | #include <stdio.h> | 2 | #include <stdio.h> |
| 3 | #ifdef _OSD_POSIX | ||
| 4 | #ifndef CHARSET_EBCDIC | ||
| 5 | #define CHARSET_EBCDIC 1 | ||
| 6 | #endif | ||
| 7 | #endif | ||
| 8 | #ifdef CHARSET_EBCDIC | ||
| 9 | #include <openssl/ebcdic.h> | ||
| 10 | #endif | ||
| 3 | 11 | ||
| 4 | /* This version of crypt has been developed from my MIT compatable | 12 | /* This version of crypt has been developed from my MIT compatible |
| 5 | * DES library. | 13 | * DES library. |
| 6 | * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au | ||
| 7 | * Eric Young (eay@cryptsoft.com) | 14 | * Eric Young (eay@cryptsoft.com) |
| 8 | */ | 15 | */ |
| 9 | 16 | ||
| @@ -11,7 +18,7 @@ | |||
| 11 | * I have included directive PARA for shared memory computers. | 18 | * I have included directive PARA for shared memory computers. |
| 12 | * I have included a directive LONGCRYPT to using this routine to cipher | 19 | * I have included a directive LONGCRYPT to using this routine to cipher |
| 13 | * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN | 20 | * passwords with more then 8 bytes like HP-UX 10.x it used. The MAXPLEN |
| 14 | * definition is the maximum of lenght of password and can changed. I have | 21 | * definition is the maximum of length of password and can changed. I have |
| 15 | * defined 24. | 22 | * defined 24. |
| 16 | */ | 23 | */ |
| 17 | 24 | ||
| @@ -51,48 +58,54 @@ static unsigned const char cov_2char[64]={ | |||
| 51 | 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A | 58 | 0x73,0x74,0x75,0x76,0x77,0x78,0x79,0x7A |
| 52 | }; | 59 | }; |
| 53 | 60 | ||
| 54 | #ifndef NOPROTO | 61 | void fcrypt_body(DES_LONG *out,DES_key_schedule *ks, |
| 55 | void fcrypt_body(DES_LONG *out,des_key_schedule ks, | 62 | DES_LONG Eswap0, DES_LONG Eswap1); |
| 56 | DES_LONG Eswap0, DES_LONG Eswap1); | ||
| 57 | 63 | ||
| 58 | #if defined(PERL5) || defined(FreeBSD) | 64 | char *DES_crypt(const char *buf, const char *salt) |
| 59 | char *des_crypt(const char *buf,const char *salt); | ||
| 60 | #else | ||
| 61 | char *crypt(const char *buf,const char *salt); | ||
| 62 | #endif | ||
| 63 | #else | ||
| 64 | void fcrypt_body(); | ||
| 65 | #ifdef PERL5 | ||
| 66 | char *des_crypt(); | ||
| 67 | #else | ||
| 68 | char *crypt(); | ||
| 69 | #endif | ||
| 70 | #endif | ||
| 71 | |||
| 72 | #if defined(PERL5) || defined(FreeBSD) | ||
| 73 | char *des_crypt(buf,salt) | ||
| 74 | #else | ||
| 75 | char *crypt(buf,salt) | ||
| 76 | #endif | ||
| 77 | const char *buf; | ||
| 78 | const char *salt; | ||
| 79 | { | 65 | { |
| 80 | static char buff[14]; | 66 | static char buff[14]; |
| 81 | 67 | ||
| 82 | return(des_fcrypt(buf,salt,buff)); | 68 | #ifndef CHARSET_EBCDIC |
| 69 | return(DES_fcrypt(buf,salt,buff)); | ||
| 70 | #else | ||
| 71 | char e_salt[2+1]; | ||
| 72 | char e_buf[32+1]; /* replace 32 by 8 ? */ | ||
| 73 | char *ret; | ||
| 74 | |||
| 75 | /* Copy at most 2 chars of salt */ | ||
| 76 | if ((e_salt[0] = salt[0]) != '\0') | ||
| 77 | e_salt[1] = salt[1]; | ||
| 78 | |||
| 79 | /* Copy at most 32 chars of password */ | ||
| 80 | strncpy (e_buf, buf, sizeof(e_buf)); | ||
| 81 | |||
| 82 | /* Make sure we have a delimiter */ | ||
| 83 | e_salt[sizeof(e_salt)-1] = e_buf[sizeof(e_buf)-1] = '\0'; | ||
| 84 | |||
| 85 | /* Convert the e_salt to ASCII, as that's what DES_fcrypt works on */ | ||
| 86 | ebcdic2ascii(e_salt, e_salt, sizeof e_salt); | ||
| 87 | |||
| 88 | /* Convert the cleartext password to ASCII */ | ||
| 89 | ebcdic2ascii(e_buf, e_buf, sizeof e_buf); | ||
| 90 | |||
| 91 | /* Encrypt it (from/to ASCII) */ | ||
| 92 | ret = DES_fcrypt(e_buf,e_salt,buff); | ||
| 93 | |||
| 94 | /* Convert the result back to EBCDIC */ | ||
| 95 | ascii2ebcdic(ret, ret, strlen(ret)); | ||
| 96 | |||
| 97 | return ret; | ||
| 98 | #endif | ||
| 83 | } | 99 | } |
| 84 | 100 | ||
| 85 | 101 | ||
| 86 | char *des_fcrypt(buf,salt,ret) | 102 | char *DES_fcrypt(const char *buf, const char *salt, char *ret) |
| 87 | const char *buf; | ||
| 88 | const char *salt; | ||
| 89 | char *ret; | ||
| 90 | { | 103 | { |
| 91 | unsigned int i,j,x,y; | 104 | unsigned int i,j,x,y; |
| 92 | DES_LONG Eswap0,Eswap1; | 105 | DES_LONG Eswap0,Eswap1; |
| 93 | DES_LONG out[2],ll; | 106 | DES_LONG out[2],ll; |
| 94 | des_cblock key; | 107 | DES_cblock key; |
| 95 | des_key_schedule ks; | 108 | DES_key_schedule ks; |
| 96 | unsigned char bb[9]; | 109 | unsigned char bb[9]; |
| 97 | unsigned char *b=bb; | 110 | unsigned char *b=bb; |
| 98 | unsigned char c,u; | 111 | unsigned char c,u; |
| @@ -103,12 +116,19 @@ char *ret; | |||
| 103 | * returns *\0XXXXXXXXX | 116 | * returns *\0XXXXXXXXX |
| 104 | * The \0 makes the string look like * so the pwd "*" would | 117 | * The \0 makes the string look like * so the pwd "*" would |
| 105 | * crypt to "*". This was found when replacing the crypt in | 118 | * crypt to "*". This was found when replacing the crypt in |
| 106 | * our shared libraries. People found that the disbled | 119 | * our shared libraries. People found that the disabled |
| 107 | * accounts effectivly had no passwd :-(. */ | 120 | * accounts effectively had no passwd :-(. */ |
| 121 | #ifndef CHARSET_EBCDIC | ||
| 108 | x=ret[0]=((salt[0] == '\0')?'A':salt[0]); | 122 | x=ret[0]=((salt[0] == '\0')?'A':salt[0]); |
| 109 | Eswap0=con_salt[x]<<2; | 123 | Eswap0=con_salt[x]<<2; |
| 110 | x=ret[1]=((salt[1] == '\0')?'A':salt[1]); | 124 | x=ret[1]=((salt[1] == '\0')?'A':salt[1]); |
| 111 | Eswap1=con_salt[x]<<6; | 125 | Eswap1=con_salt[x]<<6; |
| 126 | #else | ||
| 127 | x=ret[0]=((salt[0] == '\0')?os_toascii['A']:salt[0]); | ||
| 128 | Eswap0=con_salt[x]<<2; | ||
| 129 | x=ret[1]=((salt[1] == '\0')?os_toascii['A']:salt[1]); | ||
| 130 | Eswap1=con_salt[x]<<6; | ||
| 131 | #endif | ||
| 112 | 132 | ||
| 113 | /* EAY | 133 | /* EAY |
| 114 | r=strlen(buf); | 134 | r=strlen(buf); |
| @@ -123,8 +143,8 @@ r=(r+7)/8; | |||
| 123 | for (; i<8; i++) | 143 | for (; i<8; i++) |
| 124 | key[i]=0; | 144 | key[i]=0; |
| 125 | 145 | ||
| 126 | des_set_key((des_cblock *)(key),ks); | 146 | DES_set_key_unchecked(&key,&ks); |
| 127 | fcrypt_body(&(out[0]),ks,Eswap0,Eswap1); | 147 | fcrypt_body(&(out[0]),&ks,Eswap0,Eswap1); |
| 128 | 148 | ||
| 129 | ll=out[0]; l2c(ll,b); | 149 | ll=out[0]; l2c(ll,b); |
| 130 | ll=out[1]; l2c(ll,b); | 150 | ll=out[1]; l2c(ll,b); |
diff --git a/src/lib/libcrypto/des/fcrypt_b.c b/src/lib/libcrypto/des/fcrypt_b.c index 1544634bc1..1390138787 100644 --- a/src/lib/libcrypto/des/fcrypt_b.c +++ b/src/lib/libcrypto/des/fcrypt_b.c | |||
| @@ -58,7 +58,7 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | 60 | ||
| 61 | /* This version of crypt has been developed from my MIT compatable | 61 | /* This version of crypt has been developed from my MIT compatible |
| 62 | * DES library. | 62 | * DES library. |
| 63 | * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au | 63 | * The library is available at pub/Crypto/DES at ftp.psy.uq.oz.au |
| 64 | * Eric Young (eay@cryptsoft.com) | 64 | * Eric Young (eay@cryptsoft.com) |
| @@ -77,15 +77,12 @@ | |||
| 77 | #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ | 77 | #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ |
| 78 | (a)=(a)^(t)^(t>>(16-(n))))\ | 78 | (a)=(a)^(t)^(t>>(16-(n))))\ |
| 79 | 79 | ||
| 80 | void fcrypt_body(out, ks, Eswap0, Eswap1) | 80 | void fcrypt_body(DES_LONG *out, DES_key_schedule *ks, DES_LONG Eswap0, |
| 81 | DES_LONG *out; | 81 | DES_LONG Eswap1) |
| 82 | des_key_schedule ks; | ||
| 83 | DES_LONG Eswap0; | ||
| 84 | DES_LONG Eswap1; | ||
| 85 | { | 82 | { |
| 86 | register DES_LONG l,r,t,u; | 83 | register DES_LONG l,r,t,u; |
| 87 | #ifdef DES_PTR | 84 | #ifdef DES_PTR |
| 88 | register unsigned char *des_SP=(unsigned char *)des_SPtrans; | 85 | register const unsigned char *des_SP=(const unsigned char *)DES_SPtrans; |
| 89 | #endif | 86 | #endif |
| 90 | register DES_LONG *s; | 87 | register DES_LONG *s; |
| 91 | register int j; | 88 | register int j; |
| @@ -100,7 +97,7 @@ DES_LONG Eswap1; | |||
| 100 | 97 | ||
| 101 | for (j=0; j<25; j++) | 98 | for (j=0; j<25; j++) |
| 102 | { | 99 | { |
| 103 | #ifdef DES_UNROLL | 100 | #ifndef DES_UNROLL |
| 104 | register int i; | 101 | register int i; |
| 105 | 102 | ||
| 106 | for (i=0; i<32; i+=8) | 103 | for (i=0; i<32; i+=8) |
diff --git a/src/lib/libcrypto/des/ncbc_enc.c b/src/lib/libcrypto/des/ncbc_enc.c index 1d1a368c22..fda23d522f 100644 --- a/src/lib/libcrypto/des/ncbc_enc.c +++ b/src/lib/libcrypto/des/ncbc_enc.c | |||
| @@ -1,4 +1,9 @@ | |||
| 1 | /* crypto/des/ncbc_enc.c */ | 1 | /* crypto/des/ncbc_enc.c */ |
| 2 | /* | ||
| 3 | * #included by: | ||
| 4 | * cbc_enc.c (DES_cbc_encrypt) | ||
| 5 | * des_enc.c (DES_ncbc_encrypt) | ||
| 6 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 7 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 8 | * All rights reserved. |
| 4 | * | 9 | * |
| @@ -58,24 +63,21 @@ | |||
| 58 | 63 | ||
| 59 | #include "des_locl.h" | 64 | #include "des_locl.h" |
| 60 | 65 | ||
| 61 | void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | 66 | #ifdef CBC_ENC_C__DONT_UPDATE_IV |
| 62 | des_cblock (*input); | 67 | void DES_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 63 | des_cblock (*output); | 68 | DES_key_schedule *_schedule, DES_cblock *ivec, int enc) |
| 64 | long length; | 69 | #else |
| 65 | des_key_schedule schedule; | 70 | void DES_ncbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 66 | des_cblock (*ivec); | 71 | DES_key_schedule *_schedule, DES_cblock *ivec, int enc) |
| 67 | int enc; | 72 | #endif |
| 68 | { | 73 | { |
| 69 | register DES_LONG tin0,tin1; | 74 | register DES_LONG tin0,tin1; |
| 70 | register DES_LONG tout0,tout1,xor0,xor1; | 75 | register DES_LONG tout0,tout1,xor0,xor1; |
| 71 | register unsigned char *in,*out; | ||
| 72 | register long l=length; | 76 | register long l=length; |
| 73 | DES_LONG tin[2]; | 77 | DES_LONG tin[2]; |
| 74 | unsigned char *iv; | 78 | unsigned char *iv; |
| 75 | 79 | ||
| 76 | in=(unsigned char *)input; | 80 | iv = &(*ivec)[0]; |
| 77 | out=(unsigned char *)output; | ||
| 78 | iv=(unsigned char *)ivec; | ||
| 79 | 81 | ||
| 80 | if (enc) | 82 | if (enc) |
| 81 | { | 83 | { |
| @@ -87,7 +89,7 @@ int enc; | |||
| 87 | c2l(in,tin1); | 89 | c2l(in,tin1); |
| 88 | tin0^=tout0; tin[0]=tin0; | 90 | tin0^=tout0; tin[0]=tin0; |
| 89 | tin1^=tout1; tin[1]=tin1; | 91 | tin1^=tout1; tin[1]=tin1; |
| 90 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 92 | DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT); |
| 91 | tout0=tin[0]; l2c(tout0,out); | 93 | tout0=tin[0]; l2c(tout0,out); |
| 92 | tout1=tin[1]; l2c(tout1,out); | 94 | tout1=tin[1]; l2c(tout1,out); |
| 93 | } | 95 | } |
| @@ -96,13 +98,15 @@ int enc; | |||
| 96 | c2ln(in,tin0,tin1,l+8); | 98 | c2ln(in,tin0,tin1,l+8); |
| 97 | tin0^=tout0; tin[0]=tin0; | 99 | tin0^=tout0; tin[0]=tin0; |
| 98 | tin1^=tout1; tin[1]=tin1; | 100 | tin1^=tout1; tin[1]=tin1; |
| 99 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 101 | DES_encrypt1((DES_LONG *)tin,_schedule,DES_ENCRYPT); |
| 100 | tout0=tin[0]; l2c(tout0,out); | 102 | tout0=tin[0]; l2c(tout0,out); |
| 101 | tout1=tin[1]; l2c(tout1,out); | 103 | tout1=tin[1]; l2c(tout1,out); |
| 102 | } | 104 | } |
| 103 | iv=(unsigned char *)ivec; | 105 | #ifndef CBC_ENC_C__DONT_UPDATE_IV |
| 106 | iv = &(*ivec)[0]; | ||
| 104 | l2c(tout0,iv); | 107 | l2c(tout0,iv); |
| 105 | l2c(tout1,iv); | 108 | l2c(tout1,iv); |
| 109 | #endif | ||
| 106 | } | 110 | } |
| 107 | else | 111 | else |
| 108 | { | 112 | { |
| @@ -112,7 +116,7 @@ int enc; | |||
| 112 | { | 116 | { |
| 113 | c2l(in,tin0); tin[0]=tin0; | 117 | c2l(in,tin0); tin[0]=tin0; |
| 114 | c2l(in,tin1); tin[1]=tin1; | 118 | c2l(in,tin1); tin[1]=tin1; |
| 115 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | 119 | DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT); |
| 116 | tout0=tin[0]^xor0; | 120 | tout0=tin[0]^xor0; |
| 117 | tout1=tin[1]^xor1; | 121 | tout1=tin[1]^xor1; |
| 118 | l2c(tout0,out); | 122 | l2c(tout0,out); |
| @@ -120,11 +124,25 @@ int enc; | |||
| 120 | xor0=tin0; | 124 | xor0=tin0; |
| 121 | xor1=tin1; | 125 | xor1=tin1; |
| 122 | } | 126 | } |
| 123 | iv=(unsigned char *)ivec; | 127 | if (l != -8) |
| 128 | { | ||
| 129 | c2l(in,tin0); tin[0]=tin0; | ||
| 130 | c2l(in,tin1); tin[1]=tin1; | ||
| 131 | DES_encrypt1((DES_LONG *)tin,_schedule,DES_DECRYPT); | ||
| 132 | tout0=tin[0]^xor0; | ||
| 133 | tout1=tin[1]^xor1; | ||
| 134 | l2cn(tout0,tout1,out,l+8); | ||
| 135 | #ifndef CBC_ENC_C__DONT_UPDATE_IV | ||
| 136 | xor0=tin0; | ||
| 137 | xor1=tin1; | ||
| 138 | #endif | ||
| 139 | } | ||
| 140 | #ifndef CBC_ENC_C__DONT_UPDATE_IV | ||
| 141 | iv = &(*ivec)[0]; | ||
| 124 | l2c(xor0,iv); | 142 | l2c(xor0,iv); |
| 125 | l2c(xor1,iv); | 143 | l2c(xor1,iv); |
| 144 | #endif | ||
| 126 | } | 145 | } |
| 127 | tin0=tin1=tout0=tout1=xor0=xor1=0; | 146 | tin0=tin1=tout0=tout1=xor0=xor1=0; |
| 128 | tin[0]=tin[1]=0; | 147 | tin[0]=tin[1]=0; |
| 129 | } | 148 | } |
| 130 | |||
diff --git a/src/lib/libcrypto/des/ofb64ede.c b/src/lib/libcrypto/des/ofb64ede.c index 4b1b0199f1..26bbf9a6a7 100644 --- a/src/lib/libcrypto/des/ofb64ede.c +++ b/src/lib/libcrypto/des/ofb64ede.c | |||
| @@ -62,24 +62,22 @@ | |||
| 62 | * used. The extra state information to record how much of the | 62 | * used. The extra state information to record how much of the |
| 63 | * 64bit block we have used is contained in *num; | 63 | * 64bit block we have used is contained in *num; |
| 64 | */ | 64 | */ |
| 65 | void des_ede3_ofb64_encrypt(in, out, length, k1,k2,k3, ivec, num) | 65 | void DES_ede3_ofb64_encrypt(register const unsigned char *in, |
| 66 | register unsigned char *in; | 66 | register unsigned char *out, long length, |
| 67 | register unsigned char *out; | 67 | DES_key_schedule *k1, DES_key_schedule *k2, |
| 68 | long length; | 68 | DES_key_schedule *k3, DES_cblock *ivec, |
| 69 | des_key_schedule k1,k2,k3; | 69 | int *num) |
| 70 | des_cblock (*ivec); | ||
| 71 | int *num; | ||
| 72 | { | 70 | { |
| 73 | register DES_LONG v0,v1; | 71 | register DES_LONG v0,v1; |
| 74 | register int n= *num; | 72 | register int n= *num; |
| 75 | register long l=length; | 73 | register long l=length; |
| 76 | des_cblock d; | 74 | DES_cblock d; |
| 77 | register char *dp; | 75 | register char *dp; |
| 78 | DES_LONG ti[2]; | 76 | DES_LONG ti[2]; |
| 79 | unsigned char *iv; | 77 | unsigned char *iv; |
| 80 | int save=0; | 78 | int save=0; |
| 81 | 79 | ||
| 82 | iv=(unsigned char *)ivec; | 80 | iv = &(*ivec)[0]; |
| 83 | c2l(iv,v0); | 81 | c2l(iv,v0); |
| 84 | c2l(iv,v1); | 82 | c2l(iv,v1); |
| 85 | ti[0]=v0; | 83 | ti[0]=v0; |
| @@ -93,7 +91,7 @@ int *num; | |||
| 93 | { | 91 | { |
| 94 | /* ti[0]=v0; */ | 92 | /* ti[0]=v0; */ |
| 95 | /* ti[1]=v1; */ | 93 | /* ti[1]=v1; */ |
| 96 | des_encrypt3((DES_LONG *)ti,k1,k2,k3); | 94 | DES_encrypt3(ti,k1,k2,k3); |
| 97 | v0=ti[0]; | 95 | v0=ti[0]; |
| 98 | v1=ti[1]; | 96 | v1=ti[1]; |
| 99 | 97 | ||
| @@ -109,7 +107,7 @@ int *num; | |||
| 109 | { | 107 | { |
| 110 | /* v0=ti[0]; | 108 | /* v0=ti[0]; |
| 111 | v1=ti[1];*/ | 109 | v1=ti[1];*/ |
| 112 | iv=(unsigned char *)ivec; | 110 | iv = &(*ivec)[0]; |
| 113 | l2c(v0,iv); | 111 | l2c(v0,iv); |
| 114 | l2c(v1,iv); | 112 | l2c(v1,iv); |
| 115 | } | 113 | } |
| @@ -118,14 +116,10 @@ int *num; | |||
| 118 | } | 116 | } |
| 119 | 117 | ||
| 120 | #ifdef undef /* MACRO */ | 118 | #ifdef undef /* MACRO */ |
| 121 | void des_ede2_ofb64_encrypt(in, out, length, k1,k2, ivec, num) | 119 | void DES_ede2_ofb64_encrypt(register unsigned char *in, |
| 122 | register unsigned char *in; | 120 | register unsigned char *out, long length, DES_key_schedule k1, |
| 123 | register unsigned char *out; | 121 | DES_key_schedule k2, DES_cblock (*ivec), int *num) |
| 124 | long length; | ||
| 125 | des_key_schedule k1,k2; | ||
| 126 | des_cblock (*ivec); | ||
| 127 | int *num; | ||
| 128 | { | 122 | { |
| 129 | des_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); | 123 | DES_ede3_ofb64_encrypt(in, out, length, k1,k2,k1, ivec, num); |
| 130 | } | 124 | } |
| 131 | #endif | 125 | #endif |
diff --git a/src/lib/libcrypto/des/ofb64enc.c b/src/lib/libcrypto/des/ofb64enc.c index ea7e612697..8ca3d49dea 100644 --- a/src/lib/libcrypto/des/ofb64enc.c +++ b/src/lib/libcrypto/des/ofb64enc.c | |||
| @@ -62,37 +62,33 @@ | |||
| 62 | * used. The extra state information to record how much of the | 62 | * used. The extra state information to record how much of the |
| 63 | * 64bit block we have used is contained in *num; | 63 | * 64bit block we have used is contained in *num; |
| 64 | */ | 64 | */ |
| 65 | void des_ofb64_encrypt(in, out, length, schedule, ivec, num) | 65 | void DES_ofb64_encrypt(register const unsigned char *in, |
| 66 | register unsigned char *in; | 66 | register unsigned char *out, long length, |
| 67 | register unsigned char *out; | 67 | DES_key_schedule *schedule, DES_cblock *ivec, int *num) |
| 68 | long length; | ||
| 69 | des_key_schedule schedule; | ||
| 70 | des_cblock (*ivec); | ||
| 71 | int *num; | ||
| 72 | { | 68 | { |
| 73 | register DES_LONG v0,v1,t; | 69 | register DES_LONG v0,v1,t; |
| 74 | register int n= *num; | 70 | register int n= *num; |
| 75 | register long l=length; | 71 | register long l=length; |
| 76 | des_cblock d; | 72 | DES_cblock d; |
| 77 | register char *dp; | 73 | register unsigned char *dp; |
| 78 | DES_LONG ti[2]; | 74 | DES_LONG ti[2]; |
| 79 | unsigned char *iv; | 75 | unsigned char *iv; |
| 80 | int save=0; | 76 | int save=0; |
| 81 | 77 | ||
| 82 | iv=(unsigned char *)ivec; | 78 | iv = &(*ivec)[0]; |
| 83 | c2l(iv,v0); | 79 | c2l(iv,v0); |
| 84 | c2l(iv,v1); | 80 | c2l(iv,v1); |
| 85 | ti[0]=v0; | 81 | ti[0]=v0; |
| 86 | ti[1]=v1; | 82 | ti[1]=v1; |
| 87 | dp=(char *)d; | 83 | dp=d; |
| 88 | l2c(v0,dp); | 84 | l2c(v0,dp); |
| 89 | l2c(v1,dp); | 85 | l2c(v1,dp); |
| 90 | while (l--) | 86 | while (l--) |
| 91 | { | 87 | { |
| 92 | if (n == 0) | 88 | if (n == 0) |
| 93 | { | 89 | { |
| 94 | des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); | 90 | DES_encrypt1(ti,schedule,DES_ENCRYPT); |
| 95 | dp=(char *)d; | 91 | dp=d; |
| 96 | t=ti[0]; l2c(t,dp); | 92 | t=ti[0]; l2c(t,dp); |
| 97 | t=ti[1]; l2c(t,dp); | 93 | t=ti[1]; l2c(t,dp); |
| 98 | save++; | 94 | save++; |
| @@ -104,7 +100,7 @@ int *num; | |||
| 104 | { | 100 | { |
| 105 | v0=ti[0]; | 101 | v0=ti[0]; |
| 106 | v1=ti[1]; | 102 | v1=ti[1]; |
| 107 | iv=(unsigned char *)ivec; | 103 | iv = &(*ivec)[0]; |
| 108 | l2c(v0,iv); | 104 | l2c(v0,iv); |
| 109 | l2c(v1,iv); | 105 | l2c(v1,iv); |
| 110 | } | 106 | } |
diff --git a/src/lib/libcrypto/des/ofb_enc.c b/src/lib/libcrypto/des/ofb_enc.c index 4db0cdbd60..e887a3c6f4 100644 --- a/src/lib/libcrypto/des/ofb_enc.c +++ b/src/lib/libcrypto/des/ofb_enc.c | |||
| @@ -64,13 +64,9 @@ | |||
| 64 | * the second. The second 12 bits will come from the 3rd and half the 4th | 64 | * the second. The second 12 bits will come from the 3rd and half the 4th |
| 65 | * byte. | 65 | * byte. |
| 66 | */ | 66 | */ |
| 67 | void des_ofb_encrypt(in, out, numbits, length, schedule, ivec) | 67 | void DES_ofb_encrypt(const unsigned char *in, unsigned char *out, int numbits, |
| 68 | unsigned char *in; | 68 | long length, DES_key_schedule *schedule, |
| 69 | unsigned char *out; | 69 | DES_cblock *ivec) |
| 70 | int numbits; | ||
| 71 | long length; | ||
| 72 | des_key_schedule schedule; | ||
| 73 | des_cblock (*ivec); | ||
| 74 | { | 70 | { |
| 75 | register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; | 71 | register DES_LONG d0,d1,vv0,vv1,v0,v1,n=(numbits+7)/8; |
| 76 | register DES_LONG mask0,mask1; | 72 | register DES_LONG mask0,mask1; |
| @@ -97,7 +93,7 @@ des_cblock (*ivec); | |||
| 97 | mask1=0x00000000L; | 93 | mask1=0x00000000L; |
| 98 | } | 94 | } |
| 99 | 95 | ||
| 100 | iv=(unsigned char *)ivec; | 96 | iv = &(*ivec)[0]; |
| 101 | c2l(iv,v0); | 97 | c2l(iv,v0); |
| 102 | c2l(iv,v1); | 98 | c2l(iv,v1); |
| 103 | ti[0]=v0; | 99 | ti[0]=v0; |
| @@ -106,7 +102,7 @@ des_cblock (*ivec); | |||
| 106 | { | 102 | { |
| 107 | ti[0]=v0; | 103 | ti[0]=v0; |
| 108 | ti[1]=v1; | 104 | ti[1]=v1; |
| 109 | des_encrypt((DES_LONG *)ti,schedule,DES_ENCRYPT); | 105 | DES_encrypt1((DES_LONG *)ti,schedule,DES_ENCRYPT); |
| 110 | vv0=ti[0]; | 106 | vv0=ti[0]; |
| 111 | vv1=ti[1]; | 107 | vv1=ti[1]; |
| 112 | c2ln(in,d0,d1,n); | 108 | c2ln(in,d0,d1,n); |
| @@ -131,7 +127,7 @@ des_cblock (*ivec); | |||
| 131 | v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL; | 127 | v1=((v1>>num)|(vv0<<(32-num)))&0xffffffffL; |
| 132 | } | 128 | } |
| 133 | } | 129 | } |
| 134 | iv=(unsigned char *)ivec; | 130 | iv = &(*ivec)[0]; |
| 135 | l2c(v0,iv); | 131 | l2c(v0,iv); |
| 136 | l2c(v1,iv); | 132 | l2c(v1,iv); |
| 137 | v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0; | 133 | v0=v1=d0=d1=ti[0]=ti[1]=vv0=vv1=0; |
diff --git a/src/lib/libcrypto/des/pcbc_enc.c b/src/lib/libcrypto/des/pcbc_enc.c index 4513207d90..17a40f9520 100644 --- a/src/lib/libcrypto/des/pcbc_enc.c +++ b/src/lib/libcrypto/des/pcbc_enc.c | |||
| @@ -58,21 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | void des_pcbc_encrypt(input, output, length, schedule, ivec, enc) | 61 | void DES_pcbc_encrypt(const unsigned char *input, unsigned char *output, |
| 62 | des_cblock (*input); | 62 | long length, DES_key_schedule *schedule, |
| 63 | des_cblock (*output); | 63 | DES_cblock *ivec, int enc) |
| 64 | long length; | ||
| 65 | des_key_schedule schedule; | ||
| 66 | des_cblock (*ivec); | ||
| 67 | int enc; | ||
| 68 | { | 64 | { |
| 69 | register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; | 65 | register DES_LONG sin0,sin1,xor0,xor1,tout0,tout1; |
| 70 | DES_LONG tin[2]; | 66 | DES_LONG tin[2]; |
| 71 | unsigned char *in,*out,*iv; | 67 | const unsigned char *in; |
| 68 | unsigned char *out,*iv; | ||
| 72 | 69 | ||
| 73 | in=(unsigned char *)input; | 70 | in=input; |
| 74 | out=(unsigned char *)output; | 71 | out=output; |
| 75 | iv=(unsigned char *)ivec; | 72 | iv = &(*ivec)[0]; |
| 76 | 73 | ||
| 77 | if (enc) | 74 | if (enc) |
| 78 | { | 75 | { |
| @@ -89,7 +86,7 @@ int enc; | |||
| 89 | c2ln(in,sin0,sin1,length); | 86 | c2ln(in,sin0,sin1,length); |
| 90 | tin[0]=sin0^xor0; | 87 | tin[0]=sin0^xor0; |
| 91 | tin[1]=sin1^xor1; | 88 | tin[1]=sin1^xor1; |
| 92 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 89 | DES_encrypt1((DES_LONG *)tin,schedule,DES_ENCRYPT); |
| 93 | tout0=tin[0]; | 90 | tout0=tin[0]; |
| 94 | tout1=tin[1]; | 91 | tout1=tin[1]; |
| 95 | xor0=sin0^tout0; | 92 | xor0=sin0^tout0; |
| @@ -107,7 +104,7 @@ int enc; | |||
| 107 | c2l(in,sin1); | 104 | c2l(in,sin1); |
| 108 | tin[0]=sin0; | 105 | tin[0]=sin0; |
| 109 | tin[1]=sin1; | 106 | tin[1]=sin1; |
| 110 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | 107 | DES_encrypt1((DES_LONG *)tin,schedule,DES_DECRYPT); |
| 111 | tout0=tin[0]^xor0; | 108 | tout0=tin[0]^xor0; |
| 112 | tout1=tin[1]^xor1; | 109 | tout1=tin[1]^xor1; |
| 113 | if (length >= 8) | 110 | if (length >= 8) |
diff --git a/src/lib/libcrypto/des/qud_cksm.c b/src/lib/libcrypto/des/qud_cksm.c index 8526abf334..dac201227e 100644 --- a/src/lib/libcrypto/des/qud_cksm.c +++ b/src/lib/libcrypto/des/qud_cksm.c | |||
| @@ -73,28 +73,32 @@ | |||
| 73 | /* Got the value MIT uses via brute force :-) 2/10/90 eay */ | 73 | /* Got the value MIT uses via brute force :-) 2/10/90 eay */ |
| 74 | #define NOISE ((DES_LONG)83653421L) | 74 | #define NOISE ((DES_LONG)83653421L) |
| 75 | 75 | ||
| 76 | DES_LONG des_quad_cksum(input, output, length, out_count, seed) | 76 | DES_LONG DES_quad_cksum(const unsigned char *input, DES_cblock output[], |
| 77 | des_cblock (*input); | 77 | long length, int out_count, DES_cblock *seed) |
| 78 | des_cblock (*output); | ||
| 79 | long length; | ||
| 80 | int out_count; | ||
| 81 | des_cblock (*seed); | ||
| 82 | { | 78 | { |
| 83 | DES_LONG z0,z1,t0,t1; | 79 | DES_LONG z0,z1,t0,t1; |
| 84 | int i; | 80 | int i; |
| 85 | long l; | 81 | long l; |
| 86 | unsigned char *cp; | 82 | const unsigned char *cp; |
| 87 | unsigned char *lp; | 83 | #ifdef _CRAY |
| 84 | struct lp_st { int a:32; int b:32; } *lp; | ||
| 85 | #else | ||
| 86 | DES_LONG *lp; | ||
| 87 | #endif | ||
| 88 | 88 | ||
| 89 | if (out_count < 1) out_count=1; | 89 | if (out_count < 1) out_count=1; |
| 90 | lp=(unsigned char *)output; | 90 | #ifdef _CRAY |
| 91 | lp = (struct lp_st *) &(output[0])[0]; | ||
| 92 | #else | ||
| 93 | lp = (DES_LONG *) &(output[0])[0]; | ||
| 94 | #endif | ||
| 91 | 95 | ||
| 92 | z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); | 96 | z0=Q_B0((*seed)[0])|Q_B1((*seed)[1])|Q_B2((*seed)[2])|Q_B3((*seed)[3]); |
| 93 | z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); | 97 | z1=Q_B0((*seed)[4])|Q_B1((*seed)[5])|Q_B2((*seed)[6])|Q_B3((*seed)[7]); |
| 94 | 98 | ||
| 95 | for (i=0; ((i<4)&&(i<out_count)); i++) | 99 | for (i=0; ((i<4)&&(i<out_count)); i++) |
| 96 | { | 100 | { |
| 97 | cp=(unsigned char *)input; | 101 | cp=input; |
| 98 | l=length; | 102 | l=length; |
| 99 | while (l > 0) | 103 | while (l > 0) |
| 100 | { | 104 | { |
| @@ -118,25 +122,16 @@ des_cblock (*seed); | |||
| 118 | } | 122 | } |
| 119 | if (lp != NULL) | 123 | if (lp != NULL) |
| 120 | { | 124 | { |
| 121 | /* I believe I finally have things worked out. | 125 | /* The MIT library assumes that the checksum is |
| 122 | * The MIT library assumes that the checksum | 126 | * composed of 2*out_count 32 bit ints */ |
| 123 | * is one huge number and it is returned in a | 127 | #ifdef _CRAY |
| 124 | * host dependant byte order. | 128 | (*lp).a = z0; |
| 125 | */ | 129 | (*lp).b = z1; |
| 126 | static DES_LONG ltmp=1; | 130 | lp++; |
| 127 | static unsigned char *c=(unsigned char *)<mp; | 131 | #else |
| 128 | 132 | *lp++ = z0; | |
| 129 | if (c[0]) | 133 | *lp++ = z1; |
| 130 | { | 134 | #endif |
| 131 | l2c(z0,lp); | ||
| 132 | l2c(z1,lp); | ||
| 133 | } | ||
| 134 | else | ||
| 135 | { | ||
| 136 | lp=output[out_count-i-1]; | ||
| 137 | l2n(z1,lp); | ||
| 138 | l2n(z0,lp); | ||
| 139 | } | ||
| 140 | } | 135 | } |
| 141 | } | 136 | } |
| 142 | return(z0); | 137 | return(z0); |
diff --git a/src/lib/libcrypto/des/rand_key.c b/src/lib/libcrypto/des/rand_key.c index 8c30bd029a..2398165568 100644 --- a/src/lib/libcrypto/des/rand_key.c +++ b/src/lib/libcrypto/des/rand_key.c | |||
| @@ -1,118 +1,68 @@ | |||
| 1 | /* crypto/des/rand_key.c */ | 1 | /* crypto/des/rand_key.c */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1998-2000 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@openssl.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 58 | 55 | ||
| 59 | #include "des_locl.h" | 56 | #include <openssl/des.h> |
| 60 | #include <time.h> | 57 | #include <openssl/rand.h> |
| 61 | 58 | ||
| 62 | static int seed=0; | 59 | int DES_random_key(DES_cblock *ret) |
| 63 | static des_cblock init; | ||
| 64 | |||
| 65 | void des_random_seed(key) | ||
| 66 | des_cblock key; | ||
| 67 | { | ||
| 68 | memcpy(init,key,sizeof(des_cblock)); | ||
| 69 | seed=1; | ||
| 70 | } | ||
| 71 | |||
| 72 | void des_random_key(ret) | ||
| 73 | unsigned char *ret; | ||
| 74 | { | 60 | { |
| 75 | des_key_schedule ks; | 61 | do |
| 76 | static DES_LONG c=0; | ||
| 77 | static unsigned short pid=0; | ||
| 78 | static des_cblock data={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; | ||
| 79 | des_cblock key; | ||
| 80 | unsigned char *p; | ||
| 81 | DES_LONG t; | ||
| 82 | int i; | ||
| 83 | |||
| 84 | #ifdef MSDOS | ||
| 85 | pid=1; | ||
| 86 | #else | ||
| 87 | if (!pid) pid=getpid(); | ||
| 88 | #endif | ||
| 89 | p=key; | ||
| 90 | if (seed) | ||
| 91 | { | 62 | { |
| 92 | for (i=0; i<8; i++) | 63 | if (RAND_bytes((unsigned char *)ret, sizeof(DES_cblock)) != 1) |
| 93 | { | 64 | return (0); |
| 94 | data[i] ^= init[i]; | 65 | } while (DES_is_weak_key(ret)); |
| 95 | init[i]=0; | 66 | DES_set_odd_parity(ret); |
| 96 | } | 67 | return (1); |
| 97 | seed=0; | ||
| 98 | } | ||
| 99 | t=(DES_LONG)time(NULL); | ||
| 100 | l2c(t,p); | ||
| 101 | t=(DES_LONG)((pid)|((c++)<<16)); | ||
| 102 | l2c(t,p); | ||
| 103 | |||
| 104 | des_set_odd_parity((des_cblock *)data); | ||
| 105 | des_set_key((des_cblock *)data,ks); | ||
| 106 | des_cbc_cksum((des_cblock *)key,(des_cblock *)key, | ||
| 107 | (long)sizeof(key),ks,(des_cblock *)data); | ||
| 108 | |||
| 109 | des_set_odd_parity((des_cblock *)key); | ||
| 110 | des_set_key((des_cblock *)key,ks); | ||
| 111 | des_cbc_cksum((des_cblock *)key,(des_cblock *)data, | ||
| 112 | (long)sizeof(key),ks,(des_cblock *)key); | ||
| 113 | |||
| 114 | memcpy(ret,data,sizeof(key)); | ||
| 115 | memset(key,0,sizeof(key)); | ||
| 116 | memset(ks,0,sizeof(ks)); | ||
| 117 | t=0; | ||
| 118 | } | 68 | } |
diff --git a/src/lib/libcrypto/des/set_key.c b/src/lib/libcrypto/des/set_key.c index c3bcd7ee2b..683916e71b 100644 --- a/src/lib/libcrypto/des/set_key.c +++ b/src/lib/libcrypto/des/set_key.c | |||
| @@ -64,19 +64,28 @@ | |||
| 64 | * 1.0 First working version | 64 | * 1.0 First working version |
| 65 | */ | 65 | */ |
| 66 | #include "des_locl.h" | 66 | #include "des_locl.h" |
| 67 | #include "podd.h" | ||
| 68 | #include "sk.h" | ||
| 69 | 67 | ||
| 70 | #ifndef NOPROTO | 68 | OPENSSL_IMPLEMENT_GLOBAL(int,DES_check_key); /* defaults to false */ |
| 71 | static int check_parity(des_cblock (*key)); | ||
| 72 | #else | ||
| 73 | static int check_parity(); | ||
| 74 | #endif | ||
| 75 | 69 | ||
| 76 | int des_check_key=0; | 70 | static const unsigned char odd_parity[256]={ |
| 71 | 1, 1, 2, 2, 4, 4, 7, 7, 8, 8, 11, 11, 13, 13, 14, 14, | ||
| 72 | 16, 16, 19, 19, 21, 21, 22, 22, 25, 25, 26, 26, 28, 28, 31, 31, | ||
| 73 | 32, 32, 35, 35, 37, 37, 38, 38, 41, 41, 42, 42, 44, 44, 47, 47, | ||
| 74 | 49, 49, 50, 50, 52, 52, 55, 55, 56, 56, 59, 59, 61, 61, 62, 62, | ||
| 75 | 64, 64, 67, 67, 69, 69, 70, 70, 73, 73, 74, 74, 76, 76, 79, 79, | ||
| 76 | 81, 81, 82, 82, 84, 84, 87, 87, 88, 88, 91, 91, 93, 93, 94, 94, | ||
| 77 | 97, 97, 98, 98,100,100,103,103,104,104,107,107,109,109,110,110, | ||
| 78 | 112,112,115,115,117,117,118,118,121,121,122,122,124,124,127,127, | ||
| 79 | 128,128,131,131,133,133,134,134,137,137,138,138,140,140,143,143, | ||
| 80 | 145,145,146,146,148,148,151,151,152,152,155,155,157,157,158,158, | ||
| 81 | 161,161,162,162,164,164,167,167,168,168,171,171,173,173,174,174, | ||
| 82 | 176,176,179,179,181,181,182,182,185,185,186,186,188,188,191,191, | ||
| 83 | 193,193,194,194,196,196,199,199,200,200,203,203,205,205,206,206, | ||
| 84 | 208,208,211,211,213,213,214,214,217,217,218,218,220,220,223,223, | ||
| 85 | 224,224,227,227,229,229,230,230,233,233,234,234,236,236,239,239, | ||
| 86 | 241,241,242,242,244,244,247,247,248,248,251,251,253,253,254,254}; | ||
| 77 | 87 | ||
| 78 | void des_set_odd_parity(key) | 88 | void DES_set_odd_parity(DES_cblock *key) |
| 79 | des_cblock (*key); | ||
| 80 | { | 89 | { |
| 81 | int i; | 90 | int i; |
| 82 | 91 | ||
| @@ -84,8 +93,7 @@ des_cblock (*key); | |||
| 84 | (*key)[i]=odd_parity[(*key)[i]]; | 93 | (*key)[i]=odd_parity[(*key)[i]]; |
| 85 | } | 94 | } |
| 86 | 95 | ||
| 87 | static int check_parity(key) | 96 | int DES_check_key_parity(const_DES_cblock *key) |
| 88 | des_cblock (*key); | ||
| 89 | { | 97 | { |
| 90 | int i; | 98 | int i; |
| 91 | 99 | ||
| @@ -107,12 +115,12 @@ des_cblock (*key); | |||
| 107 | * (and actual cblock values). | 115 | * (and actual cblock values). |
| 108 | */ | 116 | */ |
| 109 | #define NUM_WEAK_KEY 16 | 117 | #define NUM_WEAK_KEY 16 |
| 110 | static des_cblock weak_keys[NUM_WEAK_KEY]={ | 118 | static DES_cblock weak_keys[NUM_WEAK_KEY]={ |
| 111 | /* weak keys */ | 119 | /* weak keys */ |
| 112 | {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, | 120 | {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01}, |
| 113 | {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, | 121 | {0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE,0xFE}, |
| 114 | {0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F,0x1F}, | 122 | {0x1F,0x1F,0x1F,0x1F,0x0E,0x0E,0x0E,0x0E}, |
| 115 | {0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0,0xE0}, | 123 | {0xE0,0xE0,0xE0,0xE0,0xF1,0xF1,0xF1,0xF1}, |
| 116 | /* semi-weak keys */ | 124 | /* semi-weak keys */ |
| 117 | {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, | 125 | {0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE}, |
| 118 | {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, | 126 | {0xFE,0x01,0xFE,0x01,0xFE,0x01,0xFE,0x01}, |
| @@ -127,19 +135,18 @@ static des_cblock weak_keys[NUM_WEAK_KEY]={ | |||
| 127 | {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, | 135 | {0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1,0xFE}, |
| 128 | {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}}; | 136 | {0xFE,0xE0,0xFE,0xE0,0xFE,0xF1,0xFE,0xF1}}; |
| 129 | 137 | ||
| 130 | int des_is_weak_key(key) | 138 | int DES_is_weak_key(const_DES_cblock *key) |
| 131 | des_cblock (*key); | ||
| 132 | { | 139 | { |
| 133 | int i; | 140 | int i; |
| 134 | 141 | ||
| 135 | for (i=0; i<NUM_WEAK_KEY; i++) | 142 | for (i=0; i<NUM_WEAK_KEY; i++) |
| 136 | /* Added == 0 to comparision, I obviously don't run | 143 | /* Added == 0 to comparison, I obviously don't run |
| 137 | * this section very often :-(, thanks to | 144 | * this section very often :-(, thanks to |
| 138 | * engineering@MorningStar.Com for the fix | 145 | * engineering@MorningStar.Com for the fix |
| 139 | * eay 93/06/29 | 146 | * eay 93/06/29 |
| 140 | * Another problem, I was comparing only the first 4 | 147 | * Another problem, I was comparing only the first 4 |
| 141 | * bytes, 97/03/18 */ | 148 | * bytes, 97/03/18 */ |
| 142 | if (memcmp(weak_keys[i],key,sizeof(des_cblock)) == 0) return(1); | 149 | if (memcmp(weak_keys[i],key,sizeof(DES_cblock)) == 0) return(1); |
| 143 | return(0); | 150 | return(0); |
| 144 | } | 151 | } |
| 145 | 152 | ||
| @@ -153,49 +160,199 @@ des_cblock (*key); | |||
| 153 | #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ | 160 | #define HPERM_OP(a,t,n,m) ((t)=((((a)<<(16-(n)))^(a))&(m)),\ |
| 154 | (a)=(a)^(t)^(t>>(16-(n)))) | 161 | (a)=(a)^(t)^(t>>(16-(n)))) |
| 155 | 162 | ||
| 163 | static const DES_LONG des_skb[8][64]={ | ||
| 164 | { | ||
| 165 | /* for C bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | ||
| 166 | 0x00000000L,0x00000010L,0x20000000L,0x20000010L, | ||
| 167 | 0x00010000L,0x00010010L,0x20010000L,0x20010010L, | ||
| 168 | 0x00000800L,0x00000810L,0x20000800L,0x20000810L, | ||
| 169 | 0x00010800L,0x00010810L,0x20010800L,0x20010810L, | ||
| 170 | 0x00000020L,0x00000030L,0x20000020L,0x20000030L, | ||
| 171 | 0x00010020L,0x00010030L,0x20010020L,0x20010030L, | ||
| 172 | 0x00000820L,0x00000830L,0x20000820L,0x20000830L, | ||
| 173 | 0x00010820L,0x00010830L,0x20010820L,0x20010830L, | ||
| 174 | 0x00080000L,0x00080010L,0x20080000L,0x20080010L, | ||
| 175 | 0x00090000L,0x00090010L,0x20090000L,0x20090010L, | ||
| 176 | 0x00080800L,0x00080810L,0x20080800L,0x20080810L, | ||
| 177 | 0x00090800L,0x00090810L,0x20090800L,0x20090810L, | ||
| 178 | 0x00080020L,0x00080030L,0x20080020L,0x20080030L, | ||
| 179 | 0x00090020L,0x00090030L,0x20090020L,0x20090030L, | ||
| 180 | 0x00080820L,0x00080830L,0x20080820L,0x20080830L, | ||
| 181 | 0x00090820L,0x00090830L,0x20090820L,0x20090830L, | ||
| 182 | },{ | ||
| 183 | /* for C bits (numbered as per FIPS 46) 7 8 10 11 12 13 */ | ||
| 184 | 0x00000000L,0x02000000L,0x00002000L,0x02002000L, | ||
| 185 | 0x00200000L,0x02200000L,0x00202000L,0x02202000L, | ||
| 186 | 0x00000004L,0x02000004L,0x00002004L,0x02002004L, | ||
| 187 | 0x00200004L,0x02200004L,0x00202004L,0x02202004L, | ||
| 188 | 0x00000400L,0x02000400L,0x00002400L,0x02002400L, | ||
| 189 | 0x00200400L,0x02200400L,0x00202400L,0x02202400L, | ||
| 190 | 0x00000404L,0x02000404L,0x00002404L,0x02002404L, | ||
| 191 | 0x00200404L,0x02200404L,0x00202404L,0x02202404L, | ||
| 192 | 0x10000000L,0x12000000L,0x10002000L,0x12002000L, | ||
| 193 | 0x10200000L,0x12200000L,0x10202000L,0x12202000L, | ||
| 194 | 0x10000004L,0x12000004L,0x10002004L,0x12002004L, | ||
| 195 | 0x10200004L,0x12200004L,0x10202004L,0x12202004L, | ||
| 196 | 0x10000400L,0x12000400L,0x10002400L,0x12002400L, | ||
| 197 | 0x10200400L,0x12200400L,0x10202400L,0x12202400L, | ||
| 198 | 0x10000404L,0x12000404L,0x10002404L,0x12002404L, | ||
| 199 | 0x10200404L,0x12200404L,0x10202404L,0x12202404L, | ||
| 200 | },{ | ||
| 201 | /* for C bits (numbered as per FIPS 46) 14 15 16 17 19 20 */ | ||
| 202 | 0x00000000L,0x00000001L,0x00040000L,0x00040001L, | ||
| 203 | 0x01000000L,0x01000001L,0x01040000L,0x01040001L, | ||
| 204 | 0x00000002L,0x00000003L,0x00040002L,0x00040003L, | ||
| 205 | 0x01000002L,0x01000003L,0x01040002L,0x01040003L, | ||
| 206 | 0x00000200L,0x00000201L,0x00040200L,0x00040201L, | ||
| 207 | 0x01000200L,0x01000201L,0x01040200L,0x01040201L, | ||
| 208 | 0x00000202L,0x00000203L,0x00040202L,0x00040203L, | ||
| 209 | 0x01000202L,0x01000203L,0x01040202L,0x01040203L, | ||
| 210 | 0x08000000L,0x08000001L,0x08040000L,0x08040001L, | ||
| 211 | 0x09000000L,0x09000001L,0x09040000L,0x09040001L, | ||
| 212 | 0x08000002L,0x08000003L,0x08040002L,0x08040003L, | ||
| 213 | 0x09000002L,0x09000003L,0x09040002L,0x09040003L, | ||
| 214 | 0x08000200L,0x08000201L,0x08040200L,0x08040201L, | ||
| 215 | 0x09000200L,0x09000201L,0x09040200L,0x09040201L, | ||
| 216 | 0x08000202L,0x08000203L,0x08040202L,0x08040203L, | ||
| 217 | 0x09000202L,0x09000203L,0x09040202L,0x09040203L, | ||
| 218 | },{ | ||
| 219 | /* for C bits (numbered as per FIPS 46) 21 23 24 26 27 28 */ | ||
| 220 | 0x00000000L,0x00100000L,0x00000100L,0x00100100L, | ||
| 221 | 0x00000008L,0x00100008L,0x00000108L,0x00100108L, | ||
| 222 | 0x00001000L,0x00101000L,0x00001100L,0x00101100L, | ||
| 223 | 0x00001008L,0x00101008L,0x00001108L,0x00101108L, | ||
| 224 | 0x04000000L,0x04100000L,0x04000100L,0x04100100L, | ||
| 225 | 0x04000008L,0x04100008L,0x04000108L,0x04100108L, | ||
| 226 | 0x04001000L,0x04101000L,0x04001100L,0x04101100L, | ||
| 227 | 0x04001008L,0x04101008L,0x04001108L,0x04101108L, | ||
| 228 | 0x00020000L,0x00120000L,0x00020100L,0x00120100L, | ||
| 229 | 0x00020008L,0x00120008L,0x00020108L,0x00120108L, | ||
| 230 | 0x00021000L,0x00121000L,0x00021100L,0x00121100L, | ||
| 231 | 0x00021008L,0x00121008L,0x00021108L,0x00121108L, | ||
| 232 | 0x04020000L,0x04120000L,0x04020100L,0x04120100L, | ||
| 233 | 0x04020008L,0x04120008L,0x04020108L,0x04120108L, | ||
| 234 | 0x04021000L,0x04121000L,0x04021100L,0x04121100L, | ||
| 235 | 0x04021008L,0x04121008L,0x04021108L,0x04121108L, | ||
| 236 | },{ | ||
| 237 | /* for D bits (numbered as per FIPS 46) 1 2 3 4 5 6 */ | ||
| 238 | 0x00000000L,0x10000000L,0x00010000L,0x10010000L, | ||
| 239 | 0x00000004L,0x10000004L,0x00010004L,0x10010004L, | ||
| 240 | 0x20000000L,0x30000000L,0x20010000L,0x30010000L, | ||
| 241 | 0x20000004L,0x30000004L,0x20010004L,0x30010004L, | ||
| 242 | 0x00100000L,0x10100000L,0x00110000L,0x10110000L, | ||
| 243 | 0x00100004L,0x10100004L,0x00110004L,0x10110004L, | ||
| 244 | 0x20100000L,0x30100000L,0x20110000L,0x30110000L, | ||
| 245 | 0x20100004L,0x30100004L,0x20110004L,0x30110004L, | ||
| 246 | 0x00001000L,0x10001000L,0x00011000L,0x10011000L, | ||
| 247 | 0x00001004L,0x10001004L,0x00011004L,0x10011004L, | ||
| 248 | 0x20001000L,0x30001000L,0x20011000L,0x30011000L, | ||
| 249 | 0x20001004L,0x30001004L,0x20011004L,0x30011004L, | ||
| 250 | 0x00101000L,0x10101000L,0x00111000L,0x10111000L, | ||
| 251 | 0x00101004L,0x10101004L,0x00111004L,0x10111004L, | ||
| 252 | 0x20101000L,0x30101000L,0x20111000L,0x30111000L, | ||
| 253 | 0x20101004L,0x30101004L,0x20111004L,0x30111004L, | ||
| 254 | },{ | ||
| 255 | /* for D bits (numbered as per FIPS 46) 8 9 11 12 13 14 */ | ||
| 256 | 0x00000000L,0x08000000L,0x00000008L,0x08000008L, | ||
| 257 | 0x00000400L,0x08000400L,0x00000408L,0x08000408L, | ||
| 258 | 0x00020000L,0x08020000L,0x00020008L,0x08020008L, | ||
| 259 | 0x00020400L,0x08020400L,0x00020408L,0x08020408L, | ||
| 260 | 0x00000001L,0x08000001L,0x00000009L,0x08000009L, | ||
| 261 | 0x00000401L,0x08000401L,0x00000409L,0x08000409L, | ||
| 262 | 0x00020001L,0x08020001L,0x00020009L,0x08020009L, | ||
| 263 | 0x00020401L,0x08020401L,0x00020409L,0x08020409L, | ||
| 264 | 0x02000000L,0x0A000000L,0x02000008L,0x0A000008L, | ||
| 265 | 0x02000400L,0x0A000400L,0x02000408L,0x0A000408L, | ||
| 266 | 0x02020000L,0x0A020000L,0x02020008L,0x0A020008L, | ||
| 267 | 0x02020400L,0x0A020400L,0x02020408L,0x0A020408L, | ||
| 268 | 0x02000001L,0x0A000001L,0x02000009L,0x0A000009L, | ||
| 269 | 0x02000401L,0x0A000401L,0x02000409L,0x0A000409L, | ||
| 270 | 0x02020001L,0x0A020001L,0x02020009L,0x0A020009L, | ||
| 271 | 0x02020401L,0x0A020401L,0x02020409L,0x0A020409L, | ||
| 272 | },{ | ||
| 273 | /* for D bits (numbered as per FIPS 46) 16 17 18 19 20 21 */ | ||
| 274 | 0x00000000L,0x00000100L,0x00080000L,0x00080100L, | ||
| 275 | 0x01000000L,0x01000100L,0x01080000L,0x01080100L, | ||
| 276 | 0x00000010L,0x00000110L,0x00080010L,0x00080110L, | ||
| 277 | 0x01000010L,0x01000110L,0x01080010L,0x01080110L, | ||
| 278 | 0x00200000L,0x00200100L,0x00280000L,0x00280100L, | ||
| 279 | 0x01200000L,0x01200100L,0x01280000L,0x01280100L, | ||
| 280 | 0x00200010L,0x00200110L,0x00280010L,0x00280110L, | ||
| 281 | 0x01200010L,0x01200110L,0x01280010L,0x01280110L, | ||
| 282 | 0x00000200L,0x00000300L,0x00080200L,0x00080300L, | ||
| 283 | 0x01000200L,0x01000300L,0x01080200L,0x01080300L, | ||
| 284 | 0x00000210L,0x00000310L,0x00080210L,0x00080310L, | ||
| 285 | 0x01000210L,0x01000310L,0x01080210L,0x01080310L, | ||
| 286 | 0x00200200L,0x00200300L,0x00280200L,0x00280300L, | ||
| 287 | 0x01200200L,0x01200300L,0x01280200L,0x01280300L, | ||
| 288 | 0x00200210L,0x00200310L,0x00280210L,0x00280310L, | ||
| 289 | 0x01200210L,0x01200310L,0x01280210L,0x01280310L, | ||
| 290 | },{ | ||
| 291 | /* for D bits (numbered as per FIPS 46) 22 23 24 25 27 28 */ | ||
| 292 | 0x00000000L,0x04000000L,0x00040000L,0x04040000L, | ||
| 293 | 0x00000002L,0x04000002L,0x00040002L,0x04040002L, | ||
| 294 | 0x00002000L,0x04002000L,0x00042000L,0x04042000L, | ||
| 295 | 0x00002002L,0x04002002L,0x00042002L,0x04042002L, | ||
| 296 | 0x00000020L,0x04000020L,0x00040020L,0x04040020L, | ||
| 297 | 0x00000022L,0x04000022L,0x00040022L,0x04040022L, | ||
| 298 | 0x00002020L,0x04002020L,0x00042020L,0x04042020L, | ||
| 299 | 0x00002022L,0x04002022L,0x00042022L,0x04042022L, | ||
| 300 | 0x00000800L,0x04000800L,0x00040800L,0x04040800L, | ||
| 301 | 0x00000802L,0x04000802L,0x00040802L,0x04040802L, | ||
| 302 | 0x00002800L,0x04002800L,0x00042800L,0x04042800L, | ||
| 303 | 0x00002802L,0x04002802L,0x00042802L,0x04042802L, | ||
| 304 | 0x00000820L,0x04000820L,0x00040820L,0x04040820L, | ||
| 305 | 0x00000822L,0x04000822L,0x00040822L,0x04040822L, | ||
| 306 | 0x00002820L,0x04002820L,0x00042820L,0x04042820L, | ||
| 307 | 0x00002822L,0x04002822L,0x00042822L,0x04042822L, | ||
| 308 | }}; | ||
| 309 | |||
| 310 | int DES_set_key(const_DES_cblock *key, DES_key_schedule *schedule) | ||
| 311 | { | ||
| 312 | if (DES_check_key) | ||
| 313 | { | ||
| 314 | return DES_set_key_checked(key, schedule); | ||
| 315 | } | ||
| 316 | else | ||
| 317 | { | ||
| 318 | DES_set_key_unchecked(key, schedule); | ||
| 319 | return 0; | ||
| 320 | } | ||
| 321 | } | ||
| 322 | |||
| 156 | /* return 0 if key parity is odd (correct), | 323 | /* return 0 if key parity is odd (correct), |
| 157 | * return -1 if key parity error, | 324 | * return -1 if key parity error, |
| 158 | * return -2 if illegal weak key. | 325 | * return -2 if illegal weak key. |
| 159 | */ | 326 | */ |
| 160 | int des_set_key(key, schedule) | 327 | int DES_set_key_checked(const_DES_cblock *key, DES_key_schedule *schedule) |
| 161 | des_cblock (*key); | 328 | { |
| 162 | des_key_schedule schedule; | 329 | if (!DES_check_key_parity(key)) |
| 330 | return(-1); | ||
| 331 | if (DES_is_weak_key(key)) | ||
| 332 | return(-2); | ||
| 333 | DES_set_key_unchecked(key, schedule); | ||
| 334 | return 0; | ||
| 335 | } | ||
| 336 | |||
| 337 | void DES_set_key_unchecked(const_DES_cblock *key, DES_key_schedule *schedule) | ||
| 163 | { | 338 | { |
| 164 | static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; | 339 | static int shifts2[16]={0,0,1,1,1,1,1,1,0,1,1,1,1,1,1,0}; |
| 165 | register DES_LONG c,d,t,s,t2; | 340 | register DES_LONG c,d,t,s,t2; |
| 166 | register unsigned char *in; | 341 | register const unsigned char *in; |
| 167 | register DES_LONG *k; | 342 | register DES_LONG *k; |
| 168 | register int i; | 343 | register int i; |
| 169 | 344 | ||
| 170 | if (des_check_key) | 345 | #if OPENBSD_DEV_CRYPTO |
| 171 | { | 346 | memcpy(schedule->key,key,sizeof schedule->key); |
| 172 | if (!check_parity(key)) | 347 | schedule->session=NULL; |
| 173 | return(-1); | 348 | #endif |
| 174 | 349 | k = &schedule->ks->deslong[0]; | |
| 175 | if (des_is_weak_key(key)) | 350 | in = &(*key)[0]; |
| 176 | return(-2); | ||
| 177 | } | ||
| 178 | |||
| 179 | k=(DES_LONG *)schedule; | ||
| 180 | in=(unsigned char *)key; | ||
| 181 | 351 | ||
| 182 | c2l(in,c); | 352 | c2l(in,c); |
| 183 | c2l(in,d); | 353 | c2l(in,d); |
| 184 | 354 | ||
| 185 | /* do PC1 in 60 simple operations */ | 355 | /* do PC1 in 47 simple operations :-) |
| 186 | /* PERM_OP(d,c,t,4,0x0f0f0f0fL); | ||
| 187 | HPERM_OP(c,t,-2, 0xcccc0000L); | ||
| 188 | HPERM_OP(c,t,-1, 0xaaaa0000L); | ||
| 189 | HPERM_OP(c,t, 8, 0x00ff0000L); | ||
| 190 | HPERM_OP(c,t,-1, 0xaaaa0000L); | ||
| 191 | HPERM_OP(d,t,-8, 0xff000000L); | ||
| 192 | HPERM_OP(d,t, 8, 0x00ff0000L); | ||
| 193 | HPERM_OP(d,t, 2, 0x33330000L); | ||
| 194 | d=((d&0x00aa00aaL)<<7L)|((d&0x55005500L)>>7L)|(d&0xaa55aa55L); | ||
| 195 | d=(d>>8)|((c&0xf0000000L)>>4); | ||
| 196 | c&=0x0fffffffL; */ | ||
| 197 | |||
| 198 | /* I now do it in 47 simple operations :-) | ||
| 199 | * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) | 356 | * Thanks to John Fletcher (john_fletcher@lccmail.ocf.llnl.gov) |
| 200 | * for the inspiration. :-) */ | 357 | * for the inspiration. :-) */ |
| 201 | PERM_OP (d,c,t,4,0x0f0f0f0fL); | 358 | PERM_OP (d,c,t,4,0x0f0f0f0fL); |
| @@ -219,9 +376,9 @@ des_key_schedule schedule; | |||
| 219 | /* could be a few less shifts but I am to lazy at this | 376 | /* could be a few less shifts but I am to lazy at this |
| 220 | * point in time to investigate */ | 377 | * point in time to investigate */ |
| 221 | s= des_skb[0][ (c )&0x3f ]| | 378 | s= des_skb[0][ (c )&0x3f ]| |
| 222 | des_skb[1][((c>> 6)&0x03)|((c>> 7L)&0x3c)]| | 379 | des_skb[1][((c>> 6L)&0x03)|((c>> 7L)&0x3c)]| |
| 223 | des_skb[2][((c>>13)&0x0f)|((c>>14L)&0x30)]| | 380 | des_skb[2][((c>>13L)&0x0f)|((c>>14L)&0x30)]| |
| 224 | des_skb[3][((c>>20)&0x01)|((c>>21L)&0x06) | | 381 | des_skb[3][((c>>20L)&0x01)|((c>>21L)&0x06) | |
| 225 | ((c>>22L)&0x38)]; | 382 | ((c>>22L)&0x38)]; |
| 226 | t= des_skb[4][ (d )&0x3f ]| | 383 | t= des_skb[4][ (d )&0x3f ]| |
| 227 | des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| | 384 | des_skb[5][((d>> 7L)&0x03)|((d>> 8L)&0x3c)]| |
| @@ -235,12 +392,16 @@ des_key_schedule schedule; | |||
| 235 | t2=((s>>16L)|(t&0xffff0000L)); | 392 | t2=((s>>16L)|(t&0xffff0000L)); |
| 236 | *(k++)=ROTATE(t2,26)&0xffffffffL; | 393 | *(k++)=ROTATE(t2,26)&0xffffffffL; |
| 237 | } | 394 | } |
| 238 | return(0); | ||
| 239 | } | 395 | } |
| 240 | 396 | ||
| 241 | int des_key_sched(key, schedule) | 397 | int DES_key_sched(const_DES_cblock *key, DES_key_schedule *schedule) |
| 242 | des_cblock (*key); | 398 | { |
| 243 | des_key_schedule schedule; | 399 | return(DES_set_key(key,schedule)); |
| 400 | } | ||
| 401 | /* | ||
| 402 | #undef des_fixup_key_parity | ||
| 403 | void des_fixup_key_parity(des_cblock *key) | ||
| 244 | { | 404 | { |
| 245 | return(des_set_key(key,schedule)); | 405 | des_set_odd_parity(key); |
| 246 | } | 406 | } |
| 407 | */ | ||
diff --git a/src/lib/libcrypto/des/spr.h b/src/lib/libcrypto/des/spr.h index 81813f9f7a..b91936a5a5 100644 --- a/src/lib/libcrypto/des/spr.h +++ b/src/lib/libcrypto/des/spr.h | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | const DES_LONG des_SPtrans[8][64]={ | 59 | OPENSSL_GLOBAL const DES_LONG DES_SPtrans[8][64]={ |
| 60 | { | 60 | { |
| 61 | /* nibble 0 */ | 61 | /* nibble 0 */ |
| 62 | 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, | 62 | 0x02080800L, 0x00080000L, 0x02000002L, 0x02080802L, |
diff --git a/src/lib/libcrypto/des/str2key.c b/src/lib/libcrypto/des/str2key.c index 3365c1bcf3..36c3f81d99 100644 --- a/src/lib/libcrypto/des/str2key.c +++ b/src/lib/libcrypto/des/str2key.c | |||
| @@ -58,13 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include "des_locl.h" | 59 | #include "des_locl.h" |
| 60 | 60 | ||
| 61 | extern int des_check_key; | 61 | void DES_string_to_key(const char *str, DES_cblock *key) |
| 62 | |||
| 63 | void des_string_to_key(str, key) | ||
| 64 | char *str; | ||
| 65 | des_cblock (*key); | ||
| 66 | { | 62 | { |
| 67 | des_key_schedule ks; | 63 | DES_key_schedule ks; |
| 68 | int i,length; | 64 | int i,length; |
| 69 | register unsigned char j; | 65 | register unsigned char j; |
| 70 | 66 | ||
| @@ -89,23 +85,22 @@ des_cblock (*key); | |||
| 89 | } | 85 | } |
| 90 | } | 86 | } |
| 91 | #endif | 87 | #endif |
| 92 | des_set_odd_parity((des_cblock *)key); | 88 | DES_set_odd_parity(key); |
| 93 | i=des_check_key; | 89 | #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY |
| 94 | des_check_key=0; | 90 | if(DES_is_weak_key(key)) |
| 95 | des_set_key((des_cblock *)key,ks); | 91 | (*key)[7] ^= 0xF0; |
| 96 | des_check_key=i; | 92 | DES_set_key(key,&ks); |
| 97 | des_cbc_cksum((des_cblock *)str,(des_cblock *)key,(long)length,ks, | 93 | #else |
| 98 | (des_cblock *)key); | 94 | DES_set_key_unchecked(key,&ks); |
| 99 | memset(ks,0,sizeof(ks)); | 95 | #endif |
| 100 | des_set_odd_parity((des_cblock *)key); | 96 | DES_cbc_cksum((const unsigned char*)str,key,length,&ks,key); |
| 97 | memset(&ks,0,sizeof(ks)); | ||
| 98 | DES_set_odd_parity(key); | ||
| 101 | } | 99 | } |
| 102 | 100 | ||
| 103 | void des_string_to_2keys(str, key1, key2) | 101 | void DES_string_to_2keys(const char *str, DES_cblock *key1, DES_cblock *key2) |
| 104 | char *str; | ||
| 105 | des_cblock (*key1); | ||
| 106 | des_cblock (*key2); | ||
| 107 | { | 102 | { |
| 108 | des_key_schedule ks; | 103 | DES_key_schedule ks; |
| 109 | int i,length; | 104 | int i,length; |
| 110 | register unsigned char j; | 105 | register unsigned char j; |
| 111 | 106 | ||
| @@ -154,18 +149,25 @@ des_cblock (*key2); | |||
| 154 | } | 149 | } |
| 155 | if (length <= 8) memcpy(key2,key1,8); | 150 | if (length <= 8) memcpy(key2,key1,8); |
| 156 | #endif | 151 | #endif |
| 157 | des_set_odd_parity((des_cblock *)key1); | 152 | DES_set_odd_parity(key1); |
| 158 | des_set_odd_parity((des_cblock *)key2); | 153 | DES_set_odd_parity(key2); |
| 159 | i=des_check_key; | 154 | #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY |
| 160 | des_check_key=0; | 155 | if(DES_is_weak_key(key1)) |
| 161 | des_set_key((des_cblock *)key1,ks); | 156 | (*key1)[7] ^= 0xF0; |
| 162 | des_cbc_cksum((des_cblock *)str,(des_cblock *)key1,(long)length,ks, | 157 | DES_set_key(key1,&ks); |
| 163 | (des_cblock *)key1); | 158 | #else |
| 164 | des_set_key((des_cblock *)key2,ks); | 159 | DES_set_key_unchecked(key1,&ks); |
| 165 | des_cbc_cksum((des_cblock *)str,(des_cblock *)key2,(long)length,ks, | 160 | #endif |
| 166 | (des_cblock *)key2); | 161 | DES_cbc_cksum((const unsigned char*)str,key1,length,&ks,key1); |
| 167 | des_check_key=i; | 162 | #ifdef EXPERIMENTAL_STR_TO_STRONG_KEY |
| 168 | memset(ks,0,sizeof(ks)); | 163 | if(DES_is_weak_key(key2)) |
| 169 | des_set_odd_parity(key1); | 164 | (*key2)[7] ^= 0xF0; |
| 170 | des_set_odd_parity(key2); | 165 | DES_set_key(key2,&ks); |
| 166 | #else | ||
| 167 | DES_set_key_unchecked(key2,&ks); | ||
| 168 | #endif | ||
| 169 | DES_cbc_cksum((const unsigned char*)str,key2,length,&ks,key2); | ||
| 170 | memset(&ks,0,sizeof(ks)); | ||
| 171 | DES_set_odd_parity(key1); | ||
| 172 | DES_set_odd_parity(key2); | ||
| 171 | } | 173 | } |
diff --git a/src/lib/libcrypto/des/xcbc_enc.c b/src/lib/libcrypto/des/xcbc_enc.c index 031589bf50..47246eb466 100644 --- a/src/lib/libcrypto/des/xcbc_enc.c +++ b/src/lib/libcrypto/des/xcbc_enc.c | |||
| @@ -79,18 +79,14 @@ static unsigned char desx_white_in2out[256]={ | |||
| 79 | 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, | 79 | 0xA7,0x1C,0xC9,0x09,0x69,0x9A,0x83,0xCF,0x29,0x39,0xB9,0xE9,0x4C,0xFF,0x43,0xAB, |
| 80 | }; | 80 | }; |
| 81 | 81 | ||
| 82 | void des_xwhite_in2out(des_key,in_white,out_white) | 82 | void DES_xwhite_in2out(const_DES_cblock *des_key, const_DES_cblock *in_white, |
| 83 | des_cblock (*des_key); | 83 | DES_cblock *out_white) |
| 84 | des_cblock (*in_white); | ||
| 85 | des_cblock (*out_white); | ||
| 86 | { | 84 | { |
| 87 | unsigned char *key,*in,*out; | ||
| 88 | int out0,out1; | 85 | int out0,out1; |
| 89 | int i; | 86 | int i; |
| 90 | 87 | const unsigned char *key = &(*des_key)[0]; | |
| 91 | key=(unsigned char *)des_key; | 88 | const unsigned char *in = &(*in_white)[0]; |
| 92 | in=(unsigned char *)in_white; | 89 | unsigned char *out = &(*out_white)[0]; |
| 93 | out=(unsigned char *)out_white; | ||
| 94 | 90 | ||
| 95 | out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; | 91 | out[0]=out[1]=out[2]=out[3]=out[4]=out[5]=out[6]=out[7]=0; |
| 96 | out0=out1=0; | 92 | out0=out1=0; |
| @@ -111,34 +107,27 @@ des_cblock (*out_white); | |||
| 111 | } | 107 | } |
| 112 | } | 108 | } |
| 113 | 109 | ||
| 114 | void des_xcbc_encrypt(input, output, length, schedule, ivec, inw,outw,enc) | 110 | void DES_xcbc_encrypt(const unsigned char *in, unsigned char *out, |
| 115 | des_cblock (*input); | 111 | long length, DES_key_schedule *schedule, |
| 116 | des_cblock (*output); | 112 | DES_cblock *ivec, const_DES_cblock *inw, |
| 117 | long length; | 113 | const_DES_cblock *outw, int enc) |
| 118 | des_key_schedule schedule; | ||
| 119 | des_cblock (*ivec); | ||
| 120 | des_cblock (*inw); | ||
| 121 | des_cblock (*outw); | ||
| 122 | int enc; | ||
| 123 | { | 114 | { |
| 124 | register DES_LONG tin0,tin1; | 115 | register DES_LONG tin0,tin1; |
| 125 | register DES_LONG tout0,tout1,xor0,xor1; | 116 | register DES_LONG tout0,tout1,xor0,xor1; |
| 126 | register DES_LONG inW0,inW1,outW0,outW1; | 117 | register DES_LONG inW0,inW1,outW0,outW1; |
| 127 | register unsigned char *in,*out; | 118 | register const unsigned char *in2; |
| 128 | register long l=length; | 119 | register long l=length; |
| 129 | DES_LONG tin[2]; | 120 | DES_LONG tin[2]; |
| 130 | unsigned char *iv; | 121 | unsigned char *iv; |
| 131 | 122 | ||
| 132 | in=(unsigned char *)inw; | 123 | in2 = &(*inw)[0]; |
| 133 | c2l(in,inW0); | 124 | c2l(in2,inW0); |
| 134 | c2l(in,inW1); | 125 | c2l(in2,inW1); |
| 135 | in=(unsigned char *)outw; | 126 | in2 = &(*outw)[0]; |
| 136 | c2l(in,outW0); | 127 | c2l(in2,outW0); |
| 137 | c2l(in,outW1); | 128 | c2l(in2,outW1); |
| 138 | 129 | ||
| 139 | in=(unsigned char *)input; | 130 | iv = &(*ivec)[0]; |
| 140 | out=(unsigned char *)output; | ||
| 141 | iv=(unsigned char *)ivec; | ||
| 142 | 131 | ||
| 143 | if (enc) | 132 | if (enc) |
| 144 | { | 133 | { |
| @@ -150,7 +139,7 @@ int enc; | |||
| 150 | c2l(in,tin1); | 139 | c2l(in,tin1); |
| 151 | tin0^=tout0^inW0; tin[0]=tin0; | 140 | tin0^=tout0^inW0; tin[0]=tin0; |
| 152 | tin1^=tout1^inW1; tin[1]=tin1; | 141 | tin1^=tout1^inW1; tin[1]=tin1; |
| 153 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 142 | DES_encrypt1(tin,schedule,DES_ENCRYPT); |
| 154 | tout0=tin[0]^outW0; l2c(tout0,out); | 143 | tout0=tin[0]^outW0; l2c(tout0,out); |
| 155 | tout1=tin[1]^outW1; l2c(tout1,out); | 144 | tout1=tin[1]^outW1; l2c(tout1,out); |
| 156 | } | 145 | } |
| @@ -159,11 +148,11 @@ int enc; | |||
| 159 | c2ln(in,tin0,tin1,l+8); | 148 | c2ln(in,tin0,tin1,l+8); |
| 160 | tin0^=tout0^inW0; tin[0]=tin0; | 149 | tin0^=tout0^inW0; tin[0]=tin0; |
| 161 | tin1^=tout1^inW1; tin[1]=tin1; | 150 | tin1^=tout1^inW1; tin[1]=tin1; |
| 162 | des_encrypt((DES_LONG *)tin,schedule,DES_ENCRYPT); | 151 | DES_encrypt1(tin,schedule,DES_ENCRYPT); |
| 163 | tout0=tin[0]^outW0; l2c(tout0,out); | 152 | tout0=tin[0]^outW0; l2c(tout0,out); |
| 164 | tout1=tin[1]^outW1; l2c(tout1,out); | 153 | tout1=tin[1]^outW1; l2c(tout1,out); |
| 165 | } | 154 | } |
| 166 | iv=(unsigned char *)ivec; | 155 | iv = &(*ivec)[0]; |
| 167 | l2c(tout0,iv); | 156 | l2c(tout0,iv); |
| 168 | l2c(tout1,iv); | 157 | l2c(tout1,iv); |
| 169 | } | 158 | } |
| @@ -175,7 +164,7 @@ int enc; | |||
| 175 | { | 164 | { |
| 176 | c2l(in,tin0); tin[0]=tin0^outW0; | 165 | c2l(in,tin0); tin[0]=tin0^outW0; |
| 177 | c2l(in,tin1); tin[1]=tin1^outW1; | 166 | c2l(in,tin1); tin[1]=tin1^outW1; |
| 178 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | 167 | DES_encrypt1(tin,schedule,DES_DECRYPT); |
| 179 | tout0=tin[0]^xor0^inW0; | 168 | tout0=tin[0]^xor0^inW0; |
| 180 | tout1=tin[1]^xor1^inW1; | 169 | tout1=tin[1]^xor1^inW1; |
| 181 | l2c(tout0,out); | 170 | l2c(tout0,out); |
| @@ -187,7 +176,7 @@ int enc; | |||
| 187 | { | 176 | { |
| 188 | c2l(in,tin0); tin[0]=tin0^outW0; | 177 | c2l(in,tin0); tin[0]=tin0^outW0; |
| 189 | c2l(in,tin1); tin[1]=tin1^outW1; | 178 | c2l(in,tin1); tin[1]=tin1^outW1; |
| 190 | des_encrypt((DES_LONG *)tin,schedule,DES_DECRYPT); | 179 | DES_encrypt1(tin,schedule,DES_DECRYPT); |
| 191 | tout0=tin[0]^xor0^inW0; | 180 | tout0=tin[0]^xor0^inW0; |
| 192 | tout1=tin[1]^xor1^inW1; | 181 | tout1=tin[1]^xor1^inW1; |
| 193 | l2cn(tout0,tout1,out,l+8); | 182 | l2cn(tout0,tout1,out,l+8); |
| @@ -195,7 +184,7 @@ int enc; | |||
| 195 | xor1=tin1; | 184 | xor1=tin1; |
| 196 | } | 185 | } |
| 197 | 186 | ||
| 198 | iv=(unsigned char *)ivec; | 187 | iv = &(*ivec)[0]; |
| 199 | l2c(xor0,iv); | 188 | l2c(xor0,iv); |
| 200 | l2c(xor1,iv); | 189 | l2c(xor1,iv); |
| 201 | } | 190 | } |
diff --git a/src/lib/libcrypto/dh/dh.h b/src/lib/libcrypto/dh/dh.h index 4cc1df2650..05851f8429 100644 --- a/src/lib/libcrypto/dh/dh.h +++ b/src/lib/libcrypto/dh/dh.h | |||
| @@ -59,15 +59,41 @@ | |||
| 59 | #ifndef HEADER_DH_H | 59 | #ifndef HEADER_DH_H |
| 60 | #define HEADER_DH_H | 60 | #define HEADER_DH_H |
| 61 | 61 | ||
| 62 | #ifdef OPENSSL_NO_DH | ||
| 63 | #error DH is disabled. | ||
| 64 | #endif | ||
| 65 | |||
| 66 | #ifndef OPENSSL_NO_BIO | ||
| 67 | #include <openssl/bio.h> | ||
| 68 | #endif | ||
| 69 | #include <openssl/bn.h> | ||
| 70 | #include <openssl/crypto.h> | ||
| 71 | #include <openssl/ossl_typ.h> | ||
| 72 | |||
| 73 | #define DH_FLAG_CACHE_MONT_P 0x01 | ||
| 74 | |||
| 62 | #ifdef __cplusplus | 75 | #ifdef __cplusplus |
| 63 | extern "C" { | 76 | extern "C" { |
| 64 | #endif | 77 | #endif |
| 65 | 78 | ||
| 66 | #ifndef HEADER_BN_H | 79 | typedef struct dh_st DH; |
| 67 | #define BIGNUM char | 80 | |
| 68 | #endif | 81 | typedef struct dh_method { |
| 82 | const char *name; | ||
| 83 | /* Methods here */ | ||
| 84 | int (*generate_key)(DH *dh); | ||
| 85 | int (*compute_key)(unsigned char *key,const BIGNUM *pub_key,DH *dh); | ||
| 86 | int (*bn_mod_exp)(const DH *dh, BIGNUM *r, const BIGNUM *a, | ||
| 87 | const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, | ||
| 88 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
| 89 | |||
| 90 | int (*init)(DH *dh); | ||
| 91 | int (*finish)(DH *dh); | ||
| 92 | int flags; | ||
| 93 | char *app_data; | ||
| 94 | } DH_METHOD; | ||
| 69 | 95 | ||
| 70 | typedef struct dh_st | 96 | struct dh_st |
| 71 | { | 97 | { |
| 72 | /* This first argument is used to pick up errors when | 98 | /* This first argument is used to pick up errors when |
| 73 | * a DH is passed instead of a EVP_PKEY */ | 99 | * a DH is passed instead of a EVP_PKEY */ |
| @@ -75,10 +101,24 @@ typedef struct dh_st | |||
| 75 | int version; | 101 | int version; |
| 76 | BIGNUM *p; | 102 | BIGNUM *p; |
| 77 | BIGNUM *g; | 103 | BIGNUM *g; |
| 78 | int length; /* optional */ | 104 | long length; /* optional */ |
| 79 | BIGNUM *pub_key; /* y */ | 105 | BIGNUM *pub_key; /* g^x */ |
| 80 | BIGNUM *priv_key; /* x */ | 106 | BIGNUM *priv_key; /* x */ |
| 81 | } DH; | 107 | |
| 108 | int flags; | ||
| 109 | char *method_mont_p; | ||
| 110 | /* Place holders if we want to do X9.42 DH */ | ||
| 111 | BIGNUM *q; | ||
| 112 | BIGNUM *j; | ||
| 113 | unsigned char *seed; | ||
| 114 | int seedlen; | ||
| 115 | BIGNUM *counter; | ||
| 116 | |||
| 117 | int references; | ||
| 118 | CRYPTO_EX_DATA ex_data; | ||
| 119 | const DH_METHOD *meth; | ||
| 120 | ENGINE *engine; | ||
| 121 | }; | ||
| 82 | 122 | ||
| 83 | #define DH_GENERATOR_2 2 | 123 | #define DH_GENERATOR_2 2 |
| 84 | /* #define DH_GENERATOR_3 3 */ | 124 | /* #define DH_GENERATOR_3 3 */ |
| @@ -86,10 +126,14 @@ typedef struct dh_st | |||
| 86 | 126 | ||
| 87 | /* DH_check error codes */ | 127 | /* DH_check error codes */ |
| 88 | #define DH_CHECK_P_NOT_PRIME 0x01 | 128 | #define DH_CHECK_P_NOT_PRIME 0x01 |
| 89 | #define DH_CHECK_P_NOT_STRONG_PRIME 0x02 | 129 | #define DH_CHECK_P_NOT_SAFE_PRIME 0x02 |
| 90 | #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 | 130 | #define DH_UNABLE_TO_CHECK_GENERATOR 0x04 |
| 91 | #define DH_NOT_SUITABLE_GENERATOR 0x08 | 131 | #define DH_NOT_SUITABLE_GENERATOR 0x08 |
| 92 | 132 | ||
| 133 | /* primes p where (p-1)/2 is prime too are called "safe"; we define | ||
| 134 | this for backward compatibility: */ | ||
| 135 | #define DH_CHECK_P_NOT_STRONG_PRIME DH_CHECK_P_NOT_SAFE_PRIME | ||
| 136 | |||
| 93 | #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ | 137 | #define DHparams_dup(x) (DH *)ASN1_dup((int (*)())i2d_DHparams, \ |
| 94 | (char *(*)())d2i_DHparams,(char *)(x)) | 138 | (char *(*)())d2i_DHparams,(char *)(x)) |
| 95 | #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ | 139 | #define d2i_DHparams_fp(fp,x) (DH *)ASN1_d2i_fp((char *(*)())DH_new, \ |
| @@ -98,50 +142,51 @@ typedef struct dh_st | |||
| 98 | (unsigned char *)(x)) | 142 | (unsigned char *)(x)) |
| 99 | #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ | 143 | #define d2i_DHparams_bio(bp,x) (DH *)ASN1_d2i_bio((char *(*)())DH_new, \ |
| 100 | (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) | 144 | (char *(*)())d2i_DHparams,(bp),(unsigned char **)(x)) |
| 145 | #ifdef __cplusplus | ||
| 146 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio((int (*)())i2d_DHparams,(bp), \ | ||
| 147 | (unsigned char *)(x)) | ||
| 148 | #else | ||
| 101 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ | 149 | #define i2d_DHparams_bio(bp,x) ASN1_i2d_bio(i2d_DHparams,(bp), \ |
| 102 | (unsigned char *)(x)) | 150 | (unsigned char *)(x)) |
| 151 | #endif | ||
| 152 | |||
| 153 | const DH_METHOD *DH_OpenSSL(void); | ||
| 154 | |||
| 155 | void DH_set_default_method(const DH_METHOD *meth); | ||
| 156 | const DH_METHOD *DH_get_default_method(void); | ||
| 157 | int DH_set_method(DH *dh, const DH_METHOD *meth); | ||
| 158 | DH *DH_new_method(ENGINE *engine); | ||
| 103 | 159 | ||
| 104 | #ifndef NOPROTO | ||
| 105 | DH * DH_new(void); | 160 | DH * DH_new(void); |
| 106 | void DH_free(DH *dh); | 161 | void DH_free(DH *dh); |
| 107 | int DH_size(DH *dh); | 162 | int DH_up_ref(DH *dh); |
| 163 | int DH_size(const DH *dh); | ||
| 164 | int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 165 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 166 | int DH_set_ex_data(DH *d, int idx, void *arg); | ||
| 167 | void *DH_get_ex_data(DH *d, int idx); | ||
| 108 | DH * DH_generate_parameters(int prime_len,int generator, | 168 | DH * DH_generate_parameters(int prime_len,int generator, |
| 109 | void (*callback)(int,int,char *),char *cb_arg); | 169 | void (*callback)(int,int,void *),void *cb_arg); |
| 110 | int DH_check(DH *dh,int *codes); | 170 | int DH_check(const DH *dh,int *codes); |
| 111 | int DH_generate_key(DH *dh); | 171 | int DH_generate_key(DH *dh); |
| 112 | int DH_compute_key(unsigned char *key,BIGNUM *pub_key,DH *dh); | 172 | int DH_compute_key(unsigned char *key,const BIGNUM *pub_key,DH *dh); |
| 113 | DH * d2i_DHparams(DH **a,unsigned char **pp, long length); | 173 | DH * d2i_DHparams(DH **a,const unsigned char **pp, long length); |
| 114 | int i2d_DHparams(DH *a,unsigned char **pp); | 174 | int i2d_DHparams(const DH *a,unsigned char **pp); |
| 115 | #ifndef NO_FP_API | 175 | #ifndef OPENSSL_NO_FP_API |
| 116 | int DHparams_print_fp(FILE *fp, DH *x); | 176 | int DHparams_print_fp(FILE *fp, const DH *x); |
| 117 | #endif | 177 | #endif |
| 118 | #ifdef HEADER_BIO_H | 178 | #ifndef OPENSSL_NO_BIO |
| 119 | int DHparams_print(BIO *bp, DH *x); | 179 | int DHparams_print(BIO *bp, const DH *x); |
| 120 | #else | 180 | #else |
| 121 | int DHparams_print(char *bp, DH *x); | 181 | int DHparams_print(char *bp, const DH *x); |
| 122 | #endif | ||
| 123 | void ERR_load_DH_strings(void ); | ||
| 124 | |||
| 125 | #else | ||
| 126 | |||
| 127 | DH * DH_new(); | ||
| 128 | void DH_free(); | ||
| 129 | int DH_size(); | ||
| 130 | DH * DH_generate_parameters(); | ||
| 131 | int DH_check(); | ||
| 132 | int DH_generate_key(); | ||
| 133 | int DH_compute_key(); | ||
| 134 | DH * d2i_DHparams(); | ||
| 135 | int i2d_DHparams(); | ||
| 136 | #ifndef NO_FP_API | ||
| 137 | int DHparams_print_fp(); | ||
| 138 | #endif | ||
| 139 | int DHparams_print(); | ||
| 140 | void ERR_load_DH_strings(); | ||
| 141 | |||
| 142 | #endif | 182 | #endif |
| 143 | 183 | ||
| 144 | /* BEGIN ERROR CODES */ | 184 | /* BEGIN ERROR CODES */ |
| 185 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 186 | * made after this point may be overwritten when the script is next run. | ||
| 187 | */ | ||
| 188 | void ERR_load_DH_strings(void); | ||
| 189 | |||
| 145 | /* Error codes for the DH functions. */ | 190 | /* Error codes for the DH functions. */ |
| 146 | 191 | ||
| 147 | /* Function codes. */ | 192 | /* Function codes. */ |
| @@ -150,13 +195,13 @@ void ERR_load_DH_strings(); | |||
| 150 | #define DH_F_DH_COMPUTE_KEY 102 | 195 | #define DH_F_DH_COMPUTE_KEY 102 |
| 151 | #define DH_F_DH_GENERATE_KEY 103 | 196 | #define DH_F_DH_GENERATE_KEY 103 |
| 152 | #define DH_F_DH_GENERATE_PARAMETERS 104 | 197 | #define DH_F_DH_GENERATE_PARAMETERS 104 |
| 153 | #define DH_F_DH_NEW 105 | 198 | #define DH_F_DH_NEW_METHOD 105 |
| 154 | 199 | ||
| 155 | /* Reason codes. */ | 200 | /* Reason codes. */ |
| 201 | #define DH_R_BAD_GENERATOR 101 | ||
| 156 | #define DH_R_NO_PRIVATE_VALUE 100 | 202 | #define DH_R_NO_PRIVATE_VALUE 100 |
| 157 | 203 | ||
| 158 | #ifdef __cplusplus | 204 | #ifdef __cplusplus |
| 159 | } | 205 | } |
| 160 | #endif | 206 | #endif |
| 161 | #endif | 207 | #endif |
| 162 | |||
diff --git a/src/lib/libcrypto/dh/dh_check.c b/src/lib/libcrypto/dh/dh_check.c index 65602e494f..f0373f7d68 100644 --- a/src/lib/libcrypto/dh/dh_check.c +++ b/src/lib/libcrypto/dh/dh_check.c | |||
| @@ -58,10 +58,10 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "dh.h" | 62 | #include <openssl/dh.h> |
| 63 | 63 | ||
| 64 | /* Check that p is a strong prime and | 64 | /* Check that p is a safe prime and |
| 65 | * if g is 2, 3 or 5, check that is is a suitable generator | 65 | * if g is 2, 3 or 5, check that is is a suitable generator |
| 66 | * where | 66 | * where |
| 67 | * for 2, p mod 24 == 11 | 67 | * for 2, p mod 24 == 11 |
| @@ -70,9 +70,7 @@ | |||
| 70 | * should hold. | 70 | * should hold. |
| 71 | */ | 71 | */ |
| 72 | 72 | ||
| 73 | int DH_check(dh,ret) | 73 | int DH_check(const DH *dh, int *ret) |
| 74 | DH *dh; | ||
| 75 | int *ret; | ||
| 76 | { | 74 | { |
| 77 | int ok=0; | 75 | int ok=0; |
| 78 | BN_CTX *ctx=NULL; | 76 | BN_CTX *ctx=NULL; |
| @@ -90,11 +88,13 @@ int *ret; | |||
| 90 | l=BN_mod_word(dh->p,24); | 88 | l=BN_mod_word(dh->p,24); |
| 91 | if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; | 89 | if (l != 11) *ret|=DH_NOT_SUITABLE_GENERATOR; |
| 92 | } | 90 | } |
| 93 | /* else if (BN_is_word(dh->g,DH_GENERATOR_3)) | 91 | #if 0 |
| 92 | else if (BN_is_word(dh->g,DH_GENERATOR_3)) | ||
| 94 | { | 93 | { |
| 95 | l=BN_mod_word(dh->p,12); | 94 | l=BN_mod_word(dh->p,12); |
| 96 | if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; | 95 | if (l != 5) *ret|=DH_NOT_SUITABLE_GENERATOR; |
| 97 | }*/ | 96 | } |
| 97 | #endif | ||
| 98 | else if (BN_is_word(dh->g,DH_GENERATOR_5)) | 98 | else if (BN_is_word(dh->g,DH_GENERATOR_5)) |
| 99 | { | 99 | { |
| 100 | l=BN_mod_word(dh->p,10); | 100 | l=BN_mod_word(dh->p,10); |
| @@ -110,7 +110,7 @@ int *ret; | |||
| 110 | { | 110 | { |
| 111 | if (!BN_rshift1(q,dh->p)) goto err; | 111 | if (!BN_rshift1(q,dh->p)) goto err; |
| 112 | if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) | 112 | if (!BN_is_prime(q,BN_prime_checks,NULL,ctx,NULL)) |
| 113 | *ret|=DH_CHECK_P_NOT_STRONG_PRIME; | 113 | *ret|=DH_CHECK_P_NOT_SAFE_PRIME; |
| 114 | } | 114 | } |
| 115 | ok=1; | 115 | ok=1; |
| 116 | err: | 116 | err: |
diff --git a/src/lib/libcrypto/dh/dh_err.c b/src/lib/libcrypto/dh/dh_err.c index 9d5c06ac24..d837950aec 100644 --- a/src/lib/libcrypto/dh/dh_err.c +++ b/src/lib/libcrypto/dh/dh_err.c | |||
| @@ -1,66 +1,69 @@ | |||
| 1 | /* lib/dh/dh_err.c */ | 1 | /* crypto/dh/dh_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "dh.h" | 63 | #include <openssl/dh.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA DH_str_functs[]= | 67 | static ERR_STRING_DATA DH_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, | 69 | {ERR_PACK(0,DH_F_DHPARAMS_PRINT,0), "DHparams_print"}, |
| @@ -68,26 +71,27 @@ static ERR_STRING_DATA DH_str_functs[]= | |||
| 68 | {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, | 71 | {ERR_PACK(0,DH_F_DH_COMPUTE_KEY,0), "DH_compute_key"}, |
| 69 | {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, | 72 | {ERR_PACK(0,DH_F_DH_GENERATE_KEY,0), "DH_generate_key"}, |
| 70 | {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, | 73 | {ERR_PACK(0,DH_F_DH_GENERATE_PARAMETERS,0), "DH_generate_parameters"}, |
| 71 | {ERR_PACK(0,DH_F_DH_NEW,0), "DH_new"}, | 74 | {ERR_PACK(0,DH_F_DH_NEW_METHOD,0), "DH_new_method"}, |
| 72 | {0,NULL}, | 75 | {0,NULL} |
| 73 | }; | 76 | }; |
| 74 | 77 | ||
| 75 | static ERR_STRING_DATA DH_str_reasons[]= | 78 | static ERR_STRING_DATA DH_str_reasons[]= |
| 76 | { | 79 | { |
| 80 | {DH_R_BAD_GENERATOR ,"bad generator"}, | ||
| 77 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, | 81 | {DH_R_NO_PRIVATE_VALUE ,"no private value"}, |
| 78 | {0,NULL}, | 82 | {0,NULL} |
| 79 | }; | 83 | }; |
| 80 | 84 | ||
| 81 | #endif | 85 | #endif |
| 82 | 86 | ||
| 83 | void ERR_load_DH_strings() | 87 | void ERR_load_DH_strings(void) |
| 84 | { | 88 | { |
| 85 | static int init=1; | 89 | static int init=1; |
| 86 | 90 | ||
| 87 | if (init); | 91 | if (init) |
| 88 | {; | 92 | { |
| 89 | init=0; | 93 | init=0; |
| 90 | #ifndef NO_ERR | 94 | #ifndef OPENSSL_NO_ERR |
| 91 | ERR_load_strings(ERR_LIB_DH,DH_str_functs); | 95 | ERR_load_strings(ERR_LIB_DH,DH_str_functs); |
| 92 | ERR_load_strings(ERR_LIB_DH,DH_str_reasons); | 96 | ERR_load_strings(ERR_LIB_DH,DH_str_reasons); |
| 93 | #endif | 97 | #endif |
diff --git a/src/lib/libcrypto/dh/dh_gen.c b/src/lib/libcrypto/dh/dh_gen.c index 04c7046a7b..06f78b35ab 100644 --- a/src/lib/libcrypto/dh/dh_gen.c +++ b/src/lib/libcrypto/dh/dh_gen.c | |||
| @@ -58,8 +58,8 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "dh.h" | 62 | #include <openssl/dh.h> |
| 63 | 63 | ||
| 64 | /* We generate DH parameters as follows | 64 | /* We generate DH parameters as follows |
| 65 | * find a prime q which is prime_len/2 bits long. | 65 | * find a prime q which is prime_len/2 bits long. |
| @@ -72,22 +72,22 @@ | |||
| 72 | * Having said all that, | 72 | * Having said all that, |
| 73 | * there is another special case method for the generators 2, 3 and 5. | 73 | * there is another special case method for the generators 2, 3 and 5. |
| 74 | * for 2, p mod 24 == 11 | 74 | * for 2, p mod 24 == 11 |
| 75 | * for 3, p mod 12 == 5 <<<<< does not work for strong primes. | 75 | * for 3, p mod 12 == 5 <<<<< does not work for safe primes. |
| 76 | * for 5, p mod 10 == 3 or 7 | 76 | * for 5, p mod 10 == 3 or 7 |
| 77 | * | 77 | * |
| 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the | 78 | * Thanks to Phil Karn <karn@qualcomm.com> for the pointers about the |
| 79 | * special generators and for answering some of my questions. | 79 | * special generators and for answering some of my questions. |
| 80 | * | 80 | * |
| 81 | * I've implemented the second simple method :-). | 81 | * I've implemented the second simple method :-). |
| 82 | * Since DH should be using a strong prime (both p and q are prime), | 82 | * Since DH should be using a safe prime (both p and q are prime), |
| 83 | * this generator function can take a very very long time to run. | 83 | * this generator function can take a very very long time to run. |
| 84 | */ | 84 | */ |
| 85 | 85 | /* Actually there is no reason to insist that 'generator' be a generator. | |
| 86 | DH *DH_generate_parameters(prime_len,generator,callback,cb_arg) | 86 | * It's just as OK (and in some sense better) to use a generator of the |
| 87 | int prime_len; | 87 | * order-q subgroup. |
| 88 | int generator; | 88 | */ |
| 89 | void (*callback)(P_I_I_P); | 89 | DH *DH_generate_parameters(int prime_len, int generator, |
| 90 | char *cb_arg; | 90 | void (*callback)(int,int,void *), void *cb_arg) |
| 91 | { | 91 | { |
| 92 | BIGNUM *p=NULL,*t1,*t2; | 92 | BIGNUM *p=NULL,*t1,*t2; |
| 93 | DH *ret=NULL; | 93 | DH *ret=NULL; |
| @@ -95,38 +95,53 @@ char *cb_arg; | |||
| 95 | BN_CTX *ctx=NULL; | 95 | BN_CTX *ctx=NULL; |
| 96 | 96 | ||
| 97 | ret=DH_new(); | 97 | ret=DH_new(); |
| 98 | if (ret == NULL) goto err; | ||
| 98 | ctx=BN_CTX_new(); | 99 | ctx=BN_CTX_new(); |
| 99 | if (ctx == NULL) goto err; | 100 | if (ctx == NULL) goto err; |
| 100 | t1=ctx->bn[0]; | 101 | BN_CTX_start(ctx); |
| 101 | t2=ctx->bn[1]; | 102 | t1 = BN_CTX_get(ctx); |
| 102 | ctx->tos=2; | 103 | t2 = BN_CTX_get(ctx); |
| 104 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 103 | 105 | ||
| 106 | if (generator <= 1) | ||
| 107 | { | ||
| 108 | DHerr(DH_F_DH_GENERATE_PARAMETERS, DH_R_BAD_GENERATOR); | ||
| 109 | goto err; | ||
| 110 | } | ||
| 104 | if (generator == DH_GENERATOR_2) | 111 | if (generator == DH_GENERATOR_2) |
| 105 | { | 112 | { |
| 106 | BN_set_word(t1,24); | 113 | if (!BN_set_word(t1,24)) goto err; |
| 107 | BN_set_word(t2,11); | 114 | if (!BN_set_word(t2,11)) goto err; |
| 108 | g=2; | 115 | g=2; |
| 109 | } | 116 | } |
| 110 | #ifdef undef /* does not work for strong primes */ | 117 | #if 0 /* does not work for safe primes */ |
| 111 | else if (generator == DH_GENERATOR_3) | 118 | else if (generator == DH_GENERATOR_3) |
| 112 | { | 119 | { |
| 113 | BN_set_word(t1,12); | 120 | if (!BN_set_word(t1,12)) goto err; |
| 114 | BN_set_word(t2,5); | 121 | if (!BN_set_word(t2,5)) goto err; |
| 115 | g=3; | 122 | g=3; |
| 116 | } | 123 | } |
| 117 | #endif | 124 | #endif |
| 118 | else if (generator == DH_GENERATOR_5) | 125 | else if (generator == DH_GENERATOR_5) |
| 119 | { | 126 | { |
| 120 | BN_set_word(t1,10); | 127 | if (!BN_set_word(t1,10)) goto err; |
| 121 | BN_set_word(t2,3); | 128 | if (!BN_set_word(t2,3)) goto err; |
| 122 | /* BN_set_word(t3,7); just have to miss | 129 | /* BN_set_word(t3,7); just have to miss |
| 123 | * out on these ones :-( */ | 130 | * out on these ones :-( */ |
| 124 | g=5; | 131 | g=5; |
| 125 | } | 132 | } |
| 126 | else | 133 | else |
| 134 | { | ||
| 135 | /* in the general case, don't worry if 'generator' is a | ||
| 136 | * generator or not: since we are using safe primes, | ||
| 137 | * it will generate either an order-q or an order-2q group, | ||
| 138 | * which both is OK */ | ||
| 139 | if (!BN_set_word(t1,2)) goto err; | ||
| 140 | if (!BN_set_word(t2,1)) goto err; | ||
| 127 | g=generator; | 141 | g=generator; |
| 142 | } | ||
| 128 | 143 | ||
| 129 | p=BN_generate_prime(prime_len,1,t1,t2,callback,cb_arg); | 144 | p=BN_generate_prime(NULL,prime_len,1,t1,t2,callback,cb_arg); |
| 130 | if (p == NULL) goto err; | 145 | if (p == NULL) goto err; |
| 131 | if (callback != NULL) callback(3,0,cb_arg); | 146 | if (callback != NULL) callback(3,0,cb_arg); |
| 132 | ret->p=p; | 147 | ret->p=p; |
| @@ -140,7 +155,11 @@ err: | |||
| 140 | ok=0; | 155 | ok=0; |
| 141 | } | 156 | } |
| 142 | 157 | ||
| 143 | if (ctx != NULL) BN_CTX_free(ctx); | 158 | if (ctx != NULL) |
| 159 | { | ||
| 160 | BN_CTX_end(ctx); | ||
| 161 | BN_CTX_free(ctx); | ||
| 162 | } | ||
| 144 | if (!ok && (ret != NULL)) | 163 | if (!ok && (ret != NULL)) |
| 145 | { | 164 | { |
| 146 | DH_free(ret); | 165 | DH_free(ret); |
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 7576772bcd..1a0efca2c4 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -58,32 +58,63 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rand.h" | 62 | #include <openssl/rand.h> |
| 63 | #include "dh.h" | 63 | #include <openssl/dh.h> |
| 64 | #include <openssl/engine.h> | ||
| 64 | 65 | ||
| 65 | int DH_generate_key(dh) | 66 | static int generate_key(DH *dh); |
| 66 | DH *dh; | 67 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); |
| 68 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | ||
| 69 | const BIGNUM *a, const BIGNUM *p, | ||
| 70 | const BIGNUM *m, BN_CTX *ctx, | ||
| 71 | BN_MONT_CTX *m_ctx); | ||
| 72 | static int dh_init(DH *dh); | ||
| 73 | static int dh_finish(DH *dh); | ||
| 74 | |||
| 75 | int DH_generate_key(DH *dh) | ||
| 76 | { | ||
| 77 | return dh->meth->generate_key(dh); | ||
| 78 | } | ||
| 79 | |||
| 80 | int DH_compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | ||
| 81 | { | ||
| 82 | return dh->meth->compute_key(key, pub_key, dh); | ||
| 83 | } | ||
| 84 | |||
| 85 | static DH_METHOD dh_ossl = { | ||
| 86 | "OpenSSL DH Method", | ||
| 87 | generate_key, | ||
| 88 | compute_key, | ||
| 89 | dh_bn_mod_exp, | ||
| 90 | dh_init, | ||
| 91 | dh_finish, | ||
| 92 | 0, | ||
| 93 | NULL | ||
| 94 | }; | ||
| 95 | |||
| 96 | const DH_METHOD *DH_OpenSSL(void) | ||
| 97 | { | ||
| 98 | return &dh_ossl; | ||
| 99 | } | ||
| 100 | |||
| 101 | static int generate_key(DH *dh) | ||
| 67 | { | 102 | { |
| 68 | int ok=0; | 103 | int ok=0; |
| 69 | unsigned int i; | 104 | int generate_new_key=0; |
| 70 | BN_CTX *ctx=NULL; | 105 | unsigned l; |
| 106 | BN_CTX *ctx; | ||
| 107 | BN_MONT_CTX *mont; | ||
| 71 | BIGNUM *pub_key=NULL,*priv_key=NULL; | 108 | BIGNUM *pub_key=NULL,*priv_key=NULL; |
| 72 | 109 | ||
| 73 | ctx=BN_CTX_new(); | 110 | ctx = BN_CTX_new(); |
| 74 | if (ctx == NULL) goto err; | 111 | if (ctx == NULL) goto err; |
| 75 | 112 | ||
| 76 | if (dh->priv_key == NULL) | 113 | if (dh->priv_key == NULL) |
| 77 | { | 114 | { |
| 78 | i=dh->length; | ||
| 79 | if (i == 0) | ||
| 80 | { | ||
| 81 | /* Make the number p-1 bits long */ | ||
| 82 | i=BN_num_bits(dh->p)-1; | ||
| 83 | } | ||
| 84 | priv_key=BN_new(); | 115 | priv_key=BN_new(); |
| 85 | if (priv_key == NULL) goto err; | 116 | if (priv_key == NULL) goto err; |
| 86 | if (!BN_rand(priv_key,i,0,0)) goto err; | 117 | generate_new_key=1; |
| 87 | } | 118 | } |
| 88 | else | 119 | else |
| 89 | priv_key=dh->priv_key; | 120 | priv_key=dh->priv_key; |
| @@ -96,7 +127,21 @@ DH *dh; | |||
| 96 | else | 127 | else |
| 97 | pub_key=dh->pub_key; | 128 | pub_key=dh->pub_key; |
| 98 | 129 | ||
| 99 | if (!BN_mod_exp(pub_key,dh->g,priv_key,dh->p,ctx)) goto err; | 130 | if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) |
| 131 | { | ||
| 132 | if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) | ||
| 133 | if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, | ||
| 134 | dh->p,ctx)) goto err; | ||
| 135 | } | ||
| 136 | mont=(BN_MONT_CTX *)dh->method_mont_p; | ||
| 137 | |||
| 138 | if (generate_new_key) | ||
| 139 | { | ||
| 140 | l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ | ||
| 141 | if (!BN_rand(priv_key, l, 0, 0)) goto err; | ||
| 142 | } | ||
| 143 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) | ||
| 144 | goto err; | ||
| 100 | 145 | ||
| 101 | dh->pub_key=pub_key; | 146 | dh->pub_key=pub_key; |
| 102 | dh->priv_key=priv_key; | 147 | dh->priv_key=priv_key; |
| @@ -107,29 +152,36 @@ err: | |||
| 107 | 152 | ||
| 108 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); | 153 | if ((pub_key != NULL) && (dh->pub_key == NULL)) BN_free(pub_key); |
| 109 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); | 154 | if ((priv_key != NULL) && (dh->priv_key == NULL)) BN_free(priv_key); |
| 110 | if (ctx != NULL) BN_CTX_free(ctx); | 155 | BN_CTX_free(ctx); |
| 111 | return(ok); | 156 | return(ok); |
| 112 | } | 157 | } |
| 113 | 158 | ||
| 114 | int DH_compute_key(key,pub_key,dh) | 159 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) |
| 115 | unsigned char *key; | ||
| 116 | BIGNUM *pub_key; | ||
| 117 | DH *dh; | ||
| 118 | { | 160 | { |
| 119 | BN_CTX *ctx; | 161 | BN_CTX *ctx; |
| 162 | BN_MONT_CTX *mont; | ||
| 120 | BIGNUM *tmp; | 163 | BIGNUM *tmp; |
| 121 | int ret= -1; | 164 | int ret= -1; |
| 122 | 165 | ||
| 123 | ctx=BN_CTX_new(); | 166 | ctx = BN_CTX_new(); |
| 124 | if (ctx == NULL) goto err; | 167 | if (ctx == NULL) goto err; |
| 125 | tmp=ctx->bn[ctx->tos++]; | 168 | BN_CTX_start(ctx); |
| 169 | tmp = BN_CTX_get(ctx); | ||
| 126 | 170 | ||
| 127 | if (dh->priv_key == NULL) | 171 | if (dh->priv_key == NULL) |
| 128 | { | 172 | { |
| 129 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); | 173 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); |
| 130 | goto err; | 174 | goto err; |
| 131 | } | 175 | } |
| 132 | if (!BN_mod_exp(tmp,pub_key,dh->priv_key,dh->p,ctx)) | 176 | if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) |
| 177 | { | ||
| 178 | if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) | ||
| 179 | if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, | ||
| 180 | dh->p,ctx)) goto err; | ||
| 181 | } | ||
| 182 | |||
| 183 | mont=(BN_MONT_CTX *)dh->method_mont_p; | ||
| 184 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) | ||
| 133 | { | 185 | { |
| 134 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); | 186 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); |
| 135 | goto err; | 187 | goto err; |
| @@ -137,6 +189,35 @@ DH *dh; | |||
| 137 | 189 | ||
| 138 | ret=BN_bn2bin(tmp,key); | 190 | ret=BN_bn2bin(tmp,key); |
| 139 | err: | 191 | err: |
| 140 | if (ctx != NULL) BN_CTX_free(ctx); | 192 | BN_CTX_end(ctx); |
| 193 | BN_CTX_free(ctx); | ||
| 141 | return(ret); | 194 | return(ret); |
| 142 | } | 195 | } |
| 196 | |||
| 197 | static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | ||
| 198 | const BIGNUM *a, const BIGNUM *p, | ||
| 199 | const BIGNUM *m, BN_CTX *ctx, | ||
| 200 | BN_MONT_CTX *m_ctx) | ||
| 201 | { | ||
| 202 | if (a->top == 1) | ||
| 203 | { | ||
| 204 | BN_ULONG A = a->d[0]; | ||
| 205 | return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); | ||
| 206 | } | ||
| 207 | else | ||
| 208 | return BN_mod_exp_mont(r,a,p,m,ctx,m_ctx); | ||
| 209 | } | ||
| 210 | |||
| 211 | |||
| 212 | static int dh_init(DH *dh) | ||
| 213 | { | ||
| 214 | dh->flags |= DH_FLAG_CACHE_MONT_P; | ||
| 215 | return(1); | ||
| 216 | } | ||
| 217 | |||
| 218 | static int dh_finish(DH *dh) | ||
| 219 | { | ||
| 220 | if(dh->method_mont_p) | ||
| 221 | BN_MONT_CTX_free((BN_MONT_CTX *)dh->method_mont_p); | ||
| 222 | return(1); | ||
| 223 | } | ||
diff --git a/src/lib/libcrypto/dh/dh_lib.c b/src/lib/libcrypto/dh/dh_lib.c index a300b38396..ba5fd41057 100644 --- a/src/lib/libcrypto/dh/dh_lib.c +++ b/src/lib/libcrypto/dh/dh_lib.c | |||
| @@ -58,21 +58,84 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "dh.h" | 62 | #include <openssl/dh.h> |
| 63 | #include <openssl/engine.h> | ||
| 63 | 64 | ||
| 64 | char *DH_version="Diffie-Hellman part of SSLeay 0.9.0b 29-Jun-1998"; | 65 | const char *DH_version="Diffie-Hellman" OPENSSL_VERSION_PTEXT; |
| 65 | 66 | ||
| 66 | DH *DH_new() | 67 | static const DH_METHOD *default_DH_method = NULL; |
| 68 | |||
| 69 | void DH_set_default_method(const DH_METHOD *meth) | ||
| 70 | { | ||
| 71 | default_DH_method = meth; | ||
| 72 | } | ||
| 73 | |||
| 74 | const DH_METHOD *DH_get_default_method(void) | ||
| 75 | { | ||
| 76 | if(!default_DH_method) | ||
| 77 | default_DH_method = DH_OpenSSL(); | ||
| 78 | return default_DH_method; | ||
| 79 | } | ||
| 80 | |||
| 81 | int DH_set_method(DH *dh, const DH_METHOD *meth) | ||
| 82 | { | ||
| 83 | /* NB: The caller is specifically setting a method, so it's not up to us | ||
| 84 | * to deal with which ENGINE it comes from. */ | ||
| 85 | const DH_METHOD *mtmp; | ||
| 86 | mtmp = dh->meth; | ||
| 87 | if (mtmp->finish) mtmp->finish(dh); | ||
| 88 | if (dh->engine) | ||
| 89 | { | ||
| 90 | ENGINE_finish(dh->engine); | ||
| 91 | dh->engine = NULL; | ||
| 92 | } | ||
| 93 | dh->meth = meth; | ||
| 94 | if (meth->init) meth->init(dh); | ||
| 95 | return 1; | ||
| 96 | } | ||
| 97 | |||
| 98 | DH *DH_new(void) | ||
| 99 | { | ||
| 100 | return DH_new_method(NULL); | ||
| 101 | } | ||
| 102 | |||
| 103 | DH *DH_new_method(ENGINE *engine) | ||
| 67 | { | 104 | { |
| 68 | DH *ret; | 105 | DH *ret; |
| 69 | 106 | ||
| 70 | ret=(DH *)Malloc(sizeof(DH)); | 107 | ret=(DH *)OPENSSL_malloc(sizeof(DH)); |
| 71 | if (ret == NULL) | 108 | if (ret == NULL) |
| 72 | { | 109 | { |
| 73 | DHerr(DH_F_DH_NEW,ERR_R_MALLOC_FAILURE); | 110 | DHerr(DH_F_DH_NEW_METHOD,ERR_R_MALLOC_FAILURE); |
| 74 | return(NULL); | 111 | return(NULL); |
| 75 | } | 112 | } |
| 113 | |||
| 114 | ret->meth = DH_get_default_method(); | ||
| 115 | if (engine) | ||
| 116 | { | ||
| 117 | if (!ENGINE_init(engine)) | ||
| 118 | { | ||
| 119 | DHerr(DH_F_DH_NEW_METHOD, ERR_R_ENGINE_LIB); | ||
| 120 | OPENSSL_free(ret); | ||
| 121 | return NULL; | ||
| 122 | } | ||
| 123 | ret->engine = engine; | ||
| 124 | } | ||
| 125 | else | ||
| 126 | ret->engine = ENGINE_get_default_DH(); | ||
| 127 | if(ret->engine) | ||
| 128 | { | ||
| 129 | ret->meth = ENGINE_get_DH(ret->engine); | ||
| 130 | if(!ret->meth) | ||
| 131 | { | ||
| 132 | DHerr(DH_F_DH_NEW_METHOD,ERR_R_ENGINE_LIB); | ||
| 133 | ENGINE_finish(ret->engine); | ||
| 134 | OPENSSL_free(ret); | ||
| 135 | return NULL; | ||
| 136 | } | ||
| 137 | } | ||
| 138 | |||
| 76 | ret->pad=0; | 139 | ret->pad=0; |
| 77 | ret->version=0; | 140 | ret->version=0; |
| 78 | ret->p=NULL; | 141 | ret->p=NULL; |
| @@ -80,21 +143,95 @@ DH *DH_new() | |||
| 80 | ret->length=0; | 143 | ret->length=0; |
| 81 | ret->pub_key=NULL; | 144 | ret->pub_key=NULL; |
| 82 | ret->priv_key=NULL; | 145 | ret->priv_key=NULL; |
| 146 | ret->q=NULL; | ||
| 147 | ret->j=NULL; | ||
| 148 | ret->seed = NULL; | ||
| 149 | ret->seedlen = 0; | ||
| 150 | ret->counter = NULL; | ||
| 151 | ret->method_mont_p=NULL; | ||
| 152 | ret->references = 1; | ||
| 153 | ret->flags=ret->meth->flags; | ||
| 154 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); | ||
| 155 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) | ||
| 156 | { | ||
| 157 | if (ret->engine) | ||
| 158 | ENGINE_finish(ret->engine); | ||
| 159 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, ret, &ret->ex_data); | ||
| 160 | OPENSSL_free(ret); | ||
| 161 | ret=NULL; | ||
| 162 | } | ||
| 83 | return(ret); | 163 | return(ret); |
| 84 | } | 164 | } |
| 85 | 165 | ||
| 86 | void DH_free(r) | 166 | void DH_free(DH *r) |
| 87 | DH *r; | ||
| 88 | { | 167 | { |
| 168 | int i; | ||
| 169 | if(r == NULL) return; | ||
| 170 | i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_DH); | ||
| 171 | #ifdef REF_PRINT | ||
| 172 | REF_PRINT("DH",r); | ||
| 173 | #endif | ||
| 174 | if (i > 0) return; | ||
| 175 | #ifdef REF_CHECK | ||
| 176 | if (i < 0) | ||
| 177 | { | ||
| 178 | fprintf(stderr,"DH_free, bad reference count\n"); | ||
| 179 | abort(); | ||
| 180 | } | ||
| 181 | #endif | ||
| 182 | |||
| 183 | if (r->meth->finish) | ||
| 184 | r->meth->finish(r); | ||
| 185 | if (r->engine) | ||
| 186 | ENGINE_finish(r->engine); | ||
| 187 | |||
| 188 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DH, r, &r->ex_data); | ||
| 189 | |||
| 89 | if (r->p != NULL) BN_clear_free(r->p); | 190 | if (r->p != NULL) BN_clear_free(r->p); |
| 90 | if (r->g != NULL) BN_clear_free(r->g); | 191 | if (r->g != NULL) BN_clear_free(r->g); |
| 192 | if (r->q != NULL) BN_clear_free(r->q); | ||
| 193 | if (r->j != NULL) BN_clear_free(r->j); | ||
| 194 | if (r->seed) OPENSSL_free(r->seed); | ||
| 195 | if (r->counter != NULL) BN_clear_free(r->counter); | ||
| 91 | if (r->pub_key != NULL) BN_clear_free(r->pub_key); | 196 | if (r->pub_key != NULL) BN_clear_free(r->pub_key); |
| 92 | if (r->priv_key != NULL) BN_clear_free(r->priv_key); | 197 | if (r->priv_key != NULL) BN_clear_free(r->priv_key); |
| 93 | Free(r); | 198 | OPENSSL_free(r); |
| 199 | } | ||
| 200 | |||
| 201 | int DH_up_ref(DH *r) | ||
| 202 | { | ||
| 203 | int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DH); | ||
| 204 | #ifdef REF_PRINT | ||
| 205 | REF_PRINT("DH",r); | ||
| 206 | #endif | ||
| 207 | #ifdef REF_CHECK | ||
| 208 | if (i < 2) | ||
| 209 | { | ||
| 210 | fprintf(stderr, "DH_up, bad reference count\n"); | ||
| 211 | abort(); | ||
| 212 | } | ||
| 213 | #endif | ||
| 214 | return ((i > 1) ? 1 : 0); | ||
| 215 | } | ||
| 216 | |||
| 217 | int DH_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 218 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 219 | { | ||
| 220 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DH, argl, argp, | ||
| 221 | new_func, dup_func, free_func); | ||
| 222 | } | ||
| 223 | |||
| 224 | int DH_set_ex_data(DH *d, int idx, void *arg) | ||
| 225 | { | ||
| 226 | return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); | ||
| 227 | } | ||
| 228 | |||
| 229 | void *DH_get_ex_data(DH *d, int idx) | ||
| 230 | { | ||
| 231 | return(CRYPTO_get_ex_data(&d->ex_data,idx)); | ||
| 94 | } | 232 | } |
| 95 | 233 | ||
| 96 | int DH_size(dh) | 234 | int DH_size(const DH *dh) |
| 97 | DH *dh; | ||
| 98 | { | 235 | { |
| 99 | return(BN_num_bytes(dh->p)); | 236 | return(BN_num_bytes(dh->p)); |
| 100 | } | 237 | } |
diff --git a/src/lib/libcrypto/doc/DH_set_method.pod b/src/lib/libcrypto/doc/DH_set_method.pod index dca41d8dbc..d990bf8786 100644 --- a/src/lib/libcrypto/doc/DH_set_method.pod +++ b/src/lib/libcrypto/doc/DH_set_method.pod | |||
| @@ -2,20 +2,21 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | DH_set_default_method, DH_get_default_method, DH_set_method, | 5 | DH_set_default_openssl_method, DH_get_default_openssl_method, |
| 6 | DH_new_method, DH_OpenSSL - select DH method | 6 | DH_set_method, DH_new_method, DH_OpenSSL - select DH method |
| 7 | 7 | ||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS |
| 9 | 9 | ||
| 10 | #include <openssl/dh.h> | 10 | #include <openssl/dh.h> |
| 11 | #include <openssl/engine.h> | ||
| 11 | 12 | ||
| 12 | void DH_set_default_method(DH_METHOD *meth); | 13 | void DH_set_default_openssl_method(DH_METHOD *meth); |
| 13 | 14 | ||
| 14 | DH_METHOD *DH_get_default_method(void); | 15 | DH_METHOD *DH_get_default_openssl_method(void); |
| 15 | 16 | ||
| 16 | DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); | 17 | int DH_set_method(DH *dh, ENGINE *engine); |
| 17 | 18 | ||
| 18 | DH *DH_new_method(DH_METHOD *meth); | 19 | DH *DH_new_method(ENGINE *engine); |
| 19 | 20 | ||
| 20 | DH_METHOD *DH_OpenSSL(void); | 21 | DH_METHOD *DH_OpenSSL(void); |
| 21 | 22 | ||
| @@ -28,20 +29,26 @@ such as hardware accelerators may be used. | |||
| 28 | Initially, the default is to use the OpenSSL internal implementation. | 29 | Initially, the default is to use the OpenSSL internal implementation. |
| 29 | DH_OpenSSL() returns a pointer to that method. | 30 | DH_OpenSSL() returns a pointer to that method. |
| 30 | 31 | ||
| 31 | DH_set_default_method() makes B<meth> the default method for all B<DH> | 32 | DH_set_default_openssl_method() makes B<meth> the default method for all DH |
| 32 | structures created later. | 33 | structures created later. B<NB:> This is true only whilst the default engine |
| 34 | for Diffie-Hellman operations remains as "openssl". ENGINEs provide an | ||
| 35 | encapsulation for implementations of one or more algorithms, and all the DH | ||
| 36 | functions mentioned here operate within the scope of the default | ||
| 37 | "openssl" engine. | ||
| 33 | 38 | ||
| 34 | DH_get_default_method() returns a pointer to the current default | 39 | DH_get_default_openssl_method() returns a pointer to the current default |
| 35 | method. | 40 | method for the "openssl" engine. |
| 36 | 41 | ||
| 37 | DH_set_method() selects B<meth> for all operations using the structure B<dh>. | 42 | DH_set_method() selects B<engine> as the engine that will be responsible for |
| 43 | all operations using the structure B<dh>. If this function completes successfully, | ||
| 44 | then the B<dh> structure will have its own functional reference of B<engine>, so | ||
| 45 | the caller should remember to free their own reference to B<engine> when they are | ||
| 46 | finished with it. NB: An ENGINE's DH_METHOD can be retrieved (or set) by | ||
| 47 | ENGINE_get_DH() or ENGINE_set_DH(). | ||
| 38 | 48 | ||
| 39 | DH_get_method() returns a pointer to the method currently selected | 49 | DH_new_method() allocates and initializes a DH structure so that |
| 40 | for B<dh>. | 50 | B<engine> will be used for the DH operations. If B<engine> is NULL, |
| 41 | 51 | the default engine for Diffie-Hellman opertaions is used. | |
| 42 | DH_new_method() allocates and initializes a B<DH> structure so that | ||
| 43 | B<method> will be used for the DH operations. If B<method> is B<NULL>, | ||
| 44 | the default method is used. | ||
| 45 | 52 | ||
| 46 | =head1 THE DH_METHOD STRUCTURE | 53 | =head1 THE DH_METHOD STRUCTURE |
| 47 | 54 | ||
| @@ -56,7 +63,7 @@ the default method is used. | |||
| 56 | /* compute shared secret */ | 63 | /* compute shared secret */ |
| 57 | int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); | 64 | int (*compute_key)(unsigned char *key, BIGNUM *pub_key, DH *dh); |
| 58 | 65 | ||
| 59 | /* compute r = a ^ p mod m. May be NULL */ | 66 | /* compute r = a ^ p mod m (May be NULL for some implementations) */ |
| 60 | int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 67 | int (*bn_mod_exp)(DH *dh, BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
| 61 | const BIGNUM *m, BN_CTX *ctx, | 68 | const BIGNUM *m, BN_CTX *ctx, |
| 62 | BN_MONT_CTX *m_ctx); | 69 | BN_MONT_CTX *m_ctx); |
| @@ -75,17 +82,17 @@ the default method is used. | |||
| 75 | 82 | ||
| 76 | =head1 RETURN VALUES | 83 | =head1 RETURN VALUES |
| 77 | 84 | ||
| 78 | DH_OpenSSL(), DH_get_default_method() and DH_get_method() return | 85 | DH_OpenSSL() and DH_get_default_openssl_method() return pointers to the |
| 79 | pointers to the respective B<DH_METHOD>s. | 86 | respective B<DH_METHOD>s. |
| 80 | 87 | ||
| 81 | DH_set_default_method() returns no value. | 88 | DH_set_default_openssl_method() returns no value. |
| 82 | 89 | ||
| 83 | DH_set_method() returns a pointer to the B<DH_METHOD> previously | 90 | DH_set_method() returns non-zero if the ENGINE associated with B<dh> |
| 84 | associated with B<dh>. | 91 | was successfully changed to B<engine>. |
| 85 | 92 | ||
| 86 | DH_new_method() returns B<NULL> and sets an error code that can be | 93 | DH_new_method() returns NULL and sets an error code that can be |
| 87 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it | 94 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. |
| 88 | returns a pointer to the newly allocated structure. | 95 | Otherwise it returns a pointer to the newly allocated structure. |
| 89 | 96 | ||
| 90 | =head1 SEE ALSO | 97 | =head1 SEE ALSO |
| 91 | 98 | ||
| @@ -96,4 +103,9 @@ L<dh(3)|dh(3)>, L<DH_new(3)|DH_new(3)> | |||
| 96 | DH_set_default_method(), DH_get_default_method(), DH_set_method(), | 103 | DH_set_default_method(), DH_get_default_method(), DH_set_method(), |
| 97 | DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. | 104 | DH_new_method() and DH_OpenSSL() were added in OpenSSL 0.9.4. |
| 98 | 105 | ||
| 106 | DH_set_default_openssl_method() and DH_get_default_openssl_method() | ||
| 107 | replaced DH_set_default_method() and DH_get_default_method() respectively, | ||
| 108 | and DH_set_method() and DH_new_method() were altered to use B<ENGINE>s | ||
| 109 | rather than B<DH_METHOD>s during development of OpenSSL 0.9.6. | ||
| 110 | |||
| 99 | =cut | 111 | =cut |
diff --git a/src/lib/libcrypto/doc/DSA_set_method.pod b/src/lib/libcrypto/doc/DSA_set_method.pod index 0b13ec9237..36a1052d27 100644 --- a/src/lib/libcrypto/doc/DSA_set_method.pod +++ b/src/lib/libcrypto/doc/DSA_set_method.pod | |||
| @@ -2,20 +2,21 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | DSA_set_default_method, DSA_get_default_method, DSA_set_method, | 5 | DSA_set_default_openssl_method, DSA_get_default_openssl_method, |
| 6 | DSA_new_method, DSA_OpenSSL - select RSA method | 6 | DSA_set_method, DSA_new_method, DSA_OpenSSL - select DSA method |
| 7 | 7 | ||
| 8 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS |
| 9 | 9 | ||
| 10 | #include <openssl/DSA.h> | 10 | #include <openssl/dsa.h> |
| 11 | #include <openssl/engine.h> | ||
| 11 | 12 | ||
| 12 | void DSA_set_default_method(DSA_METHOD *meth); | 13 | void DSA_set_default_openssl_method(DSA_METHOD *meth); |
| 13 | 14 | ||
| 14 | DSA_METHOD *DSA_get_default_method(void); | 15 | DSA_METHOD *DSA_get_default_openssl_method(void); |
| 15 | 16 | ||
| 16 | DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); | 17 | int DSA_set_method(DSA *dsa, ENGINE *engine); |
| 17 | 18 | ||
| 18 | DSA *DSA_new_method(DSA_METHOD *meth); | 19 | DSA *DSA_new_method(ENGINE *engine); |
| 19 | 20 | ||
| 20 | DSA_METHOD *DSA_OpenSSL(void); | 21 | DSA_METHOD *DSA_OpenSSL(void); |
| 21 | 22 | ||
| @@ -28,20 +29,21 @@ such as hardware accelerators may be used. | |||
| 28 | Initially, the default is to use the OpenSSL internal implementation. | 29 | Initially, the default is to use the OpenSSL internal implementation. |
| 29 | DSA_OpenSSL() returns a pointer to that method. | 30 | DSA_OpenSSL() returns a pointer to that method. |
| 30 | 31 | ||
| 31 | DSA_set_default_method() makes B<meth> the default method for all B<DSA> | 32 | DSA_set_default_openssl_method() makes B<meth> the default method for |
| 32 | structures created later. | 33 | all DSA structures created later. B<NB:> This is true only whilst the |
| 34 | default engine for DSA operations remains as "openssl". ENGINEs | ||
| 35 | provide an encapsulation for implementations of one or more algorithms at a | ||
| 36 | time, and all the DSA functions mentioned here operate within the scope | ||
| 37 | of the default "openssl" engine. | ||
| 33 | 38 | ||
| 34 | DSA_get_default_method() returns a pointer to the current default | 39 | DSA_get_default_openssl_method() returns a pointer to the current default |
| 35 | method. | 40 | method for the "openssl" engine. |
| 36 | 41 | ||
| 37 | DSA_set_method() selects B<meth> for all operations using the structure B<DSA>. | 42 | DSA_set_method() selects B<engine> for all operations using the structure B<dsa>. |
| 38 | 43 | ||
| 39 | DSA_get_method() returns a pointer to the method currently selected | 44 | DSA_new_method() allocates and initializes a DSA structure so that |
| 40 | for B<DSA>. | 45 | B<engine> will be used for the DSA operations. If B<engine> is NULL, |
| 41 | 46 | the default engine for DSA operations is used. | |
| 42 | DSA_new_method() allocates and initializes a B<DSA> structure so that | ||
| 43 | B<method> will be used for the DSA operations. If B<method> is B<NULL>, | ||
| 44 | the default method is used. | ||
| 45 | 47 | ||
| 46 | =head1 THE DSA_METHOD STRUCTURE | 48 | =head1 THE DSA_METHOD STRUCTURE |
| 47 | 49 | ||
| @@ -62,12 +64,13 @@ struct | |||
| 62 | int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, | 64 | int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, |
| 63 | DSA_SIG *sig, DSA *dsa); | 65 | DSA_SIG *sig, DSA *dsa); |
| 64 | 66 | ||
| 65 | /* compute rr = a1^p1 * a2^p2 mod m. May be NULL */ | 67 | /* compute rr = a1^p1 * a2^p2 mod m (May be NULL for some |
| 68 | implementations) */ | ||
| 66 | int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, | 69 | int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, |
| 67 | BIGNUM *a2, BIGNUM *p2, BIGNUM *m, | 70 | BIGNUM *a2, BIGNUM *p2, BIGNUM *m, |
| 68 | BN_CTX *ctx, BN_MONT_CTX *in_mont); | 71 | BN_CTX *ctx, BN_MONT_CTX *in_mont); |
| 69 | 72 | ||
| 70 | /* compute r = a ^ p mod m. May be NULL */ | 73 | /* compute r = a ^ p mod m (May be NULL for some implementations) */ |
| 71 | int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, | 74 | int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, |
| 72 | const BIGNUM *p, const BIGNUM *m, | 75 | const BIGNUM *p, const BIGNUM *m, |
| 73 | BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 76 | BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| @@ -86,18 +89,17 @@ struct | |||
| 86 | 89 | ||
| 87 | =head1 RETURN VALUES | 90 | =head1 RETURN VALUES |
| 88 | 91 | ||
| 89 | DSA_OpenSSL(), DSA_get_default_method() and DSA_get_method() return | 92 | DSA_OpenSSL() and DSA_get_default_openssl_method() return pointers to the |
| 90 | pointers to the respective B<DSA_METHOD>s. | 93 | respective B<DSA_METHOD>s. |
| 91 | 94 | ||
| 92 | DSA_set_default_method() returns no value. | 95 | DSA_set_default_openssl_method() returns no value. |
| 93 | 96 | ||
| 94 | DSA_set_method() returns a pointer to the B<DSA_METHOD> previously | 97 | DSA_set_method() returns non-zero if the ENGINE associated with B<dsa> |
| 95 | associated with B<dsa>. | 98 | was successfully changed to B<engine>. |
| 96 | 99 | ||
| 97 | DSA_new_method() returns B<NULL> and sets an error code that can be | 100 | DSA_new_method() returns NULL and sets an error code that can be |
| 98 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation | 101 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation |
| 99 | fails. Otherwise it returns a pointer to the newly allocated | 102 | fails. Otherwise it returns a pointer to the newly allocated structure. |
| 100 | structure. | ||
| 101 | 103 | ||
| 102 | =head1 SEE ALSO | 104 | =head1 SEE ALSO |
| 103 | 105 | ||
| @@ -108,4 +110,9 @@ L<dsa(3)|dsa(3)>, L<DSA_new(3)|DSA_new(3)> | |||
| 108 | DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), | 110 | DSA_set_default_method(), DSA_get_default_method(), DSA_set_method(), |
| 109 | DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. | 111 | DSA_new_method() and DSA_OpenSSL() were added in OpenSSL 0.9.4. |
| 110 | 112 | ||
| 113 | DSA_set_default_openssl_method() and DSA_get_default_openssl_method() | ||
| 114 | replaced DSA_set_default_method() and DSA_get_default_method() respectively, | ||
| 115 | and DSA_set_method() and DSA_new_method() were altered to use B<ENGINE>s | ||
| 116 | rather than B<DSA_METHOD>s during development of OpenSSL 0.9.6. | ||
| 117 | |||
| 111 | =cut | 118 | =cut |
diff --git a/src/lib/libcrypto/doc/ERR_error_string.pod b/src/lib/libcrypto/doc/ERR_error_string.pod index 0d2417599c..e01beb817a 100644 --- a/src/lib/libcrypto/doc/ERR_error_string.pod +++ b/src/lib/libcrypto/doc/ERR_error_string.pod | |||
| @@ -2,13 +2,16 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | ERR_error_string - obtain human-readable error message | 5 | ERR_error_string, ERR_error_string_n, ERR_lib_error_string, |
| 6 | ERR_func_error_string, ERR_reason_error_string - obtain human-readable | ||
| 7 | error message | ||
| 6 | 8 | ||
| 7 | =head1 SYNOPSIS | 9 | =head1 SYNOPSIS |
| 8 | 10 | ||
| 9 | #include <openssl/err.h> | 11 | #include <openssl/err.h> |
| 10 | 12 | ||
| 11 | char *ERR_error_string(unsigned long e, char *buf); | 13 | char *ERR_error_string(unsigned long e, char *buf); |
| 14 | char *ERR_error_string_n(unsigned long e, char *buf, size_t len); | ||
| 12 | 15 | ||
| 13 | const char *ERR_lib_error_string(unsigned long e); | 16 | const char *ERR_lib_error_string(unsigned long e); |
| 14 | const char *ERR_func_error_string(unsigned long e); | 17 | const char *ERR_func_error_string(unsigned long e); |
| @@ -17,9 +20,13 @@ ERR_error_string - obtain human-readable error message | |||
| 17 | =head1 DESCRIPTION | 20 | =head1 DESCRIPTION |
| 18 | 21 | ||
| 19 | ERR_error_string() generates a human-readable string representing the | 22 | ERR_error_string() generates a human-readable string representing the |
| 20 | error code B<e>, and places it at B<buf>. B<buf> must be at least 120 | 23 | error code I<e>, and places it at I<buf>. I<buf> must be at least 120 |
| 21 | bytes long. If B<buf> is B<NULL>, the error string is placed in a | 24 | bytes long. If I<buf> is B<NULL>, the error string is placed in a |
| 22 | static buffer. | 25 | static buffer. |
| 26 | ERR_error_string_n() is a variant of ERR_error_string() that writes | ||
| 27 | at most I<len> characters (including the terminating 0) | ||
| 28 | and truncates the string if necessary. | ||
| 29 | For ERR_error_string_n(), I<buf> may not be B<NULL>. | ||
| 23 | 30 | ||
| 24 | The string will have the following format: | 31 | The string will have the following format: |
| 25 | 32 | ||
| @@ -45,7 +52,7 @@ all error codes currently in the queue. | |||
| 45 | =head1 RETURN VALUES | 52 | =head1 RETURN VALUES |
| 46 | 53 | ||
| 47 | ERR_error_string() returns a pointer to a static buffer containing the | 54 | ERR_error_string() returns a pointer to a static buffer containing the |
| 48 | string if B<buf == NULL>, B<buf> otherwise. | 55 | string if I<buf> B<== NULL>, I<buf> otherwise. |
| 49 | 56 | ||
| 50 | ERR_lib_error_string(), ERR_func_error_string() and | 57 | ERR_lib_error_string(), ERR_func_error_string() and |
| 51 | ERR_reason_error_string() return the strings, and B<NULL> if | 58 | ERR_reason_error_string() return the strings, and B<NULL> if |
| @@ -61,5 +68,6 @@ L<ERR_print_errors(3)|ERR_print_errors(3)> | |||
| 61 | =head1 HISTORY | 68 | =head1 HISTORY |
| 62 | 69 | ||
| 63 | ERR_error_string() is available in all versions of SSLeay and OpenSSL. | 70 | ERR_error_string() is available in all versions of SSLeay and OpenSSL. |
| 71 | ERR_error_string_n() was added in OpenSSL 0.9.6. | ||
| 64 | 72 | ||
| 65 | =cut | 73 | =cut |
diff --git a/src/lib/libcrypto/doc/ERR_get_error.pod b/src/lib/libcrypto/doc/ERR_get_error.pod index 75ece00d97..9fdedbcb91 100644 --- a/src/lib/libcrypto/doc/ERR_get_error.pod +++ b/src/lib/libcrypto/doc/ERR_get_error.pod | |||
| @@ -2,7 +2,10 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | ERR_get_error, ERR_peek_error - obtain error code | 5 | ERR_get_error, ERR_peek_error, ERR_peek_last_error, |
| 6 | ERR_get_error_line, ERR_peek_error_line, ERR_peek_last_error_line, | ||
| 7 | ERR_get_error_line_data, ERR_peek_error_line_data, | ||
| 8 | ERR_peek_error_line_data - obtain error code and data | ||
| 6 | 9 | ||
| 7 | =head1 SYNOPSIS | 10 | =head1 SYNOPSIS |
| 8 | 11 | ||
| @@ -10,22 +13,29 @@ ERR_get_error, ERR_peek_error - obtain error code | |||
| 10 | 13 | ||
| 11 | unsigned long ERR_get_error(void); | 14 | unsigned long ERR_get_error(void); |
| 12 | unsigned long ERR_peek_error(void); | 15 | unsigned long ERR_peek_error(void); |
| 16 | unsigned long ERR_peek_last_error(void); | ||
| 13 | 17 | ||
| 14 | unsigned long ERR_get_error_line(const char **file, int *line); | 18 | unsigned long ERR_get_error_line(const char **file, int *line); |
| 15 | unsigned long ERR_peek_error_line(const char **file, int *line); | 19 | unsigned long ERR_peek_error_line(const char **file, int *line); |
| 20 | unsigned long ERR_peek_last_error_line(const char **file, int *line); | ||
| 16 | 21 | ||
| 17 | unsigned long ERR_get_error_line_data(const char **file, int *line, | 22 | unsigned long ERR_get_error_line_data(const char **file, int *line, |
| 18 | const char **data, int *flags); | 23 | const char **data, int *flags); |
| 19 | unsigned long ERR_peek_error_line_data(const char **file, int *line, | 24 | unsigned long ERR_peek_error_line_data(const char **file, int *line, |
| 20 | const char **data, int *flags); | 25 | const char **data, int *flags); |
| 26 | unsigned long ERR_peek_last_error_line_data(const char **file, int *line, | ||
| 27 | const char **data, int *flags); | ||
| 21 | 28 | ||
| 22 | =head1 DESCRIPTION | 29 | =head1 DESCRIPTION |
| 23 | 30 | ||
| 24 | ERR_get_error() returns the last error code from the thread's error | 31 | ERR_get_error() returns the earliest error code from the thread's error |
| 25 | queue and removes the entry. This function can be called repeatedly | 32 | queue and removes the entry. This function can be called repeatedly |
| 26 | until there are no more error codes to return. | 33 | until there are no more error codes to return. |
| 27 | 34 | ||
| 28 | ERR_peek_error() returns the last error code from the thread's | 35 | ERR_peek_error() returns the earliest error code from the thread's |
| 36 | error queue without modifying it. | ||
| 37 | |||
| 38 | ERR_peek_last_error() returns the latest error code from the thread's | ||
| 29 | error queue without modifying it. | 39 | error queue without modifying it. |
| 30 | 40 | ||
| 31 | See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about | 41 | See L<ERR_GET_LIB(3)|ERR_GET_LIB(3)> for obtaining information about |
| @@ -33,14 +43,16 @@ location and reason of the error, and | |||
| 33 | L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error | 43 | L<ERR_error_string(3)|ERR_error_string(3)> for human-readable error |
| 34 | messages. | 44 | messages. |
| 35 | 45 | ||
| 36 | ERR_get_error_line() and ERR_peek_error_line() are the same as the | 46 | ERR_get_error_line(), ERR_peek_error_line() and |
| 37 | above, but they additionally store the file name and line number where | 47 | ERR_peek_last_error_line() are the same as the above, but they |
| 48 | additionally store the file name and line number where | ||
| 38 | the error occurred in *B<file> and *B<line>, unless these are B<NULL>. | 49 | the error occurred in *B<file> and *B<line>, unless these are B<NULL>. |
| 39 | 50 | ||
| 40 | ERR_get_error_line_data() and ERR_peek_error_line_data() store | 51 | ERR_get_error_line_data(), ERR_peek_error_line_data() and |
| 41 | additional data and flags associated with the error code in *B<data> | 52 | ERR_get_last_error_line_data() store additional data and flags |
| 53 | associated with the error code in *B<data> | ||
| 42 | and *B<flags>, unless these are B<NULL>. *B<data> contains a string | 54 | and *B<flags>, unless these are B<NULL>. *B<data> contains a string |
| 43 | if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by Malloc(), | 55 | if *B<flags>&B<ERR_TXT_STRING>. If it has been allocated by OPENSSL_malloc(), |
| 44 | *B<flags>&B<ERR_TXT_MALLOCED> is true. | 56 | *B<flags>&B<ERR_TXT_MALLOCED> is true. |
| 45 | 57 | ||
| 46 | =head1 RETURN VALUES | 58 | =head1 RETURN VALUES |
| @@ -58,5 +70,7 @@ ERR_get_error(), ERR_peek_error(), ERR_get_error_line() and | |||
| 58 | ERR_peek_error_line() are available in all versions of SSLeay and | 70 | ERR_peek_error_line() are available in all versions of SSLeay and |
| 59 | OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() | 71 | OpenSSL. ERR_get_error_line_data() and ERR_peek_error_line_data() |
| 60 | were added in SSLeay 0.9.0. | 72 | were added in SSLeay 0.9.0. |
| 73 | ERR_peek_last_error(), ERR_peek_last_error_line() and | ||
| 74 | ERR_peek_last_error_line_data() were added in OpenSSL 0.9.7. | ||
| 61 | 75 | ||
| 62 | =cut | 76 | =cut |
diff --git a/src/lib/libcrypto/doc/ERR_remove_state.pod b/src/lib/libcrypto/doc/ERR_remove_state.pod index ebcdc0f5a5..72925fb9f4 100644 --- a/src/lib/libcrypto/doc/ERR_remove_state.pod +++ b/src/lib/libcrypto/doc/ERR_remove_state.pod | |||
| @@ -16,7 +16,7 @@ ERR_remove_state() frees the error queue associated with thread B<pid>. | |||
| 16 | If B<pid> == 0, the current thread will have its error queue removed. | 16 | If B<pid> == 0, the current thread will have its error queue removed. |
| 17 | 17 | ||
| 18 | Since error queue data structures are allocated automatically for new | 18 | Since error queue data structures are allocated automatically for new |
| 19 | threads, they must be freed when threads are terminated in oder to | 19 | threads, they must be freed when threads are terminated in order to |
| 20 | avoid memory leaks. | 20 | avoid memory leaks. |
| 21 | 21 | ||
| 22 | =head1 RETURN VALUE | 22 | =head1 RETURN VALUE |
diff --git a/src/lib/libcrypto/doc/EVP_DigestInit.pod b/src/lib/libcrypto/doc/EVP_DigestInit.pod index 345b1ddfa7..b3a61f1c5d 100644 --- a/src/lib/libcrypto/doc/EVP_DigestInit.pod +++ b/src/lib/libcrypto/doc/EVP_DigestInit.pod | |||
| @@ -2,21 +2,40 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines | 5 | EVP_MD_CTX_init, EVP_MD_CTX_create, EVP_DigestInit_ex, EVP_DigestUpdate, |
| 6 | EVP_DigestFinal_ex, EVP_MD_CTX_cleanup, EVP_MD_CTX_destroy, EVP_MAX_MD_SIZE, | ||
| 7 | EVP_MD_CTX_copy_ex EVP_MD_CTX_copy, EVP_MD_type, EVP_MD_pkey_type, EVP_MD_size, | ||
| 8 | EVP_MD_block_size, EVP_MD_CTX_md, EVP_MD_CTX_size, EVP_MD_CTX_block_size, EVP_MD_CTX_type, | ||
| 9 | EVP_md_null, EVP_md2, EVP_md5, EVP_sha, EVP_sha1, EVP_dss, EVP_dss1, EVP_mdc2, | ||
| 10 | EVP_ripemd160, EVP_get_digestbyname, EVP_get_digestbynid, EVP_get_digestbyobj - | ||
| 11 | EVP digest routines | ||
| 6 | 12 | ||
| 7 | =head1 SYNOPSIS | 13 | =head1 SYNOPSIS |
| 8 | 14 | ||
| 9 | #include <openssl/evp.h> | 15 | #include <openssl/evp.h> |
| 10 | 16 | ||
| 11 | void EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | 17 | void EVP_MD_CTX_init(EVP_MD_CTX *ctx); |
| 12 | void EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | 18 | EVP_MD_CTX *EVP_MD_CTX_create(void); |
| 13 | void EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, | 19 | |
| 20 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | ||
| 21 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | ||
| 22 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, | ||
| 14 | unsigned int *s); | 23 | unsigned int *s); |
| 15 | 24 | ||
| 16 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | 25 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); |
| 26 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); | ||
| 27 | |||
| 28 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); | ||
| 29 | |||
| 30 | int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | ||
| 31 | int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, | ||
| 32 | unsigned int *s); | ||
| 17 | 33 | ||
| 18 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); | 34 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,EVP_MD_CTX *in); |
| 19 | 35 | ||
| 36 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | ||
| 37 | |||
| 38 | |||
| 20 | #define EVP_MD_type(e) ((e)->type) | 39 | #define EVP_MD_type(e) ((e)->type) |
| 21 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) | 40 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) |
| 22 | #define EVP_MD_size(e) ((e)->md_size) | 41 | #define EVP_MD_size(e) ((e)->md_size) |
| @@ -27,15 +46,15 @@ EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines | |||
| 27 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) | 46 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) |
| 28 | #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) | 47 | #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) |
| 29 | 48 | ||
| 30 | EVP_MD *EVP_md_null(void); | 49 | const EVP_MD *EVP_md_null(void); |
| 31 | EVP_MD *EVP_md2(void); | 50 | const EVP_MD *EVP_md2(void); |
| 32 | EVP_MD *EVP_md5(void); | 51 | const EVP_MD *EVP_md5(void); |
| 33 | EVP_MD *EVP_sha(void); | 52 | const EVP_MD *EVP_sha(void); |
| 34 | EVP_MD *EVP_sha1(void); | 53 | const EVP_MD *EVP_sha1(void); |
| 35 | EVP_MD *EVP_dss(void); | 54 | const EVP_MD *EVP_dss(void); |
| 36 | EVP_MD *EVP_dss1(void); | 55 | const EVP_MD *EVP_dss1(void); |
| 37 | EVP_MD *EVP_mdc2(void); | 56 | const EVP_MD *EVP_mdc2(void); |
| 38 | EVP_MD *EVP_ripemd160(void); | 57 | const EVP_MD *EVP_ripemd160(void); |
| 39 | 58 | ||
| 40 | const EVP_MD *EVP_get_digestbyname(const char *name); | 59 | const EVP_MD *EVP_get_digestbyname(const char *name); |
| 41 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) | 60 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) |
| @@ -45,25 +64,48 @@ EVP_DigestInit, EVP_DigestUpdate, EVP_DigestFinal - EVP digest routines | |||
| 45 | 64 | ||
| 46 | The EVP digest routines are a high level interface to message digests. | 65 | The EVP digest routines are a high level interface to message digests. |
| 47 | 66 | ||
| 48 | EVP_DigestInit() initialises a digest context B<ctx> to use a digest | 67 | EVP_MD_CTX_init() initializes digest contet B<ctx>. |
| 49 | B<type>: this will typically be supplied by a function such as | 68 | |
| 50 | EVP_sha1(). | 69 | EVP_MD_CTX_create() allocates, initializes and returns a digest contet. |
| 70 | |||
| 71 | EVP_DigestInit_ex() sets up digest context B<ctx> to use a digest | ||
| 72 | B<type> from ENGINE B<impl>. B<ctx> must be initialized before calling this | ||
| 73 | function. B<type> will typically be supplied by a functionsuch as EVP_sha1(). | ||
| 74 | If B<impl> is NULL then the default implementation of digest B<type> is used. | ||
| 51 | 75 | ||
| 52 | EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the | 76 | EVP_DigestUpdate() hashes B<cnt> bytes of data at B<d> into the |
| 53 | digest context B<ctx>. This funtion can be called several times on the | 77 | digest context B<ctx>. This function can be called several times on the |
| 54 | same B<ctx> to hash additional data. | 78 | same B<ctx> to hash additional data. |
| 55 | 79 | ||
| 56 | EVP_DigestFinal() retrieves the digest value from B<ctx> and places | 80 | EVP_DigestFinal_ex() retrieves the digest value from B<ctx> and places |
| 57 | it in B<md>. If the B<s> parameter is not NULL then the number of | 81 | it in B<md>. If the B<s> parameter is not NULL then the number of |
| 58 | bytes of data written (i.e. the length of the digest) will be written | 82 | bytes of data written (i.e. the length of the digest) will be written |
| 59 | to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. | 83 | to the integer at B<s>, at most B<EVP_MAX_MD_SIZE> bytes will be written. |
| 60 | After calling EVP_DigestFinal() no additional calls to EVP_DigestUpdate() | 84 | After calling EVP_DigestFinal_ex() no additional calls to EVP_DigestUpdate() |
| 61 | can be made, but EVP_DigestInit() can be called to initialiase a new | 85 | can be made, but EVP_DigestInit_ex() can be called to initialize a new |
| 62 | digest operation. | 86 | digest operation. |
| 63 | 87 | ||
| 64 | EVP_MD_CTX_copy() can be used to copy the message digest state from | 88 | EVP_MD_CTX_cleanup() cleans up digest context B<ctx>, it should be called |
| 89 | after a digest context is no longer needed. | ||
| 90 | |||
| 91 | EVP_MD_CTX_destroy() cleans up digest context B<ctx> and frees up the | ||
| 92 | space allocated to it, it should be called only on a context created | ||
| 93 | using EVP_MD_CTX_create(). | ||
| 94 | |||
| 95 | EVP_MD_CTX_copy_ex() can be used to copy the message digest state from | ||
| 65 | B<in> to B<out>. This is useful if large amounts of data are to be | 96 | B<in> to B<out>. This is useful if large amounts of data are to be |
| 66 | hashed which only differ in the last few bytes. | 97 | hashed which only differ in the last few bytes. B<out> must be initialized |
| 98 | before calling this function. | ||
| 99 | |||
| 100 | EVP_DigestInit() behaves in the same way as EVP_DigestInit_ex() except | ||
| 101 | the passed context B<ctx> does not have to be initialized, and it always | ||
| 102 | uses the default digest implementation. | ||
| 103 | |||
| 104 | EVP_DigestFinal() is similar to EVP_DigestFinal_ex() except the digest | ||
| 105 | contet B<ctx> is automatically cleaned up. | ||
| 106 | |||
| 107 | EVP_MD_CTX_copy() is similar to EVP_MD_CTX_copy_ex() except the destination | ||
| 108 | B<out> does not have to be initialized. | ||
| 67 | 109 | ||
| 68 | EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest | 110 | EVP_MD_size() and EVP_MD_CTX_size() return the size of the message digest |
| 69 | when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the | 111 | when passed an B<EVP_MD> or an B<EVP_MD_CTX> structure, i.e. the size of the |
| @@ -97,14 +139,15 @@ returns is of zero length. | |||
| 97 | 139 | ||
| 98 | EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() | 140 | EVP_get_digestbyname(), EVP_get_digestbynid() and EVP_get_digestbyobj() |
| 99 | return an B<EVP_MD> structure when passed a digest name, a digest NID or | 141 | return an B<EVP_MD> structure when passed a digest name, a digest NID or |
| 100 | an ASN1_OBJECT structure respectively. The digest table must be initialised | 142 | an ASN1_OBJECT structure respectively. The digest table must be initialized |
| 101 | using, for example, OpenSSL_add_all_digests() for these functions to work. | 143 | using, for example, OpenSSL_add_all_digests() for these functions to work. |
| 102 | 144 | ||
| 103 | =head1 RETURN VALUES | 145 | =head1 RETURN VALUES |
| 104 | 146 | ||
| 105 | EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() do not return values. | 147 | EVP_DigestInit_ex(), EVP_DigestUpdate() and EVP_DigestFinal_ex() return 1 for |
| 148 | success and 0 for failure. | ||
| 106 | 149 | ||
| 107 | EVP_MD_CTX_copy() returns 1 if successful or 0 for failure. | 150 | EVP_MD_CTX_copy_ex() returns 1 if successful or 0 for failure. |
| 108 | 151 | ||
| 109 | EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the | 152 | EVP_MD_type(), EVP_MD_pkey_type() and EVP_MD_type() return the NID of the |
| 110 | corresponding OBJECT IDENTIFIER or NID_undef if none exists. | 153 | corresponding OBJECT IDENTIFIER or NID_undef if none exists. |
| @@ -129,6 +172,19 @@ transparent to the digest used and much more flexible. | |||
| 129 | SHA1 is the digest of choice for new applications. The other digest algorithms | 172 | SHA1 is the digest of choice for new applications. The other digest algorithms |
| 130 | are still in common use. | 173 | are still in common use. |
| 131 | 174 | ||
| 175 | For most applications the B<impl> parameter to EVP_DigestInit_ex() will be | ||
| 176 | set to NULL to use the default digest implementation. | ||
| 177 | |||
| 178 | The functions EVP_DigestInit(), EVP_DigestFinal() and EVP_MD_CTX_copy() are | ||
| 179 | obsolete but are retained to maintain compatibility with existing code. New | ||
| 180 | applications should use EVP_DigestInit_ex(), EVP_DigestFinal_ex() and | ||
| 181 | EVP_MD_CTX_copy_ex() because they can efficiently reuse a digest context | ||
| 182 | instead of initializing and cleaning it up on each call and allow non default | ||
| 183 | implementations of digests to be specified. | ||
| 184 | |||
| 185 | In OpenSSL 0.9.7 and later if digest contexts are not cleaned up after use | ||
| 186 | memory leaks will occur. | ||
| 187 | |||
| 132 | =head1 EXAMPLE | 188 | =head1 EXAMPLE |
| 133 | 189 | ||
| 134 | This example digests the data "Test Message\n" and "Hello World\n", using the | 190 | This example digests the data "Test Message\n" and "Hello World\n", using the |
| @@ -160,10 +216,12 @@ digest name passed on the command line. | |||
| 160 | exit(1); | 216 | exit(1); |
| 161 | } | 217 | } |
| 162 | 218 | ||
| 163 | EVP_DigestInit(&mdctx, md); | 219 | EVP_MD_CTX_init(&mdctx); |
| 220 | EVP_DigestInit_ex(&mdctx, md, NULL); | ||
| 164 | EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); | 221 | EVP_DigestUpdate(&mdctx, mess1, strlen(mess1)); |
| 165 | EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); | 222 | EVP_DigestUpdate(&mdctx, mess2, strlen(mess2)); |
| 166 | EVP_DigestFinal(&mdctx, md_value, &md_len); | 223 | EVP_DigestFinal_ex(&mdctx, md_value, &md_len); |
| 224 | EVP_MD_CTX_cleanup(&mdctx); | ||
| 167 | 225 | ||
| 168 | printf("Digest is: "); | 226 | printf("Digest is: "); |
| 169 | for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); | 227 | for(i = 0; i < md_len; i++) printf("%02x", md_value[i]); |
| @@ -172,17 +230,10 @@ digest name passed on the command line. | |||
| 172 | 230 | ||
| 173 | =head1 BUGS | 231 | =head1 BUGS |
| 174 | 232 | ||
| 175 | Several of the functions do not return values: maybe they should. Although the | ||
| 176 | internal digest operations will never fail some future hardware based operations | ||
| 177 | might. | ||
| 178 | |||
| 179 | The link between digests and signing algorithms results in a situation where | 233 | The link between digests and signing algorithms results in a situation where |
| 180 | EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS | 234 | EVP_sha1() must be used with RSA and EVP_dss1() must be used with DSS |
| 181 | even though they are identical digests. | 235 | even though they are identical digests. |
| 182 | 236 | ||
| 183 | The size of an B<EVP_MD_CTX> structure is determined at compile time: this results | ||
| 184 | in code that must be recompiled if the size of B<EVP_MD_CTX> increases. | ||
| 185 | |||
| 186 | =head1 SEE ALSO | 237 | =head1 SEE ALSO |
| 187 | 238 | ||
| 188 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | 239 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
| @@ -194,4 +245,7 @@ L<sha(3)|sha(3)>, L<digest(1)|digest(1)> | |||
| 194 | EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are | 245 | EVP_DigestInit(), EVP_DigestUpdate() and EVP_DigestFinal() are |
| 195 | available in all versions of SSLeay and OpenSSL. | 246 | available in all versions of SSLeay and OpenSSL. |
| 196 | 247 | ||
| 248 | EVP_DigestInit_ex(), EVP_DigestFinal_ex() and EVP_MD_CTX_copy_ex() | ||
| 249 | were added in OpenSSL 0.9.7. | ||
| 250 | |||
| 197 | =cut | 251 | =cut |
diff --git a/src/lib/libcrypto/doc/EVP_EncryptInit.pod b/src/lib/libcrypto/doc/EVP_EncryptInit.pod index 77ed4ccdba..371b6a2287 100644 --- a/src/lib/libcrypto/doc/EVP_EncryptInit.pod +++ b/src/lib/libcrypto/doc/EVP_EncryptInit.pod | |||
| @@ -2,34 +2,68 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines | 5 | EVP_CIPHER_CTX_init, EVP_EncryptInit_ex, EVP_EncryptUpdate, |
| 6 | EVP_EncryptFinal_ex, EVP_DecryptInit_ex, EVP_DecryptUpdate, | ||
| 7 | EVP_DecryptFinal_ex, EVP_CipherInit_ex, EVP_CipherUpdate, | ||
| 8 | EVP_CipherFinal_ex, EVP_CIPHER_CTX_set_key_length, | ||
| 9 | EVP_CIPHER_CTX_ctrl, EVP_CIPHER_CTX_cleanup, EVP_EncryptInit, | ||
| 10 | EVP_EncryptFinal, EVP_DecryptInit, EVP_DecryptFinal, | ||
| 11 | EVP_CipherInit, EVP_CipherFinal, EVP_get_cipherbyname, | ||
| 12 | EVP_get_cipherbynid, EVP_get_cipherbyobj, EVP_CIPHER_nid, | ||
| 13 | EVP_CIPHER_block_size, EVP_CIPHER_key_length, EVP_CIPHER_iv_length, | ||
| 14 | EVP_CIPHER_flags, EVP_CIPHER_mode, EVP_CIPHER_type, EVP_CIPHER_CTX_cipher, | ||
| 15 | EVP_CIPHER_CTX_nid, EVP_CIPHER_CTX_block_size, EVP_CIPHER_CTX_key_length, | ||
| 16 | EVP_CIPHER_CTX_iv_length, EVP_CIPHER_CTX_get_app_data, | ||
| 17 | EVP_CIPHER_CTX_set_app_data, EVP_CIPHER_CTX_type, EVP_CIPHER_CTX_flags, | ||
| 18 | EVP_CIPHER_CTX_mode, EVP_CIPHER_param_to_asn1, EVP_CIPHER_asn1_to_param, | ||
| 19 | EVP_CIPHER_CTX_set_padding - EVP cipher routines | ||
| 6 | 20 | ||
| 7 | =head1 SYNOPSIS | 21 | =head1 SYNOPSIS |
| 8 | 22 | ||
| 9 | #include <openssl/evp.h> | 23 | #include <openssl/evp.h> |
| 10 | 24 | ||
| 11 | void EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | 25 | int EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
| 12 | unsigned char *key, unsigned char *iv); | 26 | |
| 13 | void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 27 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 28 | ENGINE *impl, unsigned char *key, unsigned char *iv); | ||
| 29 | int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 14 | int *outl, unsigned char *in, int inl); | 30 | int *outl, unsigned char *in, int inl); |
| 15 | void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 31 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 16 | int *outl); | 32 | int *outl); |
| 17 | 33 | ||
| 18 | void EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | 34 | int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 19 | unsigned char *key, unsigned char *iv); | 35 | ENGINE *impl, unsigned char *key, unsigned char *iv); |
| 20 | void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 36 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 21 | int *outl, unsigned char *in, int inl); | 37 | int *outl, unsigned char *in, int inl); |
| 38 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, | ||
| 39 | int *outl); | ||
| 40 | |||
| 41 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | ||
| 42 | ENGINE *impl, unsigned char *key, unsigned char *iv, int enc); | ||
| 43 | int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 44 | int *outl, unsigned char *in, int inl); | ||
| 45 | int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, | ||
| 46 | int *outl); | ||
| 47 | |||
| 48 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | ||
| 49 | unsigned char *key, unsigned char *iv); | ||
| 50 | int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 51 | int *outl); | ||
| 52 | |||
| 53 | int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | ||
| 54 | unsigned char *key, unsigned char *iv); | ||
| 22 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, | 55 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, |
| 23 | int *outl); | 56 | int *outl); |
| 24 | 57 | ||
| 25 | void EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, | 58 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, |
| 26 | unsigned char *key, unsigned char *iv, int enc); | 59 | unsigned char *key, unsigned char *iv, int enc); |
| 27 | void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 28 | int *outl, unsigned char *in, int inl); | ||
| 29 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, | 60 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, |
| 30 | int *outl); | 61 | int *outl); |
| 31 | 62 | ||
| 32 | void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); | 63 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *x, int padding); |
| 64 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); | ||
| 65 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); | ||
| 66 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); | ||
| 33 | 67 | ||
| 34 | const EVP_CIPHER *EVP_get_cipherbyname(const char *name); | 68 | const EVP_CIPHER *EVP_get_cipherbyname(const char *name); |
| 35 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) | 69 | #define EVP_get_cipherbynid(a) EVP_get_cipherbyname(OBJ_nid2sn(a)) |
| @@ -38,15 +72,21 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines | |||
| 38 | #define EVP_CIPHER_nid(e) ((e)->nid) | 72 | #define EVP_CIPHER_nid(e) ((e)->nid) |
| 39 | #define EVP_CIPHER_block_size(e) ((e)->block_size) | 73 | #define EVP_CIPHER_block_size(e) ((e)->block_size) |
| 40 | #define EVP_CIPHER_key_length(e) ((e)->key_len) | 74 | #define EVP_CIPHER_key_length(e) ((e)->key_len) |
| 41 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) | 75 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) |
| 42 | 76 | #define EVP_CIPHER_flags(e) ((e)->flags) | |
| 77 | #define EVP_CIPHER_mode(e) ((e)->flags) & EVP_CIPH_MODE) | ||
| 43 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); | 78 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); |
| 79 | |||
| 44 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) | 80 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) |
| 45 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) | 81 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) |
| 46 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) | 82 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) |
| 47 | #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) | 83 | #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) |
| 48 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) | 84 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) |
| 85 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | ||
| 86 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | ||
| 49 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | 87 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) |
| 88 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | ||
| 89 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | ||
| 50 | 90 | ||
| 51 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | 91 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); |
| 52 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | 92 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); |
| @@ -56,16 +96,19 @@ EVP_EncryptInit, EVP_EncryptUpdate, EVP_EncryptFinal - EVP cipher routines | |||
| 56 | The EVP cipher routines are a high level interface to certain | 96 | The EVP cipher routines are a high level interface to certain |
| 57 | symmetric ciphers. | 97 | symmetric ciphers. |
| 58 | 98 | ||
| 59 | EVP_EncryptInit() initialises a cipher context B<ctx> for encryption | 99 | EVP_CIPHER_CTX_init() initializes cipher contex B<ctx>. |
| 60 | with cipher B<type>. B<type> is normally supplied by a function such | 100 | |
| 61 | as EVP_des_cbc() . B<key> is the symmetric key to use and B<iv> is the | 101 | EVP_EncryptInit_ex() sets up cipher context B<ctx> for encryption |
| 62 | IV to use (if necessary), the actual number of bytes used for the | 102 | with cipher B<type> from ENGINE B<impl>. B<ctx> must be initialized |
| 63 | key and IV depends on the cipher. It is possible to set all parameters | 103 | before calling this function. B<type> is normally supplied |
| 64 | to NULL except B<type> in an initial call and supply the remaining | 104 | by a function such as EVP_des_cbc(). If B<impl> is NULL then the |
| 65 | parameters in subsequent calls. This is normally done when the | 105 | default implementation is used. B<key> is the symmetric key to use |
| 66 | EVP_CIPHER_asn1_to_param() function is called to set the cipher | 106 | and B<iv> is the IV to use (if necessary), the actual number of bytes |
| 67 | parameters from an ASN1 AlgorithmIdentifier and the key from a | 107 | used for the key and IV depends on the cipher. It is possible to set |
| 68 | different source. | 108 | all parameters to NULL except B<type> in an initial call and supply |
| 109 | the remaining parameters in subsequent calls, all of which have B<type> | ||
| 110 | set to NULL. This is done when the default cipher parameters are not | ||
| 111 | appropriate. | ||
| 69 | 112 | ||
| 70 | EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and | 113 | EVP_EncryptUpdate() encrypts B<inl> bytes from the buffer B<in> and |
| 71 | writes the encrypted version to B<out>. This function can be called | 114 | writes the encrypted version to B<out>. This function can be called |
| @@ -73,31 +116,49 @@ multiple times to encrypt successive blocks of data. The amount | |||
| 73 | of data written depends on the block alignment of the encrypted data: | 116 | of data written depends on the block alignment of the encrypted data: |
| 74 | as a result the amount of data written may be anything from zero bytes | 117 | as a result the amount of data written may be anything from zero bytes |
| 75 | to (inl + cipher_block_size - 1) so B<outl> should contain sufficient | 118 | to (inl + cipher_block_size - 1) so B<outl> should contain sufficient |
| 76 | room. The actual number of bytes written is placed in B<outl>. | 119 | room. The actual number of bytes written is placed in B<outl>. |
| 77 | 120 | ||
| 78 | EVP_EncryptFinal() encrypts the "final" data, that is any data that | 121 | If padding is enabled (the default) then EVP_EncryptFinal_ex() encrypts |
| 79 | remains in a partial block. It uses L<standard block padding|/NOTES> (aka PKCS | 122 | the "final" data, that is any data that remains in a partial block. |
| 80 | padding). The encrypted final data is written to B<out> which should | 123 | It uses L<standard block padding|/NOTES> (aka PKCS padding). The encrypted |
| 81 | have sufficient space for one cipher block. The number of bytes written | 124 | final data is written to B<out> which should have sufficient space for |
| 82 | is placed in B<outl>. After this function is called the encryption operation | 125 | one cipher block. The number of bytes written is placed in B<outl>. After |
| 83 | is finished and no further calls to EVP_EncryptUpdate() should be made. | 126 | this function is called the encryption operation is finished and no further |
| 84 | 127 | calls to EVP_EncryptUpdate() should be made. | |
| 85 | EVP_DecryptInit(), EVP_DecryptUpdate() and EVP_DecryptFinal() are the | ||
| 86 | corresponding decryption operations. EVP_DecryptFinal() will return an | ||
| 87 | error code if the final block is not correctly formatted. The parameters | ||
| 88 | and restrictions are identical to the encryption operations except that | ||
| 89 | the decrypted data buffer B<out> passed to EVP_DecryptUpdate() should | ||
| 90 | have sufficient room for (B<inl> + cipher_block_size) bytes unless the | ||
| 91 | cipher block size is 1 in which case B<inl> bytes is sufficient. | ||
| 92 | 128 | ||
| 93 | EVP_CipherInit(), EVP_CipherUpdate() and EVP_CipherFinal() are functions | 129 | If padding is disabled then EVP_EncryptFinal_ex() will not encrypt any more |
| 94 | that can be used for decryption or encryption. The operation performed | 130 | data and it will return an error if any data remains in a partial block: |
| 95 | depends on the value of the B<enc> parameter. It should be set to 1 for | 131 | that is if the total data length is not a multiple of the block size. |
| 96 | encryption and 0 for decryption. | ||
| 97 | 132 | ||
| 98 | EVP_CIPHER_CTX_cleanup() clears all information from a cipher context. | 133 | EVP_DecryptInit_ex(), EVP_DecryptUpdate() and EVP_DecryptFinal_ex() are the |
| 99 | It should be called after all operations using a cipher are complete | 134 | corresponding decryption operations. EVP_DecryptFinal() will return an |
| 100 | so sensitive information does not remain in memory. | 135 | error code if padding is enabled and the final block is not correctly |
| 136 | formatted. The parameters and restrictions are identical to the encryption | ||
| 137 | operations except that if padding is enabled the decrypted data buffer B<out> | ||
| 138 | passed to EVP_DecryptUpdate() should have sufficient room for | ||
| 139 | (B<inl> + cipher_block_size) bytes unless the cipher block size is 1 in | ||
| 140 | which case B<inl> bytes is sufficient. | ||
| 141 | |||
| 142 | EVP_CipherInit_ex(), EVP_CipherUpdate() and EVP_CipherFinal_ex() are | ||
| 143 | functions that can be used for decryption or encryption. The operation | ||
| 144 | performed depends on the value of the B<enc> parameter. It should be set | ||
| 145 | to 1 for encryption, 0 for decryption and -1 to leave the value unchanged | ||
| 146 | (the actual value of 'enc' being supplied in a previous call). | ||
| 147 | |||
| 148 | EVP_CIPHER_CTX_cleanup() clears all information from a cipher context | ||
| 149 | and free up any allocated memory associate with it. It should be called | ||
| 150 | after all operations using a cipher are complete so sensitive information | ||
| 151 | does not remain in memory. | ||
| 152 | |||
| 153 | EVP_EncryptInit(), EVP_DecryptInit() and EVP_CipherInit() behave in a | ||
| 154 | similar way to EVP_EncryptInit_ex(), EVP_DecryptInit_ex and | ||
| 155 | EVP_CipherInit_ex() except the B<ctx> paramter does not need to be | ||
| 156 | initialized and they always use the default cipher implementation. | ||
| 157 | |||
| 158 | EVP_EncryptFinal(), EVP_DecryptFinal() and EVP_CipherFinal() behave in a | ||
| 159 | similar way to EVP_EncryptFinal_ex(), EVP_DecryptFinal_ex() and | ||
| 160 | EVP_CipherFinal_ex() except B<ctx> is automatically cleaned up | ||
| 161 | after the call. | ||
| 101 | 162 | ||
| 102 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() | 163 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() |
| 103 | return an EVP_CIPHER structure when passed a cipher name, a NID or an | 164 | return an EVP_CIPHER structure when passed a cipher name, a NID or an |
| @@ -108,10 +169,23 @@ passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> structure. The actual NID | |||
| 108 | value is an internal value which may not have a corresponding OBJECT | 169 | value is an internal value which may not have a corresponding OBJECT |
| 109 | IDENTIFIER. | 170 | IDENTIFIER. |
| 110 | 171 | ||
| 172 | EVP_CIPHER_CTX_set_padding() enables or disables padding. By default | ||
| 173 | encryption operations are padded using standard block padding and the | ||
| 174 | padding is checked and removed when decrypting. If the B<pad> parameter | ||
| 175 | is zero then no padding is performed, the total amount of data encrypted | ||
| 176 | or decrypted must then be a multiple of the block size or an error will | ||
| 177 | occur. | ||
| 178 | |||
| 111 | EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key | 179 | EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key |
| 112 | length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> | 180 | length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX> |
| 113 | structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length | 181 | structure. The constant B<EVP_MAX_KEY_LENGTH> is the maximum key length |
| 114 | for all ciphers. | 182 | for all ciphers. Note: although EVP_CIPHER_key_length() is fixed for a |
| 183 | given cipher, the value of EVP_CIPHER_CTX_key_length() may be different | ||
| 184 | for variable key length ciphers. | ||
| 185 | |||
| 186 | EVP_CIPHER_CTX_set_key_length() sets the key length of the cipher ctx. | ||
| 187 | If the cipher is a fixed length cipher then attempting to set the key | ||
| 188 | length to any value other than the fixed value is an error. | ||
| 115 | 189 | ||
| 116 | EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV | 190 | EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV |
| 117 | length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>. | 191 | length of a cipher when passed an B<EVP_CIPHER> or B<EVP_CIPHER_CTX>. |
| @@ -133,6 +207,11 @@ B<NID_undef>. | |||
| 133 | EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed | 207 | EVP_CIPHER_CTX_cipher() returns the B<EVP_CIPHER> structure when passed |
| 134 | an B<EVP_CIPHER_CTX> structure. | 208 | an B<EVP_CIPHER_CTX> structure. |
| 135 | 209 | ||
| 210 | EVP_CIPHER_mode() and EVP_CIPHER_CTX_mode() return the block cipher mode: | ||
| 211 | EVP_CIPH_ECB_MODE, EVP_CIPH_CBC_MODE, EVP_CIPH_CFB_MODE or | ||
| 212 | EVP_CIPH_OFB_MODE. If the cipher is a stream cipher then | ||
| 213 | EVP_CIPH_STREAM_CIPHER is returned. | ||
| 214 | |||
| 136 | EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based | 215 | EVP_CIPHER_param_to_asn1() sets the AlgorithmIdentifier "parameter" based |
| 137 | on the passed cipher. This will typically include any parameters and an | 216 | on the passed cipher. This will typically include any parameters and an |
| 138 | IV. The cipher IV (if any) must be set when this call is made. This call | 217 | IV. The cipher IV (if any) must be set when this call is made. This call |
| @@ -149,21 +228,24 @@ key set to NULL, EVP_CIPHER_asn1_to_param() will be called and finally | |||
| 149 | EVP_CipherInit() again with all parameters except the key set to NULL. It is | 228 | EVP_CipherInit() again with all parameters except the key set to NULL. It is |
| 150 | possible for this function to fail if the cipher does not have any ASN1 support | 229 | possible for this function to fail if the cipher does not have any ASN1 support |
| 151 | or the parameters cannot be set (for example the RC2 effective key length | 230 | or the parameters cannot be set (for example the RC2 effective key length |
| 152 | does not have an B<EVP_CIPHER> structure). | 231 | is not supported. |
| 232 | |||
| 233 | EVP_CIPHER_CTX_ctrl() allows various cipher specific parameters to be determined | ||
| 234 | and set. Currently only the RC2 effective key length and the number of rounds of | ||
| 235 | RC5 can be set. | ||
| 153 | 236 | ||
| 154 | =head1 RETURN VALUES | 237 | =head1 RETURN VALUES |
| 155 | 238 | ||
| 156 | EVP_EncryptInit(), EVP_EncryptUpdate() and EVP_EncryptFinal() do not return | 239 | EVP_CIPHER_CTX_init, EVP_EncryptInit_ex(), EVP_EncryptUpdate() and |
| 157 | values. | 240 | EVP_EncryptFinal_ex() return 1 for success and 0 for failure. |
| 158 | 241 | ||
| 159 | EVP_DecryptInit() and EVP_DecryptUpdate() do not return values. | 242 | EVP_DecryptInit_ex() and EVP_DecryptUpdate() return 1 for success and 0 for failure. |
| 160 | EVP_DecryptFinal() returns 0 if the decrypt failed or 1 for success. | 243 | EVP_DecryptFinal_ex() returns 0 if the decrypt failed or 1 for success. |
| 161 | 244 | ||
| 162 | EVP_CipherInit() and EVP_CipherUpdate() do not return values. | 245 | EVP_CipherInit_ex() and EVP_CipherUpdate() return 1 for success and 0 for failure. |
| 163 | EVP_CipherFinal() returns 1 for a decryption failure or 1 for success, if | 246 | EVP_CipherFinal_ex() returns 0 for a decryption failure or 1 for success. |
| 164 | the operation is encryption then it always returns 1. | ||
| 165 | 247 | ||
| 166 | EVP_CIPHER_CTX_cleanup() does not return a value. | 248 | EVP_CIPHER_CTX_cleanup() returns 1 for success and 0 for failure. |
| 167 | 249 | ||
| 168 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() | 250 | EVP_get_cipherbyname(), EVP_get_cipherbynid() and EVP_get_cipherbyobj() |
| 169 | return an B<EVP_CIPHER> structure or NULL on error. | 251 | return an B<EVP_CIPHER> structure or NULL on error. |
| @@ -176,6 +258,8 @@ size. | |||
| 176 | EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key | 258 | EVP_CIPHER_key_length() and EVP_CIPHER_CTX_key_length() return the key |
| 177 | length. | 259 | length. |
| 178 | 260 | ||
| 261 | EVP_CIPHER_CTX_set_padding() always returns 1. | ||
| 262 | |||
| 179 | EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV | 263 | EVP_CIPHER_iv_length() and EVP_CIPHER_CTX_iv_length() return the IV |
| 180 | length or zero if the cipher does not use an IV. | 264 | length or zero if the cipher does not use an IV. |
| 181 | 265 | ||
| @@ -187,6 +271,75 @@ EVP_CIPHER_CTX_cipher() returns an B<EVP_CIPHER> structure. | |||
| 187 | EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for | 271 | EVP_CIPHER_param_to_asn1() and EVP_CIPHER_asn1_to_param() return 1 for |
| 188 | success or zero for failure. | 272 | success or zero for failure. |
| 189 | 273 | ||
| 274 | =head1 CIPHER LISTING | ||
| 275 | |||
| 276 | All algorithms have a fixed key length unless otherwise stated. | ||
| 277 | |||
| 278 | =over 4 | ||
| 279 | |||
| 280 | =item EVP_enc_null() | ||
| 281 | |||
| 282 | Null cipher: does nothing. | ||
| 283 | |||
| 284 | =item EVP_des_cbc(void), EVP_des_ecb(void), EVP_des_cfb(void), EVP_des_ofb(void) | ||
| 285 | |||
| 286 | DES in CBC, ECB, CFB and OFB modes respectively. | ||
| 287 | |||
| 288 | =item EVP_des_ede_cbc(void), EVP_des_ede(), EVP_des_ede_ofb(void), EVP_des_ede_cfb(void) | ||
| 289 | |||
| 290 | Two key triple DES in CBC, ECB, CFB and OFB modes respectively. | ||
| 291 | |||
| 292 | =item EVP_des_ede3_cbc(void), EVP_des_ede3(), EVP_des_ede3_ofb(void), EVP_des_ede3_cfb(void) | ||
| 293 | |||
| 294 | Three key triple DES in CBC, ECB, CFB and OFB modes respectively. | ||
| 295 | |||
| 296 | =item EVP_desx_cbc(void) | ||
| 297 | |||
| 298 | DESX algorithm in CBC mode. | ||
| 299 | |||
| 300 | =item EVP_rc4(void) | ||
| 301 | |||
| 302 | RC4 stream cipher. This is a variable key length cipher with default key length 128 bits. | ||
| 303 | |||
| 304 | =item EVP_rc4_40(void) | ||
| 305 | |||
| 306 | RC4 stream cipher with 40 bit key length. This is obsolete and new code should use EVP_rc4() | ||
| 307 | and the EVP_CIPHER_CTX_set_key_length() function. | ||
| 308 | |||
| 309 | =item EVP_idea_cbc() EVP_idea_ecb(void), EVP_idea_cfb(void), EVP_idea_ofb(void), EVP_idea_cbc(void) | ||
| 310 | |||
| 311 | IDEA encryption algorithm in CBC, ECB, CFB and OFB modes respectively. | ||
| 312 | |||
| 313 | =item EVP_rc2_cbc(void), EVP_rc2_ecb(void), EVP_rc2_cfb(void), EVP_rc2_ofb(void) | ||
| 314 | |||
| 315 | RC2 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key | ||
| 316 | length cipher with an additional parameter called "effective key bits" or "effective key length". | ||
| 317 | By default both are set to 128 bits. | ||
| 318 | |||
| 319 | =item EVP_rc2_40_cbc(void), EVP_rc2_64_cbc(void) | ||
| 320 | |||
| 321 | RC2 algorithm in CBC mode with a default key length and effective key length of 40 and 64 bits. | ||
| 322 | These are obsolete and new code should use EVP_rc2_cbc(), EVP_CIPHER_CTX_set_key_length() and | ||
| 323 | EVP_CIPHER_CTX_ctrl() to set the key length and effective key length. | ||
| 324 | |||
| 325 | =item EVP_bf_cbc(void), EVP_bf_ecb(void), EVP_bf_cfb(void), EVP_bf_ofb(void); | ||
| 326 | |||
| 327 | Blowfish encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key | ||
| 328 | length cipher. | ||
| 329 | |||
| 330 | =item EVP_cast5_cbc(void), EVP_cast5_ecb(void), EVP_cast5_cfb(void), EVP_cast5_ofb(void) | ||
| 331 | |||
| 332 | CAST encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key | ||
| 333 | length cipher. | ||
| 334 | |||
| 335 | =item EVP_rc5_32_12_16_cbc(void), EVP_rc5_32_12_16_ecb(void), EVP_rc5_32_12_16_cfb(void), EVP_rc5_32_12_16_ofb(void) | ||
| 336 | |||
| 337 | RC5 encryption algorithm in CBC, ECB, CFB and OFB modes respectively. This is a variable key length | ||
| 338 | cipher with an additional "number of rounds" parameter. By default the key length is set to 128 | ||
| 339 | bits and 12 rounds. | ||
| 340 | |||
| 341 | =back | ||
| 342 | |||
| 190 | =head1 NOTES | 343 | =head1 NOTES |
| 191 | 344 | ||
| 192 | Where possible the B<EVP> interface to symmetric ciphers should be used in | 345 | Where possible the B<EVP> interface to symmetric ciphers should be used in |
| @@ -201,19 +354,146 @@ encrypted then 5 padding bytes of value 5 will be added. | |||
| 201 | 354 | ||
| 202 | When decrypting the final block is checked to see if it has the correct form. | 355 | When decrypting the final block is checked to see if it has the correct form. |
| 203 | 356 | ||
| 204 | Although the decryption operation can produce an error, it is not a strong | 357 | Although the decryption operation can produce an error if padding is enabled, |
| 205 | test that the input data or key is correct. A random block has better than | 358 | it is not a strong test that the input data or key is correct. A random block |
| 206 | 1 in 256 chance of being of the correct format and problems with the | 359 | has better than 1 in 256 chance of being of the correct format and problems with |
| 207 | input data earlier on will not produce a final decrypt error. | 360 | the input data earlier on will not produce a final decrypt error. |
| 361 | |||
| 362 | If padding is disabled then the decryption operation will always succeed if | ||
| 363 | the total amount of data decrypted is a multiple of the block size. | ||
| 364 | |||
| 365 | The functions EVP_EncryptInit(), EVP_EncryptFinal(), EVP_DecryptInit(), | ||
| 366 | EVP_CipherInit() and EVP_CipherFinal() are obsolete but are retained for | ||
| 367 | compatibility with existing code. New code should use EVP_EncryptInit_ex(), | ||
| 368 | EVP_EncryptFinal_ex(), EVP_DecryptInit_ex(), EVP_DecryptFinal_ex(), | ||
| 369 | EVP_CipherInit_ex() and EVP_CipherFinal_ex() because they can reuse an | ||
| 370 | existing context without allocating and freeing it up on each call. | ||
| 208 | 371 | ||
| 209 | =head1 BUGS | 372 | =head1 BUGS |
| 210 | 373 | ||
| 211 | The current B<EVP> cipher interface is not as flexible as it should be. Only | 374 | For RC5 the number of rounds can currently only be set to 8, 12 or 16. This is |
| 212 | certain "spot" encryption algorithms can be used for ciphers which have various | 375 | a limitation of the current RC5 code rather than the EVP interface. |
| 213 | parameters associated with them (RC2, RC5 for example) this is inadequate. | 376 | |
| 377 | EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH only refer to the internal ciphers with | ||
| 378 | default key lengths. If custom ciphers exceed these values the results are | ||
| 379 | unpredictable. This is because it has become standard practice to define a | ||
| 380 | generic key as a fixed unsigned char array containing EVP_MAX_KEY_LENGTH bytes. | ||
| 381 | |||
| 382 | The ASN1 code is incomplete (and sometimes inaccurate) it has only been tested | ||
| 383 | for certain common S/MIME ciphers (RC2, DES, triple DES) in CBC mode. | ||
| 384 | |||
| 385 | =head1 EXAMPLES | ||
| 386 | |||
| 387 | Get the number of rounds used in RC5: | ||
| 388 | |||
| 389 | int nrounds; | ||
| 390 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC5_ROUNDS, 0, &nrounds); | ||
| 391 | |||
| 392 | Get the RC2 effective key length: | ||
| 393 | |||
| 394 | int key_bits; | ||
| 395 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GET_RC2_KEY_BITS, 0, &key_bits); | ||
| 396 | |||
| 397 | Set the number of rounds used in RC5: | ||
| 398 | |||
| 399 | int nrounds; | ||
| 400 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC5_ROUNDS, nrounds, NULL); | ||
| 401 | |||
| 402 | Set the effective key length used in RC2: | ||
| 403 | |||
| 404 | int key_bits; | ||
| 405 | EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); | ||
| 406 | |||
| 407 | Encrypt a string using blowfish: | ||
| 408 | |||
| 409 | int do_crypt(char *outfile) | ||
| 410 | { | ||
| 411 | unsigned char outbuf[1024]; | ||
| 412 | int outlen, tmplen; | ||
| 413 | /* Bogus key and IV: we'd normally set these from | ||
| 414 | * another source. | ||
| 415 | */ | ||
| 416 | unsigned char key[] = {0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15}; | ||
| 417 | unsigned char iv[] = {1,2,3,4,5,6,7,8}; | ||
| 418 | char intext[] = "Some Crypto Text"; | ||
| 419 | EVP_CIPHER_CTX ctx; | ||
| 420 | FILE *out; | ||
| 421 | EVP_CIPHER_CTX_init(&ctx); | ||
| 422 | EVP_EncryptInit_ex(&ctx, NULL, EVP_bf_cbc(), key, iv); | ||
| 423 | |||
| 424 | if(!EVP_EncryptUpdate(&ctx, outbuf, &outlen, intext, strlen(intext))) | ||
| 425 | { | ||
| 426 | /* Error */ | ||
| 427 | return 0; | ||
| 428 | } | ||
| 429 | /* Buffer passed to EVP_EncryptFinal() must be after data just | ||
| 430 | * encrypted to avoid overwriting it. | ||
| 431 | */ | ||
| 432 | if(!EVP_EncryptFinal_ex(&ctx, outbuf + outlen, &tmplen)) | ||
| 433 | { | ||
| 434 | /* Error */ | ||
| 435 | return 0; | ||
| 436 | } | ||
| 437 | outlen += tmplen; | ||
| 438 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 439 | /* Need binary mode for fopen because encrypted data is | ||
| 440 | * binary data. Also cannot use strlen() on it because | ||
| 441 | * it wont be null terminated and may contain embedded | ||
| 442 | * nulls. | ||
| 443 | */ | ||
| 444 | out = fopen(outfile, "wb"); | ||
| 445 | fwrite(outbuf, 1, outlen, out); | ||
| 446 | fclose(out); | ||
| 447 | return 1; | ||
| 448 | } | ||
| 449 | |||
| 450 | The ciphertext from the above example can be decrypted using the B<openssl> | ||
| 451 | utility with the command line: | ||
| 452 | |||
| 453 | S<openssl bf -in cipher.bin -K 000102030405060708090A0B0C0D0E0F -iv 0102030405060708 -d> | ||
| 454 | |||
| 455 | General encryption, decryption function example using FILE I/O and RC2 with an | ||
| 456 | 80 bit key: | ||
| 457 | |||
| 458 | int do_crypt(FILE *in, FILE *out, int do_encrypt) | ||
| 459 | { | ||
| 460 | /* Allow enough space in output buffer for additional block */ | ||
| 461 | inbuf[1024], outbuf[1024 + EVP_MAX_BLOCK_LENGTH]; | ||
| 462 | int inlen, outlen; | ||
| 463 | /* Bogus key and IV: we'd normally set these from | ||
| 464 | * another source. | ||
| 465 | */ | ||
| 466 | unsigned char key[] = "0123456789"; | ||
| 467 | unsigned char iv[] = "12345678"; | ||
| 468 | /* Don't set key or IV because we will modify the parameters */ | ||
| 469 | EVP_CIPHER_CTX_init(&ctx); | ||
| 470 | EVP_CipherInit_ex(&ctx, EVP_rc2(), NULL, NULL, NULL, do_encrypt); | ||
| 471 | EVP_CIPHER_CTX_set_key_length(&ctx, 10); | ||
| 472 | /* We finished modifying parameters so now we can set key and IV */ | ||
| 473 | EVP_CipherInit_ex(&ctx, NULL, NULL, key, iv, do_encrypt); | ||
| 474 | |||
| 475 | for(;;) | ||
| 476 | { | ||
| 477 | inlen = fread(inbuf, 1, 1024, in); | ||
| 478 | if(inlen <= 0) break; | ||
| 479 | if(!EVP_CipherUpdate(&ctx, outbuf, &outlen, inbuf, inlen)) | ||
| 480 | { | ||
| 481 | /* Error */ | ||
| 482 | return 0; | ||
| 483 | } | ||
| 484 | fwrite(outbuf, 1, outlen, out); | ||
| 485 | } | ||
| 486 | if(!EVP_CipherFinal_ex(&ctx, outbuf, &outlen)) | ||
| 487 | { | ||
| 488 | /* Error */ | ||
| 489 | return 0; | ||
| 490 | } | ||
| 491 | fwrite(outbuf, 1, outlen, out); | ||
| 492 | |||
| 493 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 494 | return 1; | ||
| 495 | } | ||
| 214 | 496 | ||
| 215 | Several of the functions do not return error codes because the software versions | ||
| 216 | can never fail. This is not true of hardware versions. | ||
| 217 | 497 | ||
| 218 | =head1 SEE ALSO | 498 | =head1 SEE ALSO |
| 219 | 499 | ||
diff --git a/src/lib/libcrypto/doc/EVP_OpenInit.pod b/src/lib/libcrypto/doc/EVP_OpenInit.pod index 9707a4b399..2e710da945 100644 --- a/src/lib/libcrypto/doc/EVP_OpenInit.pod +++ b/src/lib/libcrypto/doc/EVP_OpenInit.pod | |||
| @@ -10,9 +10,9 @@ EVP_OpenInit, EVP_OpenUpdate, EVP_OpenFinal - EVP envelope decryption | |||
| 10 | 10 | ||
| 11 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, | 11 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, |
| 12 | int ekl,unsigned char *iv,EVP_PKEY *priv); | 12 | int ekl,unsigned char *iv,EVP_PKEY *priv); |
| 13 | void EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 13 | int EVP_OpenUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 14 | int *outl, unsigned char *in, int inl); | 14 | int *outl, unsigned char *in, int inl); |
| 15 | void EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 15 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 16 | int *outl); | 16 | int *outl); |
| 17 | 17 | ||
| 18 | =head1 DESCRIPTION | 18 | =head1 DESCRIPTION |
| @@ -21,7 +21,7 @@ The EVP envelope routines are a high level interface to envelope | |||
| 21 | decryption. They decrypt a public key encrypted symmetric key and | 21 | decryption. They decrypt a public key encrypted symmetric key and |
| 22 | then decrypt data using it. | 22 | then decrypt data using it. |
| 23 | 23 | ||
| 24 | EVP_OpenInit() initialises a cipher context B<ctx> for decryption | 24 | EVP_OpenInit() initializes a cipher context B<ctx> for decryption |
| 25 | with cipher B<type>. It decrypts the encrypted symmetric key of length | 25 | with cipher B<type>. It decrypts the encrypted symmetric key of length |
| 26 | B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>. | 26 | B<ekl> bytes passed in the B<ek> parameter using the private key B<priv>. |
| 27 | The IV is supplied in the B<iv> parameter. | 27 | The IV is supplied in the B<iv> parameter. |
| @@ -29,20 +29,32 @@ The IV is supplied in the B<iv> parameter. | |||
| 29 | EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties | 29 | EVP_OpenUpdate() and EVP_OpenFinal() have exactly the same properties |
| 30 | as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as | 30 | as the EVP_DecryptUpdate() and EVP_DecryptFinal() routines, as |
| 31 | documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual | 31 | documented on the L<EVP_EncryptInit(3)|EVP_EncryptInit(3)> manual |
| 32 | page. | 32 | page. |
| 33 | |||
| 34 | =head1 NOTES | ||
| 35 | |||
| 36 | It is possible to call EVP_OpenInit() twice in the same way as | ||
| 37 | EVP_DecryptInit(). The first call should have B<priv> set to NULL | ||
| 38 | and (after setting any cipher parameters) it should be called again | ||
| 39 | with B<type> set to NULL. | ||
| 40 | |||
| 41 | If the cipher passed in the B<type> parameter is a variable length | ||
| 42 | cipher then the key length will be set to the value of the recovered | ||
| 43 | key length. If the cipher is a fixed length cipher then the recovered | ||
| 44 | key length must match the fixed cipher length. | ||
| 33 | 45 | ||
| 34 | =head1 RETURN VALUES | 46 | =head1 RETURN VALUES |
| 35 | 47 | ||
| 36 | EVP_OpenInit() returns -1 on error or an non zero integer (actually the | 48 | EVP_OpenInit() returns 0 on error or a non zero integer (actually the |
| 37 | recovered secret key size) if successful. | 49 | recovered secret key size) if successful. |
| 38 | 50 | ||
| 39 | EVP_SealUpdate() does not return a value. | 51 | EVP_OpenUpdate() returns 1 for success or 0 for failure. |
| 40 | 52 | ||
| 41 | EVP_SealFinal() returns 0 if the decrypt failed or 1 for success. | 53 | EVP_OpenFinal() returns 0 if the decrypt failed or 1 for success. |
| 42 | 54 | ||
| 43 | =head1 SEE ALSO | 55 | =head1 SEE ALSO |
| 44 | 56 | ||
| 45 | L<evp(3)|evp(3)>,L<rand(3)|rand(3)> | 57 | L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
| 46 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | 58 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, |
| 47 | L<EVP_SealInit(3)|EVP_SealInit(3)> | 59 | L<EVP_SealInit(3)|EVP_SealInit(3)> |
| 48 | 60 | ||
diff --git a/src/lib/libcrypto/doc/EVP_SealInit.pod b/src/lib/libcrypto/doc/EVP_SealInit.pod index 1579d110fa..0451eb648a 100644 --- a/src/lib/libcrypto/doc/EVP_SealInit.pod +++ b/src/lib/libcrypto/doc/EVP_SealInit.pod | |||
| @@ -10,9 +10,9 @@ EVP_SealInit, EVP_SealUpdate, EVP_SealFinal - EVP envelope encryption | |||
| 10 | 10 | ||
| 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, | 11 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, |
| 12 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); | 12 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); |
| 13 | void EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 13 | int EVP_SealUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 14 | int *outl, unsigned char *in, int inl); | 14 | int *outl, unsigned char *in, int inl); |
| 15 | void EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, | 15 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 16 | int *outl); | 16 | int *outl); |
| 17 | 17 | ||
| 18 | =head1 DESCRIPTION | 18 | =head1 DESCRIPTION |
| @@ -22,7 +22,7 @@ encryption. They generate a random key and then "envelope" it by | |||
| 22 | using public key encryption. Data can then be encrypted using this | 22 | using public key encryption. Data can then be encrypted using this |
| 23 | key. | 23 | key. |
| 24 | 24 | ||
| 25 | EVP_SealInit() initialises a cipher context B<ctx> for encryption | 25 | EVP_SealInit() initializes a cipher context B<ctx> for encryption |
| 26 | with cipher B<type> using a random secret key and IV supplied in | 26 | with cipher B<type> using a random secret key and IV supplied in |
| 27 | the B<iv> parameter. B<type> is normally supplied by a function such | 27 | the B<iv> parameter. B<type> is normally supplied by a function such |
| 28 | as EVP_des_cbc(). The secret key is encrypted using one or more public | 28 | as EVP_des_cbc(). The secret key is encrypted using one or more public |
| @@ -41,9 +41,10 @@ page. | |||
| 41 | 41 | ||
| 42 | =head1 RETURN VALUES | 42 | =head1 RETURN VALUES |
| 43 | 43 | ||
| 44 | EVP_SealInit() returns -1 on error or B<npubk> if successful. | 44 | EVP_SealInit() returns 0 on error or B<npubk> if successful. |
| 45 | 45 | ||
| 46 | EVP_SealUpdate() and EVP_SealFinal() do not return values. | 46 | EVP_SealUpdate() and EVP_SealFinal() return 1 for success and 0 for |
| 47 | failure. | ||
| 47 | 48 | ||
| 48 | =head1 NOTES | 49 | =head1 NOTES |
| 49 | 50 | ||
| @@ -59,9 +60,14 @@ but symmetric encryption is fast. So symmetric encryption is used for | |||
| 59 | bulk encryption and the small random symmetric key used is transferred | 60 | bulk encryption and the small random symmetric key used is transferred |
| 60 | using public key encryption. | 61 | using public key encryption. |
| 61 | 62 | ||
| 63 | It is possible to call EVP_SealInit() twice in the same way as | ||
| 64 | EVP_EncryptInit(). The first call should have B<npubk> set to 0 | ||
| 65 | and (after setting any cipher parameters) it should be called again | ||
| 66 | with B<type> set to NULL. | ||
| 67 | |||
| 62 | =head1 SEE ALSO | 68 | =head1 SEE ALSO |
| 63 | 69 | ||
| 64 | L<evp(3)|evp(3)>,L<rand(3)|rand(3)> | 70 | L<evp(3)|evp(3)>, L<rand(3)|rand(3)>, |
| 65 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, | 71 | L<EVP_EncryptInit(3)|EVP_EncryptInit(3)>, |
| 66 | L<EVP_OpenInit(3)|EVP_OpenInit(3)> | 72 | L<EVP_OpenInit(3)|EVP_OpenInit(3)> |
| 67 | 73 | ||
diff --git a/src/lib/libcrypto/doc/EVP_SignInit.pod b/src/lib/libcrypto/doc/EVP_SignInit.pod index bbc9203c9c..32e9d54809 100644 --- a/src/lib/libcrypto/doc/EVP_SignInit.pod +++ b/src/lib/libcrypto/doc/EVP_SignInit.pod | |||
| @@ -8,10 +8,12 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions | |||
| 8 | 8 | ||
| 9 | #include <openssl/evp.h> | 9 | #include <openssl/evp.h> |
| 10 | 10 | ||
| 11 | void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); | 11 | int EVP_SignInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
| 12 | void EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | 12 | int EVP_SignUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); |
| 13 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); | 13 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *sig,unsigned int *s, EVP_PKEY *pkey); |
| 14 | 14 | ||
| 15 | void EVP_SignInit(EVP_MD_CTX *ctx, const EVP_MD *type); | ||
| 16 | |||
| 15 | int EVP_PKEY_size(EVP_PKEY *pkey); | 17 | int EVP_PKEY_size(EVP_PKEY *pkey); |
| 16 | 18 | ||
| 17 | =head1 DESCRIPTION | 19 | =head1 DESCRIPTION |
| @@ -19,30 +21,30 @@ EVP_SignInit, EVP_SignUpdate, EVP_SignFinal - EVP signing functions | |||
| 19 | The EVP signature routines are a high level interface to digital | 21 | The EVP signature routines are a high level interface to digital |
| 20 | signatures. | 22 | signatures. |
| 21 | 23 | ||
| 22 | EVP_SignInit() initialises a signing context B<ctx> to using digest | 24 | EVP_SignInit_ex() sets up signing context B<ctx> to use digest |
| 23 | B<type>: this will typically be supplied by a function such as | 25 | B<type> from ENGINE B<impl>. B<ctx> must be initialized with |
| 24 | EVP_sha1(). | 26 | EVP_MD_CTX_init() before calling this function. |
| 25 | 27 | ||
| 26 | EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the | 28 | EVP_SignUpdate() hashes B<cnt> bytes of data at B<d> into the |
| 27 | signature context B<ctx>. This funtion can be called several times on the | 29 | signature context B<ctx>. This function can be called several times on the |
| 28 | same B<ctx> to include additional data. | 30 | same B<ctx> to include additional data. |
| 29 | 31 | ||
| 30 | EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> | 32 | EVP_SignFinal() signs the data in B<ctx> using the private key B<pkey> |
| 31 | and places the signature in B<sig>. If the B<s> parameter is not NULL | 33 | and places the signature in B<sig>. If the B<s> parameter is not NULL |
| 32 | then the number of bytes of data written (i.e. the length of the signature) | 34 | then the number of bytes of data written (i.e. the length of the signature) |
| 33 | will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes | 35 | will be written to the integer at B<s>, at most EVP_PKEY_size(pkey) bytes |
| 34 | will be written. After calling EVP_SignFinal() no additional calls to | 36 | will be written. |
| 35 | EVP_SignUpdate() can be made, but EVP_SignInit() can be called to initialiase | 37 | |
| 36 | a new signature operation. | 38 | EVP_SignInit() initializes a signing context B<ctx> to use the default |
| 39 | implementation of digest B<type>. | ||
| 37 | 40 | ||
| 38 | EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual | 41 | EVP_PKEY_size() returns the maximum size of a signature in bytes. The actual |
| 39 | signature returned by EVP_SignFinal() may be smaller. | 42 | signature returned by EVP_SignFinal() may be smaller. |
| 40 | 43 | ||
| 41 | =head1 RETURN VALUES | 44 | =head1 RETURN VALUES |
| 42 | 45 | ||
| 43 | EVP_SignInit() and EVP_SignUpdate() do not return values. | 46 | EVP_SignInit_ex(), EVP_SignUpdate() and EVP_SignFinal() return 1 |
| 44 | 47 | for success and 0 for failure. | |
| 45 | EVP_SignFinal() returns 1 for success and 0 for failure. | ||
| 46 | 48 | ||
| 47 | EVP_PKEY_size() returns the maximum size of a signature in bytes. | 49 | EVP_PKEY_size() returns the maximum size of a signature in bytes. |
| 48 | 50 | ||
| @@ -63,11 +65,18 @@ When signing with DSA private keys the random number generator must be seeded | |||
| 63 | or the operation will fail. The random number generator does not need to be | 65 | or the operation will fail. The random number generator does not need to be |
| 64 | seeded for RSA signatures. | 66 | seeded for RSA signatures. |
| 65 | 67 | ||
| 68 | The call to EVP_SignFinal() internally finalizes a copy of the digest context. | ||
| 69 | This means that calls to EVP_SignUpdate() and EVP_SignFinal() can be called | ||
| 70 | later to digest and sign additional data. | ||
| 71 | |||
| 72 | Since only a copy of the digest context is ever finalized the context must | ||
| 73 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | ||
| 74 | will occur. | ||
| 75 | |||
| 66 | =head1 BUGS | 76 | =head1 BUGS |
| 67 | 77 | ||
| 68 | Several of the functions do not return values: maybe they should. Although the | 78 | Older versions of this documentation wrongly stated that calls to |
| 69 | internal digest operations will never fail some future hardware based operations | 79 | EVP_SignUpdate() could not be made after calling EVP_SignFinal(). |
| 70 | might. | ||
| 71 | 80 | ||
| 72 | =head1 SEE ALSO | 81 | =head1 SEE ALSO |
| 73 | 82 | ||
| @@ -82,4 +91,6 @@ L<sha(3)|sha(3)>, L<digest(1)|digest(1)> | |||
| 82 | EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are | 91 | EVP_SignInit(), EVP_SignUpdate() and EVP_SignFinal() are |
| 83 | available in all versions of SSLeay and OpenSSL. | 92 | available in all versions of SSLeay and OpenSSL. |
| 84 | 93 | ||
| 94 | EVP_SignInit_ex() was added in OpenSSL 0.9.7 | ||
| 95 | |||
| 85 | =cut | 96 | =cut |
diff --git a/src/lib/libcrypto/doc/EVP_VerifyInit.pod b/src/lib/libcrypto/doc/EVP_VerifyInit.pod index 3b5e07f4ad..80c656fde8 100644 --- a/src/lib/libcrypto/doc/EVP_VerifyInit.pod +++ b/src/lib/libcrypto/doc/EVP_VerifyInit.pod | |||
| @@ -8,30 +8,35 @@ EVP_VerifyInit, EVP_VerifyUpdate, EVP_VerifyFinal - EVP signature verification f | |||
| 8 | 8 | ||
| 9 | #include <openssl/evp.h> | 9 | #include <openssl/evp.h> |
| 10 | 10 | ||
| 11 | void EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); | 11 | int EVP_VerifyInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); |
| 12 | void EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); | 12 | int EVP_VerifyUpdate(EVP_MD_CTX *ctx, const void *d, unsigned int cnt); |
| 13 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); | 13 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, unsigned int siglen,EVP_PKEY *pkey); |
| 14 | 14 | ||
| 15 | int EVP_VerifyInit(EVP_MD_CTX *ctx, const EVP_MD *type); | ||
| 16 | |||
| 15 | =head1 DESCRIPTION | 17 | =head1 DESCRIPTION |
| 16 | 18 | ||
| 17 | The EVP signature verification routines are a high level interface to digital | 19 | The EVP signature verification routines are a high level interface to digital |
| 18 | signatures. | 20 | signatures. |
| 19 | 21 | ||
| 20 | EVP_VerifyInit() initialises a verification context B<ctx> to using digest | 22 | EVP_VerifyInit_ex() sets up verification context B<ctx> to use digest |
| 21 | B<type>: this will typically be supplied by a function such as EVP_sha1(). | 23 | B<type> from ENGINE B<impl>. B<ctx> must be initialized by calling |
| 24 | EVP_MD_CTX_init() before calling this function. | ||
| 22 | 25 | ||
| 23 | EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the | 26 | EVP_VerifyUpdate() hashes B<cnt> bytes of data at B<d> into the |
| 24 | verification context B<ctx>. This funtion can be called several times on the | 27 | verification context B<ctx>. This function can be called several times on the |
| 25 | same B<ctx> to include additional data. | 28 | same B<ctx> to include additional data. |
| 26 | 29 | ||
| 27 | EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey> | 30 | EVP_VerifyFinal() verifies the data in B<ctx> using the public key B<pkey> |
| 28 | and against the B<siglen> bytes at B<sigbuf>. After calling EVP_VerifyFinal() | 31 | and against the B<siglen> bytes at B<sigbuf>. |
| 29 | no additional calls to EVP_VerifyUpdate() can be made, but EVP_VerifyInit() | 32 | |
| 30 | can be called to initialiase a new verification operation. | 33 | EVP_VerifyInit() initializes verification context B<ctx> to use the default |
| 34 | implementation of digest B<type>. | ||
| 31 | 35 | ||
| 32 | =head1 RETURN VALUES | 36 | =head1 RETURN VALUES |
| 33 | 37 | ||
| 34 | EVP_VerifyInit() and EVP_VerifyUpdate() do not return values. | 38 | EVP_VerifyInit_ex() and EVP_VerifyUpdate() return 1 for success and 0 for |
| 39 | failure. | ||
| 35 | 40 | ||
| 36 | EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some | 41 | EVP_VerifyFinal() returns 1 for a correct signature, 0 for failure and -1 if some |
| 37 | other error occurred. | 42 | other error occurred. |
| @@ -49,14 +54,22 @@ digest algorithm must be used with the correct public key type. A list of | |||
| 49 | algorithms and associated public key algorithms appears in | 54 | algorithms and associated public key algorithms appears in |
| 50 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>. | 55 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>. |
| 51 | 56 | ||
| 57 | The call to EVP_VerifyFinal() internally finalizes a copy of the digest context. | ||
| 58 | This means that calls to EVP_VerifyUpdate() and EVP_VerifyFinal() can be called | ||
| 59 | later to digest and verify additional data. | ||
| 60 | |||
| 61 | Since only a copy of the digest context is ever finalized the context must | ||
| 62 | be cleaned up after use by calling EVP_MD_CTX_cleanup() or a memory leak | ||
| 63 | will occur. | ||
| 64 | |||
| 52 | =head1 BUGS | 65 | =head1 BUGS |
| 53 | 66 | ||
| 54 | Several of the functions do not return values: maybe they should. Although the | 67 | Older versions of this documentation wrongly stated that calls to |
| 55 | internal digest operations will never fail some future hardware based operations | 68 | EVP_VerifyUpdate() could not be made after calling EVP_VerifyFinal(). |
| 56 | might. | ||
| 57 | 69 | ||
| 58 | =head1 SEE ALSO | 70 | =head1 SEE ALSO |
| 59 | 71 | ||
| 72 | L<evp(3)|evp(3)>, | ||
| 60 | L<EVP_SignInit(3)|EVP_SignInit(3)>, | 73 | L<EVP_SignInit(3)|EVP_SignInit(3)>, |
| 61 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, | 74 | L<EVP_DigestInit(3)|EVP_DigestInit(3)>, L<err(3)|err(3)>, |
| 62 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, | 75 | L<evp(3)|evp(3)>, L<hmac(3)|hmac(3)>, L<md2(3)|md2(3)>, |
| @@ -68,4 +81,6 @@ L<sha(3)|sha(3)>, L<digest(1)|digest(1)> | |||
| 68 | EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are | 81 | EVP_VerifyInit(), EVP_VerifyUpdate() and EVP_VerifyFinal() are |
| 69 | available in all versions of SSLeay and OpenSSL. | 82 | available in all versions of SSLeay and OpenSSL. |
| 70 | 83 | ||
| 84 | EVP_VerifyInit_ex() was added in OpenSSL 0.9.7 | ||
| 85 | |||
| 71 | =cut | 86 | =cut |
diff --git a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod index b0b1058d19..c39ac35e78 100644 --- a/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod +++ b/src/lib/libcrypto/doc/OPENSSL_VERSION_NUMBER.pod | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number | 5 | OPENSSL_VERSION_NUMBER, SSLeay, SSLeay_version - get OpenSSL version number |
| 6 | 6 | ||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
| @@ -11,11 +11,27 @@ OPENSSL_VERSION_NUMBER, SSLeay - get OpenSSL version number | |||
| 11 | 11 | ||
| 12 | #include <openssl/crypto.h> | 12 | #include <openssl/crypto.h> |
| 13 | long SSLeay(void); | 13 | long SSLeay(void); |
| 14 | const char *SSLeay_version(int t); | ||
| 14 | 15 | ||
| 15 | =head1 DESCRIPTION | 16 | =head1 DESCRIPTION |
| 16 | 17 | ||
| 17 | OPENSSL_VERSION_NUMBER is a numeric release version identifier: | 18 | OPENSSL_VERSION_NUMBER is a numeric release version identifier: |
| 18 | 19 | ||
| 20 | MMNNFFPPS: major minor fix patch status | ||
| 21 | |||
| 22 | The status nibble has one of the values 0 for development, 1 to e for betas | ||
| 23 | 1 to 14, and f for release. | ||
| 24 | |||
| 25 | for example | ||
| 26 | |||
| 27 | 0x000906000 == 0.9.6 dev | ||
| 28 | 0x000906023 == 0.9.6b beta 3 | ||
| 29 | 0x00090605f == 0.9.6e release | ||
| 30 | |||
| 31 | Versions prior to 0.9.3 have identifiers E<lt> 0x0930. | ||
| 32 | Versions between 0.9.3 and 0.9.5 had a version identifier with this | ||
| 33 | interpretation: | ||
| 34 | |||
| 19 | MMNNFFRBB major minor fix final beta/patch | 35 | MMNNFFRBB major minor fix final beta/patch |
| 20 | 36 | ||
| 21 | for example | 37 | for example |
| @@ -23,13 +39,51 @@ for example | |||
| 23 | 0x000904100 == 0.9.4 release | 39 | 0x000904100 == 0.9.4 release |
| 24 | 0x000905000 == 0.9.5 dev | 40 | 0x000905000 == 0.9.5 dev |
| 25 | 41 | ||
| 26 | Versions prior to 0.9.3 have identifiers E<lt> 0x0930. | 42 | Version 0.9.5a had an interim interpretation that is like the current one, |
| 43 | except the patch level got the highest bit set, to keep continuity. The | ||
| 44 | number was therefore 0x0090581f. | ||
| 45 | |||
| 46 | |||
| 27 | For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. | 47 | For backward compatibility, SSLEAY_VERSION_NUMBER is also defined. |
| 28 | 48 | ||
| 29 | SSLeay() returns this number. The return value can be compared to the | 49 | SSLeay() returns this number. The return value can be compared to the |
| 30 | macro to make sure that the correct version of the library has been | 50 | macro to make sure that the correct version of the library has been |
| 31 | loaded, especially when using DLLs on Windows systems. | 51 | loaded, especially when using DLLs on Windows systems. |
| 32 | 52 | ||
| 53 | SSLeay_version() returns different strings depending on B<t>: | ||
| 54 | |||
| 55 | =over 4 | ||
| 56 | |||
| 57 | =item SSLEAY_VERSION | ||
| 58 | |||
| 59 | The text variant of the version number and the release date. For example, | ||
| 60 | "OpenSSL 0.9.5a 1 Apr 2000". | ||
| 61 | |||
| 62 | =item SSLEAY_CFLAGS | ||
| 63 | |||
| 64 | The compiler flags set for the compilation process in the form | ||
| 65 | "compiler: ..." if available or "compiler: information not available" | ||
| 66 | otherwise. | ||
| 67 | |||
| 68 | =item SSLEAY_BUILT_ON | ||
| 69 | |||
| 70 | The date of the build process in the form "built on: ..." if available | ||
| 71 | or "built on: date not available" otherwise. | ||
| 72 | |||
| 73 | =item SSLEAY_PLATFORM | ||
| 74 | |||
| 75 | The "Configure" target of the library build in the form "platform: ..." | ||
| 76 | if available or "platform: information not available" otherwise. | ||
| 77 | |||
| 78 | =item SSLEAY_DIR | ||
| 79 | |||
| 80 | The "OPENSSLDIR" setting of the library build in the form "OPENSSLDIR: "..."" | ||
| 81 | if available or "OPENSSLDIR: N/A" otherwise. | ||
| 82 | |||
| 83 | =back | ||
| 84 | |||
| 85 | For an unknown B<t>, the text "not available" is returned. | ||
| 86 | |||
| 33 | =head1 RETURN VALUE | 87 | =head1 RETURN VALUE |
| 34 | 88 | ||
| 35 | The version number. | 89 | The version number. |
| @@ -42,5 +96,6 @@ L<crypto(3)|crypto(3)> | |||
| 42 | 96 | ||
| 43 | SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. | 97 | SSLeay() and SSLEAY_VERSION_NUMBER are available in all versions of SSLeay and OpenSSL. |
| 44 | OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. | 98 | OPENSSL_VERSION_NUMBER is available in all versions of OpenSSL. |
| 99 | B<SSLEAY_DIR> was added in OpenSSL 0.9.7. | ||
| 45 | 100 | ||
| 46 | =cut | 101 | =cut |
diff --git a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod index 1300fe190c..486c903430 100644 --- a/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod +++ b/src/lib/libcrypto/doc/OpenSSL_add_all_algorithms.pod | |||
| @@ -2,7 +2,8 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | OpenSSL_add_all_algorithms() - add algorithms to internal table | 5 | OpenSSL_add_all_algorithms, OpenSSL_add_all_ciphers, OpenSSL_add_all_digests - |
| 6 | add algorithms to internal table | ||
| 6 | 7 | ||
| 7 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS |
| 8 | 9 | ||
| @@ -43,7 +44,7 @@ by EVP_sha1(). It just needs to add them if it (or any of the functions it calls | |||
| 43 | needs to lookup algorithms. | 44 | needs to lookup algorithms. |
| 44 | 45 | ||
| 45 | The cipher and digest lookup functions are used in many parts of the library. If | 46 | The cipher and digest lookup functions are used in many parts of the library. If |
| 46 | the table is not initialised several functions will misbehave and complain they | 47 | the table is not initialized several functions will misbehave and complain they |
| 47 | cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. | 48 | cannot find algorithms. This includes the PEM, PKCS#12, SSL and S/MIME libraries. |
| 48 | This is a common query in the OpenSSL mailing lists. | 49 | This is a common query in the OpenSSL mailing lists. |
| 49 | 50 | ||
diff --git a/src/lib/libcrypto/doc/RAND_add.pod b/src/lib/libcrypto/doc/RAND_add.pod index 0a13ec2a92..67c66f3e0c 100644 --- a/src/lib/libcrypto/doc/RAND_add.pod +++ b/src/lib/libcrypto/doc/RAND_add.pod | |||
| @@ -2,7 +2,8 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG | 5 | RAND_add, RAND_seed, RAND_status, RAND_event, RAND_screen - add |
| 6 | entropy to the PRNG | ||
| 6 | 7 | ||
| 7 | =head1 SYNOPSIS | 8 | =head1 SYNOPSIS |
| 8 | 9 | ||
| @@ -14,6 +15,7 @@ RAND_add, RAND_seed, RAND_screen - add entropy to the PRNG | |||
| 14 | 15 | ||
| 15 | int RAND_status(void); | 16 | int RAND_status(void); |
| 16 | 17 | ||
| 18 | int RAND_event(UINT iMsg, WPARAM wParam, LPARAM lParam); | ||
| 17 | void RAND_screen(void); | 19 | void RAND_screen(void); |
| 18 | 20 | ||
| 19 | =head1 DESCRIPTION | 21 | =head1 DESCRIPTION |
| @@ -40,17 +42,24 @@ or L<RAND_load_file(3)|RAND_load_file(3)>. | |||
| 40 | 42 | ||
| 41 | RAND_seed() is equivalent to RAND_add() when B<num == entropy>. | 43 | RAND_seed() is equivalent to RAND_add() when B<num == entropy>. |
| 42 | 44 | ||
| 45 | RAND_event() collects the entropy from Windows events such as mouse | ||
| 46 | movements and other user interaction. It should be called with the | ||
| 47 | B<iMsg>, B<wParam> and B<lParam> arguments of I<all> messages sent to | ||
| 48 | the window procedure. It will estimate the entropy contained in the | ||
| 49 | event message (if any), and add it to the PRNG. The program can then | ||
| 50 | process the messages as usual. | ||
| 51 | |||
| 43 | The RAND_screen() function is available for the convenience of Windows | 52 | The RAND_screen() function is available for the convenience of Windows |
| 44 | programmers. It adds the current contents of the screen to the PRNG. | 53 | programmers. It adds the current contents of the screen to the PRNG. |
| 45 | For applications that can catch Windows events, seeding the PRNG with | 54 | For applications that can catch Windows events, seeding the PRNG by |
| 46 | the parameters of B<WM_MOUSEMOVE> events is a significantly better | 55 | calling RAND_event() is a significantly better source of |
| 47 | source of randomness. It should be noted that both methods cannot be | 56 | randomness. It should be noted that both methods cannot be used on |
| 48 | used on servers that run without user interaction. | 57 | servers that run without user interaction. |
| 49 | 58 | ||
| 50 | =head1 RETURN VALUES | 59 | =head1 RETURN VALUES |
| 51 | 60 | ||
| 52 | RAND_status() returns 1 if the PRNG has been seeded with enough data, | 61 | RAND_status() and RAND_event() return 1 if the PRNG has been seeded |
| 53 | 0 otherwise. | 62 | with enough data, 0 otherwise. |
| 54 | 63 | ||
| 55 | The other functions do not return values. | 64 | The other functions do not return values. |
| 56 | 65 | ||
| @@ -63,6 +72,6 @@ L<RAND_load_file(3)|RAND_load_file(3)>, L<RAND_cleanup(3)|RAND_cleanup(3)> | |||
| 63 | 72 | ||
| 64 | RAND_seed() and RAND_screen() are available in all versions of SSLeay | 73 | RAND_seed() and RAND_screen() are available in all versions of SSLeay |
| 65 | and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL | 74 | and OpenSSL. RAND_add() and RAND_status() have been added in OpenSSL |
| 66 | 0.9.5. | 75 | 0.9.5, RAND_event() in OpenSSL 0.9.5a. |
| 67 | 76 | ||
| 68 | =cut | 77 | =cut |
diff --git a/src/lib/libcrypto/doc/RAND_load_file.pod b/src/lib/libcrypto/doc/RAND_load_file.pod index 8dd700ca3d..d8c134e621 100644 --- a/src/lib/libcrypto/doc/RAND_load_file.pod +++ b/src/lib/libcrypto/doc/RAND_load_file.pod | |||
| @@ -8,7 +8,7 @@ RAND_load_file, RAND_write_file, RAND_file_name - PRNG seed file | |||
| 8 | 8 | ||
| 9 | #include <openssl/rand.h> | 9 | #include <openssl/rand.h> |
| 10 | 10 | ||
| 11 | const char *RAND_file_name(char *buf, int num); | 11 | const char *RAND_file_name(char *buf, size_t num); |
| 12 | 12 | ||
| 13 | int RAND_load_file(const char *filename, long max_bytes); | 13 | int RAND_load_file(const char *filename, long max_bytes); |
| 14 | 14 | ||
diff --git a/src/lib/libcrypto/doc/RAND_set_rand_method.pod b/src/lib/libcrypto/doc/RAND_set_rand_method.pod index 466e9b8767..464eba416d 100644 --- a/src/lib/libcrypto/doc/RAND_set_rand_method.pod +++ b/src/lib/libcrypto/doc/RAND_set_rand_method.pod | |||
| @@ -34,10 +34,12 @@ RAND_get_rand_method() returns a pointer to the current method. | |||
| 34 | void (*cleanup)(void); | 34 | void (*cleanup)(void); |
| 35 | void (*add)(const void *buf, int num, int entropy); | 35 | void (*add)(const void *buf, int num, int entropy); |
| 36 | int (*pseudorand)(unsigned char *buf, int num); | 36 | int (*pseudorand)(unsigned char *buf, int num); |
| 37 | int (*status)(void); | ||
| 37 | } RAND_METHOD; | 38 | } RAND_METHOD; |
| 38 | 39 | ||
| 39 | The components point to the implementation of RAND_seed(), | 40 | The components point to the implementation of RAND_seed(), |
| 40 | RAND_bytes(), RAND_cleanup(), RAND_add() and RAND_pseudo_rand(). | 41 | RAND_bytes(), RAND_cleanup(), RAND_add(), RAND_pseudo_rand() |
| 42 | and RAND_status(). | ||
| 41 | Each component may be NULL if the function is not implemented. | 43 | Each component may be NULL if the function is not implemented. |
| 42 | 44 | ||
| 43 | =head1 RETURN VALUES | 45 | =head1 RETURN VALUES |
diff --git a/src/lib/libcrypto/doc/RSA_generate_key.pod b/src/lib/libcrypto/doc/RSA_generate_key.pod index fdaddbcb13..8714f7179d 100644 --- a/src/lib/libcrypto/doc/RSA_generate_key.pod +++ b/src/lib/libcrypto/doc/RSA_generate_key.pod | |||
| @@ -19,7 +19,7 @@ be seeded prior to calling RSA_generate_key(). | |||
| 19 | 19 | ||
| 20 | The modulus size will be B<num> bits, and the public exponent will be | 20 | The modulus size will be B<num> bits, and the public exponent will be |
| 21 | B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. | 21 | B<e>. Key sizes with B<num> E<lt> 1024 should be considered insecure. |
| 22 | The exponent is an odd number, typically 3 or 65535. | 22 | The exponent is an odd number, typically 3, 17 or 65537. |
| 23 | 23 | ||
| 24 | A callback function may be used to provide feedback about the | 24 | A callback function may be used to provide feedback about the |
| 25 | progress of the key generation. If B<callback> is not B<NULL>, it | 25 | progress of the key generation. If B<callback> is not B<NULL>, it |
diff --git a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod index 920dc76325..46cc8f5359 100644 --- a/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod +++ b/src/lib/libcrypto/doc/RSA_get_ex_new_index.pod | |||
| @@ -17,14 +17,12 @@ RSA_get_ex_new_index, RSA_set_ex_data, RSA_get_ex_data - add application specifi | |||
| 17 | 17 | ||
| 18 | void *RSA_get_ex_data(RSA *r, int idx); | 18 | void *RSA_get_ex_data(RSA *r, int idx); |
| 19 | 19 | ||
| 20 | int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | 20 | typedef int new_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, |
| 21 | int idx, long argl, void *argp); | 21 | int idx, long argl, void *argp); |
| 22 | 22 | typedef void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | |
| 23 | void free_func(void *parent, void *ptr, CRYPTO_EX_DATA *ad, | 23 | int idx, long argl, void *argp); |
| 24 | int idx, long argl, void *argp); | 24 | typedef int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, |
| 25 | 25 | int idx, long argl, void *argp); | |
| 26 | int dup_func(CRYPTO_EX_DATA *to, CRYPTO_EX_DATA *from, void *from_d, | ||
| 27 | int idx, long argl, void *argp); | ||
| 28 | 26 | ||
| 29 | =head1 DESCRIPTION | 27 | =head1 DESCRIPTION |
| 30 | 28 | ||
diff --git a/src/lib/libcrypto/doc/RSA_print.pod b/src/lib/libcrypto/doc/RSA_print.pod index dd968a5274..67876facc5 100644 --- a/src/lib/libcrypto/doc/RSA_print.pod +++ b/src/lib/libcrypto/doc/RSA_print.pod | |||
| @@ -2,8 +2,9 @@ | |||
| 2 | 2 | ||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp - print | 5 | RSA_print, RSA_print_fp, DHparams_print, DHparams_print_fp, DSA_print, |
| 6 | cryptographic parameters | 6 | DSA_print_fp, DHparams_print, DHparams_print_fp - print cryptographic |
| 7 | parameters | ||
| 7 | 8 | ||
| 8 | =head1 SYNOPSIS | 9 | =head1 SYNOPSIS |
| 9 | 10 | ||
diff --git a/src/lib/libcrypto/doc/RSA_public_encrypt.pod b/src/lib/libcrypto/doc/RSA_public_encrypt.pod index 910c4752b8..e20dfcb551 100644 --- a/src/lib/libcrypto/doc/RSA_public_encrypt.pod +++ b/src/lib/libcrypto/doc/RSA_public_encrypt.pod | |||
| @@ -47,7 +47,7 @@ Encrypting user data directly with RSA is insecure. | |||
| 47 | =back | 47 | =back |
| 48 | 48 | ||
| 49 | B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 | 49 | B<flen> must be less than RSA_size(B<rsa>) - 11 for the PKCS #1 v1.5 |
| 50 | based padding modes, and less than RSA_size(B<rsa>) - 21 for | 50 | based padding modes, and less than RSA_size(B<rsa>) - 41 for |
| 51 | RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded | 51 | RSA_PKCS1_OAEP_PADDING. The random number generator must be seeded |
| 52 | prior to calling RSA_public_encrypt(). | 52 | prior to calling RSA_public_encrypt(). |
| 53 | 53 | ||
| @@ -74,10 +74,6 @@ SSL, PKCS #1 v2.0 | |||
| 74 | 74 | ||
| 75 | L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)> | 75 | L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, L<RSA_size(3)|RSA_size(3)> |
| 76 | 76 | ||
| 77 | =head1 NOTES | ||
| 78 | |||
| 79 | The L<RSA_PKCS1_RSAref(3)|RSA_PKCS1_RSAref(3)> method supports only the RSA_PKCS1_PADDING mode. | ||
| 80 | |||
| 81 | =head1 HISTORY | 77 | =head1 HISTORY |
| 82 | 78 | ||
| 83 | The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is | 79 | The B<padding> argument was added in SSLeay 0.8. RSA_NO_PADDING is |
diff --git a/src/lib/libcrypto/doc/RSA_set_method.pod b/src/lib/libcrypto/doc/RSA_set_method.pod index deb1183a23..14917dd35f 100644 --- a/src/lib/libcrypto/doc/RSA_set_method.pod +++ b/src/lib/libcrypto/doc/RSA_set_method.pod | |||
| @@ -3,30 +3,29 @@ | |||
| 3 | =head1 NAME | 3 | =head1 NAME |
| 4 | 4 | ||
| 5 | RSA_set_default_method, RSA_get_default_method, RSA_set_method, | 5 | RSA_set_default_method, RSA_get_default_method, RSA_set_method, |
| 6 | RSA_get_method, RSA_PKCS1_SSLeay, RSA_PKCS1_RSAref, | 6 | RSA_get_method, RSA_PKCS1_SSLeay, |
| 7 | RSA_PKCS1_null_method, RSA_flags, RSA_new_method - select RSA method | 7 | RSA_null_method, RSA_flags, RSA_new_method - select RSA method |
| 8 | 8 | ||
| 9 | =head1 SYNOPSIS | 9 | =head1 SYNOPSIS |
| 10 | 10 | ||
| 11 | #include <openssl/rsa.h> | 11 | #include <openssl/rsa.h> |
| 12 | #include <openssl/engine.h> | ||
| 12 | 13 | ||
| 13 | void RSA_set_default_method(RSA_METHOD *meth); | 14 | void RSA_set_default_openssl_method(RSA_METHOD *meth); |
| 14 | 15 | ||
| 15 | RSA_METHOD *RSA_get_default_method(void); | 16 | RSA_METHOD *RSA_get_default_openssl_method(void); |
| 16 | 17 | ||
| 17 | RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); | 18 | int RSA_set_method(RSA *rsa, ENGINE *engine); |
| 18 | 19 | ||
| 19 | RSA_METHOD *RSA_get_method(RSA *rsa); | 20 | RSA_METHOD *RSA_get_method(RSA *rsa); |
| 20 | 21 | ||
| 21 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 22 | RSA_METHOD *RSA_PKCS1_SSLeay(void); |
| 22 | 23 | ||
| 23 | RSA_METHOD *RSA_PKCS1_RSAref(void); | ||
| 24 | |||
| 25 | RSA_METHOD *RSA_null_method(void); | 24 | RSA_METHOD *RSA_null_method(void); |
| 26 | 25 | ||
| 27 | int RSA_flags(RSA *rsa); | 26 | int RSA_flags(RSA *rsa); |
| 28 | 27 | ||
| 29 | RSA *RSA_new_method(RSA_METHOD *method); | 28 | RSA *RSA_new_method(ENGINE *engine); |
| 30 | 29 | ||
| 31 | =head1 DESCRIPTION | 30 | =head1 DESCRIPTION |
| 32 | 31 | ||
| @@ -34,35 +33,30 @@ An B<RSA_METHOD> specifies the functions that OpenSSL uses for RSA | |||
| 34 | operations. By modifying the method, alternative implementations | 33 | operations. By modifying the method, alternative implementations |
| 35 | such as hardware accelerators may be used. | 34 | such as hardware accelerators may be used. |
| 36 | 35 | ||
| 37 | Initially, the default is to use the OpenSSL internal implementation, | 36 | Initially, the default is to use the OpenSSL internal implementation. |
| 38 | unless OpenSSL was configured with the C<rsaref> or C<-DRSA_NULL> | 37 | RSA_PKCS1_SSLeay() returns a pointer to that method. |
| 39 | options. RSA_PKCS1_SSLeay() returns a pointer to that method. | ||
| 40 | |||
| 41 | RSA_PKCS1_RSAref() returns a pointer to a method that uses the RSAref | ||
| 42 | library. This is the default method in the C<rsaref> configuration; | ||
| 43 | the function is not available in other configurations. | ||
| 44 | RSA_null_method() returns a pointer to a method that does not support | ||
| 45 | the RSA transformation. It is the default if OpenSSL is compiled with | ||
| 46 | C<-DRSA_NULL>. These methods may be useful in the USA because of a | ||
| 47 | patent on the RSA cryptosystem. | ||
| 48 | 38 | ||
| 49 | RSA_set_default_method() makes B<meth> the default method for all B<RSA> | 39 | RSA_set_default_openssl_method() makes B<meth> the default method for all B<RSA> |
| 50 | structures created later. | 40 | structures created later. B<NB:> This is true only whilst the default engine |
| 41 | for RSA operations remains as "openssl". ENGINEs provide an | ||
| 42 | encapsulation for implementations of one or more algorithms at a time, and all | ||
| 43 | the RSA functions mentioned here operate within the scope of the default | ||
| 44 | "openssl" engine. | ||
| 51 | 45 | ||
| 52 | RSA_get_default_method() returns a pointer to the current default | 46 | RSA_get_default_openssl_method() returns a pointer to the current default |
| 53 | method. | 47 | method for the "openssl" engine. |
| 54 | 48 | ||
| 55 | RSA_set_method() selects B<meth> for all operations using the key | 49 | RSA_set_method() selects B<engine> for all operations using the key |
| 56 | B<rsa>. | 50 | B<rsa>. |
| 57 | 51 | ||
| 58 | RSA_get_method() returns a pointer to the method currently selected | 52 | RSA_get_method() returns a pointer to the RSA_METHOD from the currently |
| 59 | for B<rsa>. | 53 | selected ENGINE for B<rsa>. |
| 60 | 54 | ||
| 61 | RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. | 55 | RSA_flags() returns the B<flags> that are set for B<rsa>'s current method. |
| 62 | 56 | ||
| 63 | RSA_new_method() allocates and initializes an B<RSA> structure so that | 57 | RSA_new_method() allocates and initializes an RSA structure so that |
| 64 | B<method> will be used for the RSA operations. If B<method> is B<NULL>, | 58 | B<engine> will be used for the RSA operations. If B<engine> is NULL, |
| 65 | the default method is used. | 59 | the default engine for RSA operations is used. |
| 66 | 60 | ||
| 67 | =head1 THE RSA_METHOD STRUCTURE | 61 | =head1 THE RSA_METHOD STRUCTURE |
| 68 | 62 | ||
| @@ -87,10 +81,11 @@ the default method is used. | |||
| 87 | int (*rsa_priv_dec)(int flen, unsigned char *from, | 81 | int (*rsa_priv_dec)(int flen, unsigned char *from, |
| 88 | unsigned char *to, RSA *rsa, int padding); | 82 | unsigned char *to, RSA *rsa, int padding); |
| 89 | 83 | ||
| 90 | /* compute r0 = r0 ^ I mod rsa->n. May be NULL */ | 84 | /* compute r0 = r0 ^ I mod rsa->n (May be NULL for some |
| 85 | implementations) */ | ||
| 91 | int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); | 86 | int (*rsa_mod_exp)(BIGNUM *r0, BIGNUM *I, RSA *rsa); |
| 92 | 87 | ||
| 93 | /* compute r = a ^ p mod m. May be NULL */ | 88 | /* compute r = a ^ p mod m (May be NULL for some implementations) */ |
| 94 | int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 89 | int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
| 95 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 90 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); |
| 96 | 91 | ||
| @@ -126,18 +121,21 @@ the default method is used. | |||
| 126 | 121 | ||
| 127 | =head1 RETURN VALUES | 122 | =head1 RETURN VALUES |
| 128 | 123 | ||
| 129 | RSA_PKCS1_SSLeay(), RSA_PKCS1_RSAref(), RSA_PKCS1_null_method(), | 124 | RSA_PKCS1_SSLeay(), RSA_PKCS1_null_method(), RSA_get_default_openssl_method() |
| 130 | RSA_get_default_method() and RSA_get_method() return pointers to the | 125 | and RSA_get_method() return pointers to the respective RSA_METHODs. |
| 131 | respective B<RSA_METHOD>s. | ||
| 132 | 126 | ||
| 133 | RSA_set_default_method() returns no value. | 127 | RSA_set_default_openssl_method() returns no value. |
| 134 | 128 | ||
| 135 | RSA_set_method() returns a pointer to the B<RSA_METHOD> previously | 129 | RSA_set_method() selects B<engine> as the engine that will be responsible for |
| 136 | associated with B<rsa>. | 130 | all operations using the structure B<rsa>. If this function completes successfully, |
| 131 | then the B<rsa> structure will have its own functional reference of B<engine>, so | ||
| 132 | the caller should remember to free their own reference to B<engine> when they are | ||
| 133 | finished with it. NB: An ENGINE's RSA_METHOD can be retrieved (or set) by | ||
| 134 | ENGINE_get_RSA() or ENGINE_set_RSA(). | ||
| 137 | 135 | ||
| 138 | RSA_new_method() returns B<NULL> and sets an error code that can be | 136 | RSA_new_method() returns NULL and sets an error code that can be |
| 139 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise it | 137 | obtained by L<ERR_get_error(3)|ERR_get_error(3)> if the allocation fails. Otherwise |
| 140 | returns a pointer to the newly allocated structure. | 138 | it returns a pointer to the newly allocated structure. |
| 141 | 139 | ||
| 142 | =head1 SEE ALSO | 140 | =head1 SEE ALSO |
| 143 | 141 | ||
| @@ -150,4 +148,9 @@ RSA_get_default_method(), RSA_set_method() and RSA_get_method() as | |||
| 150 | well as the rsa_sign and rsa_verify components of RSA_METHOD were | 148 | well as the rsa_sign and rsa_verify components of RSA_METHOD were |
| 151 | added in OpenSSL 0.9.4. | 149 | added in OpenSSL 0.9.4. |
| 152 | 150 | ||
| 151 | RSA_set_default_openssl_method() and RSA_get_default_openssl_method() | ||
| 152 | replaced RSA_set_default_method() and RSA_get_default_method() respectively, | ||
| 153 | and RSA_set_method() and RSA_new_method() were altered to use B<ENGINE>s | ||
| 154 | rather than B<RSA_METHOD>s during development of OpenSSL 0.9.6. | ||
| 155 | |||
| 153 | =cut | 156 | =cut |
diff --git a/src/lib/libcrypto/doc/bn.pod b/src/lib/libcrypto/doc/bn.pod index 1504a1c92d..210dfeac08 100644 --- a/src/lib/libcrypto/doc/bn.pod +++ b/src/lib/libcrypto/doc/bn.pod | |||
| @@ -21,19 +21,27 @@ bn - multiprecision integer arithmetics | |||
| 21 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); | 21 | BIGNUM *BN_copy(BIGNUM *a, const BIGNUM *b); |
| 22 | BIGNUM *BN_dup(const BIGNUM *a); | 22 | BIGNUM *BN_dup(const BIGNUM *a); |
| 23 | 23 | ||
| 24 | BIGNUM *BN_swap(BIGNUM *a, BIGNUM *b); | ||
| 25 | |||
| 24 | int BN_num_bytes(const BIGNUM *a); | 26 | int BN_num_bytes(const BIGNUM *a); |
| 25 | int BN_num_bits(const BIGNUM *a); | 27 | int BN_num_bits(const BIGNUM *a); |
| 26 | int BN_num_bits_word(BN_ULONG w); | 28 | int BN_num_bits_word(BN_ULONG w); |
| 27 | 29 | ||
| 28 | int BN_add(BIGNUM *r, BIGNUM *a, BIGNUM *b); | 30 | int BN_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 29 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); | 31 | int BN_sub(BIGNUM *r, const BIGNUM *a, const BIGNUM *b); |
| 30 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); | 32 | int BN_mul(BIGNUM *r, BIGNUM *a, BIGNUM *b, BN_CTX *ctx); |
| 33 | int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); | ||
| 31 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, | 34 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *a, const BIGNUM *d, |
| 32 | BN_CTX *ctx); | 35 | BN_CTX *ctx); |
| 33 | int BN_sqr(BIGNUM *r, BIGNUM *a, BN_CTX *ctx); | ||
| 34 | int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); | 36 | int BN_mod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); |
| 37 | int BN_nnmod(BIGNUM *rem, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); | ||
| 38 | int BN_mod_add(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, | ||
| 39 | BN_CTX *ctx); | ||
| 40 | int BN_mod_sub(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, | ||
| 41 | BN_CTX *ctx); | ||
| 35 | int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, | 42 | int BN_mod_mul(BIGNUM *ret, BIGNUM *a, BIGNUM *b, const BIGNUM *m, |
| 36 | BN_CTX *ctx); | 43 | BN_CTX *ctx); |
| 44 | int BN_mod_sqr(BIGNUM *ret, BIGNUM *a, const BIGNUM *m, BN_CTX *ctx); | ||
| 37 | int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); | 45 | int BN_exp(BIGNUM *r, BIGNUM *a, BIGNUM *p, BN_CTX *ctx); |
| 38 | int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 46 | int BN_mod_exp(BIGNUM *r, BIGNUM *a, const BIGNUM *p, |
| 39 | const BIGNUM *m, BN_CTX *ctx); | 47 | const BIGNUM *m, BN_CTX *ctx); |
| @@ -54,12 +62,14 @@ bn - multiprecision integer arithmetics | |||
| 54 | 62 | ||
| 55 | int BN_zero(BIGNUM *a); | 63 | int BN_zero(BIGNUM *a); |
| 56 | int BN_one(BIGNUM *a); | 64 | int BN_one(BIGNUM *a); |
| 57 | BIGNUM *BN_value_one(void); | 65 | const BIGNUM *BN_value_one(void); |
| 58 | int BN_set_word(BIGNUM *a, unsigned long w); | 66 | int BN_set_word(BIGNUM *a, unsigned long w); |
| 59 | unsigned long BN_get_word(BIGNUM *a); | 67 | unsigned long BN_get_word(BIGNUM *a); |
| 60 | 68 | ||
| 61 | int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); | 69 | int BN_rand(BIGNUM *rnd, int bits, int top, int bottom); |
| 62 | int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); | 70 | int BN_pseudo_rand(BIGNUM *rnd, int bits, int top, int bottom); |
| 71 | int BN_rand_range(BIGNUM *rnd, BIGNUM *range); | ||
| 72 | int BN_pseudo_rand_range(BIGNUM *rnd, BIGNUM *range); | ||
| 63 | 73 | ||
| 64 | BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, | 74 | BIGNUM *BN_generate_prime(BIGNUM *ret, int bits,int safe, BIGNUM *add, |
| 65 | BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); | 75 | BIGNUM *rem, void (*callback)(int, int, void *), void *cb_arg); |
| @@ -137,7 +147,7 @@ of B<BIGNUM>s to external formats is described in L<BN_bn2bin(3)|BN_bn2bin(3)>. | |||
| 137 | L<bn_internal(3)|bn_internal(3)>, | 147 | L<bn_internal(3)|bn_internal(3)>, |
| 138 | L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, | 148 | L<dh(3)|dh(3)>, L<err(3)|err(3)>, L<rand(3)|rand(3)>, L<rsa(3)|rsa(3)>, |
| 139 | L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, | 149 | L<BN_new(3)|BN_new(3)>, L<BN_CTX_new(3)|BN_CTX_new(3)>, |
| 140 | L<BN_copy(3)|BN_copy(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, | 150 | L<BN_copy(3)|BN_copy(3)>, L<BN_swap(3)|BN_swap(3)>, L<BN_num_bytes(3)|BN_num_bytes(3)>, |
| 141 | L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, | 151 | L<BN_add(3)|BN_add(3)>, L<BN_add_word(3)|BN_add_word(3)>, |
| 142 | L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, | 152 | L<BN_cmp(3)|BN_cmp(3)>, L<BN_zero(3)|BN_zero(3)>, L<BN_rand(3)|BN_rand(3)>, |
| 143 | L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, | 153 | L<BN_generate_prime(3)|BN_generate_prime(3)>, L<BN_set_bit(3)|BN_set_bit(3)>, |
diff --git a/src/lib/libcrypto/doc/dh.pod b/src/lib/libcrypto/doc/dh.pod index 0a9b7c03a2..b4be4be405 100644 --- a/src/lib/libcrypto/doc/dh.pod +++ b/src/lib/libcrypto/doc/dh.pod | |||
| @@ -7,6 +7,7 @@ dh - Diffie-Hellman key agreement | |||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
| 9 | #include <openssl/dh.h> | 9 | #include <openssl/dh.h> |
| 10 | #include <openssl/engine.h> | ||
| 10 | 11 | ||
| 11 | DH * DH_new(void); | 12 | DH * DH_new(void); |
| 12 | void DH_free(DH *dh); | 13 | void DH_free(DH *dh); |
| @@ -20,10 +21,10 @@ dh - Diffie-Hellman key agreement | |||
| 20 | int DH_generate_key(DH *dh); | 21 | int DH_generate_key(DH *dh); |
| 21 | int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); | 22 | int DH_compute_key(unsigned char *key, BIGNUM *pub_key, DH *dh); |
| 22 | 23 | ||
| 23 | void DH_set_default_method(DH_METHOD *meth); | 24 | void DH_set_default_openssl_method(DH_METHOD *meth); |
| 24 | DH_METHOD *DH_get_default_method(void); | 25 | DH_METHOD *DH_get_default_openssl_method(void); |
| 25 | DH_METHOD *DH_set_method(DH *dh, DH_METHOD *meth); | 26 | int DH_set_method(DH *dh, ENGINE *engine); |
| 26 | DH *DH_new_method(DH_METHOD *meth); | 27 | DH *DH_new_method(ENGINE *engine); |
| 27 | DH_METHOD *DH_OpenSSL(void); | 28 | DH_METHOD *DH_OpenSSL(void); |
| 28 | 29 | ||
| 29 | int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 30 | int DH_get_ex_new_index(long argl, char *argp, int (*new_func)(), |
diff --git a/src/lib/libcrypto/doc/dsa.pod b/src/lib/libcrypto/doc/dsa.pod index 2c09244899..82d7fb77cd 100644 --- a/src/lib/libcrypto/doc/dsa.pod +++ b/src/lib/libcrypto/doc/dsa.pod | |||
| @@ -7,6 +7,7 @@ dsa - Digital Signature Algorithm | |||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
| 9 | #include <openssl/dsa.h> | 9 | #include <openssl/dsa.h> |
| 10 | #include <openssl/engine.h> | ||
| 10 | 11 | ||
| 11 | DSA * DSA_new(void); | 12 | DSA * DSA_new(void); |
| 12 | void DSA_free(DSA *dsa); | 13 | void DSA_free(DSA *dsa); |
| @@ -28,10 +29,10 @@ dsa - Digital Signature Algorithm | |||
| 28 | int DSA_verify(int dummy, const unsigned char *dgst, int len, | 29 | int DSA_verify(int dummy, const unsigned char *dgst, int len, |
| 29 | unsigned char *sigbuf, int siglen, DSA *dsa); | 30 | unsigned char *sigbuf, int siglen, DSA *dsa); |
| 30 | 31 | ||
| 31 | void DSA_set_default_method(DSA_METHOD *meth); | 32 | void DSA_set_default_openssl_method(DSA_METHOD *meth); |
| 32 | DSA_METHOD *DSA_get_default_method(void); | 33 | DSA_METHOD *DSA_get_default_openssl_method(void); |
| 33 | DSA_METHOD *DSA_set_method(DSA *dsa, DSA_METHOD *meth); | 34 | int DSA_set_method(DSA *dsa, ENGINE *engine); |
| 34 | DSA *DSA_new_method(DSA_METHOD *meth); | 35 | DSA *DSA_new_method(ENGINE *engine); |
| 35 | DSA_METHOD *DSA_OpenSSL(void); | 36 | DSA_METHOD *DSA_OpenSSL(void); |
| 36 | 37 | ||
| 37 | int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 38 | int DSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), |
diff --git a/src/lib/libcrypto/doc/evp.pod b/src/lib/libcrypto/doc/evp.pod index f089dd49a2..edf47dbde6 100644 --- a/src/lib/libcrypto/doc/evp.pod +++ b/src/lib/libcrypto/doc/evp.pod | |||
| @@ -10,7 +10,7 @@ evp - high-level cryptographic functions | |||
| 10 | 10 | ||
| 11 | =head1 DESCRIPTION | 11 | =head1 DESCRIPTION |
| 12 | 12 | ||
| 13 | The EVP library provided a high-level interface to cryptographic | 13 | The EVP library provides a high-level interface to cryptographic |
| 14 | functions. | 14 | functions. |
| 15 | 15 | ||
| 16 | B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption | 16 | B<EVP_Seal>I<...> and B<EVP_Open>I<...> provide public key encryption |
diff --git a/src/lib/libcrypto/doc/rsa.pod b/src/lib/libcrypto/doc/rsa.pod index 0486c044a6..09ad30cab1 100644 --- a/src/lib/libcrypto/doc/rsa.pod +++ b/src/lib/libcrypto/doc/rsa.pod | |||
| @@ -7,6 +7,7 @@ rsa - RSA public key cryptosystem | |||
| 7 | =head1 SYNOPSIS | 7 | =head1 SYNOPSIS |
| 8 | 8 | ||
| 9 | #include <openssl/rsa.h> | 9 | #include <openssl/rsa.h> |
| 10 | #include <openssl/engine.h> | ||
| 10 | 11 | ||
| 11 | RSA * RSA_new(void); | 12 | RSA * RSA_new(void); |
| 12 | void RSA_free(RSA *rsa); | 13 | void RSA_free(RSA *rsa); |
| @@ -31,15 +32,14 @@ rsa - RSA public key cryptosystem | |||
| 31 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); | 32 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); |
| 32 | void RSA_blinding_off(RSA *rsa); | 33 | void RSA_blinding_off(RSA *rsa); |
| 33 | 34 | ||
| 34 | void RSA_set_default_method(RSA_METHOD *meth); | 35 | void RSA_set_default_openssl_method(RSA_METHOD *meth); |
| 35 | RSA_METHOD *RSA_get_default_method(void); | 36 | RSA_METHOD *RSA_get_default_openssl_method(void); |
| 36 | RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); | 37 | int RSA_set_method(RSA *rsa, ENGINE *engine); |
| 37 | RSA_METHOD *RSA_get_method(RSA *rsa); | 38 | RSA_METHOD *RSA_get_method(RSA *rsa); |
| 38 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 39 | RSA_METHOD *RSA_PKCS1_SSLeay(void); |
| 39 | RSA_METHOD *RSA_PKCS1_RSAref(void); | ||
| 40 | RSA_METHOD *RSA_null_method(void); | 40 | RSA_METHOD *RSA_null_method(void); |
| 41 | int RSA_flags(RSA *rsa); | 41 | int RSA_flags(RSA *rsa); |
| 42 | RSA *RSA_new_method(RSA_METHOD *method); | 42 | RSA *RSA_new_method(ENGINE *engine); |
| 43 | 43 | ||
| 44 | int RSA_print(BIO *bp, RSA *x, int offset); | 44 | int RSA_print(BIO *bp, RSA *x, int offset); |
| 45 | int RSA_print_fp(FILE *fp, RSA *x, int offset); | 45 | int RSA_print_fp(FILE *fp, RSA *x, int offset); |
| @@ -86,8 +86,9 @@ contain public as well as private RSA keys: | |||
| 86 | In public keys, the private exponent and the related secret values are | 86 | In public keys, the private exponent and the related secret values are |
| 87 | B<NULL>. | 87 | B<NULL>. |
| 88 | 88 | ||
| 89 | B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private keys, but the | 89 | B<p>, B<q>, B<dmp1>, B<dmq1> and B<iqmp> may be B<NULL> in private |
| 90 | RSA operations are much faster when these values are available. | 90 | keys, but the RSA operations are much faster when these values are |
| 91 | available. | ||
| 91 | 92 | ||
| 92 | =head1 CONFORMING TO | 93 | =head1 CONFORMING TO |
| 93 | 94 | ||
| @@ -95,7 +96,7 @@ SSL, PKCS #1 v2.0 | |||
| 95 | 96 | ||
| 96 | =head1 PATENTS | 97 | =head1 PATENTS |
| 97 | 98 | ||
| 98 | RSA is covered by a US patent which expires in September 2000. | 99 | RSA was covered by a US patent which expired in September 2000. |
| 99 | 100 | ||
| 100 | =head1 SEE ALSO | 101 | =head1 SEE ALSO |
| 101 | 102 | ||
diff --git a/src/lib/libcrypto/dsa/dsa.h b/src/lib/libcrypto/dsa/dsa.h index 1ca87c1cbe..9b3baadf2c 100644 --- a/src/lib/libcrypto/dsa/dsa.h +++ b/src/lib/libcrypto/dsa/dsa.h | |||
| @@ -65,18 +65,59 @@ | |||
| 65 | #ifndef HEADER_DSA_H | 65 | #ifndef HEADER_DSA_H |
| 66 | #define HEADER_DSA_H | 66 | #define HEADER_DSA_H |
| 67 | 67 | ||
| 68 | #ifdef OPENSSL_NO_DSA | ||
| 69 | #error DSA is disabled. | ||
| 70 | #endif | ||
| 71 | |||
| 72 | #ifndef OPENSSL_NO_BIO | ||
| 73 | #include <openssl/bio.h> | ||
| 74 | #endif | ||
| 75 | #include <openssl/bn.h> | ||
| 76 | #include <openssl/crypto.h> | ||
| 77 | #include <openssl/ossl_typ.h> | ||
| 78 | #ifndef OPENSSL_NO_DH | ||
| 79 | # include <openssl/dh.h> | ||
| 80 | #endif | ||
| 81 | |||
| 82 | #define DSA_FLAG_CACHE_MONT_P 0x01 | ||
| 83 | |||
| 68 | #ifdef __cplusplus | 84 | #ifdef __cplusplus |
| 69 | extern "C" { | 85 | extern "C" { |
| 70 | #endif | 86 | #endif |
| 71 | 87 | ||
| 72 | #include "bn.h" | 88 | typedef struct dsa_st DSA; |
| 73 | 89 | ||
| 74 | typedef struct dsa_st | 90 | typedef struct DSA_SIG_st |
| 91 | { | ||
| 92 | BIGNUM *r; | ||
| 93 | BIGNUM *s; | ||
| 94 | } DSA_SIG; | ||
| 95 | |||
| 96 | typedef struct dsa_method { | ||
| 97 | const char *name; | ||
| 98 | DSA_SIG * (*dsa_do_sign)(const unsigned char *dgst, int dlen, DSA *dsa); | ||
| 99 | int (*dsa_sign_setup)(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, | ||
| 100 | BIGNUM **rp); | ||
| 101 | int (*dsa_do_verify)(const unsigned char *dgst, int dgst_len, | ||
| 102 | DSA_SIG *sig, DSA *dsa); | ||
| 103 | int (*dsa_mod_exp)(DSA *dsa, BIGNUM *rr, BIGNUM *a1, BIGNUM *p1, | ||
| 104 | BIGNUM *a2, BIGNUM *p2, BIGNUM *m, BN_CTX *ctx, | ||
| 105 | BN_MONT_CTX *in_mont); | ||
| 106 | int (*bn_mod_exp)(DSA *dsa, BIGNUM *r, BIGNUM *a, const BIGNUM *p, | ||
| 107 | const BIGNUM *m, BN_CTX *ctx, | ||
| 108 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
| 109 | int (*init)(DSA *dsa); | ||
| 110 | int (*finish)(DSA *dsa); | ||
| 111 | int flags; | ||
| 112 | char *app_data; | ||
| 113 | } DSA_METHOD; | ||
| 114 | |||
| 115 | struct dsa_st | ||
| 75 | { | 116 | { |
| 76 | /* This first variable is used to pick up errors where | 117 | /* This first variable is used to pick up errors where |
| 77 | * a DSA is passed instead of of a EVP_PKEY */ | 118 | * a DSA is passed instead of of a EVP_PKEY */ |
| 78 | int pad; | 119 | int pad; |
| 79 | int version; | 120 | long version; |
| 80 | int write_params; | 121 | int write_params; |
| 81 | BIGNUM *p; | 122 | BIGNUM *p; |
| 82 | BIGNUM *q; /* == 20 */ | 123 | BIGNUM *q; /* == 20 */ |
| @@ -88,8 +129,15 @@ typedef struct dsa_st | |||
| 88 | BIGNUM *kinv; /* Signing pre-calc */ | 129 | BIGNUM *kinv; /* Signing pre-calc */ |
| 89 | BIGNUM *r; /* Signing pre-calc */ | 130 | BIGNUM *r; /* Signing pre-calc */ |
| 90 | 131 | ||
| 132 | int flags; | ||
| 133 | /* Normally used to cache montgomery values */ | ||
| 134 | char *method_mont_p; | ||
| 91 | int references; | 135 | int references; |
| 92 | } DSA; | 136 | CRYPTO_EX_DATA ex_data; |
| 137 | const DSA_METHOD *meth; | ||
| 138 | /* functional reference if 'meth' is ENGINE-provided */ | ||
| 139 | ENGINE *engine; | ||
| 140 | }; | ||
| 93 | 141 | ||
| 94 | #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ | 142 | #define DSAparams_dup(x) (DSA *)ASN1_dup((int (*)())i2d_DSAparams, \ |
| 95 | (char *(*)())d2i_DSAparams,(char *)(x)) | 143 | (char *(*)())d2i_DSAparams,(char *)(x)) |
| @@ -102,93 +150,101 @@ typedef struct dsa_st | |||
| 102 | #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ | 150 | #define i2d_DSAparams_bio(bp,x) ASN1_i2d_bio(i2d_DSAparams,(bp), \ |
| 103 | (unsigned char *)(x)) | 151 | (unsigned char *)(x)) |
| 104 | 152 | ||
| 105 | #ifndef NOPROTO | 153 | |
| 154 | DSA_SIG * DSA_SIG_new(void); | ||
| 155 | void DSA_SIG_free(DSA_SIG *a); | ||
| 156 | int i2d_DSA_SIG(const DSA_SIG *a, unsigned char **pp); | ||
| 157 | DSA_SIG * d2i_DSA_SIG(DSA_SIG **v, const unsigned char **pp, long length); | ||
| 158 | |||
| 159 | DSA_SIG * DSA_do_sign(const unsigned char *dgst,int dlen,DSA *dsa); | ||
| 160 | int DSA_do_verify(const unsigned char *dgst,int dgst_len, | ||
| 161 | DSA_SIG *sig,DSA *dsa); | ||
| 162 | |||
| 163 | const DSA_METHOD *DSA_OpenSSL(void); | ||
| 164 | |||
| 165 | void DSA_set_default_method(const DSA_METHOD *); | ||
| 166 | const DSA_METHOD *DSA_get_default_method(void); | ||
| 167 | int DSA_set_method(DSA *dsa, const DSA_METHOD *); | ||
| 106 | 168 | ||
| 107 | DSA * DSA_new(void); | 169 | DSA * DSA_new(void); |
| 108 | int DSA_size(DSA *); | 170 | DSA * DSA_new_method(ENGINE *engine); |
| 171 | void DSA_free (DSA *r); | ||
| 172 | /* "up" the DSA object's reference count */ | ||
| 173 | int DSA_up_ref(DSA *r); | ||
| 174 | int DSA_size(const DSA *); | ||
| 109 | /* next 4 return -1 on error */ | 175 | /* next 4 return -1 on error */ |
| 110 | int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); | 176 | int DSA_sign_setup( DSA *dsa,BN_CTX *ctx_in,BIGNUM **kinvp,BIGNUM **rp); |
| 111 | int DSA_sign(int type,unsigned char *dgst,int dlen, | 177 | int DSA_sign(int type,const unsigned char *dgst,int dlen, |
| 112 | unsigned char *sig, unsigned int *siglen, DSA *dsa); | 178 | unsigned char *sig, unsigned int *siglen, DSA *dsa); |
| 113 | int DSA_verify(int type,unsigned char *dgst,int dgst_len, | 179 | int DSA_verify(int type,const unsigned char *dgst,int dgst_len, |
| 114 | unsigned char *sigbuf, int siglen, DSA *dsa); | 180 | const unsigned char *sigbuf, int siglen, DSA *dsa); |
| 115 | void DSA_free (DSA *r); | 181 | int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 116 | 182 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | |
| 117 | void ERR_load_DSA_strings(void ); | 183 | int DSA_set_ex_data(DSA *d, int idx, void *arg); |
| 118 | 184 | void *DSA_get_ex_data(DSA *d, int idx); | |
| 119 | DSA * d2i_DSAPublicKey(DSA **a, unsigned char **pp, long length); | 185 | |
| 120 | DSA * d2i_DSAPrivateKey(DSA **a, unsigned char **pp, long length); | 186 | DSA * d2i_DSAPublicKey(DSA **a, const unsigned char **pp, long length); |
| 121 | DSA * d2i_DSAparams(DSA **a, unsigned char **pp, long length); | 187 | DSA * d2i_DSAPrivateKey(DSA **a, const unsigned char **pp, long length); |
| 122 | DSA * DSA_generate_parameters(int bits, unsigned char *seed,int seed_len, | 188 | DSA * d2i_DSAparams(DSA **a, const unsigned char **pp, long length); |
| 189 | DSA * DSA_generate_parameters(int bits, | ||
| 190 | unsigned char *seed,int seed_len, | ||
| 123 | int *counter_ret, unsigned long *h_ret,void | 191 | int *counter_ret, unsigned long *h_ret,void |
| 124 | (*callback)(),char *cb_arg); | 192 | (*callback)(int, int, void *),void *cb_arg); |
| 125 | int DSA_generate_key(DSA *a); | 193 | int DSA_generate_key(DSA *a); |
| 126 | int i2d_DSAPublicKey(DSA *a, unsigned char **pp); | 194 | int i2d_DSAPublicKey(const DSA *a, unsigned char **pp); |
| 127 | int i2d_DSAPrivateKey(DSA *a, unsigned char **pp); | 195 | int i2d_DSAPrivateKey(const DSA *a, unsigned char **pp); |
| 128 | int i2d_DSAparams(DSA *a,unsigned char **pp); | 196 | int i2d_DSAparams(const DSA *a,unsigned char **pp); |
| 129 | 197 | ||
| 130 | #ifdef HEADER_BIO_H | 198 | #ifndef OPENSSL_NO_BIO |
| 131 | int DSAparams_print(BIO *bp, DSA *x); | 199 | int DSAparams_print(BIO *bp, const DSA *x); |
| 132 | int DSA_print(BIO *bp, DSA *x, int off); | 200 | int DSA_print(BIO *bp, const DSA *x, int off); |
| 133 | #endif | 201 | #endif |
| 134 | #ifndef NO_FP_API | 202 | #ifndef OPENSSL_NO_FP_API |
| 135 | int DSAparams_print_fp(FILE *fp, DSA *x); | 203 | int DSAparams_print_fp(FILE *fp, const DSA *x); |
| 136 | int DSA_print_fp(FILE *bp, DSA *x, int off); | 204 | int DSA_print_fp(FILE *bp, const DSA *x, int off); |
| 137 | #endif | 205 | #endif |
| 138 | 206 | ||
| 139 | int DSA_is_prime(BIGNUM *q,void (*callback)(),char *cb_arg); | 207 | #define DSS_prime_checks 50 |
| 140 | 208 | /* Primality test according to FIPS PUB 186[-1], Appendix 2.1: | |
| 141 | #else | 209 | * 50 rounds of Rabin-Miller */ |
| 142 | 210 | #define DSA_is_prime(n, callback, cb_arg) \ | |
| 143 | DSA * DSA_new(); | 211 | BN_is_prime(n, DSS_prime_checks, callback, NULL, cb_arg) |
| 144 | int DSA_size(); | ||
| 145 | int DSA_sign_setup(); | ||
| 146 | int DSA_sign(); | ||
| 147 | int DSA_verify(); | ||
| 148 | void DSA_free (); | ||
| 149 | |||
| 150 | void ERR_load_DSA_strings(); | ||
| 151 | |||
| 152 | DSA * d2i_DSAPublicKey(); | ||
| 153 | DSA * d2i_DSAPrivateKey(); | ||
| 154 | DSA * d2i_DSAparams(); | ||
| 155 | DSA * DSA_generate_parameters(); | ||
| 156 | int DSA_generate_key(); | ||
| 157 | int i2d_DSAPublicKey(); | ||
| 158 | int i2d_DSAPrivateKey(); | ||
| 159 | int i2d_DSAparams(); | ||
| 160 | |||
| 161 | int DSA_is_prime(); | ||
| 162 | |||
| 163 | int DSAparams_print(); | ||
| 164 | int DSA_print(); | ||
| 165 | |||
| 166 | #ifndef NO_FP_API | ||
| 167 | int DSAparams_print_fp(); | ||
| 168 | int DSA_print_fp(); | ||
| 169 | #endif | ||
| 170 | 212 | ||
| 213 | #ifndef OPENSSL_NO_DH | ||
| 214 | /* Convert DSA structure (key or just parameters) into DH structure | ||
| 215 | * (be careful to avoid small subgroup attacks when using this!) */ | ||
| 216 | DH *DSA_dup_DH(const DSA *r); | ||
| 171 | #endif | 217 | #endif |
| 172 | 218 | ||
| 173 | /* BEGIN ERROR CODES */ | 219 | /* BEGIN ERROR CODES */ |
| 220 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 221 | * made after this point may be overwritten when the script is next run. | ||
| 222 | */ | ||
| 223 | void ERR_load_DSA_strings(void); | ||
| 224 | |||
| 174 | /* Error codes for the DSA functions. */ | 225 | /* Error codes for the DSA functions. */ |
| 175 | 226 | ||
| 176 | /* Function codes. */ | 227 | /* Function codes. */ |
| 228 | #define DSA_F_D2I_DSA_SIG 110 | ||
| 177 | #define DSA_F_DSAPARAMS_PRINT 100 | 229 | #define DSA_F_DSAPARAMS_PRINT 100 |
| 178 | #define DSA_F_DSAPARAMS_PRINT_FP 101 | 230 | #define DSA_F_DSAPARAMS_PRINT_FP 101 |
| 179 | #define DSA_F_DSA_IS_PRIME 102 | 231 | #define DSA_F_DSA_DO_SIGN 112 |
| 180 | #define DSA_F_DSA_NEW 103 | 232 | #define DSA_F_DSA_DO_VERIFY 113 |
| 233 | #define DSA_F_DSA_NEW_METHOD 103 | ||
| 181 | #define DSA_F_DSA_PRINT 104 | 234 | #define DSA_F_DSA_PRINT 104 |
| 182 | #define DSA_F_DSA_PRINT_FP 105 | 235 | #define DSA_F_DSA_PRINT_FP 105 |
| 183 | #define DSA_F_DSA_SIGN 106 | 236 | #define DSA_F_DSA_SIGN 106 |
| 184 | #define DSA_F_DSA_SIGN_SETUP 107 | 237 | #define DSA_F_DSA_SIGN_SETUP 107 |
| 238 | #define DSA_F_DSA_SIG_NEW 109 | ||
| 185 | #define DSA_F_DSA_VERIFY 108 | 239 | #define DSA_F_DSA_VERIFY 108 |
| 240 | #define DSA_F_I2D_DSA_SIG 111 | ||
| 241 | #define DSA_F_SIG_CB 114 | ||
| 186 | 242 | ||
| 187 | /* Reason codes. */ | 243 | /* Reason codes. */ |
| 188 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 | 244 | #define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100 |
| 189 | 245 | #define DSA_R_MISSING_PARAMETERS 101 | |
| 246 | |||
| 190 | #ifdef __cplusplus | 247 | #ifdef __cplusplus |
| 191 | } | 248 | } |
| 192 | #endif | 249 | #endif |
| 193 | #endif | 250 | #endif |
| 194 | |||
diff --git a/src/lib/libcrypto/dsa/dsa_asn1.c b/src/lib/libcrypto/dsa/dsa_asn1.c index 7523b21654..23fce555aa 100644 --- a/src/lib/libcrypto/dsa/dsa_asn1.c +++ b/src/lib/libcrypto/dsa/dsa_asn1.c | |||
| @@ -1,96 +1,140 @@ | |||
| 1 | /* crypto/dsa/dsa_asn1.c */ | 1 | /* dsa_asn1.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | ||
| 3 | * project 2000. | ||
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 2000 The OpenSSL Project. All rights reserved. | ||
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 2 | 58 | ||
| 3 | #include <stdio.h> | 59 | #include <stdio.h> |
| 4 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 5 | #include <openssl/dsa.h> | 61 | #include <openssl/dsa.h> |
| 6 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 7 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 8 | 64 | ||
| 9 | DSA_SIG *DSA_SIG_new(void) | 65 | /* Override the default new methods */ |
| 66 | static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | ||
| 10 | { | 67 | { |
| 11 | DSA_SIG *ret; | 68 | if(operation == ASN1_OP_NEW_PRE) { |
| 12 | 69 | DSA_SIG *sig; | |
| 13 | ret = Malloc(sizeof(DSA_SIG)); | 70 | sig = OPENSSL_malloc(sizeof(DSA_SIG)); |
| 14 | if (ret == NULL) | 71 | sig->r = NULL; |
| 15 | { | 72 | sig->s = NULL; |
| 16 | DSAerr(DSA_F_DSA_SIG_NEW,ERR_R_MALLOC_FAILURE); | 73 | *pval = (ASN1_VALUE *)sig; |
| 17 | return(NULL); | 74 | if(sig) return 2; |
| 18 | } | 75 | DSAerr(DSA_F_SIG_CB, ERR_R_MALLOC_FAILURE); |
| 19 | ret->r = NULL; | 76 | return 0; |
| 20 | ret->s = NULL; | 77 | } |
| 21 | return(ret); | 78 | return 1; |
| 22 | } | 79 | } |
| 23 | 80 | ||
| 24 | void DSA_SIG_free(DSA_SIG *r) | 81 | ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = { |
| 82 | ASN1_SIMPLE(DSA_SIG, r, CBIGNUM), | ||
| 83 | ASN1_SIMPLE(DSA_SIG, s, CBIGNUM) | ||
| 84 | } ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG) | ||
| 85 | |||
| 86 | IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG) | ||
| 87 | |||
| 88 | /* Override the default free and new methods */ | ||
| 89 | static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) | ||
| 25 | { | 90 | { |
| 26 | if (r == NULL) return; | 91 | if(operation == ASN1_OP_NEW_PRE) { |
| 27 | if (r->r) BN_clear_free(r->r); | 92 | *pval = (ASN1_VALUE *)DSA_new(); |
| 28 | if (r->s) BN_clear_free(r->s); | 93 | if(*pval) return 2; |
| 29 | Free(r); | 94 | return 0; |
| 95 | } else if(operation == ASN1_OP_FREE_PRE) { | ||
| 96 | DSA_free((DSA *)*pval); | ||
| 97 | *pval = NULL; | ||
| 98 | return 2; | ||
| 99 | } | ||
| 100 | return 1; | ||
| 30 | } | 101 | } |
| 31 | 102 | ||
| 32 | int i2d_DSA_SIG(DSA_SIG *v, unsigned char **pp) | 103 | ASN1_SEQUENCE_cb(DSAPrivateKey, dsa_cb) = { |
| 33 | { | 104 | ASN1_SIMPLE(DSA, version, LONG), |
| 34 | int t=0,len; | 105 | ASN1_SIMPLE(DSA, p, BIGNUM), |
| 35 | ASN1_INTEGER rbs,sbs; | 106 | ASN1_SIMPLE(DSA, q, BIGNUM), |
| 36 | unsigned char *p; | 107 | ASN1_SIMPLE(DSA, g, BIGNUM), |
| 108 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), | ||
| 109 | ASN1_SIMPLE(DSA, priv_key, BIGNUM) | ||
| 110 | } ASN1_SEQUENCE_END_cb(DSA, DSAPrivateKey) | ||
| 37 | 111 | ||
| 38 | rbs.data=Malloc(BN_num_bits(v->r)/8+1); | 112 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPrivateKey, DSAPrivateKey) |
| 39 | if (rbs.data == NULL) | ||
| 40 | { | ||
| 41 | DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); | ||
| 42 | return(0); | ||
| 43 | } | ||
| 44 | rbs.type=V_ASN1_INTEGER; | ||
| 45 | rbs.length=BN_bn2bin(v->r,rbs.data); | ||
| 46 | sbs.data=Malloc(BN_num_bits(v->s)/8+1); | ||
| 47 | if (sbs.data == NULL) | ||
| 48 | { | ||
| 49 | Free(rbs.data); | ||
| 50 | DSAerr(DSA_F_I2D_DSA_SIG, ERR_R_MALLOC_FAILURE); | ||
| 51 | return(0); | ||
| 52 | } | ||
| 53 | sbs.type=V_ASN1_INTEGER; | ||
| 54 | sbs.length=BN_bn2bin(v->s,sbs.data); | ||
| 55 | 113 | ||
| 56 | len=i2d_ASN1_INTEGER(&rbs,NULL); | 114 | ASN1_SEQUENCE_cb(DSAparams, dsa_cb) = { |
| 57 | len+=i2d_ASN1_INTEGER(&sbs,NULL); | 115 | ASN1_SIMPLE(DSA, p, BIGNUM), |
| 116 | ASN1_SIMPLE(DSA, q, BIGNUM), | ||
| 117 | ASN1_SIMPLE(DSA, g, BIGNUM), | ||
| 118 | } ASN1_SEQUENCE_END_cb(DSA, DSAparams) | ||
| 58 | 119 | ||
| 59 | if (pp) | 120 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAparams, DSAparams) |
| 60 | { | ||
| 61 | p=*pp; | ||
| 62 | ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | ||
| 63 | i2d_ASN1_INTEGER(&rbs,&p); | ||
| 64 | i2d_ASN1_INTEGER(&sbs,&p); | ||
| 65 | } | ||
| 66 | t=ASN1_object_size(1,len,V_ASN1_SEQUENCE); | ||
| 67 | Free(rbs.data); | ||
| 68 | Free(sbs.data); | ||
| 69 | return(t); | ||
| 70 | } | ||
| 71 | 121 | ||
| 72 | DSA_SIG *d2i_DSA_SIG(DSA_SIG **a, unsigned char **pp, long length) | 122 | /* DSA public key is a bit trickier... its effectively a CHOICE type |
| 73 | { | 123 | * decided by a field called write_params which can either write out |
| 74 | int i=ERR_R_NESTED_ASN1_ERROR; | 124 | * just the public key as an INTEGER or the parameters and public key |
| 75 | ASN1_INTEGER *bs=NULL; | 125 | * in a SEQUENCE |
| 76 | M_ASN1_D2I_vars(a,DSA_SIG *,DSA_SIG_new); | 126 | */ |
| 77 | 127 | ||
| 78 | M_ASN1_D2I_Init(); | 128 | ASN1_SEQUENCE(dsa_pub_internal) = { |
| 79 | M_ASN1_D2I_start_sequence(); | 129 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), |
| 80 | M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); | 130 | ASN1_SIMPLE(DSA, p, BIGNUM), |
| 81 | if ((ret->r=BN_bin2bn(bs->data,bs->length,ret->r)) == NULL) | 131 | ASN1_SIMPLE(DSA, q, BIGNUM), |
| 82 | goto err_bn; | 132 | ASN1_SIMPLE(DSA, g, BIGNUM) |
| 83 | M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); | 133 | } ASN1_SEQUENCE_END_name(DSA, dsa_pub_internal) |
| 84 | if ((ret->s=BN_bin2bn(bs->data,bs->length,ret->s)) == NULL) | ||
| 85 | goto err_bn; | ||
| 86 | ASN1_BIT_STRING_free(bs); | ||
| 87 | M_ASN1_D2I_Finish_2(a); | ||
| 88 | 134 | ||
| 89 | err_bn: | 135 | ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = { |
| 90 | i=ERR_R_BN_LIB; | 136 | ASN1_SIMPLE(DSA, pub_key, BIGNUM), |
| 91 | err: | 137 | ASN1_EX_COMBINE(0, 0, dsa_pub_internal) |
| 92 | DSAerr(DSA_F_D2I_DSA_SIG,i); | 138 | } ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params) |
| 93 | if ((ret != NULL) && ((a == NULL) || (*a != ret))) DSA_SIG_free(ret); | 139 | |
| 94 | if (bs != NULL) ASN1_BIT_STRING_free(bs); | 140 | IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey) |
| 95 | return(NULL); | ||
| 96 | } | ||
diff --git a/src/lib/libcrypto/dsa/dsa_err.c b/src/lib/libcrypto/dsa/dsa_err.c index 318e9f31aa..79aa4ff526 100644 --- a/src/lib/libcrypto/dsa/dsa_err.c +++ b/src/lib/libcrypto/dsa/dsa_err.c | |||
| @@ -1,96 +1,105 @@ | |||
| 1 | /* lib/dsa/dsa_err.c */ | 1 | /* crypto/dsa/dsa_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "dsa.h" | 63 | #include <openssl/dsa.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA DSA_str_functs[]= | 67 | static ERR_STRING_DATA DSA_str_functs[]= |
| 65 | { | 68 | { |
| 69 | {ERR_PACK(0,DSA_F_D2I_DSA_SIG,0), "d2i_DSA_SIG"}, | ||
| 66 | {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, | 70 | {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT,0), "DSAparams_print"}, |
| 67 | {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, | 71 | {ERR_PACK(0,DSA_F_DSAPARAMS_PRINT_FP,0), "DSAparams_print_fp"}, |
| 68 | {ERR_PACK(0,DSA_F_DSA_IS_PRIME,0), "DSA_is_prime"}, | 72 | {ERR_PACK(0,DSA_F_DSA_DO_SIGN,0), "DSA_do_sign"}, |
| 69 | {ERR_PACK(0,DSA_F_DSA_NEW,0), "DSA_new"}, | 73 | {ERR_PACK(0,DSA_F_DSA_DO_VERIFY,0), "DSA_do_verify"}, |
| 74 | {ERR_PACK(0,DSA_F_DSA_NEW_METHOD,0), "DSA_new_method"}, | ||
| 70 | {ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, | 75 | {ERR_PACK(0,DSA_F_DSA_PRINT,0), "DSA_print"}, |
| 71 | {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, | 76 | {ERR_PACK(0,DSA_F_DSA_PRINT_FP,0), "DSA_print_fp"}, |
| 72 | {ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, | 77 | {ERR_PACK(0,DSA_F_DSA_SIGN,0), "DSA_sign"}, |
| 73 | {ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, | 78 | {ERR_PACK(0,DSA_F_DSA_SIGN_SETUP,0), "DSA_sign_setup"}, |
| 79 | {ERR_PACK(0,DSA_F_DSA_SIG_NEW,0), "DSA_SIG_new"}, | ||
| 74 | {ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, | 80 | {ERR_PACK(0,DSA_F_DSA_VERIFY,0), "DSA_verify"}, |
| 75 | {0,NULL}, | 81 | {ERR_PACK(0,DSA_F_I2D_DSA_SIG,0), "i2d_DSA_SIG"}, |
| 82 | {ERR_PACK(0,DSA_F_SIG_CB,0), "SIG_CB"}, | ||
| 83 | {0,NULL} | ||
| 76 | }; | 84 | }; |
| 77 | 85 | ||
| 78 | static ERR_STRING_DATA DSA_str_reasons[]= | 86 | static ERR_STRING_DATA DSA_str_reasons[]= |
| 79 | { | 87 | { |
| 80 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, | 88 | {DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, |
| 81 | {0,NULL}, | 89 | {DSA_R_MISSING_PARAMETERS ,"missing parameters"}, |
| 90 | {0,NULL} | ||
| 82 | }; | 91 | }; |
| 83 | 92 | ||
| 84 | #endif | 93 | #endif |
| 85 | 94 | ||
| 86 | void ERR_load_DSA_strings() | 95 | void ERR_load_DSA_strings(void) |
| 87 | { | 96 | { |
| 88 | static int init=1; | 97 | static int init=1; |
| 89 | 98 | ||
| 90 | if (init); | 99 | if (init) |
| 91 | {; | 100 | { |
| 92 | init=0; | 101 | init=0; |
| 93 | #ifndef NO_ERR | 102 | #ifndef OPENSSL_NO_ERR |
| 94 | ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); | 103 | ERR_load_strings(ERR_LIB_DSA,DSA_str_functs); |
| 95 | ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); | 104 | ERR_load_strings(ERR_LIB_DSA,DSA_str_reasons); |
| 96 | #endif | 105 | #endif |
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index d7d30bf90a..dc9c249310 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c | |||
| @@ -59,28 +59,32 @@ | |||
| 59 | #undef GENUINE_DSA | 59 | #undef GENUINE_DSA |
| 60 | 60 | ||
| 61 | #ifdef GENUINE_DSA | 61 | #ifdef GENUINE_DSA |
| 62 | #define HASH SHA | 62 | /* Parameter generation follows the original release of FIPS PUB 186, |
| 63 | * Appendix 2.2 (i.e. use SHA as defined in FIPS PUB 180) */ | ||
| 64 | #define HASH EVP_sha() | ||
| 63 | #else | 65 | #else |
| 64 | #define HASH SHA1 | 66 | /* Parameter generation follows the updated Appendix 2.2 for FIPS PUB 186, |
| 67 | * also Appendix 2.2 of FIPS PUB 186-1 (i.e. use SHA as defined in | ||
| 68 | * FIPS PUB 180-1) */ | ||
| 69 | #define HASH EVP_sha1() | ||
| 65 | #endif | 70 | #endif |
| 66 | 71 | ||
| 72 | #ifndef OPENSSL_NO_SHA | ||
| 73 | |||
| 67 | #include <stdio.h> | 74 | #include <stdio.h> |
| 68 | #include <time.h> | 75 | #include <time.h> |
| 69 | #include "cryptlib.h" | 76 | #include "cryptlib.h" |
| 70 | #include "sha.h" | 77 | #include <openssl/evp.h> |
| 71 | #include "bn.h" | 78 | #include <openssl/bn.h> |
| 72 | #include "dsa.h" | 79 | #include <openssl/dsa.h> |
| 73 | #include "rand.h" | 80 | #include <openssl/rand.h> |
| 74 | 81 | #include <openssl/sha.h> | |
| 75 | DSA *DSA_generate_parameters(bits,seed_in,seed_len,counter_ret,h_ret,callback, | 82 | |
| 76 | cb_arg) | 83 | DSA *DSA_generate_parameters(int bits, |
| 77 | int bits; | 84 | unsigned char *seed_in, int seed_len, |
| 78 | unsigned char *seed_in; | 85 | int *counter_ret, unsigned long *h_ret, |
| 79 | int seed_len; | 86 | void (*callback)(int, int, void *), |
| 80 | int *counter_ret; | 87 | void *cb_arg) |
| 81 | unsigned long *h_ret; | ||
| 82 | void (*callback)(); | ||
| 83 | char *cb_arg; | ||
| 84 | { | 88 | { |
| 85 | int ok=0; | 89 | int ok=0; |
| 86 | unsigned char seed[SHA_DIGEST_LENGTH]; | 90 | unsigned char seed[SHA_DIGEST_LENGTH]; |
| @@ -88,49 +92,66 @@ char *cb_arg; | |||
| 88 | unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; | 92 | unsigned char buf[SHA_DIGEST_LENGTH],buf2[SHA_DIGEST_LENGTH]; |
| 89 | BIGNUM *r0,*W,*X,*c,*test; | 93 | BIGNUM *r0,*W,*X,*c,*test; |
| 90 | BIGNUM *g=NULL,*q=NULL,*p=NULL; | 94 | BIGNUM *g=NULL,*q=NULL,*p=NULL; |
| 95 | BN_MONT_CTX *mont=NULL; | ||
| 91 | int k,n=0,i,b,m=0; | 96 | int k,n=0,i,b,m=0; |
| 92 | int counter=0; | 97 | int counter=0; |
| 93 | BN_CTX *ctx=NULL,*ctx2=NULL; | 98 | int r=0; |
| 99 | BN_CTX *ctx=NULL,*ctx2=NULL,*ctx3=NULL; | ||
| 94 | unsigned int h=2; | 100 | unsigned int h=2; |
| 95 | DSA *ret=NULL; | 101 | DSA *ret=NULL; |
| 96 | 102 | ||
| 97 | if (bits < 512) bits=512; | 103 | if (bits < 512) bits=512; |
| 98 | bits=(bits+63)/64*64; | 104 | bits=(bits+63)/64*64; |
| 99 | 105 | ||
| 106 | if (seed_len < 20) | ||
| 107 | seed_in = NULL; /* seed buffer too small -- ignore */ | ||
| 108 | if (seed_len > 20) | ||
| 109 | seed_len = 20; /* App. 2.2 of FIPS PUB 186 allows larger SEED, | ||
| 110 | * but our internal buffers are restricted to 160 bits*/ | ||
| 100 | if ((seed_in != NULL) && (seed_len == 20)) | 111 | if ((seed_in != NULL) && (seed_len == 20)) |
| 101 | memcpy(seed,seed_in,seed_len); | 112 | memcpy(seed,seed_in,seed_len); |
| 102 | 113 | ||
| 103 | ctx=BN_CTX_new(); | 114 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 104 | if (ctx == NULL) goto err; | 115 | if ((ctx2=BN_CTX_new()) == NULL) goto err; |
| 105 | ctx2=BN_CTX_new(); | 116 | if ((ctx3=BN_CTX_new()) == NULL) goto err; |
| 106 | if (ctx2 == NULL) goto err; | 117 | if ((ret=DSA_new()) == NULL) goto err; |
| 107 | ret=DSA_new(); | 118 | |
| 108 | if (ret == NULL) goto err; | 119 | if ((mont=BN_MONT_CTX_new()) == NULL) goto err; |
| 109 | r0=ctx2->bn[0]; | 120 | |
| 110 | g=ctx2->bn[1]; | 121 | BN_CTX_start(ctx2); |
| 111 | W=ctx2->bn[2]; | 122 | r0 = BN_CTX_get(ctx2); |
| 112 | q=ctx2->bn[3]; | 123 | g = BN_CTX_get(ctx2); |
| 113 | X=ctx2->bn[4]; | 124 | W = BN_CTX_get(ctx2); |
| 114 | c=ctx2->bn[5]; | 125 | q = BN_CTX_get(ctx2); |
| 115 | p=ctx2->bn[6]; | 126 | X = BN_CTX_get(ctx2); |
| 116 | test=ctx2->bn[7]; | 127 | c = BN_CTX_get(ctx2); |
| 128 | p = BN_CTX_get(ctx2); | ||
| 129 | test = BN_CTX_get(ctx2); | ||
| 117 | 130 | ||
| 118 | BN_lshift(test,BN_value_one(),bits-1); | 131 | BN_lshift(test,BN_value_one(),bits-1); |
| 119 | 132 | ||
| 120 | for (;;) | 133 | for (;;) |
| 121 | { | 134 | { |
| 122 | for (;;) | 135 | for (;;) /* find q */ |
| 123 | { | 136 | { |
| 137 | int seed_is_random; | ||
| 138 | |||
| 124 | /* step 1 */ | 139 | /* step 1 */ |
| 125 | if (callback != NULL) callback(0,m++,cb_arg); | 140 | if (callback != NULL) callback(0,m++,cb_arg); |
| 126 | 141 | ||
| 127 | if (!seed_len) | 142 | if (!seed_len) |
| 128 | RAND_bytes(seed,SHA_DIGEST_LENGTH); | 143 | { |
| 144 | RAND_pseudo_bytes(seed,SHA_DIGEST_LENGTH); | ||
| 145 | seed_is_random = 1; | ||
| 146 | } | ||
| 129 | else | 147 | else |
| 130 | seed_len=0; | 148 | { |
| 131 | 149 | seed_is_random = 0; | |
| 150 | seed_len=0; /* use random seed if 'seed_in' turns out to be bad*/ | ||
| 151 | } | ||
| 132 | memcpy(buf,seed,SHA_DIGEST_LENGTH); | 152 | memcpy(buf,seed,SHA_DIGEST_LENGTH); |
| 133 | memcpy(buf2,seed,SHA_DIGEST_LENGTH); | 153 | memcpy(buf2,seed,SHA_DIGEST_LENGTH); |
| 154 | /* precompute "SEED + 1" for step 7: */ | ||
| 134 | for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) | 155 | for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) |
| 135 | { | 156 | { |
| 136 | buf[i]++; | 157 | buf[i]++; |
| @@ -138,18 +159,23 @@ char *cb_arg; | |||
| 138 | } | 159 | } |
| 139 | 160 | ||
| 140 | /* step 2 */ | 161 | /* step 2 */ |
| 141 | HASH(seed,SHA_DIGEST_LENGTH,md); | 162 | EVP_Digest(seed,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); |
| 142 | HASH(buf,SHA_DIGEST_LENGTH,buf2); | 163 | EVP_Digest(buf,SHA_DIGEST_LENGTH,buf2,NULL,HASH, NULL); |
| 143 | for (i=0; i<SHA_DIGEST_LENGTH; i++) | 164 | for (i=0; i<SHA_DIGEST_LENGTH; i++) |
| 144 | md[i]^=buf2[i]; | 165 | md[i]^=buf2[i]; |
| 145 | 166 | ||
| 146 | /* step 3 */ | 167 | /* step 3 */ |
| 147 | md[0]|=0x80; | 168 | md[0]|=0x80; |
| 148 | md[SHA_DIGEST_LENGTH-1]|=0x01; | 169 | md[SHA_DIGEST_LENGTH-1]|=0x01; |
| 149 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) abort(); | 170 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,q)) goto err; |
| 150 | 171 | ||
| 151 | /* step 4 */ | 172 | /* step 4 */ |
| 152 | if (DSA_is_prime(q,callback,cb_arg) > 0) break; | 173 | r = BN_is_prime_fasttest(q, DSS_prime_checks, callback, ctx3, cb_arg, seed_is_random); |
| 174 | if (r > 0) | ||
| 175 | break; | ||
| 176 | if (r != 0) | ||
| 177 | goto err; | ||
| 178 | |||
| 153 | /* do a callback call */ | 179 | /* do a callback call */ |
| 154 | /* step 5 */ | 180 | /* step 5 */ |
| 155 | } | 181 | } |
| @@ -159,26 +185,33 @@ char *cb_arg; | |||
| 159 | 185 | ||
| 160 | /* step 6 */ | 186 | /* step 6 */ |
| 161 | counter=0; | 187 | counter=0; |
| 188 | /* "offset = 2" */ | ||
| 162 | 189 | ||
| 163 | n=(bits-1)/160; | 190 | n=(bits-1)/160; |
| 164 | b=(bits-1)-n*160; | 191 | b=(bits-1)-n*160; |
| 165 | 192 | ||
| 166 | for (;;) | 193 | for (;;) |
| 167 | { | 194 | { |
| 195 | if (callback != NULL && counter != 0) | ||
| 196 | callback(0,counter,cb_arg); | ||
| 197 | |||
| 168 | /* step 7 */ | 198 | /* step 7 */ |
| 169 | BN_zero(W); | 199 | BN_zero(W); |
| 200 | /* now 'buf' contains "SEED + offset - 1" */ | ||
| 170 | for (k=0; k<=n; k++) | 201 | for (k=0; k<=n; k++) |
| 171 | { | 202 | { |
| 203 | /* obtain "SEED + offset + k" by incrementing: */ | ||
| 172 | for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) | 204 | for (i=SHA_DIGEST_LENGTH-1; i >= 0; i--) |
| 173 | { | 205 | { |
| 174 | buf[i]++; | 206 | buf[i]++; |
| 175 | if (buf[i] != 0) break; | 207 | if (buf[i] != 0) break; |
| 176 | } | 208 | } |
| 177 | 209 | ||
| 178 | HASH(buf,SHA_DIGEST_LENGTH,md); | 210 | EVP_Digest(buf,SHA_DIGEST_LENGTH,md,NULL,HASH, NULL); |
| 179 | 211 | ||
| 180 | /* step 8 */ | 212 | /* step 8 */ |
| 181 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) abort(); | 213 | if (!BN_bin2bn(md,SHA_DIGEST_LENGTH,r0)) |
| 214 | goto err; | ||
| 182 | BN_lshift(r0,r0,160*k); | 215 | BN_lshift(r0,r0,160*k); |
| 183 | BN_add(W,W,r0); | 216 | BN_add(W,W,r0); |
| 184 | } | 217 | } |
| @@ -198,32 +231,36 @@ char *cb_arg; | |||
| 198 | if (BN_cmp(p,test) >= 0) | 231 | if (BN_cmp(p,test) >= 0) |
| 199 | { | 232 | { |
| 200 | /* step 11 */ | 233 | /* step 11 */ |
| 201 | if (DSA_is_prime(p,callback,cb_arg) > 0) | 234 | r = BN_is_prime_fasttest(p, DSS_prime_checks, callback, ctx3, cb_arg, 1); |
| 202 | goto end; | 235 | if (r > 0) |
| 236 | goto end; /* found it */ | ||
| 237 | if (r != 0) | ||
| 238 | goto err; | ||
| 203 | } | 239 | } |
| 204 | 240 | ||
| 205 | /* step 13 */ | 241 | /* step 13 */ |
| 206 | counter++; | 242 | counter++; |
| 243 | /* "offset = offset + n + 1" */ | ||
| 207 | 244 | ||
| 208 | /* step 14 */ | 245 | /* step 14 */ |
| 209 | if (counter >= 4096) break; | 246 | if (counter >= 4096) break; |
| 210 | |||
| 211 | if (callback != NULL) callback(0,counter,cb_arg); | ||
| 212 | } | 247 | } |
| 213 | } | 248 | } |
| 214 | end: | 249 | end: |
| 215 | if (callback != NULL) callback(2,1,cb_arg); | 250 | if (callback != NULL) callback(2,1,cb_arg); |
| 216 | 251 | ||
| 217 | /* We now need to gernerate g */ | 252 | /* We now need to generate g */ |
| 218 | /* Set r0=(p-1)/q */ | 253 | /* Set r0=(p-1)/q */ |
| 219 | BN_sub(test,p,BN_value_one()); | 254 | BN_sub(test,p,BN_value_one()); |
| 220 | BN_div(r0,NULL,test,q,ctx); | 255 | BN_div(r0,NULL,test,q,ctx); |
| 221 | 256 | ||
| 222 | BN_set_word(test,h); | 257 | BN_set_word(test,h); |
| 258 | BN_MONT_CTX_set(mont,p,ctx); | ||
| 259 | |||
| 223 | for (;;) | 260 | for (;;) |
| 224 | { | 261 | { |
| 225 | /* g=test^r0%p */ | 262 | /* g=test^r0%p */ |
| 226 | BN_mod_exp(g,test,r0,p,ctx); | 263 | BN_mod_exp_mont(g,test,r0,p,ctx,mont); |
| 227 | if (!BN_is_one(g)) break; | 264 | if (!BN_is_one(g)) break; |
| 228 | BN_add(test,test,BN_value_one()); | 265 | BN_add(test,test,BN_value_one()); |
| 229 | h++; | 266 | h++; |
| @@ -246,83 +283,14 @@ err: | |||
| 246 | if (counter_ret != NULL) *counter_ret=counter; | 283 | if (counter_ret != NULL) *counter_ret=counter; |
| 247 | if (h_ret != NULL) *h_ret=h; | 284 | if (h_ret != NULL) *h_ret=h; |
| 248 | } | 285 | } |
| 249 | BN_CTX_free(ctx); | 286 | if (ctx != NULL) BN_CTX_free(ctx); |
| 250 | BN_CTX_free(ctx2); | 287 | if (ctx2 != NULL) |
| 251 | return(ok?ret:NULL); | ||
| 252 | } | ||
| 253 | |||
| 254 | int DSA_is_prime(w, callback,cb_arg) | ||
| 255 | BIGNUM *w; | ||
| 256 | void (*callback)(); | ||
| 257 | char *cb_arg; | ||
| 258 | { | ||
| 259 | int ok= -1,j,i,n; | ||
| 260 | BN_CTX *ctx=NULL,*ctx2=NULL; | ||
| 261 | BIGNUM *w_1,*b,*m,*z; | ||
| 262 | int a; | ||
| 263 | |||
| 264 | if (!BN_is_bit_set(w,0)) return(0); | ||
| 265 | |||
| 266 | ctx=BN_CTX_new(); | ||
| 267 | if (ctx == NULL) goto err; | ||
| 268 | ctx2=BN_CTX_new(); | ||
| 269 | if (ctx2 == NULL) goto err; | ||
| 270 | |||
| 271 | m= ctx2->bn[2]; | ||
| 272 | b= ctx2->bn[3]; | ||
| 273 | z= ctx2->bn[4]; | ||
| 274 | w_1=ctx2->bn[5]; | ||
| 275 | |||
| 276 | /* step 1 */ | ||
| 277 | n=50; | ||
| 278 | |||
| 279 | /* step 2 */ | ||
| 280 | if (!BN_sub(w_1,w,BN_value_one())) goto err; | ||
| 281 | for (a=1; !BN_is_bit_set(w_1,a); a++) | ||
| 282 | ; | ||
| 283 | if (!BN_rshift(m,w_1,a)) goto err; | ||
| 284 | |||
| 285 | for (i=1; i < n; i++) | ||
| 286 | { | 288 | { |
| 287 | /* step 3 */ | 289 | BN_CTX_end(ctx2); |
| 288 | BN_rand(b,BN_num_bits(w)-2/*-1*/,0,0); | 290 | BN_CTX_free(ctx2); |
| 289 | BN_set_word(b,0x10001L); | ||
| 290 | |||
| 291 | /* step 4 */ | ||
| 292 | j=0; | ||
| 293 | if (!BN_mod_exp(z,b,m,w,ctx)) goto err; | ||
| 294 | |||
| 295 | /* step 5 */ | ||
| 296 | for (;;) | ||
| 297 | { | ||
| 298 | if (((j == 0) && BN_is_one(z)) || (BN_cmp(z,w_1) == 0)) | ||
| 299 | break; | ||
| 300 | |||
| 301 | /* step 6 */ | ||
| 302 | if ((j > 0) && BN_is_one(z)) | ||
| 303 | { | ||
| 304 | ok=0; | ||
| 305 | goto err; | ||
| 306 | } | ||
| 307 | |||
| 308 | j++; | ||
| 309 | if (j >= a) | ||
| 310 | { | ||
| 311 | ok=0; | ||
| 312 | goto err; | ||
| 313 | } | ||
| 314 | |||
| 315 | if (!BN_mod_mul(z,z,z,w,ctx)) goto err; | ||
| 316 | if (callback != NULL) callback(1,j,cb_arg); | ||
| 317 | } | ||
| 318 | } | 291 | } |
| 319 | 292 | if (ctx3 != NULL) BN_CTX_free(ctx3); | |
| 320 | ok=1; | 293 | if (mont != NULL) BN_MONT_CTX_free(mont); |
| 321 | err: | 294 | return(ok?ret:NULL); |
| 322 | if (ok == -1) DSAerr(DSA_F_DSA_IS_PRIME,ERR_R_BN_LIB); | ||
| 323 | BN_CTX_free(ctx); | ||
| 324 | BN_CTX_free(ctx2); | ||
| 325 | |||
| 326 | return(ok); | ||
| 327 | } | 295 | } |
| 328 | 296 | #endif | |
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c index d51ed9395f..ef87c3e637 100644 --- a/src/lib/libcrypto/dsa/dsa_key.c +++ b/src/lib/libcrypto/dsa/dsa_key.c | |||
| @@ -56,19 +56,17 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include <time.h> | 61 | #include <time.h> |
| 61 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 62 | #include "sha.h" | 63 | #include <openssl/bn.h> |
| 63 | #include "bn.h" | 64 | #include <openssl/dsa.h> |
| 64 | #include "dsa.h" | 65 | #include <openssl/rand.h> |
| 65 | #include "rand.h" | ||
| 66 | 66 | ||
| 67 | int DSA_generate_key(dsa) | 67 | int DSA_generate_key(DSA *dsa) |
| 68 | DSA *dsa; | ||
| 69 | { | 68 | { |
| 70 | int ok=0; | 69 | int ok=0; |
| 71 | unsigned int i; | ||
| 72 | BN_CTX *ctx=NULL; | 70 | BN_CTX *ctx=NULL; |
| 73 | BIGNUM *pub_key=NULL,*priv_key=NULL; | 71 | BIGNUM *pub_key=NULL,*priv_key=NULL; |
| 74 | 72 | ||
| @@ -81,14 +79,9 @@ DSA *dsa; | |||
| 81 | else | 79 | else |
| 82 | priv_key=dsa->priv_key; | 80 | priv_key=dsa->priv_key; |
| 83 | 81 | ||
| 84 | i=BN_num_bits(dsa->q); | 82 | do |
| 85 | for (;;) | 83 | if (!BN_rand_range(priv_key,dsa->q)) goto err; |
| 86 | { | 84 | while (BN_is_zero(priv_key)); |
| 87 | BN_rand(priv_key,i,1,0); | ||
| 88 | if (BN_cmp(priv_key,dsa->q) >= 0) | ||
| 89 | BN_sub(priv_key,priv_key,dsa->q); | ||
| 90 | if (!BN_is_zero(priv_key)) break; | ||
| 91 | } | ||
| 92 | 85 | ||
| 93 | if (dsa->pub_key == NULL) | 86 | if (dsa->pub_key == NULL) |
| 94 | { | 87 | { |
| @@ -109,4 +102,4 @@ err: | |||
| 109 | if (ctx != NULL) BN_CTX_free(ctx); | 102 | if (ctx != NULL) BN_CTX_free(ctx); |
| 110 | return(ok); | 103 | return(ok); |
| 111 | } | 104 | } |
| 112 | 105 | #endif | |
diff --git a/src/lib/libcrypto/dsa/dsa_lib.c b/src/lib/libcrypto/dsa/dsa_lib.c index b647257f9f..da2cdfa3d6 100644 --- a/src/lib/libcrypto/dsa/dsa_lib.c +++ b/src/lib/libcrypto/dsa/dsa_lib.c | |||
| @@ -56,26 +56,89 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ | 59 | /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "bn.h" | 63 | #include <openssl/bn.h> |
| 64 | #include "dsa.h" | 64 | #include <openssl/dsa.h> |
| 65 | #include "asn1.h" | 65 | #include <openssl/asn1.h> |
| 66 | #include <openssl/engine.h> | ||
| 66 | 67 | ||
| 67 | char *DSA_version="\0DSA part of SSLeay 0.9.0b 29-Jun-1998"; | 68 | const char *DSA_version="DSA" OPENSSL_VERSION_PTEXT; |
| 68 | 69 | ||
| 69 | DSA *DSA_new() | 70 | static const DSA_METHOD *default_DSA_method = NULL; |
| 71 | |||
| 72 | void DSA_set_default_method(const DSA_METHOD *meth) | ||
| 73 | { | ||
| 74 | default_DSA_method = meth; | ||
| 75 | } | ||
| 76 | |||
| 77 | const DSA_METHOD *DSA_get_default_method(void) | ||
| 78 | { | ||
| 79 | if(!default_DSA_method) | ||
| 80 | default_DSA_method = DSA_OpenSSL(); | ||
| 81 | return default_DSA_method; | ||
| 82 | } | ||
| 83 | |||
| 84 | DSA *DSA_new(void) | ||
| 85 | { | ||
| 86 | return DSA_new_method(NULL); | ||
| 87 | } | ||
| 88 | |||
| 89 | int DSA_set_method(DSA *dsa, const DSA_METHOD *meth) | ||
| 90 | { | ||
| 91 | /* NB: The caller is specifically setting a method, so it's not up to us | ||
| 92 | * to deal with which ENGINE it comes from. */ | ||
| 93 | const DSA_METHOD *mtmp; | ||
| 94 | mtmp = dsa->meth; | ||
| 95 | if (mtmp->finish) mtmp->finish(dsa); | ||
| 96 | if (dsa->engine) | ||
| 97 | { | ||
| 98 | ENGINE_finish(dsa->engine); | ||
| 99 | dsa->engine = NULL; | ||
| 100 | } | ||
| 101 | dsa->meth = meth; | ||
| 102 | if (meth->init) meth->init(dsa); | ||
| 103 | return 1; | ||
| 104 | } | ||
| 105 | |||
| 106 | DSA *DSA_new_method(ENGINE *engine) | ||
| 70 | { | 107 | { |
| 71 | DSA *ret; | 108 | DSA *ret; |
| 72 | 109 | ||
| 73 | ret=(DSA *)Malloc(sizeof(DSA)); | 110 | ret=(DSA *)OPENSSL_malloc(sizeof(DSA)); |
| 74 | if (ret == NULL) | 111 | if (ret == NULL) |
| 75 | { | 112 | { |
| 76 | DSAerr(DSA_F_DSA_NEW,ERR_R_MALLOC_FAILURE); | 113 | DSAerr(DSA_F_DSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); |
| 77 | return(NULL); | 114 | return(NULL); |
| 78 | } | 115 | } |
| 116 | ret->meth = DSA_get_default_method(); | ||
| 117 | if (engine) | ||
| 118 | { | ||
| 119 | if (!ENGINE_init(engine)) | ||
| 120 | { | ||
| 121 | DSAerr(DSA_F_DSA_NEW_METHOD, ERR_R_ENGINE_LIB); | ||
| 122 | OPENSSL_free(ret); | ||
| 123 | return NULL; | ||
| 124 | } | ||
| 125 | ret->engine = engine; | ||
| 126 | } | ||
| 127 | else | ||
| 128 | ret->engine = ENGINE_get_default_DSA(); | ||
| 129 | if(ret->engine) | ||
| 130 | { | ||
| 131 | ret->meth = ENGINE_get_DSA(ret->engine); | ||
| 132 | if(!ret->meth) | ||
| 133 | { | ||
| 134 | DSAerr(DSA_F_DSA_NEW_METHOD, | ||
| 135 | ERR_R_ENGINE_LIB); | ||
| 136 | ENGINE_finish(ret->engine); | ||
| 137 | OPENSSL_free(ret); | ||
| 138 | return NULL; | ||
| 139 | } | ||
| 140 | } | ||
| 141 | |||
| 79 | ret->pad=0; | 142 | ret->pad=0; |
| 80 | ret->version=0; | 143 | ret->version=0; |
| 81 | ret->write_params=1; | 144 | ret->write_params=1; |
| @@ -88,13 +151,24 @@ DSA *DSA_new() | |||
| 88 | 151 | ||
| 89 | ret->kinv=NULL; | 152 | ret->kinv=NULL; |
| 90 | ret->r=NULL; | 153 | ret->r=NULL; |
| 154 | ret->method_mont_p=NULL; | ||
| 91 | 155 | ||
| 92 | ret->references=1; | 156 | ret->references=1; |
| 157 | ret->flags=ret->meth->flags; | ||
| 158 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); | ||
| 159 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) | ||
| 160 | { | ||
| 161 | if (ret->engine) | ||
| 162 | ENGINE_finish(ret->engine); | ||
| 163 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, ret, &ret->ex_data); | ||
| 164 | OPENSSL_free(ret); | ||
| 165 | ret=NULL; | ||
| 166 | } | ||
| 167 | |||
| 93 | return(ret); | 168 | return(ret); |
| 94 | } | 169 | } |
| 95 | 170 | ||
| 96 | void DSA_free(r) | 171 | void DSA_free(DSA *r) |
| 97 | DSA *r; | ||
| 98 | { | 172 | { |
| 99 | int i; | 173 | int i; |
| 100 | 174 | ||
| @@ -113,6 +187,13 @@ DSA *r; | |||
| 113 | } | 187 | } |
| 114 | #endif | 188 | #endif |
| 115 | 189 | ||
| 190 | if(r->meth->finish) | ||
| 191 | r->meth->finish(r); | ||
| 192 | if(r->engine) | ||
| 193 | ENGINE_finish(r->engine); | ||
| 194 | |||
| 195 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, r, &r->ex_data); | ||
| 196 | |||
| 116 | if (r->p != NULL) BN_clear_free(r->p); | 197 | if (r->p != NULL) BN_clear_free(r->p); |
| 117 | if (r->q != NULL) BN_clear_free(r->q); | 198 | if (r->q != NULL) BN_clear_free(r->q); |
| 118 | if (r->g != NULL) BN_clear_free(r->g); | 199 | if (r->g != NULL) BN_clear_free(r->g); |
| @@ -120,11 +201,26 @@ DSA *r; | |||
| 120 | if (r->priv_key != NULL) BN_clear_free(r->priv_key); | 201 | if (r->priv_key != NULL) BN_clear_free(r->priv_key); |
| 121 | if (r->kinv != NULL) BN_clear_free(r->kinv); | 202 | if (r->kinv != NULL) BN_clear_free(r->kinv); |
| 122 | if (r->r != NULL) BN_clear_free(r->r); | 203 | if (r->r != NULL) BN_clear_free(r->r); |
| 123 | Free(r); | 204 | OPENSSL_free(r); |
| 205 | } | ||
| 206 | |||
| 207 | int DSA_up_ref(DSA *r) | ||
| 208 | { | ||
| 209 | int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_DSA); | ||
| 210 | #ifdef REF_PRINT | ||
| 211 | REF_PRINT("DSA",r); | ||
| 212 | #endif | ||
| 213 | #ifdef REF_CHECK | ||
| 214 | if (i < 2) | ||
| 215 | { | ||
| 216 | fprintf(stderr, "DSA_up_ref, bad reference count\n"); | ||
| 217 | abort(); | ||
| 218 | } | ||
| 219 | #endif | ||
| 220 | return ((i > 1) ? 1 : 0); | ||
| 124 | } | 221 | } |
| 125 | 222 | ||
| 126 | int DSA_size(r) | 223 | int DSA_size(const DSA *r) |
| 127 | DSA *r; | ||
| 128 | { | 224 | { |
| 129 | int ret,i; | 225 | int ret,i; |
| 130 | ASN1_INTEGER bs; | 226 | ASN1_INTEGER bs; |
| @@ -143,3 +239,57 @@ DSA *r; | |||
| 143 | return(ret); | 239 | return(ret); |
| 144 | } | 240 | } |
| 145 | 241 | ||
| 242 | int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 243 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 244 | { | ||
| 245 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_DSA, argl, argp, | ||
| 246 | new_func, dup_func, free_func); | ||
| 247 | } | ||
| 248 | |||
| 249 | int DSA_set_ex_data(DSA *d, int idx, void *arg) | ||
| 250 | { | ||
| 251 | return(CRYPTO_set_ex_data(&d->ex_data,idx,arg)); | ||
| 252 | } | ||
| 253 | |||
| 254 | void *DSA_get_ex_data(DSA *d, int idx) | ||
| 255 | { | ||
| 256 | return(CRYPTO_get_ex_data(&d->ex_data,idx)); | ||
| 257 | } | ||
| 258 | |||
| 259 | #ifndef OPENSSL_NO_DH | ||
| 260 | DH *DSA_dup_DH(const DSA *r) | ||
| 261 | { | ||
| 262 | /* DSA has p, q, g, optional pub_key, optional priv_key. | ||
| 263 | * DH has p, optional length, g, optional pub_key, optional priv_key. | ||
| 264 | */ | ||
| 265 | |||
| 266 | DH *ret = NULL; | ||
| 267 | |||
| 268 | if (r == NULL) | ||
| 269 | goto err; | ||
| 270 | ret = DH_new(); | ||
| 271 | if (ret == NULL) | ||
| 272 | goto err; | ||
| 273 | if (r->p != NULL) | ||
| 274 | if ((ret->p = BN_dup(r->p)) == NULL) | ||
| 275 | goto err; | ||
| 276 | if (r->q != NULL) | ||
| 277 | ret->length = BN_num_bits(r->q); | ||
| 278 | if (r->g != NULL) | ||
| 279 | if ((ret->g = BN_dup(r->g)) == NULL) | ||
| 280 | goto err; | ||
| 281 | if (r->pub_key != NULL) | ||
| 282 | if ((ret->pub_key = BN_dup(r->pub_key)) == NULL) | ||
| 283 | goto err; | ||
| 284 | if (r->priv_key != NULL) | ||
| 285 | if ((ret->priv_key = BN_dup(r->priv_key)) == NULL) | ||
| 286 | goto err; | ||
| 287 | |||
| 288 | return ret; | ||
| 289 | |||
| 290 | err: | ||
| 291 | if (ret != NULL) | ||
| 292 | DH_free(ret); | ||
| 293 | return NULL; | ||
| 294 | } | ||
| 295 | #endif | ||
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index b51cf6ad8d..37dd5fc994 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -64,6 +64,7 @@ | |||
| 64 | #include <openssl/dsa.h> | 64 | #include <openssl/dsa.h> |
| 65 | #include <openssl/rand.h> | 65 | #include <openssl/rand.h> |
| 66 | #include <openssl/asn1.h> | 66 | #include <openssl/asn1.h> |
| 67 | #include <openssl/engine.h> | ||
| 67 | 68 | ||
| 68 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); | 69 | static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); |
| 69 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); | 70 | static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp); |
| @@ -91,7 +92,7 @@ dsa_finish, | |||
| 91 | NULL | 92 | NULL |
| 92 | }; | 93 | }; |
| 93 | 94 | ||
| 94 | DSA_METHOD *DSA_OpenSSL(void) | 95 | const DSA_METHOD *DSA_OpenSSL(void) |
| 95 | { | 96 | { |
| 96 | return &openssl_dsa_meth; | 97 | return &openssl_dsa_meth; |
| 97 | } | 98 | } |
| @@ -105,6 +106,11 @@ static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) | |||
| 105 | int i,reason=ERR_R_BN_LIB; | 106 | int i,reason=ERR_R_BN_LIB; |
| 106 | DSA_SIG *ret=NULL; | 107 | DSA_SIG *ret=NULL; |
| 107 | 108 | ||
| 109 | if (!dsa->p || !dsa->q || !dsa->g) | ||
| 110 | { | ||
| 111 | reason=DSA_R_MISSING_PARAMETERS; | ||
| 112 | goto err; | ||
| 113 | } | ||
| 108 | BN_init(&m); | 114 | BN_init(&m); |
| 109 | BN_init(&xr); | 115 | BN_init(&xr); |
| 110 | s=BN_new(); | 116 | s=BN_new(); |
| @@ -167,6 +173,11 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 167 | BIGNUM k,*kinv=NULL,*r=NULL; | 173 | BIGNUM k,*kinv=NULL,*r=NULL; |
| 168 | int ret=0; | 174 | int ret=0; |
| 169 | 175 | ||
| 176 | if (!dsa->p || !dsa->q || !dsa->g) | ||
| 177 | { | ||
| 178 | DSAerr(DSA_F_DSA_SIGN_SETUP,DSA_R_MISSING_PARAMETERS); | ||
| 179 | return 0; | ||
| 180 | } | ||
| 170 | if (ctx_in == NULL) | 181 | if (ctx_in == NULL) |
| 171 | { | 182 | { |
| 172 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 183 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| @@ -179,13 +190,9 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 179 | kinv=NULL; | 190 | kinv=NULL; |
| 180 | 191 | ||
| 181 | /* Get random k */ | 192 | /* Get random k */ |
| 182 | for (;;) | 193 | do |
| 183 | { | 194 | if (!BN_rand_range(&k, dsa->q)) goto err; |
| 184 | if (!BN_rand(&k, BN_num_bits(dsa->q), 1, 0)) goto err; | 195 | while (BN_is_zero(&k)); |
| 185 | if (BN_cmp(&k,dsa->q) >= 0) | ||
| 186 | BN_sub(&k,&k,dsa->q); | ||
| 187 | if (!BN_is_zero(&k)) break; | ||
| 188 | } | ||
| 189 | 196 | ||
| 190 | if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) | 197 | if ((dsa->method_mont_p == NULL) && (dsa->flags & DSA_FLAG_CACHE_MONT_P)) |
| 191 | { | 198 | { |
| @@ -228,12 +235,28 @@ static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | |||
| 228 | BIGNUM u1,u2,t1; | 235 | BIGNUM u1,u2,t1; |
| 229 | BN_MONT_CTX *mont=NULL; | 236 | BN_MONT_CTX *mont=NULL; |
| 230 | int ret = -1; | 237 | int ret = -1; |
| 238 | if (!dsa->p || !dsa->q || !dsa->g) | ||
| 239 | { | ||
| 240 | DSAerr(DSA_F_DSA_DO_VERIFY,DSA_R_MISSING_PARAMETERS); | ||
| 241 | return -1; | ||
| 242 | } | ||
| 231 | 243 | ||
| 232 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 244 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 233 | BN_init(&u1); | 245 | BN_init(&u1); |
| 234 | BN_init(&u2); | 246 | BN_init(&u2); |
| 235 | BN_init(&t1); | 247 | BN_init(&t1); |
| 236 | 248 | ||
| 249 | if (BN_is_zero(sig->r) || sig->r->neg || BN_ucmp(sig->r, dsa->q) >= 0) | ||
| 250 | { | ||
| 251 | ret = 0; | ||
| 252 | goto err; | ||
| 253 | } | ||
| 254 | if (BN_is_zero(sig->s) || sig->s->neg || BN_ucmp(sig->s, dsa->q) >= 0) | ||
| 255 | { | ||
| 256 | ret = 0; | ||
| 257 | goto err; | ||
| 258 | } | ||
| 259 | |||
| 237 | /* Calculate W = inv(S) mod Q | 260 | /* Calculate W = inv(S) mod Q |
| 238 | * save W in u2 */ | 261 | * save W in u2 */ |
| 239 | if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; | 262 | if ((BN_mod_inverse(&u2,sig->s,dsa->q,ctx)) == NULL) goto err; |
diff --git a/src/lib/libcrypto/dsa/dsa_sign.c b/src/lib/libcrypto/dsa/dsa_sign.c index 6ca1c318f2..e9469ca62f 100644 --- a/src/lib/libcrypto/dsa/dsa_sign.c +++ b/src/lib/libcrypto/dsa/dsa_sign.c | |||
| @@ -56,160 +56,38 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ | 59 | /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "bn.h" | 63 | #include <openssl/bn.h> |
| 64 | #include "dsa.h" | 64 | #include <openssl/dsa.h> |
| 65 | #include "rand.h" | 65 | #include <openssl/rand.h> |
| 66 | #include "asn1.h" | 66 | #include <openssl/asn1.h> |
| 67 | #include <openssl/engine.h> | ||
| 67 | 68 | ||
| 68 | /* data has already been hashed (probably with SHA or SHA-1). */ | 69 | DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa) |
| 69 | /* DSAerr(DSA_F_DSA_SIGN,DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); */ | ||
| 70 | |||
| 71 | int DSA_sign(type,dgst,dlen,sig,siglen,dsa) | ||
| 72 | int type; | ||
| 73 | unsigned char *dgst; | ||
| 74 | int dlen; | ||
| 75 | unsigned char *sig; /* out */ | ||
| 76 | unsigned int *siglen; /* out */ | ||
| 77 | DSA *dsa; | ||
| 78 | { | 70 | { |
| 79 | BIGNUM *kinv=NULL,*r=NULL; | 71 | return dsa->meth->dsa_do_sign(dgst, dlen, dsa); |
| 80 | BIGNUM *m=NULL; | ||
| 81 | BIGNUM *xr=NULL,*s=NULL; | ||
| 82 | BN_CTX *ctx=NULL; | ||
| 83 | unsigned char *p; | ||
| 84 | int i,len=0,ret=0,reason=ERR_R_BN_LIB; | ||
| 85 | ASN1_INTEGER rbs,sbs; | ||
| 86 | MS_STATIC unsigned char rbuf[50]; /* assuming r is 20 bytes +extra */ | ||
| 87 | MS_STATIC unsigned char sbuf[50]; /* assuming s is 20 bytes +extra */ | ||
| 88 | |||
| 89 | i=BN_num_bytes(dsa->q); /* should be 20 */ | ||
| 90 | if ((dlen > i) || (dlen > 50)) | ||
| 91 | { | ||
| 92 | reason=DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE; | ||
| 93 | goto err; | ||
| 94 | } | ||
| 95 | |||
| 96 | ctx=BN_CTX_new(); | ||
| 97 | if (ctx == NULL) goto err; | ||
| 98 | |||
| 99 | if ((dsa->kinv == NULL) || (dsa->r == NULL)) | ||
| 100 | { | ||
| 101 | if (!DSA_sign_setup(dsa,ctx,&kinv,&r)) goto err; | ||
| 102 | } | ||
| 103 | else | ||
| 104 | { | ||
| 105 | kinv=dsa->kinv; | ||
| 106 | dsa->kinv=NULL; | ||
| 107 | r=dsa->r; | ||
| 108 | dsa->r=NULL; | ||
| 109 | } | ||
| 110 | |||
| 111 | m=BN_new(); | ||
| 112 | xr=BN_new(); | ||
| 113 | s=BN_new(); | ||
| 114 | if (m == NULL || xr == NULL || s == NULL) goto err; | ||
| 115 | |||
| 116 | if (BN_bin2bn(dgst,dlen,m) == NULL) goto err; | ||
| 117 | |||
| 118 | /* Compute s = inv(k) (m + xr) mod q */ | ||
| 119 | if (!BN_mul(xr, dsa->priv_key, r)) goto err; /* s = xr */ | ||
| 120 | if (!BN_add(s, xr, m)) goto err; /* s = m + xr */ | ||
| 121 | if (!BN_mod_mul(s,s,kinv,dsa->q,ctx)) goto err; | ||
| 122 | |||
| 123 | /* | ||
| 124 | * Now create a ASN.1 sequence of the integers R and S. | ||
| 125 | */ | ||
| 126 | rbs.data=rbuf; | ||
| 127 | sbs.data=sbuf; | ||
| 128 | rbs.type = V_ASN1_INTEGER; | ||
| 129 | sbs.type = V_ASN1_INTEGER; | ||
| 130 | rbs.length=BN_bn2bin(r,rbs.data); | ||
| 131 | sbs.length=BN_bn2bin(s,sbs.data); | ||
| 132 | |||
| 133 | len =i2d_ASN1_INTEGER(&rbs,NULL); | ||
| 134 | len+=i2d_ASN1_INTEGER(&sbs,NULL); | ||
| 135 | |||
| 136 | p=sig; | ||
| 137 | ASN1_put_object(&p,1,len,V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL); | ||
| 138 | i2d_ASN1_INTEGER(&rbs,&p); | ||
| 139 | i2d_ASN1_INTEGER(&sbs,&p); | ||
| 140 | *siglen=(p-sig); | ||
| 141 | ret=1; | ||
| 142 | err: | ||
| 143 | if (!ret) DSAerr(DSA_F_DSA_SIGN,reason); | ||
| 144 | |||
| 145 | #if 1 /* do the right thing :-) */ | ||
| 146 | if (kinv != NULL) BN_clear_free(kinv); | ||
| 147 | if (r != NULL) BN_clear_free(r); | ||
| 148 | #endif | ||
| 149 | if (ctx != NULL) BN_CTX_free(ctx); | ||
| 150 | if (m != NULL) BN_clear_free(m); | ||
| 151 | if (xr != NULL) BN_clear_free(xr); | ||
| 152 | if (s != NULL) BN_clear_free(s); | ||
| 153 | return(ret); | ||
| 154 | } | 72 | } |
| 155 | 73 | ||
| 156 | int DSA_sign_setup(dsa,ctx_in,kinvp,rp) | 74 | int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig, |
| 157 | DSA *dsa; | 75 | unsigned int *siglen, DSA *dsa) |
| 158 | BN_CTX *ctx_in; | ||
| 159 | BIGNUM **kinvp; | ||
| 160 | BIGNUM **rp; | ||
| 161 | { | 76 | { |
| 162 | BN_CTX *ctx; | 77 | DSA_SIG *s; |
| 163 | BIGNUM *k=NULL,*kinv=NULL,*r=NULL; | 78 | s=DSA_do_sign(dgst,dlen,dsa); |
| 164 | int ret=0; | 79 | if (s == NULL) |
| 165 | |||
| 166 | if (ctx_in == NULL) | ||
| 167 | { | ||
| 168 | if ((ctx=BN_CTX_new()) == NULL) goto err; | ||
| 169 | } | ||
| 170 | else | ||
| 171 | ctx=ctx_in; | ||
| 172 | |||
| 173 | r=BN_new(); | ||
| 174 | k=BN_new(); | ||
| 175 | if ((r == NULL) || (k == NULL)) | ||
| 176 | goto err; | ||
| 177 | kinv=NULL; | ||
| 178 | |||
| 179 | if (r == NULL) goto err; | ||
| 180 | |||
| 181 | /* Get random k */ | ||
| 182 | for (;;) | ||
| 183 | { | 80 | { |
| 184 | if (!BN_rand(k, BN_num_bits(dsa->q), 1, 0)) goto err; | 81 | *siglen=0; |
| 185 | if (BN_cmp(k,dsa->q) >= 0) | 82 | return(0); |
| 186 | BN_sub(k,k,dsa->q); | ||
| 187 | if (!BN_is_zero(k)) break; | ||
| 188 | } | 83 | } |
| 84 | *siglen=i2d_DSA_SIG(s,&sig); | ||
| 85 | DSA_SIG_free(s); | ||
| 86 | return(1); | ||
| 87 | } | ||
| 189 | 88 | ||
| 190 | /* Compute r = (g^k mod p) mod q */ | 89 | int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) |
| 191 | if (!BN_mod_exp(r,dsa->g,k,dsa->p,ctx)) goto err; | 90 | { |
| 192 | if (!BN_mod(r,r,dsa->q,ctx)) goto err; | 91 | return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp); |
| 193 | |||
| 194 | /* Compute part of 's = inv(k) (m + xr) mod q' */ | ||
| 195 | if ((kinv=BN_mod_inverse(k,dsa->q,ctx)) == NULL) goto err; | ||
| 196 | |||
| 197 | if (*kinvp != NULL) BN_clear_free(*kinvp); | ||
| 198 | *kinvp=kinv; | ||
| 199 | kinv=NULL; | ||
| 200 | if (*rp != NULL) BN_clear_free(*rp); | ||
| 201 | *rp=r; | ||
| 202 | ret=1; | ||
| 203 | err: | ||
| 204 | if (!ret) | ||
| 205 | { | ||
| 206 | DSAerr(DSA_F_DSA_SIGN_SETUP,ERR_R_BN_LIB); | ||
| 207 | if (kinv != NULL) BN_clear_free(kinv); | ||
| 208 | if (r != NULL) BN_clear_free(r); | ||
| 209 | } | ||
| 210 | if (ctx_in == NULL) BN_CTX_free(ctx); | ||
| 211 | if (k != NULL) BN_clear_free(k); | ||
| 212 | if (kinv != NULL) BN_clear_free(kinv); | ||
| 213 | return(ret); | ||
| 214 | } | 92 | } |
| 215 | 93 | ||
diff --git a/src/lib/libcrypto/dsa/dsa_vrf.c b/src/lib/libcrypto/dsa/dsa_vrf.c index 0f860984ed..066c6b5b28 100644 --- a/src/lib/libcrypto/dsa/dsa_vrf.c +++ b/src/lib/libcrypto/dsa/dsa_vrf.c | |||
| @@ -56,97 +56,40 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* Origional version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ | 59 | /* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */ |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "bn.h" | 63 | #include <openssl/bn.h> |
| 64 | #include "dsa.h" | 64 | #include <openssl/dsa.h> |
| 65 | #include "rand.h" | 65 | #include <openssl/rand.h> |
| 66 | #include "asn1.h" | 66 | #include <openssl/asn1.h> |
| 67 | #include "asn1_mac.h" | 67 | #include <openssl/asn1_mac.h> |
| 68 | #include <openssl/engine.h> | ||
| 69 | |||
| 70 | int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, | ||
| 71 | DSA *dsa) | ||
| 72 | { | ||
| 73 | return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa); | ||
| 74 | } | ||
| 68 | 75 | ||
| 69 | /* data has already been hashed (probably with SHA or SHA-1). */ | 76 | /* data has already been hashed (probably with SHA or SHA-1). */ |
| 70 | /* returns | 77 | /* returns |
| 71 | * 1: correct signature | 78 | * 1: correct signature |
| 72 | * 0: incorrect signature | 79 | * 0: incorrect signature |
| 73 | * -1: error | 80 | * -1: error |
| 74 | */ | 81 | */ |
| 75 | int DSA_verify(type,dgst,dgst_len,sigbuf,siglen, dsa) | 82 | int DSA_verify(int type, const unsigned char *dgst, int dgst_len, |
| 76 | int type; | 83 | const unsigned char *sigbuf, int siglen, DSA *dsa) |
| 77 | unsigned char *dgst; | ||
| 78 | int dgst_len; | ||
| 79 | unsigned char *sigbuf; | ||
| 80 | int siglen; | ||
| 81 | DSA *dsa; | ||
| 82 | { | 84 | { |
| 83 | /* The next 3 are used by the M_ASN1 macros */ | 85 | DSA_SIG *s; |
| 84 | long length=siglen; | 86 | int ret=-1; |
| 85 | ASN1_CTX c; | ||
| 86 | unsigned char **pp= &sigbuf; | ||
| 87 | BN_CTX *ctx; | ||
| 88 | BIGNUM *r=NULL; | ||
| 89 | BIGNUM *t1=NULL,*t2=NULL; | ||
| 90 | BIGNUM *u1=NULL,*u2=NULL; | ||
| 91 | ASN1_INTEGER *bs=NULL; | ||
| 92 | int ret = -1; | ||
| 93 | |||
| 94 | ctx=BN_CTX_new(); | ||
| 95 | if (ctx == NULL) goto err; | ||
| 96 | |||
| 97 | t1=BN_new(); | ||
| 98 | t2=BN_new(); | ||
| 99 | if (t1 == NULL || t2 == NULL) goto err; | ||
| 100 | |||
| 101 | M_ASN1_D2I_Init(); | ||
| 102 | M_ASN1_D2I_start_sequence(); | ||
| 103 | M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); | ||
| 104 | if ((r=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn; | ||
| 105 | M_ASN1_D2I_get(bs,d2i_ASN1_INTEGER); | ||
| 106 | if ((u1=BN_bin2bn(bs->data,bs->length,NULL)) == NULL) goto err_bn; | ||
| 107 | if (!asn1_Finish(&c)) goto err; | ||
| 108 | |||
| 109 | /* Calculate W = inv(S) mod Q | ||
| 110 | * save W in u2 */ | ||
| 111 | if ((u2=BN_mod_inverse(u1,dsa->q,ctx)) == NULL) goto err_bn; | ||
| 112 | |||
| 113 | /* save M in u1 */ | ||
| 114 | if (BN_bin2bn(dgst,dgst_len,u1) == NULL) goto err_bn; | ||
| 115 | |||
| 116 | /* u1 = M * w mod q */ | ||
| 117 | if (!BN_mod_mul(u1,u1,u2,dsa->q,ctx)) goto err_bn; | ||
| 118 | |||
| 119 | /* u2 = r * w mod q */ | ||
| 120 | if (!BN_mod_mul(u2,r,u2,dsa->q,ctx)) goto err_bn; | ||
| 121 | 87 | ||
| 122 | /* v = ( g^u1 * y^u2 mod p ) mod q */ | 88 | s = DSA_SIG_new(); |
| 123 | /* let t1 = g ^ u1 mod p */ | 89 | if (s == NULL) return(ret); |
| 124 | if (!BN_mod_exp(t1,dsa->g,u1,dsa->p,ctx)) goto err_bn; | 90 | if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err; |
| 125 | /* let t2 = y ^ u2 mod p */ | 91 | ret=DSA_do_verify(dgst,dgst_len,s,dsa); |
| 126 | if (!BN_mod_exp(t2,dsa->pub_key,u2,dsa->p,ctx)) goto err_bn; | 92 | err: |
| 127 | /* let u1 = t1 * t2 mod p */ | 93 | DSA_SIG_free(s); |
| 128 | if (!BN_mod_mul(u1,t1,t2,dsa->p,ctx)) goto err_bn; | ||
| 129 | /* let u1 = u1 mod q */ | ||
| 130 | if (!BN_mod(u1,u1,dsa->q,ctx)) goto err_bn; | ||
| 131 | /* V is now in u1. If the signature is correct, it will be | ||
| 132 | * equal to R. */ | ||
| 133 | ret=(BN_ucmp(u1, r) == 0); | ||
| 134 | if (0) | ||
| 135 | { | ||
| 136 | err: /* ASN1 error */ | ||
| 137 | DSAerr(DSA_F_DSA_VERIFY,c.error); | ||
| 138 | } | ||
| 139 | if (0) | ||
| 140 | { | ||
| 141 | err_bn: /* BN error */ | ||
| 142 | DSAerr(DSA_F_DSA_VERIFY,ERR_R_BN_LIB); | ||
| 143 | } | ||
| 144 | if (ctx != NULL) BN_CTX_free(ctx); | ||
| 145 | if (r != NULL) BN_free(r); | ||
| 146 | if (t1 != NULL) BN_free(t1); | ||
| 147 | if (t2 != NULL) BN_free(t2); | ||
| 148 | if (u1 != NULL) BN_free(u1); | ||
| 149 | if (u2 != NULL) BN_free(u2); | ||
| 150 | if (bs != NULL) ASN1_BIT_STRING_free(bs); | ||
| 151 | return(ret); | 94 | return(ret); |
| 152 | } | 95 | } |
diff --git a/src/lib/libcrypto/dso/dso.h b/src/lib/libcrypto/dso/dso.h index bed7c464a6..aa721f7feb 100644 --- a/src/lib/libcrypto/dso/dso.h +++ b/src/lib/libcrypto/dso/dso.h | |||
| @@ -70,31 +70,51 @@ extern "C" { | |||
| 70 | #define DSO_CTRL_SET_FLAGS 2 | 70 | #define DSO_CTRL_SET_FLAGS 2 |
| 71 | #define DSO_CTRL_OR_FLAGS 3 | 71 | #define DSO_CTRL_OR_FLAGS 3 |
| 72 | 72 | ||
| 73 | /* These flags control the translation of file-names from canonical to | 73 | /* By default, DSO_load() will translate the provided filename into a form |
| 74 | * native. Eg. in the CryptoSwift support, the "dl" and "dlfcn" | 74 | * typical for the platform (more specifically the DSO_METHOD) using the |
| 75 | * methods will translate "swift" -> "libswift.so" whereas the "win32" | 75 | * dso_name_converter function of the method. Eg. win32 will transform "blah" |
| 76 | * method will translate "swift" -> "swift.dll". NB: Until I can figure | 76 | * into "blah.dll", and dlfcn will transform it into "libblah.so". The |
| 77 | * out how to be more "conventional" with this, the methods will only | 77 | * behaviour can be overriden by setting the name_converter callback in the DSO |
| 78 | * honour this flag if it looks like it was passed a file without any | 78 | * object (using DSO_set_name_converter()). This callback could even utilise |
| 79 | * path and if the filename is small enough. | 79 | * the DSO_METHOD's converter too if it only wants to override behaviour for |
| 80 | */ | 80 | * one or two possible DSO methods. However, the following flag can be set in a |
| 81 | #define DSO_FLAG_NAME_TRANSLATION 0x01 | 81 | * DSO to prevent *any* native name-translation at all - eg. if the caller has |
| 82 | * prompted the user for a path to a driver library so the filename should be | ||
| 83 | * interpreted as-is. */ | ||
| 84 | #define DSO_FLAG_NO_NAME_TRANSLATION 0x01 | ||
| 85 | /* An extra flag to give if only the extension should be added as | ||
| 86 | * translation. This is obviously only of importance on Unix and | ||
| 87 | * other operating systems where the translation also may prefix | ||
| 88 | * the name with something, like 'lib', and ignored everywhere else. | ||
| 89 | * This flag is also ignored if DSO_FLAG_NO_NAME_TRANSLATION is used | ||
| 90 | * at the same time. */ | ||
| 91 | #define DSO_FLAG_NAME_TRANSLATION_EXT_ONLY 0x02 | ||
| 82 | 92 | ||
| 83 | /* The following flag controls the translation of symbol names to upper | 93 | /* The following flag controls the translation of symbol names to upper |
| 84 | * case. This is currently only being implemented for OpenVMS. | 94 | * case. This is currently only being implemented for OpenVMS. |
| 85 | */ | 95 | */ |
| 86 | #define DSO_FLAG_UPCASE_SYMBOL 0x02 | 96 | #define DSO_FLAG_UPCASE_SYMBOL 0x10 |
| 87 | 97 | ||
| 88 | 98 | ||
| 89 | typedef void (*DSO_FUNC_TYPE)(void); | 99 | typedef void (*DSO_FUNC_TYPE)(void); |
| 90 | 100 | ||
| 91 | typedef struct dso_st DSO; | 101 | typedef struct dso_st DSO; |
| 92 | 102 | ||
| 103 | /* The function prototype used for method functions (or caller-provided | ||
| 104 | * callbacks) that transform filenames. They are passed a DSO structure pointer | ||
| 105 | * (or NULL if they are to be used independantly of a DSO object) and a | ||
| 106 | * filename to transform. They should either return NULL (if there is an error | ||
| 107 | * condition) or a newly allocated string containing the transformed form that | ||
| 108 | * the caller will need to free with OPENSSL_free() when done. */ | ||
| 109 | typedef char* (*DSO_NAME_CONVERTER_FUNC)(DSO *, const char *); | ||
| 110 | |||
| 93 | typedef struct dso_meth_st | 111 | typedef struct dso_meth_st |
| 94 | { | 112 | { |
| 95 | const char *name; | 113 | const char *name; |
| 96 | /* Loads a shared library */ | 114 | /* Loads a shared library, NB: new DSO_METHODs must ensure that a |
| 97 | int (*dso_load)(DSO *dso, const char *filename); | 115 | * successful load populates the loaded_filename field, and likewise a |
| 116 | * successful unload OPENSSL_frees and NULLs it out. */ | ||
| 117 | int (*dso_load)(DSO *dso); | ||
| 98 | /* Unloads a shared library */ | 118 | /* Unloads a shared library */ |
| 99 | int (*dso_unload)(DSO *dso); | 119 | int (*dso_unload)(DSO *dso); |
| 100 | /* Binds a variable */ | 120 | /* Binds a variable */ |
| @@ -117,6 +137,9 @@ typedef struct dso_meth_st | |||
| 117 | /* The generic (yuck) "ctrl()" function. NB: Negative return | 137 | /* The generic (yuck) "ctrl()" function. NB: Negative return |
| 118 | * values (rather than zero) indicate errors. */ | 138 | * values (rather than zero) indicate errors. */ |
| 119 | long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); | 139 | long (*dso_ctrl)(DSO *dso, int cmd, long larg, void *parg); |
| 140 | /* The default DSO_METHOD-specific function for converting filenames to | ||
| 141 | * a canonical native form. */ | ||
| 142 | DSO_NAME_CONVERTER_FUNC dso_name_converter; | ||
| 120 | 143 | ||
| 121 | /* [De]Initialisation handlers. */ | 144 | /* [De]Initialisation handlers. */ |
| 122 | int (*init)(DSO *dso); | 145 | int (*init)(DSO *dso); |
| @@ -140,6 +163,23 @@ struct dso_st | |||
| 140 | /* For use by applications etc ... use this for your bits'n'pieces, | 163 | /* For use by applications etc ... use this for your bits'n'pieces, |
| 141 | * don't touch meth_data! */ | 164 | * don't touch meth_data! */ |
| 142 | CRYPTO_EX_DATA ex_data; | 165 | CRYPTO_EX_DATA ex_data; |
| 166 | /* If this callback function pointer is set to non-NULL, then it will | ||
| 167 | * be used on DSO_load() in place of meth->dso_name_converter. NB: This | ||
| 168 | * should normally set using DSO_set_name_converter(). */ | ||
| 169 | DSO_NAME_CONVERTER_FUNC name_converter; | ||
| 170 | /* This is populated with (a copy of) the platform-independant | ||
| 171 | * filename used for this DSO. */ | ||
| 172 | char *filename; | ||
| 173 | /* This is populated with (a copy of) the translated filename by which | ||
| 174 | * the DSO was actually loaded. It is NULL iff the DSO is not currently | ||
| 175 | * loaded. NB: This is here because the filename translation process | ||
| 176 | * may involve a callback being invoked more than once not only to | ||
| 177 | * convert to a platform-specific form, but also to try different | ||
| 178 | * filenames in the process of trying to perform a load. As such, this | ||
| 179 | * variable can be used to indicate (a) whether this DSO structure | ||
| 180 | * corresponds to a loaded library or not, and (b) the filename with | ||
| 181 | * which it was actually loaded. */ | ||
| 182 | char *loaded_filename; | ||
| 143 | }; | 183 | }; |
| 144 | 184 | ||
| 145 | 185 | ||
| @@ -147,10 +187,38 @@ DSO * DSO_new(void); | |||
| 147 | DSO * DSO_new_method(DSO_METHOD *method); | 187 | DSO * DSO_new_method(DSO_METHOD *method); |
| 148 | int DSO_free(DSO *dso); | 188 | int DSO_free(DSO *dso); |
| 149 | int DSO_flags(DSO *dso); | 189 | int DSO_flags(DSO *dso); |
| 150 | int DSO_up(DSO *dso); | 190 | int DSO_up_ref(DSO *dso); |
| 151 | long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); | 191 | long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 152 | 192 | ||
| 153 | void DSO_set_default_method(DSO_METHOD *meth); | 193 | /* This function sets the DSO's name_converter callback. If it is non-NULL, |
| 194 | * then it will be used instead of the associated DSO_METHOD's function. If | ||
| 195 | * oldcb is non-NULL then it is set to the function pointer value being | ||
| 196 | * replaced. Return value is non-zero for success. */ | ||
| 197 | int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, | ||
| 198 | DSO_NAME_CONVERTER_FUNC *oldcb); | ||
| 199 | /* These functions can be used to get/set the platform-independant filename | ||
| 200 | * used for a DSO. NB: set will fail if the DSO is already loaded. */ | ||
| 201 | const char *DSO_get_filename(DSO *dso); | ||
| 202 | int DSO_set_filename(DSO *dso, const char *filename); | ||
| 203 | /* This function will invoke the DSO's name_converter callback to translate a | ||
| 204 | * filename, or if the callback isn't set it will instead use the DSO_METHOD's | ||
| 205 | * converter. If "filename" is NULL, the "filename" in the DSO itself will be | ||
| 206 | * used. If the DSO_FLAG_NO_NAME_TRANSLATION flag is set, then the filename is | ||
| 207 | * simply duplicated. NB: This function is usually called from within a | ||
| 208 | * DSO_METHOD during the processing of a DSO_load() call, and is exposed so that | ||
| 209 | * caller-created DSO_METHODs can do the same thing. A non-NULL return value | ||
| 210 | * will need to be OPENSSL_free()'d. */ | ||
| 211 | char *DSO_convert_filename(DSO *dso, const char *filename); | ||
| 212 | /* If the DSO is currently loaded, this returns the filename that it was loaded | ||
| 213 | * under, otherwise it returns NULL. So it is also useful as a test as to | ||
| 214 | * whether the DSO is currently loaded. NB: This will not necessarily return | ||
| 215 | * the same value as DSO_convert_filename(dso, dso->filename), because the | ||
| 216 | * DSO_METHOD's load function may have tried a variety of filenames (with | ||
| 217 | * and/or without the aid of the converters) before settling on the one it | ||
| 218 | * actually loaded. */ | ||
| 219 | const char *DSO_get_loaded_filename(DSO *dso); | ||
| 220 | |||
| 221 | void DSO_set_default_method(DSO_METHOD *meth); | ||
| 154 | DSO_METHOD *DSO_get_default_method(void); | 222 | DSO_METHOD *DSO_get_default_method(void); |
| 155 | DSO_METHOD *DSO_get_method(DSO *dso); | 223 | DSO_METHOD *DSO_get_method(DSO *dso); |
| 156 | DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); | 224 | DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); |
| @@ -159,8 +227,7 @@ DSO_METHOD *DSO_set_method(DSO *dso, DSO_METHOD *meth); | |||
| 159 | * for the first and third parameters. Use DSO_up and DSO_free for | 227 | * for the first and third parameters. Use DSO_up and DSO_free for |
| 160 | * subsequent reference count handling. Any flags passed in will be set | 228 | * subsequent reference count handling. Any flags passed in will be set |
| 161 | * in the constructed DSO after its init() function but before the | 229 | * in the constructed DSO after its init() function but before the |
| 162 | * load operation. This will be done with; | 230 | * load operation. If 'dso' is non-NULL, 'flags' is ignored. */ |
| 163 | * DSO_ctrl(dso, DSO_CTRL_SET_FLAGS, flags, NULL); */ | ||
| 164 | DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); | 231 | DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags); |
| 165 | 232 | ||
| 166 | /* This function binds to a variable inside a shared library. */ | 233 | /* This function binds to a variable inside a shared library. */ |
| @@ -194,52 +261,58 @@ DSO_METHOD *DSO_METHOD_win32(void); | |||
| 194 | /* If VMS is defined, use shared images. If not, return NULL. */ | 261 | /* If VMS is defined, use shared images. If not, return NULL. */ |
| 195 | DSO_METHOD *DSO_METHOD_vms(void); | 262 | DSO_METHOD *DSO_METHOD_vms(void); |
| 196 | 263 | ||
| 197 | void ERR_load_DSO_strings(void); | ||
| 198 | |||
| 199 | /* BEGIN ERROR CODES */ | 264 | /* BEGIN ERROR CODES */ |
| 200 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 265 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 201 | * made after this point may be overwritten when the script is next run. | 266 | * made after this point may be overwritten when the script is next run. |
| 202 | */ | 267 | */ |
| 268 | void ERR_load_DSO_strings(void); | ||
| 203 | 269 | ||
| 204 | /* Error codes for the DSO functions. */ | 270 | /* Error codes for the DSO functions. */ |
| 205 | 271 | ||
| 206 | /* Function codes. */ | 272 | /* Function codes. */ |
| 207 | #define DSO_F_DLFCN_BIND_FUNC 100 | 273 | #define DSO_F_DLFCN_BIND_FUNC 100 |
| 208 | #define DSO_F_DLFCN_BIND_VAR 101 | 274 | #define DSO_F_DLFCN_BIND_VAR 101 |
| 209 | #define DSO_F_DLFCN_CTRL 102 | 275 | #define DSO_F_DLFCN_LOAD 102 |
| 210 | #define DSO_F_DLFCN_LOAD 103 | 276 | #define DSO_F_DLFCN_NAME_CONVERTER 123 |
| 211 | #define DSO_F_DLFCN_UNLOAD 104 | 277 | #define DSO_F_DLFCN_UNLOAD 103 |
| 212 | #define DSO_F_DL_BIND_FUNC 105 | 278 | #define DSO_F_DL_BIND_FUNC 104 |
| 213 | #define DSO_F_DL_BIND_VAR 106 | 279 | #define DSO_F_DL_BIND_VAR 105 |
| 214 | #define DSO_F_DL_CTRL 107 | 280 | #define DSO_F_DL_LOAD 106 |
| 215 | #define DSO_F_DL_LOAD 108 | 281 | #define DSO_F_DL_NAME_CONVERTER 124 |
| 216 | #define DSO_F_DL_UNLOAD 109 | 282 | #define DSO_F_DL_UNLOAD 107 |
| 217 | #define DSO_F_DSO_BIND_FUNC 110 | 283 | #define DSO_F_DSO_BIND_FUNC 108 |
| 218 | #define DSO_F_DSO_BIND_VAR 111 | 284 | #define DSO_F_DSO_BIND_VAR 109 |
| 219 | #define DSO_F_DSO_CTRL 112 | 285 | #define DSO_F_DSO_CONVERT_FILENAME 126 |
| 220 | #define DSO_F_DSO_FREE 113 | 286 | #define DSO_F_DSO_CTRL 110 |
| 221 | #define DSO_F_DSO_LOAD 114 | 287 | #define DSO_F_DSO_FREE 111 |
| 222 | #define DSO_F_DSO_NEW_METHOD 115 | 288 | #define DSO_F_DSO_GET_FILENAME 127 |
| 223 | #define DSO_F_DSO_UP 116 | 289 | #define DSO_F_DSO_GET_LOADED_FILENAME 128 |
| 224 | #define DSO_F_VMS_BIND_VAR 122 | 290 | #define DSO_F_DSO_LOAD 112 |
| 225 | #define DSO_F_VMS_CTRL 123 | 291 | #define DSO_F_DSO_NEW_METHOD 113 |
| 226 | #define DSO_F_VMS_LOAD 124 | 292 | #define DSO_F_DSO_SET_FILENAME 129 |
| 227 | #define DSO_F_VMS_UNLOAD 125 | 293 | #define DSO_F_DSO_SET_NAME_CONVERTER 122 |
| 228 | #define DSO_F_WIN32_BIND_FUNC 117 | 294 | #define DSO_F_DSO_UP_REF 114 |
| 229 | #define DSO_F_WIN32_BIND_VAR 118 | 295 | #define DSO_F_VMS_BIND_VAR 115 |
| 230 | #define DSO_F_WIN32_CTRL 119 | 296 | #define DSO_F_VMS_LOAD 116 |
| 297 | #define DSO_F_VMS_UNLOAD 117 | ||
| 298 | #define DSO_F_WIN32_BIND_FUNC 118 | ||
| 299 | #define DSO_F_WIN32_BIND_VAR 119 | ||
| 231 | #define DSO_F_WIN32_LOAD 120 | 300 | #define DSO_F_WIN32_LOAD 120 |
| 301 | #define DSO_F_WIN32_NAME_CONVERTER 125 | ||
| 232 | #define DSO_F_WIN32_UNLOAD 121 | 302 | #define DSO_F_WIN32_UNLOAD 121 |
| 233 | 303 | ||
| 234 | /* Reason codes. */ | 304 | /* Reason codes. */ |
| 235 | #define DSO_R_CTRL_FAILED 100 | 305 | #define DSO_R_CTRL_FAILED 100 |
| 236 | #define DSO_R_FILENAME_TOO_BIG 109 | 306 | #define DSO_R_DSO_ALREADY_LOADED 110 |
| 237 | #define DSO_R_FINISH_FAILED 101 | 307 | #define DSO_R_FILENAME_TOO_BIG 101 |
| 238 | #define DSO_R_LOAD_FAILED 102 | 308 | #define DSO_R_FINISH_FAILED 102 |
| 239 | #define DSO_R_NULL_HANDLE 103 | 309 | #define DSO_R_LOAD_FAILED 103 |
| 240 | #define DSO_R_STACK_ERROR 104 | 310 | #define DSO_R_NAME_TRANSLATION_FAILED 109 |
| 241 | #define DSO_R_SYM_FAILURE 105 | 311 | #define DSO_R_NO_FILENAME 111 |
| 242 | #define DSO_R_UNKNOWN_COMMAND 106 | 312 | #define DSO_R_NULL_HANDLE 104 |
| 313 | #define DSO_R_SET_FILENAME_FAILED 112 | ||
| 314 | #define DSO_R_STACK_ERROR 105 | ||
| 315 | #define DSO_R_SYM_FAILURE 106 | ||
| 243 | #define DSO_R_UNLOAD_FAILED 107 | 316 | #define DSO_R_UNLOAD_FAILED 107 |
| 244 | #define DSO_R_UNSUPPORTED 108 | 317 | #define DSO_R_UNSUPPORTED 108 |
| 245 | 318 | ||
| @@ -247,4 +320,3 @@ void ERR_load_DSO_strings(void); | |||
| 247 | } | 320 | } |
| 248 | #endif | 321 | #endif |
| 249 | #endif | 322 | #endif |
| 250 | |||
diff --git a/src/lib/libcrypto/dso/dso_dlfcn.c b/src/lib/libcrypto/dso/dso_dlfcn.c index e709c721cc..906b4703de 100644 --- a/src/lib/libcrypto/dso/dso_dlfcn.c +++ b/src/lib/libcrypto/dso/dso_dlfcn.c | |||
| @@ -74,7 +74,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) | |||
| 74 | /* Part of the hack in "dlfcn_load" ... */ | 74 | /* Part of the hack in "dlfcn_load" ... */ |
| 75 | #define DSO_MAX_TRANSLATED_SIZE 256 | 75 | #define DSO_MAX_TRANSLATED_SIZE 256 |
| 76 | 76 | ||
| 77 | static int dlfcn_load(DSO *dso, const char *filename); | 77 | static int dlfcn_load(DSO *dso); |
| 78 | static int dlfcn_unload(DSO *dso); | 78 | static int dlfcn_unload(DSO *dso); |
| 79 | static void *dlfcn_bind_var(DSO *dso, const char *symname); | 79 | static void *dlfcn_bind_var(DSO *dso, const char *symname); |
| 80 | static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); | 80 | static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); |
| @@ -82,8 +82,9 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname); | |||
| 82 | static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); | 82 | static int dlfcn_unbind(DSO *dso, char *symname, void *symptr); |
| 83 | static int dlfcn_init(DSO *dso); | 83 | static int dlfcn_init(DSO *dso); |
| 84 | static int dlfcn_finish(DSO *dso); | 84 | static int dlfcn_finish(DSO *dso); |
| 85 | #endif | ||
| 86 | static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); | 85 | static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg); |
| 86 | #endif | ||
| 87 | static char *dlfcn_name_converter(DSO *dso, const char *filename); | ||
| 87 | 88 | ||
| 88 | static DSO_METHOD dso_meth_dlfcn = { | 89 | static DSO_METHOD dso_meth_dlfcn = { |
| 89 | "OpenSSL 'dlfcn' shared library method", | 90 | "OpenSSL 'dlfcn' shared library method", |
| @@ -96,7 +97,8 @@ static DSO_METHOD dso_meth_dlfcn = { | |||
| 96 | NULL, /* unbind_var */ | 97 | NULL, /* unbind_var */ |
| 97 | NULL, /* unbind_func */ | 98 | NULL, /* unbind_func */ |
| 98 | #endif | 99 | #endif |
| 99 | dlfcn_ctrl, | 100 | NULL, /* ctrl */ |
| 101 | dlfcn_name_converter, | ||
| 100 | NULL, /* init */ | 102 | NULL, /* init */ |
| 101 | NULL /* finish */ | 103 | NULL /* finish */ |
| 102 | }; | 104 | }; |
| @@ -112,7 +114,7 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) | |||
| 112 | * as we don't have autoconf yet, I'm implementing a hack that could | 114 | * as we don't have autoconf yet, I'm implementing a hack that could |
| 113 | * be hacked further relatively easily to deal with cases as we find | 115 | * be hacked further relatively easily to deal with cases as we find |
| 114 | * them. Initially this is to cope with OpenBSD. */ | 116 | * them. Initially this is to cope with OpenBSD. */ |
| 115 | #ifdef __OpenBSD__ | 117 | #if defined(__OpenBSD__) || defined(__NetBSD__) |
| 116 | # ifdef DL_LAZY | 118 | # ifdef DL_LAZY |
| 117 | # define DLOPEN_FLAG DL_LAZY | 119 | # define DLOPEN_FLAG DL_LAZY |
| 118 | # else | 120 | # else |
| @@ -130,41 +132,40 @@ DSO_METHOD *DSO_METHOD_dlfcn(void) | |||
| 130 | * (i) the handle (void*) returned from dlopen(). | 132 | * (i) the handle (void*) returned from dlopen(). |
| 131 | */ | 133 | */ |
| 132 | 134 | ||
| 133 | static int dlfcn_load(DSO *dso, const char *filename) | 135 | static int dlfcn_load(DSO *dso) |
| 134 | { | 136 | { |
| 135 | void *ptr; | 137 | void *ptr = NULL; |
| 136 | char translated[DSO_MAX_TRANSLATED_SIZE]; | 138 | /* See applicable comments in dso_dl.c */ |
| 137 | int len; | 139 | char *filename = DSO_convert_filename(dso, NULL); |
| 138 | 140 | ||
| 139 | /* NB: This is a hideous hack, but I'm not yet sure what | 141 | if(filename == NULL) |
| 140 | * to replace it with. This attempts to convert any filename, | ||
| 141 | * that looks like it has no path information, into a | ||
| 142 | * translated form, e. "blah" -> "libblah.so" */ | ||
| 143 | len = strlen(filename); | ||
| 144 | if((dso->flags & DSO_FLAG_NAME_TRANSLATION) && | ||
| 145 | (len + 6 < DSO_MAX_TRANSLATED_SIZE) && | ||
| 146 | (strstr(filename, "/") == NULL)) | ||
| 147 | { | 142 | { |
| 148 | sprintf(translated, "lib%s.so", filename); | 143 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_NO_FILENAME); |
| 149 | ptr = dlopen(translated, DLOPEN_FLAG); | 144 | goto err; |
| 150 | } | ||
| 151 | else | ||
| 152 | { | ||
| 153 | ptr = dlopen(filename, DLOPEN_FLAG); | ||
| 154 | } | 145 | } |
| 146 | ptr = dlopen(filename, DLOPEN_FLAG); | ||
| 155 | if(ptr == NULL) | 147 | if(ptr == NULL) |
| 156 | { | 148 | { |
| 157 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); | 149 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_LOAD_FAILED); |
| 158 | return(0); | 150 | ERR_add_error_data(4, "filename(", filename, "): ", dlerror()); |
| 151 | goto err; | ||
| 159 | } | 152 | } |
| 160 | if(!sk_push(dso->meth_data, (char *)ptr)) | 153 | if(!sk_push(dso->meth_data, (char *)ptr)) |
| 161 | { | 154 | { |
| 162 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); | 155 | DSOerr(DSO_F_DLFCN_LOAD,DSO_R_STACK_ERROR); |
| 163 | dlclose(ptr); | 156 | goto err; |
| 164 | return(0); | ||
| 165 | } | 157 | } |
| 158 | /* Success */ | ||
| 159 | dso->loaded_filename = filename; | ||
| 166 | return(1); | 160 | return(1); |
| 167 | } | 161 | err: |
| 162 | /* Cleanup! */ | ||
| 163 | if(filename != NULL) | ||
| 164 | OPENSSL_free(filename); | ||
| 165 | if(ptr != NULL) | ||
| 166 | dlclose(ptr); | ||
| 167 | return(0); | ||
| 168 | } | ||
| 168 | 169 | ||
| 169 | static int dlfcn_unload(DSO *dso) | 170 | static int dlfcn_unload(DSO *dso) |
| 170 | { | 171 | { |
| @@ -214,6 +215,7 @@ static void *dlfcn_bind_var(DSO *dso, const char *symname) | |||
| 214 | if(sym == NULL) | 215 | if(sym == NULL) |
| 215 | { | 216 | { |
| 216 | DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE); | 217 | DSOerr(DSO_F_DLFCN_BIND_VAR,DSO_R_SYM_FAILURE); |
| 218 | ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); | ||
| 217 | return(NULL); | 219 | return(NULL); |
| 218 | } | 220 | } |
| 219 | return(sym); | 221 | return(sym); |
| @@ -244,33 +246,44 @@ static DSO_FUNC_TYPE dlfcn_bind_func(DSO *dso, const char *symname) | |||
| 244 | if(sym == NULL) | 246 | if(sym == NULL) |
| 245 | { | 247 | { |
| 246 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); | 248 | DSOerr(DSO_F_DLFCN_BIND_FUNC,DSO_R_SYM_FAILURE); |
| 249 | ERR_add_error_data(4, "symname(", symname, "): ", dlerror()); | ||
| 247 | return(NULL); | 250 | return(NULL); |
| 248 | } | 251 | } |
| 249 | return(sym); | 252 | return(sym); |
| 250 | } | 253 | } |
| 251 | 254 | ||
| 252 | static long dlfcn_ctrl(DSO *dso, int cmd, long larg, void *parg) | 255 | static char *dlfcn_name_converter(DSO *dso, const char *filename) |
| 253 | { | 256 | { |
| 254 | if(dso == NULL) | 257 | char *translated; |
| 258 | int len, rsize, transform; | ||
| 259 | |||
| 260 | len = strlen(filename); | ||
| 261 | rsize = len + 1; | ||
| 262 | transform = (strstr(filename, "/") == NULL); | ||
| 263 | if(transform) | ||
| 255 | { | 264 | { |
| 256 | DSOerr(DSO_F_DLFCN_CTRL,ERR_R_PASSED_NULL_PARAMETER); | 265 | /* We will convert this to "%s.so" or "lib%s.so" */ |
| 257 | return(-1); | 266 | rsize += 3; /* The length of ".so" */ |
| 267 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | ||
| 268 | rsize += 3; /* The length of "lib" */ | ||
| 258 | } | 269 | } |
| 259 | switch(cmd) | 270 | translated = OPENSSL_malloc(rsize); |
| 271 | if(translated == NULL) | ||
| 260 | { | 272 | { |
| 261 | case DSO_CTRL_GET_FLAGS: | 273 | DSOerr(DSO_F_DLFCN_NAME_CONVERTER, |
| 262 | return dso->flags; | 274 | DSO_R_NAME_TRANSLATION_FAILED); |
| 263 | case DSO_CTRL_SET_FLAGS: | 275 | return(NULL); |
| 264 | dso->flags = (int)larg; | ||
| 265 | return(0); | ||
| 266 | case DSO_CTRL_OR_FLAGS: | ||
| 267 | dso->flags |= (int)larg; | ||
| 268 | return(0); | ||
| 269 | default: | ||
| 270 | break; | ||
| 271 | } | 276 | } |
| 272 | DSOerr(DSO_F_DLFCN_CTRL,DSO_R_UNKNOWN_COMMAND); | 277 | if(transform) |
| 273 | return(-1); | 278 | { |
| 279 | if ((DSO_flags(dso) & DSO_FLAG_NAME_TRANSLATION_EXT_ONLY) == 0) | ||
| 280 | sprintf(translated, "lib%s.so", filename); | ||
| 281 | else | ||
| 282 | sprintf(translated, "%s.so", filename); | ||
| 283 | } | ||
| 284 | else | ||
| 285 | sprintf(translated, "%s", filename); | ||
| 286 | return(translated); | ||
| 274 | } | 287 | } |
| 275 | 288 | ||
| 276 | #endif /* DSO_DLFCN */ | 289 | #endif /* DSO_DLFCN */ |
diff --git a/src/lib/libcrypto/dso/dso_err.c b/src/lib/libcrypto/dso/dso_err.c index a3d7321c9b..cf452de1aa 100644 --- a/src/lib/libcrypto/dso/dso_err.c +++ b/src/lib/libcrypto/dso/dso_err.c | |||
| @@ -63,34 +63,38 @@ | |||
| 63 | #include <openssl/dso.h> | 63 | #include <openssl/dso.h> |
| 64 | 64 | ||
| 65 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 66 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 67 | static ERR_STRING_DATA DSO_str_functs[]= | 67 | static ERR_STRING_DATA DSO_str_functs[]= |
| 68 | { | 68 | { |
| 69 | {ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, | 69 | {ERR_PACK(0,DSO_F_DLFCN_BIND_FUNC,0), "DLFCN_BIND_FUNC"}, |
| 70 | {ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, | 70 | {ERR_PACK(0,DSO_F_DLFCN_BIND_VAR,0), "DLFCN_BIND_VAR"}, |
| 71 | {ERR_PACK(0,DSO_F_DLFCN_CTRL,0), "DLFCN_CTRL"}, | ||
| 72 | {ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, | 71 | {ERR_PACK(0,DSO_F_DLFCN_LOAD,0), "DLFCN_LOAD"}, |
| 72 | {ERR_PACK(0,DSO_F_DLFCN_NAME_CONVERTER,0), "DLFCN_NAME_CONVERTER"}, | ||
| 73 | {ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, | 73 | {ERR_PACK(0,DSO_F_DLFCN_UNLOAD,0), "DLFCN_UNLOAD"}, |
| 74 | {ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, | 74 | {ERR_PACK(0,DSO_F_DL_BIND_FUNC,0), "DL_BIND_FUNC"}, |
| 75 | {ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, | 75 | {ERR_PACK(0,DSO_F_DL_BIND_VAR,0), "DL_BIND_VAR"}, |
| 76 | {ERR_PACK(0,DSO_F_DL_CTRL,0), "DL_CTRL"}, | ||
| 77 | {ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, | 76 | {ERR_PACK(0,DSO_F_DL_LOAD,0), "DL_LOAD"}, |
| 77 | {ERR_PACK(0,DSO_F_DL_NAME_CONVERTER,0), "DL_NAME_CONVERTER"}, | ||
| 78 | {ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, | 78 | {ERR_PACK(0,DSO_F_DL_UNLOAD,0), "DL_UNLOAD"}, |
| 79 | {ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, | 79 | {ERR_PACK(0,DSO_F_DSO_BIND_FUNC,0), "DSO_bind_func"}, |
| 80 | {ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, | 80 | {ERR_PACK(0,DSO_F_DSO_BIND_VAR,0), "DSO_bind_var"}, |
| 81 | {ERR_PACK(0,DSO_F_DSO_CONVERT_FILENAME,0), "DSO_convert_filename"}, | ||
| 81 | {ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, | 82 | {ERR_PACK(0,DSO_F_DSO_CTRL,0), "DSO_ctrl"}, |
| 82 | {ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, | 83 | {ERR_PACK(0,DSO_F_DSO_FREE,0), "DSO_free"}, |
| 84 | {ERR_PACK(0,DSO_F_DSO_GET_FILENAME,0), "DSO_get_filename"}, | ||
| 85 | {ERR_PACK(0,DSO_F_DSO_GET_LOADED_FILENAME,0), "DSO_get_loaded_filename"}, | ||
| 83 | {ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, | 86 | {ERR_PACK(0,DSO_F_DSO_LOAD,0), "DSO_load"}, |
| 84 | {ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, | 87 | {ERR_PACK(0,DSO_F_DSO_NEW_METHOD,0), "DSO_new_method"}, |
| 85 | {ERR_PACK(0,DSO_F_DSO_UP,0), "DSO_up"}, | 88 | {ERR_PACK(0,DSO_F_DSO_SET_FILENAME,0), "DSO_set_filename"}, |
| 89 | {ERR_PACK(0,DSO_F_DSO_SET_NAME_CONVERTER,0), "DSO_set_name_converter"}, | ||
| 90 | {ERR_PACK(0,DSO_F_DSO_UP_REF,0), "DSO_up_ref"}, | ||
| 86 | {ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, | 91 | {ERR_PACK(0,DSO_F_VMS_BIND_VAR,0), "VMS_BIND_VAR"}, |
| 87 | {ERR_PACK(0,DSO_F_VMS_CTRL,0), "VMS_CTRL"}, | ||
| 88 | {ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, | 92 | {ERR_PACK(0,DSO_F_VMS_LOAD,0), "VMS_LOAD"}, |
| 89 | {ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, | 93 | {ERR_PACK(0,DSO_F_VMS_UNLOAD,0), "VMS_UNLOAD"}, |
| 90 | {ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, | 94 | {ERR_PACK(0,DSO_F_WIN32_BIND_FUNC,0), "WIN32_BIND_FUNC"}, |
| 91 | {ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, | 95 | {ERR_PACK(0,DSO_F_WIN32_BIND_VAR,0), "WIN32_BIND_VAR"}, |
| 92 | {ERR_PACK(0,DSO_F_WIN32_CTRL,0), "WIN32_CTRL"}, | ||
| 93 | {ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, | 96 | {ERR_PACK(0,DSO_F_WIN32_LOAD,0), "WIN32_LOAD"}, |
| 97 | {ERR_PACK(0,DSO_F_WIN32_NAME_CONVERTER,0), "WIN32_NAME_CONVERTER"}, | ||
| 94 | {ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, | 98 | {ERR_PACK(0,DSO_F_WIN32_UNLOAD,0), "WIN32_UNLOAD"}, |
| 95 | {0,NULL} | 99 | {0,NULL} |
| 96 | }; | 100 | }; |
| @@ -98,13 +102,16 @@ static ERR_STRING_DATA DSO_str_functs[]= | |||
| 98 | static ERR_STRING_DATA DSO_str_reasons[]= | 102 | static ERR_STRING_DATA DSO_str_reasons[]= |
| 99 | { | 103 | { |
| 100 | {DSO_R_CTRL_FAILED ,"control command failed"}, | 104 | {DSO_R_CTRL_FAILED ,"control command failed"}, |
| 105 | {DSO_R_DSO_ALREADY_LOADED ,"dso already loaded"}, | ||
| 101 | {DSO_R_FILENAME_TOO_BIG ,"filename too big"}, | 106 | {DSO_R_FILENAME_TOO_BIG ,"filename too big"}, |
| 102 | {DSO_R_FINISH_FAILED ,"cleanup method function failed"}, | 107 | {DSO_R_FINISH_FAILED ,"cleanup method function failed"}, |
| 103 | {DSO_R_LOAD_FAILED ,"could not load the shared library"}, | 108 | {DSO_R_LOAD_FAILED ,"could not load the shared library"}, |
| 109 | {DSO_R_NAME_TRANSLATION_FAILED ,"name translation failed"}, | ||
| 110 | {DSO_R_NO_FILENAME ,"no filename"}, | ||
| 104 | {DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, | 111 | {DSO_R_NULL_HANDLE ,"a null shared library handle was used"}, |
| 112 | {DSO_R_SET_FILENAME_FAILED ,"set filename failed"}, | ||
| 105 | {DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, | 113 | {DSO_R_STACK_ERROR ,"the meth_data stack is corrupt"}, |
| 106 | {DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, | 114 | {DSO_R_SYM_FAILURE ,"could not bind to the requested symbol name"}, |
| 107 | {DSO_R_UNKNOWN_COMMAND ,"unknown control command"}, | ||
| 108 | {DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, | 115 | {DSO_R_UNLOAD_FAILED ,"could not unload the shared library"}, |
| 109 | {DSO_R_UNSUPPORTED ,"functionality not supported"}, | 116 | {DSO_R_UNSUPPORTED ,"functionality not supported"}, |
| 110 | {0,NULL} | 117 | {0,NULL} |
| @@ -119,7 +126,7 @@ void ERR_load_DSO_strings(void) | |||
| 119 | if (init) | 126 | if (init) |
| 120 | { | 127 | { |
| 121 | init=0; | 128 | init=0; |
| 122 | #ifndef NO_ERR | 129 | #ifndef OPENSSL_NO_ERR |
| 123 | ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); | 130 | ERR_load_strings(ERR_LIB_DSO,DSO_str_functs); |
| 124 | ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); | 131 | ERR_load_strings(ERR_LIB_DSO,DSO_str_reasons); |
| 125 | #endif | 132 | #endif |
diff --git a/src/lib/libcrypto/dso/dso_lib.c b/src/lib/libcrypto/dso/dso_lib.c index acd166697e..556069b9b8 100644 --- a/src/lib/libcrypto/dso/dso_lib.c +++ b/src/lib/libcrypto/dso/dso_lib.c | |||
| @@ -108,7 +108,7 @@ DSO *DSO_new_method(DSO_METHOD *meth) | |||
| 108 | } | 108 | } |
| 109 | memset(ret, 0, sizeof(DSO)); | 109 | memset(ret, 0, sizeof(DSO)); |
| 110 | ret->meth_data = sk_new_null(); | 110 | ret->meth_data = sk_new_null(); |
| 111 | if((ret->meth_data = sk_new_null()) == NULL) | 111 | if(ret->meth_data == NULL) |
| 112 | { | 112 | { |
| 113 | /* sk_new doesn't generate any errors so we do */ | 113 | /* sk_new doesn't generate any errors so we do */ |
| 114 | DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); | 114 | DSOerr(DSO_F_DSO_NEW_METHOD,ERR_R_MALLOC_FAILURE); |
| @@ -164,6 +164,10 @@ int DSO_free(DSO *dso) | |||
| 164 | } | 164 | } |
| 165 | 165 | ||
| 166 | sk_free(dso->meth_data); | 166 | sk_free(dso->meth_data); |
| 167 | if(dso->filename != NULL) | ||
| 168 | OPENSSL_free(dso->filename); | ||
| 169 | if(dso->loaded_filename != NULL) | ||
| 170 | OPENSSL_free(dso->loaded_filename); | ||
| 167 | 171 | ||
| 168 | OPENSSL_free(dso); | 172 | OPENSSL_free(dso); |
| 169 | return(1); | 173 | return(1); |
| @@ -175,11 +179,11 @@ int DSO_flags(DSO *dso) | |||
| 175 | } | 179 | } |
| 176 | 180 | ||
| 177 | 181 | ||
| 178 | int DSO_up(DSO *dso) | 182 | int DSO_up_ref(DSO *dso) |
| 179 | { | 183 | { |
| 180 | if (dso == NULL) | 184 | if (dso == NULL) |
| 181 | { | 185 | { |
| 182 | DSOerr(DSO_F_DSO_UP,ERR_R_PASSED_NULL_PARAMETER); | 186 | DSOerr(DSO_F_DSO_UP_REF,ERR_R_PASSED_NULL_PARAMETER); |
| 183 | return(0); | 187 | return(0); |
| 184 | } | 188 | } |
| 185 | 189 | ||
| @@ -192,48 +196,60 @@ DSO *DSO_load(DSO *dso, const char *filename, DSO_METHOD *meth, int flags) | |||
| 192 | DSO *ret; | 196 | DSO *ret; |
| 193 | int allocated = 0; | 197 | int allocated = 0; |
| 194 | 198 | ||
| 195 | if(filename == NULL) | ||
| 196 | { | ||
| 197 | DSOerr(DSO_F_DSO_LOAD,ERR_R_PASSED_NULL_PARAMETER); | ||
| 198 | return(NULL); | ||
| 199 | } | ||
| 200 | if(dso == NULL) | 199 | if(dso == NULL) |
| 201 | { | 200 | { |
| 202 | ret = DSO_new_method(meth); | 201 | ret = DSO_new_method(meth); |
| 203 | if(ret == NULL) | 202 | if(ret == NULL) |
| 204 | { | 203 | { |
| 205 | DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); | 204 | DSOerr(DSO_F_DSO_LOAD,ERR_R_MALLOC_FAILURE); |
| 206 | return(NULL); | 205 | goto err; |
| 207 | } | 206 | } |
| 208 | allocated = 1; | 207 | allocated = 1; |
| 208 | /* Pass the provided flags to the new DSO object */ | ||
| 209 | if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) | ||
| 210 | { | ||
| 211 | DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); | ||
| 212 | goto err; | ||
| 213 | } | ||
| 209 | } | 214 | } |
| 210 | else | 215 | else |
| 211 | ret = dso; | 216 | ret = dso; |
| 212 | /* Bleurgh ... have to check for negative return values for | 217 | /* Don't load if we're currently already loaded */ |
| 213 | * errors. <grimace> */ | 218 | if(ret->filename != NULL) |
| 214 | if(DSO_ctrl(ret, DSO_CTRL_SET_FLAGS, flags, NULL) < 0) | ||
| 215 | { | 219 | { |
| 216 | DSOerr(DSO_F_DSO_LOAD,DSO_R_CTRL_FAILED); | 220 | DSOerr(DSO_F_DSO_LOAD,DSO_R_DSO_ALREADY_LOADED); |
| 217 | if(allocated) | 221 | goto err; |
| 218 | DSO_free(ret); | 222 | } |
| 219 | return(NULL); | 223 | /* filename can only be NULL if we were passed a dso that already has |
| 224 | * one set. */ | ||
| 225 | if(filename != NULL) | ||
| 226 | if(!DSO_set_filename(ret, filename)) | ||
| 227 | { | ||
| 228 | DSOerr(DSO_F_DSO_LOAD,DSO_R_SET_FILENAME_FAILED); | ||
| 229 | goto err; | ||
| 230 | } | ||
| 231 | filename = ret->filename; | ||
| 232 | if(filename == NULL) | ||
| 233 | { | ||
| 234 | DSOerr(DSO_F_DSO_LOAD,DSO_R_NO_FILENAME); | ||
| 235 | goto err; | ||
| 220 | } | 236 | } |
| 221 | if(ret->meth->dso_load == NULL) | 237 | if(ret->meth->dso_load == NULL) |
| 222 | { | 238 | { |
| 223 | DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); | 239 | DSOerr(DSO_F_DSO_LOAD,DSO_R_UNSUPPORTED); |
| 224 | if(allocated) | 240 | goto err; |
| 225 | DSO_free(ret); | ||
| 226 | return(NULL); | ||
| 227 | } | 241 | } |
| 228 | if(!ret->meth->dso_load(ret, filename)) | 242 | if(!ret->meth->dso_load(ret)) |
| 229 | { | 243 | { |
| 230 | DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); | 244 | DSOerr(DSO_F_DSO_LOAD,DSO_R_LOAD_FAILED); |
| 231 | if(allocated) | 245 | goto err; |
| 232 | DSO_free(ret); | ||
| 233 | return(NULL); | ||
| 234 | } | 246 | } |
| 235 | /* Load succeeded */ | 247 | /* Load succeeded */ |
| 236 | return(ret); | 248 | return(ret); |
| 249 | err: | ||
| 250 | if(allocated) | ||
| 251 | DSO_free(ret); | ||
| 252 | return(NULL); | ||
| 237 | } | 253 | } |
| 238 | 254 | ||
| 239 | void *DSO_bind_var(DSO *dso, const char *symname) | 255 | void *DSO_bind_var(DSO *dso, const char *symname) |
| @@ -297,6 +313,22 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) | |||
| 297 | DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER); | 313 | DSOerr(DSO_F_DSO_CTRL,ERR_R_PASSED_NULL_PARAMETER); |
| 298 | return(-1); | 314 | return(-1); |
| 299 | } | 315 | } |
| 316 | /* We should intercept certain generic commands and only pass control | ||
| 317 | * to the method-specific ctrl() function if it's something we don't | ||
| 318 | * handle. */ | ||
| 319 | switch(cmd) | ||
| 320 | { | ||
| 321 | case DSO_CTRL_GET_FLAGS: | ||
| 322 | return dso->flags; | ||
| 323 | case DSO_CTRL_SET_FLAGS: | ||
| 324 | dso->flags = (int)larg; | ||
| 325 | return(0); | ||
| 326 | case DSO_CTRL_OR_FLAGS: | ||
| 327 | dso->flags |= (int)larg; | ||
| 328 | return(0); | ||
| 329 | default: | ||
| 330 | break; | ||
| 331 | } | ||
| 300 | if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) | 332 | if((dso->meth == NULL) || (dso->meth->dso_ctrl == NULL)) |
| 301 | { | 333 | { |
| 302 | DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED); | 334 | DSOerr(DSO_F_DSO_CTRL,DSO_R_UNSUPPORTED); |
| @@ -304,3 +336,104 @@ long DSO_ctrl(DSO *dso, int cmd, long larg, void *parg) | |||
| 304 | } | 336 | } |
| 305 | return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); | 337 | return(dso->meth->dso_ctrl(dso,cmd,larg,parg)); |
| 306 | } | 338 | } |
| 339 | |||
| 340 | int DSO_set_name_converter(DSO *dso, DSO_NAME_CONVERTER_FUNC cb, | ||
| 341 | DSO_NAME_CONVERTER_FUNC *oldcb) | ||
| 342 | { | ||
| 343 | if(dso == NULL) | ||
| 344 | { | ||
| 345 | DSOerr(DSO_F_DSO_SET_NAME_CONVERTER, | ||
| 346 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 347 | return(0); | ||
| 348 | } | ||
| 349 | if(oldcb) | ||
| 350 | *oldcb = dso->name_converter; | ||
| 351 | dso->name_converter = cb; | ||
| 352 | return(1); | ||
| 353 | } | ||
| 354 | |||
| 355 | const char *DSO_get_filename(DSO *dso) | ||
| 356 | { | ||
| 357 | if(dso == NULL) | ||
| 358 | { | ||
| 359 | DSOerr(DSO_F_DSO_GET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); | ||
| 360 | return(NULL); | ||
| 361 | } | ||
| 362 | return(dso->filename); | ||
| 363 | } | ||
| 364 | |||
| 365 | int DSO_set_filename(DSO *dso, const char *filename) | ||
| 366 | { | ||
| 367 | char *copied; | ||
| 368 | |||
| 369 | if((dso == NULL) || (filename == NULL)) | ||
| 370 | { | ||
| 371 | DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_PASSED_NULL_PARAMETER); | ||
| 372 | return(0); | ||
| 373 | } | ||
| 374 | if(dso->loaded_filename) | ||
| 375 | { | ||
| 376 | DSOerr(DSO_F_DSO_SET_FILENAME,DSO_R_DSO_ALREADY_LOADED); | ||
| 377 | return(0); | ||
| 378 | } | ||
| 379 | /* We'll duplicate filename */ | ||
| 380 | copied = OPENSSL_malloc(strlen(filename) + 1); | ||
| 381 | if(copied == NULL) | ||
| 382 | { | ||
| 383 | DSOerr(DSO_F_DSO_SET_FILENAME,ERR_R_MALLOC_FAILURE); | ||
| 384 | return(0); | ||
| 385 | } | ||
| 386 | strcpy(copied, filename); | ||
| 387 | if(dso->filename) | ||
| 388 | OPENSSL_free(dso->filename); | ||
| 389 | dso->filename = copied; | ||
| 390 | return(1); | ||
| 391 | } | ||
| 392 | |||
| 393 | char *DSO_convert_filename(DSO *dso, const char *filename) | ||
| 394 | { | ||
| 395 | char *result = NULL; | ||
| 396 | |||
| 397 | if(dso == NULL) | ||
| 398 | { | ||
| 399 | DSOerr(DSO_F_DSO_CONVERT_FILENAME,ERR_R_PASSED_NULL_PARAMETER); | ||
| 400 | return(NULL); | ||
| 401 | } | ||
| 402 | if(filename == NULL) | ||
| 403 | filename = dso->filename; | ||
| 404 | if(filename == NULL) | ||
| 405 | { | ||
| 406 | DSOerr(DSO_F_DSO_CONVERT_FILENAME,DSO_R_NO_FILENAME); | ||
| 407 | return(NULL); | ||
| 408 | } | ||
| 409 | if((dso->flags & DSO_FLAG_NO_NAME_TRANSLATION) == 0) | ||
| 410 | { | ||
| 411 | if(dso->name_converter != NULL) | ||
| 412 | result = dso->name_converter(dso, filename); | ||
| 413 | else if(dso->meth->dso_name_converter != NULL) | ||
| 414 | result = dso->meth->dso_name_converter(dso, filename); | ||
| 415 | } | ||
| 416 | if(result == NULL) | ||
| 417 | { | ||
| 418 | result = OPENSSL_malloc(strlen(filename) + 1); | ||
| 419 | if(result == NULL) | ||
| 420 | { | ||
| 421 | DSOerr(DSO_F_DSO_CONVERT_FILENAME, | ||
| 422 | ERR_R_MALLOC_FAILURE); | ||
| 423 | return(NULL); | ||
| 424 | } | ||
| 425 | strcpy(result, filename); | ||
| 426 | } | ||
| 427 | return(result); | ||
| 428 | } | ||
| 429 | |||
| 430 | const char *DSO_get_loaded_filename(DSO *dso) | ||
| 431 | { | ||
| 432 | if(dso == NULL) | ||
| 433 | { | ||
| 434 | DSOerr(DSO_F_DSO_GET_LOADED_FILENAME, | ||
| 435 | ERR_R_PASSED_NULL_PARAMETER); | ||
| 436 | return(NULL); | ||
| 437 | } | ||
| 438 | return(dso->loaded_filename); | ||
| 439 | } | ||
diff --git a/src/lib/libcrypto/ec/ec_lib.c b/src/lib/libcrypto/ec/ec_lib.c index e0d78d67fb..0cf485de60 100644 --- a/src/lib/libcrypto/ec/ec_lib.c +++ b/src/lib/libcrypto/ec/ec_lib.c | |||
| @@ -106,6 +106,8 @@ EC_GROUP *EC_GROUP_new(const EC_METHOD *meth) | |||
| 106 | 106 | ||
| 107 | void EC_GROUP_free(EC_GROUP *group) | 107 | void EC_GROUP_free(EC_GROUP *group) |
| 108 | { | 108 | { |
| 109 | if (!group) return; | ||
| 110 | |||
| 109 | if (group->meth->group_finish != 0) | 111 | if (group->meth->group_finish != 0) |
| 110 | group->meth->group_finish(group); | 112 | group->meth->group_finish(group); |
| 111 | 113 | ||
| @@ -117,6 +119,8 @@ void EC_GROUP_free(EC_GROUP *group) | |||
| 117 | 119 | ||
| 118 | void EC_GROUP_clear_free(EC_GROUP *group) | 120 | void EC_GROUP_clear_free(EC_GROUP *group) |
| 119 | { | 121 | { |
| 122 | if (!group) return; | ||
| 123 | |||
| 120 | if (group->meth->group_clear_finish != 0) | 124 | if (group->meth->group_clear_finish != 0) |
| 121 | group->meth->group_clear_finish(group); | 125 | group->meth->group_clear_finish(group); |
| 122 | else if (group->meth != NULL && group->meth->group_finish != 0) | 126 | else if (group->meth != NULL && group->meth->group_finish != 0) |
| @@ -337,6 +341,8 @@ EC_POINT *EC_POINT_new(const EC_GROUP *group) | |||
| 337 | 341 | ||
| 338 | void EC_POINT_free(EC_POINT *point) | 342 | void EC_POINT_free(EC_POINT *point) |
| 339 | { | 343 | { |
| 344 | if (!point) return; | ||
| 345 | |||
| 340 | if (point->meth->point_finish != 0) | 346 | if (point->meth->point_finish != 0) |
| 341 | point->meth->point_finish(point); | 347 | point->meth->point_finish(point); |
| 342 | OPENSSL_free(point); | 348 | OPENSSL_free(point); |
| @@ -345,6 +351,8 @@ void EC_POINT_free(EC_POINT *point) | |||
| 345 | 351 | ||
| 346 | void EC_POINT_clear_free(EC_POINT *point) | 352 | void EC_POINT_clear_free(EC_POINT *point) |
| 347 | { | 353 | { |
| 354 | if (!point) return; | ||
| 355 | |||
| 348 | if (point->meth->point_clear_finish != 0) | 356 | if (point->meth->point_clear_finish != 0) |
| 349 | point->meth->point_clear_finish(point); | 357 | point->meth->point_clear_finish(point); |
| 350 | else if (point->meth != NULL && point->meth->point_finish != 0) | 358 | else if (point->meth != NULL && point->meth->point_finish != 0) |
diff --git a/src/lib/libcrypto/engine/README b/src/lib/libcrypto/engine/README index 96595e6f35..6b69b70f57 100644 --- a/src/lib/libcrypto/engine/README +++ b/src/lib/libcrypto/engine/README | |||
| @@ -1,278 +1,211 @@ | |||
| 1 | NOTES, THOUGHTS, and EVERYTHING | 1 | Notes: 2001-09-24 |
| 2 | ------------------------------- | ||
| 3 | |||
| 4 | (1) Concurrency and locking ... I made a change to the ENGINE_free code | ||
| 5 | because I spotted a potential hold-up in proceedings (doing too | ||
| 6 | much inside a lock including calling a callback), there may be | ||
| 7 | other bits like this. What do the speed/optimisation freaks think | ||
| 8 | of this aspect of the code and design? There's lots of locking for | ||
| 9 | manipulation functions and I need that to keep things nice and | ||
| 10 | solid, but this manipulation is mostly (de)initialisation, I would | ||
| 11 | think that most run-time locking is purely in the ENGINE_init and | ||
| 12 | ENGINE_finish calls that might be made when getting handles for | ||
| 13 | RSA (and friends') structures. These would be mostly reference | ||
| 14 | count operations as the functional references should always be 1 | ||
| 15 | or greater at run-time to prevent init/deinit thrashing. | ||
| 16 | |||
| 17 | (2) nCipher support, via the HWCryptoHook API, is now in the code. | ||
| 18 | Apparently this hasn't been tested too much yet, but it looks | ||
| 19 | good. :-) Atalla support has been added too, but shares a lot in | ||
| 20 | common with Ben's original hooks in bn_exp.c (although it has been | ||
| 21 | ENGINE-ified, and error handling wrapped around it) and it's also | ||
| 22 | had some low-volume testing, so it should be usable. | ||
| 23 | |||
| 24 | (3) Of more concern, we need to work out (a) how to put together usable | ||
| 25 | RAND_METHODs for units that just have one "get n or less random | ||
| 26 | bytes" function, (b) we also need to determine how to hook the code | ||
| 27 | in crypto/rand/ to use the ENGINE defaults in a way similar to what | ||
| 28 | has been done in crypto/rsa/, crypto/dsa/, etc. | ||
| 29 | |||
| 30 | (4) ENGINE should really grow to encompass more than 3 public key | ||
| 31 | algorithms and randomness gathering. The structure/data level of | ||
| 32 | the engine code is hidden from code outside the crypto/engine/ | ||
| 33 | directory so change shouldn't be too viral. More important though | ||
| 34 | is how things should evolve ... this needs thought and discussion. | ||
| 35 | |||
| 36 | |||
| 37 | -----------------------------------==*==----------------------------------- | ||
| 38 | |||
| 39 | More notes 2000-08-01 | ||
| 40 | --------------------- | ||
| 41 | |||
| 42 | Geoff Thorpe, who designed the engine part, wrote a pretty good description | ||
| 43 | of the thoughts he had when he built it, good enough to include verbatim here | ||
| 44 | (with his permission) -- Richard Levitte | ||
| 45 | |||
| 46 | |||
| 47 | Date: Tue, 1 Aug 2000 16:54:08 +0100 (BST) | ||
| 48 | From: Geoff Thorpe | ||
| 49 | Subject: Re: The thoughts to merge BRANCH_engine into the main trunk are | ||
| 50 | emerging | ||
| 51 | |||
| 52 | Hi there, | ||
| 53 | |||
| 54 | I'm going to try and do some justice to this, but I'm a little short on | ||
| 55 | time and the there is an endless amount that could be discussed on this | ||
| 56 | subject. sigh ... please bear with me :-) | ||
| 57 | |||
| 58 | > The changes in BRANCH_engine dig deep into the core of OpenSSL, for example | ||
| 59 | > into the RSA and RAND routines, adding a level of indirection which is needed | ||
| 60 | > to keep the abstraction, as far as I understand. It would be a good thing if | ||
| 61 | > those who do play with those things took a look at the changes that have been | ||
| 62 | > done in the branch and say out loud how much (or hopefully little) we've made | ||
| 63 | > fools of ourselves. | ||
| 64 | |||
| 65 | The point here is that the code that has emerged in the BRANCH_engine | ||
| 66 | branch was based on some initial requirements of mine that I went in and | ||
| 67 | addressed, and Richard has picked up the ball and run with it too. It | ||
| 68 | would be really useful to get some review of the approach we've taken, but | ||
| 69 | first I think I need to describe as best I can the reasons behind what has | ||
| 70 | been done so far, in particular what issues we have tried to address when | ||
| 71 | doing this, and what issues we have intentionally (or necessarily) tried | ||
| 72 | to avoid. | ||
| 73 | |||
| 74 | methods, engines, and evps | ||
| 75 | -------------------------- | ||
| 76 | |||
| 77 | There has been some dicussion, particularly with Steve, about where this | ||
| 78 | ENGINE stuff might fit into the conceptual picture as/when we start to | ||
| 79 | abstract algorithms a little bit to make the library more extensible. In | ||
| 80 | particular, it would desirable to have algorithms (symmetric, hash, pkc, | ||
| 81 | etc) abstracted in some way that allows them to be just objects sitting in | ||
| 82 | a list (or database) ... it'll just happen that the "DSA" object doesn't | ||
| 83 | support encryption whereas the "RSA" object does. This requires a lot of | ||
| 84 | consideration to begin to know how to tackle it; in particular how | ||
| 85 | encapsulated should these things be? If the objects also understand their | ||
| 86 | own ASN1 encodings and what-not, then it would for example be possible to | ||
| 87 | add support for elliptic-curve DSA in as a new algorithm and automatically | ||
| 88 | have ECC-DSA certificates supported in SSL applications. Possible, but not | ||
| 89 | easy. :-) | ||
| 90 | |||
| 91 | Whatever, it seems that the way to go (if I've grok'd Steve's comments on | ||
| 92 | this in the past) is to amalgamate these things in EVP as is already done | ||
| 93 | (I think) for ciphers or hashes (Steve, please correct/elaborate). I | ||
| 94 | certainly think something should be done in this direction because right | ||
| 95 | now we have different source directories, types, functions, and methods | ||
| 96 | for each algorithm - even when conceptually they are very much different | ||
| 97 | feathers of the same bird. (This is certainly all true for the public-key | ||
| 98 | stuff, and may be partially true for the other parts.) | ||
| 99 | |||
| 100 | ENGINE was *not* conceived as a way of solving this, far from it. Nor was | ||
| 101 | it conceived as a way of replacing the various "***_METHOD"s. It was | ||
| 102 | conceived as an abstraction of a sort of "virtual crypto device". If we | ||
| 103 | lived in a world where "EVP_ALGO"s (or something like them) encapsulated | ||
| 104 | particular algorithms like RSA,DSA,MD5,RC4,etc, and "***_METHOD"s | ||
| 105 | encapsulated interfaces to algorithms (eg. some algo's might support a | ||
| 106 | PKC_METHOD, a HASH_METHOD, or a CIPHER_METHOD, who knows?), then I would | ||
| 107 | think that ENGINE would encapsulate an implementation of arbitrarily many | ||
| 108 | of those algorithms - perhaps as alternatives to existing algorithms | ||
| 109 | and/or perhaps as new previously unimplemented algorithms. An ENGINE could | ||
| 110 | be used to contain an alternative software implementation, a wrapper for a | ||
| 111 | hardware acceleration and/or key-management unit, a comms-wrapper for | ||
| 112 | distributing cryptographic operations to remote machines, or any other | ||
| 113 | "devices" your imagination can dream up. | ||
| 114 | |||
| 115 | However, what has been done in the ENGINE branch so far is nothing more | ||
| 116 | than starting to get our toes wet. I had a couple of self-imposed | ||
| 117 | requirements when putting the initial abstraction together, and I may have | ||
| 118 | already posed these in one form or another on the list, but briefly; | ||
| 119 | |||
| 120 | (i) only bother with public key algorithms for now, and maybe RAND too | ||
| 121 | (motivated by the need to get hardware support going and the fact | ||
| 122 | this was a comparitively easy subset to address to begin with). | ||
| 123 | |||
| 124 | (ii) don't change (if at all possible) the existing crypto code, ie. the | ||
| 125 | implementations, the way the ***_METHODs work, etc. | ||
| 126 | |||
| 127 | (iii) ensure that if no function from the ENGINE code is ever called then | ||
| 128 | things work the way they always did, and there is no memory | ||
| 129 | allocation (otherwise the failure to cleanup would be a problem - | ||
| 130 | this is part of the reason no STACKs were used, the other part of | ||
| 131 | the reason being I found them inappropriate). | ||
| 132 | |||
| 133 | (iv) ensure that all the built-in crypto was encapsulated by one of | ||
| 134 | these "ENGINE"s and that this engine was automatically selected as | ||
| 135 | the default. | ||
| 136 | |||
| 137 | (v) provide the minimum hooking possible in the existing crypto code | ||
| 138 | so that global functions (eg. RSA_public_encrypt) do not need any | ||
| 139 | extra parameter, yet will use whatever the current default ENGINE | ||
| 140 | for that RSA key is, and that the default can be set "per-key" | ||
| 141 | and globally (new keys will assume the global default, and keys | ||
| 142 | without their own default will be operated on using the global | ||
| 143 | default). NB: Try and make (v) conflict as little as possible with | ||
| 144 | (ii). :-) | ||
| 145 | |||
| 146 | (vi) wrap the ENGINE code up in duct tape so you can't even see the | ||
| 147 | corners. Ie. expose no structures at all, just black-box pointers. | ||
| 148 | |||
| 149 | (v) maintain internally a list of ENGINEs on which a calling | ||
| 150 | application can iterate, interrogate, etc. Allow a calling | ||
| 151 | application to hook in new ENGINEs, remove ENGINEs from the list, | ||
| 152 | and enforce uniqueness within the global list of each ENGINE's | ||
| 153 | "unique id". | ||
| 154 | |||
| 155 | (vi) keep reference counts for everything - eg. this includes storing a | ||
| 156 | reference inside each RSA structure to the ENGINE that it uses. | ||
| 157 | This is freed when the RSA structure is destroyed, or has its | ||
| 158 | ENGINE explicitly changed. The net effect needs to be that at any | ||
| 159 | time, it is deterministic to know whether an ENGINE is in use or | ||
| 160 | can be safely removed (or unloaded in the case of the other type | ||
| 161 | of reference) without invalidating function pointers that may or | ||
| 162 | may not be used indavertently in the future. This was actually | ||
| 163 | one of the biggest problems to overcome in the existing OpenSSL | ||
| 164 | code - implementations had always been assumed to be ever-present, | ||
| 165 | so there was no trivial way to get round this. | ||
| 166 | |||
| 167 | (vii) distinguish between structural references and functional | ||
| 168 | references. | ||
| 169 | |||
| 170 | A *little* detail | ||
| 171 | ----------------- | 2 | ----------------- |
| 172 | 3 | ||
| 173 | While my mind is on it; I'll illustrate the bit in item (vii). This idea | 4 | This "description" (if one chooses to call it that) needed some major updating |
| 174 | turned out to be very handy - the ENGINEs themselves need to be operated | 5 | so here goes. This update addresses a change being made at the same time to |
| 175 | on and manipulated simply as objects without necessarily trying to | 6 | OpenSSL, and it pretty much completely restructures the underlying mechanics of |
| 176 | "enable" them for use. Eg. most host machines will not have the necessary | 7 | the "ENGINE" code. So it serves a double purpose of being a "ENGINE internals |
| 177 | hardware or software to support all the engines one might compile into | 8 | for masochists" document *and* a rather extensive commit log message. (I'd get |
| 178 | OpenSSL, yet it needs to be possible to iterate across the ENGINEs, | 9 | lynched for sticking all this in CHANGES or the commit mails :-). |
| 179 | querying their names, properties, etc - all happening in a thread-safe | 10 | |
| 180 | manner that uses reference counts (if you imagine two threads iterating | 11 | ENGINE_TABLE underlies this restructuring, as described in the internal header |
| 181 | through a list and one thread removing the ENGINE the other is currently | 12 | "eng_int.h", implemented in eng_table.c, and used in each of the "class" files; |
| 182 | looking at - you can see the gotcha waiting to happen). For all of this, | 13 | tb_rsa.c, tb_dsa.c, etc. |
| 183 | *structural references* are used and operate much like the other reference | 14 | |
| 184 | counts in OpenSSL. | 15 | However, "EVP_CIPHER" underlies the motivation and design of ENGINE_TABLE so |
| 185 | 16 | I'll mention a bit about that first. EVP_CIPHER (and most of this applies | |
| 186 | The other kind of reference count is for *functional* references - these | 17 | equally to EVP_MD for digests) is both a "method" and a algorithm/mode |
| 187 | indicate a reference on which the caller can actually assume the | 18 | identifier that, in the current API, "lingers". These cipher description + |
| 188 | particular ENGINE to be initialised and usable to perform the operations | 19 | implementation structures can be defined or obtained directly by applications, |
| 189 | it implements. Any increment or decrement of the functional reference | 20 | or can be loaded "en masse" into EVP storage so that they can be catalogued and |
| 190 | count automatically invokes a corresponding change in the structural | 21 | searched in various ways, ie. two ways of encrypting with the "des_cbc" |
| 191 | reference count, as it is fairly obvious that a functional reference is a | 22 | algorithm/mode pair are; |
| 192 | restricted case of a structural reference. So struct_ref >= funct_ref at | 23 | |
| 193 | all times. NB: functional references are usually obtained by a call to | 24 | (i) directly; |
| 194 | ENGINE_init(), but can also be created implicitly by calls that require a | 25 | const EVP_CIPHER *cipher = EVP_des_cbc(); |
| 195 | new functional reference to be created, eg. ENGINE_set_default(). Either | 26 | EVP_EncryptInit(&ctx, cipher, key, iv); |
| 196 | way the only time the underlying ENGINE's "init" function is really called | 27 | [ ... use EVP_EncryptUpdate() and EVP_EncryptFinal() ...] |
| 197 | is when the (functional) reference count increases to 1, similarly the | 28 | |
| 198 | underlying "finish" handler is only called as the count goes down to 0. | 29 | (ii) indirectly; |
| 199 | The effect of this, for example, is that if you set the default ENGINE for | 30 | OpenSSL_add_all_ciphers(); |
| 200 | RSA operations to be "cswift", then its functional reference count will | 31 | cipher = EVP_get_cipherbyname("des_cbc"); |
| 201 | already be at least 1 so the CryptoSwift shared-library and the card will | 32 | EVP_EncryptInit(&ctx, cipher, key, iv); |
| 202 | stay loaded and initialised until such time as all RSA keys using the | 33 | [ ... etc ... ] |
| 203 | cswift ENGINE are changed or destroyed and the default ENGINE for RSA | 34 | |
| 204 | operations has been changed. This prevents repeated thrashing of init and | 35 | The latter is more generally used because it also allows ciphers/digests to be |
| 205 | finish handling if the count keeps getting down as far as zero. | 36 | looked up based on other identifiers which can be useful for automatic cipher |
| 206 | 37 | selection, eg. in SSL/TLS, or by user-controllable configuration. | |
| 207 | Otherwise, the way the ENGINE code has been put together I think pretty | 38 | |
| 208 | much reflects the above points. The reason for the ENGINE structure having | 39 | The important point about this is that EVP_CIPHER definitions and structures are |
| 209 | individual RSA_METHOD, DSA_METHOD, etc pointers is simply that it was the | 40 | passed around with impunity and there is no safe way, without requiring massive |
| 210 | easiest way to go about things for now, to hook it all into the raw | 41 | rewrites of many applications, to assume that EVP_CIPHERs can be reference |
| 211 | RSA,DSA,etc code, and I was trying to the keep the structure invisible | 42 | counted. One an EVP_CIPHER is exposed to the caller, neither it nor anything it |
| 212 | anyway so that the way this is internally managed could be easily changed | 43 | comes from can "safely" be destroyed. Unless of course the way of getting to |
| 213 | later on when we start to work out what's to be done about these other | 44 | such ciphers is via entirely distinct API calls that didn't exist before. |
| 214 | abstractions. | 45 | However existing API usage cannot be made to understand when an EVP_CIPHER |
| 215 | 46 | pointer, that has been passed to the caller, is no longer being used. | |
| 216 | Down the line, if some EVP-based technique emerges for adequately | 47 | |
| 217 | encapsulating algorithms and all their various bits and pieces, then I can | 48 | The other problem with the existing API w.r.t. to hooking EVP_CIPHER support |
| 218 | imagine that "ENGINE" would turn into a reference-counting database of | 49 | into ENGINE is storage - the OBJ_NAME-based storage used by EVP to register |
| 219 | these EVP things, of which the default "openssl" ENGINE would be the | 50 | ciphers simultaneously registers cipher *types* and cipher *implementations* - |
| 220 | library's own object database of pre-built software implemented algorithms | 51 | they are effectively the same thing, an "EVP_CIPHER" pointer. The problem with |
| 221 | (and such). It would also be cool to see the idea of "METHOD"s detached | 52 | hooking in ENGINEs is that multiple ENGINEs may implement the same ciphers. The |
| 222 | from the algorithms themselves ... so RSA, DSA, ElGamal, etc can all | 53 | solution is necessarily that ENGINE-provided ciphers simply are not registered, |
| 223 | expose essentially the same METHOD (aka interface), which would include | 54 | stored, or exposed to the caller in the same manner as existing ciphers. This is |
| 224 | any querying/flagging stuff to identify what the algorithm can/can't do, | 55 | especially necessary considering the fact ENGINE uses reference counts to allow |
| 225 | its name, and other stuff like max/min block sizes, key sizes, etc. This | 56 | for cleanup, modularity, and DSO support - yet EVP_CIPHERs, as exposed to |
| 226 | would result in ENGINE similarly detaching its internal database of | 57 | callers in the current API, support no such controls. |
| 227 | algorithm implementations from the function definitions that return | 58 | |
| 228 | interfaces to them. I think ... | 59 | Another sticking point for integrating cipher support into ENGINE is linkage. |
| 229 | 60 | Already there is a problem with the way ENGINE supports RSA, DSA, etc whereby | |
| 230 | As for DSOs etc. Well the DSO code is pretty handy (but could be made much | 61 | they are available *because* they're part of a giant ENGINE called "openssl". |
| 231 | more so) for loading vendor's driver-libraries and talking to them in some | 62 | Ie. all implementations *have* to come from an ENGINE, but we get round that by |
| 232 | generic way, but right now there's still big problems associated with | 63 | having a giant ENGINE with all the software support encapsulated. This creates |
| 233 | actually putting OpenSSL code (ie. new ENGINEs, or anything else for that | 64 | linker hassles if nothing else - linking a 1-line application that calls 2 basic |
| 234 | matter) in dynamically loadable libraries. These problems won't go away in | 65 | RSA functions (eg. "RSA_free(RSA_new());") will result in large quantities of |
| 235 | a hurry so I don't think we should expect to have any kind of | 66 | ENGINE code being linked in *and* because of that DSA, DH, and RAND also. If we |
| 236 | shared-library extensions any time soon - but solving the problems is a | 67 | continue with this approach for EVP_CIPHER support (even if it *was* possible) |
| 237 | good thing to aim for, and would as a side-effect probably help make | 68 | we would lose our ability to link selectively by selectively loading certain |
| 238 | OpenSSL more usable as a shared-library itself (looking at the things | 69 | implementations of certain functionality. Touching any part of any kind of |
| 239 | needed to do this will show you why). | 70 | crypto would result in massive static linkage of everything else. So the |
| 240 | 71 | solution is to change the way ENGINE feeds existing "classes", ie. how the | |
| 241 | One of the problems is that if you look at any of the ENGINE | 72 | hooking to ENGINE works from RSA, DSA, DH, RAND, as well as adding new hooking |
| 242 | implementations, eg. hw_cswift.c or hw_ncipher.c, you'll see how it needs | 73 | for EVP_CIPHER, and EVP_MD. |
| 243 | a variety of functionality and definitions from various areas of OpenSSL, | 74 | |
| 244 | including crypto/bn/, crypto/err/, crypto/ itself (locking for example), | 75 | The way this is now being done is by mostly reverting back to how things used to |
| 245 | crypto/dso/, crypto/engine/, crypto/rsa, etc etc etc. So if similar code | 76 | work prior to ENGINE :-). Ie. RSA now has a "RSA_METHOD" pointer again - this |
| 246 | were to be suctioned off into shared libraries, the shared libraries would | 77 | was previously replaced by an "ENGINE" pointer and all RSA code that required |
| 247 | either have to duplicate all the definitions and code and avoid loader | 78 | the RSA_METHOD would call ENGINE_get_RSA() each time on its ENGINE handle to |
| 248 | conflicts, or OpenSSL would have to somehow expose all that functionality | 79 | temporarily get and use the ENGINE's RSA implementation. Apart from being more |
| 249 | to the shared-library. If this isn't a big enough problem, the issue of | 80 | efficient, switching back to each RSA having an RSA_METHOD pointer also allows |
| 250 | binary compatibility will be - anyone writing Apache modules can tell you | 81 | us to conceivably operate with *no* ENGINE. As we'll see, this removes any need |
| 251 | that (Ralf? Ben? :-). However, I don't think OpenSSL would need to be | 82 | for a fallback ENGINE that encapsulates default implementations - we can simply |
| 252 | quite so forgiving as Apache should be, so OpenSSL could simply tell its | 83 | have our RSA structure pointing its RSA_METHOD pointer to the software |
| 253 | version to the DSO and leave the DSO with the problem of deciding whether | 84 | implementation and have its ENGINE pointer set to NULL. |
| 254 | to proceed or bail out for fear of binary incompatibilities. | 85 | |
| 255 | 86 | A look at the EVP_CIPHER hooking is most explanatory, the RSA, DSA (etc) cases | |
| 256 | Certainly one thing that would go a long way to addressing this is to | 87 | turn out to be degenerate forms of the same thing. The EVP storage of ciphers, |
| 257 | embark on a bit of an opaqueness mission. I've set the ENGINE code up with | 88 | and the existing EVP API functions that return "software" implementations and |
| 258 | this in mind - it's so draconian that even to declare your own ENGINE, you | 89 | descriptions remain untouched. However, the storage takes more meaning in terms |
| 259 | have to get the engine code to create the underlying ENGINE structure, and | 90 | of "cipher description" and less meaning in terms of "implementation". When an |
| 260 | then feed in the new ENGINE's function/method pointers through various | 91 | EVP_CIPHER_CTX is actually initialised with an EVP_CIPHER method and is about to |
| 261 | "set" functions. The more of the code that takes on such a black-box | 92 | begin en/decryption, the hooking to ENGINE comes into play. What happens is that |
| 262 | approach, the more of the code that will be (a) easy to expose to shared | 93 | cipher-specific ENGINE code is asked for an ENGINE pointer (a functional |
| 263 | libraries that need it, and (b) easy to expose to applications wanting to | 94 | reference) for any ENGINE that is registered to perform the algo/mode that the |
| 264 | use OpenSSL itself as a shared-library. From my own explorations in | 95 | provided EVP_CIPHER structure represents. Under normal circumstances, that |
| 265 | OpenSSL, the biggest leviathan I've seen that is a problem in this respect | 96 | ENGINE code will return NULL because no ENGINEs will have had any cipher |
| 266 | is the BIGNUM code. Trying to "expose" the bignum code through any kind of | 97 | implementations *registered*. As such, a NULL ENGINE pointer is stored in the |
| 267 | organised "METHODs", let alone do all the necessary bignum operations | 98 | EVP_CIPHER_CTX context, and the EVP_CIPHER structure is left hooked into the |
| 268 | solely through functions rather than direct access to the structures and | 99 | context and so is used as the implementation. Pretty much how things work now |
| 269 | macros, will be a massive pain in the "r"s. | 100 | except we'd have a redundant ENGINE pointer set to NULL and doing nothing. |
| 270 | 101 | ||
| 271 | Anyway, I'm done for now - hope it was readable. Thoughts? | 102 | Conversely, if an ENGINE *has* been registered to perform the algorithm/mode |
| 272 | 103 | combination represented by the provided EVP_CIPHER, then a functional reference | |
| 273 | Cheers, | 104 | to that ENGINE will be returned to the EVP_CIPHER_CTX during initialisation. |
| 274 | Geoff | 105 | That functional reference will be stored in the context (and released on |
| 275 | 106 | cleanup) - and having that reference provides a *safe* way to use an EVP_CIPHER | |
| 276 | 107 | definition that is private to the ENGINE. Ie. the EVP_CIPHER provided by the | |
| 277 | -----------------------------------==*==----------------------------------- | 108 | application will actually be replaced by an EVP_CIPHER from the registered |
| 109 | ENGINE - it will support the same algorithm/mode as the original but will be a | ||
| 110 | completely different implementation. Because this EVP_CIPHER isn't stored in the | ||
| 111 | EVP storage, nor is it returned to applications from traditional API functions, | ||
| 112 | there is no associated problem with it not having reference counts. And of | ||
| 113 | course, when one of these "private" cipher implementations is hooked into | ||
| 114 | EVP_CIPHER_CTX, it is done whilst the EVP_CIPHER_CTX holds a functional | ||
| 115 | reference to the ENGINE that owns it, thus the use of the ENGINE's EVP_CIPHER is | ||
| 116 | safe. | ||
| 117 | |||
| 118 | The "cipher-specific ENGINE code" I mentioned is implemented in tb_cipher.c but | ||
| 119 | in essence it is simply an instantiation of "ENGINE_TABLE" code for use by | ||
| 120 | EVP_CIPHER code. tb_digest.c is virtually identical but, of course, it is for | ||
| 121 | use by EVP_MD code. Ditto for tb_rsa.c, tb_dsa.c, etc. These instantiations of | ||
| 122 | ENGINE_TABLE essentially provide linker-separation of the classes so that even | ||
| 123 | if ENGINEs implement *all* possible algorithms, an application using only | ||
| 124 | EVP_CIPHER code will link at most code relating to EVP_CIPHER, tb_cipher.c, core | ||
| 125 | ENGINE code that is independant of class, and of course the ENGINE | ||
| 126 | implementation that the application loaded. It will *not* however link any | ||
| 127 | class-specific ENGINE code for digests, RSA, etc nor will it bleed over into | ||
| 128 | other APIs, such as the RSA/DSA/etc library code. | ||
| 129 | |||
| 130 | ENGINE_TABLE is a little more complicated than may seem necessary but this is | ||
| 131 | mostly to avoid a lot of "init()"-thrashing on ENGINEs (that may have to load | ||
| 132 | DSOs, and other expensive setup that shouldn't be thrashed unnecessarily) *and* | ||
| 133 | to duplicate "default" behaviour. Basically an ENGINE_TABLE instantiation, for | ||
| 134 | example tb_cipher.c, implements a hash-table keyed by integer "nid" values. | ||
| 135 | These nids provide the uniquenness of an algorithm/mode - and each nid will hash | ||
| 136 | to a potentially NULL "ENGINE_PILE". An ENGINE_PILE is essentially a list of | ||
| 137 | pointers to ENGINEs that implement that particular 'nid'. Each "pile" uses some | ||
| 138 | caching tricks such that requests on that 'nid' will be cached and all future | ||
| 139 | requests will return immediately (well, at least with minimal operation) unless | ||
| 140 | a change is made to the pile, eg. perhaps an ENGINE was unloaded. The reason is | ||
| 141 | that an application could have support for 10 ENGINEs statically linked | ||
| 142 | in, and the machine in question may not have any of the hardware those 10 | ||
| 143 | ENGINEs support. If each of those ENGINEs has a "des_cbc" implementation, we | ||
| 144 | want to avoid every EVP_CIPHER_CTX setup from trying (and failing) to initialise | ||
| 145 | each of those 10 ENGINEs. Instead, the first such request will try to do that | ||
| 146 | and will either return (and cache) a NULL ENGINE pointer or will return a | ||
| 147 | functional reference to the first that successfully initialised. In the latter | ||
| 148 | case it will also cache an extra functional reference to the ENGINE as a | ||
| 149 | "default" for that 'nid'. The caching is acknowledged by a 'uptodate' variable | ||
| 150 | that is unset only if un/registration takes place on that pile. Ie. if | ||
| 151 | implementations of "des_cbc" are added or removed. This behaviour can be | ||
| 152 | tweaked; the ENGINE_TABLE_FLAG_NOINIT value can be passed to | ||
| 153 | ENGINE_set_table_flags(), in which case the only ENGINEs that tb_cipher.c will | ||
| 154 | try to initialise from the "pile" will be those that are already initialised | ||
| 155 | (ie. it's simply an increment of the functional reference count, and no real | ||
| 156 | "initialisation" will take place). | ||
| 157 | |||
| 158 | RSA, DSA, DH, and RAND all have their own ENGINE_TABLE code as well, and the | ||
| 159 | difference is that they all use an implicit 'nid' of 1. Whereas EVP_CIPHERs are | ||
| 160 | actually qualitatively different depending on 'nid' (the "des_cbc" EVP_CIPHER is | ||
| 161 | not an interoperable implementation of "aes_256_cbc"), RSA_METHODs are | ||
| 162 | necessarily interoperable and don't have different flavours, only different | ||
| 163 | implementations. In other words, the ENGINE_TABLE for RSA will either be empty, | ||
| 164 | or will have a single ENGING_PILE hashed to by the 'nid' 1 and that pile | ||
| 165 | represents ENGINEs that implement the single "type" of RSA there is. | ||
| 166 | |||
| 167 | Cleanup - the registration and unregistration may pose questions about how | ||
| 168 | cleanup works with the ENGINE_PILE doing all this caching nonsense (ie. when the | ||
| 169 | application or EVP_CIPHER code releases its last reference to an ENGINE, the | ||
| 170 | ENGINE_PILE code may still have references and thus those ENGINEs will stay | ||
| 171 | hooked in forever). The way this is handled is via "unregistration". With these | ||
| 172 | new ENGINE changes, an abstract ENGINE can be loaded and initialised, but that | ||
| 173 | is an algorithm-agnostic process. Even if initialised, it will not have | ||
| 174 | registered any of its implementations (to do so would link all class "table" | ||
| 175 | code despite the fact the application may use only ciphers, for example). This | ||
| 176 | is deliberately a distinct step. Moreover, registration and unregistration has | ||
| 177 | nothing to do with whether an ENGINE is *functional* or not (ie. you can even | ||
| 178 | register an ENGINE and its implementations without it being operational, you may | ||
| 179 | not even have the drivers to make it operate). What actually happens with | ||
| 180 | respect to cleanup is managed inside eng_lib.c with the "engine_cleanup_***" | ||
| 181 | functions. These functions are internal-only and each part of ENGINE code that | ||
| 182 | could require cleanup will, upon performing its first allocation, register a | ||
| 183 | callback with the "engine_cleanup" code. The other part of this that makes it | ||
| 184 | tick is that the ENGINE_TABLE instantiations (tb_***.c) use NULL as their | ||
| 185 | initialised state. So if RSA code asks for an ENGINE and no ENGINE has | ||
| 186 | registered an implementation, the code will simply return NULL and the tb_rsa.c | ||
| 187 | state will be unchanged. Thus, no cleanup is required unless registration takes | ||
| 188 | place. ENGINE_cleanup() will simply iterate across a list of registered cleanup | ||
| 189 | callbacks calling each in turn, and will then internally delete its own storage | ||
| 190 | (a STACK). When a cleanup callback is next registered (eg. if the cleanup() is | ||
| 191 | part of a gracefull restart and the application wants to cleanup all state then | ||
| 192 | start again), the internal STACK storage will be freshly allocated. This is much | ||
| 193 | the same as the situation in the ENGINE_TABLE instantiations ... NULL is the | ||
| 194 | initialised state, so only modification operations (not queries) will cause that | ||
| 195 | code to have to register a cleanup. | ||
| 196 | |||
| 197 | What else? The bignum callbacks and associated ENGINE functions have been | ||
| 198 | removed for two obvious reasons; (i) there was no way to generalise them to the | ||
| 199 | mechanism now used by RSA/DSA/..., because there's no such thing as a BIGNUM | ||
| 200 | method, and (ii) because of (i), there was no meaningful way for library or | ||
| 201 | application code to automatically hook and use ENGINE supplied bignum functions | ||
| 202 | anyway. Also, ENGINE_cpy() has been removed (although an internal-only version | ||
| 203 | exists) - the idea of providing an ENGINE_cpy() function probably wasn't a good | ||
| 204 | one and now certainly doesn't make sense in any generalised way. Some of the | ||
| 205 | RSA, DSA, DH, and RAND functions that were fiddled during the original ENGINE | ||
| 206 | changes have now, as a consequence, been reverted back. This is because the | ||
| 207 | hooking of ENGINE is now automatic (and passive, it can interally use a NULL | ||
| 208 | ENGINE pointer to simply ignore ENGINE from then on). | ||
| 209 | |||
| 210 | Hell, that should be enough for now ... comments welcome: geoff@openssl.org | ||
| 278 | 211 | ||
diff --git a/src/lib/libcrypto/engine/eng_all.c b/src/lib/libcrypto/engine/eng_all.c index a35b3db9e8..b3030fe505 100644 --- a/src/lib/libcrypto/engine/eng_all.c +++ b/src/lib/libcrypto/engine/eng_all.c | |||
| @@ -60,10 +60,6 @@ | |||
| 60 | #include <openssl/engine.h> | 60 | #include <openssl/engine.h> |
| 61 | #include "eng_int.h" | 61 | #include "eng_int.h" |
| 62 | 62 | ||
| 63 | #ifdef __OpenBSD__ | ||
| 64 | static int openbsd_default_loaded = 0; | ||
| 65 | #endif | ||
| 66 | |||
| 67 | void ENGINE_load_builtin_engines(void) | 63 | void ENGINE_load_builtin_engines(void) |
| 68 | { | 64 | { |
| 69 | /* There's no longer any need for an "openssl" ENGINE unless, one day, | 65 | /* There's no longer any need for an "openssl" ENGINE unless, one day, |
| @@ -96,23 +92,11 @@ void ENGINE_load_builtin_engines(void) | |||
| 96 | #ifndef OPENSSL_NO_HW_SUREWARE | 92 | #ifndef OPENSSL_NO_HW_SUREWARE |
| 97 | ENGINE_load_sureware(); | 93 | ENGINE_load_sureware(); |
| 98 | #endif | 94 | #endif |
| 95 | #ifndef OPENSSL_NO_HW_4758_CCA | ||
| 96 | ENGINE_load_4758cca(); | ||
| 97 | #endif | ||
| 99 | #ifdef OPENSSL_OPENBSD_DEV_CRYPTO | 98 | #ifdef OPENSSL_OPENBSD_DEV_CRYPTO |
| 100 | ENGINE_load_openbsd_dev_crypto(); | 99 | ENGINE_load_openbsd_dev_crypto(); |
| 101 | #endif | 100 | #endif |
| 102 | #ifdef __OpenBSD__ | ||
| 103 | ENGINE_load_cryptodev(); | ||
| 104 | #endif | ||
| 105 | #endif | 101 | #endif |
| 106 | } | 102 | } |
| 107 | |||
| 108 | #ifdef __OpenBSD__ | ||
| 109 | void ENGINE_setup_openbsd(void) { | ||
| 110 | if (!openbsd_default_loaded) { | ||
| 111 | ENGINE_load_cryptodev(); | ||
| 112 | ENGINE_register_all_complete(); | ||
| 113 | } | ||
| 114 | openbsd_default_loaded=1; | ||
| 115 | } | ||
| 116 | #endif | ||
| 117 | |||
| 118 | |||
diff --git a/src/lib/libcrypto/engine/eng_fat.c b/src/lib/libcrypto/engine/eng_fat.c index af918b1499..d49aa7ed40 100644 --- a/src/lib/libcrypto/engine/eng_fat.c +++ b/src/lib/libcrypto/engine/eng_fat.c | |||
| @@ -141,8 +141,7 @@ int ENGINE_register_all_complete(void) | |||
| 141 | { | 141 | { |
| 142 | ENGINE *e; | 142 | ENGINE *e; |
| 143 | 143 | ||
| 144 | for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) { | 144 | for(e=ENGINE_get_first() ; e ; e=ENGINE_get_next(e)) |
| 145 | ENGINE_register_complete(e); | 145 | ENGINE_register_complete(e); |
| 146 | } | ||
| 147 | return 1; | 146 | return 1; |
| 148 | } | 147 | } |
diff --git a/src/lib/libcrypto/engine/eng_init.c b/src/lib/libcrypto/engine/eng_init.c index cc9396e863..98caa21e32 100644 --- a/src/lib/libcrypto/engine/eng_init.c +++ b/src/lib/libcrypto/engine/eng_init.c | |||
| @@ -93,7 +93,7 @@ int engine_unlocked_finish(ENGINE *e, int unlock_for_handlers) | |||
| 93 | * there's a chance that both threads will together take the count from | 93 | * there's a chance that both threads will together take the count from |
| 94 | * 2 to 0 without either calling finish(). */ | 94 | * 2 to 0 without either calling finish(). */ |
| 95 | e->funct_ref--; | 95 | e->funct_ref--; |
| 96 | engine_ref_debug(e, 1, -1); | 96 | engine_ref_debug(e, 1, -1) |
| 97 | if((e->funct_ref == 0) && e->finish) | 97 | if((e->funct_ref == 0) && e->finish) |
| 98 | { | 98 | { |
| 99 | if(unlock_for_handlers) | 99 | if(unlock_for_handlers) |
| @@ -155,4 +155,3 @@ int ENGINE_finish(ENGINE *e) | |||
| 155 | } | 155 | } |
| 156 | return to_return; | 156 | return to_return; |
| 157 | } | 157 | } |
| 158 | |||
diff --git a/src/lib/libcrypto/engine/eng_list.c b/src/lib/libcrypto/engine/eng_list.c index ce48d2255a..0c220558e7 100644 --- a/src/lib/libcrypto/engine/eng_list.c +++ b/src/lib/libcrypto/engine/eng_list.c | |||
| @@ -348,7 +348,7 @@ ENGINE *ENGINE_by_id(const char *id) | |||
| 348 | } | 348 | } |
| 349 | CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); | 349 | CRYPTO_r_lock(CRYPTO_LOCK_ENGINE); |
| 350 | iterator = engine_list_head; | 350 | iterator = engine_list_head; |
| 351 | while(iterator && (strcmp(id, iterator->id) != 0)) | 351 | while(iterator && (strcmp(id, iterator->id) != 0)) |
| 352 | iterator = iterator->next; | 352 | iterator = iterator->next; |
| 353 | if(iterator) | 353 | if(iterator) |
| 354 | { | 354 | { |
diff --git a/src/lib/libcrypto/engine/engine.h b/src/lib/libcrypto/engine/engine.h index 2983f47034..cf06618286 100644 --- a/src/lib/libcrypto/engine/engine.h +++ b/src/lib/libcrypto/engine/engine.h | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | * project 2000. | 3 | * project 2000. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -59,36 +59,171 @@ | |||
| 59 | #ifndef HEADER_ENGINE_H | 59 | #ifndef HEADER_ENGINE_H |
| 60 | #define HEADER_ENGINE_H | 60 | #define HEADER_ENGINE_H |
| 61 | 61 | ||
| 62 | #include <openssl/ossl_typ.h> | ||
| 62 | #include <openssl/bn.h> | 63 | #include <openssl/bn.h> |
| 64 | #ifndef OPENSSL_NO_RSA | ||
| 63 | #include <openssl/rsa.h> | 65 | #include <openssl/rsa.h> |
| 66 | #endif | ||
| 67 | #ifndef OPENSSL_NO_DSA | ||
| 64 | #include <openssl/dsa.h> | 68 | #include <openssl/dsa.h> |
| 69 | #endif | ||
| 70 | #ifndef OPENSSL_NO_DH | ||
| 65 | #include <openssl/dh.h> | 71 | #include <openssl/dh.h> |
| 72 | #endif | ||
| 66 | #include <openssl/rand.h> | 73 | #include <openssl/rand.h> |
| 67 | #include <openssl/evp.h> | 74 | #include <openssl/ui.h> |
| 68 | #include <openssl/symhacks.h> | 75 | #include <openssl/symhacks.h> |
| 76 | #include <openssl/err.h> | ||
| 69 | 77 | ||
| 70 | #ifdef __cplusplus | 78 | #ifdef __cplusplus |
| 71 | extern "C" { | 79 | extern "C" { |
| 72 | #endif | 80 | #endif |
| 73 | 81 | ||
| 82 | /* Fixups for missing algorithms */ | ||
| 83 | #ifdef OPENSSL_NO_RSA | ||
| 84 | typedef void RSA_METHOD; | ||
| 85 | #endif | ||
| 86 | #ifdef OPENSSL_NO_DSA | ||
| 87 | typedef void DSA_METHOD; | ||
| 88 | #endif | ||
| 89 | #ifdef OPENSSL_NO_DH | ||
| 90 | typedef void DH_METHOD; | ||
| 91 | #endif | ||
| 92 | |||
| 74 | /* These flags are used to control combinations of algorithm (methods) | 93 | /* These flags are used to control combinations of algorithm (methods) |
| 75 | * by bitwise "OR"ing. */ | 94 | * by bitwise "OR"ing. */ |
| 76 | #define ENGINE_METHOD_RSA (unsigned int)0x0001 | 95 | #define ENGINE_METHOD_RSA (unsigned int)0x0001 |
| 77 | #define ENGINE_METHOD_DSA (unsigned int)0x0002 | 96 | #define ENGINE_METHOD_DSA (unsigned int)0x0002 |
| 78 | #define ENGINE_METHOD_DH (unsigned int)0x0004 | 97 | #define ENGINE_METHOD_DH (unsigned int)0x0004 |
| 79 | #define ENGINE_METHOD_RAND (unsigned int)0x0008 | 98 | #define ENGINE_METHOD_RAND (unsigned int)0x0008 |
| 80 | #define ENGINE_METHOD_BN_MOD_EXP (unsigned int)0x0010 | 99 | #define ENGINE_METHOD_CIPHERS (unsigned int)0x0040 |
| 81 | #define ENGINE_METHOD_BN_MOD_EXP_CRT (unsigned int)0x0020 | 100 | #define ENGINE_METHOD_DIGESTS (unsigned int)0x0080 |
| 82 | /* Obvious all-or-nothing cases. */ | 101 | /* Obvious all-or-nothing cases. */ |
| 83 | #define ENGINE_METHOD_ALL (unsigned int)0xFFFF | 102 | #define ENGINE_METHOD_ALL (unsigned int)0xFFFF |
| 84 | #define ENGINE_METHOD_NONE (unsigned int)0x0000 | 103 | #define ENGINE_METHOD_NONE (unsigned int)0x0000 |
| 85 | 104 | ||
| 105 | /* This(ese) flag(s) controls behaviour of the ENGINE_TABLE mechanism used | ||
| 106 | * internally to control registration of ENGINE implementations, and can be set | ||
| 107 | * by ENGINE_set_table_flags(). The "NOINIT" flag prevents attempts to | ||
| 108 | * initialise registered ENGINEs if they are not already initialised. */ | ||
| 109 | #define ENGINE_TABLE_FLAG_NOINIT (unsigned int)0x0001 | ||
| 110 | |||
| 111 | /* ENGINE flags that can be set by ENGINE_set_flags(). */ | ||
| 112 | /* #define ENGINE_FLAGS_MALLOCED 0x0001 */ /* Not used */ | ||
| 113 | |||
| 114 | /* This flag is for ENGINEs that wish to handle the various 'CMD'-related | ||
| 115 | * control commands on their own. Without this flag, ENGINE_ctrl() handles these | ||
| 116 | * control commands on behalf of the ENGINE using their "cmd_defns" data. */ | ||
| 117 | #define ENGINE_FLAGS_MANUAL_CMD_CTRL (int)0x0002 | ||
| 118 | |||
| 119 | /* This flag is for ENGINEs who return new duplicate structures when found via | ||
| 120 | * "ENGINE_by_id()". When an ENGINE must store state (eg. if ENGINE_ctrl() | ||
| 121 | * commands are called in sequence as part of some stateful process like | ||
| 122 | * key-generation setup and execution), it can set this flag - then each attempt | ||
| 123 | * to obtain the ENGINE will result in it being copied into a new structure. | ||
| 124 | * Normally, ENGINEs don't declare this flag so ENGINE_by_id() just increments | ||
| 125 | * the existing ENGINE's structural reference count. */ | ||
| 126 | #define ENGINE_FLAGS_BY_ID_COPY (int)0x0004 | ||
| 127 | |||
| 128 | /* ENGINEs can support their own command types, and these flags are used in | ||
| 129 | * ENGINE_CTRL_GET_CMD_FLAGS to indicate to the caller what kind of input each | ||
| 130 | * command expects. Currently only numeric and string input is supported. If a | ||
| 131 | * control command supports none of the _NUMERIC, _STRING, or _NO_INPUT options, | ||
| 132 | * then it is regarded as an "internal" control command - and not for use in | ||
| 133 | * config setting situations. As such, they're not available to the | ||
| 134 | * ENGINE_ctrl_cmd_string() function, only raw ENGINE_ctrl() access. Changes to | ||
| 135 | * this list of 'command types' should be reflected carefully in | ||
| 136 | * ENGINE_cmd_is_executable() and ENGINE_ctrl_cmd_string(). */ | ||
| 137 | |||
| 138 | /* accepts a 'long' input value (3rd parameter to ENGINE_ctrl) */ | ||
| 139 | #define ENGINE_CMD_FLAG_NUMERIC (unsigned int)0x0001 | ||
| 140 | /* accepts string input (cast from 'void*' to 'const char *', 4th parameter to | ||
| 141 | * ENGINE_ctrl) */ | ||
| 142 | #define ENGINE_CMD_FLAG_STRING (unsigned int)0x0002 | ||
| 143 | /* Indicates that the control command takes *no* input. Ie. the control command | ||
| 144 | * is unparameterised. */ | ||
| 145 | #define ENGINE_CMD_FLAG_NO_INPUT (unsigned int)0x0004 | ||
| 146 | /* Indicates that the control command is internal. This control command won't | ||
| 147 | * be shown in any output, and is only usable through the ENGINE_ctrl_cmd() | ||
| 148 | * function. */ | ||
| 149 | #define ENGINE_CMD_FLAG_INTERNAL (unsigned int)0x0008 | ||
| 150 | |||
| 151 | /* NB: These 3 control commands are deprecated and should not be used. ENGINEs | ||
| 152 | * relying on these commands should compile conditional support for | ||
| 153 | * compatibility (eg. if these symbols are defined) but should also migrate the | ||
| 154 | * same functionality to their own ENGINE-specific control functions that can be | ||
| 155 | * "discovered" by calling applications. The fact these control commands | ||
| 156 | * wouldn't be "executable" (ie. usable by text-based config) doesn't change the | ||
| 157 | * fact that application code can find and use them without requiring per-ENGINE | ||
| 158 | * hacking. */ | ||
| 159 | |||
| 86 | /* These flags are used to tell the ctrl function what should be done. | 160 | /* These flags are used to tell the ctrl function what should be done. |
| 87 | * All command numbers are shared between all engines, even if some don't | 161 | * All command numbers are shared between all engines, even if some don't |
| 88 | * make sense to some engines. In such a case, they do nothing but return | 162 | * make sense to some engines. In such a case, they do nothing but return |
| 89 | * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ | 163 | * the error ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED. */ |
| 90 | #define ENGINE_CTRL_SET_LOGSTREAM 1 | 164 | #define ENGINE_CTRL_SET_LOGSTREAM 1 |
| 91 | #define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 | 165 | #define ENGINE_CTRL_SET_PASSWORD_CALLBACK 2 |
| 166 | #define ENGINE_CTRL_HUP 3 /* Close and reinitialise any | ||
| 167 | handles/connections etc. */ | ||
| 168 | #define ENGINE_CTRL_SET_USER_INTERFACE 4 /* Alternative to callback */ | ||
| 169 | #define ENGINE_CTRL_SET_CALLBACK_DATA 5 /* User-specific data, used | ||
| 170 | when calling the password | ||
| 171 | callback and the user | ||
| 172 | interface */ | ||
| 173 | |||
| 174 | /* These control commands allow an application to deal with an arbitrary engine | ||
| 175 | * in a dynamic way. Warn: Negative return values indicate errors FOR THESE | ||
| 176 | * COMMANDS because zero is used to indicate 'end-of-list'. Other commands, | ||
| 177 | * including ENGINE-specific command types, return zero for an error. | ||
| 178 | * | ||
| 179 | * An ENGINE can choose to implement these ctrl functions, and can internally | ||
| 180 | * manage things however it chooses - it does so by setting the | ||
| 181 | * ENGINE_FLAGS_MANUAL_CMD_CTRL flag (using ENGINE_set_flags()). Otherwise the | ||
| 182 | * ENGINE_ctrl() code handles this on the ENGINE's behalf using the cmd_defns | ||
| 183 | * data (set using ENGINE_set_cmd_defns()). This means an ENGINE's ctrl() | ||
| 184 | * handler need only implement its own commands - the above "meta" commands will | ||
| 185 | * be taken care of. */ | ||
| 186 | |||
| 187 | /* Returns non-zero if the supplied ENGINE has a ctrl() handler. If "not", then | ||
| 188 | * all the remaining control commands will return failure, so it is worth | ||
| 189 | * checking this first if the caller is trying to "discover" the engine's | ||
| 190 | * capabilities and doesn't want errors generated unnecessarily. */ | ||
| 191 | #define ENGINE_CTRL_HAS_CTRL_FUNCTION 10 | ||
| 192 | /* Returns a positive command number for the first command supported by the | ||
| 193 | * engine. Returns zero if no ctrl commands are supported. */ | ||
| 194 | #define ENGINE_CTRL_GET_FIRST_CMD_TYPE 11 | ||
| 195 | /* The 'long' argument specifies a command implemented by the engine, and the | ||
| 196 | * return value is the next command supported, or zero if there are no more. */ | ||
| 197 | #define ENGINE_CTRL_GET_NEXT_CMD_TYPE 12 | ||
| 198 | /* The 'void*' argument is a command name (cast from 'const char *'), and the | ||
| 199 | * return value is the command that corresponds to it. */ | ||
| 200 | #define ENGINE_CTRL_GET_CMD_FROM_NAME 13 | ||
| 201 | /* The next two allow a command to be converted into its corresponding string | ||
| 202 | * form. In each case, the 'long' argument supplies the command. In the NAME_LEN | ||
| 203 | * case, the return value is the length of the command name (not counting a | ||
| 204 | * trailing EOL). In the NAME case, the 'void*' argument must be a string buffer | ||
| 205 | * large enough, and it will be populated with the name of the command (WITH a | ||
| 206 | * trailing EOL). */ | ||
| 207 | #define ENGINE_CTRL_GET_NAME_LEN_FROM_CMD 14 | ||
| 208 | #define ENGINE_CTRL_GET_NAME_FROM_CMD 15 | ||
| 209 | /* The next two are similar but give a "short description" of a command. */ | ||
| 210 | #define ENGINE_CTRL_GET_DESC_LEN_FROM_CMD 16 | ||
| 211 | #define ENGINE_CTRL_GET_DESC_FROM_CMD 17 | ||
| 212 | /* With this command, the return value is the OR'd combination of | ||
| 213 | * ENGINE_CMD_FLAG_*** values that indicate what kind of input a given | ||
| 214 | * engine-specific ctrl command expects. */ | ||
| 215 | #define ENGINE_CTRL_GET_CMD_FLAGS 18 | ||
| 216 | |||
| 217 | /* ENGINE implementations should start the numbering of their own control | ||
| 218 | * commands from this value. (ie. ENGINE_CMD_BASE, ENGINE_CMD_BASE + 1, etc). */ | ||
| 219 | #define ENGINE_CMD_BASE 200 | ||
| 220 | |||
| 221 | /* NB: These 2 nCipher "chil" control commands are deprecated, and their | ||
| 222 | * functionality is now available through ENGINE-specific control commands | ||
| 223 | * (exposed through the above-mentioned 'CMD'-handling). Code using these 2 | ||
| 224 | * commands should be migrated to the more general command handling before these | ||
| 225 | * are removed. */ | ||
| 226 | |||
| 92 | /* Flags specific to the nCipher "chil" engine */ | 227 | /* Flags specific to the nCipher "chil" engine */ |
| 93 | #define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 | 228 | #define ENGINE_CTRL_CHIL_SET_FORKCHECK 100 |
| 94 | /* Depending on the value of the (long)i argument, this sets or | 229 | /* Depending on the value of the (long)i argument, this sets or |
| @@ -99,45 +234,55 @@ extern "C" { | |||
| 99 | /* This prevents the initialisation function from providing mutex | 234 | /* This prevents the initialisation function from providing mutex |
| 100 | * callbacks to the nCipher library. */ | 235 | * callbacks to the nCipher library. */ |
| 101 | 236 | ||
| 102 | /* As we're missing a BIGNUM_METHOD, we need a couple of locally | 237 | /* If an ENGINE supports its own specific control commands and wishes the |
| 103 | * defined function types that engines can implement. */ | 238 | * framework to handle the above 'ENGINE_CMD_***'-manipulation commands on its |
| 104 | 239 | * behalf, it should supply a null-terminated array of ENGINE_CMD_DEFN entries | |
| 105 | #ifndef HEADER_ENGINE_INT_H | 240 | * to ENGINE_set_cmd_defns(). It should also implement a ctrl() handler that |
| 106 | /* mod_exp operation, calculates; r = a ^ p mod m | 241 | * supports the stated commands (ie. the "cmd_num" entries as described by the |
| 107 | * NB: ctx can be NULL, but if supplied, the implementation may use | 242 | * array). NB: The array must be ordered in increasing order of cmd_num. |
| 108 | * it if it wishes. */ | 243 | * "null-terminated" means that the last ENGINE_CMD_DEFN element has cmd_num set |
| 109 | typedef int (*BN_MOD_EXP)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 244 | * to zero and/or cmd_name set to NULL. */ |
| 110 | const BIGNUM *m, BN_CTX *ctx); | 245 | typedef struct ENGINE_CMD_DEFN_st |
| 111 | 246 | { | |
| 112 | /* private key operation for RSA, provided seperately in case other | 247 | unsigned int cmd_num; /* The command number */ |
| 113 | * RSA implementations wish to use it. */ | 248 | const char *cmd_name; /* The command name itself */ |
| 114 | typedef int (*BN_MOD_EXP_CRT)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, | 249 | const char *cmd_desc; /* A short description of the command */ |
| 115 | const BIGNUM *q, const BIGNUM *dmp1, const BIGNUM *dmq1, | 250 | unsigned int cmd_flags; /* The input the command expects */ |
| 116 | const BIGNUM *iqmp, BN_CTX *ctx); | 251 | } ENGINE_CMD_DEFN; |
| 117 | 252 | ||
| 118 | /* Generic function pointer */ | 253 | /* Generic function pointer */ |
| 119 | typedef void (*ENGINE_GEN_FUNC_PTR)(); | 254 | typedef int (*ENGINE_GEN_FUNC_PTR)(); |
| 120 | /* Generic function pointer taking no arguments */ | 255 | /* Generic function pointer taking no arguments */ |
| 121 | typedef void (*ENGINE_GEN_INT_FUNC_PTR)(void); | 256 | typedef int (*ENGINE_GEN_INT_FUNC_PTR)(ENGINE *); |
| 122 | /* Specific control function pointer */ | 257 | /* Specific control function pointer */ |
| 123 | typedef int (*ENGINE_CTRL_FUNC_PTR)(int cmd, long i, void *p, void (*f)()); | 258 | typedef int (*ENGINE_CTRL_FUNC_PTR)(ENGINE *, int, long, void *, void (*f)()); |
| 124 | 259 | /* Generic load_key function pointer */ | |
| 125 | /* The list of "engine" types is a static array of (const ENGINE*) | 260 | typedef EVP_PKEY * (*ENGINE_LOAD_KEY_PTR)(ENGINE *, const char *, |
| 126 | * pointers (not dynamic because static is fine for now and we otherwise | 261 | UI_METHOD *ui_method, void *callback_data); |
| 127 | * have to hook an appropriate load/unload function in to initialise and | 262 | /* These callback types are for an ENGINE's handler for cipher and digest logic. |
| 128 | * cleanup). */ | 263 | * These handlers have these prototypes; |
| 129 | typedef struct engine_st ENGINE; | 264 | * int foo(ENGINE *e, const EVP_CIPHER **cipher, const int **nids, int nid); |
| 130 | #endif | 265 | * int foo(ENGINE *e, const EVP_MD **digest, const int **nids, int nid); |
| 266 | * Looking at how to implement these handlers in the case of cipher support, if | ||
| 267 | * the framework wants the EVP_CIPHER for 'nid', it will call; | ||
| 268 | * foo(e, &p_evp_cipher, NULL, nid); (return zero for failure) | ||
| 269 | * If the framework wants a list of supported 'nid's, it will call; | ||
| 270 | * foo(e, NULL, &p_nids, 0); (returns number of 'nids' or -1 for error) | ||
| 271 | */ | ||
| 272 | /* Returns to a pointer to the array of supported cipher 'nid's. If the second | ||
| 273 | * parameter is non-NULL it is set to the size of the returned array. */ | ||
| 274 | typedef int (*ENGINE_CIPHERS_PTR)(ENGINE *, const EVP_CIPHER **, const int **, int); | ||
| 275 | typedef int (*ENGINE_DIGESTS_PTR)(ENGINE *, const EVP_MD **, const int **, int); | ||
| 131 | 276 | ||
| 132 | /* STRUCTURE functions ... all of these functions deal with pointers to | 277 | /* STRUCTURE functions ... all of these functions deal with pointers to ENGINE |
| 133 | * ENGINE structures where the pointers have a "structural reference". | 278 | * structures where the pointers have a "structural reference". This means that |
| 134 | * This means that their reference is to allow access to the structure | 279 | * their reference is to allowed access to the structure but it does not imply |
| 135 | * but it does not imply that the structure is functional. To simply | 280 | * that the structure is functional. To simply increment or decrement the |
| 136 | * increment or decrement the structural reference count, use ENGINE_new | 281 | * structural reference count, use ENGINE_by_id and ENGINE_free. NB: This is not |
| 137 | * and ENGINE_free. NB: This is not required when iterating using | 282 | * required when iterating using ENGINE_get_next as it will automatically |
| 138 | * ENGINE_get_next as it will automatically decrement the structural | 283 | * decrement the structural reference count of the "current" ENGINE and |
| 139 | * reference count of the "current" ENGINE and increment the structural | 284 | * increment the structural reference count of the ENGINE it returns (unless it |
| 140 | * reference count of the ENGINE it returns (unless it is NULL). */ | 285 | * is NULL). */ |
| 141 | 286 | ||
| 142 | /* Get the first/last "ENGINE" type available. */ | 287 | /* Get the first/last "ENGINE" type available. */ |
| 143 | ENGINE *ENGINE_get_first(void); | 288 | ENGINE *ENGINE_get_first(void); |
| @@ -151,67 +296,167 @@ int ENGINE_add(ENGINE *e); | |||
| 151 | int ENGINE_remove(ENGINE *e); | 296 | int ENGINE_remove(ENGINE *e); |
| 152 | /* Retrieve an engine from the list by its unique "id" value. */ | 297 | /* Retrieve an engine from the list by its unique "id" value. */ |
| 153 | ENGINE *ENGINE_by_id(const char *id); | 298 | ENGINE *ENGINE_by_id(const char *id); |
| 299 | /* Add all the built-in engines. */ | ||
| 300 | void ENGINE_load_openssl(void); | ||
| 301 | void ENGINE_load_dynamic(void); | ||
| 302 | void ENGINE_load_cswift(void); | ||
| 303 | void ENGINE_load_chil(void); | ||
| 304 | void ENGINE_load_atalla(void); | ||
| 305 | void ENGINE_load_nuron(void); | ||
| 306 | void ENGINE_load_ubsec(void); | ||
| 307 | void ENGINE_load_aep(void); | ||
| 308 | void ENGINE_load_sureware(void); | ||
| 309 | void ENGINE_load_4758cca(void); | ||
| 310 | void ENGINE_load_openbsd_dev_crypto(void); | ||
| 311 | void ENGINE_load_builtin_engines(void); | ||
| 154 | 312 | ||
| 155 | /* These functions are useful for manufacturing new ENGINE | 313 | /* Get and set global flags (ENGINE_TABLE_FLAG_***) for the implementation |
| 156 | * structures. They don't address reference counting at all - | 314 | * "registry" handling. */ |
| 157 | * one uses them to populate an ENGINE structure with personalised | 315 | unsigned int ENGINE_get_table_flags(void); |
| 158 | * implementations of things prior to using it directly or adding | 316 | void ENGINE_set_table_flags(unsigned int flags); |
| 159 | * it to the builtin ENGINE list in OpenSSL. These are also here | 317 | |
| 160 | * so that the ENGINE structure doesn't have to be exposed and | 318 | /* Manage registration of ENGINEs per "table". For each type, there are 3 |
| 161 | * break binary compatibility! | 319 | * functions; |
| 162 | * | 320 | * ENGINE_register_***(e) - registers the implementation from 'e' (if it has one) |
| 163 | * NB: I'm changing ENGINE_new to force the ENGINE structure to | 321 | * ENGINE_unregister_***(e) - unregister the implementation from 'e' |
| 164 | * be allocated from within OpenSSL. See the comment for | 322 | * ENGINE_register_all_***() - call ENGINE_register_***() for each 'e' in the list |
| 165 | * ENGINE_get_struct_size(). | 323 | * Cleanup is automatically registered from each table when required, so |
| 166 | */ | 324 | * ENGINE_cleanup() will reverse any "register" operations. */ |
| 167 | #if 0 | 325 | |
| 168 | ENGINE *ENGINE_new(ENGINE *e); | 326 | int ENGINE_register_RSA(ENGINE *e); |
| 169 | #else | 327 | void ENGINE_unregister_RSA(ENGINE *e); |
| 328 | void ENGINE_register_all_RSA(void); | ||
| 329 | |||
| 330 | int ENGINE_register_DSA(ENGINE *e); | ||
| 331 | void ENGINE_unregister_DSA(ENGINE *e); | ||
| 332 | void ENGINE_register_all_DSA(void); | ||
| 333 | |||
| 334 | int ENGINE_register_DH(ENGINE *e); | ||
| 335 | void ENGINE_unregister_DH(ENGINE *e); | ||
| 336 | void ENGINE_register_all_DH(void); | ||
| 337 | |||
| 338 | int ENGINE_register_RAND(ENGINE *e); | ||
| 339 | void ENGINE_unregister_RAND(ENGINE *e); | ||
| 340 | void ENGINE_register_all_RAND(void); | ||
| 341 | |||
| 342 | int ENGINE_register_ciphers(ENGINE *e); | ||
| 343 | void ENGINE_unregister_ciphers(ENGINE *e); | ||
| 344 | void ENGINE_register_all_ciphers(void); | ||
| 345 | |||
| 346 | int ENGINE_register_digests(ENGINE *e); | ||
| 347 | void ENGINE_unregister_digests(ENGINE *e); | ||
| 348 | void ENGINE_register_all_digests(void); | ||
| 349 | |||
| 350 | /* These functions register all support from the above categories. Note, use of | ||
| 351 | * these functions can result in static linkage of code your application may not | ||
| 352 | * need. If you only need a subset of functionality, consider using more | ||
| 353 | * selective initialisation. */ | ||
| 354 | int ENGINE_register_complete(ENGINE *e); | ||
| 355 | int ENGINE_register_all_complete(void); | ||
| 356 | |||
| 357 | /* Send parametrised control commands to the engine. The possibilities to send | ||
| 358 | * down an integer, a pointer to data or a function pointer are provided. Any of | ||
| 359 | * the parameters may or may not be NULL, depending on the command number. In | ||
| 360 | * actuality, this function only requires a structural (rather than functional) | ||
| 361 | * reference to an engine, but many control commands may require the engine be | ||
| 362 | * functional. The caller should be aware of trying commands that require an | ||
| 363 | * operational ENGINE, and only use functional references in such situations. */ | ||
| 364 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | ||
| 365 | |||
| 366 | /* This function tests if an ENGINE-specific command is usable as a "setting". | ||
| 367 | * Eg. in an application's config file that gets processed through | ||
| 368 | * ENGINE_ctrl_cmd_string(). If this returns zero, it is not available to | ||
| 369 | * ENGINE_ctrl_cmd_string(), only ENGINE_ctrl(). */ | ||
| 370 | int ENGINE_cmd_is_executable(ENGINE *e, int cmd); | ||
| 371 | |||
| 372 | /* This function works like ENGINE_ctrl() with the exception of taking a | ||
| 373 | * command name instead of a command number, and can handle optional commands. | ||
| 374 | * See the comment on ENGINE_ctrl_cmd_string() for an explanation on how to | ||
| 375 | * use the cmd_name and cmd_optional. */ | ||
| 376 | int ENGINE_ctrl_cmd(ENGINE *e, const char *cmd_name, | ||
| 377 | long i, void *p, void (*f)(), int cmd_optional); | ||
| 378 | |||
| 379 | /* This function passes a command-name and argument to an ENGINE. The cmd_name | ||
| 380 | * is converted to a command number and the control command is called using | ||
| 381 | * 'arg' as an argument (unless the ENGINE doesn't support such a command, in | ||
| 382 | * which case no control command is called). The command is checked for input | ||
| 383 | * flags, and if necessary the argument will be converted to a numeric value. If | ||
| 384 | * cmd_optional is non-zero, then if the ENGINE doesn't support the given | ||
| 385 | * cmd_name the return value will be success anyway. This function is intended | ||
| 386 | * for applications to use so that users (or config files) can supply | ||
| 387 | * engine-specific config data to the ENGINE at run-time to control behaviour of | ||
| 388 | * specific engines. As such, it shouldn't be used for calling ENGINE_ctrl() | ||
| 389 | * functions that return data, deal with binary data, or that are otherwise | ||
| 390 | * supposed to be used directly through ENGINE_ctrl() in application code. Any | ||
| 391 | * "return" data from an ENGINE_ctrl() operation in this function will be lost - | ||
| 392 | * the return value is interpreted as failure if the return value is zero, | ||
| 393 | * success otherwise, and this function returns a boolean value as a result. In | ||
| 394 | * other words, vendors of 'ENGINE'-enabled devices should write ENGINE | ||
| 395 | * implementations with parameterisations that work in this scheme, so that | ||
| 396 | * compliant ENGINE-based applications can work consistently with the same | ||
| 397 | * configuration for the same ENGINE-enabled devices, across applications. */ | ||
| 398 | int ENGINE_ctrl_cmd_string(ENGINE *e, const char *cmd_name, const char *arg, | ||
| 399 | int cmd_optional); | ||
| 400 | |||
| 401 | /* These functions are useful for manufacturing new ENGINE structures. They | ||
| 402 | * don't address reference counting at all - one uses them to populate an ENGINE | ||
| 403 | * structure with personalised implementations of things prior to using it | ||
| 404 | * directly or adding it to the builtin ENGINE list in OpenSSL. These are also | ||
| 405 | * here so that the ENGINE structure doesn't have to be exposed and break binary | ||
| 406 | * compatibility! */ | ||
| 170 | ENGINE *ENGINE_new(void); | 407 | ENGINE *ENGINE_new(void); |
| 171 | #endif | ||
| 172 | int ENGINE_free(ENGINE *e); | 408 | int ENGINE_free(ENGINE *e); |
| 173 | int ENGINE_set_id(ENGINE *e, const char *id); | 409 | int ENGINE_set_id(ENGINE *e, const char *id); |
| 174 | int ENGINE_set_name(ENGINE *e, const char *name); | 410 | int ENGINE_set_name(ENGINE *e, const char *name); |
| 175 | int ENGINE_set_RSA(ENGINE *e, RSA_METHOD *rsa_meth); | 411 | int ENGINE_set_RSA(ENGINE *e, const RSA_METHOD *rsa_meth); |
| 176 | int ENGINE_set_DSA(ENGINE *e, DSA_METHOD *dsa_meth); | 412 | int ENGINE_set_DSA(ENGINE *e, const DSA_METHOD *dsa_meth); |
| 177 | int ENGINE_set_DH(ENGINE *e, DH_METHOD *dh_meth); | 413 | int ENGINE_set_DH(ENGINE *e, const DH_METHOD *dh_meth); |
| 178 | int ENGINE_set_RAND(ENGINE *e, RAND_METHOD *rand_meth); | 414 | int ENGINE_set_RAND(ENGINE *e, const RAND_METHOD *rand_meth); |
| 179 | int ENGINE_set_BN_mod_exp(ENGINE *e, BN_MOD_EXP bn_mod_exp); | 415 | int ENGINE_set_destroy_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR destroy_f); |
| 180 | int ENGINE_set_BN_mod_exp_crt(ENGINE *e, BN_MOD_EXP_CRT bn_mod_exp_crt); | ||
| 181 | int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); | 416 | int ENGINE_set_init_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR init_f); |
| 182 | int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); | 417 | int ENGINE_set_finish_function(ENGINE *e, ENGINE_GEN_INT_FUNC_PTR finish_f); |
| 183 | int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); | 418 | int ENGINE_set_ctrl_function(ENGINE *e, ENGINE_CTRL_FUNC_PTR ctrl_f); |
| 419 | int ENGINE_set_load_privkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpriv_f); | ||
| 420 | int ENGINE_set_load_pubkey_function(ENGINE *e, ENGINE_LOAD_KEY_PTR loadpub_f); | ||
| 421 | int ENGINE_set_ciphers(ENGINE *e, ENGINE_CIPHERS_PTR f); | ||
| 422 | int ENGINE_set_digests(ENGINE *e, ENGINE_DIGESTS_PTR f); | ||
| 423 | int ENGINE_set_flags(ENGINE *e, int flags); | ||
| 424 | int ENGINE_set_cmd_defns(ENGINE *e, const ENGINE_CMD_DEFN *defns); | ||
| 425 | /* These functions (and the "get" function lower down) allow control over any | ||
| 426 | * per-structure ENGINE data. */ | ||
| 427 | int ENGINE_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 428 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | ||
| 429 | int ENGINE_set_ex_data(ENGINE *e, int idx, void *arg); | ||
| 184 | 430 | ||
| 185 | /* These return values from within the ENGINE structure. These can | 431 | /* This function cleans up anything that needs it. Eg. the ENGINE_add() function |
| 186 | * be useful with functional references as well as structural | 432 | * automatically ensures the list cleanup function is registered to be called |
| 187 | * references - it depends which you obtained. Using the result | 433 | * from ENGINE_cleanup(). Similarly, all ENGINE_register_*** functions ensure |
| 188 | * for functional purposes if you only obtained a structural | 434 | * ENGINE_cleanup() will clean up after them. */ |
| 189 | * reference may be problematic! */ | 435 | void ENGINE_cleanup(void); |
| 190 | const char *ENGINE_get_id(ENGINE *e); | 436 | |
| 191 | const char *ENGINE_get_name(ENGINE *e); | 437 | /* These return values from within the ENGINE structure. These can be useful |
| 192 | RSA_METHOD *ENGINE_get_RSA(ENGINE *e); | 438 | * with functional references as well as structural references - it depends |
| 193 | DSA_METHOD *ENGINE_get_DSA(ENGINE *e); | 439 | * which you obtained. Using the result for functional purposes if you only |
| 194 | DH_METHOD *ENGINE_get_DH(ENGINE *e); | 440 | * obtained a structural reference may be problematic! */ |
| 195 | RAND_METHOD *ENGINE_get_RAND(ENGINE *e); | 441 | const char *ENGINE_get_id(const ENGINE *e); |
| 196 | BN_MOD_EXP ENGINE_get_BN_mod_exp(ENGINE *e); | 442 | const char *ENGINE_get_name(const ENGINE *e); |
| 197 | BN_MOD_EXP_CRT ENGINE_get_BN_mod_exp_crt(ENGINE *e); | 443 | const RSA_METHOD *ENGINE_get_RSA(const ENGINE *e); |
| 198 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(ENGINE *e); | 444 | const DSA_METHOD *ENGINE_get_DSA(const ENGINE *e); |
| 199 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(ENGINE *e); | 445 | const DH_METHOD *ENGINE_get_DH(const ENGINE *e); |
| 200 | ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(ENGINE *e); | 446 | const RAND_METHOD *ENGINE_get_RAND(const ENGINE *e); |
| 201 | 447 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_destroy_function(const ENGINE *e); | |
| 202 | /* ENGINE_new is normally passed a NULL in the first parameter because | 448 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_init_function(const ENGINE *e); |
| 203 | * the calling code doesn't have access to the definition of the ENGINE | 449 | ENGINE_GEN_INT_FUNC_PTR ENGINE_get_finish_function(const ENGINE *e); |
| 204 | * structure (for good reason). However, if the caller wishes to use | 450 | ENGINE_CTRL_FUNC_PTR ENGINE_get_ctrl_function(const ENGINE *e); |
| 205 | * its own memory allocation or use a static array, the following call | 451 | ENGINE_LOAD_KEY_PTR ENGINE_get_load_privkey_function(const ENGINE *e); |
| 206 | * should be used to check the amount of memory the ENGINE structure | 452 | ENGINE_LOAD_KEY_PTR ENGINE_get_load_pubkey_function(const ENGINE *e); |
| 207 | * will occupy. This will make the code more future-proof. | 453 | ENGINE_CIPHERS_PTR ENGINE_get_ciphers(const ENGINE *e); |
| 208 | * | 454 | ENGINE_DIGESTS_PTR ENGINE_get_digests(const ENGINE *e); |
| 209 | * NB: I'm "#if 0"-ing this out because it's better to force the use of | 455 | const EVP_CIPHER *ENGINE_get_cipher(ENGINE *e, int nid); |
| 210 | * internally allocated memory. See similar change in ENGINE_new(). | 456 | const EVP_MD *ENGINE_get_digest(ENGINE *e, int nid); |
| 211 | */ | 457 | const ENGINE_CMD_DEFN *ENGINE_get_cmd_defns(const ENGINE *e); |
| 212 | #if 0 | 458 | int ENGINE_get_flags(const ENGINE *e); |
| 213 | int ENGINE_get_struct_size(void); | 459 | void *ENGINE_get_ex_data(const ENGINE *e, int idx); |
| 214 | #endif | ||
| 215 | 460 | ||
| 216 | /* FUNCTIONAL functions. These functions deal with ENGINE structures | 461 | /* FUNCTIONAL functions. These functions deal with ENGINE structures |
| 217 | * that have (or will) be initialised for use. Broadly speaking, the | 462 | * that have (or will) be initialised for use. Broadly speaking, the |
| @@ -233,20 +478,14 @@ int ENGINE_init(ENGINE *e); | |||
| 233 | * a corresponding call to ENGINE_free as it also releases a structural | 478 | * a corresponding call to ENGINE_free as it also releases a structural |
| 234 | * reference. */ | 479 | * reference. */ |
| 235 | int ENGINE_finish(ENGINE *e); | 480 | int ENGINE_finish(ENGINE *e); |
| 236 | /* Send control parametrised commands to the engine. The possibilities | ||
| 237 | * to send down an integer, a pointer to data or a function pointer are | ||
| 238 | * provided. Any of the parameters may or may not be NULL, depending | ||
| 239 | * on the command number */ | ||
| 240 | /* WARNING: This is currently experimental and may change radically! */ | ||
| 241 | int ENGINE_ctrl(ENGINE *e, int cmd, long i, void *p, void (*f)()); | ||
| 242 | 481 | ||
| 243 | /* The following functions handle keys that are stored in some secondary | 482 | /* The following functions handle keys that are stored in some secondary |
| 244 | * location, handled by the engine. The storage may be on a card or | 483 | * location, handled by the engine. The storage may be on a card or |
| 245 | * whatever. */ | 484 | * whatever. */ |
| 246 | EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, | 485 | EVP_PKEY *ENGINE_load_private_key(ENGINE *e, const char *key_id, |
| 247 | const char *passphrase); | 486 | UI_METHOD *ui_method, void *callback_data); |
| 248 | EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, | 487 | EVP_PKEY *ENGINE_load_public_key(ENGINE *e, const char *key_id, |
| 249 | const char *passphrase); | 488 | UI_METHOD *ui_method, void *callback_data); |
| 250 | 489 | ||
| 251 | /* This returns a pointer for the current ENGINE structure that | 490 | /* This returns a pointer for the current ENGINE structure that |
| 252 | * is (by default) performing any RSA operations. The value returned | 491 | * is (by default) performing any RSA operations. The value returned |
| @@ -257,117 +496,192 @@ ENGINE *ENGINE_get_default_RSA(void); | |||
| 257 | ENGINE *ENGINE_get_default_DSA(void); | 496 | ENGINE *ENGINE_get_default_DSA(void); |
| 258 | ENGINE *ENGINE_get_default_DH(void); | 497 | ENGINE *ENGINE_get_default_DH(void); |
| 259 | ENGINE *ENGINE_get_default_RAND(void); | 498 | ENGINE *ENGINE_get_default_RAND(void); |
| 260 | ENGINE *ENGINE_get_default_BN_mod_exp(void); | 499 | /* These functions can be used to get a functional reference to perform |
| 261 | ENGINE *ENGINE_get_default_BN_mod_exp_crt(void); | 500 | * ciphering or digesting corresponding to "nid". */ |
| 501 | ENGINE *ENGINE_get_cipher_engine(int nid); | ||
| 502 | ENGINE *ENGINE_get_digest_engine(int nid); | ||
| 262 | 503 | ||
| 263 | /* This sets a new default ENGINE structure for performing RSA | 504 | /* This sets a new default ENGINE structure for performing RSA |
| 264 | * operations. If the result is non-zero (success) then the ENGINE | 505 | * operations. If the result is non-zero (success) then the ENGINE |
| 265 | * structure will have had its reference count up'd so the caller | 506 | * structure will have had its reference count up'd so the caller |
| 266 | * should still free their own reference 'e'. */ | 507 | * should still free their own reference 'e'. */ |
| 267 | int ENGINE_set_default_RSA(ENGINE *e); | 508 | int ENGINE_set_default_RSA(ENGINE *e); |
| 509 | int ENGINE_set_default_string(ENGINE *e, const char *list); | ||
| 268 | /* Same for the other "methods" */ | 510 | /* Same for the other "methods" */ |
| 269 | int ENGINE_set_default_DSA(ENGINE *e); | 511 | int ENGINE_set_default_DSA(ENGINE *e); |
| 270 | int ENGINE_set_default_DH(ENGINE *e); | 512 | int ENGINE_set_default_DH(ENGINE *e); |
| 271 | int ENGINE_set_default_RAND(ENGINE *e); | 513 | int ENGINE_set_default_RAND(ENGINE *e); |
| 272 | int ENGINE_set_default_BN_mod_exp(ENGINE *e); | 514 | int ENGINE_set_default_ciphers(ENGINE *e); |
| 273 | int ENGINE_set_default_BN_mod_exp_crt(ENGINE *e); | 515 | int ENGINE_set_default_digests(ENGINE *e); |
| 274 | 516 | ||
| 275 | /* The combination "set" - the flags are bitwise "OR"d from the | 517 | /* The combination "set" - the flags are bitwise "OR"d from the |
| 276 | * ENGINE_METHOD_*** defines above. */ | 518 | * ENGINE_METHOD_*** defines above. As with the "ENGINE_register_complete()" |
| 519 | * function, this function can result in unnecessary static linkage. If your | ||
| 520 | * application requires only specific functionality, consider using more | ||
| 521 | * selective functions. */ | ||
| 277 | int ENGINE_set_default(ENGINE *e, unsigned int flags); | 522 | int ENGINE_set_default(ENGINE *e, unsigned int flags); |
| 278 | 523 | ||
| 279 | /* Obligatory error function. */ | 524 | void ENGINE_add_conf_module(void); |
| 280 | void ERR_load_ENGINE_strings(void); | ||
| 281 | 525 | ||
| 282 | /* | 526 | /* Deprecated functions ... */ |
| 283 | * Error codes for all engine functions. NB: We use "generic" | 527 | /* int ENGINE_clear_defaults(void); */ |
| 284 | * function names instead of per-implementation ones because this | 528 | |
| 285 | * levels the playing field for externally implemented bootstrapped | 529 | /**************************/ |
| 286 | * support code. As the filename and line number is included, it's | 530 | /* DYNAMIC ENGINE SUPPORT */ |
| 287 | * more important to indicate the type of function, so that | 531 | /**************************/ |
| 288 | * bootstrapped code (that can't easily add its own errors in) can | 532 | |
| 289 | * use the same error codes too. | 533 | /* Binary/behaviour compatibility levels */ |
| 290 | */ | 534 | #define OSSL_DYNAMIC_VERSION (unsigned long)0x00010100 |
| 535 | /* Binary versions older than this are too old for us (whether we're a loader or | ||
| 536 | * a loadee) */ | ||
| 537 | #define OSSL_DYNAMIC_OLDEST (unsigned long)0x00010100 | ||
| 538 | |||
| 539 | /* When compiling an ENGINE entirely as an external shared library, loadable by | ||
| 540 | * the "dynamic" ENGINE, these types are needed. The 'dynamic_fns' structure | ||
| 541 | * type provides the calling application's (or library's) error functionality | ||
| 542 | * and memory management function pointers to the loaded library. These should | ||
| 543 | * be used/set in the loaded library code so that the loading application's | ||
| 544 | * 'state' will be used/changed in all operations. */ | ||
| 545 | typedef void *(*dyn_MEM_malloc_cb)(size_t); | ||
| 546 | typedef void *(*dyn_MEM_realloc_cb)(void *, size_t); | ||
| 547 | typedef void (*dyn_MEM_free_cb)(void *); | ||
| 548 | typedef struct st_dynamic_MEM_fns { | ||
| 549 | dyn_MEM_malloc_cb malloc_cb; | ||
| 550 | dyn_MEM_realloc_cb realloc_cb; | ||
| 551 | dyn_MEM_free_cb free_cb; | ||
| 552 | } dynamic_MEM_fns; | ||
| 553 | /* FIXME: Perhaps the memory and locking code (crypto.h) should declare and use | ||
| 554 | * these types so we (and any other dependant code) can simplify a bit?? */ | ||
| 555 | typedef void (*dyn_lock_locking_cb)(int,int,const char *,int); | ||
| 556 | typedef int (*dyn_lock_add_lock_cb)(int*,int,int,const char *,int); | ||
| 557 | typedef struct CRYPTO_dynlock_value *(*dyn_dynlock_create_cb)( | ||
| 558 | const char *,int); | ||
| 559 | typedef void (*dyn_dynlock_lock_cb)(int,struct CRYPTO_dynlock_value *, | ||
| 560 | const char *,int); | ||
| 561 | typedef void (*dyn_dynlock_destroy_cb)(struct CRYPTO_dynlock_value *, | ||
| 562 | const char *,int); | ||
| 563 | typedef struct st_dynamic_LOCK_fns { | ||
| 564 | dyn_lock_locking_cb lock_locking_cb; | ||
| 565 | dyn_lock_add_lock_cb lock_add_lock_cb; | ||
| 566 | dyn_dynlock_create_cb dynlock_create_cb; | ||
| 567 | dyn_dynlock_lock_cb dynlock_lock_cb; | ||
| 568 | dyn_dynlock_destroy_cb dynlock_destroy_cb; | ||
| 569 | } dynamic_LOCK_fns; | ||
| 570 | /* The top-level structure */ | ||
| 571 | typedef struct st_dynamic_fns { | ||
| 572 | const ERR_FNS *err_fns; | ||
| 573 | const CRYPTO_EX_DATA_IMPL *ex_data_fns; | ||
| 574 | dynamic_MEM_fns mem_fns; | ||
| 575 | dynamic_LOCK_fns lock_fns; | ||
| 576 | } dynamic_fns; | ||
| 577 | |||
| 578 | /* The version checking function should be of this prototype. NB: The | ||
| 579 | * ossl_version value passed in is the OSSL_DYNAMIC_VERSION of the loading code. | ||
| 580 | * If this function returns zero, it indicates a (potential) version | ||
| 581 | * incompatibility and the loaded library doesn't believe it can proceed. | ||
| 582 | * Otherwise, the returned value is the (latest) version supported by the | ||
| 583 | * loading library. The loader may still decide that the loaded code's version | ||
| 584 | * is unsatisfactory and could veto the load. The function is expected to | ||
| 585 | * be implemented with the symbol name "v_check", and a default implementation | ||
| 586 | * can be fully instantiated with IMPLEMENT_DYNAMIC_CHECK_FN(). */ | ||
| 587 | typedef unsigned long (*dynamic_v_check_fn)(unsigned long ossl_version); | ||
| 588 | #define IMPLEMENT_DYNAMIC_CHECK_FN() \ | ||
| 589 | unsigned long v_check(unsigned long v) { \ | ||
| 590 | if(v >= OSSL_DYNAMIC_OLDEST) return OSSL_DYNAMIC_VERSION; \ | ||
| 591 | return 0; } | ||
| 592 | |||
| 593 | /* This function is passed the ENGINE structure to initialise with its own | ||
| 594 | * function and command settings. It should not adjust the structural or | ||
| 595 | * functional reference counts. If this function returns zero, (a) the load will | ||
| 596 | * be aborted, (b) the previous ENGINE state will be memcpy'd back onto the | ||
| 597 | * structure, and (c) the shared library will be unloaded. So implementations | ||
| 598 | * should do their own internal cleanup in failure circumstances otherwise they | ||
| 599 | * could leak. The 'id' parameter, if non-NULL, represents the ENGINE id that | ||
| 600 | * the loader is looking for. If this is NULL, the shared library can choose to | ||
| 601 | * return failure or to initialise a 'default' ENGINE. If non-NULL, the shared | ||
| 602 | * library must initialise only an ENGINE matching the passed 'id'. The function | ||
| 603 | * is expected to be implemented with the symbol name "bind_engine". A standard | ||
| 604 | * implementation can be instantiated with IMPLEMENT_DYNAMIC_BIND_FN(fn) where | ||
| 605 | * the parameter 'fn' is a callback function that populates the ENGINE structure | ||
| 606 | * and returns an int value (zero for failure). 'fn' should have prototype; | ||
| 607 | * [static] int fn(ENGINE *e, const char *id); */ | ||
| 608 | typedef int (*dynamic_bind_engine)(ENGINE *e, const char *id, | ||
| 609 | const dynamic_fns *fns); | ||
| 610 | #define IMPLEMENT_DYNAMIC_BIND_FN(fn) \ | ||
| 611 | int bind_engine(ENGINE *e, const char *id, const dynamic_fns *fns) { \ | ||
| 612 | if(!CRYPTO_set_mem_functions(fns->mem_fns.malloc_cb, \ | ||
| 613 | fns->mem_fns.realloc_cb, fns->mem_fns.free_cb)) \ | ||
| 614 | return 0; \ | ||
| 615 | CRYPTO_set_locking_callback(fns->lock_fns.lock_locking_cb); \ | ||
| 616 | CRYPTO_set_add_lock_callback(fns->lock_fns.lock_add_lock_cb); \ | ||
| 617 | CRYPTO_set_dynlock_create_callback(fns->lock_fns.dynlock_create_cb); \ | ||
| 618 | CRYPTO_set_dynlock_lock_callback(fns->lock_fns.dynlock_lock_cb); \ | ||
| 619 | CRYPTO_set_dynlock_destroy_callback(fns->lock_fns.dynlock_destroy_cb); \ | ||
| 620 | if(!CRYPTO_set_ex_data_implementation(fns->ex_data_fns)) \ | ||
| 621 | return 0; \ | ||
| 622 | if(!ERR_set_implementation(fns->err_fns)) return 0; \ | ||
| 623 | if(!fn(e,id)) return 0; \ | ||
| 624 | return 1; } | ||
| 291 | 625 | ||
| 292 | /* BEGIN ERROR CODES */ | 626 | /* BEGIN ERROR CODES */ |
| 293 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 627 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 294 | * made after this point may be overwritten when the script is next run. | 628 | * made after this point may be overwritten when the script is next run. |
| 295 | */ | 629 | */ |
| 630 | void ERR_load_ENGINE_strings(void); | ||
| 296 | 631 | ||
| 297 | /* Error codes for the ENGINE functions. */ | 632 | /* Error codes for the ENGINE functions. */ |
| 298 | 633 | ||
| 299 | /* Function codes. */ | 634 | /* Function codes. */ |
| 300 | #define ENGINE_F_ATALLA_FINISH 135 | 635 | #define ENGINE_F_DYNAMIC_CTRL 180 |
| 301 | #define ENGINE_F_ATALLA_INIT 136 | 636 | #define ENGINE_F_DYNAMIC_GET_DATA_CTX 181 |
| 302 | #define ENGINE_F_ATALLA_MOD_EXP 137 | 637 | #define ENGINE_F_DYNAMIC_LOAD 182 |
| 303 | #define ENGINE_F_ATALLA_RSA_MOD_EXP 138 | ||
| 304 | #define ENGINE_F_CSWIFT_DSA_SIGN 133 | ||
| 305 | #define ENGINE_F_CSWIFT_DSA_VERIFY 134 | ||
| 306 | #define ENGINE_F_CSWIFT_FINISH 100 | ||
| 307 | #define ENGINE_F_CSWIFT_INIT 101 | ||
| 308 | #define ENGINE_F_CSWIFT_MOD_EXP 102 | ||
| 309 | #define ENGINE_F_CSWIFT_MOD_EXP_CRT 103 | ||
| 310 | #define ENGINE_F_CSWIFT_RSA_MOD_EXP 104 | ||
| 311 | #define ENGINE_F_ENGINE_ADD 105 | 638 | #define ENGINE_F_ENGINE_ADD 105 |
| 312 | #define ENGINE_F_ENGINE_BY_ID 106 | 639 | #define ENGINE_F_ENGINE_BY_ID 106 |
| 640 | #define ENGINE_F_ENGINE_CMD_IS_EXECUTABLE 170 | ||
| 313 | #define ENGINE_F_ENGINE_CTRL 142 | 641 | #define ENGINE_F_ENGINE_CTRL 142 |
| 642 | #define ENGINE_F_ENGINE_CTRL_CMD 178 | ||
| 643 | #define ENGINE_F_ENGINE_CTRL_CMD_STRING 171 | ||
| 314 | #define ENGINE_F_ENGINE_FINISH 107 | 644 | #define ENGINE_F_ENGINE_FINISH 107 |
| 315 | #define ENGINE_F_ENGINE_FREE 108 | 645 | #define ENGINE_F_ENGINE_FREE 108 |
| 316 | #define ENGINE_F_ENGINE_GET_BN_MOD_EXP 109 | 646 | #define ENGINE_F_ENGINE_GET_CIPHER 185 |
| 317 | #define ENGINE_F_ENGINE_GET_BN_MOD_EXP_CRT 110 | 647 | #define ENGINE_F_ENGINE_GET_DEFAULT_TYPE 177 |
| 318 | #define ENGINE_F_ENGINE_GET_CTRL_FUNCTION 144 | 648 | #define ENGINE_F_ENGINE_GET_DIGEST 186 |
| 319 | #define ENGINE_F_ENGINE_GET_DH 111 | ||
| 320 | #define ENGINE_F_ENGINE_GET_DSA 112 | ||
| 321 | #define ENGINE_F_ENGINE_GET_FINISH_FUNCTION 145 | ||
| 322 | #define ENGINE_F_ENGINE_GET_ID 113 | ||
| 323 | #define ENGINE_F_ENGINE_GET_INIT_FUNCTION 146 | ||
| 324 | #define ENGINE_F_ENGINE_GET_NAME 114 | ||
| 325 | #define ENGINE_F_ENGINE_GET_NEXT 115 | 649 | #define ENGINE_F_ENGINE_GET_NEXT 115 |
| 326 | #define ENGINE_F_ENGINE_GET_PREV 116 | 650 | #define ENGINE_F_ENGINE_GET_PREV 116 |
| 327 | #define ENGINE_F_ENGINE_GET_RAND 117 | ||
| 328 | #define ENGINE_F_ENGINE_GET_RSA 118 | ||
| 329 | #define ENGINE_F_ENGINE_INIT 119 | 651 | #define ENGINE_F_ENGINE_INIT 119 |
| 330 | #define ENGINE_F_ENGINE_LIST_ADD 120 | 652 | #define ENGINE_F_ENGINE_LIST_ADD 120 |
| 331 | #define ENGINE_F_ENGINE_LIST_REMOVE 121 | 653 | #define ENGINE_F_ENGINE_LIST_REMOVE 121 |
| 332 | #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 | 654 | #define ENGINE_F_ENGINE_LOAD_PRIVATE_KEY 150 |
| 333 | #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 | 655 | #define ENGINE_F_ENGINE_LOAD_PUBLIC_KEY 151 |
| 656 | #define ENGINE_F_ENGINE_MODULE_INIT 187 | ||
| 334 | #define ENGINE_F_ENGINE_NEW 122 | 657 | #define ENGINE_F_ENGINE_NEW 122 |
| 335 | #define ENGINE_F_ENGINE_REMOVE 123 | 658 | #define ENGINE_F_ENGINE_REMOVE 123 |
| 336 | #define ENGINE_F_ENGINE_SET_BN_MOD_EXP 124 | 659 | #define ENGINE_F_ENGINE_SET_DEFAULT_STRING 189 |
| 337 | #define ENGINE_F_ENGINE_SET_BN_MOD_EXP_CRT 125 | ||
| 338 | #define ENGINE_F_ENGINE_SET_CTRL_FUNCTION 147 | ||
| 339 | #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 | 660 | #define ENGINE_F_ENGINE_SET_DEFAULT_TYPE 126 |
| 340 | #define ENGINE_F_ENGINE_SET_DH 127 | ||
| 341 | #define ENGINE_F_ENGINE_SET_DSA 128 | ||
| 342 | #define ENGINE_F_ENGINE_SET_FINISH_FUNCTION 148 | ||
| 343 | #define ENGINE_F_ENGINE_SET_ID 129 | 661 | #define ENGINE_F_ENGINE_SET_ID 129 |
| 344 | #define ENGINE_F_ENGINE_SET_INIT_FUNCTION 149 | ||
| 345 | #define ENGINE_F_ENGINE_SET_NAME 130 | 662 | #define ENGINE_F_ENGINE_SET_NAME 130 |
| 346 | #define ENGINE_F_ENGINE_SET_RAND 131 | 663 | #define ENGINE_F_ENGINE_TABLE_REGISTER 184 |
| 347 | #define ENGINE_F_ENGINE_SET_RSA 132 | ||
| 348 | #define ENGINE_F_ENGINE_UNLOAD_KEY 152 | 664 | #define ENGINE_F_ENGINE_UNLOAD_KEY 152 |
| 349 | #define ENGINE_F_HWCRHK_CTRL 143 | 665 | #define ENGINE_F_INT_CTRL_HELPER 172 |
| 350 | #define ENGINE_F_HWCRHK_FINISH 135 | 666 | #define ENGINE_F_INT_ENGINE_CONFIGURE 188 |
| 351 | #define ENGINE_F_HWCRHK_GET_PASS 155 | ||
| 352 | #define ENGINE_F_HWCRHK_INIT 136 | ||
| 353 | #define ENGINE_F_HWCRHK_LOAD_PRIVKEY 153 | ||
| 354 | #define ENGINE_F_HWCRHK_LOAD_PUBKEY 154 | ||
| 355 | #define ENGINE_F_HWCRHK_MOD_EXP 137 | ||
| 356 | #define ENGINE_F_HWCRHK_MOD_EXP_CRT 138 | ||
| 357 | #define ENGINE_F_HWCRHK_RAND_BYTES 139 | ||
| 358 | #define ENGINE_F_HWCRHK_RSA_MOD_EXP 140 | ||
| 359 | #define ENGINE_F_LOG_MESSAGE 141 | 667 | #define ENGINE_F_LOG_MESSAGE 141 |
| 668 | #define ENGINE_F_SET_DATA_CTX 183 | ||
| 360 | 669 | ||
| 361 | /* Reason codes. */ | 670 | /* Reason codes. */ |
| 362 | #define ENGINE_R_ALREADY_LOADED 100 | 671 | #define ENGINE_R_ALREADY_LOADED 100 |
| 363 | #define ENGINE_R_BIO_WAS_FREED 121 | 672 | #define ENGINE_R_ARGUMENT_IS_NOT_A_NUMBER 133 |
| 364 | #define ENGINE_R_BN_CTX_FULL 101 | 673 | #define ENGINE_R_CMD_NOT_EXECUTABLE 134 |
| 365 | #define ENGINE_R_BN_EXPAND_FAIL 102 | 674 | #define ENGINE_R_COMMAND_TAKES_INPUT 135 |
| 366 | #define ENGINE_R_CHIL_ERROR 123 | 675 | #define ENGINE_R_COMMAND_TAKES_NO_INPUT 136 |
| 367 | #define ENGINE_R_CONFLICTING_ENGINE_ID 103 | 676 | #define ENGINE_R_CONFLICTING_ENGINE_ID 103 |
| 368 | #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 | 677 | #define ENGINE_R_CTRL_COMMAND_NOT_IMPLEMENTED 119 |
| 678 | #define ENGINE_R_DH_NOT_IMPLEMENTED 139 | ||
| 679 | #define ENGINE_R_DSA_NOT_IMPLEMENTED 140 | ||
| 369 | #define ENGINE_R_DSO_FAILURE 104 | 680 | #define ENGINE_R_DSO_FAILURE 104 |
| 681 | #define ENGINE_R_DSO_NOT_FOUND 132 | ||
| 682 | #define ENGINE_R_ENGINES_SECTION_ERROR 148 | ||
| 370 | #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 | 683 | #define ENGINE_R_ENGINE_IS_NOT_IN_LIST 105 |
| 684 | #define ENGINE_R_ENGINE_SECTION_ERROR 149 | ||
| 371 | #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 | 685 | #define ENGINE_R_FAILED_LOADING_PRIVATE_KEY 128 |
| 372 | #define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 | 686 | #define ENGINE_R_FAILED_LOADING_PUBLIC_KEY 129 |
| 373 | #define ENGINE_R_FINISH_FAILED 106 | 687 | #define ENGINE_R_FINISH_FAILED 106 |
| @@ -375,24 +689,26 @@ void ERR_load_ENGINE_strings(void); | |||
| 375 | #define ENGINE_R_ID_OR_NAME_MISSING 108 | 689 | #define ENGINE_R_ID_OR_NAME_MISSING 108 |
| 376 | #define ENGINE_R_INIT_FAILED 109 | 690 | #define ENGINE_R_INIT_FAILED 109 |
| 377 | #define ENGINE_R_INTERNAL_LIST_ERROR 110 | 691 | #define ENGINE_R_INTERNAL_LIST_ERROR 110 |
| 378 | #define ENGINE_R_MISSING_KEY_COMPONENTS 111 | 692 | #define ENGINE_R_INVALID_ARGUMENT 143 |
| 693 | #define ENGINE_R_INVALID_CMD_NAME 137 | ||
| 694 | #define ENGINE_R_INVALID_CMD_NUMBER 138 | ||
| 695 | #define ENGINE_R_INVALID_INIT_VALUE 151 | ||
| 696 | #define ENGINE_R_INVALID_STRING 150 | ||
| 379 | #define ENGINE_R_NOT_INITIALISED 117 | 697 | #define ENGINE_R_NOT_INITIALISED 117 |
| 380 | #define ENGINE_R_NOT_LOADED 112 | 698 | #define ENGINE_R_NOT_LOADED 112 |
| 381 | #define ENGINE_R_NO_CALLBACK 127 | ||
| 382 | #define ENGINE_R_NO_CONTROL_FUNCTION 120 | 699 | #define ENGINE_R_NO_CONTROL_FUNCTION 120 |
| 383 | #define ENGINE_R_NO_KEY 124 | 700 | #define ENGINE_R_NO_INDEX 144 |
| 384 | #define ENGINE_R_NO_LOAD_FUNCTION 125 | 701 | #define ENGINE_R_NO_LOAD_FUNCTION 125 |
| 385 | #define ENGINE_R_NO_REFERENCE 130 | 702 | #define ENGINE_R_NO_REFERENCE 130 |
| 386 | #define ENGINE_R_NO_SUCH_ENGINE 116 | 703 | #define ENGINE_R_NO_SUCH_ENGINE 116 |
| 387 | #define ENGINE_R_NO_UNLOAD_FUNCTION 126 | 704 | #define ENGINE_R_NO_UNLOAD_FUNCTION 126 |
| 388 | #define ENGINE_R_PROVIDE_PARAMETERS 113 | 705 | #define ENGINE_R_PROVIDE_PARAMETERS 113 |
| 389 | #define ENGINE_R_REQUEST_FAILED 114 | 706 | #define ENGINE_R_RSA_NOT_IMPLEMENTED 141 |
| 390 | #define ENGINE_R_REQUEST_FALLBACK 118 | 707 | #define ENGINE_R_UNIMPLEMENTED_CIPHER 146 |
| 391 | #define ENGINE_R_SIZE_TOO_LARGE_OR_TOO_SMALL 122 | 708 | #define ENGINE_R_UNIMPLEMENTED_DIGEST 147 |
| 392 | #define ENGINE_R_UNIT_FAILURE 115 | 709 | #define ENGINE_R_VERSION_INCOMPATIBILITY 145 |
| 393 | 710 | ||
| 394 | #ifdef __cplusplus | 711 | #ifdef __cplusplus |
| 395 | } | 712 | } |
| 396 | #endif | 713 | #endif |
| 397 | #endif | 714 | #endif |
| 398 | |||
diff --git a/src/lib/libcrypto/err/err.c b/src/lib/libcrypto/err/err.c index 5aef6a1259..04773d65a6 100644 --- a/src/lib/libcrypto/err/err.c +++ b/src/lib/libcrypto/err/err.c | |||
| @@ -55,37 +55,74 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "lhash.h" | 113 | #include <stdarg.h> |
| 61 | #include "crypto.h" | 114 | #include <string.h> |
| 115 | #include <openssl/lhash.h> | ||
| 116 | #include <openssl/crypto.h> | ||
| 62 | #include "cryptlib.h" | 117 | #include "cryptlib.h" |
| 63 | #include "buffer.h" | 118 | #include <openssl/buffer.h> |
| 64 | #include "err.h" | 119 | #include <openssl/bio.h> |
| 65 | #include "crypto.h" | 120 | #include <openssl/err.h> |
| 66 | 121 | ||
| 122 | static void err_load_strings(int lib, ERR_STRING_DATA *str); | ||
| 67 | 123 | ||
| 68 | static LHASH *error_hash=NULL; | ||
| 69 | static LHASH *thread_hash=NULL; | ||
| 70 | |||
| 71 | #ifndef NOPROTO | ||
| 72 | static unsigned long err_hash(ERR_STRING_DATA *a); | ||
| 73 | static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); | ||
| 74 | static unsigned long pid_hash(ERR_STATE *pid); | ||
| 75 | static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); | ||
| 76 | static unsigned long get_error_values(int inc,char **file,int *line, | ||
| 77 | char **data,int *flags); | ||
| 78 | static void ERR_STATE_free(ERR_STATE *s); | 124 | static void ERR_STATE_free(ERR_STATE *s); |
| 79 | #else | 125 | #ifndef OPENSSL_NO_ERR |
| 80 | static unsigned long err_hash(); | ||
| 81 | static int err_cmp(); | ||
| 82 | static unsigned long pid_hash(); | ||
| 83 | static int pid_cmp(); | ||
| 84 | static void ERR_STATE_free(); | ||
| 85 | ERR_STATE *s; | ||
| 86 | #endif | ||
| 87 | |||
| 88 | #ifndef NO_ERR | ||
| 89 | static ERR_STRING_DATA ERR_str_libraries[]= | 126 | static ERR_STRING_DATA ERR_str_libraries[]= |
| 90 | { | 127 | { |
| 91 | {ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, | 128 | {ERR_PACK(ERR_LIB_NONE,0,0) ,"unknown library"}, |
| @@ -95,18 +132,23 @@ static ERR_STRING_DATA ERR_str_libraries[]= | |||
| 95 | {ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, | 132 | {ERR_PACK(ERR_LIB_DH,0,0) ,"Diffie-Hellman routines"}, |
| 96 | {ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, | 133 | {ERR_PACK(ERR_LIB_EVP,0,0) ,"digital envelope routines"}, |
| 97 | {ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, | 134 | {ERR_PACK(ERR_LIB_BUF,0,0) ,"memory buffer routines"}, |
| 98 | {ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, | ||
| 99 | {ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, | 135 | {ERR_PACK(ERR_LIB_OBJ,0,0) ,"object identifier routines"}, |
| 100 | {ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, | 136 | {ERR_PACK(ERR_LIB_PEM,0,0) ,"PEM routines"}, |
| 101 | {ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, | 137 | {ERR_PACK(ERR_LIB_DSA,0,0) ,"dsa routines"}, |
| 102 | {ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, | 138 | {ERR_PACK(ERR_LIB_X509,0,0) ,"x509 certificate routines"}, |
| 103 | {ERR_PACK(ERR_LIB_CONF,0,0) ,"configuation file routines"}, | 139 | {ERR_PACK(ERR_LIB_ASN1,0,0) ,"asn1 encoding routines"}, |
| 104 | {ERR_PACK(ERR_LIB_METH,0,0) ,"X509 lookup 'method' routines"}, | 140 | {ERR_PACK(ERR_LIB_CONF,0,0) ,"configuration file routines"}, |
| 141 | {ERR_PACK(ERR_LIB_CRYPTO,0,0) ,"common libcrypto routines"}, | ||
| 142 | {ERR_PACK(ERR_LIB_EC,0,0) ,"elliptic curve routines"}, | ||
| 105 | {ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, | 143 | {ERR_PACK(ERR_LIB_SSL,0,0) ,"SSL routines"}, |
| 106 | {ERR_PACK(ERR_LIB_RSAREF,0,0) ,"RSAref routines"}, | ||
| 107 | {ERR_PACK(ERR_LIB_PROXY,0,0) ,"Proxy routines"}, | ||
| 108 | {ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, | 144 | {ERR_PACK(ERR_LIB_BIO,0,0) ,"BIO routines"}, |
| 109 | {ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, | 145 | {ERR_PACK(ERR_LIB_PKCS7,0,0) ,"PKCS7 routines"}, |
| 146 | {ERR_PACK(ERR_LIB_X509V3,0,0) ,"X509 V3 routines"}, | ||
| 147 | {ERR_PACK(ERR_LIB_PKCS12,0,0) ,"PKCS12 routines"}, | ||
| 148 | {ERR_PACK(ERR_LIB_RAND,0,0) ,"random number generator"}, | ||
| 149 | {ERR_PACK(ERR_LIB_DSO,0,0) ,"DSO support routines"}, | ||
| 150 | {ERR_PACK(ERR_LIB_ENGINE,0,0) ,"engine routines"}, | ||
| 151 | {ERR_PACK(ERR_LIB_OCSP,0,0) ,"OCSP routines"}, | ||
| 110 | {0,NULL}, | 152 | {0,NULL}, |
| 111 | }; | 153 | }; |
| 112 | 154 | ||
| @@ -120,132 +162,480 @@ static ERR_STRING_DATA ERR_str_functs[]= | |||
| 120 | {ERR_PACK(0,SYS_F_BIND,0), "bind"}, | 162 | {ERR_PACK(0,SYS_F_BIND,0), "bind"}, |
| 121 | {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, | 163 | {ERR_PACK(0,SYS_F_LISTEN,0), "listen"}, |
| 122 | {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, | 164 | {ERR_PACK(0,SYS_F_ACCEPT,0), "accept"}, |
| 123 | #ifdef WINDOWS | 165 | #ifdef OPENSSL_SYS_WINDOWS |
| 124 | {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, | 166 | {ERR_PACK(0,SYS_F_WSASTARTUP,0), "WSAstartup"}, |
| 125 | #endif | 167 | #endif |
| 168 | {ERR_PACK(0,SYS_F_OPENDIR,0), "opendir"}, | ||
| 126 | {0,NULL}, | 169 | {0,NULL}, |
| 127 | }; | 170 | }; |
| 128 | 171 | ||
| 129 | static ERR_STRING_DATA ERR_str_reasons[]= | 172 | static ERR_STRING_DATA ERR_str_reasons[]= |
| 130 | { | 173 | { |
| 131 | {ERR_R_FATAL ,"fatal"}, | ||
| 132 | {ERR_R_SYS_LIB ,"system lib"}, | 174 | {ERR_R_SYS_LIB ,"system lib"}, |
| 133 | {ERR_R_BN_LIB ,"BN lib"}, | 175 | {ERR_R_BN_LIB ,"BN lib"}, |
| 134 | {ERR_R_RSA_LIB ,"RSA lib"}, | 176 | {ERR_R_RSA_LIB ,"RSA lib"}, |
| 135 | {ERR_R_DH_LIB ,"DH lib"}, | 177 | {ERR_R_DH_LIB ,"DH lib"}, |
| 136 | {ERR_R_EVP_LIB ,"EVP lib"}, | 178 | {ERR_R_EVP_LIB ,"EVP lib"}, |
| 137 | {ERR_R_BUF_LIB ,"BUF lib"}, | 179 | {ERR_R_BUF_LIB ,"BUF lib"}, |
| 138 | {ERR_R_BIO_LIB ,"BIO lib"}, | ||
| 139 | {ERR_R_OBJ_LIB ,"OBJ lib"}, | 180 | {ERR_R_OBJ_LIB ,"OBJ lib"}, |
| 140 | {ERR_R_PEM_LIB ,"PEM lib"}, | 181 | {ERR_R_PEM_LIB ,"PEM lib"}, |
| 182 | {ERR_R_DSA_LIB ,"DSA lib"}, | ||
| 141 | {ERR_R_X509_LIB ,"X509 lib"}, | 183 | {ERR_R_X509_LIB ,"X509 lib"}, |
| 142 | {ERR_R_METH_LIB ,"METH lib"}, | ||
| 143 | {ERR_R_ASN1_LIB ,"ASN1 lib"}, | 184 | {ERR_R_ASN1_LIB ,"ASN1 lib"}, |
| 144 | {ERR_R_CONF_LIB ,"CONF lib"}, | 185 | {ERR_R_CONF_LIB ,"CONF lib"}, |
| 186 | {ERR_R_CRYPTO_LIB ,"CRYPTO lib"}, | ||
| 187 | {ERR_R_EC_LIB ,"EC lib"}, | ||
| 145 | {ERR_R_SSL_LIB ,"SSL lib"}, | 188 | {ERR_R_SSL_LIB ,"SSL lib"}, |
| 146 | {ERR_R_PROXY_LIB ,"PROXY lib"}, | ||
| 147 | {ERR_R_BIO_LIB ,"BIO lib"}, | 189 | {ERR_R_BIO_LIB ,"BIO lib"}, |
| 148 | {ERR_R_PKCS7_LIB ,"PKCS7 lib"}, | 190 | {ERR_R_PKCS7_LIB ,"PKCS7 lib"}, |
| 149 | {ERR_R_MALLOC_FAILURE ,"Malloc failure"}, | 191 | {ERR_R_X509V3_LIB ,"X509V3 lib"}, |
| 150 | {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a fuction you should not call"}, | 192 | {ERR_R_PKCS12_LIB ,"PKCS12 lib"}, |
| 193 | {ERR_R_RAND_LIB ,"RAND lib"}, | ||
| 194 | {ERR_R_DSO_LIB ,"DSO lib"}, | ||
| 195 | {ERR_R_ENGINE_LIB ,"ENGINE lib"}, | ||
| 196 | {ERR_R_OCSP_LIB ,"OCSP lib"}, | ||
| 197 | |||
| 198 | {ERR_R_NESTED_ASN1_ERROR ,"nested asn1 error"}, | ||
| 199 | {ERR_R_BAD_ASN1_OBJECT_HEADER ,"bad asn1 object header"}, | ||
| 200 | {ERR_R_BAD_GET_ASN1_OBJECT_CALL ,"bad get asn1 object call"}, | ||
| 201 | {ERR_R_EXPECTING_AN_ASN1_SEQUENCE ,"expecting an asn1 sequence"}, | ||
| 202 | {ERR_R_ASN1_LENGTH_MISMATCH ,"asn1 length mismatch"}, | ||
| 203 | {ERR_R_MISSING_ASN1_EOS ,"missing asn1 eos"}, | ||
| 204 | |||
| 205 | {ERR_R_FATAL ,"fatal"}, | ||
| 206 | {ERR_R_MALLOC_FAILURE ,"malloc failure"}, | ||
| 207 | {ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED ,"called a function you should not call"}, | ||
| 208 | {ERR_R_PASSED_NULL_PARAMETER ,"passed a null parameter"}, | ||
| 209 | {ERR_R_INTERNAL_ERROR ,"internal error"}, | ||
| 210 | |||
| 151 | {0,NULL}, | 211 | {0,NULL}, |
| 152 | }; | 212 | }; |
| 213 | |||
| 214 | |||
| 215 | /* Define the predeclared (but externally opaque) "ERR_FNS" type */ | ||
| 216 | struct st_ERR_FNS | ||
| 217 | { | ||
| 218 | /* Works on the "error_hash" string table */ | ||
| 219 | LHASH *(*cb_err_get)(int create); | ||
| 220 | void (*cb_err_del)(void); | ||
| 221 | ERR_STRING_DATA *(*cb_err_get_item)(const ERR_STRING_DATA *); | ||
| 222 | ERR_STRING_DATA *(*cb_err_set_item)(ERR_STRING_DATA *); | ||
| 223 | ERR_STRING_DATA *(*cb_err_del_item)(ERR_STRING_DATA *); | ||
| 224 | /* Works on the "thread_hash" error-state table */ | ||
| 225 | LHASH *(*cb_thread_get)(int create); | ||
| 226 | ERR_STATE *(*cb_thread_get_item)(const ERR_STATE *); | ||
| 227 | ERR_STATE *(*cb_thread_set_item)(ERR_STATE *); | ||
| 228 | void (*cb_thread_del_item)(const ERR_STATE *); | ||
| 229 | /* Returns the next available error "library" numbers */ | ||
| 230 | int (*cb_get_next_lib)(void); | ||
| 231 | }; | ||
| 232 | |||
| 233 | /* Predeclarations of the "err_defaults" functions */ | ||
| 234 | static LHASH *int_err_get(int create); | ||
| 235 | static void int_err_del(void); | ||
| 236 | static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *); | ||
| 237 | static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *); | ||
| 238 | static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *); | ||
| 239 | static LHASH *int_thread_get(int create); | ||
| 240 | static ERR_STATE *int_thread_get_item(const ERR_STATE *); | ||
| 241 | static ERR_STATE *int_thread_set_item(ERR_STATE *); | ||
| 242 | static void int_thread_del_item(const ERR_STATE *); | ||
| 243 | static int int_err_get_next_lib(void); | ||
| 244 | /* The static ERR_FNS table using these defaults functions */ | ||
| 245 | static const ERR_FNS err_defaults = | ||
| 246 | { | ||
| 247 | int_err_get, | ||
| 248 | int_err_del, | ||
| 249 | int_err_get_item, | ||
| 250 | int_err_set_item, | ||
| 251 | int_err_del_item, | ||
| 252 | int_thread_get, | ||
| 253 | int_thread_get_item, | ||
| 254 | int_thread_set_item, | ||
| 255 | int_thread_del_item, | ||
| 256 | int_err_get_next_lib | ||
| 257 | }; | ||
| 258 | |||
| 259 | /* The replacable table of ERR_FNS functions we use at run-time */ | ||
| 260 | static const ERR_FNS *err_fns = NULL; | ||
| 261 | |||
| 262 | /* Eg. rather than using "err_get()", use "ERRFN(err_get)()". */ | ||
| 263 | #define ERRFN(a) err_fns->cb_##a | ||
| 264 | |||
| 265 | /* The internal state used by "err_defaults" - as such, the setting, reading, | ||
| 266 | * creating, and deleting of this data should only be permitted via the | ||
| 267 | * "err_defaults" functions. This way, a linked module can completely defer all | ||
| 268 | * ERR state operation (together with requisite locking) to the implementations | ||
| 269 | * and state in the loading application. */ | ||
| 270 | static LHASH *int_error_hash = NULL; | ||
| 271 | static LHASH *int_thread_hash = NULL; | ||
| 272 | static int int_err_library_number= ERR_LIB_USER; | ||
| 273 | |||
| 274 | /* Internal function that checks whether "err_fns" is set and if not, sets it to | ||
| 275 | * the defaults. */ | ||
| 276 | static void err_fns_check(void) | ||
| 277 | { | ||
| 278 | if (err_fns) return; | ||
| 279 | |||
| 280 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 281 | if (!err_fns) | ||
| 282 | err_fns = &err_defaults; | ||
| 283 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 284 | } | ||
| 285 | |||
| 286 | /* API functions to get or set the underlying ERR functions. */ | ||
| 287 | |||
| 288 | const ERR_FNS *ERR_get_implementation(void) | ||
| 289 | { | ||
| 290 | err_fns_check(); | ||
| 291 | return err_fns; | ||
| 292 | } | ||
| 293 | |||
| 294 | int ERR_set_implementation(const ERR_FNS *fns) | ||
| 295 | { | ||
| 296 | int ret = 0; | ||
| 297 | |||
| 298 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 299 | /* It's too late if 'err_fns' is non-NULL. BTW: not much point setting | ||
| 300 | * an error is there?! */ | ||
| 301 | if (!err_fns) | ||
| 302 | { | ||
| 303 | err_fns = fns; | ||
| 304 | ret = 1; | ||
| 305 | } | ||
| 306 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 307 | return ret; | ||
| 308 | } | ||
| 309 | |||
| 310 | /* These are the callbacks provided to "lh_new()" when creating the LHASH tables | ||
| 311 | * internal to the "err_defaults" implementation. */ | ||
| 312 | |||
| 313 | /* static unsigned long err_hash(ERR_STRING_DATA *a); */ | ||
| 314 | static unsigned long err_hash(const void *a_void); | ||
| 315 | /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b); */ | ||
| 316 | static int err_cmp(const void *a_void, const void *b_void); | ||
| 317 | /* static unsigned long pid_hash(ERR_STATE *pid); */ | ||
| 318 | static unsigned long pid_hash(const void *pid_void); | ||
| 319 | /* static int pid_cmp(ERR_STATE *a,ERR_STATE *pid); */ | ||
| 320 | static int pid_cmp(const void *a_void,const void *pid_void); | ||
| 321 | static unsigned long get_error_values(int inc,int top,const char **file,int *line, | ||
| 322 | const char **data,int *flags); | ||
| 323 | |||
| 324 | /* The internal functions used in the "err_defaults" implementation */ | ||
| 325 | |||
| 326 | static LHASH *int_err_get(int create) | ||
| 327 | { | ||
| 328 | LHASH *ret = NULL; | ||
| 329 | |||
| 330 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 331 | if (!int_error_hash && create) | ||
| 332 | { | ||
| 333 | CRYPTO_push_info("int_err_get (err.c)"); | ||
| 334 | int_error_hash = lh_new(err_hash, err_cmp); | ||
| 335 | CRYPTO_pop_info(); | ||
| 336 | } | ||
| 337 | if (int_error_hash) | ||
| 338 | ret = int_error_hash; | ||
| 339 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 340 | |||
| 341 | return ret; | ||
| 342 | } | ||
| 343 | |||
| 344 | static void int_err_del(void) | ||
| 345 | { | ||
| 346 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 347 | if (int_error_hash) | ||
| 348 | { | ||
| 349 | lh_free(int_error_hash); | ||
| 350 | int_error_hash = NULL; | ||
| 351 | } | ||
| 352 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 353 | } | ||
| 354 | |||
| 355 | static ERR_STRING_DATA *int_err_get_item(const ERR_STRING_DATA *d) | ||
| 356 | { | ||
| 357 | ERR_STRING_DATA *p; | ||
| 358 | LHASH *hash; | ||
| 359 | |||
| 360 | err_fns_check(); | ||
| 361 | hash = ERRFN(err_get)(0); | ||
| 362 | if (!hash) | ||
| 363 | return NULL; | ||
| 364 | |||
| 365 | CRYPTO_r_lock(CRYPTO_LOCK_ERR); | ||
| 366 | p = (ERR_STRING_DATA *)lh_retrieve(hash, d); | ||
| 367 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 368 | |||
| 369 | return p; | ||
| 370 | } | ||
| 371 | |||
| 372 | static ERR_STRING_DATA *int_err_set_item(ERR_STRING_DATA *d) | ||
| 373 | { | ||
| 374 | ERR_STRING_DATA *p; | ||
| 375 | LHASH *hash; | ||
| 376 | |||
| 377 | err_fns_check(); | ||
| 378 | hash = ERRFN(err_get)(1); | ||
| 379 | if (!hash) | ||
| 380 | return NULL; | ||
| 381 | |||
| 382 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 383 | p = (ERR_STRING_DATA *)lh_insert(hash, d); | ||
| 384 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 385 | |||
| 386 | return p; | ||
| 387 | } | ||
| 388 | |||
| 389 | static ERR_STRING_DATA *int_err_del_item(ERR_STRING_DATA *d) | ||
| 390 | { | ||
| 391 | ERR_STRING_DATA *p; | ||
| 392 | LHASH *hash; | ||
| 393 | |||
| 394 | err_fns_check(); | ||
| 395 | hash = ERRFN(err_get)(0); | ||
| 396 | if (!hash) | ||
| 397 | return NULL; | ||
| 398 | |||
| 399 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 400 | p = (ERR_STRING_DATA *)lh_delete(hash, d); | ||
| 401 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 402 | |||
| 403 | return p; | ||
| 404 | } | ||
| 405 | |||
| 406 | static LHASH *int_thread_get(int create) | ||
| 407 | { | ||
| 408 | LHASH *ret = NULL; | ||
| 409 | |||
| 410 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 411 | if (!int_thread_hash && create) | ||
| 412 | { | ||
| 413 | CRYPTO_push_info("int_thread_get (err.c)"); | ||
| 414 | int_thread_hash = lh_new(pid_hash, pid_cmp); | ||
| 415 | CRYPTO_pop_info(); | ||
| 416 | } | ||
| 417 | if (int_thread_hash) | ||
| 418 | ret = int_thread_hash; | ||
| 419 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 420 | return ret; | ||
| 421 | } | ||
| 422 | |||
| 423 | static ERR_STATE *int_thread_get_item(const ERR_STATE *d) | ||
| 424 | { | ||
| 425 | ERR_STATE *p; | ||
| 426 | LHASH *hash; | ||
| 427 | |||
| 428 | err_fns_check(); | ||
| 429 | hash = ERRFN(thread_get)(0); | ||
| 430 | if (!hash) | ||
| 431 | return NULL; | ||
| 432 | |||
| 433 | CRYPTO_r_lock(CRYPTO_LOCK_ERR); | ||
| 434 | p = (ERR_STATE *)lh_retrieve(hash, d); | ||
| 435 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 436 | |||
| 437 | return p; | ||
| 438 | } | ||
| 439 | |||
| 440 | static ERR_STATE *int_thread_set_item(ERR_STATE *d) | ||
| 441 | { | ||
| 442 | ERR_STATE *p; | ||
| 443 | LHASH *hash; | ||
| 444 | |||
| 445 | err_fns_check(); | ||
| 446 | hash = ERRFN(thread_get)(1); | ||
| 447 | if (!hash) | ||
| 448 | return NULL; | ||
| 449 | |||
| 450 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 451 | p = (ERR_STATE *)lh_insert(hash, d); | ||
| 452 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 453 | |||
| 454 | return p; | ||
| 455 | } | ||
| 456 | |||
| 457 | static void int_thread_del_item(const ERR_STATE *d) | ||
| 458 | { | ||
| 459 | ERR_STATE *p; | ||
| 460 | LHASH *hash; | ||
| 461 | |||
| 462 | err_fns_check(); | ||
| 463 | hash = ERRFN(thread_get)(0); | ||
| 464 | if (!hash) | ||
| 465 | return; | ||
| 466 | |||
| 467 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 468 | p = (ERR_STATE *)lh_delete(hash, d); | ||
| 469 | /* make sure we don't leak memory */ | ||
| 470 | if (int_thread_hash && (lh_num_items(int_thread_hash) == 0)) | ||
| 471 | { | ||
| 472 | lh_free(int_thread_hash); | ||
| 473 | int_thread_hash = NULL; | ||
| 474 | } | ||
| 475 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 476 | |||
| 477 | if (p) | ||
| 478 | ERR_STATE_free(p); | ||
| 479 | } | ||
| 480 | |||
| 481 | static int int_err_get_next_lib(void) | ||
| 482 | { | ||
| 483 | int ret; | ||
| 484 | |||
| 485 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 486 | ret = int_err_library_number++; | ||
| 487 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 488 | |||
| 489 | return ret; | ||
| 490 | } | ||
| 491 | |||
| 492 | |||
| 493 | #define NUM_SYS_STR_REASONS 127 | ||
| 494 | #define LEN_SYS_STR_REASON 32 | ||
| 495 | |||
| 496 | static ERR_STRING_DATA SYS_str_reasons[NUM_SYS_STR_REASONS + 1]; | ||
| 497 | /* SYS_str_reasons is filled with copies of strerror() results at | ||
| 498 | * initialization. | ||
| 499 | * 'errno' values up to 127 should cover all usual errors, | ||
| 500 | * others will be displayed numerically by ERR_error_string. | ||
| 501 | * It is crucial that we have something for each reason code | ||
| 502 | * that occurs in ERR_str_reasons, or bogus reason strings | ||
| 503 | * will be returned for SYSerr(), which always gets an errno | ||
| 504 | * value and never one of those 'standard' reason codes. */ | ||
| 505 | |||
| 506 | static void build_SYS_str_reasons() | ||
| 507 | { | ||
| 508 | /* OPENSSL_malloc cannot be used here, use static storage instead */ | ||
| 509 | static char strerror_tab[NUM_SYS_STR_REASONS][LEN_SYS_STR_REASON]; | ||
| 510 | int i; | ||
| 511 | static int init = 1; | ||
| 512 | |||
| 513 | if (!init) return; | ||
| 514 | |||
| 515 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 516 | |||
| 517 | for (i = 1; i <= NUM_SYS_STR_REASONS; i++) | ||
| 518 | { | ||
| 519 | ERR_STRING_DATA *str = &SYS_str_reasons[i - 1]; | ||
| 520 | |||
| 521 | str->error = (unsigned long)i; | ||
| 522 | if (str->string == NULL) | ||
| 523 | { | ||
| 524 | char (*dest)[LEN_SYS_STR_REASON] = &(strerror_tab[i - 1]); | ||
| 525 | char *src = strerror(i); | ||
| 526 | if (src != NULL) | ||
| 527 | { | ||
| 528 | strncpy(*dest, src, sizeof *dest); | ||
| 529 | (*dest)[sizeof *dest - 1] = '\0'; | ||
| 530 | str->string = *dest; | ||
| 531 | } | ||
| 532 | } | ||
| 533 | if (str->string == NULL) | ||
| 534 | str->string = "unknown"; | ||
| 535 | } | ||
| 536 | |||
| 537 | /* Now we still have SYS_str_reasons[NUM_SYS_STR_REASONS] = {0, NULL}, | ||
| 538 | * as required by ERR_load_strings. */ | ||
| 539 | |||
| 540 | init = 0; | ||
| 541 | |||
| 542 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 543 | } | ||
| 153 | #endif | 544 | #endif |
| 154 | 545 | ||
| 155 | #define err_clear_data(p,i) \ | 546 | #define err_clear_data(p,i) \ |
| 156 | if (((p)->err_data[i] != NULL) && \ | 547 | if (((p)->err_data[i] != NULL) && \ |
| 157 | (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ | 548 | (p)->err_data_flags[i] & ERR_TXT_MALLOCED) \ |
| 158 | { \ | 549 | { \ |
| 159 | Free((p)->err_data[i]); \ | 550 | OPENSSL_free((p)->err_data[i]); \ |
| 160 | (p)->err_data[i]=NULL; \ | 551 | (p)->err_data[i]=NULL; \ |
| 161 | } \ | 552 | } \ |
| 162 | (p)->err_data_flags[i]=0; | 553 | (p)->err_data_flags[i]=0; |
| 163 | 554 | ||
| 164 | static void ERR_STATE_free(s) | 555 | static void ERR_STATE_free(ERR_STATE *s) |
| 165 | ERR_STATE *s; | ||
| 166 | { | 556 | { |
| 167 | int i; | 557 | int i; |
| 168 | 558 | ||
| 559 | if (s == NULL) | ||
| 560 | return; | ||
| 561 | |||
| 169 | for (i=0; i<ERR_NUM_ERRORS; i++) | 562 | for (i=0; i<ERR_NUM_ERRORS; i++) |
| 170 | { | 563 | { |
| 171 | err_clear_data(s,i); | 564 | err_clear_data(s,i); |
| 172 | } | 565 | } |
| 173 | Free(s); | 566 | OPENSSL_free(s); |
| 174 | } | 567 | } |
| 175 | 568 | ||
| 176 | void ERR_load_ERR_strings() | 569 | void ERR_load_ERR_strings(void) |
| 177 | { | 570 | { |
| 178 | static int init=1; | 571 | err_fns_check(); |
| 179 | 572 | #ifndef OPENSSL_NO_ERR | |
| 180 | if (init) | 573 | err_load_strings(0,ERR_str_libraries); |
| 181 | { | 574 | err_load_strings(0,ERR_str_reasons); |
| 182 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | 575 | err_load_strings(ERR_LIB_SYS,ERR_str_functs); |
| 183 | if (init == 0) | 576 | build_SYS_str_reasons(); |
| 184 | { | 577 | err_load_strings(ERR_LIB_SYS,SYS_str_reasons); |
| 185 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 186 | return; | ||
| 187 | } | ||
| 188 | init=0; | ||
| 189 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 190 | |||
| 191 | #ifndef NO_ERR | ||
| 192 | ERR_load_strings(0,ERR_str_libraries); | ||
| 193 | ERR_load_strings(0,ERR_str_reasons); | ||
| 194 | ERR_load_strings(ERR_LIB_SYS,ERR_str_functs); | ||
| 195 | #endif | 578 | #endif |
| 196 | } | ||
| 197 | } | 579 | } |
| 198 | 580 | ||
| 199 | void ERR_load_strings(lib,str) | 581 | static void err_load_strings(int lib, ERR_STRING_DATA *str) |
| 200 | int lib; | ||
| 201 | ERR_STRING_DATA *str; | ||
| 202 | { | 582 | { |
| 203 | if (error_hash == NULL) | ||
| 204 | { | ||
| 205 | CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH); | ||
| 206 | error_hash=lh_new(err_hash,err_cmp); | ||
| 207 | if (error_hash == NULL) | ||
| 208 | { | ||
| 209 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 210 | return; | ||
| 211 | } | ||
| 212 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 213 | |||
| 214 | ERR_load_ERR_strings(); | ||
| 215 | } | ||
| 216 | |||
| 217 | CRYPTO_w_lock(CRYPTO_LOCK_ERR_HASH); | ||
| 218 | while (str->error) | 583 | while (str->error) |
| 219 | { | 584 | { |
| 220 | str->error|=ERR_PACK(lib,0,0); | 585 | str->error|=ERR_PACK(lib,0,0); |
| 221 | lh_insert(error_hash,(char *)str); | 586 | ERRFN(err_set_item)(str); |
| 222 | str++; | 587 | str++; |
| 223 | } | 588 | } |
| 224 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 225 | } | 589 | } |
| 226 | 590 | ||
| 227 | void ERR_free_strings() | 591 | void ERR_load_strings(int lib, ERR_STRING_DATA *str) |
| 228 | { | 592 | { |
| 229 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | 593 | ERR_load_ERR_strings(); |
| 594 | err_load_strings(lib, str); | ||
| 595 | } | ||
| 230 | 596 | ||
| 231 | if (error_hash != NULL) | 597 | void ERR_unload_strings(int lib, ERR_STRING_DATA *str) |
| 598 | { | ||
| 599 | while (str->error) | ||
| 232 | { | 600 | { |
| 233 | lh_free(error_hash); | 601 | str->error|=ERR_PACK(lib,0,0); |
| 234 | error_hash=NULL; | 602 | ERRFN(err_del_item)(str); |
| 603 | str++; | ||
| 235 | } | 604 | } |
| 605 | } | ||
| 236 | 606 | ||
| 237 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | 607 | void ERR_free_strings(void) |
| 608 | { | ||
| 609 | err_fns_check(); | ||
| 610 | ERRFN(err_del)(); | ||
| 238 | } | 611 | } |
| 239 | 612 | ||
| 240 | /********************************************************/ | 613 | /********************************************************/ |
| 241 | 614 | ||
| 242 | void ERR_put_error(lib,func,reason,file,line) | 615 | void ERR_put_error(int lib, int func, int reason, const char *file, |
| 243 | int lib,func,reason; | 616 | int line) |
| 244 | char *file; | ||
| 245 | int line; | ||
| 246 | { | 617 | { |
| 247 | ERR_STATE *es; | 618 | ERR_STATE *es; |
| 248 | 619 | ||
| 620 | #ifdef _OSD_POSIX | ||
| 621 | /* In the BS2000-OSD POSIX subsystem, the compiler generates | ||
| 622 | * path names in the form "*POSIX(/etc/passwd)". | ||
| 623 | * This dirty hack strips them to something sensible. | ||
| 624 | * @@@ We shouldn't modify a const string, though. | ||
| 625 | */ | ||
| 626 | if (strncmp(file,"*POSIX(", sizeof("*POSIX(")-1) == 0) { | ||
| 627 | char *end; | ||
| 628 | |||
| 629 | /* Skip the "*POSIX(" prefix */ | ||
| 630 | file += sizeof("*POSIX(")-1; | ||
| 631 | end = &file[strlen(file)-1]; | ||
| 632 | if (*end == ')') | ||
| 633 | *end = '\0'; | ||
| 634 | /* Optional: use the basename of the path only. */ | ||
| 635 | if ((end = strrchr(file, '/')) != NULL) | ||
| 636 | file = &end[1]; | ||
| 637 | } | ||
| 638 | #endif | ||
| 249 | es=ERR_get_state(); | 639 | es=ERR_get_state(); |
| 250 | 640 | ||
| 251 | es->top=(es->top+1)%ERR_NUM_ERRORS; | 641 | es->top=(es->top+1)%ERR_NUM_ERRORS; |
| @@ -257,62 +647,60 @@ int line; | |||
| 257 | err_clear_data(es,es->top); | 647 | err_clear_data(es,es->top); |
| 258 | } | 648 | } |
| 259 | 649 | ||
| 260 | void ERR_clear_error() | 650 | void ERR_clear_error(void) |
| 261 | { | 651 | { |
| 652 | int i; | ||
| 262 | ERR_STATE *es; | 653 | ERR_STATE *es; |
| 263 | 654 | ||
| 264 | es=ERR_get_state(); | 655 | es=ERR_get_state(); |
| 265 | 656 | ||
| 266 | #if 0 | ||
| 267 | /* hmm... is this needed */ | ||
| 268 | for (i=0; i<ERR_NUM_ERRORS; i++) | 657 | for (i=0; i<ERR_NUM_ERRORS; i++) |
| 269 | { | 658 | { |
| 270 | es->err_buffer[i]=0; | 659 | es->err_buffer[i]=0; |
| 660 | err_clear_data(es,i); | ||
| 271 | es->err_file[i]=NULL; | 661 | es->err_file[i]=NULL; |
| 272 | es->err_line[i]= -1; | 662 | es->err_line[i]= -1; |
| 273 | err_clear_data(es,i); | ||
| 274 | } | 663 | } |
| 275 | #endif | ||
| 276 | es->top=es->bottom=0; | 664 | es->top=es->bottom=0; |
| 277 | } | 665 | } |
| 278 | 666 | ||
| 279 | 667 | ||
| 280 | unsigned long ERR_get_error() | 668 | unsigned long ERR_get_error(void) |
| 281 | { return(get_error_values(1,NULL,NULL,NULL,NULL)); } | 669 | { return(get_error_values(1,0,NULL,NULL,NULL,NULL)); } |
| 670 | |||
| 671 | unsigned long ERR_get_error_line(const char **file, | ||
| 672 | int *line) | ||
| 673 | { return(get_error_values(1,0,file,line,NULL,NULL)); } | ||
| 674 | |||
| 675 | unsigned long ERR_get_error_line_data(const char **file, int *line, | ||
| 676 | const char **data, int *flags) | ||
| 677 | { return(get_error_values(1,0,file,line,data,flags)); } | ||
| 678 | |||
| 282 | 679 | ||
| 283 | unsigned long ERR_get_error_line(file,line) | 680 | unsigned long ERR_peek_error(void) |
| 284 | char **file; | 681 | { return(get_error_values(0,0,NULL,NULL,NULL,NULL)); } |
| 285 | int *line; | ||
| 286 | { return(get_error_values(1,file,line,NULL,NULL)); } | ||
| 287 | 682 | ||
| 288 | unsigned long ERR_get_error_line_data(file,line,data,flags) | 683 | unsigned long ERR_peek_error_line(const char **file, int *line) |
| 289 | char **file; | 684 | { return(get_error_values(0,0,file,line,NULL,NULL)); } |
| 290 | int *line; | ||
| 291 | char **data; | ||
| 292 | int *flags; | ||
| 293 | { return(get_error_values(1,file,line,data,flags)); } | ||
| 294 | 685 | ||
| 295 | unsigned long ERR_peek_error() | 686 | unsigned long ERR_peek_error_line_data(const char **file, int *line, |
| 296 | { return(get_error_values(0,NULL,NULL,NULL,NULL)); } | 687 | const char **data, int *flags) |
| 688 | { return(get_error_values(0,0,file,line,data,flags)); } | ||
| 297 | 689 | ||
| 298 | unsigned long ERR_peek_error_line(file,line) | ||
| 299 | char **file; | ||
| 300 | int *line; | ||
| 301 | { return(get_error_values(0,file,line,NULL,NULL)); } | ||
| 302 | 690 | ||
| 303 | unsigned long ERR_peek_error_line_data(file,line,data,flags) | 691 | unsigned long ERR_peek_last_error(void) |
| 304 | char **file; | 692 | { return(get_error_values(0,1,NULL,NULL,NULL,NULL)); } |
| 305 | int *line; | ||
| 306 | char **data; | ||
| 307 | int *flags; | ||
| 308 | { return(get_error_values(0,file,line,data,flags)); } | ||
| 309 | 693 | ||
| 310 | static unsigned long get_error_values(inc,file,line,data,flags) | 694 | unsigned long ERR_peek_last_error_line(const char **file, int *line) |
| 311 | int inc; | 695 | { return(get_error_values(0,1,file,line,NULL,NULL)); } |
| 312 | char **file; | 696 | |
| 313 | int *line; | 697 | unsigned long ERR_peek_last_error_line_data(const char **file, int *line, |
| 314 | char **data; | 698 | const char **data, int *flags) |
| 315 | int *flags; | 699 | { return(get_error_values(0,1,file,line,data,flags)); } |
| 700 | |||
| 701 | |||
| 702 | static unsigned long get_error_values(int inc, int top, const char **file, int *line, | ||
| 703 | const char **data, int *flags) | ||
| 316 | { | 704 | { |
| 317 | int i=0; | 705 | int i=0; |
| 318 | ERR_STATE *es; | 706 | ERR_STATE *es; |
| @@ -320,8 +708,21 @@ int *flags; | |||
| 320 | 708 | ||
| 321 | es=ERR_get_state(); | 709 | es=ERR_get_state(); |
| 322 | 710 | ||
| 323 | if (es->bottom == es->top) return(0); | 711 | if (inc && top) |
| 324 | i=(es->bottom+1)%ERR_NUM_ERRORS; | 712 | { |
| 713 | if (file) *file = ""; | ||
| 714 | if (line) *line = 0; | ||
| 715 | if (data) *data = ""; | ||
| 716 | if (flags) *flags = 0; | ||
| 717 | |||
| 718 | return ERR_R_INTERNAL_ERROR; | ||
| 719 | } | ||
| 720 | |||
| 721 | if (es->bottom == es->top) return 0; | ||
| 722 | if (top) | ||
| 723 | i=es->top; /* last error */ | ||
| 724 | else | ||
| 725 | i=(es->bottom+1)%ERR_NUM_ERRORS; /* first error */ | ||
| 325 | 726 | ||
| 326 | ret=es->err_buffer[i]; | 727 | ret=es->err_buffer[i]; |
| 327 | if (inc) | 728 | if (inc) |
| @@ -344,7 +745,14 @@ int *flags; | |||
| 344 | } | 745 | } |
| 345 | } | 746 | } |
| 346 | 747 | ||
| 347 | if (data != NULL) | 748 | if (data == NULL) |
| 749 | { | ||
| 750 | if (inc) | ||
| 751 | { | ||
| 752 | err_clear_data(es, i); | ||
| 753 | } | ||
| 754 | } | ||
| 755 | else | ||
| 348 | { | 756 | { |
| 349 | if (es->err_data[i] == NULL) | 757 | if (es->err_data[i] == NULL) |
| 350 | { | 758 | { |
| @@ -357,18 +765,14 @@ int *flags; | |||
| 357 | if (flags != NULL) *flags=es->err_data_flags[i]; | 765 | if (flags != NULL) *flags=es->err_data_flags[i]; |
| 358 | } | 766 | } |
| 359 | } | 767 | } |
| 360 | return(ret); | 768 | return ret; |
| 361 | } | 769 | } |
| 362 | 770 | ||
| 363 | /* BAD for multi-threaded, uses a local buffer if ret == NULL */ | 771 | void ERR_error_string_n(unsigned long e, char *buf, size_t len) |
| 364 | char *ERR_error_string(e,ret) | ||
| 365 | unsigned long e; | ||
| 366 | char *ret; | ||
| 367 | { | 772 | { |
| 368 | static char buf[256]; | 773 | char lsbuf[64], fsbuf[64], rsbuf[64]; |
| 369 | char *ls,*fs,*rs; | 774 | const char *ls,*fs,*rs; |
| 370 | unsigned long l,f,r; | 775 | unsigned long l,f,r; |
| 371 | int i; | ||
| 372 | 776 | ||
| 373 | l=ERR_GET_LIB(e); | 777 | l=ERR_GET_LIB(e); |
| 374 | f=ERR_GET_FUNC(e); | 778 | f=ERR_GET_FUNC(e); |
| @@ -378,185 +782,168 @@ char *ret; | |||
| 378 | fs=ERR_func_error_string(e); | 782 | fs=ERR_func_error_string(e); |
| 379 | rs=ERR_reason_error_string(e); | 783 | rs=ERR_reason_error_string(e); |
| 380 | 784 | ||
| 381 | if (ret == NULL) ret=buf; | 785 | if (ls == NULL) |
| 382 | 786 | BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); | |
| 383 | sprintf(&(ret[0]),"error:%08lX:",e); | ||
| 384 | i=strlen(ret); | ||
| 385 | if (ls == NULL) | ||
| 386 | sprintf(&(ret[i]),":lib(%lu) ",l); | ||
| 387 | else sprintf(&(ret[i]),"%s",ls); | ||
| 388 | i=strlen(ret); | ||
| 389 | if (fs == NULL) | 787 | if (fs == NULL) |
| 390 | sprintf(&(ret[i]),":func(%lu) ",f); | 788 | BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); |
| 391 | else sprintf(&(ret[i]),":%s",fs); | ||
| 392 | i=strlen(ret); | ||
| 393 | if (rs == NULL) | 789 | if (rs == NULL) |
| 394 | sprintf(&(ret[i]),":reason(%lu)",r); | 790 | BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); |
| 395 | else sprintf(&(ret[i]),":%s",rs); | 791 | |
| 792 | BIO_snprintf(buf, len,"error:%08lX:%s:%s:%s", e, ls?ls:lsbuf, | ||
| 793 | fs?fs:fsbuf, rs?rs:rsbuf); | ||
| 794 | if (strlen(buf) == len-1) | ||
| 795 | { | ||
| 796 | /* output may be truncated; make sure we always have 5 | ||
| 797 | * colon-separated fields, i.e. 4 colons ... */ | ||
| 798 | #define NUM_COLONS 4 | ||
| 799 | if (len > NUM_COLONS) /* ... if possible */ | ||
| 800 | { | ||
| 801 | int i; | ||
| 802 | char *s = buf; | ||
| 803 | |||
| 804 | for (i = 0; i < NUM_COLONS; i++) | ||
| 805 | { | ||
| 806 | char *colon = strchr(s, ':'); | ||
| 807 | if (colon == NULL || colon > &buf[len-1] - NUM_COLONS + i) | ||
| 808 | { | ||
| 809 | /* set colon no. i at last possible position | ||
| 810 | * (buf[len-1] is the terminating 0)*/ | ||
| 811 | colon = &buf[len-1] - NUM_COLONS + i; | ||
| 812 | *colon = ':'; | ||
| 813 | } | ||
| 814 | s = colon + 1; | ||
| 815 | } | ||
| 816 | } | ||
| 817 | } | ||
| 818 | } | ||
| 819 | |||
| 820 | /* BAD for multi-threading: uses a local buffer if ret == NULL */ | ||
| 821 | /* ERR_error_string_n should be used instead for ret != NULL | ||
| 822 | * as ERR_error_string cannot know how large the buffer is */ | ||
| 823 | char *ERR_error_string(unsigned long e, char *ret) | ||
| 824 | { | ||
| 825 | static char buf[256]; | ||
| 826 | |||
| 827 | if (ret == NULL) ret=buf; | ||
| 828 | ERR_error_string_n(e, ret, 256); | ||
| 396 | 829 | ||
| 397 | return(ret); | 830 | return ret; |
| 398 | } | 831 | } |
| 399 | 832 | ||
| 400 | LHASH *ERR_get_string_table() | 833 | LHASH *ERR_get_string_table(void) |
| 401 | { | 834 | { |
| 402 | return(error_hash); | 835 | err_fns_check(); |
| 836 | return ERRFN(err_get)(0); | ||
| 403 | } | 837 | } |
| 404 | 838 | ||
| 405 | LHASH *ERR_get_err_state_table() | 839 | LHASH *ERR_get_err_state_table(void) |
| 406 | { | 840 | { |
| 407 | return(thread_hash); | 841 | err_fns_check(); |
| 842 | return ERRFN(thread_get)(0); | ||
| 408 | } | 843 | } |
| 409 | 844 | ||
| 410 | char *ERR_lib_error_string(e) | 845 | const char *ERR_lib_error_string(unsigned long e) |
| 411 | unsigned long e; | ||
| 412 | { | 846 | { |
| 413 | ERR_STRING_DATA d,*p=NULL; | 847 | ERR_STRING_DATA d,*p; |
| 414 | unsigned long l; | 848 | unsigned long l; |
| 415 | 849 | ||
| 850 | err_fns_check(); | ||
| 416 | l=ERR_GET_LIB(e); | 851 | l=ERR_GET_LIB(e); |
| 417 | 852 | d.error=ERR_PACK(l,0,0); | |
| 418 | CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); | 853 | p=ERRFN(err_get_item)(&d); |
| 419 | |||
| 420 | if (error_hash != NULL) | ||
| 421 | { | ||
| 422 | d.error=ERR_PACK(l,0,0); | ||
| 423 | p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d); | ||
| 424 | } | ||
| 425 | |||
| 426 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 427 | |||
| 428 | return((p == NULL)?NULL:p->string); | 854 | return((p == NULL)?NULL:p->string); |
| 429 | } | 855 | } |
| 430 | 856 | ||
| 431 | char *ERR_func_error_string(e) | 857 | const char *ERR_func_error_string(unsigned long e) |
| 432 | unsigned long e; | ||
| 433 | { | 858 | { |
| 434 | ERR_STRING_DATA d,*p=NULL; | 859 | ERR_STRING_DATA d,*p; |
| 435 | unsigned long l,f; | 860 | unsigned long l,f; |
| 436 | 861 | ||
| 862 | err_fns_check(); | ||
| 437 | l=ERR_GET_LIB(e); | 863 | l=ERR_GET_LIB(e); |
| 438 | f=ERR_GET_FUNC(e); | 864 | f=ERR_GET_FUNC(e); |
| 439 | 865 | d.error=ERR_PACK(l,f,0); | |
| 440 | CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); | 866 | p=ERRFN(err_get_item)(&d); |
| 441 | |||
| 442 | if (error_hash != NULL) | ||
| 443 | { | ||
| 444 | d.error=ERR_PACK(l,f,0); | ||
| 445 | p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d); | ||
| 446 | } | ||
| 447 | |||
| 448 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 449 | |||
| 450 | return((p == NULL)?NULL:p->string); | 867 | return((p == NULL)?NULL:p->string); |
| 451 | } | 868 | } |
| 452 | 869 | ||
| 453 | char *ERR_reason_error_string(e) | 870 | const char *ERR_reason_error_string(unsigned long e) |
| 454 | unsigned long e; | ||
| 455 | { | 871 | { |
| 456 | ERR_STRING_DATA d,*p=NULL; | 872 | ERR_STRING_DATA d,*p=NULL; |
| 457 | unsigned long l,r; | 873 | unsigned long l,r; |
| 458 | 874 | ||
| 875 | err_fns_check(); | ||
| 459 | l=ERR_GET_LIB(e); | 876 | l=ERR_GET_LIB(e); |
| 460 | r=ERR_GET_REASON(e); | 877 | r=ERR_GET_REASON(e); |
| 461 | 878 | d.error=ERR_PACK(l,0,r); | |
| 462 | CRYPTO_r_lock(CRYPTO_LOCK_ERR_HASH); | 879 | p=ERRFN(err_get_item)(&d); |
| 463 | 880 | if (!p) | |
| 464 | if (error_hash != NULL) | ||
| 465 | { | 881 | { |
| 466 | d.error=ERR_PACK(l,0,r); | 882 | d.error=ERR_PACK(0,0,r); |
| 467 | p=(ERR_STRING_DATA *)lh_retrieve(error_hash,(char *)&d); | 883 | p=ERRFN(err_get_item)(&d); |
| 468 | if (p == NULL) | ||
| 469 | { | ||
| 470 | d.error=ERR_PACK(0,0,r); | ||
| 471 | p=(ERR_STRING_DATA *)lh_retrieve(error_hash, | ||
| 472 | (char *)&d); | ||
| 473 | } | ||
| 474 | } | 884 | } |
| 475 | |||
| 476 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR_HASH); | ||
| 477 | |||
| 478 | return((p == NULL)?NULL:p->string); | 885 | return((p == NULL)?NULL:p->string); |
| 479 | } | 886 | } |
| 480 | 887 | ||
| 481 | static unsigned long err_hash(a) | 888 | /* static unsigned long err_hash(ERR_STRING_DATA *a) */ |
| 482 | ERR_STRING_DATA *a; | 889 | static unsigned long err_hash(const void *a_void) |
| 483 | { | 890 | { |
| 484 | unsigned long ret,l; | 891 | unsigned long ret,l; |
| 485 | 892 | ||
| 486 | l=a->error; | 893 | l=((ERR_STRING_DATA *)a_void)->error; |
| 487 | ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); | 894 | ret=l^ERR_GET_LIB(l)^ERR_GET_FUNC(l); |
| 488 | return(ret^ret%19*13); | 895 | return(ret^ret%19*13); |
| 489 | } | 896 | } |
| 490 | 897 | ||
| 491 | static int err_cmp(a,b) | 898 | /* static int err_cmp(ERR_STRING_DATA *a, ERR_STRING_DATA *b) */ |
| 492 | ERR_STRING_DATA *a,*b; | 899 | static int err_cmp(const void *a_void, const void *b_void) |
| 493 | { | 900 | { |
| 494 | return((int)(a->error-b->error)); | 901 | return((int)(((ERR_STRING_DATA *)a_void)->error - |
| 902 | ((ERR_STRING_DATA *)b_void)->error)); | ||
| 495 | } | 903 | } |
| 496 | 904 | ||
| 497 | static unsigned long pid_hash(a) | 905 | /* static unsigned long pid_hash(ERR_STATE *a) */ |
| 498 | ERR_STATE *a; | 906 | static unsigned long pid_hash(const void *a_void) |
| 499 | { | 907 | { |
| 500 | return(a->pid*13); | 908 | return(((ERR_STATE *)a_void)->pid*13); |
| 501 | } | 909 | } |
| 502 | 910 | ||
| 503 | static int pid_cmp(a,b) | 911 | /* static int pid_cmp(ERR_STATE *a, ERR_STATE *b) */ |
| 504 | ERR_STATE *a,*b; | 912 | static int pid_cmp(const void *a_void, const void *b_void) |
| 505 | { | 913 | { |
| 506 | return((int)((long)a->pid - (long)b->pid)); | 914 | return((int)((long)((ERR_STATE *)a_void)->pid - |
| 915 | (long)((ERR_STATE *)b_void)->pid)); | ||
| 507 | } | 916 | } |
| 508 | 917 | ||
| 509 | void ERR_remove_state(pid) | 918 | void ERR_remove_state(unsigned long pid) |
| 510 | unsigned long pid; | ||
| 511 | { | 919 | { |
| 512 | ERR_STATE *p,tmp; | 920 | ERR_STATE tmp; |
| 513 | 921 | ||
| 514 | if (thread_hash == NULL) | 922 | err_fns_check(); |
| 515 | return; | ||
| 516 | if (pid == 0) | 923 | if (pid == 0) |
| 517 | pid=(unsigned long)CRYPTO_thread_id(); | 924 | pid=(unsigned long)CRYPTO_thread_id(); |
| 518 | tmp.pid=pid; | 925 | tmp.pid=pid; |
| 519 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | 926 | /* thread_del_item automatically destroys the LHASH if the number of |
| 520 | p=(ERR_STATE *)lh_delete(thread_hash,(char *)&tmp); | 927 | * items reaches zero. */ |
| 521 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | 928 | ERRFN(thread_del_item)(&tmp); |
| 522 | |||
| 523 | if (p != NULL) ERR_STATE_free(p); | ||
| 524 | } | 929 | } |
| 525 | 930 | ||
| 526 | ERR_STATE *ERR_get_state() | 931 | ERR_STATE *ERR_get_state(void) |
| 527 | { | 932 | { |
| 528 | static ERR_STATE fallback; | 933 | static ERR_STATE fallback; |
| 529 | ERR_STATE *ret=NULL,tmp,*tmpp; | 934 | ERR_STATE *ret,tmp,*tmpp=NULL; |
| 530 | int i; | 935 | int i; |
| 531 | unsigned long pid; | 936 | unsigned long pid; |
| 532 | 937 | ||
| 938 | err_fns_check(); | ||
| 533 | pid=(unsigned long)CRYPTO_thread_id(); | 939 | pid=(unsigned long)CRYPTO_thread_id(); |
| 534 | 940 | tmp.pid=pid; | |
| 535 | CRYPTO_r_lock(CRYPTO_LOCK_ERR); | 941 | ret=ERRFN(thread_get_item)(&tmp); |
| 536 | if (thread_hash == NULL) | ||
| 537 | { | ||
| 538 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 539 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | ||
| 540 | if (thread_hash == NULL) | ||
| 541 | { | ||
| 542 | thread_hash=lh_new(pid_hash,pid_cmp); | ||
| 543 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 544 | if (thread_hash == NULL) return(&fallback); | ||
| 545 | } | ||
| 546 | else | ||
| 547 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | ||
| 548 | } | ||
| 549 | else | ||
| 550 | { | ||
| 551 | tmp.pid=pid; | ||
| 552 | ret=(ERR_STATE *)lh_retrieve(thread_hash,(char *)&tmp); | ||
| 553 | CRYPTO_r_unlock(CRYPTO_LOCK_ERR); | ||
| 554 | } | ||
| 555 | 942 | ||
| 556 | /* ret == the error state, if NULL, make a new one */ | 943 | /* ret == the error state, if NULL, make a new one */ |
| 557 | if (ret == NULL) | 944 | if (ret == NULL) |
| 558 | { | 945 | { |
| 559 | ret=(ERR_STATE *)Malloc(sizeof(ERR_STATE)); | 946 | ret=(ERR_STATE *)OPENSSL_malloc(sizeof(ERR_STATE)); |
| 560 | if (ret == NULL) return(&fallback); | 947 | if (ret == NULL) return(&fallback); |
| 561 | ret->pid=pid; | 948 | ret->pid=pid; |
| 562 | ret->top=0; | 949 | ret->top=0; |
| @@ -566,27 +953,28 @@ ERR_STATE *ERR_get_state() | |||
| 566 | ret->err_data[i]=NULL; | 953 | ret->err_data[i]=NULL; |
| 567 | ret->err_data_flags[i]=0; | 954 | ret->err_data_flags[i]=0; |
| 568 | } | 955 | } |
| 569 | CRYPTO_w_lock(CRYPTO_LOCK_ERR); | 956 | tmpp = ERRFN(thread_set_item)(ret); |
| 570 | tmpp=(ERR_STATE *)lh_insert(thread_hash,(char *)ret); | 957 | /* To check if insertion failed, do a get. */ |
| 571 | CRYPTO_w_unlock(CRYPTO_LOCK_ERR); | 958 | if (ERRFN(thread_get_item)(ret) != ret) |
| 572 | if (tmpp != NULL) /* old entry - should not happen */ | ||
| 573 | { | 959 | { |
| 574 | ERR_STATE_free(tmpp); | 960 | ERR_STATE_free(ret); /* could not insert it */ |
| 961 | return(&fallback); | ||
| 575 | } | 962 | } |
| 963 | /* If a race occured in this function and we came second, tmpp | ||
| 964 | * is the first one that we just replaced. */ | ||
| 965 | if (tmpp) | ||
| 966 | ERR_STATE_free(tmpp); | ||
| 576 | } | 967 | } |
| 577 | return(ret); | 968 | return ret; |
| 578 | } | 969 | } |
| 579 | 970 | ||
| 580 | int ERR_get_next_error_library() | 971 | int ERR_get_next_error_library(void) |
| 581 | { | 972 | { |
| 582 | static int value=ERR_LIB_USER; | 973 | err_fns_check(); |
| 583 | 974 | return ERRFN(get_next_lib)(); | |
| 584 | return(value++); | ||
| 585 | } | 975 | } |
| 586 | 976 | ||
| 587 | void ERR_set_error_data(data,flags) | 977 | void ERR_set_error_data(char *data, int flags) |
| 588 | char *data; | ||
| 589 | int flags; | ||
| 590 | { | 978 | { |
| 591 | ERR_STATE *es; | 979 | ERR_STATE *es; |
| 592 | int i; | 980 | int i; |
| @@ -597,37 +985,39 @@ int flags; | |||
| 597 | if (i == 0) | 985 | if (i == 0) |
| 598 | i=ERR_NUM_ERRORS-1; | 986 | i=ERR_NUM_ERRORS-1; |
| 599 | 987 | ||
| 988 | err_clear_data(es,i); | ||
| 600 | es->err_data[i]=data; | 989 | es->err_data[i]=data; |
| 601 | es->err_data_flags[es->top]=flags; | 990 | es->err_data_flags[i]=flags; |
| 602 | } | 991 | } |
| 603 | 992 | ||
| 604 | void ERR_add_error_data( VAR_PLIST(int , num)) | 993 | void ERR_add_error_data(int num, ...) |
| 605 | VAR_ALIST | 994 | { |
| 606 | { | 995 | va_list args; |
| 607 | VAR_BDEFN(args, int, num); | ||
| 608 | int i,n,s; | 996 | int i,n,s; |
| 609 | char *str,*p,*a; | 997 | char *str,*p,*a; |
| 610 | 998 | ||
| 611 | s=64; | 999 | s=80; |
| 612 | str=Malloc(s+1); | 1000 | str=OPENSSL_malloc(s+1); |
| 613 | if (str == NULL) return; | 1001 | if (str == NULL) return; |
| 614 | str[0]='\0'; | 1002 | str[0]='\0'; |
| 615 | 1003 | ||
| 616 | VAR_INIT(args,int,num); | 1004 | va_start(args, num); |
| 617 | n=0; | 1005 | n=0; |
| 618 | for (i=0; i<num; i++) | 1006 | for (i=0; i<num; i++) |
| 619 | { | 1007 | { |
| 620 | VAR_ARG(args,char *,a); | 1008 | a=va_arg(args, char*); |
| 621 | if (a != NULL) { | 1009 | /* ignore NULLs, thanks to Bob Beck <beck@obtuse.com> */ |
| 1010 | if (a != NULL) | ||
| 1011 | { | ||
| 622 | n+=strlen(a); | 1012 | n+=strlen(a); |
| 623 | if (n > s) | 1013 | if (n > s) |
| 624 | { | 1014 | { |
| 625 | s=n+20; | 1015 | s=n+20; |
| 626 | p=Realloc(str,s+1); | 1016 | p=OPENSSL_realloc(str,s+1); |
| 627 | if (p == NULL) | 1017 | if (p == NULL) |
| 628 | { | 1018 | { |
| 629 | Free(str); | 1019 | OPENSSL_free(str); |
| 630 | return; | 1020 | goto err; |
| 631 | } | 1021 | } |
| 632 | else | 1022 | else |
| 633 | str=p; | 1023 | str=p; |
| @@ -637,6 +1027,6 @@ VAR_ALIST | |||
| 637 | } | 1027 | } |
| 638 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); | 1028 | ERR_set_error_data(str,ERR_TXT_MALLOCED|ERR_TXT_STRING); |
| 639 | 1029 | ||
| 640 | VAR_END( args ); | 1030 | err: |
| 1031 | va_end(args); | ||
| 641 | } | 1032 | } |
| 642 | |||
diff --git a/src/lib/libcrypto/err/err.h b/src/lib/libcrypto/err/err.h index 75f931be11..cc9bb649ea 100644 --- a/src/lib/libcrypto/err/err.h +++ b/src/lib/libcrypto/err/err.h | |||
| @@ -59,17 +59,23 @@ | |||
| 59 | #ifndef HEADER_ERR_H | 59 | #ifndef HEADER_ERR_H |
| 60 | #define HEADER_ERR_H | 60 | #define HEADER_ERR_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifndef OPENSSL_NO_FP_API |
| 63 | extern "C" { | 63 | #include <stdio.h> |
| 64 | #include <stdlib.h> | ||
| 64 | #endif | 65 | #endif |
| 65 | 66 | ||
| 66 | /* The following is a bit of a trick to help the object files only contain | 67 | #ifndef OPENSSL_NO_BIO |
| 67 | * the 'name of the file' string once. Since 'err.h' is protected by the | 68 | #include <openssl/bio.h> |
| 68 | * HEADER_ERR_H stuff, this should be included only once per file. */ | 69 | #endif |
| 70 | #ifndef OPENSSL_NO_LHASH | ||
| 71 | #include <openssl/lhash.h> | ||
| 72 | #endif | ||
| 69 | 73 | ||
| 70 | #define ERR_file_name __FILE__ | 74 | #ifdef __cplusplus |
| 75 | extern "C" { | ||
| 76 | #endif | ||
| 71 | 77 | ||
| 72 | #ifndef NO_ERR | 78 | #ifndef OPENSSL_NO_ERR |
| 73 | #define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) | 79 | #define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,d,e) |
| 74 | #else | 80 | #else |
| 75 | #define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) | 81 | #define ERR_PUT_error(a,b,c,d,e) ERR_put_error(a,b,c,NULL,0) |
| @@ -87,7 +93,7 @@ typedef struct err_state_st | |||
| 87 | unsigned long err_buffer[ERR_NUM_ERRORS]; | 93 | unsigned long err_buffer[ERR_NUM_ERRORS]; |
| 88 | char *err_data[ERR_NUM_ERRORS]; | 94 | char *err_data[ERR_NUM_ERRORS]; |
| 89 | int err_data_flags[ERR_NUM_ERRORS]; | 95 | int err_data_flags[ERR_NUM_ERRORS]; |
| 90 | char *err_file[ERR_NUM_ERRORS]; | 96 | const char *err_file[ERR_NUM_ERRORS]; |
| 91 | int err_line[ERR_NUM_ERRORS]; | 97 | int err_line[ERR_NUM_ERRORS]; |
| 92 | int top,bottom; | 98 | int top,bottom; |
| 93 | } ERR_STATE; | 99 | } ERR_STATE; |
| @@ -104,43 +110,55 @@ typedef struct err_state_st | |||
| 104 | #define ERR_LIB_PEM 9 | 110 | #define ERR_LIB_PEM 9 |
| 105 | #define ERR_LIB_DSA 10 | 111 | #define ERR_LIB_DSA 10 |
| 106 | #define ERR_LIB_X509 11 | 112 | #define ERR_LIB_X509 11 |
| 107 | #define ERR_LIB_METH 12 | 113 | /* #define ERR_LIB_METH 12 */ |
| 108 | #define ERR_LIB_ASN1 13 | 114 | #define ERR_LIB_ASN1 13 |
| 109 | #define ERR_LIB_CONF 14 | 115 | #define ERR_LIB_CONF 14 |
| 110 | #define ERR_LIB_CRYPTO 15 | 116 | #define ERR_LIB_CRYPTO 15 |
| 117 | #define ERR_LIB_EC 16 | ||
| 111 | #define ERR_LIB_SSL 20 | 118 | #define ERR_LIB_SSL 20 |
| 112 | #define ERR_LIB_SSL23 21 | 119 | /* #define ERR_LIB_SSL23 21 */ |
| 113 | #define ERR_LIB_SSL2 22 | 120 | /* #define ERR_LIB_SSL2 22 */ |
| 114 | #define ERR_LIB_SSL3 23 | 121 | /* #define ERR_LIB_SSL3 23 */ |
| 115 | #define ERR_LIB_RSAREF 30 | 122 | /* #define ERR_LIB_RSAREF 30 */ |
| 116 | #define ERR_LIB_PROXY 31 | 123 | /* #define ERR_LIB_PROXY 31 */ |
| 117 | #define ERR_LIB_BIO 32 | 124 | #define ERR_LIB_BIO 32 |
| 118 | #define ERR_LIB_PKCS7 33 | 125 | #define ERR_LIB_PKCS7 33 |
| 126 | #define ERR_LIB_X509V3 34 | ||
| 127 | #define ERR_LIB_PKCS12 35 | ||
| 128 | #define ERR_LIB_RAND 36 | ||
| 129 | #define ERR_LIB_DSO 37 | ||
| 130 | #define ERR_LIB_ENGINE 38 | ||
| 131 | #define ERR_LIB_OCSP 39 | ||
| 132 | #define ERR_LIB_UI 40 | ||
| 133 | #define ERR_LIB_COMP 41 | ||
| 119 | 134 | ||
| 120 | #define ERR_LIB_USER 128 | 135 | #define ERR_LIB_USER 128 |
| 121 | 136 | ||
| 122 | #define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),ERR_file_name,__LINE__) | 137 | #define SYSerr(f,r) ERR_PUT_error(ERR_LIB_SYS,(f),(r),__FILE__,__LINE__) |
| 123 | #define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),ERR_file_name,__LINE__) | 138 | #define BNerr(f,r) ERR_PUT_error(ERR_LIB_BN,(f),(r),__FILE__,__LINE__) |
| 124 | #define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),ERR_file_name,__LINE__) | 139 | #define RSAerr(f,r) ERR_PUT_error(ERR_LIB_RSA,(f),(r),__FILE__,__LINE__) |
| 125 | #define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),ERR_file_name,__LINE__) | 140 | #define DHerr(f,r) ERR_PUT_error(ERR_LIB_DH,(f),(r),__FILE__,__LINE__) |
| 126 | #define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),ERR_file_name,__LINE__) | 141 | #define EVPerr(f,r) ERR_PUT_error(ERR_LIB_EVP,(f),(r),__FILE__,__LINE__) |
| 127 | #define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),ERR_file_name,__LINE__) | 142 | #define BUFerr(f,r) ERR_PUT_error(ERR_LIB_BUF,(f),(r),__FILE__,__LINE__) |
| 128 | #define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),ERR_file_name,__LINE__) | 143 | #define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),__FILE__,__LINE__) |
| 129 | #define OBJerr(f,r) ERR_PUT_error(ERR_LIB_OBJ,(f),(r),ERR_file_name,__LINE__) | 144 | #define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),__FILE__,__LINE__) |
| 130 | #define PEMerr(f,r) ERR_PUT_error(ERR_LIB_PEM,(f),(r),ERR_file_name,__LINE__) | 145 | #define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),__FILE__,__LINE__) |
| 131 | #define DSAerr(f,r) ERR_PUT_error(ERR_LIB_DSA,(f),(r),ERR_file_name,__LINE__) | 146 | #define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),__FILE__,__LINE__) |
| 132 | #define X509err(f,r) ERR_PUT_error(ERR_LIB_X509,(f),(r),ERR_file_name,__LINE__) | 147 | #define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),__FILE__,__LINE__) |
| 133 | #define METHerr(f,r) ERR_PUT_error(ERR_LIB_METH,(f),(r),ERR_file_name,__LINE__) | 148 | #define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),__FILE__,__LINE__) |
| 134 | #define ASN1err(f,r) ERR_PUT_error(ERR_LIB_ASN1,(f),(r),ERR_file_name,__LINE__) | 149 | #define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),__FILE__,__LINE__) |
| 135 | #define CONFerr(f,r) ERR_PUT_error(ERR_LIB_CONF,(f),(r),ERR_file_name,__LINE__) | 150 | #define ECerr(f,r) ERR_PUT_error(ERR_LIB_EC,(f),(r),__FILE__,__LINE__) |
| 136 | #define CRYPTOerr(f,r) ERR_PUT_error(ERR_LIB_CRYPTO,(f),(r),ERR_file_name,__LINE__) | 151 | #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),__FILE__,__LINE__) |
| 137 | #define SSLerr(f,r) ERR_PUT_error(ERR_LIB_SSL,(f),(r),ERR_file_name,__LINE__) | 152 | #define BIOerr(f,r) ERR_PUT_error(ERR_LIB_BIO,(f),(r),__FILE__,__LINE__) |
| 138 | #define SSL23err(f,r) ERR_PUT_error(ERR_LIB_SSL23,(f),(r),ERR_file_name,__LINE__) | 153 | #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),__FILE__,__LINE__) |
| 139 | #define SSL2err(f,r) ERR_PUT_error(ERR_LIB_SSL2,(f),(r),ERR_file_name,__LINE__) | 154 | #define X509V3err(f,r) ERR_PUT_error(ERR_LIB_X509V3,(f),(r),__FILE__,__LINE__) |
| 140 | #define SSL3err(f,r) ERR_PUT_error(ERR_LIB_SSL3,(f),(r),ERR_file_name,__LINE__) | 155 | #define PKCS12err(f,r) ERR_PUT_error(ERR_LIB_PKCS12,(f),(r),__FILE__,__LINE__) |
| 141 | #define RSAREFerr(f,r) ERR_PUT_error(ERR_LIB_RSAREF,(f),(r),ERR_file_name,__LINE__) | 156 | #define RANDerr(f,r) ERR_PUT_error(ERR_LIB_RAND,(f),(r),__FILE__,__LINE__) |
| 142 | #define PROXYerr(f,r) ERR_PUT_error(ERR_LIB_PROXY,(f),(r),ERR_file_name,__LINE__) | 157 | #define DSOerr(f,r) ERR_PUT_error(ERR_LIB_DSO,(f),(r),__FILE__,__LINE__) |
| 143 | #define PKCS7err(f,r) ERR_PUT_error(ERR_LIB_PKCS7,(f),(r),ERR_file_name,__LINE__) | 158 | #define ENGINEerr(f,r) ERR_PUT_error(ERR_LIB_ENGINE,(f),(r),__FILE__,__LINE__) |
| 159 | #define OCSPerr(f,r) ERR_PUT_error(ERR_LIB_OCSP,(f),(r),__FILE__,__LINE__) | ||
| 160 | #define UIerr(f,r) ERR_PUT_error(ERR_LIB_UI,(f),(r),__FILE__,__LINE__) | ||
| 161 | #define COMPerr(f,r) ERR_PUT_error(ERR_LIB_COMP,(f),(r),__FILE__,__LINE__) | ||
| 144 | 162 | ||
| 145 | /* Borland C seems too stupid to be able to shift and do longs in | 163 | /* Borland C seems too stupid to be able to shift and do longs in |
| 146 | * the pre-processor :-( */ | 164 | * the pre-processor :-( */ |
| @@ -152,7 +170,8 @@ typedef struct err_state_st | |||
| 152 | #define ERR_GET_REASON(l) (int)((l)&0xfffL) | 170 | #define ERR_GET_REASON(l) (int)((l)&0xfffL) |
| 153 | #define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) | 171 | #define ERR_FATAL_ERROR(l) (int)((l)&ERR_R_FATAL) |
| 154 | 172 | ||
| 155 | /* OS fuctions */ | 173 | |
| 174 | /* OS functions */ | ||
| 156 | #define SYS_F_FOPEN 1 | 175 | #define SYS_F_FOPEN 1 |
| 157 | #define SYS_F_CONNECT 2 | 176 | #define SYS_F_CONNECT 2 |
| 158 | #define SYS_F_GETSERVBYNAME 3 | 177 | #define SYS_F_GETSERVBYNAME 3 |
| @@ -162,123 +181,114 @@ typedef struct err_state_st | |||
| 162 | #define SYS_F_LISTEN 7 | 181 | #define SYS_F_LISTEN 7 |
| 163 | #define SYS_F_ACCEPT 8 | 182 | #define SYS_F_ACCEPT 8 |
| 164 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ | 183 | #define SYS_F_WSASTARTUP 9 /* Winsock stuff */ |
| 184 | #define SYS_F_OPENDIR 10 | ||
| 185 | |||
| 165 | 186 | ||
| 166 | #define ERR_R_FATAL 32 | ||
| 167 | /* reasons */ | 187 | /* reasons */ |
| 168 | #define ERR_R_SYS_LIB ERR_LIB_SYS | 188 | #define ERR_R_SYS_LIB ERR_LIB_SYS /* 2 */ |
| 169 | #define ERR_R_BN_LIB ERR_LIB_BN | 189 | #define ERR_R_BN_LIB ERR_LIB_BN /* 3 */ |
| 170 | #define ERR_R_RSA_LIB ERR_LIB_RSA | 190 | #define ERR_R_RSA_LIB ERR_LIB_RSA /* 4 */ |
| 171 | #define ERR_R_DSA_LIB ERR_LIB_DSA | 191 | #define ERR_R_DH_LIB ERR_LIB_DH /* 5 */ |
| 172 | #define ERR_R_DH_LIB ERR_LIB_DH | 192 | #define ERR_R_EVP_LIB ERR_LIB_EVP /* 6 */ |
| 173 | #define ERR_R_EVP_LIB ERR_LIB_EVP | 193 | #define ERR_R_BUF_LIB ERR_LIB_BUF /* 7 */ |
| 174 | #define ERR_R_BUF_LIB ERR_LIB_BUF | 194 | #define ERR_R_OBJ_LIB ERR_LIB_OBJ /* 8 */ |
| 175 | #define ERR_R_BIO_LIB ERR_LIB_BIO | 195 | #define ERR_R_PEM_LIB ERR_LIB_PEM /* 9 */ |
| 176 | #define ERR_R_OBJ_LIB ERR_LIB_OBJ | 196 | #define ERR_R_DSA_LIB ERR_LIB_DSA /* 10 */ |
| 177 | #define ERR_R_PEM_LIB ERR_LIB_PEM | 197 | #define ERR_R_X509_LIB ERR_LIB_X509 /* 11 */ |
| 178 | #define ERR_R_X509_LIB ERR_LIB_X509 | 198 | #define ERR_R_ASN1_LIB ERR_LIB_ASN1 /* 13 */ |
| 179 | #define ERR_R_METH_LIB ERR_LIB_METH | 199 | #define ERR_R_CONF_LIB ERR_LIB_CONF /* 14 */ |
| 180 | #define ERR_R_ASN1_LIB ERR_LIB_ASN1 | 200 | #define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO /* 15 */ |
| 181 | #define ERR_R_CONF_LIB ERR_LIB_CONF | 201 | #define ERR_R_EC_LIB ERR_LIB_EC /* 16 */ |
| 182 | #define ERR_R_CRYPTO_LIB ERR_LIB_CRYPTO | 202 | #define ERR_R_SSL_LIB ERR_LIB_SSL /* 20 */ |
| 183 | #define ERR_R_SSL_LIB ERR_LIB_SSL | 203 | #define ERR_R_BIO_LIB ERR_LIB_BIO /* 32 */ |
| 184 | #define ERR_R_SSL23_LIB ERR_LIB_SSL23 | 204 | #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 /* 33 */ |
| 185 | #define ERR_R_SSL2_LIB ERR_LIB_SSL2 | 205 | #define ERR_R_X509V3_LIB ERR_LIB_X509V3 /* 34 */ |
| 186 | #define ERR_R_SSL3_LIB ERR_LIB_SSL3 | 206 | #define ERR_R_PKCS12_LIB ERR_LIB_PKCS12 /* 35 */ |
| 187 | #define ERR_R_PROXY_LIB ERR_LIB_PROXY | 207 | #define ERR_R_RAND_LIB ERR_LIB_RAND /* 36 */ |
| 188 | #define ERR_R_BIO_LIB ERR_LIB_BIO | 208 | #define ERR_R_DSO_LIB ERR_LIB_DSO /* 37 */ |
| 189 | #define ERR_R_PKCS7_LIB ERR_LIB_PKCS7 | 209 | #define ERR_R_ENGINE_LIB ERR_LIB_ENGINE /* 38 */ |
| 210 | #define ERR_R_OCSP_LIB ERR_LIB_OCSP /* 39 */ | ||
| 211 | #define ERR_R_UI_LIB ERR_LIB_UI /* 40 */ | ||
| 212 | #define ERR_R_COMP_LIB ERR_LIB_COMP /* 41 */ | ||
| 213 | |||
| 214 | #define ERR_R_NESTED_ASN1_ERROR 58 | ||
| 215 | #define ERR_R_BAD_ASN1_OBJECT_HEADER 59 | ||
| 216 | #define ERR_R_BAD_GET_ASN1_OBJECT_CALL 60 | ||
| 217 | #define ERR_R_EXPECTING_AN_ASN1_SEQUENCE 61 | ||
| 218 | #define ERR_R_ASN1_LENGTH_MISMATCH 62 | ||
| 219 | #define ERR_R_MISSING_ASN1_EOS 63 | ||
| 190 | 220 | ||
| 191 | /* fatal error */ | 221 | /* fatal error */ |
| 222 | #define ERR_R_FATAL 64 | ||
| 192 | #define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) | 223 | #define ERR_R_MALLOC_FAILURE (1|ERR_R_FATAL) |
| 193 | #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) | 224 | #define ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED (2|ERR_R_FATAL) |
| 194 | #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) | 225 | #define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) |
| 226 | #define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) | ||
| 227 | |||
| 228 | /* 99 is the maximum possible ERR_R_... code, higher values | ||
| 229 | * are reserved for the individual libraries */ | ||
| 230 | |||
| 195 | 231 | ||
| 196 | typedef struct ERR_string_data_st | 232 | typedef struct ERR_string_data_st |
| 197 | { | 233 | { |
| 198 | unsigned long error; | 234 | unsigned long error; |
| 199 | char *string; | 235 | const char *string; |
| 200 | } ERR_STRING_DATA; | 236 | } ERR_STRING_DATA; |
| 201 | 237 | ||
| 202 | #ifndef NOPROTO | 238 | void ERR_put_error(int lib, int func,int reason,const char *file,int line); |
| 203 | void ERR_put_error(int lib, int func,int reason,char *file,int line); | ||
| 204 | void ERR_set_error_data(char *data,int flags); | 239 | void ERR_set_error_data(char *data,int flags); |
| 205 | 240 | ||
| 206 | unsigned long ERR_get_error(void ); | 241 | unsigned long ERR_get_error(void); |
| 207 | unsigned long ERR_get_error_line(char **file,int *line); | 242 | unsigned long ERR_get_error_line(const char **file,int *line); |
| 208 | unsigned long ERR_get_error_line_data(char **file,int *line, | 243 | unsigned long ERR_get_error_line_data(const char **file,int *line, |
| 209 | char **data, int *flags); | 244 | const char **data, int *flags); |
| 210 | unsigned long ERR_peek_error(void ); | 245 | unsigned long ERR_peek_error(void); |
| 211 | unsigned long ERR_peek_error_line(char **file,int *line); | 246 | unsigned long ERR_peek_error_line(const char **file,int *line); |
| 212 | unsigned long ERR_peek_error_line_data(char **file,int *line, | 247 | unsigned long ERR_peek_error_line_data(const char **file,int *line, |
| 213 | char **data,int *flags); | 248 | const char **data,int *flags); |
| 249 | unsigned long ERR_peek_last_error(void); | ||
| 250 | unsigned long ERR_peek_last_error_line(const char **file,int *line); | ||
| 251 | unsigned long ERR_peek_last_error_line_data(const char **file,int *line, | ||
| 252 | const char **data,int *flags); | ||
| 214 | void ERR_clear_error(void ); | 253 | void ERR_clear_error(void ); |
| 215 | char *ERR_error_string(unsigned long e,char *buf); | 254 | char *ERR_error_string(unsigned long e,char *buf); |
| 216 | char *ERR_lib_error_string(unsigned long e); | 255 | void ERR_error_string_n(unsigned long e, char *buf, size_t len); |
| 217 | char *ERR_func_error_string(unsigned long e); | 256 | const char *ERR_lib_error_string(unsigned long e); |
| 218 | char *ERR_reason_error_string(unsigned long e); | 257 | const char *ERR_func_error_string(unsigned long e); |
| 219 | #ifndef NO_FP_API | 258 | const char *ERR_reason_error_string(unsigned long e); |
| 259 | void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), | ||
| 260 | void *u); | ||
| 261 | #ifndef OPENSSL_NO_FP_API | ||
| 220 | void ERR_print_errors_fp(FILE *fp); | 262 | void ERR_print_errors_fp(FILE *fp); |
| 221 | #endif | 263 | #endif |
| 222 | #ifdef HEADER_BIO_H | 264 | #ifndef OPENSSL_NO_BIO |
| 223 | void ERR_print_errors(BIO *bp); | 265 | void ERR_print_errors(BIO *bp); |
| 224 | void ERR_add_error_data( VAR_PLIST( int, num ) ); | 266 | void ERR_add_error_data(int num, ...); |
| 225 | #endif | 267 | #endif |
| 226 | void ERR_load_strings(int lib,ERR_STRING_DATA str[]); | 268 | void ERR_load_strings(int lib,ERR_STRING_DATA str[]); |
| 227 | void ERR_load_ERR_strings(void ); | 269 | void ERR_unload_strings(int lib,ERR_STRING_DATA str[]); |
| 228 | void ERR_load_crypto_strings(void ); | 270 | void ERR_load_ERR_strings(void); |
| 229 | void ERR_free_strings(void ); | 271 | void ERR_load_crypto_strings(void); |
| 272 | void ERR_free_strings(void); | ||
| 230 | 273 | ||
| 231 | void ERR_remove_state(unsigned long pid); /* if zero we look it up */ | 274 | void ERR_remove_state(unsigned long pid); /* if zero we look it up */ |
| 232 | ERR_STATE *ERR_get_state(void); | 275 | ERR_STATE *ERR_get_state(void); |
| 233 | 276 | ||
| 234 | #ifdef HEADER_LHASH_H | 277 | #ifndef OPENSSL_NO_LHASH |
| 235 | LHASH *ERR_get_string_table(void ); | 278 | LHASH *ERR_get_string_table(void); |
| 236 | LHASH *ERR_get_err_state_table(void ); | 279 | LHASH *ERR_get_err_state_table(void); |
| 237 | #else | ||
| 238 | char *ERR_get_string_table(void ); | ||
| 239 | char *ERR_get_err_state_table(void ); | ||
| 240 | #endif | ||
| 241 | |||
| 242 | int ERR_get_next_error_library(void ); | ||
| 243 | |||
| 244 | #else | ||
| 245 | |||
| 246 | void ERR_put_error(); | ||
| 247 | void ERR_set_error_data(); | ||
| 248 | |||
| 249 | unsigned long ERR_get_error(); | ||
| 250 | unsigned long ERR_get_error_line(); | ||
| 251 | unsigned long ERR_peek_error(); | ||
| 252 | unsigned long ERR_peek_error_line(); | ||
| 253 | void ERR_clear_error(); | ||
| 254 | char *ERR_error_string(); | ||
| 255 | char *ERR_lib_error_string(); | ||
| 256 | char *ERR_func_error_string(); | ||
| 257 | char *ERR_reason_error_string(); | ||
| 258 | #ifndef NO_FP_API | ||
| 259 | void ERR_print_errors_fp(); | ||
| 260 | #endif | ||
| 261 | void ERR_print_errors(); | ||
| 262 | void ERR_add_error_data(); | ||
| 263 | void ERR_load_strings(); | ||
| 264 | void ERR_load_ERR_strings(); | ||
| 265 | void ERR_load_crypto_strings(); | ||
| 266 | void ERR_free_strings(); | ||
| 267 | |||
| 268 | void ERR_remove_state(); | ||
| 269 | ERR_STATE *ERR_get_state(); | ||
| 270 | |||
| 271 | #ifdef HEADER_LHASH_H | ||
| 272 | LHASH *ERR_get_string_table(); | ||
| 273 | LHASH *ERR_get_err_state_table(); | ||
| 274 | #else | ||
| 275 | char *ERR_get_string_table(); | ||
| 276 | char *ERR_get_err_state_table(); | ||
| 277 | #endif | 280 | #endif |
| 278 | 281 | ||
| 279 | int ERR_get_next_error_library(); | 282 | int ERR_get_next_error_library(void); |
| 280 | 283 | ||
| 281 | #endif | 284 | /* This opaque type encapsulates the low-level error-state functions */ |
| 285 | typedef struct st_ERR_FNS ERR_FNS; | ||
| 286 | /* An application can use this function and provide the return value to loaded | ||
| 287 | * modules that should use the application's ERR state/functionality */ | ||
| 288 | const ERR_FNS *ERR_get_implementation(void); | ||
| 289 | /* A loaded module should call this function prior to any ERR operations using | ||
| 290 | * the application's "ERR_FNS". */ | ||
| 291 | int ERR_set_implementation(const ERR_FNS *fns); | ||
| 282 | 292 | ||
| 283 | #ifdef __cplusplus | 293 | #ifdef __cplusplus |
| 284 | } | 294 | } |
diff --git a/src/lib/libcrypto/err/err_all.c b/src/lib/libcrypto/err/err_all.c index f874268e1a..90029fd159 100644 --- a/src/lib/libcrypto/err/err_all.c +++ b/src/lib/libcrypto/err/err_all.c | |||
| @@ -57,60 +57,73 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "asn1.h" | 60 | #include <openssl/asn1.h> |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "buffer.h" | 62 | #ifndef OPENSSL_NO_EC |
| 63 | #include "bio.h" | 63 | #include <openssl/ec.h> |
| 64 | #ifndef NO_RSA | ||
| 65 | #include "rsa.h" | ||
| 66 | #endif | 64 | #endif |
| 67 | #ifdef RSAref | 65 | #include <openssl/buffer.h> |
| 68 | #include "rsaref.h" | 66 | #include <openssl/bio.h> |
| 67 | #ifndef OPENSSL_NO_RSA | ||
| 68 | #include <openssl/rsa.h> | ||
| 69 | #endif | 69 | #endif |
| 70 | #ifndef NO_DH | 70 | #ifndef OPENSSL_NO_DH |
| 71 | #include "dh.h" | 71 | #include <openssl/dh.h> |
| 72 | #endif | 72 | #endif |
| 73 | #ifndef NO_DSA | 73 | #ifndef OPENSSL_NO_DSA |
| 74 | #include "dsa.h" | 74 | #include <openssl/dsa.h> |
| 75 | #endif | 75 | #endif |
| 76 | #include "evp.h" | 76 | #include <openssl/evp.h> |
| 77 | #include "objects.h" | 77 | #include <openssl/objects.h> |
| 78 | #include "pem.h" | 78 | #include <openssl/pem2.h> |
| 79 | #include "x509.h" | 79 | #include <openssl/x509.h> |
| 80 | #include "conf.h" | 80 | #include <openssl/x509v3.h> |
| 81 | #include "err.h" | 81 | #include <openssl/conf.h> |
| 82 | #include <openssl/pkcs12.h> | ||
| 83 | #include <openssl/rand.h> | ||
| 84 | #include <openssl/dso.h> | ||
| 85 | #include <openssl/engine.h> | ||
| 86 | #include <openssl/ocsp.h> | ||
| 87 | #include <openssl/err.h> | ||
| 82 | 88 | ||
| 83 | void ERR_load_crypto_strings() | 89 | void ERR_load_crypto_strings(void) |
| 84 | { | 90 | { |
| 85 | static int done=0; | 91 | static int done=0; |
| 86 | 92 | ||
| 87 | if (done) return; | 93 | if (done) return; |
| 88 | done=1; | 94 | done=1; |
| 89 | #ifndef NO_ERR | 95 | #ifndef OPENSSL_NO_ERR |
| 90 | ERR_load_ASN1_strings(); | 96 | ERR_load_ERR_strings(); /* include error strings for SYSerr */ |
| 91 | ERR_load_BN_strings(); | 97 | ERR_load_BN_strings(); |
| 92 | ERR_load_BUF_strings(); | 98 | #ifndef OPENSSL_NO_RSA |
| 93 | ERR_load_BIO_strings(); | ||
| 94 | ERR_load_CONF_strings(); | ||
| 95 | #ifndef NO_RSA | ||
| 96 | #ifdef RSAref | ||
| 97 | ERR_load_RSAREF_strings(); | ||
| 98 | #else | ||
| 99 | ERR_load_RSA_strings(); | 99 | ERR_load_RSA_strings(); |
| 100 | #endif | 100 | #endif |
| 101 | #endif | 101 | #ifndef OPENSSL_NO_DH |
| 102 | #ifndef NO_DH | ||
| 103 | ERR_load_DH_strings(); | 102 | ERR_load_DH_strings(); |
| 104 | #endif | 103 | #endif |
| 105 | #ifndef NO_DSA | ||
| 106 | ERR_load_DSA_strings(); | ||
| 107 | #endif | ||
| 108 | ERR_load_ERR_strings(); | ||
| 109 | ERR_load_EVP_strings(); | 104 | ERR_load_EVP_strings(); |
| 105 | ERR_load_BUF_strings(); | ||
| 110 | ERR_load_OBJ_strings(); | 106 | ERR_load_OBJ_strings(); |
| 111 | ERR_load_PEM_strings(); | 107 | ERR_load_PEM_strings(); |
| 108 | #ifndef OPENSSL_NO_DSA | ||
| 109 | ERR_load_DSA_strings(); | ||
| 110 | #endif | ||
| 112 | ERR_load_X509_strings(); | 111 | ERR_load_X509_strings(); |
| 112 | ERR_load_ASN1_strings(); | ||
| 113 | ERR_load_CONF_strings(); | ||
| 113 | ERR_load_CRYPTO_strings(); | 114 | ERR_load_CRYPTO_strings(); |
| 114 | ERR_load_PKCS7_strings(); | 115 | #ifndef OPENSSL_NO_EC |
| 116 | ERR_load_EC_strings(); | ||
| 117 | #endif | ||
| 118 | /* skip ERR_load_SSL_strings() because it is not in this library */ | ||
| 119 | ERR_load_BIO_strings(); | ||
| 120 | ERR_load_PKCS7_strings(); | ||
| 121 | ERR_load_X509V3_strings(); | ||
| 122 | ERR_load_PKCS12_strings(); | ||
| 123 | ERR_load_RAND_strings(); | ||
| 124 | ERR_load_DSO_strings(); | ||
| 125 | ERR_load_ENGINE_strings(); | ||
| 126 | ERR_load_OCSP_strings(); | ||
| 127 | ERR_load_UI_strings(); | ||
| 115 | #endif | 128 | #endif |
| 116 | } | 129 | } |
diff --git a/src/lib/libcrypto/err/err_prn.c b/src/lib/libcrypto/err/err_prn.c index ecd0e7c4fa..c156663f0e 100644 --- a/src/lib/libcrypto/err/err_prn.c +++ b/src/lib/libcrypto/err/err_prn.c | |||
| @@ -57,51 +57,51 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "lhash.h" | 60 | #include <openssl/lhash.h> |
| 61 | #include "crypto.h" | 61 | #include <openssl/crypto.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | #include "err.h" | 64 | #include <openssl/err.h> |
| 65 | #include "crypto.h" | 65 | #include <openssl/crypto.h> |
| 66 | 66 | ||
| 67 | #ifndef NO_FP_API | 67 | void ERR_print_errors_cb(int (*cb)(const char *str, size_t len, void *u), |
| 68 | void ERR_print_errors_fp(fp) | 68 | void *u) |
| 69 | FILE *fp; | ||
| 70 | { | 69 | { |
| 71 | unsigned long l; | 70 | unsigned long l; |
| 72 | char buf[200]; | 71 | char buf[256]; |
| 73 | char *file,*data; | 72 | char buf2[4096]; |
| 73 | const char *file,*data; | ||
| 74 | int line,flags; | 74 | int line,flags; |
| 75 | unsigned long es; | 75 | unsigned long es; |
| 76 | 76 | ||
| 77 | es=CRYPTO_thread_id(); | 77 | es=CRYPTO_thread_id(); |
| 78 | while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) | 78 | while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) |
| 79 | { | 79 | { |
| 80 | fprintf(fp,"%lu:%s:%s:%d:%s\n",es,ERR_error_string(l,buf), | 80 | ERR_error_string_n(l, buf, sizeof buf); |
| 81 | file,line,(flags&ERR_TXT_STRING)?data:""); | 81 | BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", es, buf, |
| 82 | file, line, (flags & ERR_TXT_STRING) ? data : ""); | ||
| 83 | cb(buf2, strlen(buf2), u); | ||
| 82 | } | 84 | } |
| 83 | } | 85 | } |
| 84 | #endif | ||
| 85 | 86 | ||
| 86 | void ERR_print_errors(bp) | 87 | #ifndef OPENSSL_NO_FP_API |
| 87 | BIO *bp; | 88 | static int print_fp(const char *str, size_t len, void *fp) |
| 88 | { | 89 | { |
| 89 | unsigned long l; | 90 | return fprintf((FILE *)fp, "%s", str); |
| 90 | char buf[256]; | 91 | } |
| 91 | char buf2[256]; | 92 | void ERR_print_errors_fp(FILE *fp) |
| 92 | char *file,*data; | 93 | { |
| 93 | int line,flags; | 94 | ERR_print_errors_cb(print_fp, fp); |
| 94 | unsigned long es; | 95 | } |
| 96 | #endif | ||
| 95 | 97 | ||
| 96 | es=CRYPTO_thread_id(); | 98 | static int print_bio(const char *str, size_t len, void *bp) |
| 97 | while ((l=ERR_get_error_line_data(&file,&line,&data,&flags)) != 0) | 99 | { |
| 98 | { | 100 | return BIO_write((BIO *)bp, str, len); |
| 99 | sprintf(buf2,"%lu:%s:%s:%d:",es,ERR_error_string(l,buf), | 101 | } |
| 100 | file,line); | 102 | void ERR_print_errors(BIO *bp) |
| 101 | BIO_write(bp,buf2,strlen(buf2)); | 103 | { |
| 102 | if (flags & ERR_TXT_STRING) | 104 | ERR_print_errors_cb(print_bio, bp); |
| 103 | BIO_write(bp,data,strlen(data)); | ||
| 104 | BIO_write(bp,"\n",1); | ||
| 105 | } | ||
| 106 | } | 105 | } |
| 107 | 106 | ||
| 107 | |||
diff --git a/src/lib/libcrypto/err/openssl.ec b/src/lib/libcrypto/err/openssl.ec index c2a8acff0c..29a69dfdd4 100644 --- a/src/lib/libcrypto/err/openssl.ec +++ b/src/lib/libcrypto/err/openssl.ec | |||
| @@ -1,26 +1,36 @@ | |||
| 1 | # crypto/err/openssl.ec | ||
| 2 | |||
| 3 | # configuration file for util/mkerr.pl | ||
| 4 | |||
| 5 | # files that may have to be rewritten by util/mkerr.pl | ||
| 1 | L ERR NONE NONE | 6 | L ERR NONE NONE |
| 2 | L CRYPTO crypto/crypto.h crypto/cpt_err.c | ||
| 3 | L BN crypto/bn/bn.h crypto/bn/bn_err.c | 7 | L BN crypto/bn/bn.h crypto/bn/bn_err.c |
| 4 | L RSA crypto/rsa/rsa.h crypto/rsa/rsa_err.c | 8 | L RSA crypto/rsa/rsa.h crypto/rsa/rsa_err.c |
| 5 | L DSA crypto/dsa/dsa.h crypto/dsa/dsa_err.c | ||
| 6 | L DH crypto/dh/dh.h crypto/dh/dh_err.c | 9 | L DH crypto/dh/dh.h crypto/dh/dh_err.c |
| 7 | L EVP crypto/evp/evp.h crypto/evp/evp_err.c | 10 | L EVP crypto/evp/evp.h crypto/evp/evp_err.c |
| 8 | L BUF crypto/buffer/buffer.h crypto/buffer/buf_err.c | 11 | L BUF crypto/buffer/buffer.h crypto/buffer/buf_err.c |
| 9 | L BIO crypto/bio/bio.h crypto/bio/bio_err.c | ||
| 10 | L OBJ crypto/objects/objects.h crypto/objects/obj_err.c | 12 | L OBJ crypto/objects/objects.h crypto/objects/obj_err.c |
| 11 | L PEM crypto/pem/pem.h crypto/pem/pem_err.c | 13 | L PEM crypto/pem/pem.h crypto/pem/pem_err.c |
| 14 | L DSA crypto/dsa/dsa.h crypto/dsa/dsa_err.c | ||
| 12 | L X509 crypto/x509/x509.h crypto/x509/x509_err.c | 15 | L X509 crypto/x509/x509.h crypto/x509/x509_err.c |
| 13 | L NONE crypto/x509/x509_vfy.h NONE | ||
| 14 | L X509V3 crypto/x509v3/x509v3.h crypto/x509v3/v3err.c | ||
| 15 | #L METH crypto/meth/meth.h crypto/meth/meth_err.c | ||
| 16 | L ASN1 crypto/asn1/asn1.h crypto/asn1/asn1_err.c | 16 | L ASN1 crypto/asn1/asn1.h crypto/asn1/asn1_err.c |
| 17 | L CONF crypto/conf/conf.h crypto/conf/conf_err.c | 17 | L CONF crypto/conf/conf.h crypto/conf/conf_err.c |
| 18 | #L PROXY crypto/proxy/proxy.h crypto/proxy/proxy_err.c | 18 | L CRYPTO crypto/crypto.h crypto/cpt_err.c |
| 19 | L EC crypto/ec/ec.h crypto/ec/ec_err.c | ||
| 20 | L SSL ssl/ssl.h ssl/ssl_err.c | ||
| 21 | L BIO crypto/bio/bio.h crypto/bio/bio_err.c | ||
| 19 | L PKCS7 crypto/pkcs7/pkcs7.h crypto/pkcs7/pkcs7err.c | 22 | L PKCS7 crypto/pkcs7/pkcs7.h crypto/pkcs7/pkcs7err.c |
| 23 | L X509V3 crypto/x509v3/x509v3.h crypto/x509v3/v3err.c | ||
| 20 | L PKCS12 crypto/pkcs12/pkcs12.h crypto/pkcs12/pk12err.c | 24 | L PKCS12 crypto/pkcs12/pkcs12.h crypto/pkcs12/pk12err.c |
| 21 | L RSAREF rsaref/rsaref.h rsaref/rsar_err.c | 25 | L RAND crypto/rand/rand.h crypto/rand/rand_err.c |
| 22 | L SSL ssl/ssl.h ssl/ssl_err.c | 26 | L DSO crypto/dso/dso.h crypto/dso/dso_err.c |
| 23 | L COMP crypto/comp/comp.h crypto/comp/comp_err.c | 27 | L ENGINE crypto/engine/engine.h crypto/engine/eng_err.c |
| 28 | L OCSP crypto/ocsp/ocsp.h crypto/ocsp/ocsp_err.c | ||
| 29 | L UI crypto/ui/ui.h crypto/ui/ui_err.c | ||
| 30 | |||
| 31 | # additional header files to be scanned for function names | ||
| 32 | L NONE crypto/x509/x509_vfy.h NONE | ||
| 33 | L NONE crypto/ec/ec_lcl.h NONE | ||
| 24 | 34 | ||
| 25 | 35 | ||
| 26 | F RSAREF_F_RSA_BN2BIN | 36 | F RSAREF_F_RSA_BN2BIN |
| @@ -47,11 +57,11 @@ R SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 | |||
| 47 | R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 | 57 | R SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 |
| 48 | R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 | 58 | R SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 |
| 49 | R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 | 59 | R SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
| 50 | R SSL_R_TLSV1_ALERT_EXPORT_RESTRICION 1060 | 60 | R SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 |
| 51 | R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 | 61 | R SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 |
| 52 | R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 | 62 | R SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 |
| 53 | R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 | 63 | R SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 |
| 54 | R SSL_R_TLSV1_ALERT_USER_CANCLED 1090 | 64 | R SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 55 | R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 | 65 | R SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |
| 56 | 66 | ||
| 57 | R RSAREF_R_CONTENT_ENCODING 0x0400 | 67 | R RSAREF_R_CONTENT_ENCODING 0x0400 |
diff --git a/src/lib/libcrypto/evp/bio_b64.c b/src/lib/libcrypto/evp/bio_b64.c index 73172b9a07..f12eac1b55 100644 --- a/src/lib/libcrypto/evp/bio_b64.c +++ b/src/lib/libcrypto/evp/bio_b64.c | |||
| @@ -59,27 +59,17 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | 64 | ||
| 65 | #ifndef NOPROTO | 65 | static int b64_write(BIO *h, const char *buf, int num); |
| 66 | static int b64_write(BIO *h,char *buf,int num); | 66 | static int b64_read(BIO *h, char *buf, int size); |
| 67 | static int b64_read(BIO *h,char *buf,int size); | 67 | /*static int b64_puts(BIO *h, const char *str); */ |
| 68 | /*static int b64_puts(BIO *h,char *str); */ | 68 | /*static int b64_gets(BIO *h, char *str, int size); */ |
| 69 | /*static int b64_gets(BIO *h,char *str,int size); */ | 69 | static long b64_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 70 | static long b64_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 71 | static int b64_new(BIO *h); | 70 | static int b64_new(BIO *h); |
| 72 | static int b64_free(BIO *data); | 71 | static int b64_free(BIO *data); |
| 73 | #else | 72 | static long b64_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); |
| 74 | static int b64_write(); | ||
| 75 | static int b64_read(); | ||
| 76 | /*static int b64_puts(); */ | ||
| 77 | /*static int b64_gets(); */ | ||
| 78 | static long b64_ctrl(); | ||
| 79 | static int b64_new(); | ||
| 80 | static int b64_free(); | ||
| 81 | #endif | ||
| 82 | |||
| 83 | #define B64_BLOCK_SIZE 1024 | 73 | #define B64_BLOCK_SIZE 1024 |
| 84 | #define B64_BLOCK_SIZE2 768 | 74 | #define B64_BLOCK_SIZE2 768 |
| 85 | #define B64_NONE 0 | 75 | #define B64_NONE 0 |
| @@ -111,19 +101,19 @@ static BIO_METHOD methods_b64= | |||
| 111 | b64_ctrl, | 101 | b64_ctrl, |
| 112 | b64_new, | 102 | b64_new, |
| 113 | b64_free, | 103 | b64_free, |
| 104 | b64_callback_ctrl, | ||
| 114 | }; | 105 | }; |
| 115 | 106 | ||
| 116 | BIO_METHOD *BIO_f_base64() | 107 | BIO_METHOD *BIO_f_base64(void) |
| 117 | { | 108 | { |
| 118 | return(&methods_b64); | 109 | return(&methods_b64); |
| 119 | } | 110 | } |
| 120 | 111 | ||
| 121 | static int b64_new(bi) | 112 | static int b64_new(BIO *bi) |
| 122 | BIO *bi; | ||
| 123 | { | 113 | { |
| 124 | BIO_B64_CTX *ctx; | 114 | BIO_B64_CTX *ctx; |
| 125 | 115 | ||
| 126 | ctx=(BIO_B64_CTX *)Malloc(sizeof(BIO_B64_CTX)); | 116 | ctx=(BIO_B64_CTX *)OPENSSL_malloc(sizeof(BIO_B64_CTX)); |
| 127 | if (ctx == NULL) return(0); | 117 | if (ctx == NULL) return(0); |
| 128 | 118 | ||
| 129 | ctx->buf_len=0; | 119 | ctx->buf_len=0; |
| @@ -140,21 +130,17 @@ BIO *bi; | |||
| 140 | return(1); | 130 | return(1); |
| 141 | } | 131 | } |
| 142 | 132 | ||
| 143 | static int b64_free(a) | 133 | static int b64_free(BIO *a) |
| 144 | BIO *a; | ||
| 145 | { | 134 | { |
| 146 | if (a == NULL) return(0); | 135 | if (a == NULL) return(0); |
| 147 | Free(a->ptr); | 136 | OPENSSL_free(a->ptr); |
| 148 | a->ptr=NULL; | 137 | a->ptr=NULL; |
| 149 | a->init=0; | 138 | a->init=0; |
| 150 | a->flags=0; | 139 | a->flags=0; |
| 151 | return(1); | 140 | return(1); |
| 152 | } | 141 | } |
| 153 | 142 | ||
| 154 | static int b64_read(b,out,outl) | 143 | static int b64_read(BIO *b, char *out, int outl) |
| 155 | BIO *b; | ||
| 156 | char *out; | ||
| 157 | int outl; | ||
| 158 | { | 144 | { |
| 159 | int ret=0,i,ii,j,k,x,n,num,ret_code=0; | 145 | int ret=0,i,ii,j,k,x,n,num,ret_code=0; |
| 160 | BIO_B64_CTX *ctx; | 146 | BIO_B64_CTX *ctx; |
| @@ -253,8 +239,8 @@ int outl; | |||
| 253 | &(ctx->tmp[0])); | 239 | &(ctx->tmp[0])); |
| 254 | for (x=0; x < i; x++) | 240 | for (x=0; x < i; x++) |
| 255 | ctx->tmp[x]=p[x]; | 241 | ctx->tmp[x]=p[x]; |
| 256 | EVP_DecodeInit(&ctx->base64); | ||
| 257 | } | 242 | } |
| 243 | EVP_DecodeInit(&ctx->base64); | ||
| 258 | ctx->start=0; | 244 | ctx->start=0; |
| 259 | break; | 245 | break; |
| 260 | } | 246 | } |
| @@ -354,10 +340,7 @@ int outl; | |||
| 354 | return((ret == 0)?ret_code:ret); | 340 | return((ret == 0)?ret_code:ret); |
| 355 | } | 341 | } |
| 356 | 342 | ||
| 357 | static int b64_write(b,in,inl) | 343 | static int b64_write(BIO *b, const char *in, int inl) |
| 358 | BIO *b; | ||
| 359 | char *in; | ||
| 360 | int inl; | ||
| 361 | { | 344 | { |
| 362 | int ret=inl,n,i; | 345 | int ret=inl,n,i; |
| 363 | BIO_B64_CTX *ctx; | 346 | BIO_B64_CTX *ctx; |
| @@ -387,10 +370,11 @@ int inl; | |||
| 387 | n-=i; | 370 | n-=i; |
| 388 | } | 371 | } |
| 389 | /* at this point all pending data has been written */ | 372 | /* at this point all pending data has been written */ |
| 373 | ctx->buf_off=0; | ||
| 374 | ctx->buf_len=0; | ||
| 390 | 375 | ||
| 391 | if ((in == NULL) || (inl <= 0)) return(0); | 376 | if ((in == NULL) || (inl <= 0)) return(0); |
| 392 | 377 | ||
| 393 | ctx->buf_off=0; | ||
| 394 | while (inl > 0) | 378 | while (inl > 0) |
| 395 | { | 379 | { |
| 396 | n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; | 380 | n=(inl > B64_BLOCK_SIZE)?B64_BLOCK_SIZE:inl; |
| @@ -400,14 +384,20 @@ int inl; | |||
| 400 | if (ctx->tmp_len > 0) | 384 | if (ctx->tmp_len > 0) |
| 401 | { | 385 | { |
| 402 | n=3-ctx->tmp_len; | 386 | n=3-ctx->tmp_len; |
| 387 | /* There's a teoretical possibility for this */ | ||
| 388 | if (n > inl) | ||
| 389 | n=inl; | ||
| 403 | memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); | 390 | memcpy(&(ctx->tmp[ctx->tmp_len]),in,n); |
| 404 | ctx->tmp_len+=n; | 391 | ctx->tmp_len+=n; |
| 405 | n=ctx->tmp_len; | 392 | if (ctx->tmp_len < 3) |
| 406 | if (n < 3) | ||
| 407 | break; | 393 | break; |
| 408 | ctx->buf_len=EVP_EncodeBlock( | 394 | ctx->buf_len=EVP_EncodeBlock( |
| 409 | (unsigned char *)ctx->buf, | 395 | (unsigned char *)ctx->buf, |
| 410 | (unsigned char *)ctx->tmp,n); | 396 | (unsigned char *)ctx->tmp, |
| 397 | ctx->tmp_len); | ||
| 398 | /* Since we're now done using the temporary | ||
| 399 | buffer, the length should be 0'd */ | ||
| 400 | ctx->tmp_len=0; | ||
| 411 | } | 401 | } |
| 412 | else | 402 | else |
| 413 | { | 403 | { |
| @@ -451,11 +441,7 @@ int inl; | |||
| 451 | return(ret); | 441 | return(ret); |
| 452 | } | 442 | } |
| 453 | 443 | ||
| 454 | static long b64_ctrl(b,cmd,num,ptr) | 444 | static long b64_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 455 | BIO *b; | ||
| 456 | int cmd; | ||
| 457 | long num; | ||
| 458 | char *ptr; | ||
| 459 | { | 445 | { |
| 460 | BIO_B64_CTX *ctx; | 446 | BIO_B64_CTX *ctx; |
| 461 | long ret=1; | 447 | long ret=1; |
| @@ -479,7 +465,8 @@ char *ptr; | |||
| 479 | break; | 465 | break; |
| 480 | case BIO_CTRL_WPENDING: /* More to write in buffer */ | 466 | case BIO_CTRL_WPENDING: /* More to write in buffer */ |
| 481 | ret=ctx->buf_len-ctx->buf_off; | 467 | ret=ctx->buf_len-ctx->buf_off; |
| 482 | if ((ret == 0) && (ctx->base64.num != 0)) | 468 | if ((ret == 0) && (ctx->encode != B64_NONE) |
| 469 | && (ctx->base64.num != 0)) | ||
| 483 | ret=1; | 470 | ret=1; |
| 484 | else if (ret <= 0) | 471 | else if (ret <= 0) |
| 485 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 472 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| @@ -514,7 +501,7 @@ again: | |||
| 514 | goto again; | 501 | goto again; |
| 515 | } | 502 | } |
| 516 | } | 503 | } |
| 517 | else if (ctx->base64.num != 0) | 504 | else if (ctx->encode != B64_NONE && ctx->base64.num != 0) |
| 518 | { | 505 | { |
| 519 | ctx->buf_off=0; | 506 | ctx->buf_off=0; |
| 520 | EVP_EncodeFinal(&(ctx->base64), | 507 | EVP_EncodeFinal(&(ctx->base64), |
| @@ -545,3 +532,17 @@ again: | |||
| 545 | return(ret); | 532 | return(ret); |
| 546 | } | 533 | } |
| 547 | 534 | ||
| 535 | static long b64_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | ||
| 536 | { | ||
| 537 | long ret=1; | ||
| 538 | |||
| 539 | if (b->next_bio == NULL) return(0); | ||
| 540 | switch (cmd) | ||
| 541 | { | ||
| 542 | default: | ||
| 543 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 544 | break; | ||
| 545 | } | ||
| 546 | return(ret); | ||
| 547 | } | ||
| 548 | |||
diff --git a/src/lib/libcrypto/evp/bio_enc.c b/src/lib/libcrypto/evp/bio_enc.c index 6c30ddfc54..64fb2353af 100644 --- a/src/lib/libcrypto/evp/bio_enc.c +++ b/src/lib/libcrypto/evp/bio_enc.c | |||
| @@ -59,28 +59,19 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | 64 | ||
| 65 | #ifndef NOPROTO | 65 | static int enc_write(BIO *h, const char *buf, int num); |
| 66 | static int enc_write(BIO *h,char *buf,int num); | 66 | static int enc_read(BIO *h, char *buf, int size); |
| 67 | static int enc_read(BIO *h,char *buf,int size); | 67 | /*static int enc_puts(BIO *h, const char *str); */ |
| 68 | /*static int enc_puts(BIO *h,char *str); */ | 68 | /*static int enc_gets(BIO *h, char *str, int size); */ |
| 69 | /*static int enc_gets(BIO *h,char *str,int size); */ | 69 | static long enc_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 70 | static long enc_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 71 | static int enc_new(BIO *h); | 70 | static int enc_new(BIO *h); |
| 72 | static int enc_free(BIO *data); | 71 | static int enc_free(BIO *data); |
| 73 | #else | 72 | static long enc_callback_ctrl(BIO *h, int cmd, bio_info_cb *fps); |
| 74 | static int enc_write(); | ||
| 75 | static int enc_read(); | ||
| 76 | /*static int enc_puts(); */ | ||
| 77 | /*static int enc_gets(); */ | ||
| 78 | static long enc_ctrl(); | ||
| 79 | static int enc_new(); | ||
| 80 | static int enc_free(); | ||
| 81 | #endif | ||
| 82 | |||
| 83 | #define ENC_BLOCK_SIZE (1024*4) | 73 | #define ENC_BLOCK_SIZE (1024*4) |
| 74 | #define BUF_OFFSET EVP_MAX_BLOCK_LENGTH | ||
| 84 | 75 | ||
| 85 | typedef struct enc_struct | 76 | typedef struct enc_struct |
| 86 | { | 77 | { |
| @@ -90,7 +81,10 @@ typedef struct enc_struct | |||
| 90 | int finished; | 81 | int finished; |
| 91 | int ok; /* bad decrypt */ | 82 | int ok; /* bad decrypt */ |
| 92 | EVP_CIPHER_CTX cipher; | 83 | EVP_CIPHER_CTX cipher; |
| 93 | char buf[ENC_BLOCK_SIZE+10]; | 84 | /* buf is larger than ENC_BLOCK_SIZE because EVP_DecryptUpdate |
| 85 | * can return up to a block more data than is presented to it | ||
| 86 | */ | ||
| 87 | char buf[ENC_BLOCK_SIZE+BUF_OFFSET+2]; | ||
| 94 | } BIO_ENC_CTX; | 88 | } BIO_ENC_CTX; |
| 95 | 89 | ||
| 96 | static BIO_METHOD methods_enc= | 90 | static BIO_METHOD methods_enc= |
| @@ -103,21 +97,21 @@ static BIO_METHOD methods_enc= | |||
| 103 | enc_ctrl, | 97 | enc_ctrl, |
| 104 | enc_new, | 98 | enc_new, |
| 105 | enc_free, | 99 | enc_free, |
| 100 | enc_callback_ctrl, | ||
| 106 | }; | 101 | }; |
| 107 | 102 | ||
| 108 | BIO_METHOD *BIO_f_cipher() | 103 | BIO_METHOD *BIO_f_cipher(void) |
| 109 | { | 104 | { |
| 110 | return(&methods_enc); | 105 | return(&methods_enc); |
| 111 | } | 106 | } |
| 112 | 107 | ||
| 113 | static int enc_new(bi) | 108 | static int enc_new(BIO *bi) |
| 114 | BIO *bi; | ||
| 115 | { | 109 | { |
| 116 | BIO_ENC_CTX *ctx; | 110 | BIO_ENC_CTX *ctx; |
| 117 | 111 | ||
| 118 | ctx=(BIO_ENC_CTX *)Malloc(sizeof(BIO_ENC_CTX)); | 112 | ctx=(BIO_ENC_CTX *)OPENSSL_malloc(sizeof(BIO_ENC_CTX)); |
| 119 | EVP_CIPHER_CTX_init(&ctx->cipher); | ||
| 120 | if (ctx == NULL) return(0); | 113 | if (ctx == NULL) return(0); |
| 114 | EVP_CIPHER_CTX_init(&ctx->cipher); | ||
| 121 | 115 | ||
| 122 | ctx->buf_len=0; | 116 | ctx->buf_len=0; |
| 123 | ctx->buf_off=0; | 117 | ctx->buf_off=0; |
| @@ -131,8 +125,7 @@ BIO *bi; | |||
| 131 | return(1); | 125 | return(1); |
| 132 | } | 126 | } |
| 133 | 127 | ||
| 134 | static int enc_free(a) | 128 | static int enc_free(BIO *a) |
| 135 | BIO *a; | ||
| 136 | { | 129 | { |
| 137 | BIO_ENC_CTX *b; | 130 | BIO_ENC_CTX *b; |
| 138 | 131 | ||
| @@ -140,17 +133,14 @@ BIO *a; | |||
| 140 | b=(BIO_ENC_CTX *)a->ptr; | 133 | b=(BIO_ENC_CTX *)a->ptr; |
| 141 | EVP_CIPHER_CTX_cleanup(&(b->cipher)); | 134 | EVP_CIPHER_CTX_cleanup(&(b->cipher)); |
| 142 | memset(a->ptr,0,sizeof(BIO_ENC_CTX)); | 135 | memset(a->ptr,0,sizeof(BIO_ENC_CTX)); |
| 143 | Free(a->ptr); | 136 | OPENSSL_free(a->ptr); |
| 144 | a->ptr=NULL; | 137 | a->ptr=NULL; |
| 145 | a->init=0; | 138 | a->init=0; |
| 146 | a->flags=0; | 139 | a->flags=0; |
| 147 | return(1); | 140 | return(1); |
| 148 | } | 141 | } |
| 149 | 142 | ||
| 150 | static int enc_read(b,out,outl) | 143 | static int enc_read(BIO *b, char *out, int outl) |
| 151 | BIO *b; | ||
| 152 | char *out; | ||
| 153 | int outl; | ||
| 154 | { | 144 | { |
| 155 | int ret=0,i; | 145 | int ret=0,i; |
| 156 | BIO_ENC_CTX *ctx; | 146 | BIO_ENC_CTX *ctx; |
| @@ -184,9 +174,9 @@ int outl; | |||
| 184 | { | 174 | { |
| 185 | if (ctx->cont <= 0) break; | 175 | if (ctx->cont <= 0) break; |
| 186 | 176 | ||
| 187 | /* read in at offset 8, read the EVP_Cipher | 177 | /* read in at IV offset, read the EVP_Cipher |
| 188 | * documentation about why */ | 178 | * documentation about why */ |
| 189 | i=BIO_read(b->next_bio,&(ctx->buf[8]),ENC_BLOCK_SIZE); | 179 | i=BIO_read(b->next_bio,&(ctx->buf[BUF_OFFSET]),ENC_BLOCK_SIZE); |
| 190 | 180 | ||
| 191 | if (i <= 0) | 181 | if (i <= 0) |
| 192 | { | 182 | { |
| @@ -194,29 +184,37 @@ int outl; | |||
| 194 | if (!BIO_should_retry(b->next_bio)) | 184 | if (!BIO_should_retry(b->next_bio)) |
| 195 | { | 185 | { |
| 196 | ctx->cont=i; | 186 | ctx->cont=i; |
| 197 | i=EVP_CipherFinal(&(ctx->cipher), | 187 | i=EVP_CipherFinal_ex(&(ctx->cipher), |
| 198 | (unsigned char *)ctx->buf, | 188 | (unsigned char *)ctx->buf, |
| 199 | &(ctx->buf_len)); | 189 | &(ctx->buf_len)); |
| 200 | ctx->ok=i; | 190 | ctx->ok=i; |
| 201 | ctx->buf_off=0; | 191 | ctx->buf_off=0; |
| 202 | } | 192 | } |
| 203 | else | 193 | else |
| 194 | { | ||
| 204 | ret=(ret == 0)?i:ret; | 195 | ret=(ret == 0)?i:ret; |
| 205 | break; | 196 | break; |
| 197 | } | ||
| 206 | } | 198 | } |
| 207 | else | 199 | else |
| 208 | { | 200 | { |
| 209 | EVP_CipherUpdate(&(ctx->cipher), | 201 | EVP_CipherUpdate(&(ctx->cipher), |
| 210 | (unsigned char *)ctx->buf,&ctx->buf_len, | 202 | (unsigned char *)ctx->buf,&ctx->buf_len, |
| 211 | (unsigned char *)&(ctx->buf[8]),i); | 203 | (unsigned char *)&(ctx->buf[BUF_OFFSET]),i); |
| 212 | ctx->cont=1; | 204 | ctx->cont=1; |
| 205 | /* Note: it is possible for EVP_CipherUpdate to | ||
| 206 | * decrypt zero bytes because this is or looks like | ||
| 207 | * the final block: if this happens we should retry | ||
| 208 | * and either read more data or decrypt the final | ||
| 209 | * block | ||
| 210 | */ | ||
| 211 | if(ctx->buf_len == 0) continue; | ||
| 213 | } | 212 | } |
| 214 | 213 | ||
| 215 | if (ctx->buf_len <= outl) | 214 | if (ctx->buf_len <= outl) |
| 216 | i=ctx->buf_len; | 215 | i=ctx->buf_len; |
| 217 | else | 216 | else |
| 218 | i=outl; | 217 | i=outl; |
| 219 | |||
| 220 | if (i <= 0) break; | 218 | if (i <= 0) break; |
| 221 | memcpy(out,ctx->buf,i); | 219 | memcpy(out,ctx->buf,i); |
| 222 | ret+=i; | 220 | ret+=i; |
| @@ -230,10 +228,7 @@ int outl; | |||
| 230 | return((ret == 0)?ctx->cont:ret); | 228 | return((ret == 0)?ctx->cont:ret); |
| 231 | } | 229 | } |
| 232 | 230 | ||
| 233 | static int enc_write(b,in,inl) | 231 | static int enc_write(BIO *b, const char *in, int inl) |
| 234 | BIO *b; | ||
| 235 | char *in; | ||
| 236 | int inl; | ||
| 237 | { | 232 | { |
| 238 | int ret=0,n,i; | 233 | int ret=0,n,i; |
| 239 | BIO_ENC_CTX *ctx; | 234 | BIO_ENC_CTX *ctx; |
| @@ -288,16 +283,13 @@ int inl; | |||
| 288 | return(ret); | 283 | return(ret); |
| 289 | } | 284 | } |
| 290 | 285 | ||
| 291 | static long enc_ctrl(b,cmd,num,ptr) | 286 | static long enc_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 292 | BIO *b; | ||
| 293 | int cmd; | ||
| 294 | long num; | ||
| 295 | char *ptr; | ||
| 296 | { | 287 | { |
| 297 | BIO *dbio; | 288 | BIO *dbio; |
| 298 | BIO_ENC_CTX *ctx,*dctx; | 289 | BIO_ENC_CTX *ctx,*dctx; |
| 299 | long ret=1; | 290 | long ret=1; |
| 300 | int i; | 291 | int i; |
| 292 | EVP_CIPHER_CTX **c_ctx; | ||
| 301 | 293 | ||
| 302 | ctx=(BIO_ENC_CTX *)b->ptr; | 294 | ctx=(BIO_ENC_CTX *)b->ptr; |
| 303 | 295 | ||
| @@ -306,7 +298,7 @@ char *ptr; | |||
| 306 | case BIO_CTRL_RESET: | 298 | case BIO_CTRL_RESET: |
| 307 | ctx->ok=1; | 299 | ctx->ok=1; |
| 308 | ctx->finished=0; | 300 | ctx->finished=0; |
| 309 | EVP_CipherInit(&(ctx->cipher),NULL,NULL,NULL, | 301 | EVP_CipherInit_ex(&(ctx->cipher),NULL,NULL,NULL,NULL, |
| 310 | ctx->cipher.encrypt); | 302 | ctx->cipher.encrypt); |
| 311 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 303 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 312 | break; | 304 | break; |
| @@ -343,7 +335,7 @@ again: | |||
| 343 | { | 335 | { |
| 344 | ctx->finished=1; | 336 | ctx->finished=1; |
| 345 | ctx->buf_off=0; | 337 | ctx->buf_off=0; |
| 346 | ret=EVP_CipherFinal(&(ctx->cipher), | 338 | ret=EVP_CipherFinal_ex(&(ctx->cipher), |
| 347 | (unsigned char *)ctx->buf, | 339 | (unsigned char *)ctx->buf, |
| 348 | &(ctx->buf_len)); | 340 | &(ctx->buf_len)); |
| 349 | ctx->ok=(int)ret; | 341 | ctx->ok=(int)ret; |
| @@ -364,7 +356,11 @@ again: | |||
| 364 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 356 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| 365 | BIO_copy_next_retry(b); | 357 | BIO_copy_next_retry(b); |
| 366 | break; | 358 | break; |
| 367 | 359 | case BIO_C_GET_CIPHER_CTX: | |
| 360 | c_ctx=(EVP_CIPHER_CTX **)ptr; | ||
| 361 | (*c_ctx)= &(ctx->cipher); | ||
| 362 | b->init=1; | ||
| 363 | break; | ||
| 368 | case BIO_CTRL_DUP: | 364 | case BIO_CTRL_DUP: |
| 369 | dbio=(BIO *)ptr; | 365 | dbio=(BIO *)ptr; |
| 370 | dctx=(BIO_ENC_CTX *)dbio->ptr; | 366 | dctx=(BIO_ENC_CTX *)dbio->ptr; |
| @@ -378,6 +374,20 @@ again: | |||
| 378 | return(ret); | 374 | return(ret); |
| 379 | } | 375 | } |
| 380 | 376 | ||
| 377 | static long enc_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) | ||
| 378 | { | ||
| 379 | long ret=1; | ||
| 380 | |||
| 381 | if (b->next_bio == NULL) return(0); | ||
| 382 | switch (cmd) | ||
| 383 | { | ||
| 384 | default: | ||
| 385 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 386 | break; | ||
| 387 | } | ||
| 388 | return(ret); | ||
| 389 | } | ||
| 390 | |||
| 381 | /* | 391 | /* |
| 382 | void BIO_set_cipher_ctx(b,c) | 392 | void BIO_set_cipher_ctx(b,c) |
| 383 | BIO *b; | 393 | BIO *b; |
| @@ -398,26 +408,22 @@ EVP_CIPHER_ctx *c; | |||
| 398 | } | 408 | } |
| 399 | */ | 409 | */ |
| 400 | 410 | ||
| 401 | void BIO_set_cipher(b,c,k,i,e) | 411 | void BIO_set_cipher(BIO *b, const EVP_CIPHER *c, unsigned char *k, |
| 402 | BIO *b; | 412 | unsigned char *i, int e) |
| 403 | EVP_CIPHER *c; | ||
| 404 | unsigned char *k; | ||
| 405 | unsigned char *i; | ||
| 406 | int e; | ||
| 407 | { | 413 | { |
| 408 | BIO_ENC_CTX *ctx; | 414 | BIO_ENC_CTX *ctx; |
| 409 | 415 | ||
| 410 | if (b == NULL) return; | 416 | if (b == NULL) return; |
| 411 | 417 | ||
| 412 | if ((b->callback != NULL) && | 418 | if ((b->callback != NULL) && |
| 413 | (b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,0L) <= 0)) | 419 | (b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,0L) <= 0)) |
| 414 | return; | 420 | return; |
| 415 | 421 | ||
| 416 | b->init=1; | 422 | b->init=1; |
| 417 | ctx=(BIO_ENC_CTX *)b->ptr; | 423 | ctx=(BIO_ENC_CTX *)b->ptr; |
| 418 | EVP_CipherInit(&(ctx->cipher),c,k,i,e); | 424 | EVP_CipherInit_ex(&(ctx->cipher),c,NULL, k,i,e); |
| 419 | 425 | ||
| 420 | if (b->callback != NULL) | 426 | if (b->callback != NULL) |
| 421 | b->callback(b,BIO_CB_CTRL,(char *)c,BIO_CTRL_SET,e,1L); | 427 | b->callback(b,BIO_CB_CTRL,(const char *)c,BIO_CTRL_SET,e,1L); |
| 422 | } | 428 | } |
| 423 | 429 | ||
diff --git a/src/lib/libcrypto/evp/bio_md.c b/src/lib/libcrypto/evp/bio_md.c index fa5fdc055b..c632dfb202 100644 --- a/src/lib/libcrypto/evp/bio_md.c +++ b/src/lib/libcrypto/evp/bio_md.c | |||
| @@ -59,29 +59,20 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | 64 | ||
| 65 | /* BIO_put and BIO_get both add to the digest, | 65 | /* BIO_put and BIO_get both add to the digest, |
| 66 | * BIO_gets returns the digest */ | 66 | * BIO_gets returns the digest */ |
| 67 | 67 | ||
| 68 | #ifndef NOPROTO | 68 | static int md_write(BIO *h, char const *buf, int num); |
| 69 | static int md_write(BIO *h,char *buf,int num); | 69 | static int md_read(BIO *h, char *buf, int size); |
| 70 | static int md_read(BIO *h,char *buf,int size); | 70 | /*static int md_puts(BIO *h, const char *str); */ |
| 71 | /*static int md_puts(BIO *h,char *str); */ | 71 | static int md_gets(BIO *h, char *str, int size); |
| 72 | static int md_gets(BIO *h,char *str,int size); | 72 | static long md_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 73 | static long md_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 74 | static int md_new(BIO *h); | 73 | static int md_new(BIO *h); |
| 75 | static int md_free(BIO *data); | 74 | static int md_free(BIO *data); |
| 76 | #else | 75 | static long md_callback_ctrl(BIO *h,int cmd,bio_info_cb *fp); |
| 77 | static int md_write(); | ||
| 78 | static int md_read(); | ||
| 79 | /*static int md_puts(); */ | ||
| 80 | static int md_gets(); | ||
| 81 | static long md_ctrl(); | ||
| 82 | static int md_new(); | ||
| 83 | static int md_free(); | ||
| 84 | #endif | ||
| 85 | 76 | ||
| 86 | static BIO_METHOD methods_md= | 77 | static BIO_METHOD methods_md= |
| 87 | { | 78 | { |
| @@ -93,19 +84,19 @@ static BIO_METHOD methods_md= | |||
| 93 | md_ctrl, | 84 | md_ctrl, |
| 94 | md_new, | 85 | md_new, |
| 95 | md_free, | 86 | md_free, |
| 87 | md_callback_ctrl, | ||
| 96 | }; | 88 | }; |
| 97 | 89 | ||
| 98 | BIO_METHOD *BIO_f_md() | 90 | BIO_METHOD *BIO_f_md(void) |
| 99 | { | 91 | { |
| 100 | return(&methods_md); | 92 | return(&methods_md); |
| 101 | } | 93 | } |
| 102 | 94 | ||
| 103 | static int md_new(bi) | 95 | static int md_new(BIO *bi) |
| 104 | BIO *bi; | ||
| 105 | { | 96 | { |
| 106 | EVP_MD_CTX *ctx; | 97 | EVP_MD_CTX *ctx; |
| 107 | 98 | ||
| 108 | ctx=(EVP_MD_CTX *)Malloc(sizeof(EVP_MD_CTX)); | 99 | ctx=EVP_MD_CTX_create(); |
| 109 | if (ctx == NULL) return(0); | 100 | if (ctx == NULL) return(0); |
| 110 | 101 | ||
| 111 | bi->init=0; | 102 | bi->init=0; |
| @@ -114,27 +105,23 @@ BIO *bi; | |||
| 114 | return(1); | 105 | return(1); |
| 115 | } | 106 | } |
| 116 | 107 | ||
| 117 | static int md_free(a) | 108 | static int md_free(BIO *a) |
| 118 | BIO *a; | ||
| 119 | { | 109 | { |
| 120 | if (a == NULL) return(0); | 110 | if (a == NULL) return(0); |
| 121 | Free(a->ptr); | 111 | EVP_MD_CTX_destroy(a->ptr); |
| 122 | a->ptr=NULL; | 112 | a->ptr=NULL; |
| 123 | a->init=0; | 113 | a->init=0; |
| 124 | a->flags=0; | 114 | a->flags=0; |
| 125 | return(1); | 115 | return(1); |
| 126 | } | 116 | } |
| 127 | 117 | ||
| 128 | static int md_read(b,out,outl) | 118 | static int md_read(BIO *b, char *out, int outl) |
| 129 | BIO *b; | ||
| 130 | char *out; | ||
| 131 | int outl; | ||
| 132 | { | 119 | { |
| 133 | int ret=0; | 120 | int ret=0; |
| 134 | EVP_MD_CTX *ctx; | 121 | EVP_MD_CTX *ctx; |
| 135 | 122 | ||
| 136 | if (out == NULL) return(0); | 123 | if (out == NULL) return(0); |
| 137 | ctx=(EVP_MD_CTX *)b->ptr; | 124 | ctx=b->ptr; |
| 138 | 125 | ||
| 139 | if ((ctx == NULL) || (b->next_bio == NULL)) return(0); | 126 | if ((ctx == NULL) || (b->next_bio == NULL)) return(0); |
| 140 | 127 | ||
| @@ -152,16 +139,13 @@ int outl; | |||
| 152 | return(ret); | 139 | return(ret); |
| 153 | } | 140 | } |
| 154 | 141 | ||
| 155 | static int md_write(b,in,inl) | 142 | static int md_write(BIO *b, const char *in, int inl) |
| 156 | BIO *b; | ||
| 157 | char *in; | ||
| 158 | int inl; | ||
| 159 | { | 143 | { |
| 160 | int ret=0; | 144 | int ret=0; |
| 161 | EVP_MD_CTX *ctx; | 145 | EVP_MD_CTX *ctx; |
| 162 | 146 | ||
| 163 | if ((in == NULL) || (inl <= 0)) return(0); | 147 | if ((in == NULL) || (inl <= 0)) return(0); |
| 164 | ctx=(EVP_MD_CTX *)b->ptr; | 148 | ctx=b->ptr; |
| 165 | 149 | ||
| 166 | if ((ctx != NULL) && (b->next_bio != NULL)) | 150 | if ((ctx != NULL) && (b->next_bio != NULL)) |
| 167 | ret=BIO_write(b->next_bio,in,inl); | 151 | ret=BIO_write(b->next_bio,in,inl); |
| @@ -178,25 +162,21 @@ int inl; | |||
| 178 | return(ret); | 162 | return(ret); |
| 179 | } | 163 | } |
| 180 | 164 | ||
| 181 | static long md_ctrl(b,cmd,num,ptr) | 165 | static long md_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 182 | BIO *b; | ||
| 183 | int cmd; | ||
| 184 | long num; | ||
| 185 | char *ptr; | ||
| 186 | { | 166 | { |
| 187 | EVP_MD_CTX *ctx,*dctx,**pctx; | 167 | EVP_MD_CTX *ctx,*dctx,**pctx; |
| 188 | EVP_MD **ppmd; | 168 | const EVP_MD **ppmd; |
| 189 | EVP_MD *md; | 169 | EVP_MD *md; |
| 190 | long ret=1; | 170 | long ret=1; |
| 191 | BIO *dbio; | 171 | BIO *dbio; |
| 192 | 172 | ||
| 193 | ctx=(EVP_MD_CTX *)b->ptr; | 173 | ctx=b->ptr; |
| 194 | 174 | ||
| 195 | switch (cmd) | 175 | switch (cmd) |
| 196 | { | 176 | { |
| 197 | case BIO_CTRL_RESET: | 177 | case BIO_CTRL_RESET: |
| 198 | if (b->init) | 178 | if (b->init) |
| 199 | EVP_DigestInit(ctx,ctx->digest); | 179 | EVP_DigestInit_ex(ctx,ctx->digest, NULL); |
| 200 | else | 180 | else |
| 201 | ret=0; | 181 | ret=0; |
| 202 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); | 182 | ret=BIO_ctrl(b->next_bio,cmd,num,ptr); |
| @@ -204,7 +184,7 @@ char *ptr; | |||
| 204 | case BIO_C_GET_MD: | 184 | case BIO_C_GET_MD: |
| 205 | if (b->init) | 185 | if (b->init) |
| 206 | { | 186 | { |
| 207 | ppmd=(EVP_MD **)ptr; | 187 | ppmd=ptr; |
| 208 | *ppmd=ctx->digest; | 188 | *ppmd=ctx->digest; |
| 209 | } | 189 | } |
| 210 | else | 190 | else |
| @@ -213,7 +193,7 @@ char *ptr; | |||
| 213 | case BIO_C_GET_MD_CTX: | 193 | case BIO_C_GET_MD_CTX: |
| 214 | if (b->init) | 194 | if (b->init) |
| 215 | { | 195 | { |
| 216 | pctx=(EVP_MD_CTX **)ptr; | 196 | pctx=ptr; |
| 217 | *pctx=ctx; | 197 | *pctx=ctx; |
| 218 | } | 198 | } |
| 219 | else | 199 | else |
| @@ -226,14 +206,14 @@ char *ptr; | |||
| 226 | break; | 206 | break; |
| 227 | 207 | ||
| 228 | case BIO_C_SET_MD: | 208 | case BIO_C_SET_MD: |
| 229 | md=(EVP_MD *)ptr; | 209 | md=ptr; |
| 230 | EVP_DigestInit(ctx,md); | 210 | EVP_DigestInit_ex(ctx,md, NULL); |
| 231 | b->init=1; | 211 | b->init=1; |
| 232 | break; | 212 | break; |
| 233 | case BIO_CTRL_DUP: | 213 | case BIO_CTRL_DUP: |
| 234 | dbio=(BIO *)ptr; | 214 | dbio=ptr; |
| 235 | dctx=(EVP_MD_CTX *)dbio->ptr; | 215 | dctx=dbio->ptr; |
| 236 | memcpy(dctx,ctx,sizeof(ctx)); | 216 | EVP_MD_CTX_copy_ex(dctx,ctx); |
| 237 | b->init=1; | 217 | b->init=1; |
| 238 | break; | 218 | break; |
| 239 | default: | 219 | default: |
| @@ -243,19 +223,30 @@ char *ptr; | |||
| 243 | return(ret); | 223 | return(ret); |
| 244 | } | 224 | } |
| 245 | 225 | ||
| 246 | static int md_gets(bp,buf,size) | 226 | static long md_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 247 | BIO *bp; | 227 | { |
| 248 | char *buf; | 228 | long ret=1; |
| 249 | int size; | 229 | |
| 230 | if (b->next_bio == NULL) return(0); | ||
| 231 | switch (cmd) | ||
| 232 | { | ||
| 233 | default: | ||
| 234 | ret=BIO_callback_ctrl(b->next_bio,cmd,fp); | ||
| 235 | break; | ||
| 236 | } | ||
| 237 | return(ret); | ||
| 238 | } | ||
| 239 | |||
| 240 | static int md_gets(BIO *bp, char *buf, int size) | ||
| 250 | { | 241 | { |
| 251 | EVP_MD_CTX *ctx; | 242 | EVP_MD_CTX *ctx; |
| 252 | unsigned int ret; | 243 | unsigned int ret; |
| 253 | 244 | ||
| 254 | 245 | ||
| 255 | ctx=(EVP_MD_CTX *)bp->ptr; | 246 | ctx=bp->ptr; |
| 256 | if (size < ctx->digest->md_size) | 247 | if (size < ctx->digest->md_size) |
| 257 | return(0); | 248 | return(0); |
| 258 | EVP_DigestFinal(ctx,(unsigned char *)buf,&ret); | 249 | EVP_DigestFinal_ex(ctx,(unsigned char *)buf,&ret); |
| 259 | return((int)ret); | 250 | return((int)ret); |
| 260 | } | 251 | } |
| 261 | 252 | ||
diff --git a/src/lib/libcrypto/evp/c_all.c b/src/lib/libcrypto/evp/c_all.c index e77d1c896b..5ffd352ea0 100644 --- a/src/lib/libcrypto/evp/c_all.c +++ b/src/lib/libcrypto/evp/c_all.c | |||
| @@ -58,133 +58,17 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | ||
| 63 | 62 | ||
| 64 | void SSLeay_add_all_algorithms() | 63 | #undef OpenSSL_add_all_algorithms |
| 65 | { | ||
| 66 | SSLeay_add_all_ciphers(); | ||
| 67 | SSLeay_add_all_digests(); | ||
| 68 | } | ||
| 69 | 64 | ||
| 70 | void SSLeay_add_all_ciphers() | 65 | void OpenSSL_add_all_algorithms(void) |
| 71 | { | 66 | { |
| 72 | #ifndef NO_DES | 67 | OPENSSL_add_all_algorithms_noconf(); |
| 73 | EVP_add_cipher(EVP_des_cfb()); | ||
| 74 | EVP_add_cipher(EVP_des_ede_cfb()); | ||
| 75 | EVP_add_cipher(EVP_des_ede3_cfb()); | ||
| 76 | |||
| 77 | EVP_add_cipher(EVP_des_ofb()); | ||
| 78 | EVP_add_cipher(EVP_des_ede_ofb()); | ||
| 79 | EVP_add_cipher(EVP_des_ede3_ofb()); | ||
| 80 | |||
| 81 | EVP_add_cipher(EVP_desx_cbc()); | ||
| 82 | EVP_add_alias(SN_desx_cbc,"DESX"); | ||
| 83 | EVP_add_alias(SN_desx_cbc,"desx"); | ||
| 84 | |||
| 85 | EVP_add_cipher(EVP_des_cbc()); | ||
| 86 | EVP_add_alias(SN_des_cbc,"DES"); | ||
| 87 | EVP_add_alias(SN_des_cbc,"des"); | ||
| 88 | EVP_add_cipher(EVP_des_ede_cbc()); | ||
| 89 | EVP_add_cipher(EVP_des_ede3_cbc()); | ||
| 90 | EVP_add_alias(SN_des_ede3_cbc,"DES3"); | ||
| 91 | EVP_add_alias(SN_des_ede3_cbc,"des3"); | ||
| 92 | |||
| 93 | EVP_add_cipher(EVP_des_ecb()); | ||
| 94 | EVP_add_cipher(EVP_des_ede()); | ||
| 95 | EVP_add_cipher(EVP_des_ede3()); | ||
| 96 | #endif | ||
| 97 | |||
| 98 | #ifndef NO_RC4 | ||
| 99 | EVP_add_cipher(EVP_rc4()); | ||
| 100 | EVP_add_cipher(EVP_rc4_40()); | ||
| 101 | #endif | ||
| 102 | |||
| 103 | #ifndef NO_IDEA | ||
| 104 | EVP_add_cipher(EVP_idea_ecb()); | ||
| 105 | EVP_add_cipher(EVP_idea_cfb()); | ||
| 106 | EVP_add_cipher(EVP_idea_ofb()); | ||
| 107 | EVP_add_cipher(EVP_idea_cbc()); | ||
| 108 | EVP_add_alias(SN_idea_cbc,"IDEA"); | ||
| 109 | EVP_add_alias(SN_idea_cbc,"idea"); | ||
| 110 | #endif | ||
| 111 | |||
| 112 | #ifndef NO_RC2 | ||
| 113 | EVP_add_cipher(EVP_rc2_ecb()); | ||
| 114 | EVP_add_cipher(EVP_rc2_cfb()); | ||
| 115 | EVP_add_cipher(EVP_rc2_ofb()); | ||
| 116 | EVP_add_cipher(EVP_rc2_cbc()); | ||
| 117 | EVP_add_cipher(EVP_rc2_40_cbc()); | ||
| 118 | EVP_add_alias(SN_rc2_cbc,"RC2"); | ||
| 119 | EVP_add_alias(SN_rc2_cbc,"rc2"); | ||
| 120 | #endif | ||
| 121 | |||
| 122 | #ifndef NO_BLOWFISH | ||
| 123 | EVP_add_cipher(EVP_bf_ecb()); | ||
| 124 | EVP_add_cipher(EVP_bf_cfb()); | ||
| 125 | EVP_add_cipher(EVP_bf_ofb()); | ||
| 126 | EVP_add_cipher(EVP_bf_cbc()); | ||
| 127 | EVP_add_alias(SN_bf_cbc,"BF"); | ||
| 128 | EVP_add_alias(SN_bf_cbc,"bf"); | ||
| 129 | EVP_add_alias(SN_bf_cbc,"blowfish"); | ||
| 130 | #endif | ||
| 131 | |||
| 132 | #ifndef NO_CAST | ||
| 133 | EVP_add_cipher(EVP_cast5_ecb()); | ||
| 134 | EVP_add_cipher(EVP_cast5_cfb()); | ||
| 135 | EVP_add_cipher(EVP_cast5_ofb()); | ||
| 136 | EVP_add_cipher(EVP_cast5_cbc()); | ||
| 137 | EVP_add_alias(SN_cast5_cbc,"CAST"); | ||
| 138 | EVP_add_alias(SN_cast5_cbc,"cast"); | ||
| 139 | EVP_add_alias(SN_cast5_cbc,"CAST-cbc"); | ||
| 140 | EVP_add_alias(SN_cast5_cbc,"cast-cbc"); | ||
| 141 | #endif | ||
| 142 | |||
| 143 | #ifndef NO_RC5 | ||
| 144 | EVP_add_cipher(EVP_rc5_32_12_16_ecb()); | ||
| 145 | EVP_add_cipher(EVP_rc5_32_12_16_cfb()); | ||
| 146 | EVP_add_cipher(EVP_rc5_32_12_16_ofb()); | ||
| 147 | EVP_add_cipher(EVP_rc5_32_12_16_cbc()); | ||
| 148 | EVP_add_alias(SN_rc5_cbc,"rc5"); | ||
| 149 | EVP_add_alias(SN_rc5_cbc,"RC5"); | ||
| 150 | EVP_add_alias(SN_rc5_cbc,"rc5-cbc"); | ||
| 151 | EVP_add_alias(SN_rc5_cbc,"RC5-cbc"); | ||
| 152 | #endif | ||
| 153 | } | 68 | } |
| 154 | 69 | ||
| 155 | 70 | void OPENSSL_add_all_algorithms_noconf(void) | |
| 156 | void SSLeay_add_all_digests() | ||
| 157 | { | 71 | { |
| 158 | #ifndef NO_MD2 | 72 | OpenSSL_add_all_ciphers(); |
| 159 | EVP_add_digest(EVP_md2()); | 73 | OpenSSL_add_all_digests(); |
| 160 | #endif | ||
| 161 | #ifndef NO_MD5 | ||
| 162 | EVP_add_digest(EVP_md5()); | ||
| 163 | EVP_add_alias(SN_md5,"ssl2-md5"); | ||
| 164 | EVP_add_alias(SN_md5,"ssl3-md5"); | ||
| 165 | #endif | ||
| 166 | #ifndef NO_SHA | ||
| 167 | EVP_add_digest(EVP_sha()); | ||
| 168 | #ifndef NO_DSA | ||
| 169 | EVP_add_digest(EVP_dss()); | ||
| 170 | #endif | ||
| 171 | #endif | ||
| 172 | #ifndef NO_SHA1 | ||
| 173 | EVP_add_digest(EVP_sha1()); | ||
| 174 | EVP_add_alias(SN_sha1,"ssl3-sha1"); | ||
| 175 | #ifndef NO_DSA | ||
| 176 | EVP_add_digest(EVP_dss1()); | ||
| 177 | EVP_add_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | ||
| 178 | EVP_add_alias(SN_dsaWithSHA1,"DSS1"); | ||
| 179 | EVP_add_alias(SN_dsaWithSHA1,"dss1"); | ||
| 180 | #endif | ||
| 181 | #endif | ||
| 182 | #if !defined(NO_MDC2) && !defined(NO_DES) | ||
| 183 | EVP_add_digest(EVP_mdc2()); | ||
| 184 | #endif | ||
| 185 | #ifndef NO_RIPEMD160 | ||
| 186 | EVP_add_digest(EVP_ripemd160()); | ||
| 187 | EVP_add_alias(SN_ripemd160,"ripemd"); | ||
| 188 | EVP_add_alias(SN_ripemd160,"rmd160"); | ||
| 189 | #endif | ||
| 190 | } | 74 | } |
diff --git a/src/lib/libcrypto/evp/digest.c b/src/lib/libcrypto/evp/digest.c index d65f0036f7..a969ac69ed 100644 --- a/src/lib/libcrypto/evp/digest.c +++ b/src/lib/libcrypto/evp/digest.c | |||
| @@ -55,35 +55,258 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 113 | #include "cryptlib.h" |
| 61 | #include "objects.h" | 114 | #include <openssl/objects.h> |
| 62 | #include "evp.h" | 115 | #include <openssl/evp.h> |
| 116 | #include <openssl/engine.h> | ||
| 117 | |||
| 118 | void EVP_MD_CTX_init(EVP_MD_CTX *ctx) | ||
| 119 | { | ||
| 120 | memset(ctx,'\0',sizeof *ctx); | ||
| 121 | } | ||
| 122 | |||
| 123 | EVP_MD_CTX *EVP_MD_CTX_create(void) | ||
| 124 | { | ||
| 125 | EVP_MD_CTX *ctx=OPENSSL_malloc(sizeof *ctx); | ||
| 126 | |||
| 127 | EVP_MD_CTX_init(ctx); | ||
| 128 | |||
| 129 | return ctx; | ||
| 130 | } | ||
| 63 | 131 | ||
| 64 | void EVP_DigestInit(ctx,type) | 132 | int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type) |
| 65 | EVP_MD_CTX *ctx; | ||
| 66 | EVP_MD *type; | ||
| 67 | { | 133 | { |
| 68 | ctx->digest=type; | 134 | EVP_MD_CTX_init(ctx); |
| 69 | type->init(&(ctx->md)); | 135 | return EVP_DigestInit_ex(ctx, type, NULL); |
| 70 | } | 136 | } |
| 71 | 137 | ||
| 72 | void EVP_DigestUpdate(ctx,data,count) | 138 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl) |
| 73 | EVP_MD_CTX *ctx; | ||
| 74 | unsigned char *data; | ||
| 75 | unsigned int count; | ||
| 76 | { | 139 | { |
| 77 | ctx->digest->update(&(ctx->md.base[0]),data,(unsigned long)count); | 140 | EVP_MD_CTX_clear_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); |
| 141 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | ||
| 142 | * so this context may already have an ENGINE! Try to avoid releasing | ||
| 143 | * the previous handle, re-querying for an ENGINE, and having a | ||
| 144 | * reinitialisation, when it may all be unecessary. */ | ||
| 145 | if (ctx->engine && ctx->digest && (!type || | ||
| 146 | (type && (type->type == ctx->digest->type)))) | ||
| 147 | goto skip_to_init; | ||
| 148 | if (type) | ||
| 149 | { | ||
| 150 | /* Ensure an ENGINE left lying around from last time is cleared | ||
| 151 | * (the previous check attempted to avoid this if the same | ||
| 152 | * ENGINE and EVP_MD could be used). */ | ||
| 153 | if(ctx->engine) | ||
| 154 | ENGINE_finish(ctx->engine); | ||
| 155 | if(impl) | ||
| 156 | { | ||
| 157 | if (!ENGINE_init(impl)) | ||
| 158 | { | ||
| 159 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | ||
| 160 | return 0; | ||
| 161 | } | ||
| 162 | } | ||
| 163 | else | ||
| 164 | /* Ask if an ENGINE is reserved for this job */ | ||
| 165 | impl = ENGINE_get_digest_engine(type->type); | ||
| 166 | if(impl) | ||
| 167 | { | ||
| 168 | /* There's an ENGINE for this job ... (apparently) */ | ||
| 169 | const EVP_MD *d = ENGINE_get_digest(impl, type->type); | ||
| 170 | if(!d) | ||
| 171 | { | ||
| 172 | /* Same comment from evp_enc.c */ | ||
| 173 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_INITIALIZATION_ERROR); | ||
| 174 | return 0; | ||
| 175 | } | ||
| 176 | /* We'll use the ENGINE's private digest definition */ | ||
| 177 | type = d; | ||
| 178 | /* Store the ENGINE functional reference so we know | ||
| 179 | * 'type' came from an ENGINE and we need to release | ||
| 180 | * it when done. */ | ||
| 181 | ctx->engine = impl; | ||
| 182 | } | ||
| 183 | else | ||
| 184 | ctx->engine = NULL; | ||
| 185 | } | ||
| 186 | else if(!ctx->digest) | ||
| 187 | { | ||
| 188 | EVPerr(EVP_F_EVP_DIGESTINIT, EVP_R_NO_DIGEST_SET); | ||
| 189 | return 0; | ||
| 190 | } | ||
| 191 | if (ctx->digest != type) | ||
| 192 | { | ||
| 193 | if (ctx->digest && ctx->digest->ctx_size) | ||
| 194 | OPENSSL_free(ctx->md_data); | ||
| 195 | ctx->digest=type; | ||
| 196 | if (type->ctx_size) | ||
| 197 | ctx->md_data=OPENSSL_malloc(type->ctx_size); | ||
| 198 | } | ||
| 199 | skip_to_init: | ||
| 200 | return ctx->digest->init(ctx); | ||
| 78 | } | 201 | } |
| 79 | 202 | ||
| 80 | void EVP_DigestFinal(ctx,md,size) | 203 | int EVP_DigestUpdate(EVP_MD_CTX *ctx, const void *data, |
| 81 | EVP_MD_CTX *ctx; | 204 | unsigned int count) |
| 82 | unsigned char *md; | ||
| 83 | unsigned int *size; | ||
| 84 | { | 205 | { |
| 85 | ctx->digest->final(md,&(ctx->md.base[0])); | 206 | return ctx->digest->update(ctx,data,(unsigned long)count); |
| 207 | } | ||
| 208 | |||
| 209 | /* The caller can assume that this removes any secret data from the context */ | ||
| 210 | int EVP_DigestFinal(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | ||
| 211 | { | ||
| 212 | int ret; | ||
| 213 | ret = EVP_DigestFinal_ex(ctx, md, size); | ||
| 214 | EVP_MD_CTX_cleanup(ctx); | ||
| 215 | return ret; | ||
| 216 | } | ||
| 217 | |||
| 218 | /* The caller can assume that this removes any secret data from the context */ | ||
| 219 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx, unsigned char *md, unsigned int *size) | ||
| 220 | { | ||
| 221 | int ret; | ||
| 222 | ret=ctx->digest->final(ctx,md); | ||
| 86 | if (size != NULL) | 223 | if (size != NULL) |
| 87 | *size=ctx->digest->md_size; | 224 | *size=ctx->digest->md_size; |
| 88 | memset(&(ctx->md),0,sizeof(ctx->md)); | 225 | if (ctx->digest->cleanup) |
| 226 | { | ||
| 227 | ctx->digest->cleanup(ctx); | ||
| 228 | EVP_MD_CTX_set_flags(ctx,EVP_MD_CTX_FLAG_CLEANED); | ||
| 229 | } | ||
| 230 | memset(ctx->md_data,0,ctx->digest->ctx_size); | ||
| 231 | return ret; | ||
| 232 | } | ||
| 233 | |||
| 234 | int EVP_MD_CTX_copy(EVP_MD_CTX *out, const EVP_MD_CTX *in) | ||
| 235 | { | ||
| 236 | EVP_MD_CTX_init(out); | ||
| 237 | return EVP_MD_CTX_copy_ex(out, in); | ||
| 238 | } | ||
| 239 | |||
| 240 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out, const EVP_MD_CTX *in) | ||
| 241 | { | ||
| 242 | if ((in == NULL) || (in->digest == NULL)) | ||
| 243 | { | ||
| 244 | EVPerr(EVP_F_EVP_MD_CTX_COPY,EVP_R_INPUT_NOT_INITIALIZED); | ||
| 245 | return 0; | ||
| 246 | } | ||
| 247 | /* Make sure it's safe to copy a digest context using an ENGINE */ | ||
| 248 | if (in->engine && !ENGINE_init(in->engine)) | ||
| 249 | { | ||
| 250 | EVPerr(EVP_F_EVP_MD_CTX_COPY,ERR_R_ENGINE_LIB); | ||
| 251 | return 0; | ||
| 252 | } | ||
| 253 | |||
| 254 | EVP_MD_CTX_cleanup(out); | ||
| 255 | memcpy(out,in,sizeof *out); | ||
| 256 | |||
| 257 | if (out->digest->ctx_size) | ||
| 258 | { | ||
| 259 | out->md_data=OPENSSL_malloc(out->digest->ctx_size); | ||
| 260 | memcpy(out->md_data,in->md_data,out->digest->ctx_size); | ||
| 261 | } | ||
| 262 | |||
| 263 | if (out->digest->copy) | ||
| 264 | return out->digest->copy(out,in); | ||
| 265 | |||
| 266 | return 1; | ||
| 267 | } | ||
| 268 | |||
| 269 | int EVP_Digest(void *data, unsigned int count, | ||
| 270 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl) | ||
| 271 | { | ||
| 272 | EVP_MD_CTX ctx; | ||
| 273 | int ret; | ||
| 274 | |||
| 275 | EVP_MD_CTX_init(&ctx); | ||
| 276 | EVP_MD_CTX_set_flags(&ctx,EVP_MD_CTX_FLAG_ONESHOT); | ||
| 277 | ret=EVP_DigestInit_ex(&ctx, type, impl) | ||
| 278 | && EVP_DigestUpdate(&ctx, data, count) | ||
| 279 | && EVP_DigestFinal_ex(&ctx, md, size); | ||
| 280 | EVP_MD_CTX_cleanup(&ctx); | ||
| 281 | |||
| 282 | return ret; | ||
| 283 | } | ||
| 284 | |||
| 285 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx) | ||
| 286 | { | ||
| 287 | EVP_MD_CTX_cleanup(ctx); | ||
| 288 | OPENSSL_free(ctx); | ||
| 289 | } | ||
| 290 | |||
| 291 | /* This call frees resources associated with the context */ | ||
| 292 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx) | ||
| 293 | { | ||
| 294 | /* Don't assume ctx->md_data was cleaned in EVP_Digest_Final, | ||
| 295 | * because sometimes only copies of the context are ever finalised. | ||
| 296 | */ | ||
| 297 | if (ctx->digest && ctx->digest->cleanup | ||
| 298 | && !EVP_MD_CTX_test_flags(ctx,EVP_MD_CTX_FLAG_CLEANED)) | ||
| 299 | ctx->digest->cleanup(ctx); | ||
| 300 | if (ctx->digest && ctx->digest->ctx_size && ctx->md_data) | ||
| 301 | { | ||
| 302 | memset(ctx->md_data,0,ctx->digest->ctx_size); | ||
| 303 | OPENSSL_free(ctx->md_data); | ||
| 304 | } | ||
| 305 | if(ctx->engine) | ||
| 306 | /* The EVP_MD we used belongs to an ENGINE, release the | ||
| 307 | * functional reference we held for this reason. */ | ||
| 308 | ENGINE_finish(ctx->engine); | ||
| 309 | memset(ctx,'\0',sizeof *ctx); | ||
| 310 | |||
| 311 | return 1; | ||
| 89 | } | 312 | } |
diff --git a/src/lib/libcrypto/evp/e_aes.c b/src/lib/libcrypto/evp/e_aes.c index 9d03a9602f..c323fa2892 100644 --- a/src/lib/libcrypto/evp/e_aes.c +++ b/src/lib/libcrypto/evp/e_aes.c | |||
| @@ -88,7 +88,9 @@ IMPLEMENT_BLOCK_CIPHER(aes_256, ks, AES, EVP_AES_KEY, | |||
| 88 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 88 | static int aes_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 89 | const unsigned char *iv, int enc) { | 89 | const unsigned char *iv, int enc) { |
| 90 | 90 | ||
| 91 | if (enc) | 91 | if ((ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_CFB_MODE |
| 92 | || (ctx->cipher->flags & EVP_CIPH_MODE) == EVP_CIPH_OFB_MODE | ||
| 93 | || enc) | ||
| 92 | AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 94 | AES_set_encrypt_key(key, ctx->key_len * 8, ctx->cipher_data); |
| 93 | else | 95 | else |
| 94 | AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); | 96 | AES_set_decrypt_key(key, ctx->key_len * 8, ctx->cipher_data); |
diff --git a/src/lib/libcrypto/evp/e_bf.c b/src/lib/libcrypto/evp/e_bf.c index 72047f64da..e74337567b 100644 --- a/src/lib/libcrypto/evp/e_bf.c +++ b/src/lib/libcrypto/evp/e_bf.c | |||
| @@ -56,24 +56,32 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_BF | 59 | #ifndef OPENSSL_NO_BF |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
| 63 | #include "evp_locl.h" | 63 | #include "evp_locl.h" |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include <openssl/blowfish.h> | ||
| 65 | 66 | ||
| 66 | static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 67 | static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 67 | const unsigned char *iv, int enc); | 68 | const unsigned char *iv, int enc); |
| 68 | 69 | ||
| 69 | IMPLEMENT_BLOCK_CIPHER(bf, bf_ks, BF, bf_ks, NID_bf, 8, 16, 8, | 70 | typedef struct |
| 70 | 0, bf_init_key, NULL, | 71 | { |
| 72 | BF_KEY ks; | ||
| 73 | } EVP_BF_KEY; | ||
| 74 | |||
| 75 | #define data(ctx) EVP_C_DATA(EVP_BF_KEY,ctx) | ||
| 76 | |||
| 77 | IMPLEMENT_BLOCK_CIPHER(bf, ks, BF, EVP_BF_KEY, NID_bf, 8, 16, 8, 64, | ||
| 78 | EVP_CIPH_VARIABLE_LENGTH, bf_init_key, NULL, | ||
| 71 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) | 79 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) |
| 72 | 80 | ||
| 73 | static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 81 | static int bf_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 74 | const unsigned char *iv, int enc) | 82 | const unsigned char *iv, int enc) |
| 75 | { | 83 | { |
| 76 | BF_set_key(&(ctx->c.bf_ks),EVP_CIPHER_CTX_key_length(ctx),key); | 84 | BF_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); |
| 77 | return 1; | 85 | return 1; |
| 78 | } | 86 | } |
| 79 | 87 | ||
diff --git a/src/lib/libcrypto/evp/e_cast.c b/src/lib/libcrypto/evp/e_cast.c index e5af7fb4ed..3400fef187 100644 --- a/src/lib/libcrypto/evp/e_cast.c +++ b/src/lib/libcrypto/evp/e_cast.c | |||
| @@ -56,26 +56,34 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_CAST | 59 | #ifndef OPENSSL_NO_CAST |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
| 66 | #include <openssl/cast.h> | ||
| 66 | 67 | ||
| 67 | static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 68 | const unsigned char *iv,int enc); | 69 | const unsigned char *iv,int enc); |
| 69 | 70 | ||
| 70 | IMPLEMENT_BLOCK_CIPHER(cast5, cast_ks, CAST, cast_ks, | 71 | typedef struct |
| 71 | NID_cast5, 8, EVP_CAST5_KEY_SIZE, 8, | 72 | { |
| 73 | CAST_KEY ks; | ||
| 74 | } EVP_CAST_KEY; | ||
| 75 | |||
| 76 | #define data(ctx) EVP_C_DATA(EVP_CAST_KEY,ctx) | ||
| 77 | |||
| 78 | IMPLEMENT_BLOCK_CIPHER(cast5, ks, CAST, EVP_CAST_KEY, | ||
| 79 | NID_cast5, 8, CAST_KEY_LENGTH, 8, 64, | ||
| 72 | EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, | 80 | EVP_CIPH_VARIABLE_LENGTH, cast_init_key, NULL, |
| 73 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) | 81 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) |
| 74 | 82 | ||
| 75 | static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 83 | static int cast_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 76 | const unsigned char *iv, int enc) | 84 | const unsigned char *iv, int enc) |
| 77 | { | 85 | { |
| 78 | CAST_set_key(&(ctx->c.cast_ks),EVP_CIPHER_CTX_key_length(ctx),key); | 86 | CAST_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx),key); |
| 79 | return 1; | 87 | return 1; |
| 80 | } | 88 | } |
| 81 | 89 | ||
diff --git a/src/lib/libcrypto/evp/e_des.c b/src/lib/libcrypto/evp/e_des.c index f4e998b81c..105266a4b3 100644 --- a/src/lib/libcrypto/evp/e_des.c +++ b/src/lib/libcrypto/evp/e_des.c | |||
| @@ -56,12 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_DES | 59 | #ifndef OPENSSL_NO_DES |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 65 | #include <openssl/des.h> | ||
| 65 | 66 | ||
| 66 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 67 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 67 | const unsigned char *iv, int enc); | 68 | const unsigned char *iv, int enc); |
| @@ -72,34 +73,34 @@ static int des_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 72 | const unsigned char *in, unsigned int inl) | 73 | const unsigned char *in, unsigned int inl) |
| 73 | { | 74 | { |
| 74 | BLOCK_CIPHER_ecb_loop() | 75 | BLOCK_CIPHER_ecb_loop() |
| 75 | des_ecb_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), ctx->c.des_ks, ctx->encrypt); | 76 | DES_ecb_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), ctx->cipher_data, ctx->encrypt); |
| 76 | return 1; | 77 | return 1; |
| 77 | } | 78 | } |
| 78 | 79 | ||
| 79 | static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 80 | static int des_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 80 | const unsigned char *in, unsigned int inl) | 81 | const unsigned char *in, unsigned int inl) |
| 81 | { | 82 | { |
| 82 | des_ofb64_encrypt(in, out, (long)inl, ctx->c.des_ks, (des_cblock *)ctx->iv, &ctx->num); | 83 | DES_ofb64_encrypt(in, out, (long)inl, ctx->cipher_data, (DES_cblock *)ctx->iv, &ctx->num); |
| 83 | return 1; | 84 | return 1; |
| 84 | } | 85 | } |
| 85 | 86 | ||
| 86 | static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 87 | static int des_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 87 | const unsigned char *in, unsigned int inl) | 88 | const unsigned char *in, unsigned int inl) |
| 88 | { | 89 | { |
| 89 | des_ncbc_encrypt(in, out, (long)inl, ctx->c.des_ks, | 90 | DES_ncbc_encrypt(in, out, (long)inl, ctx->cipher_data, |
| 90 | (des_cblock *)ctx->iv, ctx->encrypt); | 91 | (DES_cblock *)ctx->iv, ctx->encrypt); |
| 91 | return 1; | 92 | return 1; |
| 92 | } | 93 | } |
| 93 | 94 | ||
| 94 | static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 95 | static int des_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 95 | const unsigned char *in, unsigned int inl) | 96 | const unsigned char *in, unsigned int inl) |
| 96 | { | 97 | { |
| 97 | des_cfb64_encrypt(in, out, (long)inl, ctx->c.des_ks, | 98 | DES_cfb64_encrypt(in, out, (long)inl, ctx->cipher_data, |
| 98 | (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt); | 99 | (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); |
| 99 | return 1; | 100 | return 1; |
| 100 | } | 101 | } |
| 101 | 102 | ||
| 102 | BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8, | 103 | BLOCK_CIPHER_defs(des, DES_key_schedule, NID_des, 8, 8, 8, 64, |
| 103 | 0, des_init_key, NULL, | 104 | 0, des_init_key, NULL, |
| 104 | EVP_CIPHER_set_asn1_iv, | 105 | EVP_CIPHER_set_asn1_iv, |
| 105 | EVP_CIPHER_get_asn1_iv, | 106 | EVP_CIPHER_get_asn1_iv, |
| @@ -109,9 +110,9 @@ BLOCK_CIPHER_defs(des, des_ks, NID_des, 8, 8, 8, | |||
| 109 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 110 | static int des_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 110 | const unsigned char *iv, int enc) | 111 | const unsigned char *iv, int enc) |
| 111 | { | 112 | { |
| 112 | des_cblock *deskey = (des_cblock *)key; | 113 | DES_cblock *deskey = (DES_cblock *)key; |
| 113 | 114 | ||
| 114 | des_set_key_unchecked(deskey,ctx->c.des_ks); | 115 | DES_set_key_unchecked(deskey,ctx->cipher_data); |
| 115 | return 1; | 116 | return 1; |
| 116 | } | 117 | } |
| 117 | 118 | ||
diff --git a/src/lib/libcrypto/evp/e_des3.c b/src/lib/libcrypto/evp/e_des3.c index a9aba4ae70..077860e7b6 100644 --- a/src/lib/libcrypto/evp/e_des3.c +++ b/src/lib/libcrypto/evp/e_des3.c | |||
| @@ -56,12 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_DES | 59 | #ifndef OPENSSL_NO_DES |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include "evp_locl.h" | 64 | #include "evp_locl.h" |
| 65 | #include <openssl/des.h> | ||
| 65 | 66 | ||
| 66 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 67 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 67 | const unsigned char *iv,int enc); | 68 | const unsigned char *iv,int enc); |
| @@ -69,60 +70,78 @@ static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 69 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 70 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 70 | const unsigned char *iv,int enc); | 71 | const unsigned char *iv,int enc); |
| 71 | 72 | ||
| 73 | typedef struct | ||
| 74 | { | ||
| 75 | DES_key_schedule ks1;/* key schedule */ | ||
| 76 | DES_key_schedule ks2;/* key schedule (for ede) */ | ||
| 77 | DES_key_schedule ks3;/* key schedule (for ede3) */ | ||
| 78 | } DES_EDE_KEY; | ||
| 79 | |||
| 80 | #define data(ctx) ((DES_EDE_KEY *)(ctx)->cipher_data) | ||
| 81 | |||
| 72 | /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ | 82 | /* Because of various casts and different args can't use IMPLEMENT_BLOCK_CIPHER */ |
| 73 | 83 | ||
| 74 | static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 84 | static int des_ede_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 75 | const unsigned char *in, unsigned int inl) | 85 | const unsigned char *in, unsigned int inl) |
| 76 | { | 86 | { |
| 77 | BLOCK_CIPHER_ecb_loop() | 87 | BLOCK_CIPHER_ecb_loop() |
| 78 | des_ecb3_encrypt((des_cblock *)(in + i), (des_cblock *)(out + i), | 88 | DES_ecb3_encrypt((DES_cblock *)(in + i), (DES_cblock *)(out + i), |
| 79 | ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, | 89 | &data(ctx)->ks1, &data(ctx)->ks2, |
| 80 | ctx->encrypt); | 90 | &data(ctx)->ks3, |
| 91 | ctx->encrypt); | ||
| 81 | return 1; | 92 | return 1; |
| 82 | } | 93 | } |
| 83 | 94 | ||
| 84 | static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 95 | static int des_ede_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 85 | const unsigned char *in, unsigned int inl) | 96 | const unsigned char *in, unsigned int inl) |
| 86 | { | 97 | { |
| 87 | des_ede3_ofb64_encrypt(in, out, (long)inl, | 98 | DES_ede3_ofb64_encrypt(in, out, (long)inl, |
| 88 | ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, | 99 | &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, |
| 89 | (des_cblock *)ctx->iv, &ctx->num); | 100 | (DES_cblock *)ctx->iv, &ctx->num); |
| 90 | return 1; | 101 | return 1; |
| 91 | } | 102 | } |
| 92 | 103 | ||
| 93 | static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 104 | static int des_ede_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 94 | const unsigned char *in, unsigned int inl) | 105 | const unsigned char *in, unsigned int inl) |
| 95 | { | 106 | { |
| 96 | des_ede3_cbc_encrypt(in, out, (long)inl, | 107 | #ifdef KSSL_DEBUG |
| 97 | ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, | 108 | { |
| 98 | (des_cblock *)ctx->iv, ctx->encrypt); | 109 | int i; |
| 110 | char *cp; | ||
| 111 | printf("des_ede_cbc_cipher(ctx=%lx, buflen=%d)\n", ctx, ctx->buf_len); | ||
| 112 | printf("\t iv= "); | ||
| 113 | for(i=0;i<8;i++) | ||
| 114 | printf("%02X",ctx->iv[i]); | ||
| 115 | printf("\n"); | ||
| 116 | } | ||
| 117 | #endif /* KSSL_DEBUG */ | ||
| 118 | DES_ede3_cbc_encrypt(in, out, (long)inl, | ||
| 119 | &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, | ||
| 120 | (DES_cblock *)ctx->iv, ctx->encrypt); | ||
| 99 | return 1; | 121 | return 1; |
| 100 | } | 122 | } |
| 101 | 123 | ||
| 102 | static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 124 | static int des_ede_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 103 | const unsigned char *in, unsigned int inl) | 125 | const unsigned char *in, unsigned int inl) |
| 104 | { | 126 | { |
| 105 | des_ede3_cfb64_encrypt(in, out, (long)inl, | 127 | DES_ede3_cfb64_encrypt(in, out, (long)inl, |
| 106 | ctx->c.des_ede.ks1, ctx->c.des_ede.ks2, ctx->c.des_ede.ks3, | 128 | &data(ctx)->ks1, &data(ctx)->ks2, &data(ctx)->ks3, |
| 107 | (des_cblock *)ctx->iv, &ctx->num, ctx->encrypt); | 129 | (DES_cblock *)ctx->iv, &ctx->num, ctx->encrypt); |
| 108 | return 1; | 130 | return 1; |
| 109 | } | 131 | } |
| 110 | 132 | ||
| 111 | #define NID_des_ede_ecb NID_des_ede | 133 | BLOCK_CIPHER_defs(des_ede, DES_EDE_KEY, NID_des_ede, 8, 16, 8, 64, |
| 112 | |||
| 113 | BLOCK_CIPHER_defs(des_ede, des_ede, NID_des_ede, 8, 16, 8, | ||
| 114 | 0, des_ede_init_key, NULL, | 134 | 0, des_ede_init_key, NULL, |
| 115 | EVP_CIPHER_set_asn1_iv, | 135 | EVP_CIPHER_set_asn1_iv, |
| 116 | EVP_CIPHER_get_asn1_iv, | 136 | EVP_CIPHER_get_asn1_iv, |
| 117 | NULL) | 137 | NULL) |
| 118 | 138 | ||
| 119 | #define NID_des_ede3_ecb NID_des_ede3 | ||
| 120 | #define des_ede3_cfb_cipher des_ede_cfb_cipher | 139 | #define des_ede3_cfb_cipher des_ede_cfb_cipher |
| 121 | #define des_ede3_ofb_cipher des_ede_ofb_cipher | 140 | #define des_ede3_ofb_cipher des_ede_ofb_cipher |
| 122 | #define des_ede3_cbc_cipher des_ede_cbc_cipher | 141 | #define des_ede3_cbc_cipher des_ede_cbc_cipher |
| 123 | #define des_ede3_ecb_cipher des_ede_ecb_cipher | 142 | #define des_ede3_ecb_cipher des_ede_ecb_cipher |
| 124 | 143 | ||
| 125 | BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8, | 144 | BLOCK_CIPHER_defs(des_ede3, DES_EDE_KEY, NID_des_ede3, 8, 24, 8, 64, |
| 126 | 0, des_ede3_init_key, NULL, | 145 | 0, des_ede3_init_key, NULL, |
| 127 | EVP_CIPHER_set_asn1_iv, | 146 | EVP_CIPHER_set_asn1_iv, |
| 128 | EVP_CIPHER_get_asn1_iv, | 147 | EVP_CIPHER_get_asn1_iv, |
| @@ -131,34 +150,43 @@ BLOCK_CIPHER_defs(des_ede3, des_ede, NID_des_ede3, 8, 24, 8, | |||
| 131 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 150 | static int des_ede_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 132 | const unsigned char *iv, int enc) | 151 | const unsigned char *iv, int enc) |
| 133 | { | 152 | { |
| 134 | des_cblock *deskey = (des_cblock *)key; | 153 | DES_cblock *deskey = (DES_cblock *)key; |
| 135 | 154 | ||
| 136 | des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1); | 155 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
| 137 | des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2); | 156 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
| 138 | memcpy( (char *)ctx->c.des_ede.ks3, | 157 | memcpy(&data(ctx)->ks3,&data(ctx)->ks1, |
| 139 | (char *)ctx->c.des_ede.ks1, | 158 | sizeof(data(ctx)->ks1)); |
| 140 | sizeof(ctx->c.des_ede.ks1)); | ||
| 141 | return 1; | 159 | return 1; |
| 142 | } | 160 | } |
| 143 | 161 | ||
| 144 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 162 | static int des_ede3_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 145 | const unsigned char *iv, int enc) | 163 | const unsigned char *iv, int enc) |
| 146 | { | 164 | { |
| 147 | des_cblock *deskey = (des_cblock *)key; | 165 | DES_cblock *deskey = (DES_cblock *)key; |
| 166 | #ifdef KSSL_DEBUG | ||
| 167 | { | ||
| 168 | int i; | ||
| 169 | printf("des_ede3_init_key(ctx=%lx)\n", ctx); | ||
| 170 | printf("\tKEY= "); | ||
| 171 | for(i=0;i<24;i++) printf("%02X",key[i]); printf("\n"); | ||
| 172 | printf("\t IV= "); | ||
| 173 | for(i=0;i<8;i++) printf("%02X",iv[i]); printf("\n"); | ||
| 174 | } | ||
| 175 | #endif /* KSSL_DEBUG */ | ||
| 148 | 176 | ||
| 149 | des_set_key_unchecked(&deskey[0],ctx->c.des_ede.ks1); | 177 | DES_set_key_unchecked(&deskey[0],&data(ctx)->ks1); |
| 150 | des_set_key_unchecked(&deskey[1],ctx->c.des_ede.ks2); | 178 | DES_set_key_unchecked(&deskey[1],&data(ctx)->ks2); |
| 151 | des_set_key_unchecked(&deskey[2],ctx->c.des_ede.ks3); | 179 | DES_set_key_unchecked(&deskey[2],&data(ctx)->ks3); |
| 152 | 180 | ||
| 153 | return 1; | 181 | return 1; |
| 154 | } | 182 | } |
| 155 | 183 | ||
| 156 | EVP_CIPHER *EVP_des_ede(void) | 184 | const EVP_CIPHER *EVP_des_ede(void) |
| 157 | { | 185 | { |
| 158 | return &des_ede_ecb; | 186 | return &des_ede_ecb; |
| 159 | } | 187 | } |
| 160 | 188 | ||
| 161 | EVP_CIPHER *EVP_des_ede3(void) | 189 | const EVP_CIPHER *EVP_des_ede3(void) |
| 162 | { | 190 | { |
| 163 | return &des_ede3_ecb; | 191 | return &des_ede3_ecb; |
| 164 | } | 192 | } |
diff --git a/src/lib/libcrypto/evp/e_idea.c b/src/lib/libcrypto/evp/e_idea.c index 8d3c88deb7..ed838d3e62 100644 --- a/src/lib/libcrypto/evp/e_idea.c +++ b/src/lib/libcrypto/evp/e_idea.c | |||
| @@ -56,13 +56,14 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_IDEA | 59 | #ifndef OPENSSL_NO_IDEA |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
| 66 | #include <openssl/idea.h> | ||
| 66 | 67 | ||
| 67 | static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 68 | const unsigned char *iv,int enc); | 69 | const unsigned char *iv,int enc); |
| @@ -75,17 +76,22 @@ static int idea_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | |||
| 75 | const unsigned char *in, unsigned int inl) | 76 | const unsigned char *in, unsigned int inl) |
| 76 | { | 77 | { |
| 77 | BLOCK_CIPHER_ecb_loop() | 78 | BLOCK_CIPHER_ecb_loop() |
| 78 | idea_ecb_encrypt(in + i, out + i, &ctx->c.idea_ks); | 79 | idea_ecb_encrypt(in + i, out + i, ctx->cipher_data); |
| 79 | return 1; | 80 | return 1; |
| 80 | } | 81 | } |
| 81 | 82 | ||
| 82 | /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ | 83 | /* Can't use IMPLEMENT_BLOCK_CIPHER because idea_ecb_encrypt is different */ |
| 83 | 84 | ||
| 84 | BLOCK_CIPHER_func_cbc(idea, idea, idea_ks) | 85 | typedef struct |
| 85 | BLOCK_CIPHER_func_ofb(idea, idea, idea_ks) | 86 | { |
| 86 | BLOCK_CIPHER_func_cfb(idea, idea, idea_ks) | 87 | IDEA_KEY_SCHEDULE ks; |
| 88 | } EVP_IDEA_KEY; | ||
| 89 | |||
| 90 | BLOCK_CIPHER_func_cbc(idea, idea, EVP_IDEA_KEY, ks) | ||
| 91 | BLOCK_CIPHER_func_ofb(idea, idea, 64, EVP_IDEA_KEY, ks) | ||
| 92 | BLOCK_CIPHER_func_cfb(idea, idea, 64, EVP_IDEA_KEY, ks) | ||
| 87 | 93 | ||
| 88 | BLOCK_CIPHER_defs(idea, idea_ks, NID_idea, 8, 16, 8, | 94 | BLOCK_CIPHER_defs(idea, IDEA_KEY_SCHEDULE, NID_idea, 8, 16, 8, 64, |
| 89 | 0, idea_init_key, NULL, | 95 | 0, idea_init_key, NULL, |
| 90 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) | 96 | EVP_CIPHER_set_asn1_iv, EVP_CIPHER_get_asn1_iv, NULL) |
| 91 | 97 | ||
| @@ -96,13 +102,13 @@ static int idea_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | |||
| 96 | if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; | 102 | if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_OFB_MODE) enc = 1; |
| 97 | else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; | 103 | else if (EVP_CIPHER_CTX_mode(ctx) == EVP_CIPH_CFB_MODE) enc = 1; |
| 98 | } | 104 | } |
| 99 | if (enc) idea_set_encrypt_key(key,&(ctx->c.idea_ks)); | 105 | if (enc) idea_set_encrypt_key(key,ctx->cipher_data); |
| 100 | else | 106 | else |
| 101 | { | 107 | { |
| 102 | IDEA_KEY_SCHEDULE tmp; | 108 | IDEA_KEY_SCHEDULE tmp; |
| 103 | 109 | ||
| 104 | idea_set_encrypt_key(key,&tmp); | 110 | idea_set_encrypt_key(key,&tmp); |
| 105 | idea_set_decrypt_key(&tmp,&(ctx->c.idea_ks)); | 111 | idea_set_decrypt_key(&tmp,ctx->cipher_data); |
| 106 | memset((unsigned char *)&tmp,0, | 112 | memset((unsigned char *)&tmp,0, |
| 107 | sizeof(IDEA_KEY_SCHEDULE)); | 113 | sizeof(IDEA_KEY_SCHEDULE)); |
| 108 | } | 114 | } |
diff --git a/src/lib/libcrypto/evp/e_null.c b/src/lib/libcrypto/evp/e_null.c index e4e7ca7606..2420d7e5af 100644 --- a/src/lib/libcrypto/evp/e_null.c +++ b/src/lib/libcrypto/evp/e_null.c | |||
| @@ -58,52 +58,44 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | 63 | ||
| 64 | #ifndef NOPROTO | 64 | static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 65 | static void null_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, | 65 | const unsigned char *iv,int enc); |
| 66 | unsigned char *iv,int enc); | 66 | static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 67 | static void null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 67 | const unsigned char *in, unsigned int inl); |
| 68 | unsigned char *in, unsigned int inl); | 68 | static const EVP_CIPHER n_cipher= |
| 69 | #else | ||
| 70 | static void null_init_key(); | ||
| 71 | static void null_cipher(); | ||
| 72 | #endif | ||
| 73 | |||
| 74 | static EVP_CIPHER n_cipher= | ||
| 75 | { | 69 | { |
| 76 | NID_undef, | 70 | NID_undef, |
| 77 | 1,0,0, | 71 | 1,0,0, |
| 72 | 0, | ||
| 78 | null_init_key, | 73 | null_init_key, |
| 79 | null_cipher, | 74 | null_cipher, |
| 80 | NULL, | 75 | NULL, |
| 81 | 0, | 76 | 0, |
| 82 | NULL, | 77 | NULL, |
| 83 | NULL, | 78 | NULL, |
| 79 | NULL | ||
| 84 | }; | 80 | }; |
| 85 | 81 | ||
| 86 | EVP_CIPHER *EVP_enc_null() | 82 | const EVP_CIPHER *EVP_enc_null(void) |
| 87 | { | 83 | { |
| 88 | return(&n_cipher); | 84 | return(&n_cipher); |
| 89 | } | 85 | } |
| 90 | 86 | ||
| 91 | static void null_init_key(ctx,key,iv,enc) | 87 | static int null_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 92 | EVP_CIPHER_CTX *ctx; | 88 | const unsigned char *iv, int enc) |
| 93 | unsigned char *key; | ||
| 94 | unsigned char *iv; | ||
| 95 | int enc; | ||
| 96 | { | 89 | { |
| 97 | memset(&(ctx->c),0,sizeof(ctx->c)); | 90 | /* memset(&(ctx->c),0,sizeof(ctx->c));*/ |
| 91 | return 1; | ||
| 98 | } | 92 | } |
| 99 | 93 | ||
| 100 | static void null_cipher(ctx,out,in,inl) | 94 | static int null_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 101 | EVP_CIPHER_CTX *ctx; | 95 | const unsigned char *in, unsigned int inl) |
| 102 | unsigned char *out; | ||
| 103 | unsigned char *in; | ||
| 104 | unsigned int inl; | ||
| 105 | { | 96 | { |
| 106 | if (in != out) | 97 | if (in != out) |
| 107 | memcpy((char *)out,(char *)in,(int)inl); | 98 | memcpy((char *)out,(char *)in,(int)inl); |
| 99 | return 1; | ||
| 108 | } | 100 | } |
| 109 | 101 | ||
diff --git a/src/lib/libcrypto/evp/e_rc2.c b/src/lib/libcrypto/evp/e_rc2.c index 3955c3ef84..4685198e2e 100644 --- a/src/lib/libcrypto/evp/e_rc2.c +++ b/src/lib/libcrypto/evp/e_rc2.c | |||
| @@ -56,13 +56,14 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_RC2 | 59 | #ifndef OPENSSL_NO_RC2 |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include <openssl/evp.h> | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/objects.h> | 64 | #include <openssl/objects.h> |
| 65 | #include "evp_locl.h" | 65 | #include "evp_locl.h" |
| 66 | #include <openssl/rc2.h> | ||
| 66 | 67 | ||
| 67 | static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 68 | static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 68 | const unsigned char *iv,int enc); | 69 | const unsigned char *iv,int enc); |
| @@ -72,9 +73,17 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | |||
| 72 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | 73 | static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type); |
| 73 | static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); | 74 | static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr); |
| 74 | 75 | ||
| 75 | IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2, | 76 | typedef struct |
| 77 | { | ||
| 78 | int key_bits; /* effective key bits */ | ||
| 79 | RC2_KEY ks; /* key schedule */ | ||
| 80 | } EVP_RC2_KEY; | ||
| 81 | |||
| 82 | #define data(ctx) ((EVP_RC2_KEY *)(ctx)->cipher_data) | ||
| 83 | |||
| 84 | IMPLEMENT_BLOCK_CIPHER(rc2, ks, RC2, EVP_RC2_KEY, NID_rc2, | ||
| 76 | 8, | 85 | 8, |
| 77 | EVP_RC2_KEY_SIZE, 8, | 86 | RC2_KEY_LENGTH, 8, 64, |
| 78 | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, | 87 | EVP_CIPH_VARIABLE_LENGTH | EVP_CIPH_CTRL_INIT, |
| 79 | rc2_init_key, NULL, | 88 | rc2_init_key, NULL, |
| 80 | rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, | 89 | rc2_set_asn1_type_and_iv, rc2_get_asn1_type_and_iv, |
| @@ -84,7 +93,7 @@ IMPLEMENT_BLOCK_CIPHER(rc2, rc2.ks, RC2, rc2, NID_rc2, | |||
| 84 | #define RC2_64_MAGIC 0x78 | 93 | #define RC2_64_MAGIC 0x78 |
| 85 | #define RC2_128_MAGIC 0x3a | 94 | #define RC2_128_MAGIC 0x3a |
| 86 | 95 | ||
| 87 | static EVP_CIPHER r2_64_cbc_cipher= | 96 | static const EVP_CIPHER r2_64_cbc_cipher= |
| 88 | { | 97 | { |
| 89 | NID_rc2_64_cbc, | 98 | NID_rc2_64_cbc, |
| 90 | 8,8 /* 64 bit */,8, | 99 | 8,8 /* 64 bit */,8, |
| @@ -92,15 +101,14 @@ static EVP_CIPHER r2_64_cbc_cipher= | |||
| 92 | rc2_init_key, | 101 | rc2_init_key, |
| 93 | rc2_cbc_cipher, | 102 | rc2_cbc_cipher, |
| 94 | NULL, | 103 | NULL, |
| 95 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ | 104 | sizeof(EVP_RC2_KEY), |
| 96 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)), | ||
| 97 | rc2_set_asn1_type_and_iv, | 105 | rc2_set_asn1_type_and_iv, |
| 98 | rc2_get_asn1_type_and_iv, | 106 | rc2_get_asn1_type_and_iv, |
| 99 | rc2_ctrl, | 107 | rc2_ctrl, |
| 100 | NULL | 108 | NULL |
| 101 | }; | 109 | }; |
| 102 | 110 | ||
| 103 | static EVP_CIPHER r2_40_cbc_cipher= | 111 | static const EVP_CIPHER r2_40_cbc_cipher= |
| 104 | { | 112 | { |
| 105 | NID_rc2_40_cbc, | 113 | NID_rc2_40_cbc, |
| 106 | 8,5 /* 40 bit */,8, | 114 | 8,5 /* 40 bit */,8, |
| @@ -108,20 +116,19 @@ static EVP_CIPHER r2_40_cbc_cipher= | |||
| 108 | rc2_init_key, | 116 | rc2_init_key, |
| 109 | rc2_cbc_cipher, | 117 | rc2_cbc_cipher, |
| 110 | NULL, | 118 | NULL, |
| 111 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ | 119 | sizeof(EVP_RC2_KEY), |
| 112 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc2)), | ||
| 113 | rc2_set_asn1_type_and_iv, | 120 | rc2_set_asn1_type_and_iv, |
| 114 | rc2_get_asn1_type_and_iv, | 121 | rc2_get_asn1_type_and_iv, |
| 115 | rc2_ctrl, | 122 | rc2_ctrl, |
| 116 | NULL | 123 | NULL |
| 117 | }; | 124 | }; |
| 118 | 125 | ||
| 119 | EVP_CIPHER *EVP_rc2_64_cbc(void) | 126 | const EVP_CIPHER *EVP_rc2_64_cbc(void) |
| 120 | { | 127 | { |
| 121 | return(&r2_64_cbc_cipher); | 128 | return(&r2_64_cbc_cipher); |
| 122 | } | 129 | } |
| 123 | 130 | ||
| 124 | EVP_CIPHER *EVP_rc2_40_cbc(void) | 131 | const EVP_CIPHER *EVP_rc2_40_cbc(void) |
| 125 | { | 132 | { |
| 126 | return(&r2_40_cbc_cipher); | 133 | return(&r2_40_cbc_cipher); |
| 127 | } | 134 | } |
| @@ -129,8 +136,8 @@ EVP_CIPHER *EVP_rc2_40_cbc(void) | |||
| 129 | static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, | 136 | static int rc2_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 130 | const unsigned char *iv, int enc) | 137 | const unsigned char *iv, int enc) |
| 131 | { | 138 | { |
| 132 | RC2_set_key(&(ctx->c.rc2.ks),EVP_CIPHER_CTX_key_length(ctx), | 139 | RC2_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), |
| 133 | key,ctx->c.rc2.key_bits); | 140 | key,data(ctx)->key_bits); |
| 134 | return 1; | 141 | return 1; |
| 135 | } | 142 | } |
| 136 | 143 | ||
| @@ -173,7 +180,7 @@ static int rc2_get_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 173 | key_bits =rc2_magic_to_meth((int)num); | 180 | key_bits =rc2_magic_to_meth((int)num); |
| 174 | if (!key_bits) | 181 | if (!key_bits) |
| 175 | return(-1); | 182 | return(-1); |
| 176 | if(i > 0) EVP_CipherInit(c, NULL, NULL, iv, -1); | 183 | if(i > 0) EVP_CipherInit_ex(c, NULL, NULL, NULL, iv, -1); |
| 177 | EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); | 184 | EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_RC2_KEY_BITS, key_bits, NULL); |
| 178 | EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); | 185 | EVP_CIPHER_CTX_set_key_length(c, key_bits / 8); |
| 179 | } | 186 | } |
| @@ -196,26 +203,26 @@ static int rc2_set_asn1_type_and_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) | |||
| 196 | 203 | ||
| 197 | static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) | 204 | static int rc2_ctrl(EVP_CIPHER_CTX *c, int type, int arg, void *ptr) |
| 198 | { | 205 | { |
| 199 | switch(type) { | 206 | switch(type) |
| 200 | 207 | { | |
| 201 | case EVP_CTRL_INIT: | 208 | case EVP_CTRL_INIT: |
| 202 | c->c.rc2.key_bits = EVP_CIPHER_CTX_key_length(c) * 8; | 209 | data(c)->key_bits = EVP_CIPHER_CTX_key_length(c) * 8; |
| 203 | return 1; | 210 | return 1; |
| 204 | 211 | ||
| 205 | case EVP_CTRL_GET_RC2_KEY_BITS: | 212 | case EVP_CTRL_GET_RC2_KEY_BITS: |
| 206 | *(int *)ptr = c->c.rc2.key_bits; | 213 | *(int *)ptr = data(c)->key_bits; |
| 207 | return 1; | 214 | return 1; |
| 208 | 215 | ||
| 209 | 216 | case EVP_CTRL_SET_RC2_KEY_BITS: | |
| 210 | case EVP_CTRL_SET_RC2_KEY_BITS: | 217 | if(arg > 0) |
| 211 | if(arg > 0) { | 218 | { |
| 212 | c->c.rc2.key_bits = arg; | 219 | data(c)->key_bits = arg; |
| 213 | return 1; | 220 | return 1; |
| 214 | } | 221 | } |
| 215 | return 0; | 222 | return 0; |
| 216 | 223 | ||
| 217 | default: | 224 | default: |
| 218 | return -1; | 225 | return -1; |
| 219 | } | 226 | } |
| 220 | } | 227 | } |
| 221 | 228 | ||
diff --git a/src/lib/libcrypto/evp/e_rc4.c b/src/lib/libcrypto/evp/e_rc4.c index 7e9790a94c..4064cc5fa0 100644 --- a/src/lib/libcrypto/evp/e_rc4.c +++ b/src/lib/libcrypto/evp/e_rc4.c | |||
| @@ -56,72 +56,81 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_RC4 | 59 | #ifndef OPENSSL_NO_RC4 |
| 60 | 60 | ||
| 61 | #include <stdio.h> | 61 | #include <stdio.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "objects.h" | 64 | #include <openssl/objects.h> |
| 65 | #include <openssl/rc4.h> | ||
| 65 | 66 | ||
| 66 | #ifndef NOPROTO | 67 | /* FIXME: surely this is available elsewhere? */ |
| 67 | static void rc4_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, | 68 | #define EVP_RC4_KEY_SIZE 16 |
| 68 | unsigned char *iv,int enc); | 69 | |
| 69 | static void rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 70 | typedef struct |
| 70 | unsigned char *in, unsigned int inl); | 71 | { |
| 71 | #else | 72 | /* FIXME: what is the key for? */ |
| 72 | static void rc4_init_key(); | 73 | unsigned char key[EVP_RC4_KEY_SIZE]; |
| 73 | static void rc4_cipher(); | 74 | RC4_KEY ks; /* working key */ |
| 74 | #endif | 75 | } EVP_RC4_KEY; |
| 76 | |||
| 77 | #define data(ctx) ((EVP_RC4_KEY *)(ctx)->cipher_data) | ||
| 75 | 78 | ||
| 76 | static EVP_CIPHER r4_cipher= | 79 | static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 80 | const unsigned char *iv,int enc); | ||
| 81 | static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 82 | const unsigned char *in, unsigned int inl); | ||
| 83 | static const EVP_CIPHER r4_cipher= | ||
| 77 | { | 84 | { |
| 78 | NID_rc4, | 85 | NID_rc4, |
| 79 | 1,EVP_RC4_KEY_SIZE,0, | 86 | 1,EVP_RC4_KEY_SIZE,0, |
| 87 | EVP_CIPH_VARIABLE_LENGTH, | ||
| 80 | rc4_init_key, | 88 | rc4_init_key, |
| 81 | rc4_cipher, | 89 | rc4_cipher, |
| 82 | NULL, | 90 | NULL, |
| 83 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ | 91 | sizeof(EVP_RC4_KEY), |
| 84 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.rc4)), | ||
| 85 | NULL, | 92 | NULL, |
| 86 | NULL, | 93 | NULL, |
| 94 | NULL | ||
| 87 | }; | 95 | }; |
| 88 | 96 | ||
| 89 | static EVP_CIPHER r4_40_cipher= | 97 | static const EVP_CIPHER r4_40_cipher= |
| 90 | { | 98 | { |
| 91 | NID_rc4_40, | 99 | NID_rc4_40, |
| 92 | 1,5 /* 40 bit */,0, | 100 | 1,5 /* 40 bit */,0, |
| 101 | EVP_CIPH_VARIABLE_LENGTH, | ||
| 93 | rc4_init_key, | 102 | rc4_init_key, |
| 94 | rc4_cipher, | 103 | rc4_cipher, |
| 104 | NULL, | ||
| 105 | sizeof(EVP_RC4_KEY), | ||
| 106 | NULL, | ||
| 107 | NULL, | ||
| 108 | NULL | ||
| 95 | }; | 109 | }; |
| 96 | 110 | ||
| 97 | EVP_CIPHER *EVP_rc4() | 111 | const EVP_CIPHER *EVP_rc4(void) |
| 98 | { | 112 | { |
| 99 | return(&r4_cipher); | 113 | return(&r4_cipher); |
| 100 | } | 114 | } |
| 101 | 115 | ||
| 102 | EVP_CIPHER *EVP_rc4_40() | 116 | const EVP_CIPHER *EVP_rc4_40(void) |
| 103 | { | 117 | { |
| 104 | return(&r4_40_cipher); | 118 | return(&r4_40_cipher); |
| 105 | } | 119 | } |
| 106 | 120 | ||
| 107 | static void rc4_init_key(ctx,key,iv,enc) | 121 | static int rc4_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 108 | EVP_CIPHER_CTX *ctx; | 122 | const unsigned char *iv, int enc) |
| 109 | unsigned char *key; | ||
| 110 | unsigned char *iv; | ||
| 111 | int enc; | ||
| 112 | { | 123 | { |
| 113 | if (key != NULL) | 124 | memcpy(&data(ctx)->key[0],key,EVP_CIPHER_CTX_key_length(ctx)); |
| 114 | memcpy(&(ctx->c.rc4.key[0]),key,EVP_CIPHER_CTX_key_length(ctx)); | 125 | RC4_set_key(&data(ctx)->ks,EVP_CIPHER_CTX_key_length(ctx), |
| 115 | RC4_set_key(&(ctx->c.rc4.ks),EVP_CIPHER_CTX_key_length(ctx), | 126 | data(ctx)->key); |
| 116 | ctx->c.rc4.key); | 127 | return 1; |
| 117 | } | 128 | } |
| 118 | 129 | ||
| 119 | static void rc4_cipher(ctx,out,in,inl) | 130 | static int rc4_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 120 | EVP_CIPHER_CTX *ctx; | 131 | const unsigned char *in, unsigned int inl) |
| 121 | unsigned char *out; | ||
| 122 | unsigned char *in; | ||
| 123 | unsigned int inl; | ||
| 124 | { | 132 | { |
| 125 | RC4(&(ctx->c.rc4.ks),inl,in,out); | 133 | RC4(&data(ctx)->ks,inl,in,out); |
| 134 | return 1; | ||
| 126 | } | 135 | } |
| 127 | #endif | 136 | #endif |
diff --git a/src/lib/libcrypto/evp/e_xcbc_d.c b/src/lib/libcrypto/evp/e_xcbc_d.c index 0d7fda0c47..a6f849e93d 100644 --- a/src/lib/libcrypto/evp/e_xcbc_d.c +++ b/src/lib/libcrypto/evp/e_xcbc_d.c | |||
| @@ -56,67 +56,67 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_DES | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/des.h> | ||
| 63 | 65 | ||
| 64 | #ifndef NOPROTO | 66 | static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 65 | static void desx_cbc_init_key(EVP_CIPHER_CTX *ctx, unsigned char *key, | 67 | const unsigned char *iv,int enc); |
| 66 | unsigned char *iv,int enc); | 68 | static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 67 | static void desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, | 69 | const unsigned char *in, unsigned int inl); |
| 68 | unsigned char *in, unsigned int inl); | 70 | |
| 69 | #else | 71 | |
| 70 | static void desx_cbc_init_key(); | 72 | typedef struct |
| 71 | static void desx_cbc_cipher(); | 73 | { |
| 72 | #endif | 74 | DES_key_schedule ks;/* key schedule */ |
| 75 | DES_cblock inw; | ||
| 76 | DES_cblock outw; | ||
| 77 | } DESX_CBC_KEY; | ||
| 78 | |||
| 79 | #define data(ctx) ((DESX_CBC_KEY *)(ctx)->cipher_data) | ||
| 73 | 80 | ||
| 74 | static EVP_CIPHER d_xcbc_cipher= | 81 | static const EVP_CIPHER d_xcbc_cipher= |
| 75 | { | 82 | { |
| 76 | NID_desx_cbc, | 83 | NID_desx_cbc, |
| 77 | 8,24,8, | 84 | 8,24,8, |
| 85 | EVP_CIPH_CBC_MODE, | ||
| 78 | desx_cbc_init_key, | 86 | desx_cbc_init_key, |
| 79 | desx_cbc_cipher, | 87 | desx_cbc_cipher, |
| 80 | NULL, | 88 | NULL, |
| 81 | sizeof(EVP_CIPHER_CTX)-sizeof((((EVP_CIPHER_CTX *)NULL)->c))+ | 89 | sizeof(DESX_CBC_KEY), |
| 82 | sizeof((((EVP_CIPHER_CTX *)NULL)->c.desx_cbc)), | ||
| 83 | EVP_CIPHER_set_asn1_iv, | 90 | EVP_CIPHER_set_asn1_iv, |
| 84 | EVP_CIPHER_get_asn1_iv, | 91 | EVP_CIPHER_get_asn1_iv, |
| 92 | NULL | ||
| 85 | }; | 93 | }; |
| 86 | 94 | ||
| 87 | EVP_CIPHER *EVP_desx_cbc() | 95 | const EVP_CIPHER *EVP_desx_cbc(void) |
| 88 | { | 96 | { |
| 89 | return(&d_xcbc_cipher); | 97 | return(&d_xcbc_cipher); |
| 90 | } | 98 | } |
| 91 | 99 | ||
| 92 | static void desx_cbc_init_key(ctx,key,iv,enc) | 100 | static int desx_cbc_init_key(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 93 | EVP_CIPHER_CTX *ctx; | 101 | const unsigned char *iv, int enc) |
| 94 | unsigned char *key; | ||
| 95 | unsigned char *iv; | ||
| 96 | int enc; | ||
| 97 | { | 102 | { |
| 98 | if (iv != NULL) | 103 | DES_cblock *deskey = (DES_cblock *)key; |
| 99 | memcpy(&(ctx->oiv[0]),iv,8); | 104 | |
| 100 | memcpy(&(ctx->iv[0]),&(ctx->oiv[0]),8); | 105 | DES_set_key_unchecked(deskey,&data(ctx)->ks); |
| 101 | if (key != NULL) | 106 | memcpy(&data(ctx)->inw[0],&key[8],8); |
| 102 | { | 107 | memcpy(&data(ctx)->outw[0],&key[16],8); |
| 103 | des_set_key((des_cblock *)key,ctx->c.desx_cbc.ks); | 108 | |
| 104 | memcpy(&(ctx->c.desx_cbc.inw[0]),&(key[8]),8); | 109 | return 1; |
| 105 | memcpy(&(ctx->c.desx_cbc.outw[0]),&(key[16]),8); | ||
| 106 | } | ||
| 107 | } | 110 | } |
| 108 | 111 | ||
| 109 | static void desx_cbc_cipher(ctx,out,in,inl) | 112 | static int desx_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 110 | EVP_CIPHER_CTX *ctx; | 113 | const unsigned char *in, unsigned int inl) |
| 111 | unsigned char *out; | ||
| 112 | unsigned char *in; | ||
| 113 | unsigned int inl; | ||
| 114 | { | 114 | { |
| 115 | des_xcbc_encrypt( | 115 | DES_xcbc_encrypt(in,out,inl,&data(ctx)->ks, |
| 116 | (des_cblock *)in,(des_cblock *)out, | 116 | (DES_cblock *)&(ctx->iv[0]), |
| 117 | (long)inl, ctx->c.desx_cbc.ks, | 117 | &data(ctx)->inw, |
| 118 | (des_cblock *)&(ctx->iv[0]), | 118 | &data(ctx)->outw, |
| 119 | (des_cblock *)&(ctx->c.desx_cbc.inw[0]), | 119 | ctx->encrypt); |
| 120 | (des_cblock *)&(ctx->c.desx_cbc.outw[0]), | 120 | return 1; |
| 121 | ctx->encrypt); | ||
| 122 | } | 121 | } |
| 122 | #endif | ||
diff --git a/src/lib/libcrypto/evp/encode.c b/src/lib/libcrypto/evp/encode.c index 14d47c1eed..12c6379df1 100644 --- a/src/lib/libcrypto/evp/encode.c +++ b/src/lib/libcrypto/evp/encode.c | |||
| @@ -58,10 +58,21 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | 62 | ||
| 63 | #ifndef CHARSET_EBCDIC | ||
| 63 | #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) | 64 | #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) |
| 64 | #define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) | 65 | #define conv_ascii2bin(a) (data_ascii2bin[(a)&0x7f]) |
| 66 | #else | ||
| 67 | /* We assume that PEM encoded files are EBCDIC files | ||
| 68 | * (i.e., printable text files). Convert them here while decoding. | ||
| 69 | * When encoding, output is EBCDIC (text) format again. | ||
| 70 | * (No need for conversion in the conv_bin2ascii macro, as the | ||
| 71 | * underlying textstring data_bin2ascii[] is already EBCDIC) | ||
| 72 | */ | ||
| 73 | #define conv_bin2ascii(a) (data_bin2ascii[(a)&0x3f]) | ||
| 74 | #define conv_ascii2bin(a) (data_ascii2bin[os_toascii[a]&0x7f]) | ||
| 75 | #endif | ||
| 65 | 76 | ||
| 66 | /* 64 char lines | 77 | /* 64 char lines |
| 67 | * pad input with 0 | 78 | * pad input with 0 |
| @@ -110,20 +121,15 @@ static unsigned char data_ascii2bin[128]={ | |||
| 110 | 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, | 121 | 0x31,0x32,0x33,0xFF,0xFF,0xFF,0xFF,0xFF, |
| 111 | }; | 122 | }; |
| 112 | 123 | ||
| 113 | void EVP_EncodeInit(ctx) | 124 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx) |
| 114 | EVP_ENCODE_CTX *ctx; | ||
| 115 | { | 125 | { |
| 116 | ctx->length=48; | 126 | ctx->length=48; |
| 117 | ctx->num=0; | 127 | ctx->num=0; |
| 118 | ctx->line_num=0; | 128 | ctx->line_num=0; |
| 119 | } | 129 | } |
| 120 | 130 | ||
| 121 | void EVP_EncodeUpdate(ctx,out,outl,in,inl) | 131 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
| 122 | EVP_ENCODE_CTX *ctx; | 132 | unsigned char *in, int inl) |
| 123 | unsigned char *out; | ||
| 124 | int *outl; | ||
| 125 | unsigned char *in; | ||
| 126 | int inl; | ||
| 127 | { | 133 | { |
| 128 | int i,j; | 134 | int i,j; |
| 129 | unsigned int total=0; | 135 | unsigned int total=0; |
| @@ -165,10 +171,7 @@ int inl; | |||
| 165 | *outl=total; | 171 | *outl=total; |
| 166 | } | 172 | } |
| 167 | 173 | ||
| 168 | void EVP_EncodeFinal(ctx,out,outl) | 174 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) |
| 169 | EVP_ENCODE_CTX *ctx; | ||
| 170 | unsigned char *out; | ||
| 171 | int *outl; | ||
| 172 | { | 175 | { |
| 173 | unsigned int ret=0; | 176 | unsigned int ret=0; |
| 174 | 177 | ||
| @@ -182,9 +185,7 @@ int *outl; | |||
| 182 | *outl=ret; | 185 | *outl=ret; |
| 183 | } | 186 | } |
| 184 | 187 | ||
| 185 | int EVP_EncodeBlock(t,f,dlen) | 188 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int dlen) |
| 186 | unsigned char *t,*f; | ||
| 187 | int dlen; | ||
| 188 | { | 189 | { |
| 189 | int i,ret=0; | 190 | int i,ret=0; |
| 190 | unsigned long l; | 191 | unsigned long l; |
| @@ -218,8 +219,7 @@ int dlen; | |||
| 218 | return(ret); | 219 | return(ret); |
| 219 | } | 220 | } |
| 220 | 221 | ||
| 221 | void EVP_DecodeInit(ctx) | 222 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx) |
| 222 | EVP_ENCODE_CTX *ctx; | ||
| 223 | { | 223 | { |
| 224 | ctx->length=30; | 224 | ctx->length=30; |
| 225 | ctx->num=0; | 225 | ctx->num=0; |
| @@ -231,12 +231,8 @@ EVP_ENCODE_CTX *ctx; | |||
| 231 | * 0 for last line | 231 | * 0 for last line |
| 232 | * 1 for full line | 232 | * 1 for full line |
| 233 | */ | 233 | */ |
| 234 | int EVP_DecodeUpdate(ctx,out,outl,in,inl) | 234 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl, |
| 235 | EVP_ENCODE_CTX *ctx; | 235 | unsigned char *in, int inl) |
| 236 | unsigned char *out; | ||
| 237 | int *outl; | ||
| 238 | unsigned char *in; | ||
| 239 | int inl; | ||
| 240 | { | 236 | { |
| 241 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; | 237 | int seof= -1,eof=0,rv= -1,ret=0,i,v,tmp,n,ln,tmp2,exp_nl; |
| 242 | unsigned char *d; | 238 | unsigned char *d; |
| @@ -281,6 +277,13 @@ int inl; | |||
| 281 | eof++; | 277 | eof++; |
| 282 | } | 278 | } |
| 283 | 279 | ||
| 280 | if (v == B64_CR) | ||
| 281 | { | ||
| 282 | ln = 0; | ||
| 283 | if (exp_nl) | ||
| 284 | continue; | ||
| 285 | } | ||
| 286 | |||
| 284 | /* eoln */ | 287 | /* eoln */ |
| 285 | if (v == B64_EOLN) | 288 | if (v == B64_EOLN) |
| 286 | { | 289 | { |
| @@ -296,7 +299,17 @@ int inl; | |||
| 296 | /* If we are at the end of input and it looks like a | 299 | /* If we are at the end of input and it looks like a |
| 297 | * line, process it. */ | 300 | * line, process it. */ |
| 298 | if (((i+1) == inl) && (((n&3) == 0) || eof)) | 301 | if (((i+1) == inl) && (((n&3) == 0) || eof)) |
| 302 | { | ||
| 299 | v=B64_EOF; | 303 | v=B64_EOF; |
| 304 | /* In case things were given us in really small | ||
| 305 | records (so two '=' were given in separate | ||
| 306 | updates), eof may contain the incorrect number | ||
| 307 | of ending bytes to skip, so let's redo the count */ | ||
| 308 | eof = 0; | ||
| 309 | if (d[n-1] == '=') eof++; | ||
| 310 | if (d[n-2] == '=') eof++; | ||
| 311 | /* There will never be more than two '=' */ | ||
| 312 | } | ||
| 300 | 313 | ||
| 301 | if ((v == B64_EOF) || (n >= 64)) | 314 | if ((v == B64_EOF) || (n >= 64)) |
| 302 | { | 315 | { |
| @@ -341,9 +354,7 @@ end: | |||
| 341 | return(rv); | 354 | return(rv); |
| 342 | } | 355 | } |
| 343 | 356 | ||
| 344 | int EVP_DecodeBlock(t,f,n) | 357 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n) |
| 345 | unsigned char *t,*f; | ||
| 346 | int n; | ||
| 347 | { | 358 | { |
| 348 | int i,ret=0,a,b,c,d; | 359 | int i,ret=0,a,b,c,d; |
| 349 | unsigned long l; | 360 | unsigned long l; |
| @@ -383,10 +394,7 @@ int n; | |||
| 383 | return(ret); | 394 | return(ret); |
| 384 | } | 395 | } |
| 385 | 396 | ||
| 386 | int EVP_DecodeFinal(ctx,out,outl) | 397 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned char *out, int *outl) |
| 387 | EVP_ENCODE_CTX *ctx; | ||
| 388 | unsigned char *out; | ||
| 389 | int *outl; | ||
| 390 | { | 398 | { |
| 391 | int i; | 399 | int i; |
| 392 | 400 | ||
| @@ -404,9 +412,7 @@ int *outl; | |||
| 404 | } | 412 | } |
| 405 | 413 | ||
| 406 | #ifdef undef | 414 | #ifdef undef |
| 407 | int EVP_DecodeValid(buf,len) | 415 | int EVP_DecodeValid(unsigned char *buf, int len) |
| 408 | unsigned char *buf; | ||
| 409 | int len; | ||
| 410 | { | 416 | { |
| 411 | int i,num=0,bad=0; | 417 | int i,num=0,bad=0; |
| 412 | 418 | ||
diff --git a/src/lib/libcrypto/evp/evp.h b/src/lib/libcrypto/evp/evp.h index b39fad93a4..fb16de6852 100644 --- a/src/lib/libcrypto/evp/evp.h +++ b/src/lib/libcrypto/evp/evp.h | |||
| @@ -59,75 +59,39 @@ | |||
| 59 | #ifndef HEADER_ENVELOPE_H | 59 | #ifndef HEADER_ENVELOPE_H |
| 60 | #define HEADER_ENVELOPE_H | 60 | #define HEADER_ENVELOPE_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifdef OPENSSL_ALGORITHM_DEFINES |
| 63 | extern "C" { | 63 | # include <openssl/opensslconf.h> |
| 64 | #else | ||
| 65 | # define OPENSSL_ALGORITHM_DEFINES | ||
| 66 | # include <openssl/opensslconf.h> | ||
| 67 | # undef OPENSSL_ALGORITHM_DEFINES | ||
| 64 | #endif | 68 | #endif |
| 65 | 69 | ||
| 66 | #ifndef NO_MD2 | 70 | #include <openssl/ossl_typ.h> |
| 67 | #include "md2.h" | 71 | |
| 68 | #endif | 72 | #include <openssl/symhacks.h> |
| 69 | #ifndef NO_MD5 | 73 | |
| 70 | #include "md5.h" | 74 | #ifndef OPENSSL_NO_BIO |
| 71 | #endif | 75 | #include <openssl/bio.h> |
| 72 | #if !defined(NO_SHA) || !defined(NO_SHA1) | ||
| 73 | #include "sha.h" | ||
| 74 | #endif | ||
| 75 | #ifndef NO_RIPEMD | ||
| 76 | #include "ripemd.h" | ||
| 77 | #endif | ||
| 78 | #ifndef NO_DES | ||
| 79 | #include "des.h" | ||
| 80 | #endif | ||
| 81 | #ifndef NO_RC4 | ||
| 82 | #include "rc4.h" | ||
| 83 | #endif | ||
| 84 | #ifndef NO_RC2 | ||
| 85 | #include "rc2.h" | ||
| 86 | #endif | ||
| 87 | #ifndef NO_RC5 | ||
| 88 | #include "rc5.h" | ||
| 89 | #endif | ||
| 90 | #ifndef NO_BLOWFISH | ||
| 91 | #include "blowfish.h" | ||
| 92 | #endif | ||
| 93 | #ifndef NO_CAST | ||
| 94 | #include "cast.h" | ||
| 95 | #endif | ||
| 96 | #ifndef NO_IDEA | ||
| 97 | #include "idea.h" | ||
| 98 | #endif | ||
| 99 | #ifndef NO_MDC2 | ||
| 100 | #include "mdc2.h" | ||
| 101 | #endif | 76 | #endif |
| 102 | 77 | ||
| 78 | /* | ||
| 103 | #define EVP_RC2_KEY_SIZE 16 | 79 | #define EVP_RC2_KEY_SIZE 16 |
| 104 | #define EVP_RC4_KEY_SIZE 16 | 80 | #define EVP_RC4_KEY_SIZE 16 |
| 105 | #define EVP_BLOWFISH_KEY_SIZE 16 | 81 | #define EVP_BLOWFISH_KEY_SIZE 16 |
| 106 | #define EVP_CAST5_KEY_SIZE 16 | 82 | #define EVP_CAST5_KEY_SIZE 16 |
| 107 | #define EVP_RC5_32_12_16_KEY_SIZE 16 | 83 | #define EVP_RC5_32_12_16_KEY_SIZE 16 |
| 84 | */ | ||
| 108 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ | 85 | #define EVP_MAX_MD_SIZE (16+20) /* The SSLv3 md5+sha1 type */ |
| 109 | #define EVP_MAX_KEY_LENGTH 24 | 86 | #define EVP_MAX_KEY_LENGTH 32 |
| 110 | #define EVP_MAX_IV_LENGTH 8 | 87 | #define EVP_MAX_IV_LENGTH 16 |
| 111 | 88 | #define EVP_MAX_BLOCK_LENGTH 32 | |
| 112 | #ifndef NO_RSA | ||
| 113 | #include "rsa.h" | ||
| 114 | #else | ||
| 115 | #define RSA long | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #ifndef NO_DSA | ||
| 119 | #include "dsa.h" | ||
| 120 | #else | ||
| 121 | #define DSA long | ||
| 122 | #endif | ||
| 123 | 89 | ||
| 124 | #ifndef NO_DH | 90 | #define PKCS5_SALT_LEN 8 |
| 125 | #include "dh.h" | 91 | /* Default PKCS#5 iteration count */ |
| 126 | #else | 92 | #define PKCS5_DEFAULT_ITER 2048 |
| 127 | #define DH long | ||
| 128 | #endif | ||
| 129 | 93 | ||
| 130 | #include "objects.h" | 94 | #include <openssl/objects.h> |
| 131 | 95 | ||
| 132 | #define EVP_PK_RSA 0x0001 | 96 | #define EVP_PK_RSA 0x0001 |
| 133 | #define EVP_PK_DSA 0x0002 | 97 | #define EVP_PK_DSA 0x0002 |
| @@ -149,27 +113,33 @@ extern "C" { | |||
| 149 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 | 113 | #define EVP_PKEY_DSA4 NID_dsaWithSHA1_2 |
| 150 | #define EVP_PKEY_DH NID_dhKeyAgreement | 114 | #define EVP_PKEY_DH NID_dhKeyAgreement |
| 151 | 115 | ||
| 116 | #ifdef __cplusplus | ||
| 117 | extern "C" { | ||
| 118 | #endif | ||
| 119 | |||
| 152 | /* Type needs to be a bit field | 120 | /* Type needs to be a bit field |
| 153 | * Sub-type needs to be for variations on the method, as in, can it do | 121 | * Sub-type needs to be for variations on the method, as in, can it do |
| 154 | * arbitary encryption.... */ | 122 | * arbitrary encryption.... */ |
| 155 | typedef struct evp_pkey_st | 123 | struct evp_pkey_st |
| 156 | { | 124 | { |
| 157 | int type; | 125 | int type; |
| 158 | int save_type; | 126 | int save_type; |
| 159 | int references; | 127 | int references; |
| 160 | union { | 128 | union { |
| 161 | char *ptr; | 129 | char *ptr; |
| 130 | #ifndef OPENSSL_NO_RSA | ||
| 162 | struct rsa_st *rsa; /* RSA */ | 131 | struct rsa_st *rsa; /* RSA */ |
| 132 | #endif | ||
| 133 | #ifndef OPENSSL_NO_DSA | ||
| 163 | struct dsa_st *dsa; /* DSA */ | 134 | struct dsa_st *dsa; /* DSA */ |
| 135 | #endif | ||
| 136 | #ifndef OPENSSL_NO_DH | ||
| 164 | struct dh_st *dh; /* DH */ | 137 | struct dh_st *dh; /* DH */ |
| 138 | #endif | ||
| 165 | } pkey; | 139 | } pkey; |
| 166 | int save_parameters; | 140 | int save_parameters; |
| 167 | #ifdef HEADER_STACK_H | 141 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ |
| 168 | STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ | 142 | } /* EVP_PKEY */; |
| 169 | #else | ||
| 170 | char /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ | ||
| 171 | #endif | ||
| 172 | } EVP_PKEY; | ||
| 173 | 143 | ||
| 174 | #define EVP_PKEY_MO_SIGN 0x0001 | 144 | #define EVP_PKEY_MO_SIGN 0x0001 |
| 175 | #define EVP_PKEY_MO_VERIFY 0x0002 | 145 | #define EVP_PKEY_MO_VERIFY 0x0002 |
| @@ -183,7 +153,7 @@ typedef struct evp_pkey_st | |||
| 183 | * This is required because for various smart-card perform the digest and | 153 | * This is required because for various smart-card perform the digest and |
| 184 | * signing/verification on-board. To handle this case, the specific | 154 | * signing/verification on-board. To handle this case, the specific |
| 185 | * EVP_MD and EVP_PKEY_METHODs need to be closely associated. | 155 | * EVP_MD and EVP_PKEY_METHODs need to be closely associated. |
| 186 | * When a PKEY is created, it will have a EVP_PKEY_METHOD ossociated with it. | 156 | * When a PKEY is created, it will have a EVP_PKEY_METHOD associated with it. |
| 187 | * This can either be software or a token to provide the required low level | 157 | * This can either be software or a token to provide the required low level |
| 188 | * routines. | 158 | * routines. |
| 189 | */ | 159 | */ |
| @@ -194,28 +164,28 @@ typedef struct evp_pkey_md_st | |||
| 194 | EVP_PKEY_METHOD *pkey; | 164 | EVP_PKEY_METHOD *pkey; |
| 195 | } EVP_PKEY_MD; | 165 | } EVP_PKEY_MD; |
| 196 | 166 | ||
| 197 | #define EVP_rsa_md2() | 167 | #define EVP_rsa_md2() \ |
| 198 | EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ | 168 | EVP_PKEY_MD_add(NID_md2WithRSAEncryption,\ |
| 199 | EVP_rsa_pkcs1(),EVP_md2()) | 169 | EVP_rsa_pkcs1(),EVP_md2()) |
| 200 | #define EVP_rsa_md5() | 170 | #define EVP_rsa_md5() \ |
| 201 | EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ | 171 | EVP_PKEY_MD_add(NID_md5WithRSAEncryption,\ |
| 202 | EVP_rsa_pkcs1(),EVP_md5()) | 172 | EVP_rsa_pkcs1(),EVP_md5()) |
| 203 | #define EVP_rsa_sha0() | 173 | #define EVP_rsa_sha0() \ |
| 204 | EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ | 174 | EVP_PKEY_MD_add(NID_shaWithRSAEncryption,\ |
| 205 | EVP_rsa_pkcs1(),EVP_sha()) | 175 | EVP_rsa_pkcs1(),EVP_sha()) |
| 206 | #define EVP_rsa_sha1() | 176 | #define EVP_rsa_sha1() \ |
| 207 | EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ | 177 | EVP_PKEY_MD_add(NID_sha1WithRSAEncryption,\ |
| 208 | EVP_rsa_pkcs1(),EVP_sha1()) | 178 | EVP_rsa_pkcs1(),EVP_sha1()) |
| 209 | #define EVP_rsa_ripemd160() | 179 | #define EVP_rsa_ripemd160() \ |
| 210 | EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ | 180 | EVP_PKEY_MD_add(NID_ripemd160WithRSA,\ |
| 211 | EVP_rsa_pkcs1(),EVP_ripemd160()) | 181 | EVP_rsa_pkcs1(),EVP_ripemd160()) |
| 212 | #define EVP_rsa_mdc2() | 182 | #define EVP_rsa_mdc2() \ |
| 213 | EVP_PKEY_MD_add(NID_mdc2WithRSA,\ | 183 | EVP_PKEY_MD_add(NID_mdc2WithRSA,\ |
| 214 | EVP_rsa_octet_string(),EVP_mdc2()) | 184 | EVP_rsa_octet_string(),EVP_mdc2()) |
| 215 | #define EVP_dsa_sha() | 185 | #define EVP_dsa_sha() \ |
| 216 | EVP_PKEY_MD_add(NID_dsaWithSHA,\ | 186 | EVP_PKEY_MD_add(NID_dsaWithSHA,\ |
| 217 | EVP_dsa(),EVP_mdc2()) | 187 | EVP_dsa(),EVP_sha()) |
| 218 | #define EVP_dsa_sha1() | 188 | #define EVP_dsa_sha1() \ |
| 219 | EVP_PKEY_MD_add(NID_dsaWithSHA1,\ | 189 | EVP_PKEY_MD_add(NID_dsaWithSHA1,\ |
| 220 | EVP_dsa(),EVP_sha1()) | 190 | EVP_dsa(),EVP_sha1()) |
| 221 | 191 | ||
| @@ -230,7 +200,6 @@ typedef struct evp_pkey_method_st | |||
| 230 | int (*sign)(); | 200 | int (*sign)(); |
| 231 | int (*verify)(); | 201 | int (*verify)(); |
| 232 | struct { | 202 | struct { |
| 233 | int | ||
| 234 | int (*set)(); /* get and/or set the underlying type */ | 203 | int (*set)(); /* get and/or set the underlying type */ |
| 235 | int (*get)(); | 204 | int (*get)(); |
| 236 | int (*encrypt)(); | 205 | int (*encrypt)(); |
| @@ -245,25 +214,32 @@ typedef struct evp_pkey_method_st | |||
| 245 | #endif | 214 | #endif |
| 246 | 215 | ||
| 247 | #ifndef EVP_MD | 216 | #ifndef EVP_MD |
| 248 | typedef struct env_md_st | 217 | struct env_md_st |
| 249 | { | 218 | { |
| 250 | int type; | 219 | int type; |
| 251 | int pkey_type; | 220 | int pkey_type; |
| 252 | int md_size; | 221 | int md_size; |
| 253 | void (*init)(); | 222 | unsigned long flags; |
| 254 | void (*update)(); | 223 | int (*init)(EVP_MD_CTX *ctx); |
| 255 | void (*final)(); | 224 | int (*update)(EVP_MD_CTX *ctx,const void *data,unsigned long count); |
| 256 | 225 | int (*final)(EVP_MD_CTX *ctx,unsigned char *md); | |
| 226 | int (*copy)(EVP_MD_CTX *to,const EVP_MD_CTX *from); | ||
| 227 | int (*cleanup)(EVP_MD_CTX *ctx); | ||
| 228 | |||
| 229 | /* FIXME: prototype these some day */ | ||
| 257 | int (*sign)(); | 230 | int (*sign)(); |
| 258 | int (*verify)(); | 231 | int (*verify)(); |
| 259 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ | 232 | int required_pkey_type[5]; /*EVP_PKEY_xxx */ |
| 260 | int block_size; | 233 | int block_size; |
| 261 | int ctx_size; /* how big does the ctx need to be */ | 234 | int ctx_size; /* how big does the ctx->md_data need to be */ |
| 262 | } EVP_MD; | 235 | } /* EVP_MD */; |
| 236 | |||
| 237 | #define EVP_MD_FLAG_ONESHOT 0x0001 /* digest can only handle a single | ||
| 238 | * block */ | ||
| 263 | 239 | ||
| 264 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} | 240 | #define EVP_PKEY_NULL_method NULL,NULL,{0,0,0,0} |
| 265 | 241 | ||
| 266 | #ifndef NO_DSA | 242 | #ifndef OPENSSL_NO_DSA |
| 267 | #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ | 243 | #define EVP_PKEY_DSA_method DSA_sign,DSA_verify, \ |
| 268 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ | 244 | {EVP_PKEY_DSA,EVP_PKEY_DSA2,EVP_PKEY_DSA3, \ |
| 269 | EVP_PKEY_DSA4,0} | 245 | EVP_PKEY_DSA4,0} |
| @@ -271,7 +247,7 @@ typedef struct env_md_st | |||
| 271 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method | 247 | #define EVP_PKEY_DSA_method EVP_PKEY_NULL_method |
| 272 | #endif | 248 | #endif |
| 273 | 249 | ||
| 274 | #ifndef NO_RSA | 250 | #ifndef OPENSSL_NO_RSA |
| 275 | #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ | 251 | #define EVP_PKEY_RSA_method RSA_sign,RSA_verify, \ |
| 276 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} | 252 | {EVP_PKEY_RSA,EVP_PKEY_RSA2,0,0} |
| 277 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ | 253 | #define EVP_PKEY_RSA_ASN1_OCTET_STRING_method \ |
| @@ -285,103 +261,98 @@ typedef struct env_md_st | |||
| 285 | 261 | ||
| 286 | #endif /* !EVP_MD */ | 262 | #endif /* !EVP_MD */ |
| 287 | 263 | ||
| 288 | typedef struct env_md_ctx_st | 264 | struct env_md_ctx_st |
| 289 | { | 265 | { |
| 290 | EVP_MD *digest; | 266 | const EVP_MD *digest; |
| 291 | union { | 267 | ENGINE *engine; /* functional reference if 'digest' is ENGINE-provided */ |
| 292 | unsigned char base[4]; | 268 | unsigned long flags; |
| 293 | #ifndef NO_MD2 | 269 | void *md_data; |
| 294 | MD2_CTX md2; | 270 | } /* EVP_MD_CTX */; |
| 295 | #endif | 271 | |
| 296 | #ifndef NO_MD5 | 272 | /* values for EVP_MD_CTX flags */ |
| 297 | MD5_CTX md5; | ||
| 298 | #endif | ||
| 299 | #ifndef NO_MD5 | ||
| 300 | RIPEMD160_CTX ripemd160; | ||
| 301 | #endif | ||
| 302 | #if !defined(NO_SHA) || !defined(NO_SHA1) | ||
| 303 | SHA_CTX sha; | ||
| 304 | #endif | ||
| 305 | #ifndef NO_MDC2 | ||
| 306 | MDC2_CTX mdc2; | ||
| 307 | #endif | ||
| 308 | } md; | ||
| 309 | } EVP_MD_CTX; | ||
| 310 | 273 | ||
| 311 | typedef struct evp_cipher_st | 274 | #define EVP_MD_CTX_FLAG_ONESHOT 0x0001 /* digest update will be called |
| 275 | * once only */ | ||
| 276 | #define EVP_MD_CTX_FLAG_CLEANED 0x0002 /* context has already been | ||
| 277 | * cleaned */ | ||
| 278 | |||
| 279 | struct evp_cipher_st | ||
| 312 | { | 280 | { |
| 313 | int nid; | 281 | int nid; |
| 314 | int block_size; | 282 | int block_size; |
| 315 | int key_len; | 283 | int key_len; /* Default value for variable length ciphers */ |
| 316 | int iv_len; | 284 | int iv_len; |
| 317 | void (*init)(); /* init for encryption */ | 285 | unsigned long flags; /* Various flags */ |
| 318 | void (*do_cipher)(); /* encrypt data */ | 286 | int (*init)(EVP_CIPHER_CTX *ctx, const unsigned char *key, |
| 319 | void (*cleanup)(); /* used by cipher method */ | 287 | const unsigned char *iv, int enc); /* init key */ |
| 320 | int ctx_size; /* how big the ctx needs to be */ | 288 | int (*do_cipher)(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 321 | /* int set_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ | 289 | const unsigned char *in, unsigned int inl);/* encrypt/decrypt data */ |
| 322 | int (*set_asn1_parameters)(); /* Populate a ASN1_TYPE with parameters */ | 290 | int (*cleanup)(EVP_CIPHER_CTX *); /* cleanup ctx */ |
| 323 | /* int get_asn1_parameters(EVP_CIPHER_CTX,ASN1_TYPE *); */ | 291 | int ctx_size; /* how big ctx->cipher_data needs to be */ |
| 324 | int (*get_asn1_parameters)(); /* Get parameters from a ASN1_TYPE */ | 292 | int (*set_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Populate a ASN1_TYPE with parameters */ |
| 325 | } EVP_CIPHER; | 293 | int (*get_asn1_parameters)(EVP_CIPHER_CTX *, ASN1_TYPE *); /* Get parameters from a ASN1_TYPE */ |
| 294 | int (*ctrl)(EVP_CIPHER_CTX *, int type, int arg, void *ptr); /* Miscellaneous operations */ | ||
| 295 | void *app_data; /* Application data */ | ||
| 296 | } /* EVP_CIPHER */; | ||
| 297 | |||
| 298 | /* Values for cipher flags */ | ||
| 299 | |||
| 300 | /* Modes for ciphers */ | ||
| 301 | |||
| 302 | #define EVP_CIPH_STREAM_CIPHER 0x0 | ||
| 303 | #define EVP_CIPH_ECB_MODE 0x1 | ||
| 304 | #define EVP_CIPH_CBC_MODE 0x2 | ||
| 305 | #define EVP_CIPH_CFB_MODE 0x3 | ||
| 306 | #define EVP_CIPH_OFB_MODE 0x4 | ||
| 307 | #define EVP_CIPH_MODE 0x7 | ||
| 308 | /* Set if variable length cipher */ | ||
| 309 | #define EVP_CIPH_VARIABLE_LENGTH 0x8 | ||
| 310 | /* Set if the iv handling should be done by the cipher itself */ | ||
| 311 | #define EVP_CIPH_CUSTOM_IV 0x10 | ||
| 312 | /* Set if the cipher's init() function should be called if key is NULL */ | ||
| 313 | #define EVP_CIPH_ALWAYS_CALL_INIT 0x20 | ||
| 314 | /* Call ctrl() to init cipher parameters */ | ||
| 315 | #define EVP_CIPH_CTRL_INIT 0x40 | ||
| 316 | /* Don't use standard key length function */ | ||
| 317 | #define EVP_CIPH_CUSTOM_KEY_LENGTH 0x80 | ||
| 318 | /* Don't use standard block padding */ | ||
| 319 | #define EVP_CIPH_NO_PADDING 0x100 | ||
| 320 | |||
| 321 | /* ctrl() values */ | ||
| 322 | |||
| 323 | #define EVP_CTRL_INIT 0x0 | ||
| 324 | #define EVP_CTRL_SET_KEY_LENGTH 0x1 | ||
| 325 | #define EVP_CTRL_GET_RC2_KEY_BITS 0x2 | ||
| 326 | #define EVP_CTRL_SET_RC2_KEY_BITS 0x3 | ||
| 327 | #define EVP_CTRL_GET_RC5_ROUNDS 0x4 | ||
| 328 | #define EVP_CTRL_SET_RC5_ROUNDS 0x5 | ||
| 326 | 329 | ||
| 327 | typedef struct evp_cipher_info_st | 330 | typedef struct evp_cipher_info_st |
| 328 | { | 331 | { |
| 329 | EVP_CIPHER *cipher; | 332 | const EVP_CIPHER *cipher; |
| 330 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 333 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| 331 | } EVP_CIPHER_INFO; | 334 | } EVP_CIPHER_INFO; |
| 332 | 335 | ||
| 333 | typedef struct evp_cipher_ctx_st | 336 | struct evp_cipher_ctx_st |
| 334 | { | 337 | { |
| 335 | EVP_CIPHER *cipher; | 338 | const EVP_CIPHER *cipher; |
| 339 | ENGINE *engine; /* functional reference if 'cipher' is ENGINE-provided */ | ||
| 336 | int encrypt; /* encrypt or decrypt */ | 340 | int encrypt; /* encrypt or decrypt */ |
| 337 | int buf_len; /* number we have left */ | 341 | int buf_len; /* number we have left */ |
| 338 | 342 | ||
| 339 | unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ | 343 | unsigned char oiv[EVP_MAX_IV_LENGTH]; /* original iv */ |
| 340 | unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ | 344 | unsigned char iv[EVP_MAX_IV_LENGTH]; /* working iv */ |
| 341 | unsigned char buf[EVP_MAX_IV_LENGTH]; /* saved partial block */ | 345 | unsigned char buf[EVP_MAX_BLOCK_LENGTH];/* saved partial block */ |
| 342 | int num; /* used by cfb/ofb mode */ | 346 | int num; /* used by cfb/ofb mode */ |
| 343 | 347 | ||
| 344 | char *app_data; /* aplication stuff */ | 348 | void *app_data; /* application stuff */ |
| 345 | union { | 349 | int key_len; /* May change for variable length cipher */ |
| 346 | #ifndef NO_RC4 | 350 | unsigned long flags; /* Various flags */ |
| 347 | struct | 351 | void *cipher_data; /* per EVP data */ |
| 348 | { | 352 | int final_used; |
| 349 | unsigned char key[EVP_RC4_KEY_SIZE]; | 353 | int block_mask; |
| 350 | RC4_KEY ks; /* working key */ | 354 | unsigned char final[EVP_MAX_BLOCK_LENGTH];/* possible final block */ |
| 351 | } rc4; | 355 | } /* EVP_CIPHER_CTX */; |
| 352 | #endif | ||
| 353 | #ifndef NO_DES | ||
| 354 | des_key_schedule des_ks;/* key schedule */ | ||
| 355 | struct | ||
| 356 | { | ||
| 357 | des_key_schedule ks;/* key schedule */ | ||
| 358 | C_Block inw; | ||
| 359 | C_Block outw; | ||
| 360 | } desx_cbc; | ||
| 361 | struct | ||
| 362 | { | ||
| 363 | des_key_schedule ks1;/* key schedule */ | ||
| 364 | des_key_schedule ks2;/* key schedule (for ede) */ | ||
| 365 | des_key_schedule ks3;/* key schedule (for ede3) */ | ||
| 366 | } des_ede; | ||
| 367 | #endif | ||
| 368 | #ifndef NO_IDEA | ||
| 369 | IDEA_KEY_SCHEDULE idea_ks;/* key schedule */ | ||
| 370 | #endif | ||
| 371 | #ifndef NO_RC2 | ||
| 372 | RC2_KEY rc2_ks;/* key schedule */ | ||
| 373 | #endif | ||
| 374 | #ifndef NO_RC5 | ||
| 375 | RC5_32_KEY rc5_ks;/* key schedule */ | ||
| 376 | #endif | ||
| 377 | #ifndef NO_BLOWFISH | ||
| 378 | BF_KEY bf_ks;/* key schedule */ | ||
| 379 | #endif | ||
| 380 | #ifndef NO_CAST | ||
| 381 | CAST_KEY cast_ks;/* key schedule */ | ||
| 382 | #endif | ||
| 383 | } c; | ||
| 384 | } EVP_CIPHER_CTX; | ||
| 385 | 356 | ||
| 386 | typedef struct evp_Encode_Ctx_st | 357 | typedef struct evp_Encode_Ctx_st |
| 387 | { | 358 | { |
| @@ -396,12 +367,25 @@ typedef struct evp_Encode_Ctx_st | |||
| 396 | int expect_nl; | 367 | int expect_nl; |
| 397 | } EVP_ENCODE_CTX; | 368 | } EVP_ENCODE_CTX; |
| 398 | 369 | ||
| 370 | /* Password based encryption function */ | ||
| 371 | typedef int (EVP_PBE_KEYGEN)(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | ||
| 372 | ASN1_TYPE *param, const EVP_CIPHER *cipher, | ||
| 373 | const EVP_MD *md, int en_de); | ||
| 374 | |||
| 375 | #ifndef OPENSSL_NO_RSA | ||
| 399 | #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ | 376 | #define EVP_PKEY_assign_RSA(pkey,rsa) EVP_PKEY_assign((pkey),EVP_PKEY_RSA,\ |
| 400 | (char *)(rsa)) | 377 | (char *)(rsa)) |
| 378 | #endif | ||
| 379 | |||
| 380 | #ifndef OPENSSL_NO_DSA | ||
| 401 | #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ | 381 | #define EVP_PKEY_assign_DSA(pkey,dsa) EVP_PKEY_assign((pkey),EVP_PKEY_DSA,\ |
| 402 | (char *)(dsa)) | 382 | (char *)(dsa)) |
| 383 | #endif | ||
| 384 | |||
| 385 | #ifndef OPENSSL_NO_DH | ||
| 403 | #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ | 386 | #define EVP_PKEY_assign_DH(pkey,dh) EVP_PKEY_assign((pkey),EVP_PKEY_DH,\ |
| 404 | (char *)(dh)) | 387 | (char *)(dh)) |
| 388 | #endif | ||
| 405 | 389 | ||
| 406 | /* Add some extra combinations */ | 390 | /* Add some extra combinations */ |
| 407 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) | 391 | #define EVP_get_digestbynid(a) EVP_get_digestbyname(OBJ_nid2sn(a)) |
| @@ -410,77 +394,124 @@ typedef struct evp_Encode_Ctx_st | |||
| 410 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) | 394 | #define EVP_get_cipherbyobj(a) EVP_get_cipherbynid(OBJ_obj2nid(a)) |
| 411 | 395 | ||
| 412 | #define EVP_MD_type(e) ((e)->type) | 396 | #define EVP_MD_type(e) ((e)->type) |
| 397 | #define EVP_MD_nid(e) EVP_MD_type(e) | ||
| 398 | #define EVP_MD_name(e) OBJ_nid2sn(EVP_MD_nid(e)) | ||
| 413 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) | 399 | #define EVP_MD_pkey_type(e) ((e)->pkey_type) |
| 414 | #define EVP_MD_size(e) ((e)->md_size) | 400 | #define EVP_MD_size(e) ((e)->md_size) |
| 415 | #define EVP_MD_block_size(e) ((e)->block_size) | 401 | #define EVP_MD_block_size(e) ((e)->block_size) |
| 416 | 402 | ||
| 403 | #define EVP_MD_CTX_md(e) ((e)->digest) | ||
| 417 | #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) | 404 | #define EVP_MD_CTX_size(e) EVP_MD_size((e)->digest) |
| 418 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) | 405 | #define EVP_MD_CTX_block_size(e) EVP_MD_block_size((e)->digest) |
| 419 | #define EVP_MD_CTX_type(e) ((e)->digest) | 406 | #define EVP_MD_CTX_type(e) EVP_MD_type((e)->digest) |
| 420 | 407 | ||
| 421 | #define EVP_CIPHER_nid(e) ((e)->nid) | 408 | #define EVP_CIPHER_nid(e) ((e)->nid) |
| 409 | #define EVP_CIPHER_name(e) OBJ_nid2sn(EVP_CIPHER_nid(e)) | ||
| 422 | #define EVP_CIPHER_block_size(e) ((e)->block_size) | 410 | #define EVP_CIPHER_block_size(e) ((e)->block_size) |
| 423 | #define EVP_CIPHER_key_length(e) ((e)->key_len) | 411 | #define EVP_CIPHER_key_length(e) ((e)->key_len) |
| 424 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) | 412 | #define EVP_CIPHER_iv_length(e) ((e)->iv_len) |
| 413 | #define EVP_CIPHER_flags(e) ((e)->flags) | ||
| 414 | #define EVP_CIPHER_mode(e) (((e)->flags) & EVP_CIPH_MODE) | ||
| 425 | 415 | ||
| 426 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) | 416 | #define EVP_CIPHER_CTX_cipher(e) ((e)->cipher) |
| 427 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) | 417 | #define EVP_CIPHER_CTX_nid(e) ((e)->cipher->nid) |
| 428 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) | 418 | #define EVP_CIPHER_CTX_block_size(e) ((e)->cipher->block_size) |
| 429 | #define EVP_CIPHER_CTX_key_length(e) ((e)->cipher->key_len) | 419 | #define EVP_CIPHER_CTX_key_length(e) ((e)->key_len) |
| 430 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) | 420 | #define EVP_CIPHER_CTX_iv_length(e) ((e)->cipher->iv_len) |
| 431 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) | 421 | #define EVP_CIPHER_CTX_get_app_data(e) ((e)->app_data) |
| 432 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) | 422 | #define EVP_CIPHER_CTX_set_app_data(e,d) ((e)->app_data=(char *)(d)) |
| 423 | #define EVP_CIPHER_CTX_type(c) EVP_CIPHER_type(EVP_CIPHER_CTX_cipher(c)) | ||
| 424 | #define EVP_CIPHER_CTX_flags(e) ((e)->cipher->flags) | ||
| 425 | #define EVP_CIPHER_CTX_mode(e) ((e)->cipher->flags & EVP_CIPH_MODE) | ||
| 433 | 426 | ||
| 434 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) | 427 | #define EVP_ENCODE_LENGTH(l) (((l+2)/3*4)+(l/48+1)*2+80) |
| 435 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) | 428 | #define EVP_DECODE_LENGTH(l) ((l+3)/4*3+80) |
| 436 | 429 | ||
| 430 | #define EVP_SignInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) | ||
| 437 | #define EVP_SignInit(a,b) EVP_DigestInit(a,b) | 431 | #define EVP_SignInit(a,b) EVP_DigestInit(a,b) |
| 438 | #define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) | 432 | #define EVP_SignUpdate(a,b,c) EVP_DigestUpdate(a,b,c) |
| 433 | #define EVP_VerifyInit_ex(a,b,c) EVP_DigestInit_ex(a,b,c) | ||
| 439 | #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) | 434 | #define EVP_VerifyInit(a,b) EVP_DigestInit(a,b) |
| 440 | #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) | 435 | #define EVP_VerifyUpdate(a,b,c) EVP_DigestUpdate(a,b,c) |
| 441 | #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) | 436 | #define EVP_OpenUpdate(a,b,c,d,e) EVP_DecryptUpdate(a,b,c,d,e) |
| 442 | #define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) | 437 | #define EVP_SealUpdate(a,b,c,d,e) EVP_EncryptUpdate(a,b,c,d,e) |
| 443 | 438 | ||
| 444 | #define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) | 439 | #ifdef CONST_STRICT |
| 440 | void BIO_set_md(BIO *,const EVP_MD *md); | ||
| 441 | #else | ||
| 442 | # define BIO_set_md(b,md) BIO_ctrl(b,BIO_C_SET_MD,0,(char *)md) | ||
| 443 | #endif | ||
| 445 | #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) | 444 | #define BIO_get_md(b,mdp) BIO_ctrl(b,BIO_C_GET_MD,0,(char *)mdp) |
| 446 | #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) | 445 | #define BIO_get_md_ctx(b,mdcp) BIO_ctrl(b,BIO_C_GET_MD_CTX,0,(char *)mdcp) |
| 447 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) | 446 | #define BIO_get_cipher_status(b) BIO_ctrl(b,BIO_C_GET_CIPHER_STATUS,0,NULL) |
| 447 | #define BIO_get_cipher_ctx(b,c_pp) BIO_ctrl(b,BIO_C_GET_CIPHER_CTX,0,(char *)c_pp) | ||
| 448 | 448 | ||
| 449 | #define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) | 449 | #define EVP_Cipher(c,o,i,l) (c)->cipher->do_cipher((c),(o),(i),(l)) |
| 450 | 450 | ||
| 451 | #ifndef NOPROTO | 451 | #define EVP_add_cipher_alias(n,alias) \ |
| 452 | 452 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS,(n)) | |
| 453 | void EVP_DigestInit(EVP_MD_CTX *ctx, EVP_MD *type); | 453 | #define EVP_add_digest_alias(n,alias) \ |
| 454 | void EVP_DigestUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); | 454 | OBJ_NAME_add((alias),OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,(n)) |
| 455 | void EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | 455 | #define EVP_delete_cipher_alias(alias) \ |
| 456 | 456 | OBJ_NAME_remove(alias,OBJ_NAME_TYPE_CIPHER_METH|OBJ_NAME_ALIAS); | |
| 457 | int EVP_read_pw_string(char *buf,int length,char *prompt,int verify); | 457 | #define EVP_delete_digest_alias(alias) \ |
| 458 | OBJ_NAME_remove(alias,OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS); | ||
| 459 | |||
| 460 | void EVP_MD_CTX_init(EVP_MD_CTX *ctx); | ||
| 461 | int EVP_MD_CTX_cleanup(EVP_MD_CTX *ctx); | ||
| 462 | EVP_MD_CTX *EVP_MD_CTX_create(void); | ||
| 463 | void EVP_MD_CTX_destroy(EVP_MD_CTX *ctx); | ||
| 464 | int EVP_MD_CTX_copy_ex(EVP_MD_CTX *out,const EVP_MD_CTX *in); | ||
| 465 | #define EVP_MD_CTX_set_flags(ctx,flgs) ((ctx)->flags|=(flgs)) | ||
| 466 | #define EVP_MD_CTX_clear_flags(ctx,flgs) ((ctx)->flags&=~(flgs)) | ||
| 467 | #define EVP_MD_CTX_test_flags(ctx,flgs) ((ctx)->flags&(flgs)) | ||
| 468 | int EVP_DigestInit_ex(EVP_MD_CTX *ctx, const EVP_MD *type, ENGINE *impl); | ||
| 469 | int EVP_DigestUpdate(EVP_MD_CTX *ctx,const void *d, | ||
| 470 | unsigned int cnt); | ||
| 471 | int EVP_DigestFinal_ex(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | ||
| 472 | int EVP_Digest(void *data, unsigned int count, | ||
| 473 | unsigned char *md, unsigned int *size, const EVP_MD *type, ENGINE *impl); | ||
| 474 | |||
| 475 | int EVP_MD_CTX_copy(EVP_MD_CTX *out,const EVP_MD_CTX *in); | ||
| 476 | int EVP_DigestInit(EVP_MD_CTX *ctx, const EVP_MD *type); | ||
| 477 | int EVP_DigestFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s); | ||
| 478 | |||
| 479 | int EVP_read_pw_string(char *buf,int length,const char *prompt,int verify); | ||
| 458 | void EVP_set_pw_prompt(char *prompt); | 480 | void EVP_set_pw_prompt(char *prompt); |
| 459 | char * EVP_get_pw_prompt(void); | 481 | char * EVP_get_pw_prompt(void); |
| 460 | 482 | ||
| 461 | int EVP_BytesToKey(EVP_CIPHER *type,EVP_MD *md,unsigned char *salt, | 483 | int EVP_BytesToKey(const EVP_CIPHER *type,const EVP_MD *md, |
| 462 | unsigned char *data, int datal, int count, | 484 | const unsigned char *salt, const unsigned char *data, |
| 463 | unsigned char *key,unsigned char *iv); | 485 | int datal, int count, unsigned char *key,unsigned char *iv); |
| 464 | 486 | ||
| 465 | EVP_CIPHER *EVP_get_cipherbyname(char *name); | 487 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, |
| 466 | 488 | const unsigned char *key, const unsigned char *iv); | |
| 467 | void EVP_EncryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, | 489 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, |
| 468 | unsigned char *key, unsigned char *iv); | 490 | const unsigned char *key, const unsigned char *iv); |
| 469 | void EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 491 | int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, |
| 470 | int *outl, unsigned char *in, int inl); | 492 | int *outl, const unsigned char *in, int inl); |
| 471 | void EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); | 493 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
| 472 | 494 | int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); | |
| 473 | void EVP_DecryptInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, | 495 | |
| 474 | unsigned char *key, unsigned char *iv); | 496 | int EVP_DecryptInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, |
| 475 | void EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 497 | const unsigned char *key, const unsigned char *iv); |
| 476 | int *outl, unsigned char *in, int inl); | 498 | int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, |
| 499 | const unsigned char *key, const unsigned char *iv); | ||
| 500 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 501 | int *outl, const unsigned char *in, int inl); | ||
| 477 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | 502 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); |
| 478 | 503 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | |
| 479 | void EVP_CipherInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type, unsigned char *key, | 504 | |
| 480 | unsigned char *iv,int enc); | 505 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, |
| 481 | void EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | 506 | const unsigned char *key,const unsigned char *iv, |
| 482 | int *outl, unsigned char *in, int inl); | 507 | int enc); |
| 508 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, | ||
| 509 | const unsigned char *key,const unsigned char *iv, | ||
| 510 | int enc); | ||
| 511 | int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, | ||
| 512 | int *outl, const unsigned char *in, int inl); | ||
| 483 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | 513 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); |
| 514 | int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *outm, int *outl); | ||
| 484 | 515 | ||
| 485 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, | 516 | int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, |
| 486 | EVP_PKEY *pkey); | 517 | EVP_PKEY *pkey); |
| @@ -488,100 +519,171 @@ int EVP_SignFinal(EVP_MD_CTX *ctx,unsigned char *md,unsigned int *s, | |||
| 488 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, | 519 | int EVP_VerifyFinal(EVP_MD_CTX *ctx,unsigned char *sigbuf, |
| 489 | unsigned int siglen,EVP_PKEY *pkey); | 520 | unsigned int siglen,EVP_PKEY *pkey); |
| 490 | 521 | ||
| 491 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,EVP_CIPHER *type,unsigned char *ek, | 522 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *type,unsigned char *ek, |
| 492 | int ekl,unsigned char *iv,EVP_PKEY *priv); | 523 | int ekl,unsigned char *iv,EVP_PKEY *priv); |
| 493 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); | 524 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl); |
| 494 | 525 | ||
| 495 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, EVP_CIPHER *type, unsigned char **ek, | 526 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, |
| 496 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); | 527 | int *ekl, unsigned char *iv,EVP_PKEY **pubk, int npubk); |
| 497 | void EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); | 528 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx,unsigned char *out,int *outl); |
| 498 | 529 | ||
| 499 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); | 530 | void EVP_EncodeInit(EVP_ENCODE_CTX *ctx); |
| 500 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, | 531 | void EVP_EncodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out, |
| 501 | int *outl,unsigned char *in,int inl); | 532 | int *outl,unsigned char *in,int inl); |
| 502 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); | 533 | void EVP_EncodeFinal(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl); |
| 503 | int EVP_EncodeBlock(unsigned char *t, unsigned char *f, int n); | 534 | int EVP_EncodeBlock(unsigned char *t, const unsigned char *f, int n); |
| 504 | 535 | ||
| 505 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); | 536 | void EVP_DecodeInit(EVP_ENCODE_CTX *ctx); |
| 506 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, | 537 | int EVP_DecodeUpdate(EVP_ENCODE_CTX *ctx,unsigned char *out,int *outl, |
| 507 | unsigned char *in, int inl); | 538 | unsigned char *in, int inl); |
| 508 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned | 539 | int EVP_DecodeFinal(EVP_ENCODE_CTX *ctx, unsigned |
| 509 | char *out, int *outl); | 540 | char *out, int *outl); |
| 510 | int EVP_DecodeBlock(unsigned char *t, unsigned | 541 | int EVP_DecodeBlock(unsigned char *t, const unsigned char *f, int n); |
| 511 | char *f, int n); | ||
| 512 | |||
| 513 | void ERR_load_EVP_strings(void ); | ||
| 514 | 542 | ||
| 515 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); | 543 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *a); |
| 516 | void EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); | 544 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *a); |
| 545 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *x, int keylen); | ||
| 546 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *c, int pad); | ||
| 547 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr); | ||
| 517 | 548 | ||
| 518 | #ifdef HEADER_BIO_H | 549 | #ifndef OPENSSL_NO_BIO |
| 519 | BIO_METHOD *BIO_f_md(void); | 550 | BIO_METHOD *BIO_f_md(void); |
| 520 | BIO_METHOD *BIO_f_base64(void); | 551 | BIO_METHOD *BIO_f_base64(void); |
| 521 | BIO_METHOD *BIO_f_cipher(void); | 552 | BIO_METHOD *BIO_f_cipher(void); |
| 522 | void BIO_set_cipher(BIO *b,EVP_CIPHER *c,unsigned char *k, | 553 | BIO_METHOD *BIO_f_reliable(void); |
| 554 | void BIO_set_cipher(BIO *b,const EVP_CIPHER *c,unsigned char *k, | ||
| 523 | unsigned char *i, int enc); | 555 | unsigned char *i, int enc); |
| 524 | #endif | 556 | #endif |
| 525 | 557 | ||
| 526 | EVP_MD *EVP_md_null(void); | 558 | const EVP_MD *EVP_md_null(void); |
| 527 | EVP_MD *EVP_md2(void); | 559 | #ifndef OPENSSL_NO_MD2 |
| 528 | EVP_MD *EVP_md5(void); | 560 | const EVP_MD *EVP_md2(void); |
| 529 | EVP_MD *EVP_sha(void); | 561 | #endif |
| 530 | EVP_MD *EVP_sha1(void); | 562 | #ifndef OPENSSL_NO_MD4 |
| 531 | EVP_MD *EVP_dss(void); | 563 | const EVP_MD *EVP_md4(void); |
| 532 | EVP_MD *EVP_dss1(void); | 564 | #endif |
| 533 | EVP_MD *EVP_mdc2(void); | 565 | #ifndef OPENSSL_NO_MD5 |
| 534 | EVP_MD *EVP_ripemd160(void); | 566 | const EVP_MD *EVP_md5(void); |
| 535 | 567 | #endif | |
| 536 | EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ | 568 | #ifndef OPENSSL_NO_SHA |
| 537 | EVP_CIPHER *EVP_des_ecb(void); | 569 | const EVP_MD *EVP_sha(void); |
| 538 | EVP_CIPHER *EVP_des_ede(void); | 570 | const EVP_MD *EVP_sha1(void); |
| 539 | EVP_CIPHER *EVP_des_ede3(void); | 571 | const EVP_MD *EVP_dss(void); |
| 540 | EVP_CIPHER *EVP_des_cfb(void); | 572 | const EVP_MD *EVP_dss1(void); |
| 541 | EVP_CIPHER *EVP_des_ede_cfb(void); | 573 | #endif |
| 542 | EVP_CIPHER *EVP_des_ede3_cfb(void); | 574 | #ifndef OPENSSL_NO_MDC2 |
| 543 | EVP_CIPHER *EVP_des_ofb(void); | 575 | const EVP_MD *EVP_mdc2(void); |
| 544 | EVP_CIPHER *EVP_des_ede_ofb(void); | 576 | #endif |
| 545 | EVP_CIPHER *EVP_des_ede3_ofb(void); | 577 | #ifndef OPENSSL_NO_RIPEMD |
| 546 | EVP_CIPHER *EVP_des_cbc(void); | 578 | const EVP_MD *EVP_ripemd160(void); |
| 547 | EVP_CIPHER *EVP_des_ede_cbc(void); | 579 | #endif |
| 548 | EVP_CIPHER *EVP_des_ede3_cbc(void); | 580 | const EVP_CIPHER *EVP_enc_null(void); /* does nothing :-) */ |
| 549 | EVP_CIPHER *EVP_desx_cbc(void); | 581 | #ifndef OPENSSL_NO_DES |
| 550 | EVP_CIPHER *EVP_rc4(void); | 582 | const EVP_CIPHER *EVP_des_ecb(void); |
| 551 | EVP_CIPHER *EVP_rc4_40(void); | 583 | const EVP_CIPHER *EVP_des_ede(void); |
| 552 | EVP_CIPHER *EVP_idea_ecb(void); | 584 | const EVP_CIPHER *EVP_des_ede3(void); |
| 553 | EVP_CIPHER *EVP_idea_cfb(void); | 585 | const EVP_CIPHER *EVP_des_cfb(void); |
| 554 | EVP_CIPHER *EVP_idea_ofb(void); | 586 | const EVP_CIPHER *EVP_des_ede_cfb(void); |
| 555 | EVP_CIPHER *EVP_idea_cbc(void); | 587 | const EVP_CIPHER *EVP_des_ede3_cfb(void); |
| 556 | EVP_CIPHER *EVP_rc2_ecb(void); | 588 | const EVP_CIPHER *EVP_des_ofb(void); |
| 557 | EVP_CIPHER *EVP_rc2_cbc(void); | 589 | const EVP_CIPHER *EVP_des_ede_ofb(void); |
| 558 | EVP_CIPHER *EVP_rc2_40_cbc(void); | 590 | const EVP_CIPHER *EVP_des_ede3_ofb(void); |
| 559 | EVP_CIPHER *EVP_rc2_cfb(void); | 591 | const EVP_CIPHER *EVP_des_cbc(void); |
| 560 | EVP_CIPHER *EVP_rc2_ofb(void); | 592 | const EVP_CIPHER *EVP_des_ede_cbc(void); |
| 561 | EVP_CIPHER *EVP_bf_ecb(void); | 593 | const EVP_CIPHER *EVP_des_ede3_cbc(void); |
| 562 | EVP_CIPHER *EVP_bf_cbc(void); | 594 | const EVP_CIPHER *EVP_desx_cbc(void); |
| 563 | EVP_CIPHER *EVP_bf_cfb(void); | 595 | /* This should now be supported through the dev_crypto ENGINE. But also, why are |
| 564 | EVP_CIPHER *EVP_bf_ofb(void); | 596 | * rc4 and md5 declarations made here inside a "NO_DES" precompiler branch? */ |
| 565 | EVP_CIPHER *EVP_cast5_ecb(void); | 597 | #if 0 |
| 566 | EVP_CIPHER *EVP_cast5_cbc(void); | 598 | # ifdef OPENSSL_OPENBSD_DEV_CRYPTO |
| 567 | EVP_CIPHER *EVP_cast5_cfb(void); | 599 | const EVP_CIPHER *EVP_dev_crypto_des_ede3_cbc(void); |
| 568 | EVP_CIPHER *EVP_cast5_ofb(void); | 600 | const EVP_CIPHER *EVP_dev_crypto_rc4(void); |
| 569 | EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); | 601 | const EVP_MD *EVP_dev_crypto_md5(void); |
| 570 | EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); | 602 | # endif |
| 571 | EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); | 603 | #endif |
| 572 | EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); | 604 | #endif |
| 573 | 605 | #ifndef OPENSSL_NO_RC4 | |
| 574 | void SSLeay_add_all_algorithms(void); | 606 | const EVP_CIPHER *EVP_rc4(void); |
| 575 | void SSLeay_add_all_ciphers(void); | 607 | const EVP_CIPHER *EVP_rc4_40(void); |
| 576 | void SSLeay_add_all_digests(void); | 608 | #endif |
| 577 | 609 | #ifndef OPENSSL_NO_IDEA | |
| 578 | int EVP_add_cipher(EVP_CIPHER *cipher); | 610 | const EVP_CIPHER *EVP_idea_ecb(void); |
| 579 | int EVP_add_digest(EVP_MD *digest); | 611 | const EVP_CIPHER *EVP_idea_cfb(void); |
| 580 | int EVP_add_alias(char *name,char *alias); | 612 | const EVP_CIPHER *EVP_idea_ofb(void); |
| 581 | int EVP_delete_alias(char *name); | 613 | const EVP_CIPHER *EVP_idea_cbc(void); |
| 582 | 614 | #endif | |
| 583 | EVP_CIPHER *EVP_get_cipherbyname(char *name); | 615 | #ifndef OPENSSL_NO_RC2 |
| 584 | EVP_MD *EVP_get_digestbyname(char *name); | 616 | const EVP_CIPHER *EVP_rc2_ecb(void); |
| 617 | const EVP_CIPHER *EVP_rc2_cbc(void); | ||
| 618 | const EVP_CIPHER *EVP_rc2_40_cbc(void); | ||
| 619 | const EVP_CIPHER *EVP_rc2_64_cbc(void); | ||
| 620 | const EVP_CIPHER *EVP_rc2_cfb(void); | ||
| 621 | const EVP_CIPHER *EVP_rc2_ofb(void); | ||
| 622 | #endif | ||
| 623 | #ifndef OPENSSL_NO_BF | ||
| 624 | const EVP_CIPHER *EVP_bf_ecb(void); | ||
| 625 | const EVP_CIPHER *EVP_bf_cbc(void); | ||
| 626 | const EVP_CIPHER *EVP_bf_cfb(void); | ||
| 627 | const EVP_CIPHER *EVP_bf_ofb(void); | ||
| 628 | #endif | ||
| 629 | #ifndef OPENSSL_NO_CAST | ||
| 630 | const EVP_CIPHER *EVP_cast5_ecb(void); | ||
| 631 | const EVP_CIPHER *EVP_cast5_cbc(void); | ||
| 632 | const EVP_CIPHER *EVP_cast5_cfb(void); | ||
| 633 | const EVP_CIPHER *EVP_cast5_ofb(void); | ||
| 634 | #endif | ||
| 635 | #ifndef OPENSSL_NO_RC5 | ||
| 636 | const EVP_CIPHER *EVP_rc5_32_12_16_cbc(void); | ||
| 637 | const EVP_CIPHER *EVP_rc5_32_12_16_ecb(void); | ||
| 638 | const EVP_CIPHER *EVP_rc5_32_12_16_cfb(void); | ||
| 639 | const EVP_CIPHER *EVP_rc5_32_12_16_ofb(void); | ||
| 640 | #endif | ||
| 641 | #ifndef OPENSSL_NO_AES | ||
| 642 | const EVP_CIPHER *EVP_aes_128_ecb(void); | ||
| 643 | const EVP_CIPHER *EVP_aes_128_cbc(void); | ||
| 644 | const EVP_CIPHER *EVP_aes_128_cfb(void); | ||
| 645 | const EVP_CIPHER *EVP_aes_128_ofb(void); | ||
| 646 | #if 0 | ||
| 647 | const EVP_CIPHER *EVP_aes_128_ctr(void); | ||
| 648 | #endif | ||
| 649 | const EVP_CIPHER *EVP_aes_192_ecb(void); | ||
| 650 | const EVP_CIPHER *EVP_aes_192_cbc(void); | ||
| 651 | const EVP_CIPHER *EVP_aes_192_cfb(void); | ||
| 652 | const EVP_CIPHER *EVP_aes_192_ofb(void); | ||
| 653 | #if 0 | ||
| 654 | const EVP_CIPHER *EVP_aes_192_ctr(void); | ||
| 655 | #endif | ||
| 656 | const EVP_CIPHER *EVP_aes_256_ecb(void); | ||
| 657 | const EVP_CIPHER *EVP_aes_256_cbc(void); | ||
| 658 | const EVP_CIPHER *EVP_aes_256_cfb(void); | ||
| 659 | const EVP_CIPHER *EVP_aes_256_ofb(void); | ||
| 660 | #if 0 | ||
| 661 | const EVP_CIPHER *EVP_aes_256_ctr(void); | ||
| 662 | #endif | ||
| 663 | #endif | ||
| 664 | |||
| 665 | void OPENSSL_add_all_algorithms_noconf(void); | ||
| 666 | void OPENSSL_add_all_algorithms_conf(void); | ||
| 667 | |||
| 668 | #ifdef OPENSSL_LOAD_CONF | ||
| 669 | #define OpenSSL_add_all_algorithms() \ | ||
| 670 | OPENSSL_add_all_algorithms_conf() | ||
| 671 | #else | ||
| 672 | #define OpenSSL_add_all_algorithms() \ | ||
| 673 | OPENSSL_add_all_algorithms_noconf() | ||
| 674 | #endif | ||
| 675 | |||
| 676 | void OpenSSL_add_all_ciphers(void); | ||
| 677 | void OpenSSL_add_all_digests(void); | ||
| 678 | #define SSLeay_add_all_algorithms() OpenSSL_add_all_algorithms() | ||
| 679 | #define SSLeay_add_all_ciphers() OpenSSL_add_all_ciphers() | ||
| 680 | #define SSLeay_add_all_digests() OpenSSL_add_all_digests() | ||
| 681 | |||
| 682 | int EVP_add_cipher(const EVP_CIPHER *cipher); | ||
| 683 | int EVP_add_digest(const EVP_MD *digest); | ||
| 684 | |||
| 685 | const EVP_CIPHER *EVP_get_cipherbyname(const char *name); | ||
| 686 | const EVP_MD *EVP_get_digestbyname(const char *name); | ||
| 585 | void EVP_cleanup(void); | 687 | void EVP_cleanup(void); |
| 586 | 688 | ||
| 587 | int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, | 689 | int EVP_PKEY_decrypt(unsigned char *dec_key,unsigned char *enc_key, |
| @@ -592,6 +694,24 @@ int EVP_PKEY_type(int type); | |||
| 592 | int EVP_PKEY_bits(EVP_PKEY *pkey); | 694 | int EVP_PKEY_bits(EVP_PKEY *pkey); |
| 593 | int EVP_PKEY_size(EVP_PKEY *pkey); | 695 | int EVP_PKEY_size(EVP_PKEY *pkey); |
| 594 | int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); | 696 | int EVP_PKEY_assign(EVP_PKEY *pkey,int type,char *key); |
| 697 | |||
| 698 | #ifndef OPENSSL_NO_RSA | ||
| 699 | struct rsa_st; | ||
| 700 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey,struct rsa_st *key); | ||
| 701 | struct rsa_st *EVP_PKEY_get1_RSA(EVP_PKEY *pkey); | ||
| 702 | #endif | ||
| 703 | #ifndef OPENSSL_NO_DSA | ||
| 704 | struct dsa_st; | ||
| 705 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey,struct dsa_st *key); | ||
| 706 | struct dsa_st *EVP_PKEY_get1_DSA(EVP_PKEY *pkey); | ||
| 707 | #endif | ||
| 708 | #ifndef OPENSSL_NO_DH | ||
| 709 | struct dh_st; | ||
| 710 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey,struct dh_st *key); | ||
| 711 | struct dh_st *EVP_PKEY_get1_DH(EVP_PKEY *pkey); | ||
| 712 | #endif | ||
| 713 | |||
| 714 | |||
| 595 | EVP_PKEY * EVP_PKEY_new(void); | 715 | EVP_PKEY * EVP_PKEY_new(void); |
| 596 | void EVP_PKEY_free(EVP_PKEY *pkey); | 716 | void EVP_PKEY_free(EVP_PKEY *pkey); |
| 597 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, | 717 | EVP_PKEY * d2i_PublicKey(int type,EVP_PKEY **a, unsigned char **pp, |
| @@ -600,6 +720,8 @@ int i2d_PublicKey(EVP_PKEY *a, unsigned char **pp); | |||
| 600 | 720 | ||
| 601 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, | 721 | EVP_PKEY * d2i_PrivateKey(int type,EVP_PKEY **a, unsigned char **pp, |
| 602 | long length); | 722 | long length); |
| 723 | EVP_PKEY * d2i_AutoPrivateKey(EVP_PKEY **a, unsigned char **pp, | ||
| 724 | long length); | ||
| 603 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); | 725 | int i2d_PrivateKey(EVP_PKEY *a, unsigned char **pp); |
| 604 | 726 | ||
| 605 | int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); | 727 | int EVP_PKEY_copy_parameters(EVP_PKEY *to,EVP_PKEY *from); |
| @@ -607,6 +729,8 @@ int EVP_PKEY_missing_parameters(EVP_PKEY *pkey); | |||
| 607 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); | 729 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey,int mode); |
| 608 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); | 730 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a,EVP_PKEY *b); |
| 609 | 731 | ||
| 732 | int EVP_CIPHER_type(const EVP_CIPHER *ctx); | ||
| 733 | |||
| 610 | /* calls methods */ | 734 | /* calls methods */ |
| 611 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | 735 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); |
| 612 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | 736 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); |
| @@ -615,179 +739,106 @@ int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | |||
| 615 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); | 739 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); |
| 616 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); | 740 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c,ASN1_TYPE *type); |
| 617 | 741 | ||
| 618 | #else | 742 | /* PKCS5 password based encryption */ |
| 619 | 743 | int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |
| 620 | void EVP_DigestInit(); | 744 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 621 | void EVP_DigestUpdate(); | 745 | int en_de); |
| 622 | void EVP_DigestFinal(); | 746 | int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, |
| 623 | 747 | unsigned char *salt, int saltlen, int iter, | |
| 624 | int EVP_read_pw_string(); | 748 | int keylen, unsigned char *out); |
| 625 | void EVP_set_pw_prompt(); | 749 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 626 | char * EVP_get_pw_prompt(); | 750 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 627 | 751 | int en_de); | |
| 628 | int EVP_BytesToKey(); | 752 | |
| 629 | 753 | void PKCS5_PBE_add(void); | |
| 630 | EVP_CIPHER *EVP_get_cipherbyname(); | 754 | |
| 631 | 755 | int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |
| 632 | void EVP_EncryptInit(); | 756 | ASN1_TYPE *param, EVP_CIPHER_CTX *ctx, int en_de); |
| 633 | void EVP_EncryptUpdate(); | 757 | int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 634 | void EVP_EncryptFinal(); | 758 | EVP_PBE_KEYGEN *keygen); |
| 635 | 759 | void EVP_PBE_cleanup(void); | |
| 636 | void EVP_DecryptInit(); | ||
| 637 | void EVP_DecryptUpdate(); | ||
| 638 | int EVP_DecryptFinal(); | ||
| 639 | |||
| 640 | void EVP_CipherInit(); | ||
| 641 | void EVP_CipherUpdate(); | ||
| 642 | int EVP_CipherFinal(); | ||
| 643 | |||
| 644 | int EVP_SignFinal(); | ||
| 645 | |||
| 646 | int EVP_VerifyFinal(); | ||
| 647 | |||
| 648 | int EVP_OpenInit(); | ||
| 649 | int EVP_OpenFinal(); | ||
| 650 | |||
| 651 | int EVP_SealInit(); | ||
| 652 | void EVP_SealFinal(); | ||
| 653 | |||
| 654 | void EVP_EncodeInit(); | ||
| 655 | void EVP_EncodeUpdate(); | ||
| 656 | void EVP_EncodeFinal(); | ||
| 657 | int EVP_EncodeBlock(); | ||
| 658 | |||
| 659 | void EVP_DecodeInit(); | ||
| 660 | int EVP_DecodeUpdate(); | ||
| 661 | int EVP_DecodeFinal(); | ||
| 662 | int EVP_DecodeBlock(); | ||
| 663 | |||
| 664 | void ERR_load_EVP_strings(); | ||
| 665 | |||
| 666 | void EVP_CIPHER_CTX_init(); | ||
| 667 | void EVP_CIPHER_CTX_cleanup(); | ||
| 668 | |||
| 669 | #ifdef HEADER_BIO_H | ||
| 670 | BIO_METHOD *BIO_f_md(); | ||
| 671 | BIO_METHOD *BIO_f_base64(); | ||
| 672 | BIO_METHOD *BIO_f_cipher(); | ||
| 673 | void BIO_set_cipher(); | ||
| 674 | #endif | ||
| 675 | |||
| 676 | EVP_MD *EVP_md_null(); | ||
| 677 | EVP_MD *EVP_md2(); | ||
| 678 | EVP_MD *EVP_md5(); | ||
| 679 | EVP_MD *EVP_sha(); | ||
| 680 | EVP_MD *EVP_sha1(); | ||
| 681 | EVP_MD *EVP_dss(); | ||
| 682 | EVP_MD *EVP_dss1(); | ||
| 683 | EVP_MD *EVP_mdc2(); | ||
| 684 | |||
| 685 | EVP_CIPHER *EVP_enc_null(); | ||
| 686 | EVP_CIPHER *EVP_des_ecb(); | ||
| 687 | EVP_CIPHER *EVP_des_ede(); | ||
| 688 | EVP_CIPHER *EVP_des_ede3(); | ||
| 689 | EVP_CIPHER *EVP_des_cfb(); | ||
| 690 | EVP_CIPHER *EVP_des_ede_cfb(); | ||
| 691 | EVP_CIPHER *EVP_des_ede3_cfb(); | ||
| 692 | EVP_CIPHER *EVP_des_ofb(); | ||
| 693 | EVP_CIPHER *EVP_des_ede_ofb(); | ||
| 694 | EVP_CIPHER *EVP_des_ede3_ofb(); | ||
| 695 | EVP_CIPHER *EVP_des_cbc(); | ||
| 696 | EVP_CIPHER *EVP_des_ede_cbc(); | ||
| 697 | EVP_CIPHER *EVP_des_ede3_cbc(); | ||
| 698 | EVP_CIPHER *EVP_desx_cbc(); | ||
| 699 | EVP_CIPHER *EVP_rc4(); | ||
| 700 | EVP_CIPHER *EVP_rc4_40(); | ||
| 701 | EVP_CIPHER *EVP_idea_ecb(); | ||
| 702 | EVP_CIPHER *EVP_idea_cfb(); | ||
| 703 | EVP_CIPHER *EVP_idea_ofb(); | ||
| 704 | EVP_CIPHER *EVP_idea_cbc(); | ||
| 705 | EVP_CIPHER *EVP_rc2_ecb(); | ||
| 706 | EVP_CIPHER *EVP_rc2_cbc(); | ||
| 707 | EVP_CIPHER *EVP_rc2_40_cbc(); | ||
| 708 | EVP_CIPHER *EVP_rc2_cfb(); | ||
| 709 | EVP_CIPHER *EVP_rc2_ofb(); | ||
| 710 | EVP_CIPHER *EVP_bf_ecb(); | ||
| 711 | EVP_CIPHER *EVP_bf_cbc(); | ||
| 712 | EVP_CIPHER *EVP_bf_cfb(); | ||
| 713 | EVP_CIPHER *EVP_bf_ofb(); | ||
| 714 | EVP_CIPHER *EVP_cast5_ecb(); | ||
| 715 | EVP_CIPHER *EVP_cast5_cbc(); | ||
| 716 | EVP_CIPHER *EVP_cast5_cfb(); | ||
| 717 | EVP_CIPHER *EVP_cast5_ofb(); | ||
| 718 | EVP_CIPHER *EVP_rc5_32_12_16_cbc(); | ||
| 719 | EVP_CIPHER *EVP_rc5_32_12_16_ecb(); | ||
| 720 | EVP_CIPHER *EVP_rc5_32_12_16_cfb(); | ||
| 721 | EVP_CIPHER *EVP_rc5_32_12_16_ofb(); | ||
| 722 | |||
| 723 | void SSLeay_add_all_algorithms(); | ||
| 724 | void SSLeay_add_all_ciphers(); | ||
| 725 | void SSLeay_add_all_digests(); | ||
| 726 | |||
| 727 | int EVP_add_cipher(); | ||
| 728 | int EVP_add_digest(); | ||
| 729 | int EVP_add_alias(); | ||
| 730 | int EVP_delete_alias(); | ||
| 731 | |||
| 732 | EVP_CIPHER *EVP_get_cipherbyname(); | ||
| 733 | EVP_MD *EVP_get_digestbyname(); | ||
| 734 | void EVP_cleanup(); | ||
| 735 | |||
| 736 | int EVP_PKEY_decrypt(); | ||
| 737 | int EVP_PKEY_encrypt(); | ||
| 738 | int EVP_PKEY_type(); | ||
| 739 | int EVP_PKEY_bits(); | ||
| 740 | int EVP_PKEY_size(); | ||
| 741 | int EVP_PKEY_assign(); | ||
| 742 | EVP_PKEY * EVP_PKEY_new(); | ||
| 743 | void EVP_PKEY_free(); | ||
| 744 | EVP_PKEY * d2i_PublicKey(); | ||
| 745 | int i2d_PublicKey(); | ||
| 746 | |||
| 747 | EVP_PKEY * d2i_PrivateKey(); | ||
| 748 | int i2d_PrivateKey(); | ||
| 749 | |||
| 750 | int EVP_PKEY_copy_parameters(); | ||
| 751 | int EVP_PKEY_missing_parameters(); | ||
| 752 | int EVP_PKEY_save_parameters(); | ||
| 753 | int EVP_PKEY_cmp_parameters(); | ||
| 754 | |||
| 755 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | ||
| 756 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type); | ||
| 757 | |||
| 758 | int EVP_CIPHER_set_asn1_iv(); | ||
| 759 | int EVP_CIPHER_get_asn1_iv(); | ||
| 760 | |||
| 761 | #endif | ||
| 762 | 760 | ||
| 763 | /* BEGIN ERROR CODES */ | 761 | /* BEGIN ERROR CODES */ |
| 762 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 763 | * made after this point may be overwritten when the script is next run. | ||
| 764 | */ | ||
| 765 | void ERR_load_EVP_strings(void); | ||
| 766 | |||
| 764 | /* Error codes for the EVP functions. */ | 767 | /* Error codes for the EVP functions. */ |
| 765 | 768 | ||
| 766 | /* Function codes. */ | 769 | /* Function codes. */ |
| 767 | #define EVP_F_D2I_PKEY 100 | 770 | #define EVP_F_D2I_PKEY 100 |
| 771 | #define EVP_F_EVP_CIPHERINIT 123 | ||
| 772 | #define EVP_F_EVP_CIPHER_CTX_CTRL 124 | ||
| 773 | #define EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH 122 | ||
| 768 | #define EVP_F_EVP_DECRYPTFINAL 101 | 774 | #define EVP_F_EVP_DECRYPTFINAL 101 |
| 775 | #define EVP_F_EVP_DIGESTINIT 128 | ||
| 776 | #define EVP_F_EVP_ENCRYPTFINAL 127 | ||
| 777 | #define EVP_F_EVP_MD_CTX_COPY 110 | ||
| 769 | #define EVP_F_EVP_OPENINIT 102 | 778 | #define EVP_F_EVP_OPENINIT 102 |
| 779 | #define EVP_F_EVP_PBE_ALG_ADD 115 | ||
| 780 | #define EVP_F_EVP_PBE_CIPHERINIT 116 | ||
| 781 | #define EVP_F_EVP_PKCS82PKEY 111 | ||
| 782 | #define EVP_F_EVP_PKCS8_SET_BROKEN 112 | ||
| 783 | #define EVP_F_EVP_PKEY2PKCS8 113 | ||
| 770 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 | 784 | #define EVP_F_EVP_PKEY_COPY_PARAMETERS 103 |
| 771 | #define EVP_F_EVP_PKEY_DECRYPT 104 | 785 | #define EVP_F_EVP_PKEY_DECRYPT 104 |
| 772 | #define EVP_F_EVP_PKEY_ENCRYPT 105 | 786 | #define EVP_F_EVP_PKEY_ENCRYPT 105 |
| 787 | #define EVP_F_EVP_PKEY_GET1_DH 119 | ||
| 788 | #define EVP_F_EVP_PKEY_GET1_DSA 120 | ||
| 789 | #define EVP_F_EVP_PKEY_GET1_RSA 121 | ||
| 773 | #define EVP_F_EVP_PKEY_NEW 106 | 790 | #define EVP_F_EVP_PKEY_NEW 106 |
| 791 | #define EVP_F_EVP_RIJNDAEL 126 | ||
| 774 | #define EVP_F_EVP_SIGNFINAL 107 | 792 | #define EVP_F_EVP_SIGNFINAL 107 |
| 775 | #define EVP_F_EVP_VERIFYFINAL 108 | 793 | #define EVP_F_EVP_VERIFYFINAL 108 |
| 794 | #define EVP_F_PKCS5_PBE_KEYIVGEN 117 | ||
| 795 | #define EVP_F_PKCS5_V2_PBE_KEYIVGEN 118 | ||
| 796 | #define EVP_F_RC2_MAGIC_TO_METH 109 | ||
| 797 | #define EVP_F_RC5_CTRL 125 | ||
| 776 | 798 | ||
| 777 | /* Reason codes. */ | 799 | /* Reason codes. */ |
| 800 | #define EVP_R_BAD_BLOCK_LENGTH 136 | ||
| 778 | #define EVP_R_BAD_DECRYPT 100 | 801 | #define EVP_R_BAD_DECRYPT 100 |
| 802 | #define EVP_R_BAD_KEY_LENGTH 137 | ||
| 803 | #define EVP_R_BN_DECODE_ERROR 112 | ||
| 804 | #define EVP_R_BN_PUBKEY_ERROR 113 | ||
| 805 | #define EVP_R_CIPHER_PARAMETER_ERROR 122 | ||
| 806 | #define EVP_R_CTRL_NOT_IMPLEMENTED 132 | ||
| 807 | #define EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED 133 | ||
| 808 | #define EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH 138 | ||
| 809 | #define EVP_R_DECODE_ERROR 114 | ||
| 779 | #define EVP_R_DIFFERENT_KEY_TYPES 101 | 810 | #define EVP_R_DIFFERENT_KEY_TYPES 101 |
| 811 | #define EVP_R_ENCODE_ERROR 115 | ||
| 812 | #define EVP_R_EVP_PBE_CIPHERINIT_ERROR 119 | ||
| 813 | #define EVP_R_EXPECTING_AN_RSA_KEY 127 | ||
| 814 | #define EVP_R_EXPECTING_A_DH_KEY 128 | ||
| 815 | #define EVP_R_EXPECTING_A_DSA_KEY 129 | ||
| 816 | #define EVP_R_INITIALIZATION_ERROR 134 | ||
| 817 | #define EVP_R_INPUT_NOT_INITIALIZED 111 | ||
| 818 | #define EVP_R_INVALID_KEY_LENGTH 130 | ||
| 780 | #define EVP_R_IV_TOO_LARGE 102 | 819 | #define EVP_R_IV_TOO_LARGE 102 |
| 781 | #define EVP_R_MISSING_PARMATERS 103 | 820 | #define EVP_R_KEYGEN_FAILURE 120 |
| 821 | #define EVP_R_MISSING_PARAMETERS 103 | ||
| 822 | #define EVP_R_NO_CIPHER_SET 131 | ||
| 823 | #define EVP_R_NO_DIGEST_SET 139 | ||
| 824 | #define EVP_R_NO_DSA_PARAMETERS 116 | ||
| 782 | #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 | 825 | #define EVP_R_NO_SIGN_FUNCTION_CONFIGURED 104 |
| 783 | #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 | 826 | #define EVP_R_NO_VERIFY_FUNCTION_CONFIGURED 105 |
| 827 | #define EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE 117 | ||
| 784 | #define EVP_R_PUBLIC_KEY_NOT_RSA 106 | 828 | #define EVP_R_PUBLIC_KEY_NOT_RSA 106 |
| 829 | #define EVP_R_UNKNOWN_PBE_ALGORITHM 121 | ||
| 830 | #define EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS 135 | ||
| 785 | #define EVP_R_UNSUPPORTED_CIPHER 107 | 831 | #define EVP_R_UNSUPPORTED_CIPHER 107 |
| 786 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 108 | 832 | #define EVP_R_UNSUPPORTED_KEYLENGTH 123 |
| 787 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 109 | 833 | #define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 |
| 788 | 834 | #define EVP_R_UNSUPPORTED_KEY_SIZE 108 | |
| 835 | #define EVP_R_UNSUPPORTED_PRF 125 | ||
| 836 | #define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 | ||
| 837 | #define EVP_R_UNSUPPORTED_SALT_TYPE 126 | ||
| 838 | #define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 | ||
| 839 | #define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 | ||
| 840 | |||
| 789 | #ifdef __cplusplus | 841 | #ifdef __cplusplus |
| 790 | } | 842 | } |
| 791 | #endif | 843 | #endif |
| 792 | #endif | 844 | #endif |
| 793 | |||
diff --git a/src/lib/libcrypto/evp/evp_enc.c b/src/lib/libcrypto/evp/evp_enc.c index 93cc3a9464..32a1c7a2e9 100644 --- a/src/lib/libcrypto/evp/evp_enc.c +++ b/src/lib/libcrypto/evp/evp_enc.c | |||
| @@ -58,218 +58,369 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include <openssl/err.h> | ||
| 63 | #include <openssl/engine.h> | ||
| 64 | #include "evp_locl.h" | ||
| 62 | 65 | ||
| 63 | char *EVP_version="EVP part of SSLeay 0.9.0b 29-Jun-1998"; | 66 | #include <assert.h> |
| 64 | 67 | ||
| 65 | void EVP_CIPHER_CTX_init(ctx) | 68 | const char *EVP_version="EVP" OPENSSL_VERSION_PTEXT; |
| 66 | EVP_CIPHER_CTX *ctx; | 69 | |
| 70 | void EVP_CIPHER_CTX_init(EVP_CIPHER_CTX *ctx) | ||
| 67 | { | 71 | { |
| 68 | memset(ctx,0,sizeof(EVP_CIPHER_CTX)); | 72 | memset(ctx,0,sizeof(EVP_CIPHER_CTX)); |
| 69 | /* ctx->cipher=NULL; */ | 73 | /* ctx->cipher=NULL; */ |
| 70 | } | 74 | } |
| 71 | 75 | ||
| 72 | void EVP_CipherInit(ctx,data,key,iv,enc) | 76 | |
| 73 | EVP_CIPHER_CTX *ctx; | 77 | int EVP_CipherInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 74 | EVP_CIPHER *data; | 78 | const unsigned char *key, const unsigned char *iv, int enc) |
| 75 | unsigned char *key; | ||
| 76 | unsigned char *iv; | ||
| 77 | int enc; | ||
| 78 | { | 79 | { |
| 79 | if (enc) | 80 | if (cipher) |
| 80 | EVP_EncryptInit(ctx,data,key,iv); | 81 | EVP_CIPHER_CTX_init(ctx); |
| 81 | else | 82 | return EVP_CipherInit_ex(ctx,cipher,NULL,key,iv,enc); |
| 82 | EVP_DecryptInit(ctx,data,key,iv); | ||
| 83 | } | 83 | } |
| 84 | 84 | ||
| 85 | void EVP_CipherUpdate(ctx,out,outl,in,inl) | 85 | int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, |
| 86 | EVP_CIPHER_CTX *ctx; | 86 | const unsigned char *key, const unsigned char *iv, int enc) |
| 87 | unsigned char *out; | 87 | { |
| 88 | int *outl; | 88 | if (enc == -1) |
| 89 | unsigned char *in; | 89 | enc = ctx->encrypt; |
| 90 | int inl; | 90 | else |
| 91 | { | ||
| 92 | if (enc) | ||
| 93 | enc = 1; | ||
| 94 | ctx->encrypt = enc; | ||
| 95 | } | ||
| 96 | /* Whether it's nice or not, "Inits" can be used on "Final"'d contexts | ||
| 97 | * so this context may already have an ENGINE! Try to avoid releasing | ||
| 98 | * the previous handle, re-querying for an ENGINE, and having a | ||
| 99 | * reinitialisation, when it may all be unecessary. */ | ||
| 100 | if (ctx->engine && ctx->cipher && (!cipher || | ||
| 101 | (cipher && (cipher->nid == ctx->cipher->nid)))) | ||
| 102 | goto skip_to_init; | ||
| 103 | if (cipher) | ||
| 104 | { | ||
| 105 | /* Ensure a context left lying around from last time is cleared | ||
| 106 | * (the previous check attempted to avoid this if the same | ||
| 107 | * ENGINE and EVP_CIPHER could be used). */ | ||
| 108 | EVP_CIPHER_CTX_cleanup(ctx); | ||
| 109 | |||
| 110 | /* Restore encrypt field: it is zeroed by cleanup */ | ||
| 111 | ctx->encrypt = enc; | ||
| 112 | if(impl) | ||
| 113 | { | ||
| 114 | if (!ENGINE_init(impl)) | ||
| 115 | { | ||
| 116 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | ||
| 117 | return 0; | ||
| 118 | } | ||
| 119 | } | ||
| 120 | else | ||
| 121 | /* Ask if an ENGINE is reserved for this job */ | ||
| 122 | impl = ENGINE_get_cipher_engine(cipher->nid); | ||
| 123 | if(impl) | ||
| 124 | { | ||
| 125 | /* There's an ENGINE for this job ... (apparently) */ | ||
| 126 | const EVP_CIPHER *c = ENGINE_get_cipher(impl, cipher->nid); | ||
| 127 | if(!c) | ||
| 128 | { | ||
| 129 | /* One positive side-effect of US's export | ||
| 130 | * control history, is that we should at least | ||
| 131 | * be able to avoid using US mispellings of | ||
| 132 | * "initialisation"? */ | ||
| 133 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | ||
| 134 | return 0; | ||
| 135 | } | ||
| 136 | /* We'll use the ENGINE's private cipher definition */ | ||
| 137 | cipher = c; | ||
| 138 | /* Store the ENGINE functional reference so we know | ||
| 139 | * 'cipher' came from an ENGINE and we need to release | ||
| 140 | * it when done. */ | ||
| 141 | ctx->engine = impl; | ||
| 142 | } | ||
| 143 | else | ||
| 144 | ctx->engine = NULL; | ||
| 145 | |||
| 146 | ctx->cipher=cipher; | ||
| 147 | ctx->cipher_data=OPENSSL_malloc(ctx->cipher->ctx_size); | ||
| 148 | ctx->key_len = cipher->key_len; | ||
| 149 | ctx->flags = 0; | ||
| 150 | if(ctx->cipher->flags & EVP_CIPH_CTRL_INIT) | ||
| 151 | { | ||
| 152 | if(!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_INIT, 0, NULL)) | ||
| 153 | { | ||
| 154 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_INITIALIZATION_ERROR); | ||
| 155 | return 0; | ||
| 156 | } | ||
| 157 | } | ||
| 158 | } | ||
| 159 | else if(!ctx->cipher) | ||
| 160 | { | ||
| 161 | EVPerr(EVP_F_EVP_CIPHERINIT, EVP_R_NO_CIPHER_SET); | ||
| 162 | return 0; | ||
| 163 | } | ||
| 164 | skip_to_init: | ||
| 165 | /* we assume block size is a power of 2 in *cryptUpdate */ | ||
| 166 | assert(ctx->cipher->block_size == 1 | ||
| 167 | || ctx->cipher->block_size == 8 | ||
| 168 | || ctx->cipher->block_size == 16); | ||
| 169 | |||
| 170 | if(!(EVP_CIPHER_CTX_flags(ctx) & EVP_CIPH_CUSTOM_IV)) { | ||
| 171 | switch(EVP_CIPHER_CTX_mode(ctx)) { | ||
| 172 | |||
| 173 | case EVP_CIPH_STREAM_CIPHER: | ||
| 174 | case EVP_CIPH_ECB_MODE: | ||
| 175 | break; | ||
| 176 | |||
| 177 | case EVP_CIPH_CFB_MODE: | ||
| 178 | case EVP_CIPH_OFB_MODE: | ||
| 179 | |||
| 180 | ctx->num = 0; | ||
| 181 | |||
| 182 | case EVP_CIPH_CBC_MODE: | ||
| 183 | |||
| 184 | if(iv) memcpy(ctx->oiv, iv, EVP_CIPHER_CTX_iv_length(ctx)); | ||
| 185 | memcpy(ctx->iv, ctx->oiv, EVP_CIPHER_CTX_iv_length(ctx)); | ||
| 186 | break; | ||
| 187 | |||
| 188 | default: | ||
| 189 | return 0; | ||
| 190 | break; | ||
| 191 | } | ||
| 192 | } | ||
| 193 | |||
| 194 | if(key || (ctx->cipher->flags & EVP_CIPH_ALWAYS_CALL_INIT)) { | ||
| 195 | if(!ctx->cipher->init(ctx,key,iv,enc)) return 0; | ||
| 196 | } | ||
| 197 | ctx->buf_len=0; | ||
| 198 | ctx->final_used=0; | ||
| 199 | ctx->block_mask=ctx->cipher->block_size-1; | ||
| 200 | return 1; | ||
| 201 | } | ||
| 202 | |||
| 203 | int EVP_CipherUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, | ||
| 204 | const unsigned char *in, int inl) | ||
| 91 | { | 205 | { |
| 92 | if (ctx->encrypt) | 206 | if (ctx->encrypt) |
| 93 | EVP_EncryptUpdate(ctx,out,outl,in,inl); | 207 | return EVP_EncryptUpdate(ctx,out,outl,in,inl); |
| 94 | else EVP_DecryptUpdate(ctx,out,outl,in,inl); | 208 | else return EVP_DecryptUpdate(ctx,out,outl,in,inl); |
| 95 | } | 209 | } |
| 96 | 210 | ||
| 97 | int EVP_CipherFinal(ctx,out,outl) | 211 | int EVP_CipherFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 98 | EVP_CIPHER_CTX *ctx; | ||
| 99 | unsigned char *out; | ||
| 100 | int *outl; | ||
| 101 | { | 212 | { |
| 102 | if (ctx->encrypt) | 213 | if (ctx->encrypt) |
| 103 | { | 214 | return EVP_EncryptFinal_ex(ctx,out,outl); |
| 104 | EVP_EncryptFinal(ctx,out,outl); | 215 | else return EVP_DecryptFinal_ex(ctx,out,outl); |
| 105 | return(1); | ||
| 106 | } | ||
| 107 | else return(EVP_DecryptFinal(ctx,out,outl)); | ||
| 108 | } | 216 | } |
| 109 | 217 | ||
| 110 | void EVP_EncryptInit(ctx,cipher,key,iv) | 218 | int EVP_CipherFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 111 | EVP_CIPHER_CTX *ctx; | ||
| 112 | EVP_CIPHER *cipher; | ||
| 113 | unsigned char *key; | ||
| 114 | unsigned char *iv; | ||
| 115 | { | 219 | { |
| 116 | if (cipher != NULL) | 220 | if (ctx->encrypt) |
| 117 | ctx->cipher=cipher; | 221 | return EVP_EncryptFinal(ctx,out,outl); |
| 118 | ctx->cipher->init(ctx,key,iv,1); | 222 | else return EVP_DecryptFinal(ctx,out,outl); |
| 119 | ctx->encrypt=1; | ||
| 120 | ctx->buf_len=0; | ||
| 121 | } | 223 | } |
| 122 | 224 | ||
| 123 | void EVP_DecryptInit(ctx,cipher,key,iv) | 225 | int EVP_EncryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, |
| 124 | EVP_CIPHER_CTX *ctx; | 226 | const unsigned char *key, const unsigned char *iv) |
| 125 | EVP_CIPHER *cipher; | ||
| 126 | unsigned char *key; | ||
| 127 | unsigned char *iv; | ||
| 128 | { | 227 | { |
| 129 | if (cipher != NULL) | 228 | return EVP_CipherInit(ctx, cipher, key, iv, 1); |
| 130 | ctx->cipher=cipher; | 229 | } |
| 131 | ctx->cipher->init(ctx,key,iv,0); | 230 | |
| 132 | ctx->encrypt=0; | 231 | int EVP_EncryptInit_ex(EVP_CIPHER_CTX *ctx,const EVP_CIPHER *cipher, ENGINE *impl, |
| 133 | ctx->buf_len=0; | 232 | const unsigned char *key, const unsigned char *iv) |
| 233 | { | ||
| 234 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 1); | ||
| 235 | } | ||
| 236 | |||
| 237 | int EVP_DecryptInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, | ||
| 238 | const unsigned char *key, const unsigned char *iv) | ||
| 239 | { | ||
| 240 | return EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, 0); | ||
| 134 | } | 241 | } |
| 135 | 242 | ||
| 243 | int EVP_DecryptInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher, ENGINE *impl, | ||
| 244 | const unsigned char *key, const unsigned char *iv) | ||
| 245 | { | ||
| 246 | return EVP_CipherInit_ex(ctx, cipher, impl, key, iv, 0); | ||
| 247 | } | ||
| 136 | 248 | ||
| 137 | void EVP_EncryptUpdate(ctx,out,outl,in,inl) | 249 | int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 138 | EVP_CIPHER_CTX *ctx; | 250 | const unsigned char *in, int inl) |
| 139 | unsigned char *out; | ||
| 140 | int *outl; | ||
| 141 | unsigned char *in; | ||
| 142 | int inl; | ||
| 143 | { | 251 | { |
| 144 | int i,j,bl; | 252 | int i,j,bl; |
| 145 | 253 | ||
| 254 | if(ctx->buf_len == 0 && (inl&(ctx->block_mask)) == 0) | ||
| 255 | { | ||
| 256 | if(ctx->cipher->do_cipher(ctx,out,in,inl)) | ||
| 257 | { | ||
| 258 | *outl=inl; | ||
| 259 | return 1; | ||
| 260 | } | ||
| 261 | else | ||
| 262 | { | ||
| 263 | *outl=0; | ||
| 264 | return 0; | ||
| 265 | } | ||
| 266 | } | ||
| 146 | i=ctx->buf_len; | 267 | i=ctx->buf_len; |
| 147 | bl=ctx->cipher->block_size; | 268 | bl=ctx->cipher->block_size; |
| 148 | *outl=0; | ||
| 149 | if ((inl == 0) && (i != bl)) return; | ||
| 150 | if (i != 0) | 269 | if (i != 0) |
| 151 | { | 270 | { |
| 152 | if (i+inl < bl) | 271 | if (i+inl < bl) |
| 153 | { | 272 | { |
| 154 | memcpy(&(ctx->buf[i]),in,inl); | 273 | memcpy(&(ctx->buf[i]),in,inl); |
| 155 | ctx->buf_len+=inl; | 274 | ctx->buf_len+=inl; |
| 156 | return; | 275 | *outl=0; |
| 276 | return 1; | ||
| 157 | } | 277 | } |
| 158 | else | 278 | else |
| 159 | { | 279 | { |
| 160 | j=bl-i; | 280 | j=bl-i; |
| 161 | if (j != 0) memcpy(&(ctx->buf[i]),in,j); | 281 | memcpy(&(ctx->buf[i]),in,j); |
| 162 | ctx->cipher->do_cipher(ctx,out,ctx->buf,bl); | 282 | if(!ctx->cipher->do_cipher(ctx,out,ctx->buf,bl)) return 0; |
| 163 | inl-=j; | 283 | inl-=j; |
| 164 | in+=j; | 284 | in+=j; |
| 165 | out+=bl; | 285 | out+=bl; |
| 166 | *outl+=bl; | 286 | *outl=bl; |
| 167 | } | 287 | } |
| 168 | } | 288 | } |
| 169 | i=inl%bl; /* how much is left */ | 289 | else |
| 290 | *outl = 0; | ||
| 291 | i=inl&(bl-1); | ||
| 170 | inl-=i; | 292 | inl-=i; |
| 171 | if (inl > 0) | 293 | if (inl > 0) |
| 172 | { | 294 | { |
| 173 | ctx->cipher->do_cipher(ctx,out,in,inl); | 295 | if(!ctx->cipher->do_cipher(ctx,out,in,inl)) return 0; |
| 174 | *outl+=inl; | 296 | *outl+=inl; |
| 175 | } | 297 | } |
| 176 | 298 | ||
| 177 | if (i != 0) | 299 | if (i != 0) |
| 178 | memcpy(ctx->buf,&(in[inl]),i); | 300 | memcpy(ctx->buf,&(in[inl]),i); |
| 179 | ctx->buf_len=i; | 301 | ctx->buf_len=i; |
| 302 | return 1; | ||
| 180 | } | 303 | } |
| 181 | 304 | ||
| 182 | void EVP_EncryptFinal(ctx,out,outl) | 305 | int EVP_EncryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 183 | EVP_CIPHER_CTX *ctx; | ||
| 184 | unsigned char *out; | ||
| 185 | int *outl; | ||
| 186 | { | 306 | { |
| 187 | int i,n,b,bl; | 307 | int ret; |
| 308 | ret = EVP_EncryptFinal_ex(ctx, out, outl); | ||
| 309 | return ret; | ||
| 310 | } | ||
| 311 | |||
| 312 | int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | ||
| 313 | { | ||
| 314 | int i,n,b,bl,ret; | ||
| 188 | 315 | ||
| 189 | b=ctx->cipher->block_size; | 316 | b=ctx->cipher->block_size; |
| 190 | if (b == 1) | 317 | if (b == 1) |
| 191 | { | 318 | { |
| 192 | *outl=0; | 319 | *outl=0; |
| 193 | return; | 320 | return 1; |
| 194 | } | 321 | } |
| 195 | bl=ctx->buf_len; | 322 | bl=ctx->buf_len; |
| 323 | if (ctx->flags & EVP_CIPH_NO_PADDING) | ||
| 324 | { | ||
| 325 | if(bl) | ||
| 326 | { | ||
| 327 | EVPerr(EVP_F_EVP_ENCRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | ||
| 328 | return 0; | ||
| 329 | } | ||
| 330 | *outl = 0; | ||
| 331 | return 1; | ||
| 332 | } | ||
| 333 | |||
| 196 | n=b-bl; | 334 | n=b-bl; |
| 197 | for (i=bl; i<b; i++) | 335 | for (i=bl; i<b; i++) |
| 198 | ctx->buf[i]=n; | 336 | ctx->buf[i]=n; |
| 199 | ctx->cipher->do_cipher(ctx,out,ctx->buf,b); | 337 | ret=ctx->cipher->do_cipher(ctx,out,ctx->buf,b); |
| 200 | *outl=b; | 338 | |
| 339 | |||
| 340 | if(ret) | ||
| 341 | *outl=b; | ||
| 342 | |||
| 343 | return ret; | ||
| 201 | } | 344 | } |
| 202 | 345 | ||
| 203 | void EVP_DecryptUpdate(ctx,out,outl,in,inl) | 346 | int EVP_DecryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl, |
| 204 | EVP_CIPHER_CTX *ctx; | 347 | const unsigned char *in, int inl) |
| 205 | unsigned char *out; | ||
| 206 | int *outl; | ||
| 207 | unsigned char *in; | ||
| 208 | int inl; | ||
| 209 | { | 348 | { |
| 210 | int b,bl,n; | 349 | int b, fix_len; |
| 211 | int keep_last=0; | ||
| 212 | 350 | ||
| 213 | *outl=0; | 351 | if (inl == 0) |
| 214 | if (inl == 0) return; | 352 | { |
| 353 | *outl=0; | ||
| 354 | return 1; | ||
| 355 | } | ||
| 356 | |||
| 357 | if (ctx->flags & EVP_CIPH_NO_PADDING) | ||
| 358 | return EVP_EncryptUpdate(ctx, out, outl, in, inl); | ||
| 215 | 359 | ||
| 216 | b=ctx->cipher->block_size; | 360 | b=ctx->cipher->block_size; |
| 217 | if (b > 1) | 361 | |
| 362 | if(ctx->final_used) | ||
| 218 | { | 363 | { |
| 219 | /* Is the input a multiple of the block size? */ | 364 | memcpy(out,ctx->final,b); |
| 220 | bl=ctx->buf_len; | 365 | out+=b; |
| 221 | n=inl+bl; | 366 | fix_len = 1; |
| 222 | if (n%b == 0) | ||
| 223 | { | ||
| 224 | if (inl < b) /* must be 'just one' buff */ | ||
| 225 | { | ||
| 226 | memcpy(&(ctx->buf[bl]),in,inl); | ||
| 227 | ctx->buf_len=b; | ||
| 228 | *outl=0; | ||
| 229 | return; | ||
| 230 | } | ||
| 231 | keep_last=1; | ||
| 232 | inl-=b; /* don't do the last block */ | ||
| 233 | } | ||
| 234 | } | 367 | } |
| 235 | EVP_EncryptUpdate(ctx,out,outl,in,inl); | 368 | else |
| 369 | fix_len = 0; | ||
| 370 | |||
| 371 | |||
| 372 | if(!EVP_EncryptUpdate(ctx,out,outl,in,inl)) | ||
| 373 | return 0; | ||
| 236 | 374 | ||
| 237 | /* if we have 'decrypted' a multiple of block size, make sure | 375 | /* if we have 'decrypted' a multiple of block size, make sure |
| 238 | * we have a copy of this last block */ | 376 | * we have a copy of this last block */ |
| 239 | if (keep_last) | 377 | if (b > 1 && !ctx->buf_len) |
| 240 | { | 378 | { |
| 241 | memcpy(&(ctx->buf[0]),&(in[inl]),b); | 379 | *outl-=b; |
| 242 | #ifdef DEBUG | 380 | ctx->final_used=1; |
| 243 | if (ctx->buf_len != 0) | 381 | memcpy(ctx->final,&out[*outl],b); |
| 244 | { | ||
| 245 | abort(); | ||
| 246 | } | ||
| 247 | #endif | ||
| 248 | ctx->buf_len=b; | ||
| 249 | } | 382 | } |
| 383 | else | ||
| 384 | ctx->final_used = 0; | ||
| 385 | |||
| 386 | if (fix_len) | ||
| 387 | *outl += b; | ||
| 388 | |||
| 389 | return 1; | ||
| 250 | } | 390 | } |
| 251 | 391 | ||
| 252 | int EVP_DecryptFinal(ctx,out,outl) | 392 | int EVP_DecryptFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 253 | EVP_CIPHER_CTX *ctx; | 393 | { |
| 254 | unsigned char *out; | 394 | int ret; |
| 255 | int *outl; | 395 | ret = EVP_DecryptFinal_ex(ctx, out, outl); |
| 396 | return ret; | ||
| 397 | } | ||
| 398 | |||
| 399 | int EVP_DecryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) | ||
| 256 | { | 400 | { |
| 257 | int i,b; | 401 | int i,b; |
| 258 | int n; | 402 | int n; |
| 259 | 403 | ||
| 260 | *outl=0; | 404 | *outl=0; |
| 261 | b=ctx->cipher->block_size; | 405 | b=ctx->cipher->block_size; |
| 406 | if (ctx->flags & EVP_CIPH_NO_PADDING) | ||
| 407 | { | ||
| 408 | if(ctx->buf_len) | ||
| 409 | { | ||
| 410 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH); | ||
| 411 | return 0; | ||
| 412 | } | ||
| 413 | *outl = 0; | ||
| 414 | return 1; | ||
| 415 | } | ||
| 262 | if (b > 1) | 416 | if (b > 1) |
| 263 | { | 417 | { |
| 264 | if (ctx->buf_len != b) | 418 | if (ctx->buf_len || !ctx->final_used) |
| 265 | { | 419 | { |
| 266 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); | 420 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_WRONG_FINAL_BLOCK_LENGTH); |
| 267 | return(0); | 421 | return(0); |
| 268 | } | 422 | } |
| 269 | EVP_EncryptUpdate(ctx,ctx->buf,&n,ctx->buf,0); | 423 | n=ctx->final[b-1]; |
| 270 | if (n != b) | ||
| 271 | return(0); | ||
| 272 | n=ctx->buf[b-1]; | ||
| 273 | if (n > b) | 424 | if (n > b) |
| 274 | { | 425 | { |
| 275 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 426 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); |
| @@ -277,7 +428,7 @@ int *outl; | |||
| 277 | } | 428 | } |
| 278 | for (i=0; i<n; i++) | 429 | for (i=0; i<n; i++) |
| 279 | { | 430 | { |
| 280 | if (ctx->buf[--b] != n) | 431 | if (ctx->final[--b] != n) |
| 281 | { | 432 | { |
| 282 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); | 433 | EVPerr(EVP_F_EVP_DECRYPTFINAL,EVP_R_BAD_DECRYPT); |
| 283 | return(0); | 434 | return(0); |
| @@ -285,7 +436,7 @@ int *outl; | |||
| 285 | } | 436 | } |
| 286 | n=ctx->cipher->block_size-n; | 437 | n=ctx->cipher->block_size-n; |
| 287 | for (i=0; i<n; i++) | 438 | for (i=0; i<n; i++) |
| 288 | out[i]=ctx->buf[i]; | 439 | out[i]=ctx->final[i]; |
| 289 | *outl=n; | 440 | *outl=n; |
| 290 | } | 441 | } |
| 291 | else | 442 | else |
| @@ -293,11 +444,64 @@ int *outl; | |||
| 293 | return(1); | 444 | return(1); |
| 294 | } | 445 | } |
| 295 | 446 | ||
| 296 | void EVP_CIPHER_CTX_cleanup(c) | 447 | int EVP_CIPHER_CTX_cleanup(EVP_CIPHER_CTX *c) |
| 297 | EVP_CIPHER_CTX *c; | ||
| 298 | { | 448 | { |
| 299 | if ((c->cipher != NULL) && (c->cipher->cleanup != NULL)) | 449 | if (c->cipher != NULL) |
| 300 | c->cipher->cleanup(c); | 450 | { |
| 451 | if(c->cipher->cleanup && !c->cipher->cleanup(c)) | ||
| 452 | return 0; | ||
| 453 | /* Zero cipher context data */ | ||
| 454 | if (c->cipher_data) | ||
| 455 | memset(c->cipher_data, 0, c->cipher->ctx_size); | ||
| 456 | } | ||
| 457 | if (c->cipher_data) | ||
| 458 | OPENSSL_free(c->cipher_data); | ||
| 459 | if (c->engine) | ||
| 460 | /* The EVP_CIPHER we used belongs to an ENGINE, release the | ||
| 461 | * functional reference we held for this reason. */ | ||
| 462 | ENGINE_finish(c->engine); | ||
| 301 | memset(c,0,sizeof(EVP_CIPHER_CTX)); | 463 | memset(c,0,sizeof(EVP_CIPHER_CTX)); |
| 464 | return 1; | ||
| 465 | } | ||
| 466 | |||
| 467 | int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) | ||
| 468 | { | ||
| 469 | if(c->cipher->flags & EVP_CIPH_CUSTOM_KEY_LENGTH) | ||
| 470 | return EVP_CIPHER_CTX_ctrl(c, EVP_CTRL_SET_KEY_LENGTH, keylen, NULL); | ||
| 471 | if(c->key_len == keylen) return 1; | ||
| 472 | if((keylen > 0) && (c->cipher->flags & EVP_CIPH_VARIABLE_LENGTH)) | ||
| 473 | { | ||
| 474 | c->key_len = keylen; | ||
| 475 | return 1; | ||
| 476 | } | ||
| 477 | EVPerr(EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,EVP_R_INVALID_KEY_LENGTH); | ||
| 478 | return 0; | ||
| 479 | } | ||
| 480 | |||
| 481 | int EVP_CIPHER_CTX_set_padding(EVP_CIPHER_CTX *ctx, int pad) | ||
| 482 | { | ||
| 483 | if (pad) ctx->flags &= ~EVP_CIPH_NO_PADDING; | ||
| 484 | else ctx->flags |= EVP_CIPH_NO_PADDING; | ||
| 485 | return 1; | ||
| 486 | } | ||
| 487 | |||
| 488 | int EVP_CIPHER_CTX_ctrl(EVP_CIPHER_CTX *ctx, int type, int arg, void *ptr) | ||
| 489 | { | ||
| 490 | int ret; | ||
| 491 | if(!ctx->cipher) { | ||
| 492 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_NO_CIPHER_SET); | ||
| 493 | return 0; | ||
| 302 | } | 494 | } |
| 303 | 495 | ||
| 496 | if(!ctx->cipher->ctrl) { | ||
| 497 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_NOT_IMPLEMENTED); | ||
| 498 | return 0; | ||
| 499 | } | ||
| 500 | |||
| 501 | ret = ctx->cipher->ctrl(ctx, type, arg, ptr); | ||
| 502 | if(ret == -1) { | ||
| 503 | EVPerr(EVP_F_EVP_CIPHER_CTX_CTRL, EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED); | ||
| 504 | return 0; | ||
| 505 | } | ||
| 506 | return ret; | ||
| 507 | } | ||
diff --git a/src/lib/libcrypto/evp/evp_err.c b/src/lib/libcrypto/evp/evp_err.c index 2b0a0ab93f..3a23d21c21 100644 --- a/src/lib/libcrypto/evp/evp_err.c +++ b/src/lib/libcrypto/evp/evp_err.c | |||
| @@ -1,105 +1,157 @@ | |||
| 1 | /* lib/evp/evp_err.c */ | 1 | /* crypto/evp/evp_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA EVP_str_functs[]= | 67 | static ERR_STRING_DATA EVP_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, | 69 | {ERR_PACK(0,EVP_F_D2I_PKEY,0), "D2I_PKEY"}, |
| 70 | {ERR_PACK(0,EVP_F_EVP_CIPHERINIT,0), "EVP_CipherInit"}, | ||
| 71 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_CTRL,0), "EVP_CIPHER_CTX_ctrl"}, | ||
| 72 | {ERR_PACK(0,EVP_F_EVP_CIPHER_CTX_SET_KEY_LENGTH,0), "EVP_CIPHER_CTX_set_key_length"}, | ||
| 67 | {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, | 73 | {ERR_PACK(0,EVP_F_EVP_DECRYPTFINAL,0), "EVP_DecryptFinal"}, |
| 74 | {ERR_PACK(0,EVP_F_EVP_DIGESTINIT,0), "EVP_DigestInit"}, | ||
| 75 | {ERR_PACK(0,EVP_F_EVP_ENCRYPTFINAL,0), "EVP_EncryptFinal"}, | ||
| 76 | {ERR_PACK(0,EVP_F_EVP_MD_CTX_COPY,0), "EVP_MD_CTX_copy"}, | ||
| 68 | {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, | 77 | {ERR_PACK(0,EVP_F_EVP_OPENINIT,0), "EVP_OpenInit"}, |
| 78 | {ERR_PACK(0,EVP_F_EVP_PBE_ALG_ADD,0), "EVP_PBE_alg_add"}, | ||
| 79 | {ERR_PACK(0,EVP_F_EVP_PBE_CIPHERINIT,0), "EVP_PBE_CipherInit"}, | ||
| 80 | {ERR_PACK(0,EVP_F_EVP_PKCS82PKEY,0), "EVP_PKCS82PKEY"}, | ||
| 81 | {ERR_PACK(0,EVP_F_EVP_PKCS8_SET_BROKEN,0), "EVP_PKCS8_SET_BROKEN"}, | ||
| 82 | {ERR_PACK(0,EVP_F_EVP_PKEY2PKCS8,0), "EVP_PKEY2PKCS8"}, | ||
| 69 | {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, | 83 | {ERR_PACK(0,EVP_F_EVP_PKEY_COPY_PARAMETERS,0), "EVP_PKEY_copy_parameters"}, |
| 70 | {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, | 84 | {ERR_PACK(0,EVP_F_EVP_PKEY_DECRYPT,0), "EVP_PKEY_decrypt"}, |
| 71 | {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, | 85 | {ERR_PACK(0,EVP_F_EVP_PKEY_ENCRYPT,0), "EVP_PKEY_encrypt"}, |
| 86 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DH,0), "EVP_PKEY_get1_DH"}, | ||
| 87 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_DSA,0), "EVP_PKEY_get1_DSA"}, | ||
| 88 | {ERR_PACK(0,EVP_F_EVP_PKEY_GET1_RSA,0), "EVP_PKEY_get1_RSA"}, | ||
| 72 | {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, | 89 | {ERR_PACK(0,EVP_F_EVP_PKEY_NEW,0), "EVP_PKEY_new"}, |
| 90 | {ERR_PACK(0,EVP_F_EVP_RIJNDAEL,0), "EVP_RIJNDAEL"}, | ||
| 73 | {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, | 91 | {ERR_PACK(0,EVP_F_EVP_SIGNFINAL,0), "EVP_SignFinal"}, |
| 74 | {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, | 92 | {ERR_PACK(0,EVP_F_EVP_VERIFYFINAL,0), "EVP_VerifyFinal"}, |
| 75 | {0,NULL}, | 93 | {ERR_PACK(0,EVP_F_PKCS5_PBE_KEYIVGEN,0), "PKCS5_PBE_keyivgen"}, |
| 94 | {ERR_PACK(0,EVP_F_PKCS5_V2_PBE_KEYIVGEN,0), "PKCS5_v2_PBE_keyivgen"}, | ||
| 95 | {ERR_PACK(0,EVP_F_RC2_MAGIC_TO_METH,0), "RC2_MAGIC_TO_METH"}, | ||
| 96 | {ERR_PACK(0,EVP_F_RC5_CTRL,0), "RC5_CTRL"}, | ||
| 97 | {0,NULL} | ||
| 76 | }; | 98 | }; |
| 77 | 99 | ||
| 78 | static ERR_STRING_DATA EVP_str_reasons[]= | 100 | static ERR_STRING_DATA EVP_str_reasons[]= |
| 79 | { | 101 | { |
| 102 | {EVP_R_BAD_BLOCK_LENGTH ,"bad block length"}, | ||
| 80 | {EVP_R_BAD_DECRYPT ,"bad decrypt"}, | 103 | {EVP_R_BAD_DECRYPT ,"bad decrypt"}, |
| 104 | {EVP_R_BAD_KEY_LENGTH ,"bad key length"}, | ||
| 105 | {EVP_R_BN_DECODE_ERROR ,"bn decode error"}, | ||
| 106 | {EVP_R_BN_PUBKEY_ERROR ,"bn pubkey error"}, | ||
| 107 | {EVP_R_CIPHER_PARAMETER_ERROR ,"cipher parameter error"}, | ||
| 108 | {EVP_R_CTRL_NOT_IMPLEMENTED ,"ctrl not implemented"}, | ||
| 109 | {EVP_R_CTRL_OPERATION_NOT_IMPLEMENTED ,"ctrl operation not implemented"}, | ||
| 110 | {EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH ,"data not multiple of block length"}, | ||
| 111 | {EVP_R_DECODE_ERROR ,"decode error"}, | ||
| 81 | {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, | 112 | {EVP_R_DIFFERENT_KEY_TYPES ,"different key types"}, |
| 113 | {EVP_R_ENCODE_ERROR ,"encode error"}, | ||
| 114 | {EVP_R_EVP_PBE_CIPHERINIT_ERROR ,"evp pbe cipherinit error"}, | ||
| 115 | {EVP_R_EXPECTING_AN_RSA_KEY ,"expecting an rsa key"}, | ||
| 116 | {EVP_R_EXPECTING_A_DH_KEY ,"expecting a dh key"}, | ||
| 117 | {EVP_R_EXPECTING_A_DSA_KEY ,"expecting a dsa key"}, | ||
| 118 | {EVP_R_INITIALIZATION_ERROR ,"initialization error"}, | ||
| 119 | {EVP_R_INPUT_NOT_INITIALIZED ,"input not initialized"}, | ||
| 120 | {EVP_R_INVALID_KEY_LENGTH ,"invalid key length"}, | ||
| 82 | {EVP_R_IV_TOO_LARGE ,"iv too large"}, | 121 | {EVP_R_IV_TOO_LARGE ,"iv too large"}, |
| 83 | {EVP_R_MISSING_PARMATERS ,"missing parmaters"}, | 122 | {EVP_R_KEYGEN_FAILURE ,"keygen failure"}, |
| 123 | {EVP_R_MISSING_PARAMETERS ,"missing parameters"}, | ||
| 124 | {EVP_R_NO_CIPHER_SET ,"no cipher set"}, | ||
| 125 | {EVP_R_NO_DIGEST_SET ,"no digest set"}, | ||
| 126 | {EVP_R_NO_DSA_PARAMETERS ,"no dsa parameters"}, | ||
| 84 | {EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, | 127 | {EVP_R_NO_SIGN_FUNCTION_CONFIGURED ,"no sign function configured"}, |
| 85 | {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, | 128 | {EVP_R_NO_VERIFY_FUNCTION_CONFIGURED ,"no verify function configured"}, |
| 129 | {EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE ,"pkcs8 unknown broken type"}, | ||
| 86 | {EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, | 130 | {EVP_R_PUBLIC_KEY_NOT_RSA ,"public key not rsa"}, |
| 131 | {EVP_R_UNKNOWN_PBE_ALGORITHM ,"unknown pbe algorithm"}, | ||
| 132 | {EVP_R_UNSUPORTED_NUMBER_OF_ROUNDS ,"unsuported number of rounds"}, | ||
| 87 | {EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, | 133 | {EVP_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, |
| 134 | {EVP_R_UNSUPPORTED_KEYLENGTH ,"unsupported keylength"}, | ||
| 135 | {EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION,"unsupported key derivation function"}, | ||
| 136 | {EVP_R_UNSUPPORTED_KEY_SIZE ,"unsupported key size"}, | ||
| 137 | {EVP_R_UNSUPPORTED_PRF ,"unsupported prf"}, | ||
| 138 | {EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM ,"unsupported private key algorithm"}, | ||
| 139 | {EVP_R_UNSUPPORTED_SALT_TYPE ,"unsupported salt type"}, | ||
| 88 | {EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, | 140 | {EVP_R_WRONG_FINAL_BLOCK_LENGTH ,"wrong final block length"}, |
| 89 | {EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, | 141 | {EVP_R_WRONG_PUBLIC_KEY_TYPE ,"wrong public key type"}, |
| 90 | {0,NULL}, | 142 | {0,NULL} |
| 91 | }; | 143 | }; |
| 92 | 144 | ||
| 93 | #endif | 145 | #endif |
| 94 | 146 | ||
| 95 | void ERR_load_EVP_strings() | 147 | void ERR_load_EVP_strings(void) |
| 96 | { | 148 | { |
| 97 | static int init=1; | 149 | static int init=1; |
| 98 | 150 | ||
| 99 | if (init); | 151 | if (init) |
| 100 | {; | 152 | { |
| 101 | init=0; | 153 | init=0; |
| 102 | #ifndef NO_ERR | 154 | #ifndef OPENSSL_NO_ERR |
| 103 | ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); | 155 | ERR_load_strings(ERR_LIB_EVP,EVP_str_functs); |
| 104 | ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); | 156 | ERR_load_strings(ERR_LIB_EVP,EVP_str_reasons); |
| 105 | #endif | 157 | #endif |
diff --git a/src/lib/libcrypto/evp/evp_key.c b/src/lib/libcrypto/evp/evp_key.c index dafa686f64..4271393069 100644 --- a/src/lib/libcrypto/evp/evp_key.c +++ b/src/lib/libcrypto/evp/evp_key.c | |||
| @@ -58,23 +58,26 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "x509.h" | 61 | #include <openssl/x509.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include <openssl/ui.h> | ||
| 64 | 65 | ||
| 65 | /* should be init to zeros. */ | 66 | /* should be init to zeros. */ |
| 66 | static char prompt_string[80]; | 67 | static char prompt_string[80]; |
| 67 | 68 | ||
| 68 | void EVP_set_pw_prompt(prompt) | 69 | void EVP_set_pw_prompt(char *prompt) |
| 69 | char *prompt; | ||
| 70 | { | 70 | { |
| 71 | if (prompt == NULL) | 71 | if (prompt == NULL) |
| 72 | prompt_string[0]='\0'; | 72 | prompt_string[0]='\0'; |
| 73 | else | 73 | else |
| 74 | { | ||
| 74 | strncpy(prompt_string,prompt,79); | 75 | strncpy(prompt_string,prompt,79); |
| 76 | prompt_string[79]='\0'; | ||
| 77 | } | ||
| 75 | } | 78 | } |
| 76 | 79 | ||
| 77 | char *EVP_get_pw_prompt() | 80 | char *EVP_get_pw_prompt(void) |
| 78 | { | 81 | { |
| 79 | if (prompt_string[0] == '\0') | 82 | if (prompt_string[0] == '\0') |
| 80 | return(NULL); | 83 | return(NULL); |
| @@ -82,30 +85,31 @@ char *EVP_get_pw_prompt() | |||
| 82 | return(prompt_string); | 85 | return(prompt_string); |
| 83 | } | 86 | } |
| 84 | 87 | ||
| 85 | #ifdef NO_DES | 88 | /* For historical reasons, the standard function for reading passwords is |
| 86 | int des_read_pw_string(char *buf,int len,char *prompt,int verify); | 89 | * in the DES library -- if someone ever wants to disable DES, |
| 87 | #endif | 90 | * this function will fail */ |
| 88 | 91 | int EVP_read_pw_string(char *buf, int len, const char *prompt, int verify) | |
| 89 | int EVP_read_pw_string(buf,len,prompt,verify) | ||
| 90 | char *buf; | ||
| 91 | int len; | ||
| 92 | char *prompt; | ||
| 93 | int verify; | ||
| 94 | { | 92 | { |
| 93 | int ret; | ||
| 94 | char buff[BUFSIZ]; | ||
| 95 | UI *ui; | ||
| 96 | |||
| 95 | if ((prompt == NULL) && (prompt_string[0] != '\0')) | 97 | if ((prompt == NULL) && (prompt_string[0] != '\0')) |
| 96 | prompt=prompt_string; | 98 | prompt=prompt_string; |
| 97 | return(des_read_pw_string(buf,len,prompt,verify)); | 99 | ui = UI_new(); |
| 100 | UI_add_input_string(ui,prompt,0,buf,0,(len>=BUFSIZ)?BUFSIZ-1:len); | ||
| 101 | if (verify) | ||
| 102 | UI_add_verify_string(ui,prompt,0, | ||
| 103 | buff,0,(len>=BUFSIZ)?BUFSIZ-1:len,buf); | ||
| 104 | ret = UI_process(ui); | ||
| 105 | UI_free(ui); | ||
| 106 | memset(buff,0,BUFSIZ); | ||
| 107 | return ret; | ||
| 98 | } | 108 | } |
| 99 | 109 | ||
| 100 | int EVP_BytesToKey(type,md,salt,data,datal,count,key,iv) | 110 | int EVP_BytesToKey(const EVP_CIPHER *type, const EVP_MD *md, |
| 101 | EVP_CIPHER *type; | 111 | const unsigned char *salt, const unsigned char *data, int datal, |
| 102 | EVP_MD *md; | 112 | int count, unsigned char *key, unsigned char *iv) |
| 103 | unsigned char *salt; | ||
| 104 | unsigned char *data; | ||
| 105 | int datal; | ||
| 106 | int count; | ||
| 107 | unsigned char *key; | ||
| 108 | unsigned char *iv; | ||
| 109 | { | 113 | { |
| 110 | EVP_MD_CTX c; | 114 | EVP_MD_CTX c; |
| 111 | unsigned char md_buf[EVP_MAX_MD_SIZE]; | 115 | unsigned char md_buf[EVP_MAX_MD_SIZE]; |
| @@ -117,21 +121,22 @@ unsigned char *iv; | |||
| 117 | 121 | ||
| 118 | if (data == NULL) return(nkey); | 122 | if (data == NULL) return(nkey); |
| 119 | 123 | ||
| 124 | EVP_MD_CTX_init(&c); | ||
| 120 | for (;;) | 125 | for (;;) |
| 121 | { | 126 | { |
| 122 | EVP_DigestInit(&c,md); | 127 | EVP_DigestInit_ex(&c,md, NULL); |
| 123 | if (addmd++) | 128 | if (addmd++) |
| 124 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); | 129 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); |
| 125 | EVP_DigestUpdate(&c,data,datal); | 130 | EVP_DigestUpdate(&c,data,datal); |
| 126 | if (salt != NULL) | 131 | if (salt != NULL) |
| 127 | EVP_DigestUpdate(&c,salt,8); | 132 | EVP_DigestUpdate(&c,salt,PKCS5_SALT_LEN); |
| 128 | EVP_DigestFinal(&c,&(md_buf[0]),&mds); | 133 | EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); |
| 129 | 134 | ||
| 130 | for (i=1; i<(unsigned int)count; i++) | 135 | for (i=1; i<(unsigned int)count; i++) |
| 131 | { | 136 | { |
| 132 | EVP_DigestInit(&c,md); | 137 | EVP_DigestInit_ex(&c,md, NULL); |
| 133 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); | 138 | EVP_DigestUpdate(&c,&(md_buf[0]),mds); |
| 134 | EVP_DigestFinal(&c,&(md_buf[0]),&mds); | 139 | EVP_DigestFinal_ex(&c,&(md_buf[0]),&mds); |
| 135 | } | 140 | } |
| 136 | i=0; | 141 | i=0; |
| 137 | if (nkey) | 142 | if (nkey) |
| @@ -160,7 +165,7 @@ unsigned char *iv; | |||
| 160 | } | 165 | } |
| 161 | if ((nkey == 0) && (niv == 0)) break; | 166 | if ((nkey == 0) && (niv == 0)) break; |
| 162 | } | 167 | } |
| 163 | memset(&c,0,sizeof(c)); | 168 | EVP_MD_CTX_cleanup(&c); |
| 164 | memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); | 169 | memset(&(md_buf[0]),0,EVP_MAX_MD_SIZE); |
| 165 | return(type->key_len); | 170 | return(type->key_len); |
| 166 | } | 171 | } |
diff --git a/src/lib/libcrypto/evp/evp_lib.c b/src/lib/libcrypto/evp/evp_lib.c index 69784eb555..a431945ef5 100644 --- a/src/lib/libcrypto/evp/evp_lib.c +++ b/src/lib/libcrypto/evp/evp_lib.c | |||
| @@ -58,12 +58,10 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | 63 | ||
| 64 | int EVP_CIPHER_param_to_asn1(c,type) | 64 | int EVP_CIPHER_param_to_asn1(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 65 | EVP_CIPHER_CTX *c; | ||
| 66 | ASN1_TYPE *type; | ||
| 67 | { | 65 | { |
| 68 | int ret; | 66 | int ret; |
| 69 | 67 | ||
| @@ -74,9 +72,7 @@ ASN1_TYPE *type; | |||
| 74 | return(ret); | 72 | return(ret); |
| 75 | } | 73 | } |
| 76 | 74 | ||
| 77 | int EVP_CIPHER_asn1_to_param(c,type) | 75 | int EVP_CIPHER_asn1_to_param(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 78 | EVP_CIPHER_CTX *c; | ||
| 79 | ASN1_TYPE *type; | ||
| 80 | { | 76 | { |
| 81 | int ret; | 77 | int ret; |
| 82 | 78 | ||
| @@ -87,9 +83,7 @@ ASN1_TYPE *type; | |||
| 87 | return(ret); | 83 | return(ret); |
| 88 | } | 84 | } |
| 89 | 85 | ||
| 90 | int EVP_CIPHER_get_asn1_iv(c,type) | 86 | int EVP_CIPHER_get_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 91 | EVP_CIPHER_CTX *c; | ||
| 92 | ASN1_TYPE *type; | ||
| 93 | { | 87 | { |
| 94 | int i=0,l; | 88 | int i=0,l; |
| 95 | 89 | ||
| @@ -97,14 +91,15 @@ ASN1_TYPE *type; | |||
| 97 | { | 91 | { |
| 98 | l=EVP_CIPHER_CTX_iv_length(c); | 92 | l=EVP_CIPHER_CTX_iv_length(c); |
| 99 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); | 93 | i=ASN1_TYPE_get_octetstring(type,c->oiv,l); |
| 100 | memcpy(c->iv,c->oiv,l); | 94 | if (i != l) |
| 95 | return(-1); | ||
| 96 | else if (i > 0) | ||
| 97 | memcpy(c->iv,c->oiv,l); | ||
| 101 | } | 98 | } |
| 102 | return(i); | 99 | return(i); |
| 103 | } | 100 | } |
| 104 | 101 | ||
| 105 | int EVP_CIPHER_set_asn1_iv(c,type) | 102 | int EVP_CIPHER_set_asn1_iv(EVP_CIPHER_CTX *c, ASN1_TYPE *type) |
| 106 | EVP_CIPHER_CTX *c; | ||
| 107 | ASN1_TYPE *type; | ||
| 108 | { | 103 | { |
| 109 | int i=0,j; | 104 | int i=0,j; |
| 110 | 105 | ||
| @@ -115,3 +110,33 @@ ASN1_TYPE *type; | |||
| 115 | } | 110 | } |
| 116 | return(i); | 111 | return(i); |
| 117 | } | 112 | } |
| 113 | |||
| 114 | /* Convert the various cipher NIDs and dummies to a proper OID NID */ | ||
| 115 | int EVP_CIPHER_type(const EVP_CIPHER *ctx) | ||
| 116 | { | ||
| 117 | int nid; | ||
| 118 | ASN1_OBJECT *otmp; | ||
| 119 | nid = EVP_CIPHER_nid(ctx); | ||
| 120 | |||
| 121 | switch(nid) { | ||
| 122 | |||
| 123 | case NID_rc2_cbc: | ||
| 124 | case NID_rc2_64_cbc: | ||
| 125 | case NID_rc2_40_cbc: | ||
| 126 | |||
| 127 | return NID_rc2_cbc; | ||
| 128 | |||
| 129 | case NID_rc4: | ||
| 130 | case NID_rc4_40: | ||
| 131 | |||
| 132 | return NID_rc4; | ||
| 133 | |||
| 134 | default: | ||
| 135 | /* Check it has an OID and it is valid */ | ||
| 136 | otmp = OBJ_nid2obj(nid); | ||
| 137 | if(!otmp || !otmp->data) nid = NID_undef; | ||
| 138 | ASN1_OBJECT_free(otmp); | ||
| 139 | return nid; | ||
| 140 | } | ||
| 141 | } | ||
| 142 | |||
diff --git a/src/lib/libcrypto/evp/evp_locl.h b/src/lib/libcrypto/evp/evp_locl.h index ce49d5b7d8..7b088b4848 100644 --- a/src/lib/libcrypto/evp/evp_locl.h +++ b/src/lib/libcrypto/evp/evp_locl.h | |||
| @@ -61,50 +61,107 @@ | |||
| 61 | /* Wrapper functions for each cipher mode */ | 61 | /* Wrapper functions for each cipher mode */ |
| 62 | 62 | ||
| 63 | #define BLOCK_CIPHER_ecb_loop() \ | 63 | #define BLOCK_CIPHER_ecb_loop() \ |
| 64 | unsigned int i; \ | 64 | unsigned int i, bl; \ |
| 65 | if(inl < 8) return 1;\ | 65 | bl = ctx->cipher->block_size;\ |
| 66 | inl -= 8; \ | 66 | if(inl < bl) return 1;\ |
| 67 | for(i=0; i <= inl; i+=8) \ | 67 | inl -= bl; \ |
| 68 | for(i=0; i <= inl; i+=bl) \ | ||
| 68 | 69 | ||
| 69 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \ | 70 | #define BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ |
| 70 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 71 | static int cname##_ecb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| 71 | {\ | 72 | {\ |
| 72 | BLOCK_CIPHER_ecb_loop() \ | 73 | BLOCK_CIPHER_ecb_loop() \ |
| 73 | cprefix##_ecb_encrypt(in + i, out + i, &ctx->c.kname, ctx->encrypt);\ | 74 | cprefix##_ecb_encrypt(in + i, out + i, &((kstruct *)ctx->cipher_data)->ksched, ctx->encrypt);\ |
| 74 | return 1;\ | 75 | return 1;\ |
| 75 | } | 76 | } |
| 76 | 77 | ||
| 77 | #define BLOCK_CIPHER_func_ofb(cname, cprefix, kname) \ | 78 | #define BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) \ |
| 78 | static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 79 | static int cname##_ofb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| 79 | {\ | 80 | {\ |
| 80 | cprefix##_ofb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num);\ | 81 | cprefix##_ofb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num);\ |
| 81 | return 1;\ | 82 | return 1;\ |
| 82 | } | 83 | } |
| 83 | 84 | ||
| 84 | #define BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \ | 85 | #define BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ |
| 85 | static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 86 | static int cname##_cbc_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| 86 | {\ | 87 | {\ |
| 87 | cprefix##_cbc_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, ctx->encrypt);\ | 88 | cprefix##_cbc_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, ctx->encrypt);\ |
| 88 | return 1;\ | 89 | return 1;\ |
| 89 | } | 90 | } |
| 90 | 91 | ||
| 91 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \ | 92 | #define BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ |
| 92 | static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ | 93 | static int cname##_cfb_cipher(EVP_CIPHER_CTX *ctx, unsigned char *out, const unsigned char *in, unsigned int inl) \ |
| 93 | {\ | 94 | {\ |
| 94 | cprefix##_cfb64_encrypt(in, out, (long)inl, &ctx->c.kname, ctx->iv, &ctx->num, ctx->encrypt);\ | 95 | cprefix##_cfb##cbits##_encrypt(in, out, (long)inl, &((kstruct *)ctx->cipher_data)->ksched, ctx->iv, &ctx->num, ctx->encrypt);\ |
| 95 | return 1;\ | 96 | return 1;\ |
| 96 | } | 97 | } |
| 97 | 98 | ||
| 98 | #define BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \ | 99 | #define BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ |
| 99 | BLOCK_CIPHER_func_cbc(cname, cprefix, kname) \ | 100 | BLOCK_CIPHER_func_cbc(cname, cprefix, kstruct, ksched) \ |
| 100 | BLOCK_CIPHER_func_cfb(cname, cprefix, kname) \ | 101 | BLOCK_CIPHER_func_cfb(cname, cprefix, cbits, kstruct, ksched) \ |
| 101 | BLOCK_CIPHER_func_ecb(cname, cprefix, kname) \ | 102 | BLOCK_CIPHER_func_ecb(cname, cprefix, kstruct, ksched) \ |
| 102 | BLOCK_CIPHER_func_ofb(cname, cprefix, kname) | 103 | BLOCK_CIPHER_func_ofb(cname, cprefix, cbits, kstruct, ksched) |
| 103 | 104 | ||
| 105 | #define BLOCK_CIPHER_def1(cname, nmode, mode, MODE, kstruct, nid, block_size, \ | ||
| 106 | key_len, iv_len, flags, init_key, cleanup, \ | ||
| 107 | set_asn1, get_asn1, ctrl) \ | ||
| 108 | static const EVP_CIPHER cname##_##mode = { \ | ||
| 109 | nid##_##nmode, block_size, key_len, iv_len, \ | ||
| 110 | flags | EVP_CIPH_##MODE##_MODE, \ | ||
| 111 | init_key, \ | ||
| 112 | cname##_##mode##_cipher, \ | ||
| 113 | cleanup, \ | ||
| 114 | sizeof(kstruct), \ | ||
| 115 | set_asn1, get_asn1,\ | ||
| 116 | ctrl, \ | ||
| 117 | NULL \ | ||
| 118 | }; \ | ||
| 119 | const EVP_CIPHER *EVP_##cname##_##mode(void) { return &cname##_##mode; } | ||
| 120 | |||
| 121 | #define BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, \ | ||
| 122 | iv_len, flags, init_key, cleanup, set_asn1, \ | ||
| 123 | get_asn1, ctrl) \ | ||
| 124 | BLOCK_CIPHER_def1(cname, cbc, cbc, CBC, kstruct, nid, block_size, key_len, \ | ||
| 125 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | ||
| 126 | |||
| 127 | #define BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, \ | ||
| 128 | iv_len, cbits, flags, init_key, cleanup, \ | ||
| 129 | set_asn1, get_asn1, ctrl) \ | ||
| 130 | BLOCK_CIPHER_def1(cname, cfb##cbits, cfb, CFB, kstruct, nid, block_size, \ | ||
| 131 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | ||
| 132 | get_asn1, ctrl) | ||
| 133 | |||
| 134 | #define BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, \ | ||
| 135 | iv_len, cbits, flags, init_key, cleanup, \ | ||
| 136 | set_asn1, get_asn1, ctrl) \ | ||
| 137 | BLOCK_CIPHER_def1(cname, ofb##cbits, ofb, OFB, kstruct, nid, block_size, \ | ||
| 138 | key_len, iv_len, flags, init_key, cleanup, set_asn1, \ | ||
| 139 | get_asn1, ctrl) | ||
| 140 | |||
| 141 | #define BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, \ | ||
| 142 | iv_len, flags, init_key, cleanup, set_asn1, \ | ||
| 143 | get_asn1, ctrl) \ | ||
| 144 | BLOCK_CIPHER_def1(cname, ecb, ecb, ECB, kstruct, nid, block_size, key_len, \ | ||
| 145 | iv_len, flags, init_key, cleanup, set_asn1, get_asn1, ctrl) | ||
| 146 | |||
| 147 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | ||
| 148 | nid, block_size, key_len, iv_len, cbits, flags, \ | ||
| 149 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | ||
| 150 | BLOCK_CIPHER_def_cbc(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | ||
| 151 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | ||
| 152 | BLOCK_CIPHER_def_cfb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ | ||
| 153 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | ||
| 154 | BLOCK_CIPHER_def_ofb(cname, kstruct, nid, block_size, key_len, iv_len, cbits, \ | ||
| 155 | flags, init_key, cleanup, set_asn1, get_asn1, ctrl) \ | ||
| 156 | BLOCK_CIPHER_def_ecb(cname, kstruct, nid, block_size, key_len, iv_len, flags, \ | ||
| 157 | init_key, cleanup, set_asn1, get_asn1, ctrl) | ||
| 158 | |||
| 159 | |||
| 160 | /* | ||
| 104 | #define BLOCK_CIPHER_defs(cname, kstruct, \ | 161 | #define BLOCK_CIPHER_defs(cname, kstruct, \ |
| 105 | nid, block_size, key_len, iv_len, flags,\ | 162 | nid, block_size, key_len, iv_len, flags,\ |
| 106 | init_key, cleanup, set_asn1, get_asn1, ctrl)\ | 163 | init_key, cleanup, set_asn1, get_asn1, ctrl)\ |
| 107 | static EVP_CIPHER cname##_cbc = {\ | 164 | static const EVP_CIPHER cname##_cbc = {\ |
| 108 | nid##_cbc, block_size, key_len, iv_len, \ | 165 | nid##_cbc, block_size, key_len, iv_len, \ |
| 109 | flags | EVP_CIPH_CBC_MODE,\ | 166 | flags | EVP_CIPH_CBC_MODE,\ |
| 110 | init_key,\ | 167 | init_key,\ |
| @@ -116,8 +173,8 @@ static EVP_CIPHER cname##_cbc = {\ | |||
| 116 | ctrl, \ | 173 | ctrl, \ |
| 117 | NULL \ | 174 | NULL \ |
| 118 | };\ | 175 | };\ |
| 119 | EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ | 176 | const EVP_CIPHER *EVP_##cname##_cbc(void) { return &cname##_cbc; }\ |
| 120 | static EVP_CIPHER cname##_cfb = {\ | 177 | static const EVP_CIPHER cname##_cfb = {\ |
| 121 | nid##_cfb64, 1, key_len, iv_len, \ | 178 | nid##_cfb64, 1, key_len, iv_len, \ |
| 122 | flags | EVP_CIPH_CFB_MODE,\ | 179 | flags | EVP_CIPH_CFB_MODE,\ |
| 123 | init_key,\ | 180 | init_key,\ |
| @@ -129,8 +186,8 @@ static EVP_CIPHER cname##_cfb = {\ | |||
| 129 | ctrl,\ | 186 | ctrl,\ |
| 130 | NULL \ | 187 | NULL \ |
| 131 | };\ | 188 | };\ |
| 132 | EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ | 189 | const EVP_CIPHER *EVP_##cname##_cfb(void) { return &cname##_cfb; }\ |
| 133 | static EVP_CIPHER cname##_ofb = {\ | 190 | static const EVP_CIPHER cname##_ofb = {\ |
| 134 | nid##_ofb64, 1, key_len, iv_len, \ | 191 | nid##_ofb64, 1, key_len, iv_len, \ |
| 135 | flags | EVP_CIPH_OFB_MODE,\ | 192 | flags | EVP_CIPH_OFB_MODE,\ |
| 136 | init_key,\ | 193 | init_key,\ |
| @@ -142,8 +199,8 @@ static EVP_CIPHER cname##_ofb = {\ | |||
| 142 | ctrl,\ | 199 | ctrl,\ |
| 143 | NULL \ | 200 | NULL \ |
| 144 | };\ | 201 | };\ |
| 145 | EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ | 202 | const EVP_CIPHER *EVP_##cname##_ofb(void) { return &cname##_ofb; }\ |
| 146 | static EVP_CIPHER cname##_ecb = {\ | 203 | static const EVP_CIPHER cname##_ecb = {\ |
| 147 | nid##_ecb, block_size, key_len, iv_len, \ | 204 | nid##_ecb, block_size, key_len, iv_len, \ |
| 148 | flags | EVP_CIPH_ECB_MODE,\ | 205 | flags | EVP_CIPH_ECB_MODE,\ |
| 149 | init_key,\ | 206 | init_key,\ |
| @@ -155,14 +212,16 @@ static EVP_CIPHER cname##_ecb = {\ | |||
| 155 | ctrl,\ | 212 | ctrl,\ |
| 156 | NULL \ | 213 | NULL \ |
| 157 | };\ | 214 | };\ |
| 158 | EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } | 215 | const EVP_CIPHER *EVP_##cname##_ecb(void) { return &cname##_ecb; } |
| 159 | 216 | */ | |
| 160 | |||
| 161 | 217 | ||
| 162 | #define IMPLEMENT_BLOCK_CIPHER(cname, kname, cprefix, kstruct, \ | 218 | #define IMPLEMENT_BLOCK_CIPHER(cname, ksched, cprefix, kstruct, nid, \ |
| 163 | nid, block_size, key_len, iv_len, flags, \ | 219 | block_size, key_len, iv_len, cbits, \ |
| 164 | init_key, cleanup, set_asn1, get_asn1, ctrl) \ | 220 | flags, init_key, \ |
| 165 | BLOCK_CIPHER_all_funcs(cname, cprefix, kname) \ | 221 | cleanup, set_asn1, get_asn1, ctrl) \ |
| 166 | BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, flags,\ | 222 | BLOCK_CIPHER_all_funcs(cname, cprefix, cbits, kstruct, ksched) \ |
| 167 | init_key, cleanup, set_asn1, get_asn1, ctrl) | 223 | BLOCK_CIPHER_defs(cname, kstruct, nid, block_size, key_len, iv_len, \ |
| 224 | cbits, flags, init_key, cleanup, set_asn1, \ | ||
| 225 | get_asn1, ctrl) | ||
| 168 | 226 | ||
| 227 | #define EVP_C_DATA(kstruct, ctx) ((kstruct *)(ctx)->cipher_data) | ||
diff --git a/src/lib/libcrypto/evp/evp_pbe.c b/src/lib/libcrypto/evp/evp_pbe.c index 353c3ad667..06afb9d152 100644 --- a/src/lib/libcrypto/evp/evp_pbe.c +++ b/src/lib/libcrypto/evp/evp_pbe.c | |||
| @@ -69,8 +69,8 @@ static STACK *pbe_algs; | |||
| 69 | 69 | ||
| 70 | typedef struct { | 70 | typedef struct { |
| 71 | int pbe_nid; | 71 | int pbe_nid; |
| 72 | EVP_CIPHER *cipher; | 72 | const EVP_CIPHER *cipher; |
| 73 | EVP_MD *md; | 73 | const EVP_MD *md; |
| 74 | EVP_PBE_KEYGEN *keygen; | 74 | EVP_PBE_KEYGEN *keygen; |
| 75 | } EVP_PBE_CTL; | 75 | } EVP_PBE_CTL; |
| 76 | 76 | ||
| @@ -92,7 +92,8 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |||
| 92 | ERR_add_error_data(2, "TYPE=", obj_tmp); | 92 | ERR_add_error_data(2, "TYPE=", obj_tmp); |
| 93 | return 0; | 93 | return 0; |
| 94 | } | 94 | } |
| 95 | if (passlen == -1) passlen = strlen(pass); | 95 | if(!pass) passlen = 0; |
| 96 | else if (passlen == -1) passlen = strlen(pass); | ||
| 96 | pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); | 97 | pbetmp = (EVP_PBE_CTL *)sk_value (pbe_algs, i); |
| 97 | i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, | 98 | i = (*pbetmp->keygen)(ctx, pass, passlen, param, pbetmp->cipher, |
| 98 | pbetmp->md, en_de); | 99 | pbetmp->md, en_de); |
| @@ -103,19 +104,20 @@ int EVP_PBE_CipherInit (ASN1_OBJECT *pbe_obj, const char *pass, int passlen, | |||
| 103 | return 1; | 104 | return 1; |
| 104 | } | 105 | } |
| 105 | 106 | ||
| 106 | static int pbe_cmp (EVP_PBE_CTL **pbe1, EVP_PBE_CTL **pbe2) | 107 | static int pbe_cmp(const char * const *a, const char * const *b) |
| 107 | { | 108 | { |
| 109 | EVP_PBE_CTL **pbe1 = (EVP_PBE_CTL **) a, **pbe2 = (EVP_PBE_CTL **)b; | ||
| 108 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); | 110 | return ((*pbe1)->pbe_nid - (*pbe2)->pbe_nid); |
| 109 | } | 111 | } |
| 110 | 112 | ||
| 111 | /* Add a PBE algorithm */ | 113 | /* Add a PBE algorithm */ |
| 112 | 114 | ||
| 113 | int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, | 115 | int EVP_PBE_alg_add(int nid, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 114 | EVP_PBE_KEYGEN *keygen) | 116 | EVP_PBE_KEYGEN *keygen) |
| 115 | { | 117 | { |
| 116 | EVP_PBE_CTL *pbe_tmp; | 118 | EVP_PBE_CTL *pbe_tmp; |
| 117 | if (!pbe_algs) pbe_algs = sk_new (pbe_cmp); | 119 | if (!pbe_algs) pbe_algs = sk_new(pbe_cmp); |
| 118 | if (!(pbe_tmp = (EVP_PBE_CTL*) Malloc (sizeof(EVP_PBE_CTL)))) { | 120 | if (!(pbe_tmp = (EVP_PBE_CTL*) OPENSSL_malloc (sizeof(EVP_PBE_CTL)))) { |
| 119 | EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); | 121 | EVPerr(EVP_F_EVP_PBE_ALG_ADD,ERR_R_MALLOC_FAILURE); |
| 120 | return 0; | 122 | return 0; |
| 121 | } | 123 | } |
| @@ -129,6 +131,6 @@ int EVP_PBE_alg_add (int nid, EVP_CIPHER *cipher, EVP_MD *md, | |||
| 129 | 131 | ||
| 130 | void EVP_PBE_cleanup(void) | 132 | void EVP_PBE_cleanup(void) |
| 131 | { | 133 | { |
| 132 | sk_pop_free(pbe_algs, FreeFunc); | 134 | sk_pop_free(pbe_algs, OPENSSL_freeFunc); |
| 133 | pbe_algs = NULL; | 135 | pbe_algs = NULL; |
| 134 | } | 136 | } |
diff --git a/src/lib/libcrypto/evp/evp_pkey.c b/src/lib/libcrypto/evp/evp_pkey.c index 421e452db1..34b5b1d21c 100644 --- a/src/lib/libcrypto/evp/evp_pkey.c +++ b/src/lib/libcrypto/evp/evp_pkey.c | |||
| @@ -62,41 +62,40 @@ | |||
| 62 | #include <openssl/x509.h> | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | #ifndef OPENSSL_NO_DSA | ||
| 66 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8inf, EVP_PKEY *pkey); | ||
| 67 | #endif | ||
| 68 | |||
| 65 | /* Extract a private key from a PKCS8 structure */ | 69 | /* Extract a private key from a PKCS8 structure */ |
| 66 | 70 | ||
| 67 | EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | 71 | EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) |
| 68 | { | 72 | { |
| 69 | EVP_PKEY *pkey; | 73 | EVP_PKEY *pkey = NULL; |
| 70 | #ifndef NO_RSA | 74 | #ifndef OPENSSL_NO_RSA |
| 71 | RSA *rsa; | 75 | RSA *rsa = NULL; |
| 72 | #endif | 76 | #endif |
| 73 | #ifndef NO_DSA | 77 | #ifndef OPENSSL_NO_DSA |
| 74 | DSA *dsa; | 78 | DSA *dsa = NULL; |
| 75 | ASN1_INTEGER *dsapriv; | 79 | ASN1_INTEGER *privkey; |
| 76 | STACK *ndsa; | 80 | ASN1_TYPE *t1, *t2, *param = NULL; |
| 77 | BN_CTX *ctx; | 81 | STACK_OF(ASN1_TYPE) *ndsa = NULL; |
| 82 | BN_CTX *ctx = NULL; | ||
| 78 | int plen; | 83 | int plen; |
| 79 | #endif | 84 | #endif |
| 80 | X509_ALGOR *a; | 85 | X509_ALGOR *a; |
| 81 | unsigned char *p; | 86 | unsigned char *p; |
| 87 | const unsigned char *cp; | ||
| 82 | int pkeylen; | 88 | int pkeylen; |
| 83 | char obj_tmp[80]; | 89 | char obj_tmp[80]; |
| 84 | 90 | ||
| 85 | switch (p8->broken) { | 91 | if(p8->pkey->type == V_ASN1_OCTET_STRING) { |
| 86 | case PKCS8_OK: | 92 | p8->broken = PKCS8_OK; |
| 87 | p = p8->pkey->value.octet_string->data; | 93 | p = p8->pkey->value.octet_string->data; |
| 88 | pkeylen = p8->pkey->value.octet_string->length; | 94 | pkeylen = p8->pkey->value.octet_string->length; |
| 89 | break; | 95 | } else { |
| 90 | 96 | p8->broken = PKCS8_NO_OCTET; | |
| 91 | case PKCS8_NO_OCTET: | ||
| 92 | p = p8->pkey->value.sequence->data; | 97 | p = p8->pkey->value.sequence->data; |
| 93 | pkeylen = p8->pkey->value.sequence->length; | 98 | pkeylen = p8->pkey->value.sequence->length; |
| 94 | break; | ||
| 95 | |||
| 96 | default: | ||
| 97 | EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_PKCS8_UNKNOWN_BROKEN_TYPE); | ||
| 98 | return NULL; | ||
| 99 | break; | ||
| 100 | } | 99 | } |
| 101 | if (!(pkey = EVP_PKEY_new())) { | 100 | if (!(pkey = EVP_PKEY_new())) { |
| 102 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); | 101 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); |
| @@ -105,81 +104,108 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 105 | a = p8->pkeyalg; | 104 | a = p8->pkeyalg; |
| 106 | switch (OBJ_obj2nid(a->algorithm)) | 105 | switch (OBJ_obj2nid(a->algorithm)) |
| 107 | { | 106 | { |
| 108 | #ifndef NO_RSA | 107 | #ifndef OPENSSL_NO_RSA |
| 109 | case NID_rsaEncryption: | 108 | case NID_rsaEncryption: |
| 110 | if (!(rsa = d2i_RSAPrivateKey (NULL, &p, pkeylen))) { | 109 | cp = p; |
| 110 | if (!(rsa = d2i_RSAPrivateKey (NULL,&cp, pkeylen))) { | ||
| 111 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | 111 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 112 | return NULL; | 112 | return NULL; |
| 113 | } | 113 | } |
| 114 | EVP_PKEY_assign_RSA (pkey, rsa); | 114 | EVP_PKEY_assign_RSA (pkey, rsa); |
| 115 | break; | 115 | break; |
| 116 | #endif | 116 | #endif |
| 117 | #ifndef NO_DSA | 117 | #ifndef OPENSSL_NO_DSA |
| 118 | case NID_dsa: | 118 | case NID_dsa: |
| 119 | /* PKCS#8 DSA is weird: you just get a private key integer | 119 | /* PKCS#8 DSA is weird: you just get a private key integer |
| 120 | * and parameters in the AlgorithmIdentifier the pubkey must | 120 | * and parameters in the AlgorithmIdentifier the pubkey must |
| 121 | * be recalculated. | 121 | * be recalculated. |
| 122 | */ | 122 | */ |
| 123 | 123 | ||
| 124 | /* Check for broken Netscape Database DSA PKCS#8, UGH! */ | 124 | /* Check for broken DSA PKCS#8, UGH! */ |
| 125 | if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { | 125 | if(*p == (V_ASN1_SEQUENCE|V_ASN1_CONSTRUCTED)) { |
| 126 | if(!(ndsa = ASN1_seq_unpack(p, pkeylen, | 126 | if(!(ndsa = ASN1_seq_unpack_ASN1_TYPE(p, pkeylen, |
| 127 | (char *(*)())d2i_ASN1_INTEGER, | 127 | d2i_ASN1_TYPE, |
| 128 | ASN1_STRING_free))) { | 128 | ASN1_TYPE_free))) { |
| 129 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | 129 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 130 | return NULL; | 130 | goto dsaerr; |
| 131 | } | 131 | } |
| 132 | if(sk_num(ndsa) != 2 ) { | 132 | if(sk_ASN1_TYPE_num(ndsa) != 2 ) { |
| 133 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | 133 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 134 | sk_pop_free(ndsa, ASN1_STRING_free); | 134 | goto dsaerr; |
| 135 | return NULL; | ||
| 136 | } | 135 | } |
| 137 | dsapriv = (ASN1_INTEGER *) sk_pop(ndsa); | 136 | /* Handle Two broken types: |
| 138 | sk_pop_free(ndsa, ASN1_STRING_free); | 137 | * SEQUENCE {parameters, priv_key} |
| 139 | } else if (!(dsapriv=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { | 138 | * SEQUENCE {pub_key, priv_key} |
| 139 | */ | ||
| 140 | |||
| 141 | t1 = sk_ASN1_TYPE_value(ndsa, 0); | ||
| 142 | t2 = sk_ASN1_TYPE_value(ndsa, 1); | ||
| 143 | if(t1->type == V_ASN1_SEQUENCE) { | ||
| 144 | p8->broken = PKCS8_EMBEDDED_PARAM; | ||
| 145 | param = t1; | ||
| 146 | } else if(a->parameter->type == V_ASN1_SEQUENCE) { | ||
| 147 | p8->broken = PKCS8_NS_DB; | ||
| 148 | param = a->parameter; | ||
| 149 | } else { | ||
| 140 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | 150 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 141 | return NULL; | 151 | goto dsaerr; |
| 152 | } | ||
| 153 | |||
| 154 | if(t2->type != V_ASN1_INTEGER) { | ||
| 155 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
| 156 | goto dsaerr; | ||
| 157 | } | ||
| 158 | privkey = t2->value.integer; | ||
| 159 | } else { | ||
| 160 | if (!(privkey=d2i_ASN1_INTEGER (NULL, &p, pkeylen))) { | ||
| 161 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | ||
| 162 | goto dsaerr; | ||
| 163 | } | ||
| 164 | param = p8->pkeyalg->parameter; | ||
| 142 | } | 165 | } |
| 143 | /* Retrieve parameters */ | 166 | if (!param || (param->type != V_ASN1_SEQUENCE)) { |
| 144 | if (a->parameter->type != V_ASN1_SEQUENCE) { | 167 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 145 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_NO_DSA_PARAMETERS); | 168 | goto dsaerr; |
| 146 | return NULL; | ||
| 147 | } | 169 | } |
| 148 | p = a->parameter->value.sequence->data; | 170 | cp = p = param->value.sequence->data; |
| 149 | plen = a->parameter->value.sequence->length; | 171 | plen = param->value.sequence->length; |
| 150 | if (!(dsa = d2i_DSAparams (NULL, &p, plen))) { | 172 | if (!(dsa = d2i_DSAparams (NULL, &cp, plen))) { |
| 151 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); | 173 | EVPerr(EVP_F_EVP_PKCS82PKEY, EVP_R_DECODE_ERROR); |
| 152 | return NULL; | 174 | goto dsaerr; |
| 153 | } | 175 | } |
| 154 | /* We have parameters now set private key */ | 176 | /* We have parameters now set private key */ |
| 155 | if (!(dsa->priv_key = ASN1_INTEGER_to_BN(dsapriv, NULL))) { | 177 | if (!(dsa->priv_key = ASN1_INTEGER_to_BN(privkey, NULL))) { |
| 156 | EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); | 178 | EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_DECODE_ERROR); |
| 157 | DSA_free (dsa); | 179 | goto dsaerr; |
| 158 | return NULL; | ||
| 159 | } | 180 | } |
| 160 | /* Calculate public key (ouch!) */ | 181 | /* Calculate public key (ouch!) */ |
| 161 | if (!(dsa->pub_key = BN_new())) { | 182 | if (!(dsa->pub_key = BN_new())) { |
| 162 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); | 183 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); |
| 163 | DSA_free (dsa); | 184 | goto dsaerr; |
| 164 | return NULL; | ||
| 165 | } | 185 | } |
| 166 | if (!(ctx = BN_CTX_new())) { | 186 | if (!(ctx = BN_CTX_new())) { |
| 167 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); | 187 | EVPerr(EVP_F_EVP_PKCS82PKEY,ERR_R_MALLOC_FAILURE); |
| 168 | DSA_free (dsa); | 188 | goto dsaerr; |
| 169 | return NULL; | ||
| 170 | } | 189 | } |
| 171 | 190 | ||
| 172 | if (!BN_mod_exp(dsa->pub_key, dsa->g, | 191 | if (!BN_mod_exp(dsa->pub_key, dsa->g, |
| 173 | dsa->priv_key, dsa->p, ctx)) { | 192 | dsa->priv_key, dsa->p, ctx)) { |
| 174 | 193 | ||
| 175 | EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); | 194 | EVPerr(EVP_F_EVP_PKCS82PKEY,EVP_R_BN_PUBKEY_ERROR); |
| 176 | BN_CTX_free (ctx); | 195 | goto dsaerr; |
| 177 | DSA_free (dsa); | ||
| 178 | return NULL; | ||
| 179 | } | 196 | } |
| 180 | 197 | ||
| 181 | EVP_PKEY_assign_DSA (pkey, dsa); | 198 | EVP_PKEY_assign_DSA(pkey, dsa); |
| 182 | BN_CTX_free (ctx); | 199 | BN_CTX_free (ctx); |
| 200 | if(ndsa) sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 201 | else ASN1_INTEGER_free(privkey); | ||
| 202 | break; | ||
| 203 | dsaerr: | ||
| 204 | BN_CTX_free (ctx); | ||
| 205 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 206 | DSA_free(dsa); | ||
| 207 | EVP_PKEY_free(pkey); | ||
| 208 | return NULL; | ||
| 183 | break; | 209 | break; |
| 184 | #endif | 210 | #endif |
| 185 | default: | 211 | default: |
| @@ -193,30 +219,35 @@ EVP_PKEY *EVP_PKCS82PKEY (PKCS8_PRIV_KEY_INFO *p8) | |||
| 193 | return pkey; | 219 | return pkey; |
| 194 | } | 220 | } |
| 195 | 221 | ||
| 222 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) | ||
| 223 | { | ||
| 224 | return EVP_PKEY2PKCS8_broken(pkey, PKCS8_OK); | ||
| 225 | } | ||
| 226 | |||
| 196 | /* Turn a private key into a PKCS8 structure */ | 227 | /* Turn a private key into a PKCS8 structure */ |
| 197 | 228 | ||
| 198 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) | 229 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken) |
| 199 | { | 230 | { |
| 200 | PKCS8_PRIV_KEY_INFO *p8; | 231 | PKCS8_PRIV_KEY_INFO *p8; |
| 201 | #ifndef NO_DSA | 232 | |
| 202 | ASN1_INTEGER *dpkey; | ||
| 203 | unsigned char *p, *q; | ||
| 204 | int len; | ||
| 205 | #endif | ||
| 206 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { | 233 | if (!(p8 = PKCS8_PRIV_KEY_INFO_new())) { |
| 207 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 234 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 208 | return NULL; | 235 | return NULL; |
| 209 | } | 236 | } |
| 237 | p8->broken = broken; | ||
| 210 | ASN1_INTEGER_set (p8->version, 0); | 238 | ASN1_INTEGER_set (p8->version, 0); |
| 211 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { | 239 | if (!(p8->pkeyalg->parameter = ASN1_TYPE_new ())) { |
| 212 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | 240 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); |
| 213 | PKCS8_PRIV_KEY_INFO_free (p8); | 241 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 214 | return NULL; | 242 | return NULL; |
| 215 | } | 243 | } |
| 244 | p8->pkey->type = V_ASN1_OCTET_STRING; | ||
| 216 | switch (EVP_PKEY_type(pkey->type)) { | 245 | switch (EVP_PKEY_type(pkey->type)) { |
| 217 | #ifndef NO_RSA | 246 | #ifndef OPENSSL_NO_RSA |
| 218 | case EVP_PKEY_RSA: | 247 | case EVP_PKEY_RSA: |
| 219 | 248 | ||
| 249 | if(p8->broken == PKCS8_NO_OCTET) p8->pkey->type = V_ASN1_SEQUENCE; | ||
| 250 | |||
| 220 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); | 251 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_rsaEncryption); |
| 221 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | 252 | p8->pkeyalg->parameter->type = V_ASN1_NULL; |
| 222 | if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, | 253 | if (!ASN1_pack_string ((char *)pkey, i2d_PrivateKey, |
| @@ -227,38 +258,13 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) | |||
| 227 | } | 258 | } |
| 228 | break; | 259 | break; |
| 229 | #endif | 260 | #endif |
| 230 | #ifndef NO_DSA | 261 | #ifndef OPENSSL_NO_DSA |
| 231 | case EVP_PKEY_DSA: | 262 | case EVP_PKEY_DSA: |
| 232 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | 263 | if(!dsa_pkey2pkcs8(p8, pkey)) { |
| 233 | |||
| 234 | /* get paramaters and place in AlgorithmIdentifier */ | ||
| 235 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | ||
| 236 | if (!(p = Malloc(len))) { | ||
| 237 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 238 | PKCS8_PRIV_KEY_INFO_free (p8); | ||
| 239 | return NULL; | ||
| 240 | } | ||
| 241 | q = p; | ||
| 242 | i2d_DSAparams (pkey->pkey.dsa, &q); | ||
| 243 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | ||
| 244 | p8->pkeyalg->parameter->value.sequence = ASN1_STRING_new(); | ||
| 245 | ASN1_STRING_set(p8->pkeyalg->parameter->value.sequence, p, len); | ||
| 246 | Free(p); | ||
| 247 | /* Get private key into an integer and pack */ | ||
| 248 | if (!(dpkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | ||
| 249 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | ||
| 250 | PKCS8_PRIV_KEY_INFO_free (p8); | 264 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 251 | return NULL; | 265 | return NULL; |
| 252 | } | 266 | } |
| 253 | 267 | ||
| 254 | if (!ASN1_pack_string((char *)dpkey, i2d_ASN1_INTEGER, | ||
| 255 | &p8->pkey->value.octet_string)) { | ||
| 256 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 257 | ASN1_INTEGER_free (dpkey); | ||
| 258 | PKCS8_PRIV_KEY_INFO_free (p8); | ||
| 259 | return NULL; | ||
| 260 | } | ||
| 261 | ASN1_INTEGER_free (dpkey); | ||
| 262 | break; | 268 | break; |
| 263 | #endif | 269 | #endif |
| 264 | default: | 270 | default: |
| @@ -266,9 +272,8 @@ PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey) | |||
| 266 | PKCS8_PRIV_KEY_INFO_free (p8); | 272 | PKCS8_PRIV_KEY_INFO_free (p8); |
| 267 | return NULL; | 273 | return NULL; |
| 268 | } | 274 | } |
| 269 | p8->pkey->type = V_ASN1_OCTET_STRING; | 275 | RAND_add(p8->pkey->value.octet_string->data, |
| 270 | RAND_seed (p8->pkey->value.octet_string->data, | 276 | p8->pkey->value.octet_string->length, 0); |
| 271 | p8->pkey->value.octet_string->length); | ||
| 272 | return p8; | 277 | return p8; |
| 273 | } | 278 | } |
| 274 | 279 | ||
| @@ -295,4 +300,113 @@ PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken) | |||
| 295 | } | 300 | } |
| 296 | } | 301 | } |
| 297 | 302 | ||
| 303 | #ifndef OPENSSL_NO_DSA | ||
| 304 | static int dsa_pkey2pkcs8(PKCS8_PRIV_KEY_INFO *p8, EVP_PKEY *pkey) | ||
| 305 | { | ||
| 306 | ASN1_STRING *params; | ||
| 307 | ASN1_INTEGER *prkey; | ||
| 308 | ASN1_TYPE *ttmp; | ||
| 309 | STACK_OF(ASN1_TYPE) *ndsa; | ||
| 310 | unsigned char *p, *q; | ||
| 311 | int len; | ||
| 312 | |||
| 313 | p8->pkeyalg->algorithm = OBJ_nid2obj(NID_dsa); | ||
| 314 | len = i2d_DSAparams (pkey->pkey.dsa, NULL); | ||
| 315 | if (!(p = OPENSSL_malloc(len))) { | ||
| 316 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 317 | PKCS8_PRIV_KEY_INFO_free (p8); | ||
| 318 | return 0; | ||
| 319 | } | ||
| 320 | q = p; | ||
| 321 | i2d_DSAparams (pkey->pkey.dsa, &q); | ||
| 322 | params = ASN1_STRING_new(); | ||
| 323 | ASN1_STRING_set(params, p, len); | ||
| 324 | OPENSSL_free(p); | ||
| 325 | /* Get private key into integer */ | ||
| 326 | if (!(prkey = BN_to_ASN1_INTEGER (pkey->pkey.dsa->priv_key, NULL))) { | ||
| 327 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | ||
| 328 | return 0; | ||
| 329 | } | ||
| 330 | |||
| 331 | switch(p8->broken) { | ||
| 332 | |||
| 333 | case PKCS8_OK: | ||
| 334 | case PKCS8_NO_OCTET: | ||
| 335 | |||
| 336 | if (!ASN1_pack_string((char *)prkey, i2d_ASN1_INTEGER, | ||
| 337 | &p8->pkey->value.octet_string)) { | ||
| 338 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 339 | M_ASN1_INTEGER_free (prkey); | ||
| 340 | return 0; | ||
| 341 | } | ||
| 342 | |||
| 343 | M_ASN1_INTEGER_free (prkey); | ||
| 344 | p8->pkeyalg->parameter->value.sequence = params; | ||
| 345 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | ||
| 346 | |||
| 347 | break; | ||
| 348 | |||
| 349 | case PKCS8_NS_DB: | ||
| 350 | |||
| 351 | p8->pkeyalg->parameter->value.sequence = params; | ||
| 352 | p8->pkeyalg->parameter->type = V_ASN1_SEQUENCE; | ||
| 353 | ndsa = sk_ASN1_TYPE_new_null(); | ||
| 354 | ttmp = ASN1_TYPE_new(); | ||
| 355 | if (!(ttmp->value.integer = BN_to_ASN1_INTEGER (pkey->pkey.dsa->pub_key, NULL))) { | ||
| 356 | EVPerr(EVP_F_EVP_PKEY2PKCS8,EVP_R_ENCODE_ERROR); | ||
| 357 | PKCS8_PRIV_KEY_INFO_free(p8); | ||
| 358 | return 0; | ||
| 359 | } | ||
| 360 | ttmp->type = V_ASN1_INTEGER; | ||
| 361 | sk_ASN1_TYPE_push(ndsa, ttmp); | ||
| 362 | |||
| 363 | ttmp = ASN1_TYPE_new(); | ||
| 364 | ttmp->value.integer = prkey; | ||
| 365 | ttmp->type = V_ASN1_INTEGER; | ||
| 366 | sk_ASN1_TYPE_push(ndsa, ttmp); | ||
| 367 | |||
| 368 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | ||
| 369 | |||
| 370 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | ||
| 371 | &p8->pkey->value.octet_string->data, | ||
| 372 | &p8->pkey->value.octet_string->length)) { | ||
| 373 | |||
| 374 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 375 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 376 | M_ASN1_INTEGER_free(prkey); | ||
| 377 | return 0; | ||
| 378 | } | ||
| 379 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 380 | break; | ||
| 298 | 381 | ||
| 382 | case PKCS8_EMBEDDED_PARAM: | ||
| 383 | |||
| 384 | p8->pkeyalg->parameter->type = V_ASN1_NULL; | ||
| 385 | ndsa = sk_ASN1_TYPE_new_null(); | ||
| 386 | ttmp = ASN1_TYPE_new(); | ||
| 387 | ttmp->value.sequence = params; | ||
| 388 | ttmp->type = V_ASN1_SEQUENCE; | ||
| 389 | sk_ASN1_TYPE_push(ndsa, ttmp); | ||
| 390 | |||
| 391 | ttmp = ASN1_TYPE_new(); | ||
| 392 | ttmp->value.integer = prkey; | ||
| 393 | ttmp->type = V_ASN1_INTEGER; | ||
| 394 | sk_ASN1_TYPE_push(ndsa, ttmp); | ||
| 395 | |||
| 396 | p8->pkey->value.octet_string = ASN1_OCTET_STRING_new(); | ||
| 397 | |||
| 398 | if (!ASN1_seq_pack_ASN1_TYPE(ndsa, i2d_ASN1_TYPE, | ||
| 399 | &p8->pkey->value.octet_string->data, | ||
| 400 | &p8->pkey->value.octet_string->length)) { | ||
| 401 | |||
| 402 | EVPerr(EVP_F_EVP_PKEY2PKCS8,ERR_R_MALLOC_FAILURE); | ||
| 403 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 404 | M_ASN1_INTEGER_free (prkey); | ||
| 405 | return 0; | ||
| 406 | } | ||
| 407 | sk_ASN1_TYPE_pop_free(ndsa, ASN1_TYPE_free); | ||
| 408 | break; | ||
| 409 | } | ||
| 410 | return 1; | ||
| 411 | } | ||
| 412 | #endif | ||
diff --git a/src/lib/libcrypto/evp/m_dss.c b/src/lib/libcrypto/evp/m_dss.c index 3549b1699c..beb8d7fc5c 100644 --- a/src/lib/libcrypto/evp/m_dss.c +++ b/src/lib/libcrypto/evp/m_dss.c | |||
| @@ -58,25 +58,38 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | static EVP_MD dsa_md= | 65 | #ifndef OPENSSL_NO_SHA |
| 66 | static int init(EVP_MD_CTX *ctx) | ||
| 67 | { return SHA1_Init(ctx->md_data); } | ||
| 68 | |||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | ||
| 71 | |||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 73 | { return SHA1_Final(md,ctx->md_data); } | ||
| 74 | |||
| 75 | static const EVP_MD dsa_md= | ||
| 66 | { | 76 | { |
| 67 | NID_dsaWithSHA, | 77 | NID_dsaWithSHA, |
| 68 | NID_dsaWithSHA, | 78 | NID_dsaWithSHA, |
| 69 | SHA_DIGEST_LENGTH, | 79 | SHA_DIGEST_LENGTH, |
| 70 | SHA1_Init, | 80 | 0, |
| 71 | SHA1_Update, | 81 | init, |
| 72 | SHA1_Final, | 82 | update, |
| 83 | final, | ||
| 84 | NULL, | ||
| 85 | NULL, | ||
| 73 | EVP_PKEY_DSA_method, | 86 | EVP_PKEY_DSA_method, |
| 74 | SHA_CBLOCK, | 87 | SHA_CBLOCK, |
| 75 | sizeof(EVP_MD *)+sizeof(SHA_CTX), | 88 | sizeof(EVP_MD *)+sizeof(SHA_CTX), |
| 76 | }; | 89 | }; |
| 77 | 90 | ||
| 78 | EVP_MD *EVP_dss() | 91 | const EVP_MD *EVP_dss(void) |
| 79 | { | 92 | { |
| 80 | return(&dsa_md); | 93 | return(&dsa_md); |
| 81 | } | 94 | } |
| 82 | 95 | #endif | |
diff --git a/src/lib/libcrypto/evp/m_dss1.c b/src/lib/libcrypto/evp/m_dss1.c index ff256b7b20..f5668ebda0 100644 --- a/src/lib/libcrypto/evp/m_dss1.c +++ b/src/lib/libcrypto/evp/m_dss1.c | |||
| @@ -56,26 +56,40 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 64 | 65 | ||
| 65 | static EVP_MD dss1_md= | 66 | static int init(EVP_MD_CTX *ctx) |
| 67 | { return SHA1_Init(ctx->md_data); } | ||
| 68 | |||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | ||
| 71 | |||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 73 | { return SHA1_Final(md,ctx->md_data); } | ||
| 74 | |||
| 75 | static const EVP_MD dss1_md= | ||
| 66 | { | 76 | { |
| 67 | NID_dsa, | 77 | NID_dsa, |
| 68 | NID_dsaWithSHA1, | 78 | NID_dsaWithSHA1, |
| 69 | SHA_DIGEST_LENGTH, | 79 | SHA_DIGEST_LENGTH, |
| 70 | SHA1_Init, | 80 | 0, |
| 71 | SHA1_Update, | 81 | init, |
| 72 | SHA1_Final, | 82 | update, |
| 83 | final, | ||
| 84 | NULL, | ||
| 85 | NULL, | ||
| 73 | EVP_PKEY_DSA_method, | 86 | EVP_PKEY_DSA_method, |
| 74 | SHA_CBLOCK, | 87 | SHA_CBLOCK, |
| 75 | sizeof(EVP_MD *)+sizeof(SHA_CTX), | 88 | sizeof(EVP_MD *)+sizeof(SHA_CTX), |
| 76 | }; | 89 | }; |
| 77 | 90 | ||
| 78 | EVP_MD *EVP_dss1() | 91 | const EVP_MD *EVP_dss1(void) |
| 79 | { | 92 | { |
| 80 | return(&dss1_md); | 93 | return(&dss1_md); |
| 81 | } | 94 | } |
| 95 | #endif | ||
diff --git a/src/lib/libcrypto/evp/m_md4.c b/src/lib/libcrypto/evp/m_md4.c index 6a24ceb86d..e19b663754 100644 --- a/src/lib/libcrypto/evp/m_md4.c +++ b/src/lib/libcrypto/evp/m_md4.c | |||
| @@ -56,27 +56,40 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_MD4 | 59 | #ifndef OPENSSL_NO_MD4 |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/evp.h> | 62 | #include <openssl/evp.h> |
| 63 | #include <openssl/objects.h> | 63 | #include <openssl/objects.h> |
| 64 | #include <openssl/x509.h> | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/md4.h> | ||
| 65 | 66 | ||
| 66 | static EVP_MD md4_md= | 67 | static int init(EVP_MD_CTX *ctx) |
| 68 | { return MD4_Init(ctx->md_data); } | ||
| 69 | |||
| 70 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 71 | { return MD4_Update(ctx->md_data,data,count); } | ||
| 72 | |||
| 73 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 74 | { return MD4_Final(md,ctx->md_data); } | ||
| 75 | |||
| 76 | static const EVP_MD md4_md= | ||
| 67 | { | 77 | { |
| 68 | NID_md4, | 78 | NID_md4, |
| 69 | 0, | 79 | NID_md4WithRSAEncryption, |
| 70 | MD4_DIGEST_LENGTH, | 80 | MD4_DIGEST_LENGTH, |
| 71 | MD4_Init, | 81 | 0, |
| 72 | MD4_Update, | 82 | init, |
| 73 | MD4_Final, | 83 | update, |
| 84 | final, | ||
| 85 | NULL, | ||
| 86 | NULL, | ||
| 74 | EVP_PKEY_RSA_method, | 87 | EVP_PKEY_RSA_method, |
| 75 | MD4_CBLOCK, | 88 | MD4_CBLOCK, |
| 76 | sizeof(EVP_MD *)+sizeof(MD4_CTX), | 89 | sizeof(EVP_MD *)+sizeof(MD4_CTX), |
| 77 | }; | 90 | }; |
| 78 | 91 | ||
| 79 | EVP_MD *EVP_md4(void) | 92 | const EVP_MD *EVP_md4(void) |
| 80 | { | 93 | { |
| 81 | return(&md4_md); | 94 | return(&md4_md); |
| 82 | } | 95 | } |
diff --git a/src/lib/libcrypto/evp/m_md5.c b/src/lib/libcrypto/evp/m_md5.c index d65db9aa1d..b00a03e048 100644 --- a/src/lib/libcrypto/evp/m_md5.c +++ b/src/lib/libcrypto/evp/m_md5.c | |||
| @@ -56,26 +56,41 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_MD5 | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include <openssl/md5.h> | ||
| 64 | 66 | ||
| 65 | static EVP_MD md5_md= | 67 | static int init(EVP_MD_CTX *ctx) |
| 68 | { return MD5_Init(ctx->md_data); } | ||
| 69 | |||
| 70 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 71 | { return MD5_Update(ctx->md_data,data,count); } | ||
| 72 | |||
| 73 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 74 | { return MD5_Final(md,ctx->md_data); } | ||
| 75 | |||
| 76 | static const EVP_MD md5_md= | ||
| 66 | { | 77 | { |
| 67 | NID_md5, | 78 | NID_md5, |
| 68 | NID_md5WithRSAEncryption, | 79 | NID_md5WithRSAEncryption, |
| 69 | MD5_DIGEST_LENGTH, | 80 | MD5_DIGEST_LENGTH, |
| 70 | MD5_Init, | 81 | 0, |
| 71 | MD5_Update, | 82 | init, |
| 72 | MD5_Final, | 83 | update, |
| 84 | final, | ||
| 85 | NULL, | ||
| 86 | NULL, | ||
| 73 | EVP_PKEY_RSA_method, | 87 | EVP_PKEY_RSA_method, |
| 74 | MD5_CBLOCK, | 88 | MD5_CBLOCK, |
| 75 | sizeof(EVP_MD *)+sizeof(MD5_CTX), | 89 | sizeof(EVP_MD *)+sizeof(MD5_CTX), |
| 76 | }; | 90 | }; |
| 77 | 91 | ||
| 78 | EVP_MD *EVP_md5() | 92 | const EVP_MD *EVP_md5(void) |
| 79 | { | 93 | { |
| 80 | return(&md5_md); | 94 | return(&md5_md); |
| 81 | } | 95 | } |
| 96 | #endif | ||
diff --git a/src/lib/libcrypto/evp/m_null.c b/src/lib/libcrypto/evp/m_null.c index 6d80560df2..f6f0a1d2c0 100644 --- a/src/lib/libcrypto/evp/m_null.c +++ b/src/lib/libcrypto/evp/m_null.c | |||
| @@ -58,29 +58,36 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | static void function() | 65 | static int init(EVP_MD_CTX *ctx) |
| 66 | { | 66 | { return 1; } |
| 67 | } | 67 | |
| 68 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 69 | { return 1; } | ||
| 68 | 70 | ||
| 69 | static EVP_MD null_md= | 71 | static int final(EVP_MD_CTX *ctx,unsigned char *md) |
| 72 | { return 1; } | ||
| 73 | |||
| 74 | static const EVP_MD null_md= | ||
| 70 | { | 75 | { |
| 71 | NID_undef, | 76 | NID_undef, |
| 72 | NID_undef, | 77 | NID_undef, |
| 73 | 0, | 78 | 0, |
| 74 | function, | 79 | 0, |
| 75 | function, | 80 | init, |
| 76 | function, | 81 | update, |
| 77 | 82 | final, | |
| 83 | NULL, | ||
| 84 | NULL, | ||
| 78 | EVP_PKEY_NULL_method, | 85 | EVP_PKEY_NULL_method, |
| 79 | 0, | 86 | 0, |
| 80 | sizeof(EVP_MD *), | 87 | sizeof(EVP_MD *), |
| 81 | }; | 88 | }; |
| 82 | 89 | ||
| 83 | EVP_MD *EVP_md_null() | 90 | const EVP_MD *EVP_md_null(void) |
| 84 | { | 91 | { |
| 85 | return(&null_md); | 92 | return(&null_md); |
| 86 | } | 93 | } |
diff --git a/src/lib/libcrypto/evp/m_ripemd.c b/src/lib/libcrypto/evp/m_ripemd.c index 04c5d8897b..64725528dc 100644 --- a/src/lib/libcrypto/evp/m_ripemd.c +++ b/src/lib/libcrypto/evp/m_ripemd.c | |||
| @@ -56,26 +56,41 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RIPEMD | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/ripemd.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/evp.h> |
| 63 | #include "x509.h" | 64 | #include <openssl/objects.h> |
| 65 | #include <openssl/x509.h> | ||
| 64 | 66 | ||
| 65 | static EVP_MD ripemd160_md= | 67 | static int init(EVP_MD_CTX *ctx) |
| 68 | { return RIPEMD160_Init(ctx->md_data); } | ||
| 69 | |||
| 70 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 71 | { return RIPEMD160_Update(ctx->md_data,data,count); } | ||
| 72 | |||
| 73 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 74 | { return RIPEMD160_Final(md,ctx->md_data); } | ||
| 75 | |||
| 76 | static const EVP_MD ripemd160_md= | ||
| 66 | { | 77 | { |
| 67 | NID_ripemd160, | 78 | NID_ripemd160, |
| 68 | NID_ripemd160WithRSA, | 79 | NID_ripemd160WithRSA, |
| 69 | RIPEMD160_DIGEST_LENGTH, | 80 | RIPEMD160_DIGEST_LENGTH, |
| 70 | RIPEMD160_Init, | 81 | 0, |
| 71 | RIPEMD160_Update, | 82 | init, |
| 72 | RIPEMD160_Final, | 83 | update, |
| 84 | final, | ||
| 85 | NULL, | ||
| 86 | NULL, | ||
| 73 | EVP_PKEY_RSA_method, | 87 | EVP_PKEY_RSA_method, |
| 74 | RIPEMD160_CBLOCK, | 88 | RIPEMD160_CBLOCK, |
| 75 | sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), | 89 | sizeof(EVP_MD *)+sizeof(RIPEMD160_CTX), |
| 76 | }; | 90 | }; |
| 77 | 91 | ||
| 78 | EVP_MD *EVP_ripemd160() | 92 | const EVP_MD *EVP_ripemd160(void) |
| 79 | { | 93 | { |
| 80 | return(&ripemd160_md); | 94 | return(&ripemd160_md); |
| 81 | } | 95 | } |
| 96 | #endif | ||
diff --git a/src/lib/libcrypto/evp/m_sha1.c b/src/lib/libcrypto/evp/m_sha1.c index 87135a9cf2..d6be3502f0 100644 --- a/src/lib/libcrypto/evp/m_sha1.c +++ b/src/lib/libcrypto/evp/m_sha1.c | |||
| @@ -56,26 +56,40 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_SHA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 64 | 65 | ||
| 65 | static EVP_MD sha1_md= | 66 | static int init(EVP_MD_CTX *ctx) |
| 67 | { return SHA1_Init(ctx->md_data); } | ||
| 68 | |||
| 69 | static int update(EVP_MD_CTX *ctx,const void *data,unsigned long count) | ||
| 70 | { return SHA1_Update(ctx->md_data,data,count); } | ||
| 71 | |||
| 72 | static int final(EVP_MD_CTX *ctx,unsigned char *md) | ||
| 73 | { return SHA1_Final(md,ctx->md_data); } | ||
| 74 | |||
| 75 | static const EVP_MD sha1_md= | ||
| 66 | { | 76 | { |
| 67 | NID_sha1, | 77 | NID_sha1, |
| 68 | NID_sha1WithRSAEncryption, | 78 | NID_sha1WithRSAEncryption, |
| 69 | SHA_DIGEST_LENGTH, | 79 | SHA_DIGEST_LENGTH, |
| 70 | SHA1_Init, | 80 | 0, |
| 71 | SHA1_Update, | 81 | init, |
| 72 | SHA1_Final, | 82 | update, |
| 83 | final, | ||
| 84 | NULL, | ||
| 85 | NULL, | ||
| 73 | EVP_PKEY_RSA_method, | 86 | EVP_PKEY_RSA_method, |
| 74 | SHA_CBLOCK, | 87 | SHA_CBLOCK, |
| 75 | sizeof(EVP_MD *)+sizeof(SHA_CTX), | 88 | sizeof(EVP_MD *)+sizeof(SHA_CTX), |
| 76 | }; | 89 | }; |
| 77 | 90 | ||
| 78 | EVP_MD *EVP_sha1() | 91 | const EVP_MD *EVP_sha1(void) |
| 79 | { | 92 | { |
| 80 | return(&sha1_md); | 93 | return(&sha1_md); |
| 81 | } | 94 | } |
| 95 | #endif | ||
diff --git a/src/lib/libcrypto/evp/names.c b/src/lib/libcrypto/evp/names.c index e0774da20d..eb9f4329cd 100644 --- a/src/lib/libcrypto/evp/names.c +++ b/src/lib/libcrypto/evp/names.c | |||
| @@ -58,228 +58,66 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | ||
| 63 | 64 | ||
| 64 | typedef struct aliases_st { | 65 | int EVP_add_cipher(const EVP_CIPHER *c) |
| 65 | char *alias; | ||
| 66 | /* This must be the last field becaue I will allocate things | ||
| 67 | * so they go off the end of it */ | ||
| 68 | char name[4]; | ||
| 69 | } ALIASES; | ||
| 70 | |||
| 71 | static STACK /* ALIASES */ *aliases=NULL; | ||
| 72 | static STACK /* EVP_CIPHERS */ *ciphers=NULL; | ||
| 73 | static STACK /* EVP_MD */ *digests=NULL; | ||
| 74 | |||
| 75 | static int cipher_nid_cmp(a,b) | ||
| 76 | EVP_CIPHER **a,**b; | ||
| 77 | { return((*a)->nid - (*b)->nid); } | ||
| 78 | |||
| 79 | static int digest_type_cmp(a,b) | ||
| 80 | EVP_MD **a,**b; | ||
| 81 | { return((*a)->pkey_type - (*b)->pkey_type); } | ||
| 82 | |||
| 83 | int EVP_add_cipher(c) | ||
| 84 | EVP_CIPHER *c; | ||
| 85 | { | ||
| 86 | int i; | ||
| 87 | |||
| 88 | if (ciphers == NULL) | ||
| 89 | { | ||
| 90 | ciphers=sk_new(cipher_nid_cmp); | ||
| 91 | if (ciphers == NULL) return(0); | ||
| 92 | } | ||
| 93 | if ((i=sk_find(ciphers,(char *)c)) >= 0) | ||
| 94 | { | ||
| 95 | if (sk_value(ciphers,i) == (char *)c) | ||
| 96 | return(1); | ||
| 97 | sk_delete(ciphers,i); | ||
| 98 | } | ||
| 99 | return(sk_push(ciphers,(char *)c)); | ||
| 100 | } | ||
| 101 | |||
| 102 | int EVP_add_digest(md) | ||
| 103 | EVP_MD *md; | ||
| 104 | { | 66 | { |
| 105 | int i; | 67 | int r; |
| 106 | char *n; | ||
| 107 | 68 | ||
| 108 | if (digests == NULL) | 69 | r=OBJ_NAME_add(OBJ_nid2sn(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); |
| 109 | { | 70 | if (r == 0) return(0); |
| 110 | digests=sk_new(digest_type_cmp); | 71 | r=OBJ_NAME_add(OBJ_nid2ln(c->nid),OBJ_NAME_TYPE_CIPHER_METH,(char *)c); |
| 111 | if (digests == NULL) return(0); | 72 | return(r); |
| 112 | } | ||
| 113 | if ((i=sk_find(digests,(char *)md)) >= 0) | ||
| 114 | { | ||
| 115 | if (sk_value(digests,i) == (char *)md) | ||
| 116 | return(1); | ||
| 117 | sk_delete(digests,i); | ||
| 118 | } | ||
| 119 | if (md->type != md->pkey_type) | ||
| 120 | { | ||
| 121 | n=OBJ_nid2sn(md->pkey_type); | ||
| 122 | EVP_add_alias(n,OBJ_nid2sn(md->type)); | ||
| 123 | EVP_add_alias(n,OBJ_nid2ln(md->type)); | ||
| 124 | } | ||
| 125 | sk_push(digests,(char *)md); | ||
| 126 | return(1); | ||
| 127 | } | ||
| 128 | |||
| 129 | static int alias_cmp(a,b) | ||
| 130 | ALIASES **a,**b; | ||
| 131 | { | ||
| 132 | return(strcmp((*a)->alias,(*b)->alias)); | ||
| 133 | } | 73 | } |
| 134 | 74 | ||
| 135 | int EVP_add_alias(name,aname) | 75 | int EVP_add_digest(const EVP_MD *md) |
| 136 | char *name; | ||
| 137 | char *aname; | ||
| 138 | { | 76 | { |
| 139 | int l1,l2,i; | 77 | int r; |
| 140 | ALIASES *a; | 78 | const char *name; |
| 141 | char *p; | ||
| 142 | 79 | ||
| 143 | if ((name == NULL) || (aname == NULL)) return(0); | 80 | name=OBJ_nid2sn(md->type); |
| 144 | l1=strlen(name)+1; | 81 | r=OBJ_NAME_add(name,OBJ_NAME_TYPE_MD_METH,(char *)md); |
| 145 | l2=strlen(aname)+1; | 82 | if (r == 0) return(0); |
| 146 | i=sizeof(ALIASES)+l1+l2; | 83 | r=OBJ_NAME_add(OBJ_nid2ln(md->type),OBJ_NAME_TYPE_MD_METH,(char *)md); |
| 147 | if ((a=(ALIASES *)Malloc(i)) == NULL) | 84 | if (r == 0) return(0); |
| 148 | return(0); | ||
| 149 | strcpy(a->name,name); | ||
| 150 | p= &(a->name[l1]); | ||
| 151 | strcpy(p,aname); | ||
| 152 | a->alias=p; | ||
| 153 | 85 | ||
| 154 | if (aliases == NULL) | 86 | if (md->type != md->pkey_type) |
| 155 | { | ||
| 156 | aliases=sk_new(alias_cmp); | ||
| 157 | if (aliases == NULL) goto err; | ||
| 158 | } | ||
| 159 | |||
| 160 | if ((i=sk_find(aliases,(char *)a)) >= 0) | ||
| 161 | { | 87 | { |
| 162 | Free(sk_delete(aliases,i)); | 88 | r=OBJ_NAME_add(OBJ_nid2sn(md->pkey_type), |
| 89 | OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); | ||
| 90 | if (r == 0) return(0); | ||
| 91 | r=OBJ_NAME_add(OBJ_nid2ln(md->pkey_type), | ||
| 92 | OBJ_NAME_TYPE_MD_METH|OBJ_NAME_ALIAS,name); | ||
| 163 | } | 93 | } |
| 164 | if (!sk_push(aliases,(char *)a)) goto err; | 94 | return(r); |
| 165 | return(1); | ||
| 166 | err: | ||
| 167 | return(0); | ||
| 168 | } | 95 | } |
| 169 | 96 | ||
| 170 | int EVP_delete_alias(name) | 97 | const EVP_CIPHER *EVP_get_cipherbyname(const char *name) |
| 171 | char *name; | ||
| 172 | { | 98 | { |
| 173 | ALIASES a; | 99 | const EVP_CIPHER *cp; |
| 174 | int i; | ||
| 175 | 100 | ||
| 176 | if (aliases != NULL) | 101 | cp=(const EVP_CIPHER *)OBJ_NAME_get(name,OBJ_NAME_TYPE_CIPHER_METH); |
| 177 | { | 102 | return(cp); |
| 178 | a.alias=name; | ||
| 179 | if ((i=sk_find(aliases,(char *)&a)) >= 0) | ||
| 180 | { | ||
| 181 | Free(sk_delete(aliases,i)); | ||
| 182 | return(1); | ||
| 183 | } | ||
| 184 | } | ||
| 185 | return(0); | ||
| 186 | } | 103 | } |
| 187 | 104 | ||
| 188 | EVP_CIPHER *EVP_get_cipherbyname(name) | 105 | const EVP_MD *EVP_get_digestbyname(const char *name) |
| 189 | char *name; | ||
| 190 | { | 106 | { |
| 191 | int nid,num=6,i; | 107 | const EVP_MD *cp; |
| 192 | EVP_CIPHER c,*cp; | ||
| 193 | ALIASES a,*ap; | ||
| 194 | |||
| 195 | if (ciphers == NULL) return(NULL); | ||
| 196 | for (;;) | ||
| 197 | { | ||
| 198 | if (num-- <= 0) return(NULL); | ||
| 199 | if (aliases != NULL) | ||
| 200 | { | ||
| 201 | a.alias=name; | ||
| 202 | i=sk_find(aliases,(char *)&a); | ||
| 203 | if (i >= 0) | ||
| 204 | { | ||
| 205 | ap=(ALIASES *)sk_value(aliases,i); | ||
| 206 | name=ap->name; | ||
| 207 | continue; | ||
| 208 | } | ||
| 209 | } | ||
| 210 | 108 | ||
| 211 | nid=OBJ_txt2nid(name); | 109 | cp=(const EVP_MD *)OBJ_NAME_get(name,OBJ_NAME_TYPE_MD_METH); |
| 212 | if (nid == NID_undef) return(NULL); | 110 | return(cp); |
| 213 | c.nid=nid; | ||
| 214 | i=sk_find(ciphers,(char *)&c); | ||
| 215 | if (i >= 0) | ||
| 216 | { | ||
| 217 | cp=(EVP_CIPHER *)sk_value(ciphers,i); | ||
| 218 | return(cp); | ||
| 219 | } | ||
| 220 | else | ||
| 221 | return(NULL); | ||
| 222 | } | ||
| 223 | } | 111 | } |
| 224 | 112 | ||
| 225 | EVP_MD *EVP_get_digestbyname(name) | 113 | void EVP_cleanup(void) |
| 226 | char *name; | ||
| 227 | { | 114 | { |
| 228 | int nid,num=6,i; | 115 | OBJ_NAME_cleanup(OBJ_NAME_TYPE_CIPHER_METH); |
| 229 | EVP_MD c,*cp; | 116 | OBJ_NAME_cleanup(OBJ_NAME_TYPE_MD_METH); |
| 230 | ALIASES a,*ap; | 117 | /* The above calls will only clean out the contents of the name |
| 231 | 118 | hash table, but not the hash table itself. The following line | |
| 232 | if (digests == NULL) return(NULL); | 119 | does that part. -- Richard Levitte */ |
| 233 | 120 | OBJ_NAME_cleanup(-1); | |
| 234 | for (;;) | 121 | |
| 235 | { | 122 | EVP_PBE_cleanup(); |
| 236 | if (num-- <= 0) return(NULL); | ||
| 237 | |||
| 238 | if (aliases != NULL) | ||
| 239 | { | ||
| 240 | a.alias=name; | ||
| 241 | i=sk_find(aliases,(char *)&a); | ||
| 242 | if (i >= 0) | ||
| 243 | { | ||
| 244 | ap=(ALIASES *)sk_value(aliases,i); | ||
| 245 | name=ap->name; | ||
| 246 | continue; | ||
| 247 | } | ||
| 248 | } | ||
| 249 | |||
| 250 | nid=OBJ_txt2nid(name); | ||
| 251 | if (nid == NID_undef) return(NULL); | ||
| 252 | c.pkey_type=nid; | ||
| 253 | i=sk_find(digests,(char *)&c); | ||
| 254 | if (i >= 0) | ||
| 255 | { | ||
| 256 | cp=(EVP_MD *)sk_value(digests,i); | ||
| 257 | return(cp); | ||
| 258 | } | ||
| 259 | else | ||
| 260 | return(NULL); | ||
| 261 | } | ||
| 262 | } | ||
| 263 | |||
| 264 | void EVP_cleanup() | ||
| 265 | { | ||
| 266 | int i; | ||
| 267 | |||
| 268 | if (aliases != NULL) | ||
| 269 | { | ||
| 270 | for (i=0; i<sk_num(aliases); i++) | ||
| 271 | Free(sk_value(aliases,i)); | ||
| 272 | sk_free(aliases); | ||
| 273 | aliases=NULL; | ||
| 274 | } | ||
| 275 | if (ciphers != NULL) | ||
| 276 | { | ||
| 277 | sk_free(ciphers); | ||
| 278 | ciphers=NULL; | ||
| 279 | } | ||
| 280 | if (digests != NULL) | ||
| 281 | { | ||
| 282 | sk_free(digests); | ||
| 283 | digests=NULL; | ||
| 284 | } | ||
| 285 | } | 123 | } |
diff --git a/src/lib/libcrypto/evp/p5_crpt.c b/src/lib/libcrypto/evp/p5_crpt.c index e3dae52d4d..113c60fedb 100644 --- a/src/lib/libcrypto/evp/p5_crpt.c +++ b/src/lib/libcrypto/evp/p5_crpt.c | |||
| @@ -67,41 +67,41 @@ | |||
| 67 | 67 | ||
| 68 | void PKCS5_PBE_add(void) | 68 | void PKCS5_PBE_add(void) |
| 69 | { | 69 | { |
| 70 | #ifndef NO_DES | 70 | #ifndef OPENSSL_NO_DES |
| 71 | # ifndef NO_MD5 | 71 | # ifndef OPENSSL_NO_MD5 |
| 72 | EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), | 72 | EVP_PBE_alg_add(NID_pbeWithMD5AndDES_CBC, EVP_des_cbc(), EVP_md5(), |
| 73 | PKCS5_PBE_keyivgen); | 73 | PKCS5_PBE_keyivgen); |
| 74 | # endif | 74 | # endif |
| 75 | # ifndef NO_MD2 | 75 | # ifndef OPENSSL_NO_MD2 |
| 76 | EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), | 76 | EVP_PBE_alg_add(NID_pbeWithMD2AndDES_CBC, EVP_des_cbc(), EVP_md2(), |
| 77 | PKCS5_PBE_keyivgen); | 77 | PKCS5_PBE_keyivgen); |
| 78 | # endif | 78 | # endif |
| 79 | # ifndef NO_SHA | 79 | # ifndef OPENSSL_NO_SHA |
| 80 | EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), | 80 | EVP_PBE_alg_add(NID_pbeWithSHA1AndDES_CBC, EVP_des_cbc(), EVP_sha1(), |
| 81 | PKCS5_PBE_keyivgen); | 81 | PKCS5_PBE_keyivgen); |
| 82 | # endif | 82 | # endif |
| 83 | #endif | 83 | #endif |
| 84 | #ifndef NO_RC2 | 84 | #ifndef OPENSSL_NO_RC2 |
| 85 | # ifndef NO_MD5 | 85 | # ifndef OPENSSL_NO_MD5 |
| 86 | EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), | 86 | EVP_PBE_alg_add(NID_pbeWithMD5AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md5(), |
| 87 | PKCS5_PBE_keyivgen); | 87 | PKCS5_PBE_keyivgen); |
| 88 | # endif | 88 | # endif |
| 89 | # ifndef NO_MD2 | 89 | # ifndef OPENSSL_NO_MD2 |
| 90 | EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), | 90 | EVP_PBE_alg_add(NID_pbeWithMD2AndRC2_CBC, EVP_rc2_64_cbc(), EVP_md2(), |
| 91 | PKCS5_PBE_keyivgen); | 91 | PKCS5_PBE_keyivgen); |
| 92 | # endif | 92 | # endif |
| 93 | # ifndef NO_SHA | 93 | # ifndef OPENSSL_NO_SHA |
| 94 | EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), | 94 | EVP_PBE_alg_add(NID_pbeWithSHA1AndRC2_CBC, EVP_rc2_64_cbc(), EVP_sha1(), |
| 95 | PKCS5_PBE_keyivgen); | 95 | PKCS5_PBE_keyivgen); |
| 96 | # endif | 96 | # endif |
| 97 | #endif | 97 | #endif |
| 98 | #ifndef NO_HMAC | 98 | #ifndef OPENSSL_NO_HMAC |
| 99 | EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); | 99 | EVP_PBE_alg_add(NID_pbes2, NULL, NULL, PKCS5_v2_PBE_keyivgen); |
| 100 | #endif | 100 | #endif |
| 101 | } | 101 | } |
| 102 | 102 | ||
| 103 | int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | 103 | int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, |
| 104 | ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, | 104 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, |
| 105 | int en_de) | 105 | int en_de) |
| 106 | { | 106 | { |
| 107 | EVP_MD_CTX ctx; | 107 | EVP_MD_CTX ctx; |
| @@ -125,20 +125,25 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, | |||
| 125 | salt = pbe->salt->data; | 125 | salt = pbe->salt->data; |
| 126 | saltlen = pbe->salt->length; | 126 | saltlen = pbe->salt->length; |
| 127 | 127 | ||
| 128 | EVP_DigestInit (&ctx, md); | 128 | if(!pass) passlen = 0; |
| 129 | EVP_DigestUpdate (&ctx, pass, passlen); | 129 | else if(passlen == -1) passlen = strlen(pass); |
| 130 | EVP_DigestUpdate (&ctx, salt, saltlen); | 130 | |
| 131 | EVP_MD_CTX_init(&ctx); | ||
| 132 | EVP_DigestInit_ex(&ctx, md, NULL); | ||
| 133 | EVP_DigestUpdate(&ctx, pass, passlen); | ||
| 134 | EVP_DigestUpdate(&ctx, salt, saltlen); | ||
| 131 | PBEPARAM_free(pbe); | 135 | PBEPARAM_free(pbe); |
| 132 | EVP_DigestFinal (&ctx, md_tmp, NULL); | 136 | EVP_DigestFinal_ex(&ctx, md_tmp, NULL); |
| 133 | for (i = 1; i < iter; i++) { | 137 | for (i = 1; i < iter; i++) { |
| 134 | EVP_DigestInit(&ctx, md); | 138 | EVP_DigestInit_ex(&ctx, md, NULL); |
| 135 | EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); | 139 | EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); |
| 136 | EVP_DigestFinal (&ctx, md_tmp, NULL); | 140 | EVP_DigestFinal_ex (&ctx, md_tmp, NULL); |
| 137 | } | 141 | } |
| 138 | memcpy (key, md_tmp, EVP_CIPHER_key_length(cipher)); | 142 | EVP_MD_CTX_cleanup(&ctx); |
| 139 | memcpy (iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | 143 | memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher)); |
| 144 | memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)), | ||
| 140 | EVP_CIPHER_iv_length(cipher)); | 145 | EVP_CIPHER_iv_length(cipher)); |
| 141 | EVP_CipherInit(cctx, cipher, key, iv, en_de); | 146 | EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de); |
| 142 | memset(md_tmp, 0, EVP_MAX_MD_SIZE); | 147 | memset(md_tmp, 0, EVP_MAX_MD_SIZE); |
| 143 | memset(key, 0, EVP_MAX_KEY_LENGTH); | 148 | memset(key, 0, EVP_MAX_KEY_LENGTH); |
| 144 | memset(iv, 0, EVP_MAX_IV_LENGTH); | 149 | memset(iv, 0, EVP_MAX_IV_LENGTH); |
diff --git a/src/lib/libcrypto/evp/p5_crpt2.c b/src/lib/libcrypto/evp/p5_crpt2.c index 27a2c518be..7881860b53 100644 --- a/src/lib/libcrypto/evp/p5_crpt2.c +++ b/src/lib/libcrypto/evp/p5_crpt2.c | |||
| @@ -55,7 +55,7 @@ | |||
| 55 | * Hudson (tjh@cryptsoft.com). | 55 | * Hudson (tjh@cryptsoft.com). |
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | #if !defined(NO_HMAC) && !defined(NO_SHA) | 58 | #if !defined(OPENSSL_NO_HMAC) && !defined(OPENSSL_NO_SHA) |
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <openssl/x509.h> | 61 | #include <openssl/x509.h> |
| @@ -84,9 +84,12 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | |||
| 84 | int cplen, j, k, tkeylen; | 84 | int cplen, j, k, tkeylen; |
| 85 | unsigned long i = 1; | 85 | unsigned long i = 1; |
| 86 | HMAC_CTX hctx; | 86 | HMAC_CTX hctx; |
| 87 | |||
| 88 | HMAC_CTX_init(&hctx); | ||
| 87 | p = out; | 89 | p = out; |
| 88 | tkeylen = keylen; | 90 | tkeylen = keylen; |
| 89 | if(passlen == -1) passlen = strlen(pass); | 91 | if(!pass) passlen = 0; |
| 92 | else if(passlen == -1) passlen = strlen(pass); | ||
| 90 | while(tkeylen) { | 93 | while(tkeylen) { |
| 91 | if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; | 94 | if(tkeylen > SHA_DIGEST_LENGTH) cplen = SHA_DIGEST_LENGTH; |
| 92 | else cplen = tkeylen; | 95 | else cplen = tkeylen; |
| @@ -97,7 +100,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | |||
| 97 | itmp[1] = (unsigned char)((i >> 16) & 0xff); | 100 | itmp[1] = (unsigned char)((i >> 16) & 0xff); |
| 98 | itmp[2] = (unsigned char)((i >> 8) & 0xff); | 101 | itmp[2] = (unsigned char)((i >> 8) & 0xff); |
| 99 | itmp[3] = (unsigned char)(i & 0xff); | 102 | itmp[3] = (unsigned char)(i & 0xff); |
| 100 | HMAC_Init(&hctx, pass, passlen, EVP_sha1()); | 103 | HMAC_Init_ex(&hctx, pass, passlen, EVP_sha1(), NULL); |
| 101 | HMAC_Update(&hctx, salt, saltlen); | 104 | HMAC_Update(&hctx, salt, saltlen); |
| 102 | HMAC_Update(&hctx, itmp, 4); | 105 | HMAC_Update(&hctx, itmp, 4); |
| 103 | HMAC_Final(&hctx, digtmp, NULL); | 106 | HMAC_Final(&hctx, digtmp, NULL); |
| @@ -111,7 +114,7 @@ int PKCS5_PBKDF2_HMAC_SHA1(const char *pass, int passlen, | |||
| 111 | i++; | 114 | i++; |
| 112 | p+= cplen; | 115 | p+= cplen; |
| 113 | } | 116 | } |
| 114 | HMAC_cleanup(&hctx); | 117 | HMAC_CTX_cleanup(&hctx); |
| 115 | #ifdef DEBUG_PKCS5V2 | 118 | #ifdef DEBUG_PKCS5V2 |
| 116 | fprintf(stderr, "Password:\n"); | 119 | fprintf(stderr, "Password:\n"); |
| 117 | h__dump (pass, passlen); | 120 | h__dump (pass, passlen); |
| @@ -142,7 +145,7 @@ main() | |||
| 142 | */ | 145 | */ |
| 143 | 146 | ||
| 144 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 147 | int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 145 | ASN1_TYPE *param, EVP_CIPHER *c, EVP_MD *md, | 148 | ASN1_TYPE *param, const EVP_CIPHER *c, const EVP_MD *md, |
| 146 | int en_de) | 149 | int en_de) |
| 147 | { | 150 | { |
| 148 | unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; | 151 | unsigned char *pbuf, *salt, key[EVP_MAX_KEY_LENGTH]; |
| @@ -180,7 +183,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 180 | } | 183 | } |
| 181 | 184 | ||
| 182 | /* Fixup cipher based on AlgorithmIdentifier */ | 185 | /* Fixup cipher based on AlgorithmIdentifier */ |
| 183 | EVP_CipherInit(ctx, cipher, NULL, NULL, en_de); | 186 | EVP_CipherInit_ex(ctx, cipher, NULL, NULL, NULL, en_de); |
| 184 | if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { | 187 | if(EVP_CIPHER_asn1_to_param(ctx, pbe2->encryption->parameter) < 0) { |
| 185 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, | 188 | EVPerr(EVP_F_PKCS5_V2_PBE_KEYIVGEN, |
| 186 | EVP_R_CIPHER_PARAMETER_ERROR); | 189 | EVP_R_CIPHER_PARAMETER_ERROR); |
| @@ -226,7 +229,7 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 226 | saltlen = kdf->salt->value.octet_string->length; | 229 | saltlen = kdf->salt->value.octet_string->length; |
| 227 | iter = ASN1_INTEGER_get(kdf->iter); | 230 | iter = ASN1_INTEGER_get(kdf->iter); |
| 228 | PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); | 231 | PKCS5_PBKDF2_HMAC_SHA1(pass, passlen, salt, saltlen, iter, keylen, key); |
| 229 | EVP_CipherInit(ctx, NULL, key, NULL, en_de); | 232 | EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); |
| 230 | memset(key, 0, keylen); | 233 | memset(key, 0, keylen); |
| 231 | PBKDF2PARAM_free(kdf); | 234 | PBKDF2PARAM_free(kdf); |
| 232 | return 1; | 235 | return 1; |
diff --git a/src/lib/libcrypto/evp/p_dec.c b/src/lib/libcrypto/evp/p_dec.c index e845ce70c7..8af620400e 100644 --- a/src/lib/libcrypto/evp/p_dec.c +++ b/src/lib/libcrypto/evp/p_dec.c | |||
| @@ -58,27 +58,30 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "rsa.h" | 62 | #ifndef OPENSSL_NO_RSA |
| 63 | #include "evp.h" | 63 | #include <openssl/rsa.h> |
| 64 | #include "objects.h" | 64 | #endif |
| 65 | #include "x509.h" | 65 | #include <openssl/evp.h> |
| 66 | #include <openssl/objects.h> | ||
| 67 | #include <openssl/x509.h> | ||
| 66 | 68 | ||
| 67 | int EVP_PKEY_decrypt(key,ek,ekl,priv) | 69 | int EVP_PKEY_decrypt(unsigned char *key, unsigned char *ek, int ekl, |
| 68 | unsigned char *key; | 70 | EVP_PKEY *priv) |
| 69 | unsigned char *ek; | ||
| 70 | int ekl; | ||
| 71 | EVP_PKEY *priv; | ||
| 72 | { | 71 | { |
| 73 | int ret= -1; | 72 | int ret= -1; |
| 74 | 73 | ||
| 74 | #ifndef OPENSSL_NO_RSA | ||
| 75 | if (priv->type != EVP_PKEY_RSA) | 75 | if (priv->type != EVP_PKEY_RSA) |
| 76 | { | 76 | { |
| 77 | #endif | ||
| 77 | EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); | 78 | EVPerr(EVP_F_EVP_PKEY_DECRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); |
| 79 | #ifndef OPENSSL_NO_RSA | ||
| 78 | goto err; | 80 | goto err; |
| 79 | } | 81 | } |
| 80 | 82 | ||
| 81 | ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); | 83 | ret=RSA_private_decrypt(ekl,ek,key,priv->pkey.rsa,RSA_PKCS1_PADDING); |
| 82 | err: | 84 | err: |
| 85 | #endif | ||
| 83 | return(ret); | 86 | return(ret); |
| 84 | } | 87 | } |
diff --git a/src/lib/libcrypto/evp/p_enc.c b/src/lib/libcrypto/evp/p_enc.c index a26bfad02a..656883b996 100644 --- a/src/lib/libcrypto/evp/p_enc.c +++ b/src/lib/libcrypto/evp/p_enc.c | |||
| @@ -58,26 +58,29 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "rsa.h" | 62 | #ifndef OPENSSL_NO_RSA |
| 63 | #include "evp.h" | 63 | #include <openssl/rsa.h> |
| 64 | #include "objects.h" | 64 | #endif |
| 65 | #include "x509.h" | 65 | #include <openssl/evp.h> |
| 66 | #include <openssl/objects.h> | ||
| 67 | #include <openssl/x509.h> | ||
| 66 | 68 | ||
| 67 | int EVP_PKEY_encrypt(ek,key,key_len,pubk) | 69 | int EVP_PKEY_encrypt(unsigned char *ek, unsigned char *key, int key_len, |
| 68 | unsigned char *ek; | 70 | EVP_PKEY *pubk) |
| 69 | unsigned char *key; | ||
| 70 | int key_len; | ||
| 71 | EVP_PKEY *pubk; | ||
| 72 | { | 71 | { |
| 73 | int ret=0; | 72 | int ret=0; |
| 74 | 73 | ||
| 74 | #ifndef OPENSSL_NO_RSA | ||
| 75 | if (pubk->type != EVP_PKEY_RSA) | 75 | if (pubk->type != EVP_PKEY_RSA) |
| 76 | { | 76 | { |
| 77 | #endif | ||
| 77 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); | 78 | EVPerr(EVP_F_EVP_PKEY_ENCRYPT,EVP_R_PUBLIC_KEY_NOT_RSA); |
| 79 | #ifndef OPENSSL_NO_RSA | ||
| 78 | goto err; | 80 | goto err; |
| 79 | } | 81 | } |
| 80 | ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); | 82 | ret=RSA_public_encrypt(key_len,key,ek,pubk->pkey.rsa,RSA_PKCS1_PADDING); |
| 81 | err: | 83 | err: |
| 84 | #endif | ||
| 82 | return(ret); | 85 | return(ret); |
| 83 | } | 86 | } |
diff --git a/src/lib/libcrypto/evp/p_lib.c b/src/lib/libcrypto/evp/p_lib.c index 395351b373..215b94292a 100644 --- a/src/lib/libcrypto/evp/p_lib.c +++ b/src/lib/libcrypto/evp/p_lib.c | |||
| @@ -58,58 +58,49 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "objects.h" | 61 | #include <openssl/objects.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "asn1_mac.h" | 63 | #include <openssl/asn1_mac.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | 65 | ||
| 66 | /* EVPerr(EVP_F_D2I_PKEY,EVP_R_UNSUPPORTED_CIPHER); */ | ||
| 67 | /* EVPerr(EVP_F_D2I_PKEY,EVP_R_IV_TOO_LARGE); */ | ||
| 68 | |||
| 69 | #ifndef NOPROTO | ||
| 70 | static void EVP_PKEY_free_it(EVP_PKEY *x); | 66 | static void EVP_PKEY_free_it(EVP_PKEY *x); |
| 71 | #else | ||
| 72 | static void EVP_PKEY_free_it(); | ||
| 73 | #endif | ||
| 74 | 67 | ||
| 75 | int EVP_PKEY_bits(pkey) | 68 | int EVP_PKEY_bits(EVP_PKEY *pkey) |
| 76 | EVP_PKEY *pkey; | ||
| 77 | { | 69 | { |
| 78 | #ifndef NO_RSA | 70 | #ifndef OPENSSL_NO_RSA |
| 79 | if (pkey->type == EVP_PKEY_RSA) | 71 | if (pkey->type == EVP_PKEY_RSA) |
| 80 | return(BN_num_bits(pkey->pkey.rsa->n)); | 72 | return(BN_num_bits(pkey->pkey.rsa->n)); |
| 81 | else | 73 | else |
| 82 | #endif | 74 | #endif |
| 83 | #ifndef NO_DSA | 75 | #ifndef OPENSSL_NO_DSA |
| 84 | if (pkey->type == EVP_PKEY_DSA) | 76 | if (pkey->type == EVP_PKEY_DSA) |
| 85 | return(BN_num_bits(pkey->pkey.dsa->p)); | 77 | return(BN_num_bits(pkey->pkey.dsa->p)); |
| 86 | #endif | 78 | #endif |
| 87 | return(0); | 79 | return(0); |
| 88 | } | 80 | } |
| 89 | 81 | ||
| 90 | int EVP_PKEY_size(pkey) | 82 | int EVP_PKEY_size(EVP_PKEY *pkey) |
| 91 | EVP_PKEY *pkey; | ||
| 92 | { | 83 | { |
| 93 | #ifndef NO_RSA | 84 | if (pkey == NULL) |
| 85 | return(0); | ||
| 86 | #ifndef OPENSSL_NO_RSA | ||
| 94 | if (pkey->type == EVP_PKEY_RSA) | 87 | if (pkey->type == EVP_PKEY_RSA) |
| 95 | return(RSA_size(pkey->pkey.rsa)); | 88 | return(RSA_size(pkey->pkey.rsa)); |
| 96 | else | 89 | else |
| 97 | #endif | 90 | #endif |
| 98 | #ifndef NO_DSA | 91 | #ifndef OPENSSL_NO_DSA |
| 99 | if (pkey->type == EVP_PKEY_DSA) | 92 | if (pkey->type == EVP_PKEY_DSA) |
| 100 | return(DSA_size(pkey->pkey.dsa)); | 93 | return(DSA_size(pkey->pkey.dsa)); |
| 101 | #endif | 94 | #endif |
| 102 | return(0); | 95 | return(0); |
| 103 | } | 96 | } |
| 104 | 97 | ||
| 105 | int EVP_PKEY_save_parameters(pkey,mode) | 98 | int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) |
| 106 | EVP_PKEY *pkey; | ||
| 107 | int mode; | ||
| 108 | { | 99 | { |
| 109 | #ifndef NO_DSA | 100 | #ifndef OPENSSL_NO_DSA |
| 110 | if (pkey->type == EVP_PKEY_DSA) | 101 | if (pkey->type == EVP_PKEY_DSA) |
| 111 | { | 102 | { |
| 112 | int ret=pkey->save_parameters=mode; | 103 | int ret=pkey->save_parameters; |
| 113 | 104 | ||
| 114 | if (mode >= 0) | 105 | if (mode >= 0) |
| 115 | pkey->save_parameters=mode; | 106 | pkey->save_parameters=mode; |
| @@ -119,8 +110,7 @@ int mode; | |||
| 119 | return(0); | 110 | return(0); |
| 120 | } | 111 | } |
| 121 | 112 | ||
| 122 | int EVP_PKEY_copy_parameters(to,from) | 113 | int EVP_PKEY_copy_parameters(EVP_PKEY *to, EVP_PKEY *from) |
| 123 | EVP_PKEY *to,*from; | ||
| 124 | { | 114 | { |
| 125 | if (to->type != from->type) | 115 | if (to->type != from->type) |
| 126 | { | 116 | { |
| @@ -130,10 +120,10 @@ EVP_PKEY *to,*from; | |||
| 130 | 120 | ||
| 131 | if (EVP_PKEY_missing_parameters(from)) | 121 | if (EVP_PKEY_missing_parameters(from)) |
| 132 | { | 122 | { |
| 133 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARMATERS); | 123 | EVPerr(EVP_F_EVP_PKEY_COPY_PARAMETERS,EVP_R_MISSING_PARAMETERS); |
| 134 | goto err; | 124 | goto err; |
| 135 | } | 125 | } |
| 136 | #ifndef NO_DSA | 126 | #ifndef OPENSSL_NO_DSA |
| 137 | if (to->type == EVP_PKEY_DSA) | 127 | if (to->type == EVP_PKEY_DSA) |
| 138 | { | 128 | { |
| 139 | BIGNUM *a; | 129 | BIGNUM *a; |
| @@ -156,10 +146,9 @@ err: | |||
| 156 | return(0); | 146 | return(0); |
| 157 | } | 147 | } |
| 158 | 148 | ||
| 159 | int EVP_PKEY_missing_parameters(pkey) | 149 | int EVP_PKEY_missing_parameters(EVP_PKEY *pkey) |
| 160 | EVP_PKEY *pkey; | ||
| 161 | { | 150 | { |
| 162 | #ifndef NO_DSA | 151 | #ifndef OPENSSL_NO_DSA |
| 163 | if (pkey->type == EVP_PKEY_DSA) | 152 | if (pkey->type == EVP_PKEY_DSA) |
| 164 | { | 153 | { |
| 165 | DSA *dsa; | 154 | DSA *dsa; |
| @@ -172,10 +161,9 @@ EVP_PKEY *pkey; | |||
| 172 | return(0); | 161 | return(0); |
| 173 | } | 162 | } |
| 174 | 163 | ||
| 175 | int EVP_PKEY_cmp_parameters(a,b) | 164 | int EVP_PKEY_cmp_parameters(EVP_PKEY *a, EVP_PKEY *b) |
| 176 | EVP_PKEY *a,*b; | ||
| 177 | { | 165 | { |
| 178 | #ifndef NO_DSA | 166 | #ifndef OPENSSL_NO_DSA |
| 179 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) | 167 | if ((a->type == EVP_PKEY_DSA) && (b->type == EVP_PKEY_DSA)) |
| 180 | { | 168 | { |
| 181 | if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || | 169 | if ( BN_cmp(a->pkey.dsa->p,b->pkey.dsa->p) || |
| @@ -189,11 +177,11 @@ EVP_PKEY *a,*b; | |||
| 189 | return(-1); | 177 | return(-1); |
| 190 | } | 178 | } |
| 191 | 179 | ||
| 192 | EVP_PKEY *EVP_PKEY_new() | 180 | EVP_PKEY *EVP_PKEY_new(void) |
| 193 | { | 181 | { |
| 194 | EVP_PKEY *ret; | 182 | EVP_PKEY *ret; |
| 195 | 183 | ||
| 196 | ret=(EVP_PKEY *)Malloc(sizeof(EVP_PKEY)); | 184 | ret=(EVP_PKEY *)OPENSSL_malloc(sizeof(EVP_PKEY)); |
| 197 | if (ret == NULL) | 185 | if (ret == NULL) |
| 198 | { | 186 | { |
| 199 | EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); | 187 | EVPerr(EVP_F_EVP_PKEY_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -207,10 +195,7 @@ EVP_PKEY *EVP_PKEY_new() | |||
| 207 | return(ret); | 195 | return(ret); |
| 208 | } | 196 | } |
| 209 | 197 | ||
| 210 | int EVP_PKEY_assign(pkey,type,key) | 198 | int EVP_PKEY_assign(EVP_PKEY *pkey, int type, char *key) |
| 211 | EVP_PKEY *pkey; | ||
| 212 | int type; | ||
| 213 | char *key; | ||
| 214 | { | 199 | { |
| 215 | if (pkey == NULL) return(0); | 200 | if (pkey == NULL) return(0); |
| 216 | if (pkey->pkey.ptr != NULL) | 201 | if (pkey->pkey.ptr != NULL) |
| @@ -218,11 +203,71 @@ char *key; | |||
| 218 | pkey->type=EVP_PKEY_type(type); | 203 | pkey->type=EVP_PKEY_type(type); |
| 219 | pkey->save_type=type; | 204 | pkey->save_type=type; |
| 220 | pkey->pkey.ptr=key; | 205 | pkey->pkey.ptr=key; |
| 221 | return(1); | 206 | return(key != NULL); |
| 207 | } | ||
| 208 | |||
| 209 | #ifndef OPENSSL_NO_RSA | ||
| 210 | int EVP_PKEY_set1_RSA(EVP_PKEY *pkey, RSA *key) | ||
| 211 | { | ||
| 212 | int ret = EVP_PKEY_assign_RSA(pkey, key); | ||
| 213 | if(ret) | ||
| 214 | RSA_up_ref(key); | ||
| 215 | return ret; | ||
| 216 | } | ||
| 217 | |||
| 218 | RSA *EVP_PKEY_get1_RSA(EVP_PKEY *pkey) | ||
| 219 | { | ||
| 220 | if(pkey->type != EVP_PKEY_RSA) { | ||
| 221 | EVPerr(EVP_F_EVP_PKEY_GET1_RSA, EVP_R_EXPECTING_AN_RSA_KEY); | ||
| 222 | return NULL; | ||
| 222 | } | 223 | } |
| 224 | RSA_up_ref(pkey->pkey.rsa); | ||
| 225 | return pkey->pkey.rsa; | ||
| 226 | } | ||
| 227 | #endif | ||
| 228 | |||
| 229 | #ifndef OPENSSL_NO_DSA | ||
| 230 | int EVP_PKEY_set1_DSA(EVP_PKEY *pkey, DSA *key) | ||
| 231 | { | ||
| 232 | int ret = EVP_PKEY_assign_DSA(pkey, key); | ||
| 233 | if(ret) | ||
| 234 | DSA_up_ref(key); | ||
| 235 | return ret; | ||
| 236 | } | ||
| 237 | |||
| 238 | DSA *EVP_PKEY_get1_DSA(EVP_PKEY *pkey) | ||
| 239 | { | ||
| 240 | if(pkey->type != EVP_PKEY_DSA) { | ||
| 241 | EVPerr(EVP_F_EVP_PKEY_GET1_DSA, EVP_R_EXPECTING_A_DSA_KEY); | ||
| 242 | return NULL; | ||
| 243 | } | ||
| 244 | DSA_up_ref(pkey->pkey.dsa); | ||
| 245 | return pkey->pkey.dsa; | ||
| 246 | } | ||
| 247 | #endif | ||
| 248 | |||
| 249 | #ifndef OPENSSL_NO_DH | ||
| 250 | |||
| 251 | int EVP_PKEY_set1_DH(EVP_PKEY *pkey, DH *key) | ||
| 252 | { | ||
| 253 | int ret = EVP_PKEY_assign_DH(pkey, key); | ||
| 254 | if(ret) | ||
| 255 | DH_up_ref(key); | ||
| 256 | return ret; | ||
| 257 | } | ||
| 258 | |||
| 259 | DH *EVP_PKEY_get1_DH(EVP_PKEY *pkey) | ||
| 260 | { | ||
| 261 | if(pkey->type != EVP_PKEY_DH) { | ||
| 262 | EVPerr(EVP_F_EVP_PKEY_GET1_DH, EVP_R_EXPECTING_A_DH_KEY); | ||
| 263 | return NULL; | ||
| 264 | } | ||
| 265 | DH_up_ref(pkey->pkey.dh); | ||
| 266 | return pkey->pkey.dh; | ||
| 267 | } | ||
| 268 | #endif | ||
| 223 | 269 | ||
| 224 | int EVP_PKEY_type(type) | 270 | int EVP_PKEY_type(int type) |
| 225 | int type; | ||
| 226 | { | 271 | { |
| 227 | switch (type) | 272 | switch (type) |
| 228 | { | 273 | { |
| @@ -242,8 +287,7 @@ int type; | |||
| 242 | } | 287 | } |
| 243 | } | 288 | } |
| 244 | 289 | ||
| 245 | void EVP_PKEY_free(x) | 290 | void EVP_PKEY_free(EVP_PKEY *x) |
| 246 | EVP_PKEY *x; | ||
| 247 | { | 291 | { |
| 248 | int i; | 292 | int i; |
| 249 | 293 | ||
| @@ -262,21 +306,20 @@ EVP_PKEY *x; | |||
| 262 | } | 306 | } |
| 263 | #endif | 307 | #endif |
| 264 | EVP_PKEY_free_it(x); | 308 | EVP_PKEY_free_it(x); |
| 265 | Free((char *)x); | 309 | OPENSSL_free(x); |
| 266 | } | 310 | } |
| 267 | 311 | ||
| 268 | static void EVP_PKEY_free_it(x) | 312 | static void EVP_PKEY_free_it(EVP_PKEY *x) |
| 269 | EVP_PKEY *x; | ||
| 270 | { | 313 | { |
| 271 | switch (x->type) | 314 | switch (x->type) |
| 272 | { | 315 | { |
| 273 | #ifndef NO_RSA | 316 | #ifndef OPENSSL_NO_RSA |
| 274 | case EVP_PKEY_RSA: | 317 | case EVP_PKEY_RSA: |
| 275 | case EVP_PKEY_RSA2: | 318 | case EVP_PKEY_RSA2: |
| 276 | RSA_free(x->pkey.rsa); | 319 | RSA_free(x->pkey.rsa); |
| 277 | break; | 320 | break; |
| 278 | #endif | 321 | #endif |
| 279 | #ifndef NO_DSA | 322 | #ifndef OPENSSL_NO_DSA |
| 280 | case EVP_PKEY_DSA: | 323 | case EVP_PKEY_DSA: |
| 281 | case EVP_PKEY_DSA2: | 324 | case EVP_PKEY_DSA2: |
| 282 | case EVP_PKEY_DSA3: | 325 | case EVP_PKEY_DSA3: |
| @@ -284,7 +327,7 @@ EVP_PKEY *x; | |||
| 284 | DSA_free(x->pkey.dsa); | 327 | DSA_free(x->pkey.dsa); |
| 285 | break; | 328 | break; |
| 286 | #endif | 329 | #endif |
| 287 | #ifndef NO_DH | 330 | #ifndef OPENSSL_NO_DH |
| 288 | case EVP_PKEY_DH: | 331 | case EVP_PKEY_DH: |
| 289 | DH_free(x->pkey.dh); | 332 | DH_free(x->pkey.dh); |
| 290 | break; | 333 | break; |
diff --git a/src/lib/libcrypto/evp/p_open.c b/src/lib/libcrypto/evp/p_open.c index 28a8e02252..6976f2a867 100644 --- a/src/lib/libcrypto/evp/p_open.c +++ b/src/lib/libcrypto/evp/p_open.c | |||
| @@ -56,64 +56,68 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RSA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 64 | 65 | ||
| 65 | int EVP_OpenInit(ctx,type,ek,ekl,iv,priv) | 66 | int EVP_OpenInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char *ek, |
| 66 | EVP_CIPHER_CTX *ctx; | 67 | int ekl, unsigned char *iv, EVP_PKEY *priv) |
| 67 | EVP_CIPHER *type; | ||
| 68 | unsigned char *ek; | ||
| 69 | int ekl; | ||
| 70 | unsigned char *iv; | ||
| 71 | EVP_PKEY *priv; | ||
| 72 | { | 68 | { |
| 73 | unsigned char *key=NULL; | 69 | unsigned char *key=NULL; |
| 74 | int i,size=0,ret=0; | 70 | int i,size=0,ret=0; |
| 75 | 71 | ||
| 72 | if(type) { | ||
| 73 | EVP_CIPHER_CTX_init(ctx); | ||
| 74 | if(!EVP_DecryptInit_ex(ctx,type,NULL, NULL,NULL)) return 0; | ||
| 75 | } | ||
| 76 | |||
| 77 | if(!priv) return 1; | ||
| 78 | |||
| 76 | if (priv->type != EVP_PKEY_RSA) | 79 | if (priv->type != EVP_PKEY_RSA) |
| 77 | { | 80 | { |
| 78 | EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); | 81 | EVPerr(EVP_F_EVP_OPENINIT,EVP_R_PUBLIC_KEY_NOT_RSA); |
| 79 | ret= -1; | ||
| 80 | goto err; | 82 | goto err; |
| 81 | } | 83 | } |
| 82 | 84 | ||
| 83 | size=RSA_size(priv->pkey.rsa); | 85 | size=RSA_size(priv->pkey.rsa); |
| 84 | key=(unsigned char *)Malloc(size+2); | 86 | key=(unsigned char *)OPENSSL_malloc(size+2); |
| 85 | if (key == NULL) | 87 | if (key == NULL) |
| 86 | { | 88 | { |
| 87 | /* ERROR */ | 89 | /* ERROR */ |
| 88 | EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); | 90 | EVPerr(EVP_F_EVP_OPENINIT,ERR_R_MALLOC_FAILURE); |
| 89 | ret= -1; | ||
| 90 | goto err; | 91 | goto err; |
| 91 | } | 92 | } |
| 92 | 93 | ||
| 93 | i=EVP_PKEY_decrypt(key,ek,ekl,priv); | 94 | i=EVP_PKEY_decrypt(key,ek,ekl,priv); |
| 94 | if (i != type->key_len) | 95 | if ((i <= 0) || !EVP_CIPHER_CTX_set_key_length(ctx, i)) |
| 95 | { | 96 | { |
| 96 | /* ERROR */ | 97 | /* ERROR */ |
| 97 | goto err; | 98 | goto err; |
| 98 | } | 99 | } |
| 100 | if(!EVP_DecryptInit_ex(ctx,NULL,NULL,key,iv)) goto err; | ||
| 99 | 101 | ||
| 100 | EVP_CIPHER_CTX_init(ctx); | ||
| 101 | EVP_DecryptInit(ctx,type,key,iv); | ||
| 102 | ret=1; | 102 | ret=1; |
| 103 | err: | 103 | err: |
| 104 | if (key != NULL) memset(key,0,size); | 104 | if (key != NULL) memset(key,0,size); |
| 105 | Free(key); | 105 | OPENSSL_free(key); |
| 106 | return(ret); | 106 | return(ret); |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | int EVP_OpenFinal(ctx,out,outl) | 109 | int EVP_OpenFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 110 | EVP_CIPHER_CTX *ctx; | ||
| 111 | unsigned char *out; | ||
| 112 | int *outl; | ||
| 113 | { | 110 | { |
| 114 | int i; | 111 | int i; |
| 115 | 112 | ||
| 116 | i=EVP_DecryptFinal(ctx,out,outl); | 113 | i=EVP_DecryptFinal_ex(ctx,out,outl); |
| 117 | EVP_DecryptInit(ctx,NULL,NULL,NULL); | 114 | EVP_DecryptInit_ex(ctx,NULL,NULL,NULL,NULL); |
| 118 | return(i); | 115 | return(i); |
| 119 | } | 116 | } |
| 117 | #else /* !OPENSSL_NO_RSA */ | ||
| 118 | |||
| 119 | # ifdef PEDANTIC | ||
| 120 | static void *dummy=&dummy; | ||
| 121 | # endif | ||
| 122 | |||
| 123 | #endif | ||
diff --git a/src/lib/libcrypto/evp/p_seal.c b/src/lib/libcrypto/evp/p_seal.c index 09a408de35..37e547fe72 100644 --- a/src/lib/libcrypto/evp/p_seal.c +++ b/src/lib/libcrypto/evp/p_seal.c | |||
| @@ -58,35 +58,36 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "rsa.h" | 62 | #ifndef OPENSSL_NO_RSA |
| 63 | #include "evp.h" | 63 | #include <openssl/rsa.h> |
| 64 | #include "objects.h" | 64 | #endif |
| 65 | #include "x509.h" | 65 | #include <openssl/evp.h> |
| 66 | #include <openssl/objects.h> | ||
| 67 | #include <openssl/x509.h> | ||
| 66 | 68 | ||
| 67 | int EVP_SealInit(ctx,type,ek,ekl,iv,pubk,npubk) | 69 | int EVP_SealInit(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type, unsigned char **ek, |
| 68 | EVP_CIPHER_CTX *ctx; | 70 | int *ekl, unsigned char *iv, EVP_PKEY **pubk, int npubk) |
| 69 | EVP_CIPHER *type; | ||
| 70 | unsigned char **ek; | ||
| 71 | int *ekl; | ||
| 72 | unsigned char *iv; | ||
| 73 | EVP_PKEY **pubk; | ||
| 74 | int npubk; | ||
| 75 | { | 71 | { |
| 76 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 72 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 77 | int i; | 73 | int i; |
| 78 | 74 | ||
| 79 | if (npubk <= 0) return(0); | 75 | if(type) { |
| 80 | RAND_bytes(key,EVP_MAX_KEY_LENGTH); | 76 | EVP_CIPHER_CTX_init(ctx); |
| 81 | if (type->iv_len > 0) | 77 | if(!EVP_EncryptInit_ex(ctx,type,NULL,NULL,NULL)) return 0; |
| 82 | RAND_bytes(iv,type->iv_len); | 78 | } |
| 79 | if ((npubk <= 0) || !pubk) | ||
| 80 | return 1; | ||
| 81 | if (RAND_bytes(key,EVP_MAX_KEY_LENGTH) <= 0) | ||
| 82 | return 0; | ||
| 83 | if (EVP_CIPHER_CTX_iv_length(ctx)) | ||
| 84 | RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); | ||
| 83 | 85 | ||
| 84 | EVP_CIPHER_CTX_init(ctx); | 86 | if(!EVP_EncryptInit_ex(ctx,NULL,NULL,key,iv)) return 0; |
| 85 | EVP_EncryptInit(ctx,type,key,iv); | ||
| 86 | 87 | ||
| 87 | for (i=0; i<npubk; i++) | 88 | for (i=0; i<npubk; i++) |
| 88 | { | 89 | { |
| 89 | ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_key_length(type), | 90 | ekl[i]=EVP_PKEY_encrypt(ek[i],key,EVP_CIPHER_CTX_key_length(ctx), |
| 90 | pubk[i]); | 91 | pubk[i]); |
| 91 | if (ekl[i] <= 0) return(-1); | 92 | if (ekl[i] <= 0) return(-1); |
| 92 | } | 93 | } |
| @@ -105,11 +106,10 @@ int inl; | |||
| 105 | } | 106 | } |
| 106 | */ | 107 | */ |
| 107 | 108 | ||
| 108 | void EVP_SealFinal(ctx,out,outl) | 109 | int EVP_SealFinal(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl) |
| 109 | EVP_CIPHER_CTX *ctx; | ||
| 110 | unsigned char *out; | ||
| 111 | int *outl; | ||
| 112 | { | 110 | { |
| 113 | EVP_EncryptFinal(ctx,out,outl); | 111 | int i; |
| 114 | EVP_EncryptInit(ctx,NULL,NULL,NULL); | 112 | i = EVP_EncryptFinal_ex(ctx,out,outl); |
| 113 | EVP_EncryptInit_ex(ctx,NULL,NULL,NULL,NULL); | ||
| 114 | return i; | ||
| 115 | } | 115 | } |
diff --git a/src/lib/libcrypto/evp/p_sign.c b/src/lib/libcrypto/evp/p_sign.c index 073270ce31..e4ae5906f5 100644 --- a/src/lib/libcrypto/evp/p_sign.c +++ b/src/lib/libcrypto/evp/p_sign.c | |||
| @@ -58,32 +58,25 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | #ifdef undef | 65 | #ifdef undef |
| 66 | void EVP_SignInit(ctx,type) | 66 | void EVP_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) |
| 67 | EVP_MD_CTX *ctx; | ||
| 68 | EVP_MD *type; | ||
| 69 | { | 67 | { |
| 70 | EVP_DigestInit(ctx,type); | 68 | EVP_DigestInit_ex(ctx,type); |
| 71 | } | 69 | } |
| 72 | 70 | ||
| 73 | void EVP_SignUpdate(ctx,data,count) | 71 | void EVP_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, |
| 74 | EVP_MD_CTX *ctx; | 72 | unsigned int count) |
| 75 | unsigned char *data; | ||
| 76 | unsigned int count; | ||
| 77 | { | 73 | { |
| 78 | EVP_DigestUpdate(ctx,data,count); | 74 | EVP_DigestUpdate(ctx,data,count); |
| 79 | } | 75 | } |
| 80 | #endif | 76 | #endif |
| 81 | 77 | ||
| 82 | int EVP_SignFinal(ctx,sigret,siglen,pkey) | 78 | int EVP_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, |
| 83 | EVP_MD_CTX *ctx; | 79 | EVP_PKEY *pkey) |
| 84 | unsigned char *sigret; | ||
| 85 | unsigned int *siglen; | ||
| 86 | EVP_PKEY *pkey; | ||
| 87 | { | 80 | { |
| 88 | unsigned char m[EVP_MAX_MD_SIZE]; | 81 | unsigned char m[EVP_MAX_MD_SIZE]; |
| 89 | unsigned int m_len; | 82 | unsigned int m_len; |
| @@ -91,8 +84,10 @@ EVP_PKEY *pkey; | |||
| 91 | MS_STATIC EVP_MD_CTX tmp_ctx; | 84 | MS_STATIC EVP_MD_CTX tmp_ctx; |
| 92 | 85 | ||
| 93 | *siglen=0; | 86 | *siglen=0; |
| 94 | memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX)); | 87 | EVP_MD_CTX_init(&tmp_ctx); |
| 95 | EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); | 88 | EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); |
| 89 | EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); | ||
| 90 | EVP_MD_CTX_cleanup(&tmp_ctx); | ||
| 96 | for (i=0; i<4; i++) | 91 | for (i=0; i<4; i++) |
| 97 | { | 92 | { |
| 98 | v=ctx->digest->required_pkey_type[i]; | 93 | v=ctx->digest->required_pkey_type[i]; |
diff --git a/src/lib/libcrypto/evp/p_verify.c b/src/lib/libcrypto/evp/p_verify.c index 8d727d8f02..d854d743a5 100644 --- a/src/lib/libcrypto/evp/p_verify.c +++ b/src/lib/libcrypto/evp/p_verify.c | |||
| @@ -58,15 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | int EVP_VerifyFinal(ctx,sigbuf,siglen,pkey) | 65 | int EVP_VerifyFinal(EVP_MD_CTX *ctx, unsigned char *sigbuf, |
| 66 | EVP_MD_CTX *ctx; | 66 | unsigned int siglen, EVP_PKEY *pkey) |
| 67 | unsigned char *sigbuf; | ||
| 68 | unsigned int siglen; | ||
| 69 | EVP_PKEY *pkey; | ||
| 70 | { | 67 | { |
| 71 | unsigned char m[EVP_MAX_MD_SIZE]; | 68 | unsigned char m[EVP_MAX_MD_SIZE]; |
| 72 | unsigned int m_len; | 69 | unsigned int m_len; |
| @@ -88,8 +85,10 @@ EVP_PKEY *pkey; | |||
| 88 | EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); | 85 | EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_WRONG_PUBLIC_KEY_TYPE); |
| 89 | return(-1); | 86 | return(-1); |
| 90 | } | 87 | } |
| 91 | memcpy(&tmp_ctx,ctx,sizeof(EVP_MD_CTX)); | 88 | EVP_MD_CTX_init(&tmp_ctx); |
| 92 | EVP_DigestFinal(&tmp_ctx,&(m[0]),&m_len); | 89 | EVP_MD_CTX_copy_ex(&tmp_ctx,ctx); |
| 90 | EVP_DigestFinal_ex(&tmp_ctx,&(m[0]),&m_len); | ||
| 91 | EVP_MD_CTX_cleanup(&tmp_ctx); | ||
| 93 | if (ctx->digest->verify == NULL) | 92 | if (ctx->digest->verify == NULL) |
| 94 | { | 93 | { |
| 95 | EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); | 94 | EVPerr(EVP_F_EVP_VERIFYFINAL,EVP_R_NO_VERIFY_FUNCTION_CONFIGURED); |
diff --git a/src/lib/libcrypto/ex_data.c b/src/lib/libcrypto/ex_data.c index c858b518ff..5b2e345c27 100644 --- a/src/lib/libcrypto/ex_data.c +++ b/src/lib/libcrypto/ex_data.c | |||
| @@ -1,4 +1,33 @@ | |||
| 1 | /* crypto/ex_data.c */ | 1 | /* crypto/ex_data.c */ |
| 2 | |||
| 3 | /* | ||
| 4 | * Overhaul notes; | ||
| 5 | * | ||
| 6 | * This code is now *mostly* thread-safe. It is now easier to understand in what | ||
| 7 | * ways it is safe and in what ways it is not, which is an improvement. Firstly, | ||
| 8 | * all per-class stacks and index-counters for ex_data are stored in the same | ||
| 9 | * global LHASH table (keyed by class). This hash table uses locking for all | ||
| 10 | * access with the exception of CRYPTO_cleanup_all_ex_data(), which must only be | ||
| 11 | * called when no other threads can possibly race against it (even if it was | ||
| 12 | * locked, the race would mean it's possible the hash table might have been | ||
| 13 | * recreated after the cleanup). As classes can only be added to the hash table, | ||
| 14 | * and within each class, the stack of methods can only be incremented, the | ||
| 15 | * locking mechanics are simpler than they would otherwise be. For example, the | ||
| 16 | * new/dup/free ex_data functions will lock the hash table, copy the method | ||
| 17 | * pointers it needs from the relevant class, then unlock the hash table before | ||
| 18 | * actually applying those method pointers to the task of the new/dup/free | ||
| 19 | * operations. As they can't be removed from the method-stack, only | ||
| 20 | * supplemented, there's no race conditions associated with using them outside | ||
| 21 | * the lock. The get/set_ex_data functions are not locked because they do not | ||
| 22 | * involve this global state at all - they operate directly with a previously | ||
| 23 | * obtained per-class method index and a particular "ex_data" variable. These | ||
| 24 | * variables are usually instantiated per-context (eg. each RSA structure has | ||
| 25 | * one) so locking on read/write access to that variable can be locked locally | ||
| 26 | * if required (eg. using the "RSA" lock to synchronise access to a | ||
| 27 | * per-RSA-structure ex_data variable if required). | ||
| 28 | * [Geoff] | ||
| 29 | */ | ||
| 30 | |||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 31 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 32 | * All rights reserved. |
| 4 | * | 33 | * |
| @@ -55,182 +84,553 @@ | |||
| 55 | * copied and put under another distribution licence | 84 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 85 | * [including the GNU Public Licence.] |
| 57 | */ | 86 | */ |
| 87 | /* ==================================================================== | ||
| 88 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 89 | * | ||
| 90 | * Redistribution and use in source and binary forms, with or without | ||
| 91 | * modification, are permitted provided that the following conditions | ||
| 92 | * are met: | ||
| 93 | * | ||
| 94 | * 1. Redistributions of source code must retain the above copyright | ||
| 95 | * notice, this list of conditions and the following disclaimer. | ||
| 96 | * | ||
| 97 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 98 | * notice, this list of conditions and the following disclaimer in | ||
| 99 | * the documentation and/or other materials provided with the | ||
| 100 | * distribution. | ||
| 101 | * | ||
| 102 | * 3. All advertising materials mentioning features or use of this | ||
| 103 | * software must display the following acknowledgment: | ||
| 104 | * "This product includes software developed by the OpenSSL Project | ||
| 105 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 106 | * | ||
| 107 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 108 | * endorse or promote products derived from this software without | ||
| 109 | * prior written permission. For written permission, please contact | ||
| 110 | * openssl-core@openssl.org. | ||
| 111 | * | ||
| 112 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 113 | * nor may "OpenSSL" appear in their names without prior written | ||
| 114 | * permission of the OpenSSL Project. | ||
| 115 | * | ||
| 116 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 117 | * acknowledgment: | ||
| 118 | * "This product includes software developed by the OpenSSL Project | ||
| 119 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 120 | * | ||
| 121 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 122 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 123 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 124 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 125 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 126 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 127 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 128 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 129 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 130 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 131 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 132 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 133 | * ==================================================================== | ||
| 134 | * | ||
| 135 | * This product includes cryptographic software written by Eric Young | ||
| 136 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 137 | * Hudson (tjh@cryptsoft.com). | ||
| 138 | * | ||
| 139 | */ | ||
| 58 | 140 | ||
| 59 | #include <stdio.h> | 141 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 142 | #include <stdlib.h> |
| 61 | #include "buffer.h" | 143 | #include <openssl/buffer.h> |
| 62 | #include "bio.h" | 144 | #include <openssl/bio.h> |
| 63 | #include "lhash.h" | 145 | #include <openssl/lhash.h> |
| 64 | #include "cryptlib.h" | 146 | #include "cryptlib.h" |
| 65 | 147 | ||
| 66 | int CRYPTO_get_ex_new_index(idx,skp,argl,argp,new_func,dup_func,free_func) | 148 | /* What an "implementation of ex_data functionality" looks like */ |
| 67 | int idx; | 149 | struct st_CRYPTO_EX_DATA_IMPL |
| 68 | STACK **skp; | 150 | { |
| 69 | long argl; | 151 | /*********************/ |
| 70 | char *argp; | 152 | /* GLOBAL OPERATIONS */ |
| 71 | int (*new_func)(); | 153 | /* Return a new class index */ |
| 72 | int (*dup_func)(); | 154 | int (*cb_new_class)(void); |
| 73 | void (*free_func)(); | 155 | /* Cleanup all state used by the implementation */ |
| 156 | void (*cb_cleanup)(void); | ||
| 157 | /************************/ | ||
| 158 | /* PER-CLASS OPERATIONS */ | ||
| 159 | /* Get a new method index within a class */ | ||
| 160 | int (*cb_get_new_index)(int class_index, long argl, void *argp, | ||
| 161 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 162 | CRYPTO_EX_free *free_func); | ||
| 163 | /* Initialise a new CRYPTO_EX_DATA of a given class */ | ||
| 164 | int (*cb_new_ex_data)(int class_index, void *obj, | ||
| 165 | CRYPTO_EX_DATA *ad); | ||
| 166 | /* Duplicate a CRYPTO_EX_DATA of a given class onto a copy */ | ||
| 167 | int (*cb_dup_ex_data)(int class_index, CRYPTO_EX_DATA *to, | ||
| 168 | CRYPTO_EX_DATA *from); | ||
| 169 | /* Cleanup a CRYPTO_EX_DATA of a given class */ | ||
| 170 | void (*cb_free_ex_data)(int class_index, void *obj, | ||
| 171 | CRYPTO_EX_DATA *ad); | ||
| 172 | }; | ||
| 173 | |||
| 174 | /* The implementation we use at run-time */ | ||
| 175 | static const CRYPTO_EX_DATA_IMPL *impl = NULL; | ||
| 176 | |||
| 177 | /* To call "impl" functions, use this macro rather than referring to 'impl' directly, eg. | ||
| 178 | * EX_IMPL(get_new_index)(...); */ | ||
| 179 | #define EX_IMPL(a) impl->cb_##a | ||
| 180 | |||
| 181 | /* Predeclare the "default" ex_data implementation */ | ||
| 182 | static int int_new_class(void); | ||
| 183 | static void int_cleanup(void); | ||
| 184 | static int int_get_new_index(int class_index, long argl, void *argp, | ||
| 185 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 186 | CRYPTO_EX_free *free_func); | ||
| 187 | static int int_new_ex_data(int class_index, void *obj, | ||
| 188 | CRYPTO_EX_DATA *ad); | ||
| 189 | static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, | ||
| 190 | CRYPTO_EX_DATA *from); | ||
| 191 | static void int_free_ex_data(int class_index, void *obj, | ||
| 192 | CRYPTO_EX_DATA *ad); | ||
| 193 | static CRYPTO_EX_DATA_IMPL impl_default = | ||
| 194 | { | ||
| 195 | int_new_class, | ||
| 196 | int_cleanup, | ||
| 197 | int_get_new_index, | ||
| 198 | int_new_ex_data, | ||
| 199 | int_dup_ex_data, | ||
| 200 | int_free_ex_data | ||
| 201 | }; | ||
| 202 | |||
| 203 | /* Internal function that checks whether "impl" is set and if not, sets it to | ||
| 204 | * the default. */ | ||
| 205 | static void impl_check(void) | ||
| 206 | { | ||
| 207 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); | ||
| 208 | if(!impl) | ||
| 209 | impl = &impl_default; | ||
| 210 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 211 | } | ||
| 212 | /* A macro wrapper for impl_check that first uses a non-locked test before | ||
| 213 | * invoking the function (which checks again inside a lock). */ | ||
| 214 | #define IMPL_CHECK if(!impl) impl_check(); | ||
| 215 | |||
| 216 | /* API functions to get/set the "ex_data" implementation */ | ||
| 217 | const CRYPTO_EX_DATA_IMPL *CRYPTO_get_ex_data_implementation(void) | ||
| 218 | { | ||
| 219 | IMPL_CHECK | ||
| 220 | return impl; | ||
| 221 | } | ||
| 222 | int CRYPTO_set_ex_data_implementation(const CRYPTO_EX_DATA_IMPL *i) | ||
| 223 | { | ||
| 224 | int toret = 0; | ||
| 225 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); | ||
| 226 | if(!impl) | ||
| 227 | { | ||
| 228 | impl = i; | ||
| 229 | toret = 1; | ||
| 230 | } | ||
| 231 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 232 | return toret; | ||
| 233 | } | ||
| 234 | |||
| 235 | /****************************************************************************/ | ||
| 236 | /* Interal (default) implementation of "ex_data" support. API functions are | ||
| 237 | * further down. */ | ||
| 238 | |||
| 239 | /* The type that represents what each "class" used to implement locally. A STACK | ||
| 240 | * of CRYPTO_EX_DATA_FUNCS plus a index-counter. The 'class_index' is the global | ||
| 241 | * value representing the class that is used to distinguish these items. */ | ||
| 242 | typedef struct st_ex_class_item { | ||
| 243 | int class_index; | ||
| 244 | STACK_OF(CRYPTO_EX_DATA_FUNCS) *meth; | ||
| 245 | int meth_num; | ||
| 246 | } EX_CLASS_ITEM; | ||
| 247 | |||
| 248 | /* When assigning new class indexes, this is our counter */ | ||
| 249 | static int ex_class = CRYPTO_EX_INDEX_USER; | ||
| 250 | |||
| 251 | /* The global hash table of EX_CLASS_ITEM items */ | ||
| 252 | static LHASH *ex_data = NULL; | ||
| 253 | |||
| 254 | /* The callbacks required in the "ex_data" hash table */ | ||
| 255 | static unsigned long ex_hash_cb(const void *a_void) | ||
| 256 | { | ||
| 257 | return ((const EX_CLASS_ITEM *)a_void)->class_index; | ||
| 258 | } | ||
| 259 | static int ex_cmp_cb(const void *a_void, const void *b_void) | ||
| 260 | { | ||
| 261 | return (((const EX_CLASS_ITEM *)a_void)->class_index - | ||
| 262 | ((const EX_CLASS_ITEM *)b_void)->class_index); | ||
| 263 | } | ||
| 264 | |||
| 265 | /* Internal functions used by the "impl_default" implementation to access the | ||
| 266 | * state */ | ||
| 267 | |||
| 268 | static int ex_data_check(void) | ||
| 269 | { | ||
| 270 | int toret = 1; | ||
| 271 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); | ||
| 272 | if(!ex_data && ((ex_data = lh_new(ex_hash_cb, ex_cmp_cb)) == NULL)) | ||
| 273 | toret = 0; | ||
| 274 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 275 | return toret; | ||
| 276 | } | ||
| 277 | /* This macros helps reduce the locking from repeated checks because the | ||
| 278 | * ex_data_check() function checks ex_data again inside a lock. */ | ||
| 279 | #define EX_DATA_CHECK(iffail) if(!ex_data && !ex_data_check()) {iffail} | ||
| 280 | |||
| 281 | /* This "inner" callback is used by the callback function that follows it */ | ||
| 282 | static void def_cleanup_util_cb(CRYPTO_EX_DATA_FUNCS *funcs) | ||
| 283 | { | ||
| 284 | OPENSSL_free(funcs); | ||
| 285 | } | ||
| 286 | |||
| 287 | /* This callback is used in lh_doall to destroy all EX_CLASS_ITEM values from | ||
| 288 | * "ex_data" prior to the ex_data hash table being itself destroyed. Doesn't do | ||
| 289 | * any locking. */ | ||
| 290 | static void def_cleanup_cb(const void *a_void) | ||
| 74 | { | 291 | { |
| 75 | CRYPTO_EX_DATA_FUNCS *a; | 292 | EX_CLASS_ITEM *item = (EX_CLASS_ITEM *)a_void; |
| 293 | sk_CRYPTO_EX_DATA_FUNCS_pop_free(item->meth, def_cleanup_util_cb); | ||
| 294 | OPENSSL_free(item); | ||
| 295 | } | ||
| 76 | 296 | ||
| 77 | if (*skp == NULL) | 297 | /* Return the EX_CLASS_ITEM from the "ex_data" hash table that corresponds to a |
| 78 | *skp=sk_new_null(); | 298 | * given class. Handles locking. */ |
| 79 | if (*skp == NULL) | 299 | static EX_CLASS_ITEM *def_get_class(int class_index) |
| 300 | { | ||
| 301 | EX_CLASS_ITEM d, *p, *gen; | ||
| 302 | EX_DATA_CHECK(return NULL;) | ||
| 303 | d.class_index = class_index; | ||
| 304 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); | ||
| 305 | p = lh_retrieve(ex_data, &d); | ||
| 306 | if(!p) | ||
| 80 | { | 307 | { |
| 81 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); | 308 | gen = OPENSSL_malloc(sizeof(EX_CLASS_ITEM)); |
| 82 | return(-1); | 309 | if(gen) |
| 310 | { | ||
| 311 | gen->class_index = class_index; | ||
| 312 | gen->meth_num = 0; | ||
| 313 | gen->meth = sk_CRYPTO_EX_DATA_FUNCS_new_null(); | ||
| 314 | if(!gen->meth) | ||
| 315 | OPENSSL_free(gen); | ||
| 316 | else | ||
| 317 | { | ||
| 318 | /* Because we're inside the ex_data lock, the | ||
| 319 | * return value from the insert will be NULL */ | ||
| 320 | lh_insert(ex_data, gen); | ||
| 321 | p = gen; | ||
| 322 | } | ||
| 323 | } | ||
| 83 | } | 324 | } |
| 84 | a=(CRYPTO_EX_DATA_FUNCS *)Malloc(sizeof(CRYPTO_EX_DATA_FUNCS)); | 325 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); |
| 85 | if (a == NULL) | 326 | if(!p) |
| 327 | CRYPTOerr(CRYPTO_F_DEF_GET_CLASS,ERR_R_MALLOC_FAILURE); | ||
| 328 | return p; | ||
| 329 | } | ||
| 330 | |||
| 331 | /* Add a new method to the given EX_CLASS_ITEM and return the corresponding | ||
| 332 | * index (or -1 for error). Handles locking. */ | ||
| 333 | static int def_add_index(EX_CLASS_ITEM *item, long argl, void *argp, | ||
| 334 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 335 | CRYPTO_EX_free *free_func) | ||
| 336 | { | ||
| 337 | int toret = -1; | ||
| 338 | CRYPTO_EX_DATA_FUNCS *a = (CRYPTO_EX_DATA_FUNCS *)OPENSSL_malloc( | ||
| 339 | sizeof(CRYPTO_EX_DATA_FUNCS)); | ||
| 340 | if(!a) | ||
| 86 | { | 341 | { |
| 87 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); | 342 | CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); |
| 88 | return(-1); | 343 | return -1; |
| 89 | } | 344 | } |
| 90 | a->argl=argl; | 345 | a->argl=argl; |
| 91 | a->argp=argp; | 346 | a->argp=argp; |
| 92 | a->new_func=new_func; | 347 | a->new_func=new_func; |
| 93 | a->dup_func=dup_func; | 348 | a->dup_func=dup_func; |
| 94 | a->free_func=free_func; | 349 | a->free_func=free_func; |
| 95 | while (sk_num(*skp) <= idx) | 350 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); |
| 351 | while (sk_CRYPTO_EX_DATA_FUNCS_num(item->meth) <= item->meth_num) | ||
| 96 | { | 352 | { |
| 97 | if (!sk_push(*skp,NULL)) | 353 | if (!sk_CRYPTO_EX_DATA_FUNCS_push(item->meth, NULL)) |
| 98 | { | 354 | { |
| 99 | CRYPTOerr(CRYPTO_F_CRYPTO_GET_EX_NEW_INDEX,ERR_R_MALLOC_FAILURE); | 355 | CRYPTOerr(CRYPTO_F_DEF_ADD_INDEX,ERR_R_MALLOC_FAILURE); |
| 100 | Free(a); | 356 | OPENSSL_free(a); |
| 101 | return(-1); | 357 | goto err; |
| 102 | } | 358 | } |
| 103 | } | 359 | } |
| 104 | sk_value(*skp,idx)=(char *)a; | 360 | toret = item->meth_num++; |
| 105 | return(idx); | 361 | sk_CRYPTO_EX_DATA_FUNCS_set(item->meth, toret, a); |
| 362 | err: | ||
| 363 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 364 | return toret; | ||
| 106 | } | 365 | } |
| 107 | 366 | ||
| 108 | int CRYPTO_set_ex_data(ad,idx,val) | 367 | /**************************************************************/ |
| 109 | CRYPTO_EX_DATA *ad; | 368 | /* The functions in the default CRYPTO_EX_DATA_IMPL structure */ |
| 110 | int idx; | ||
| 111 | char *val; | ||
| 112 | { | ||
| 113 | int i; | ||
| 114 | 369 | ||
| 115 | if (ad->sk == NULL) | 370 | static int int_new_class(void) |
| 116 | { | 371 | { |
| 117 | if ((ad->sk=sk_new_null()) == NULL) | 372 | int toret; |
| 118 | { | 373 | CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); |
| 119 | CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); | 374 | toret = ex_class++; |
| 120 | return(0); | 375 | CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA); |
| 121 | } | 376 | return toret; |
| 122 | } | 377 | } |
| 123 | i=sk_num(ad->sk); | ||
| 124 | 378 | ||
| 125 | while (i <= idx) | 379 | static void int_cleanup(void) |
| 126 | { | 380 | { |
| 127 | if (!sk_push(ad->sk,NULL)) | 381 | EX_DATA_CHECK(return;) |
| 128 | { | 382 | lh_doall(ex_data, def_cleanup_cb); |
| 129 | CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); | 383 | lh_free(ex_data); |
| 130 | return(0); | 384 | ex_data = NULL; |
| 131 | } | 385 | impl = NULL; |
| 132 | i++; | ||
| 133 | } | ||
| 134 | sk_value(ad->sk,idx)=val; | ||
| 135 | return(1); | ||
| 136 | } | 386 | } |
| 137 | 387 | ||
| 138 | char *CRYPTO_get_ex_data(ad,idx) | 388 | static int int_get_new_index(int class_index, long argl, void *argp, |
| 139 | CRYPTO_EX_DATA *ad; | 389 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, |
| 140 | int idx; | 390 | CRYPTO_EX_free *free_func) |
| 141 | { | 391 | { |
| 142 | if (ad->sk == NULL) | 392 | EX_CLASS_ITEM *item = def_get_class(class_index); |
| 143 | return(0); | 393 | if(!item) |
| 144 | else if (idx >= sk_num(ad->sk)) | 394 | return -1; |
| 145 | return(0); | 395 | return def_add_index(item, argl, argp, new_func, dup_func, free_func); |
| 146 | else | ||
| 147 | return(sk_value(ad->sk,idx)); | ||
| 148 | } | 396 | } |
| 149 | 397 | ||
| 150 | /* The callback is called with the 'object', which is the origional data object | 398 | /* Thread-safe by copying a class's array of "CRYPTO_EX_DATA_FUNCS" entries in |
| 151 | * being duplicated, a pointer to the | 399 | * the lock, then using them outside the lock. NB: Thread-safety only applies to |
| 152 | * 'new' object to be inserted, the index, and the argi/argp | 400 | * the global "ex_data" state (ie. class definitions), not thread-safe on 'ad' |
| 153 | */ | 401 | * itself. */ |
| 154 | int CRYPTO_dup_ex_data(meth,to,from) | 402 | static int int_new_ex_data(int class_index, void *obj, |
| 155 | STACK *meth; | 403 | CRYPTO_EX_DATA *ad) |
| 156 | CRYPTO_EX_DATA *to,*from; | 404 | { |
| 157 | { | 405 | int mx,i; |
| 158 | int i,j,m,r; | 406 | void *ptr; |
| 159 | CRYPTO_EX_DATA_FUNCS *mm; | 407 | CRYPTO_EX_DATA_FUNCS **storage = NULL; |
| 160 | char *from_d; | 408 | EX_CLASS_ITEM *item = def_get_class(class_index); |
| 161 | 409 | if(!item) | |
| 162 | if (meth == NULL) return(1); | 410 | /* error is already set */ |
| 163 | if (from->sk == NULL) return(1); | 411 | return 0; |
| 164 | m=sk_num(meth); | 412 | ad->sk = NULL; |
| 165 | j=sk_num(from->sk); | 413 | CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); |
| 166 | for (i=0; i<j; i++) | 414 | mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); |
| 167 | { | 415 | if(mx > 0) |
| 168 | from_d=CRYPTO_get_ex_data(from,i); | 416 | { |
| 169 | if (i < m) | 417 | storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); |
| 418 | if(!storage) | ||
| 419 | goto skip; | ||
| 420 | for(i = 0; i < mx; i++) | ||
| 421 | storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); | ||
| 422 | } | ||
| 423 | skip: | ||
| 424 | CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 425 | if((mx > 0) && !storage) | ||
| 426 | { | ||
| 427 | CRYPTOerr(CRYPTO_F_INT_NEW_EX_DATA,ERR_R_MALLOC_FAILURE); | ||
| 428 | return 0; | ||
| 429 | } | ||
| 430 | for(i = 0; i < mx; i++) | ||
| 431 | { | ||
| 432 | if(storage[i] && storage[i]->new_func) | ||
| 170 | { | 433 | { |
| 171 | mm=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i); | 434 | ptr = CRYPTO_get_ex_data(ad, i); |
| 172 | if (mm->dup_func != NULL) | 435 | storage[i]->new_func(obj,ptr,ad,i, |
| 173 | r=mm->dup_func(to,from,(char **)&from_d,i, | 436 | storage[i]->argl,storage[i]->argp); |
| 174 | mm->argl,mm->argp); | ||
| 175 | } | 437 | } |
| 176 | CRYPTO_set_ex_data(to,i,from_d); | ||
| 177 | } | 438 | } |
| 178 | return(1); | 439 | if(storage) |
| 440 | OPENSSL_free(storage); | ||
| 441 | return 1; | ||
| 179 | } | 442 | } |
| 180 | 443 | ||
| 181 | /* Call each free callback */ | 444 | /* Same thread-safety notes as for "int_new_ex_data" */ |
| 182 | void CRYPTO_free_ex_data(meth,obj,ad) | 445 | static int int_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, |
| 183 | STACK *meth; | 446 | CRYPTO_EX_DATA *from) |
| 184 | char *obj; | ||
| 185 | CRYPTO_EX_DATA *ad; | ||
| 186 | { | 447 | { |
| 187 | CRYPTO_EX_DATA_FUNCS *m; | 448 | int mx, j, i; |
| 188 | char *ptr; | 449 | char *ptr; |
| 189 | int i,max; | 450 | CRYPTO_EX_DATA_FUNCS **storage = NULL; |
| 451 | EX_CLASS_ITEM *item; | ||
| 452 | if(!from->sk) | ||
| 453 | /* 'to' should be "blank" which *is* just like 'from' */ | ||
| 454 | return 1; | ||
| 455 | if((item = def_get_class(class_index)) == NULL) | ||
| 456 | return 0; | ||
| 457 | CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); | ||
| 458 | mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); | ||
| 459 | j = sk_num(from->sk); | ||
| 460 | if(j < mx) | ||
| 461 | mx = j; | ||
| 462 | if(mx > 0) | ||
| 463 | { | ||
| 464 | storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); | ||
| 465 | if(!storage) | ||
| 466 | goto skip; | ||
| 467 | for(i = 0; i < mx; i++) | ||
| 468 | storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); | ||
| 469 | } | ||
| 470 | skip: | ||
| 471 | CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 472 | if((mx > 0) && !storage) | ||
| 473 | { | ||
| 474 | CRYPTOerr(CRYPTO_F_INT_DUP_EX_DATA,ERR_R_MALLOC_FAILURE); | ||
| 475 | return 0; | ||
| 476 | } | ||
| 477 | for(i = 0; i < mx; i++) | ||
| 478 | { | ||
| 479 | ptr = CRYPTO_get_ex_data(from, i); | ||
| 480 | if(storage[i] && storage[i]->dup_func) | ||
| 481 | storage[i]->dup_func(to,from,&ptr,i, | ||
| 482 | storage[i]->argl,storage[i]->argp); | ||
| 483 | CRYPTO_set_ex_data(to,i,ptr); | ||
| 484 | } | ||
| 485 | if(storage) | ||
| 486 | OPENSSL_free(storage); | ||
| 487 | return 1; | ||
| 488 | } | ||
| 190 | 489 | ||
| 191 | if (meth != NULL) | 490 | /* Same thread-safety notes as for "int_new_ex_data" */ |
| 491 | static void int_free_ex_data(int class_index, void *obj, | ||
| 492 | CRYPTO_EX_DATA *ad) | ||
| 493 | { | ||
| 494 | int mx,i; | ||
| 495 | EX_CLASS_ITEM *item; | ||
| 496 | void *ptr; | ||
| 497 | CRYPTO_EX_DATA_FUNCS **storage = NULL; | ||
| 498 | if((item = def_get_class(class_index)) == NULL) | ||
| 499 | return; | ||
| 500 | CRYPTO_r_lock(CRYPTO_LOCK_EX_DATA); | ||
| 501 | mx = sk_CRYPTO_EX_DATA_FUNCS_num(item->meth); | ||
| 502 | if(mx > 0) | ||
| 503 | { | ||
| 504 | storage = OPENSSL_malloc(mx * sizeof(CRYPTO_EX_DATA_FUNCS*)); | ||
| 505 | if(!storage) | ||
| 506 | goto skip; | ||
| 507 | for(i = 0; i < mx; i++) | ||
| 508 | storage[i] = sk_CRYPTO_EX_DATA_FUNCS_value(item->meth,i); | ||
| 509 | } | ||
| 510 | skip: | ||
| 511 | CRYPTO_r_unlock(CRYPTO_LOCK_EX_DATA); | ||
| 512 | if((mx > 0) && !storage) | ||
| 513 | { | ||
| 514 | CRYPTOerr(CRYPTO_F_INT_FREE_EX_DATA,ERR_R_MALLOC_FAILURE); | ||
| 515 | return; | ||
| 516 | } | ||
| 517 | for(i = 0; i < mx; i++) | ||
| 192 | { | 518 | { |
| 193 | max=sk_num(meth); | 519 | if(storage[i] && storage[i]->free_func) |
| 194 | for (i=0; i<max; i++) | ||
| 195 | { | 520 | { |
| 196 | m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i); | 521 | ptr = CRYPTO_get_ex_data(ad,i); |
| 197 | if ((m != NULL) && (m->free_func != NULL)) | 522 | storage[i]->free_func(obj,ptr,ad,i, |
| 198 | { | 523 | storage[i]->argl,storage[i]->argp); |
| 199 | ptr=CRYPTO_get_ex_data(ad,i); | ||
| 200 | m->free_func(obj,ptr,ad,i,m->argl,m->argp); | ||
| 201 | } | ||
| 202 | } | 524 | } |
| 203 | } | 525 | } |
| 204 | if (ad->sk != NULL) | 526 | if(storage) |
| 527 | OPENSSL_free(storage); | ||
| 528 | if(ad->sk) | ||
| 205 | { | 529 | { |
| 206 | sk_free(ad->sk); | 530 | sk_free(ad->sk); |
| 207 | ad->sk=NULL; | 531 | ad->sk=NULL; |
| 208 | } | 532 | } |
| 209 | } | 533 | } |
| 210 | 534 | ||
| 211 | void CRYPTO_new_ex_data(meth,obj,ad) | 535 | /********************************************************************/ |
| 212 | STACK *meth; | 536 | /* API functions that defer all "state" operations to the "ex_data" |
| 213 | char *obj; | 537 | * implementation we have set. */ |
| 214 | CRYPTO_EX_DATA *ad; | 538 | |
| 539 | /* Obtain an index for a new class (not the same as getting a new index within | ||
| 540 | * an existing class - this is actually getting a new *class*) */ | ||
| 541 | int CRYPTO_ex_data_new_class(void) | ||
| 215 | { | 542 | { |
| 216 | CRYPTO_EX_DATA_FUNCS *m; | 543 | IMPL_CHECK |
| 217 | char *ptr; | 544 | return EX_IMPL(new_class)(); |
| 218 | int i,max; | 545 | } |
| 546 | |||
| 547 | /* Release all "ex_data" state to prevent memory leaks. This can't be made | ||
| 548 | * thread-safe without overhauling a lot of stuff, and shouldn't really be | ||
| 549 | * called under potential race-conditions anyway (it's for program shutdown | ||
| 550 | * after all). */ | ||
| 551 | void CRYPTO_cleanup_all_ex_data(void) | ||
| 552 | { | ||
| 553 | IMPL_CHECK | ||
| 554 | EX_IMPL(cleanup)(); | ||
| 555 | } | ||
| 556 | |||
| 557 | /* Inside an existing class, get/register a new index. */ | ||
| 558 | int CRYPTO_get_ex_new_index(int class_index, long argl, void *argp, | ||
| 559 | CRYPTO_EX_new *new_func, CRYPTO_EX_dup *dup_func, | ||
| 560 | CRYPTO_EX_free *free_func) | ||
| 561 | { | ||
| 562 | int ret = -1; | ||
| 219 | 563 | ||
| 220 | ad->sk=NULL; | 564 | IMPL_CHECK |
| 221 | if (meth != NULL) | 565 | ret = EX_IMPL(get_new_index)(class_index, |
| 566 | argl, argp, new_func, dup_func, free_func); | ||
| 567 | return ret; | ||
| 568 | } | ||
| 569 | |||
| 570 | /* Initialise a new CRYPTO_EX_DATA for use in a particular class - including | ||
| 571 | * calling new() callbacks for each index in the class used by this variable */ | ||
| 572 | int CRYPTO_new_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) | ||
| 573 | { | ||
| 574 | IMPL_CHECK | ||
| 575 | return EX_IMPL(new_ex_data)(class_index, obj, ad); | ||
| 576 | } | ||
| 577 | |||
| 578 | /* Duplicate a CRYPTO_EX_DATA variable - including calling dup() callbacks for | ||
| 579 | * each index in the class used by this variable */ | ||
| 580 | int CRYPTO_dup_ex_data(int class_index, CRYPTO_EX_DATA *to, | ||
| 581 | CRYPTO_EX_DATA *from) | ||
| 582 | { | ||
| 583 | IMPL_CHECK | ||
| 584 | return EX_IMPL(dup_ex_data)(class_index, to, from); | ||
| 585 | } | ||
| 586 | |||
| 587 | /* Cleanup a CRYPTO_EX_DATA variable - including calling free() callbacks for | ||
| 588 | * each index in the class used by this variable */ | ||
| 589 | void CRYPTO_free_ex_data(int class_index, void *obj, CRYPTO_EX_DATA *ad) | ||
| 590 | { | ||
| 591 | IMPL_CHECK | ||
| 592 | EX_IMPL(free_ex_data)(class_index, obj, ad); | ||
| 593 | } | ||
| 594 | |||
| 595 | /* For a given CRYPTO_EX_DATA variable, set the value corresponding to a | ||
| 596 | * particular index in the class used by this variable */ | ||
| 597 | int CRYPTO_set_ex_data(CRYPTO_EX_DATA *ad, int idx, void *val) | ||
| 598 | { | ||
| 599 | int i; | ||
| 600 | |||
| 601 | if (ad->sk == NULL) | ||
| 222 | { | 602 | { |
| 223 | max=sk_num(meth); | 603 | if ((ad->sk=sk_new_null()) == NULL) |
| 224 | for (i=0; i<max; i++) | ||
| 225 | { | 604 | { |
| 226 | m=(CRYPTO_EX_DATA_FUNCS *)sk_value(meth,i); | 605 | CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); |
| 227 | if ((m != NULL) && (m->new_func != NULL)) | 606 | return(0); |
| 228 | { | ||
| 229 | ptr=CRYPTO_get_ex_data(ad,i); | ||
| 230 | m->new_func(obj,ptr,ad,i,m->argl,m->argp); | ||
| 231 | } | ||
| 232 | } | 607 | } |
| 233 | } | 608 | } |
| 609 | i=sk_num(ad->sk); | ||
| 610 | |||
| 611 | while (i <= idx) | ||
| 612 | { | ||
| 613 | if (!sk_push(ad->sk,NULL)) | ||
| 614 | { | ||
| 615 | CRYPTOerr(CRYPTO_F_CRYPTO_SET_EX_DATA,ERR_R_MALLOC_FAILURE); | ||
| 616 | return(0); | ||
| 617 | } | ||
| 618 | i++; | ||
| 619 | } | ||
| 620 | sk_set(ad->sk,idx,val); | ||
| 621 | return(1); | ||
| 234 | } | 622 | } |
| 235 | 623 | ||
| 624 | /* For a given CRYPTO_EX_DATA_ variable, get the value corresponding to a | ||
| 625 | * particular index in the class used by this variable */ | ||
| 626 | void *CRYPTO_get_ex_data(const CRYPTO_EX_DATA *ad, int idx) | ||
| 627 | { | ||
| 628 | if (ad->sk == NULL) | ||
| 629 | return(0); | ||
| 630 | else if (idx >= sk_num(ad->sk)) | ||
| 631 | return(0); | ||
| 632 | else | ||
| 633 | return(sk_value(ad->sk,idx)); | ||
| 634 | } | ||
| 236 | 635 | ||
| 636 | IMPLEMENT_STACK_OF(CRYPTO_EX_DATA_FUNCS) | ||
diff --git a/src/lib/libcrypto/hmac/hmac.c b/src/lib/libcrypto/hmac/hmac.c index fb09129963..da363b7950 100644 --- a/src/lib/libcrypto/hmac/hmac.c +++ b/src/lib/libcrypto/hmac/hmac.c | |||
| @@ -58,13 +58,10 @@ | |||
| 58 | #include <stdio.h> | 58 | #include <stdio.h> |
| 59 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "hmac.h" | 61 | #include <openssl/hmac.h> |
| 62 | 62 | ||
| 63 | void HMAC_Init(ctx,key,len,md) | 63 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, |
| 64 | HMAC_CTX *ctx; | 64 | const EVP_MD *md, ENGINE *impl) |
| 65 | unsigned char *key; | ||
| 66 | int len; | ||
| 67 | EVP_MD *md; | ||
| 68 | { | 65 | { |
| 69 | int i,j,reset=0; | 66 | int i,j,reset=0; |
| 70 | unsigned char pad[HMAC_MAX_MD_CBLOCK]; | 67 | unsigned char pad[HMAC_MAX_MD_CBLOCK]; |
| @@ -83,47 +80,50 @@ EVP_MD *md; | |||
| 83 | j=EVP_MD_block_size(md); | 80 | j=EVP_MD_block_size(md); |
| 84 | if (j < len) | 81 | if (j < len) |
| 85 | { | 82 | { |
| 86 | EVP_DigestInit(&ctx->md_ctx,md); | 83 | EVP_DigestInit_ex(&ctx->md_ctx,md, impl); |
| 87 | EVP_DigestUpdate(&ctx->md_ctx,key,len); | 84 | EVP_DigestUpdate(&ctx->md_ctx,key,len); |
| 88 | EVP_DigestFinal(&(ctx->md_ctx),ctx->key, | 85 | EVP_DigestFinal_ex(&(ctx->md_ctx),ctx->key, |
| 89 | &ctx->key_length); | 86 | &ctx->key_length); |
| 90 | } | 87 | } |
| 91 | else | 88 | else |
| 92 | { | 89 | { |
| 93 | memcpy(ctx->key,key,len); | 90 | memcpy(ctx->key,key,len); |
| 94 | memset(&(ctx->key[len]),0,sizeof(ctx->key)-len); | ||
| 95 | ctx->key_length=len; | 91 | ctx->key_length=len; |
| 96 | } | 92 | } |
| 93 | if(ctx->key_length != HMAC_MAX_MD_CBLOCK) | ||
| 94 | memset(&ctx->key[ctx->key_length], 0, | ||
| 95 | HMAC_MAX_MD_CBLOCK - ctx->key_length); | ||
| 97 | } | 96 | } |
| 98 | 97 | ||
| 99 | if (reset) | 98 | if (reset) |
| 100 | { | 99 | { |
| 101 | for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) | 100 | for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) |
| 102 | pad[i]=0x36^ctx->key[i]; | 101 | pad[i]=0x36^ctx->key[i]; |
| 103 | EVP_DigestInit(&ctx->i_ctx,md); | 102 | EVP_DigestInit_ex(&ctx->i_ctx,md, impl); |
| 104 | EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); | 103 | EVP_DigestUpdate(&ctx->i_ctx,pad,EVP_MD_block_size(md)); |
| 105 | 104 | ||
| 106 | for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) | 105 | for (i=0; i<HMAC_MAX_MD_CBLOCK; i++) |
| 107 | pad[i]=0x5c^ctx->key[i]; | 106 | pad[i]=0x5c^ctx->key[i]; |
| 108 | EVP_DigestInit(&ctx->o_ctx,md); | 107 | EVP_DigestInit_ex(&ctx->o_ctx,md, impl); |
| 109 | EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); | 108 | EVP_DigestUpdate(&ctx->o_ctx,pad,EVP_MD_block_size(md)); |
| 110 | } | 109 | } |
| 110 | EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->i_ctx); | ||
| 111 | } | ||
| 111 | 112 | ||
| 112 | memcpy(&ctx->md_ctx,&ctx->i_ctx,sizeof(ctx->i_ctx)); | 113 | void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, |
| 114 | const EVP_MD *md) | ||
| 115 | { | ||
| 116 | if(key && md) | ||
| 117 | HMAC_CTX_init(ctx); | ||
| 118 | HMAC_Init_ex(ctx,key,len,md, NULL); | ||
| 113 | } | 119 | } |
| 114 | 120 | ||
| 115 | void HMAC_Update(ctx,data,len) | 121 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len) |
| 116 | HMAC_CTX *ctx; | ||
| 117 | unsigned char *data; | ||
| 118 | int len; | ||
| 119 | { | 122 | { |
| 120 | EVP_DigestUpdate(&(ctx->md_ctx),data,len); | 123 | EVP_DigestUpdate(&ctx->md_ctx,data,len); |
| 121 | } | 124 | } |
| 122 | 125 | ||
| 123 | void HMAC_Final(ctx,md,len) | 126 | void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len) |
| 124 | HMAC_CTX *ctx; | ||
| 125 | unsigned char *md; | ||
| 126 | unsigned int *len; | ||
| 127 | { | 127 | { |
| 128 | int j; | 128 | int j; |
| 129 | unsigned int i; | 129 | unsigned int i; |
| @@ -131,35 +131,40 @@ unsigned int *len; | |||
| 131 | 131 | ||
| 132 | j=EVP_MD_block_size(ctx->md); | 132 | j=EVP_MD_block_size(ctx->md); |
| 133 | 133 | ||
| 134 | EVP_DigestFinal(&(ctx->md_ctx),buf,&i); | 134 | EVP_DigestFinal_ex(&ctx->md_ctx,buf,&i); |
| 135 | memcpy(&(ctx->md_ctx),&(ctx->o_ctx),sizeof(ctx->o_ctx)); | 135 | EVP_MD_CTX_copy_ex(&ctx->md_ctx,&ctx->o_ctx); |
| 136 | EVP_DigestUpdate(&(ctx->md_ctx),buf,i); | 136 | EVP_DigestUpdate(&ctx->md_ctx,buf,i); |
| 137 | EVP_DigestFinal(&(ctx->md_ctx),md,len); | 137 | EVP_DigestFinal_ex(&ctx->md_ctx,md,len); |
| 138 | } | ||
| 139 | |||
| 140 | void HMAC_CTX_init(HMAC_CTX *ctx) | ||
| 141 | { | ||
| 142 | EVP_MD_CTX_init(&ctx->i_ctx); | ||
| 143 | EVP_MD_CTX_init(&ctx->o_ctx); | ||
| 144 | EVP_MD_CTX_init(&ctx->md_ctx); | ||
| 138 | } | 145 | } |
| 139 | 146 | ||
| 140 | void HMAC_cleanup(ctx) | 147 | void HMAC_CTX_cleanup(HMAC_CTX *ctx) |
| 141 | HMAC_CTX *ctx; | ||
| 142 | { | 148 | { |
| 143 | memset(ctx,0,sizeof(HMAC_CTX)); | 149 | EVP_MD_CTX_cleanup(&ctx->i_ctx); |
| 150 | EVP_MD_CTX_cleanup(&ctx->o_ctx); | ||
| 151 | EVP_MD_CTX_cleanup(&ctx->md_ctx); | ||
| 152 | memset(ctx,0,sizeof *ctx); | ||
| 144 | } | 153 | } |
| 145 | 154 | ||
| 146 | unsigned char *HMAC(evp_md,key,key_len,d,n,md,md_len) | 155 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, |
| 147 | EVP_MD *evp_md; | 156 | const unsigned char *d, int n, unsigned char *md, |
| 148 | unsigned char *key; | 157 | unsigned int *md_len) |
| 149 | int key_len; | ||
| 150 | unsigned char *d; | ||
| 151 | int n; | ||
| 152 | unsigned char *md; | ||
| 153 | unsigned int *md_len; | ||
| 154 | { | 158 | { |
| 155 | HMAC_CTX c; | 159 | HMAC_CTX c; |
| 156 | static unsigned char m[EVP_MAX_MD_SIZE]; | 160 | static unsigned char m[EVP_MAX_MD_SIZE]; |
| 157 | 161 | ||
| 158 | if (md == NULL) md=m; | 162 | if (md == NULL) md=m; |
| 163 | HMAC_CTX_init(&c); | ||
| 159 | HMAC_Init(&c,key,key_len,evp_md); | 164 | HMAC_Init(&c,key,key_len,evp_md); |
| 160 | HMAC_Update(&c,d,n); | 165 | HMAC_Update(&c,d,n); |
| 161 | HMAC_Final(&c,md,md_len); | 166 | HMAC_Final(&c,md,md_len); |
| 162 | HMAC_cleanup(&c); | 167 | HMAC_CTX_cleanup(&c); |
| 163 | return(md); | 168 | return(md); |
| 164 | } | 169 | } |
| 165 | 170 | ||
diff --git a/src/lib/libcrypto/hmac/hmac.h b/src/lib/libcrypto/hmac/hmac.h index e6b43f52c4..0364a1fcbd 100644 --- a/src/lib/libcrypto/hmac/hmac.h +++ b/src/lib/libcrypto/hmac/hmac.h | |||
| @@ -58,17 +58,21 @@ | |||
| 58 | #ifndef HEADER_HMAC_H | 58 | #ifndef HEADER_HMAC_H |
| 59 | #define HEADER_HMAC_H | 59 | #define HEADER_HMAC_H |
| 60 | 60 | ||
| 61 | #ifdef __cplusplus | 61 | #ifdef OPENSSL_NO_HMAC |
| 62 | extern "C" { | 62 | #error HMAC is disabled. |
| 63 | #endif | 63 | #endif |
| 64 | 64 | ||
| 65 | #include "evp.h" | 65 | #include <openssl/evp.h> |
| 66 | 66 | ||
| 67 | #define HMAC_MAX_MD_CBLOCK 64 | 67 | #define HMAC_MAX_MD_CBLOCK 64 |
| 68 | 68 | ||
| 69 | #ifdef __cplusplus | ||
| 70 | extern "C" { | ||
| 71 | #endif | ||
| 72 | |||
| 69 | typedef struct hmac_ctx_st | 73 | typedef struct hmac_ctx_st |
| 70 | { | 74 | { |
| 71 | EVP_MD *md; | 75 | const EVP_MD *md; |
| 72 | EVP_MD_CTX md_ctx; | 76 | EVP_MD_CTX md_ctx; |
| 73 | EVP_MD_CTX i_ctx; | 77 | EVP_MD_CTX i_ctx; |
| 74 | EVP_MD_CTX o_ctx; | 78 | EVP_MD_CTX o_ctx; |
| @@ -78,26 +82,22 @@ typedef struct hmac_ctx_st | |||
| 78 | 82 | ||
| 79 | #define HMAC_size(e) (EVP_MD_size((e)->md)) | 83 | #define HMAC_size(e) (EVP_MD_size((e)->md)) |
| 80 | 84 | ||
| 81 | #ifndef NOPROTO | ||
| 82 | |||
| 83 | void HMAC_Init(HMAC_CTX *ctx, unsigned char *key, int len, | ||
| 84 | EVP_MD *md); | ||
| 85 | void HMAC_Update(HMAC_CTX *ctx,unsigned char *key, int len); | ||
| 86 | void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); | ||
| 87 | void HMAC_cleanup(HMAC_CTX *ctx); | ||
| 88 | unsigned char *HMAC(EVP_MD *evp_md, unsigned char *key, int key_len, | ||
| 89 | unsigned char *d, int n, unsigned char *md, unsigned int *md_len); | ||
| 90 | 85 | ||
| 86 | void HMAC_CTX_init(HMAC_CTX *ctx); | ||
| 87 | void HMAC_CTX_cleanup(HMAC_CTX *ctx); | ||
| 91 | 88 | ||
| 92 | #else | 89 | #define HMAC_cleanup(ctx) HMAC_CTX_cleanup(ctx) /* deprecated */ |
| 93 | 90 | ||
| 94 | void HMAC_Init(); | 91 | void HMAC_Init(HMAC_CTX *ctx, const void *key, int len, |
| 95 | void HMAC_Update(); | 92 | const EVP_MD *md); /* deprecated */ |
| 96 | void HMAC_Final(); | 93 | void HMAC_Init_ex(HMAC_CTX *ctx, const void *key, int len, |
| 97 | void HMAC_cleanup(); | 94 | const EVP_MD *md, ENGINE *impl); |
| 98 | unsigned char *HMAC(); | 95 | void HMAC_Update(HMAC_CTX *ctx, const unsigned char *data, int len); |
| 96 | void HMAC_Final(HMAC_CTX *ctx, unsigned char *md, unsigned int *len); | ||
| 97 | unsigned char *HMAC(const EVP_MD *evp_md, const void *key, int key_len, | ||
| 98 | const unsigned char *d, int n, unsigned char *md, | ||
| 99 | unsigned int *md_len); | ||
| 99 | 100 | ||
| 100 | #endif | ||
| 101 | 101 | ||
| 102 | #ifdef __cplusplus | 102 | #ifdef __cplusplus |
| 103 | } | 103 | } |
diff --git a/src/lib/libcrypto/idea/idea.h b/src/lib/libcrypto/idea/idea.h index ae32f5692e..67132414ee 100644 --- a/src/lib/libcrypto/idea/idea.h +++ b/src/lib/libcrypto/idea/idea.h | |||
| @@ -59,11 +59,7 @@ | |||
| 59 | #ifndef HEADER_IDEA_H | 59 | #ifndef HEADER_IDEA_H |
| 60 | #define HEADER_IDEA_H | 60 | #define HEADER_IDEA_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifdef OPENSSL_NO_IDEA |
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | #ifdef NO_IDEA | ||
| 67 | #error IDEA is disabled. | 63 | #error IDEA is disabled. |
| 68 | #endif | 64 | #endif |
| 69 | 65 | ||
| @@ -74,22 +70,26 @@ extern "C" { | |||
| 74 | #define IDEA_BLOCK 8 | 70 | #define IDEA_BLOCK 8 |
| 75 | #define IDEA_KEY_LENGTH 16 | 71 | #define IDEA_KEY_LENGTH 16 |
| 76 | 72 | ||
| 73 | #ifdef __cplusplus | ||
| 74 | extern "C" { | ||
| 75 | #endif | ||
| 76 | |||
| 77 | typedef struct idea_key_st | 77 | typedef struct idea_key_st |
| 78 | { | 78 | { |
| 79 | IDEA_INT data[9][6]; | 79 | IDEA_INT data[9][6]; |
| 80 | } IDEA_KEY_SCHEDULE; | 80 | } IDEA_KEY_SCHEDULE; |
| 81 | 81 | ||
| 82 | const char *idea_options(void); | 82 | const char *idea_options(void); |
| 83 | void idea_ecb_encrypt(unsigned char *in, unsigned char *out, | 83 | void idea_ecb_encrypt(const unsigned char *in, unsigned char *out, |
| 84 | IDEA_KEY_SCHEDULE *ks); | 84 | IDEA_KEY_SCHEDULE *ks); |
| 85 | void idea_set_encrypt_key(unsigned char *key, IDEA_KEY_SCHEDULE *ks); | 85 | void idea_set_encrypt_key(const unsigned char *key, IDEA_KEY_SCHEDULE *ks); |
| 86 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); | 86 | void idea_set_decrypt_key(IDEA_KEY_SCHEDULE *ek, IDEA_KEY_SCHEDULE *dk); |
| 87 | void idea_cbc_encrypt(unsigned char *in, unsigned char *out, | 87 | void idea_cbc_encrypt(const unsigned char *in, unsigned char *out, |
| 88 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); | 88 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv,int enc); |
| 89 | void idea_cfb64_encrypt(unsigned char *in, unsigned char *out, | 89 | void idea_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 90 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, | 90 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, |
| 91 | int *num,int enc); | 91 | int *num,int enc); |
| 92 | void idea_ofb64_encrypt(unsigned char *in, unsigned char *out, | 92 | void idea_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 93 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); | 93 | long length, IDEA_KEY_SCHEDULE *ks, unsigned char *iv, int *num); |
| 94 | void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); | 94 | void idea_encrypt(unsigned long *in, IDEA_KEY_SCHEDULE *ks); |
| 95 | #ifdef __cplusplus | 95 | #ifdef __cplusplus |
diff --git a/src/lib/libcrypto/lhash/lh_stats.c b/src/lib/libcrypto/lhash/lh_stats.c index 23fe82f777..39ea2885f4 100644 --- a/src/lib/libcrypto/lhash/lh_stats.c +++ b/src/lib/libcrypto/lhash/lh_stats.c | |||
| @@ -63,13 +63,14 @@ | |||
| 63 | * and things should work as expected */ | 63 | * and things should work as expected */ |
| 64 | #include "cryptlib.h" | 64 | #include "cryptlib.h" |
| 65 | 65 | ||
| 66 | #include "lhash.h" | 66 | #ifndef OPENSSL_NO_BIO |
| 67 | #include <openssl/bio.h> | ||
| 68 | #endif | ||
| 69 | #include <openssl/lhash.h> | ||
| 67 | 70 | ||
| 68 | #ifndef HEADER_BIO_H | 71 | #ifdef OPENSSL_NO_BIO |
| 69 | 72 | ||
| 70 | void lh_stats(lh, out) | 73 | void lh_stats(LHASH *lh, FILE *out) |
| 71 | LHASH *lh; | ||
| 72 | FILE *out; | ||
| 73 | { | 74 | { |
| 74 | fprintf(out,"num_items = %lu\n",lh->num_items); | 75 | fprintf(out,"num_items = %lu\n",lh->num_items); |
| 75 | fprintf(out,"num_nodes = %u\n",lh->num_nodes); | 76 | fprintf(out,"num_nodes = %u\n",lh->num_nodes); |
| @@ -87,7 +88,7 @@ FILE *out; | |||
| 87 | fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); | 88 | fprintf(out,"num_retrieve = %lu\n",lh->num_retrieve); |
| 88 | fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); | 89 | fprintf(out,"num_retrieve_miss = %lu\n",lh->num_retrieve_miss); |
| 89 | fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); | 90 | fprintf(out,"num_hash_comps = %lu\n",lh->num_hash_comps); |
| 90 | #ifdef DEBUG | 91 | #if 0 |
| 91 | fprintf(out,"p = %u\n",lh->p); | 92 | fprintf(out,"p = %u\n",lh->p); |
| 92 | fprintf(out,"pmax = %u\n",lh->pmax); | 93 | fprintf(out,"pmax = %u\n",lh->pmax); |
| 93 | fprintf(out,"up_load = %lu\n",lh->up_load); | 94 | fprintf(out,"up_load = %lu\n",lh->up_load); |
| @@ -95,9 +96,7 @@ FILE *out; | |||
| 95 | #endif | 96 | #endif |
| 96 | } | 97 | } |
| 97 | 98 | ||
| 98 | void lh_node_stats(lh, out) | 99 | void lh_node_stats(LHASH *lh, FILE *out) |
| 99 | LHASH *lh; | ||
| 100 | FILE *out; | ||
| 101 | { | 100 | { |
| 102 | LHASH_NODE *n; | 101 | LHASH_NODE *n; |
| 103 | unsigned int i,num; | 102 | unsigned int i,num; |
| @@ -110,9 +109,7 @@ FILE *out; | |||
| 110 | } | 109 | } |
| 111 | } | 110 | } |
| 112 | 111 | ||
| 113 | void lh_node_usage_stats(lh, out) | 112 | void lh_node_usage_stats(LHASH *lh, FILE *out) |
| 114 | LHASH *lh; | ||
| 115 | FILE *out; | ||
| 116 | { | 113 | { |
| 117 | LHASH_NODE *n; | 114 | LHASH_NODE *n; |
| 118 | unsigned long num; | 115 | unsigned long num; |
| @@ -141,10 +138,8 @@ FILE *out; | |||
| 141 | 138 | ||
| 142 | #else | 139 | #else |
| 143 | 140 | ||
| 144 | #ifndef NO_FP_API | 141 | #ifndef OPENSSL_NO_FP_API |
| 145 | void lh_stats(lh,fp) | 142 | void lh_stats(const LHASH *lh, FILE *fp) |
| 146 | LHASH *lh; | ||
| 147 | FILE *fp; | ||
| 148 | { | 143 | { |
| 149 | BIO *bp; | 144 | BIO *bp; |
| 150 | 145 | ||
| @@ -156,9 +151,7 @@ FILE *fp; | |||
| 156 | end:; | 151 | end:; |
| 157 | } | 152 | } |
| 158 | 153 | ||
| 159 | void lh_node_stats(lh,fp) | 154 | void lh_node_stats(const LHASH *lh, FILE *fp) |
| 160 | LHASH *lh; | ||
| 161 | FILE *fp; | ||
| 162 | { | 155 | { |
| 163 | BIO *bp; | 156 | BIO *bp; |
| 164 | 157 | ||
| @@ -170,9 +163,7 @@ FILE *fp; | |||
| 170 | end:; | 163 | end:; |
| 171 | } | 164 | } |
| 172 | 165 | ||
| 173 | void lh_node_usage_stats(lh,fp) | 166 | void lh_node_usage_stats(const LHASH *lh, FILE *fp) |
| 174 | LHASH *lh; | ||
| 175 | FILE *fp; | ||
| 176 | { | 167 | { |
| 177 | BIO *bp; | 168 | BIO *bp; |
| 178 | 169 | ||
| @@ -186,9 +177,7 @@ end:; | |||
| 186 | 177 | ||
| 187 | #endif | 178 | #endif |
| 188 | 179 | ||
| 189 | void lh_stats_bio(lh, out) | 180 | void lh_stats_bio(const LHASH *lh, BIO *out) |
| 190 | LHASH *lh; | ||
| 191 | BIO *out; | ||
| 192 | { | 181 | { |
| 193 | char buf[128]; | 182 | char buf[128]; |
| 194 | 183 | ||
| @@ -224,7 +213,7 @@ BIO *out; | |||
| 224 | BIO_puts(out,buf); | 213 | BIO_puts(out,buf); |
| 225 | sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); | 214 | sprintf(buf,"num_hash_comps = %lu\n",lh->num_hash_comps); |
| 226 | BIO_puts(out,buf); | 215 | BIO_puts(out,buf); |
| 227 | #ifdef DEBUG | 216 | #if 0 |
| 228 | sprintf(buf,"p = %u\n",lh->p); | 217 | sprintf(buf,"p = %u\n",lh->p); |
| 229 | BIO_puts(out,buf); | 218 | BIO_puts(out,buf); |
| 230 | sprintf(buf,"pmax = %u\n",lh->pmax); | 219 | sprintf(buf,"pmax = %u\n",lh->pmax); |
| @@ -236,9 +225,7 @@ BIO *out; | |||
| 236 | #endif | 225 | #endif |
| 237 | } | 226 | } |
| 238 | 227 | ||
| 239 | void lh_node_stats_bio(lh, out) | 228 | void lh_node_stats_bio(const LHASH *lh, BIO *out) |
| 240 | LHASH *lh; | ||
| 241 | BIO *out; | ||
| 242 | { | 229 | { |
| 243 | LHASH_NODE *n; | 230 | LHASH_NODE *n; |
| 244 | unsigned int i,num; | 231 | unsigned int i,num; |
| @@ -253,9 +240,7 @@ BIO *out; | |||
| 253 | } | 240 | } |
| 254 | } | 241 | } |
| 255 | 242 | ||
| 256 | void lh_node_usage_stats_bio(lh, out) | 243 | void lh_node_usage_stats_bio(const LHASH *lh, BIO *out) |
| 257 | LHASH *lh; | ||
| 258 | BIO *out; | ||
| 259 | { | 244 | { |
| 260 | LHASH_NODE *n; | 245 | LHASH_NODE *n; |
| 261 | unsigned long num; | 246 | unsigned long num; |
diff --git a/src/lib/libcrypto/lhash/lhash.c b/src/lib/libcrypto/lhash/lhash.c index 6dfb5c9ccc..0a16fcf27d 100644 --- a/src/lib/libcrypto/lhash/lhash.c +++ b/src/lib/libcrypto/lhash/lhash.c | |||
| @@ -56,16 +56,19 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998"; | ||
| 60 | |||
| 61 | /* Code for dynamic hash table routines | 59 | /* Code for dynamic hash table routines |
| 62 | * Author - Eric Young v 2.0 | 60 | * Author - Eric Young v 2.0 |
| 63 | * | 61 | * |
| 64 | * 2.0 eay - Fixed a bug that occured when using lh_delete | 62 | * 2.2 eay - added #include "crypto.h" so the memory leak checking code is |
| 63 | * present. eay 18-Jun-98 | ||
| 64 | * | ||
| 65 | * 2.1 eay - Added an 'error in last operation' flag. eay 6-May-98 | ||
| 66 | * | ||
| 67 | * 2.0 eay - Fixed a bug that occurred when using lh_delete | ||
| 65 | * from inside lh_doall(). As entries were deleted, | 68 | * from inside lh_doall(). As entries were deleted, |
| 66 | * the 'table' was 'contract()ed', making some entries | 69 | * the 'table' was 'contract()ed', making some entries |
| 67 | * jump from the end of the table to the start, there by | 70 | * jump from the end of the table to the start, there by |
| 68 | * skiping the lh_doall() processing. eay - 4/12/95 | 71 | * skipping the lh_doall() processing. eay - 4/12/95 |
| 69 | * | 72 | * |
| 70 | * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs | 73 | * 1.9 eay - Fixed a memory leak in lh_free, the LHASH_NODEs |
| 71 | * were not being free()ed. 21/11/95 | 74 | * were not being free()ed. 21/11/95 |
| @@ -94,46 +97,33 @@ char *lh_version="lhash part of SSLeay 0.9.0b 29-Jun-1998"; | |||
| 94 | #include <stdio.h> | 97 | #include <stdio.h> |
| 95 | #include <string.h> | 98 | #include <string.h> |
| 96 | #include <stdlib.h> | 99 | #include <stdlib.h> |
| 97 | #include "lhash.h" | 100 | #include <openssl/crypto.h> |
| 101 | #include <openssl/lhash.h> | ||
| 102 | |||
| 103 | const char *lh_version="lhash" OPENSSL_VERSION_PTEXT; | ||
| 98 | 104 | ||
| 99 | #undef MIN_NODES | 105 | #undef MIN_NODES |
| 100 | #define MIN_NODES 16 | 106 | #define MIN_NODES 16 |
| 101 | #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ | 107 | #define UP_LOAD (2*LH_LOAD_MULT) /* load times 256 (default 2) */ |
| 102 | #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ | 108 | #define DOWN_LOAD (LH_LOAD_MULT) /* load times 256 (default 1) */ |
| 103 | 109 | ||
| 104 | #ifndef NOPROTO | ||
| 105 | |||
| 106 | #define P_CP char * | ||
| 107 | #define P_CPP char *,char * | ||
| 108 | static void expand(LHASH *lh); | 110 | static void expand(LHASH *lh); |
| 109 | static void contract(LHASH *lh); | 111 | static void contract(LHASH *lh); |
| 110 | static LHASH_NODE **getrn(LHASH *lh, char *data, unsigned long *rhash); | 112 | static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash); |
| 111 | 113 | ||
| 112 | #else | 114 | LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c) |
| 113 | |||
| 114 | #define P_CP | ||
| 115 | #define P_CPP | ||
| 116 | static void expand(); | ||
| 117 | static void contract(); | ||
| 118 | static LHASH_NODE **getrn(); | ||
| 119 | |||
| 120 | #endif | ||
| 121 | |||
| 122 | LHASH *lh_new(h, c) | ||
| 123 | unsigned long (*h)(); | ||
| 124 | int (*c)(); | ||
| 125 | { | 115 | { |
| 126 | LHASH *ret; | 116 | LHASH *ret; |
| 127 | int i; | 117 | int i; |
| 128 | 118 | ||
| 129 | if ((ret=(LHASH *)malloc(sizeof(LHASH))) == NULL) | 119 | if ((ret=(LHASH *)OPENSSL_malloc(sizeof(LHASH))) == NULL) |
| 130 | goto err0; | 120 | goto err0; |
| 131 | if ((ret->b=(LHASH_NODE **)malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) | 121 | if ((ret->b=(LHASH_NODE **)OPENSSL_malloc(sizeof(LHASH_NODE *)*MIN_NODES)) == NULL) |
| 132 | goto err1; | 122 | goto err1; |
| 133 | for (i=0; i<MIN_NODES; i++) | 123 | for (i=0; i<MIN_NODES; i++) |
| 134 | ret->b[i]=NULL; | 124 | ret->b[i]=NULL; |
| 135 | ret->comp=((c == NULL)?(int (*)())strcmp:c); | 125 | ret->comp=((c == NULL)?(LHASH_COMP_FN_TYPE)strcmp:c); |
| 136 | ret->hash=((h == NULL)?(unsigned long (*)())lh_strhash:h); | 126 | ret->hash=((h == NULL)?(LHASH_HASH_FN_TYPE)lh_strhash:h); |
| 137 | ret->num_nodes=MIN_NODES/2; | 127 | ret->num_nodes=MIN_NODES/2; |
| 138 | ret->num_alloc_nodes=MIN_NODES; | 128 | ret->num_alloc_nodes=MIN_NODES; |
| 139 | ret->p=0; | 129 | ret->p=0; |
| @@ -156,41 +146,43 @@ int (*c)(); | |||
| 156 | ret->num_retrieve_miss=0; | 146 | ret->num_retrieve_miss=0; |
| 157 | ret->num_hash_comps=0; | 147 | ret->num_hash_comps=0; |
| 158 | 148 | ||
| 149 | ret->error=0; | ||
| 159 | return(ret); | 150 | return(ret); |
| 160 | err1: | 151 | err1: |
| 161 | free((char *)ret); | 152 | OPENSSL_free(ret); |
| 162 | err0: | 153 | err0: |
| 163 | return(NULL); | 154 | return(NULL); |
| 164 | } | 155 | } |
| 165 | 156 | ||
| 166 | void lh_free(lh) | 157 | void lh_free(LHASH *lh) |
| 167 | LHASH *lh; | ||
| 168 | { | 158 | { |
| 169 | unsigned int i; | 159 | unsigned int i; |
| 170 | LHASH_NODE *n,*nn; | 160 | LHASH_NODE *n,*nn; |
| 171 | 161 | ||
| 162 | if (lh == NULL) | ||
| 163 | return; | ||
| 164 | |||
| 172 | for (i=0; i<lh->num_nodes; i++) | 165 | for (i=0; i<lh->num_nodes; i++) |
| 173 | { | 166 | { |
| 174 | n=lh->b[i]; | 167 | n=lh->b[i]; |
| 175 | while (n != NULL) | 168 | while (n != NULL) |
| 176 | { | 169 | { |
| 177 | nn=n->next; | 170 | nn=n->next; |
| 178 | free(n); | 171 | OPENSSL_free(n); |
| 179 | n=nn; | 172 | n=nn; |
| 180 | } | 173 | } |
| 181 | } | 174 | } |
| 182 | free((char *)lh->b); | 175 | OPENSSL_free(lh->b); |
| 183 | free((char *)lh); | 176 | OPENSSL_free(lh); |
| 184 | } | 177 | } |
| 185 | 178 | ||
| 186 | char *lh_insert(lh, data) | 179 | void *lh_insert(LHASH *lh, const void *data) |
| 187 | LHASH *lh; | ||
| 188 | char *data; | ||
| 189 | { | 180 | { |
| 190 | unsigned long hash; | 181 | unsigned long hash; |
| 191 | LHASH_NODE *nn,**rn; | 182 | LHASH_NODE *nn,**rn; |
| 192 | char *ret; | 183 | const void *ret; |
| 193 | 184 | ||
| 185 | lh->error=0; | ||
| 194 | if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) | 186 | if (lh->up_load <= (lh->num_items*LH_LOAD_MULT/lh->num_nodes)) |
| 195 | expand(lh); | 187 | expand(lh); |
| 196 | 188 | ||
| @@ -198,11 +190,14 @@ char *data; | |||
| 198 | 190 | ||
| 199 | if (*rn == NULL) | 191 | if (*rn == NULL) |
| 200 | { | 192 | { |
| 201 | if ((nn=(LHASH_NODE *)malloc(sizeof(LHASH_NODE))) == NULL) | 193 | if ((nn=(LHASH_NODE *)OPENSSL_malloc(sizeof(LHASH_NODE))) == NULL) |
| 194 | { | ||
| 195 | lh->error++; | ||
| 202 | return(NULL); | 196 | return(NULL); |
| 197 | } | ||
| 203 | nn->data=data; | 198 | nn->data=data; |
| 204 | nn->next=NULL; | 199 | nn->next=NULL; |
| 205 | #ifndef NO_HASH_COMP | 200 | #ifndef OPENSSL_NO_HASH_COMP |
| 206 | nn->hash=hash; | 201 | nn->hash=hash; |
| 207 | #endif | 202 | #endif |
| 208 | *rn=nn; | 203 | *rn=nn; |
| @@ -216,17 +211,16 @@ char *data; | |||
| 216 | (*rn)->data=data; | 211 | (*rn)->data=data; |
| 217 | lh->num_replace++; | 212 | lh->num_replace++; |
| 218 | } | 213 | } |
| 219 | return(ret); | 214 | return((void *)ret); |
| 220 | } | 215 | } |
| 221 | 216 | ||
| 222 | char *lh_delete(lh, data) | 217 | void *lh_delete(LHASH *lh, const void *data) |
| 223 | LHASH *lh; | ||
| 224 | char *data; | ||
| 225 | { | 218 | { |
| 226 | unsigned long hash; | 219 | unsigned long hash; |
| 227 | LHASH_NODE *nn,**rn; | 220 | LHASH_NODE *nn,**rn; |
| 228 | char *ret; | 221 | const void *ret; |
| 229 | 222 | ||
| 223 | lh->error=0; | ||
| 230 | rn=getrn(lh,data,&hash); | 224 | rn=getrn(lh,data,&hash); |
| 231 | 225 | ||
| 232 | if (*rn == NULL) | 226 | if (*rn == NULL) |
| @@ -239,7 +233,7 @@ char *data; | |||
| 239 | nn= *rn; | 233 | nn= *rn; |
| 240 | *rn=nn->next; | 234 | *rn=nn->next; |
| 241 | ret=nn->data; | 235 | ret=nn->data; |
| 242 | free((char *)nn); | 236 | OPENSSL_free(nn); |
| 243 | lh->num_delete++; | 237 | lh->num_delete++; |
| 244 | } | 238 | } |
| 245 | 239 | ||
| @@ -248,17 +242,16 @@ char *data; | |||
| 248 | (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) | 242 | (lh->down_load >= (lh->num_items*LH_LOAD_MULT/lh->num_nodes))) |
| 249 | contract(lh); | 243 | contract(lh); |
| 250 | 244 | ||
| 251 | return(ret); | 245 | return((void *)ret); |
| 252 | } | 246 | } |
| 253 | 247 | ||
| 254 | char *lh_retrieve(lh, data) | 248 | void *lh_retrieve(LHASH *lh, const void *data) |
| 255 | LHASH *lh; | ||
| 256 | char *data; | ||
| 257 | { | 249 | { |
| 258 | unsigned long hash; | 250 | unsigned long hash; |
| 259 | LHASH_NODE **rn; | 251 | LHASH_NODE **rn; |
| 260 | char *ret; | 252 | const void *ret; |
| 261 | 253 | ||
| 254 | lh->error=0; | ||
| 262 | rn=getrn(lh,data,&hash); | 255 | rn=getrn(lh,data,&hash); |
| 263 | 256 | ||
| 264 | if (*rn == NULL) | 257 | if (*rn == NULL) |
| @@ -271,20 +264,11 @@ char *data; | |||
| 271 | ret= (*rn)->data; | 264 | ret= (*rn)->data; |
| 272 | lh->num_retrieve++; | 265 | lh->num_retrieve++; |
| 273 | } | 266 | } |
| 274 | return(ret); | 267 | return((void *)ret); |
| 275 | } | 268 | } |
| 276 | 269 | ||
| 277 | void lh_doall(lh, func) | 270 | static void doall_util_fn(LHASH *lh, int use_arg, LHASH_DOALL_FN_TYPE func, |
| 278 | LHASH *lh; | 271 | LHASH_DOALL_ARG_FN_TYPE func_arg, void *arg) |
| 279 | void (*func)(); | ||
| 280 | { | ||
| 281 | lh_doall_arg(lh,func,NULL); | ||
| 282 | } | ||
| 283 | |||
| 284 | void lh_doall_arg(lh, func, arg) | ||
| 285 | LHASH *lh; | ||
| 286 | void (*func)(); | ||
| 287 | char *arg; | ||
| 288 | { | 272 | { |
| 289 | int i; | 273 | int i; |
| 290 | LHASH_NODE *a,*n; | 274 | LHASH_NODE *a,*n; |
| @@ -299,14 +283,26 @@ char *arg; | |||
| 299 | /* 28/05/91 - eay - n added so items can be deleted | 283 | /* 28/05/91 - eay - n added so items can be deleted |
| 300 | * via lh_doall */ | 284 | * via lh_doall */ |
| 301 | n=a->next; | 285 | n=a->next; |
| 302 | func(a->data,arg); | 286 | if(use_arg) |
| 287 | func_arg(a->data,arg); | ||
| 288 | else | ||
| 289 | func(a->data); | ||
| 303 | a=n; | 290 | a=n; |
| 304 | } | 291 | } |
| 305 | } | 292 | } |
| 306 | } | 293 | } |
| 307 | 294 | ||
| 308 | static void expand(lh) | 295 | void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func) |
| 309 | LHASH *lh; | 296 | { |
| 297 | doall_util_fn(lh, 0, func, (LHASH_DOALL_ARG_FN_TYPE)0, NULL); | ||
| 298 | } | ||
| 299 | |||
| 300 | void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg) | ||
| 301 | { | ||
| 302 | doall_util_fn(lh, 1, (LHASH_DOALL_FN_TYPE)0, func, arg); | ||
| 303 | } | ||
| 304 | |||
| 305 | static void expand(LHASH *lh) | ||
| 310 | { | 306 | { |
| 311 | LHASH_NODE **n,**n1,**n2,*np; | 307 | LHASH_NODE **n,**n1,**n2,*np; |
| 312 | unsigned int p,i,j; | 308 | unsigned int p,i,j; |
| @@ -322,10 +318,10 @@ LHASH *lh; | |||
| 322 | 318 | ||
| 323 | for (np= *n1; np != NULL; ) | 319 | for (np= *n1; np != NULL; ) |
| 324 | { | 320 | { |
| 325 | #ifndef NO_HASH_COMP | 321 | #ifndef OPENSSL_NO_HASH_COMP |
| 326 | hash=np->hash; | 322 | hash=np->hash; |
| 327 | #else | 323 | #else |
| 328 | hash=(*(lh->hash))(np->data); | 324 | hash=lh->hash(np->data); |
| 329 | lh->num_hash_calls++; | 325 | lh->num_hash_calls++; |
| 330 | #endif | 326 | #endif |
| 331 | if ((hash%nni) != p) | 327 | if ((hash%nni) != p) |
| @@ -342,11 +338,12 @@ LHASH *lh; | |||
| 342 | if ((lh->p) >= lh->pmax) | 338 | if ((lh->p) >= lh->pmax) |
| 343 | { | 339 | { |
| 344 | j=(int)lh->num_alloc_nodes*2; | 340 | j=(int)lh->num_alloc_nodes*2; |
| 345 | n=(LHASH_NODE **)realloc((char *)lh->b, | 341 | n=(LHASH_NODE **)OPENSSL_realloc(lh->b, |
| 346 | (unsigned int)sizeof(LHASH_NODE *)*j); | 342 | (unsigned int)sizeof(LHASH_NODE *)*j); |
| 347 | if (n == NULL) | 343 | if (n == NULL) |
| 348 | { | 344 | { |
| 349 | /* fputs("realloc error in lhash",stderr); */ | 345 | /* fputs("realloc error in lhash",stderr); */ |
| 346 | lh->error++; | ||
| 350 | lh->p=0; | 347 | lh->p=0; |
| 351 | return; | 348 | return; |
| 352 | } | 349 | } |
| @@ -361,8 +358,7 @@ LHASH *lh; | |||
| 361 | } | 358 | } |
| 362 | } | 359 | } |
| 363 | 360 | ||
| 364 | static void contract(lh) | 361 | static void contract(LHASH *lh) |
| 365 | LHASH *lh; | ||
| 366 | { | 362 | { |
| 367 | LHASH_NODE **n,*n1,*np; | 363 | LHASH_NODE **n,*n1,*np; |
| 368 | 364 | ||
| @@ -370,11 +366,12 @@ LHASH *lh; | |||
| 370 | lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ | 366 | lh->b[lh->p+lh->pmax-1]=NULL; /* 24/07-92 - eay - weird but :-( */ |
| 371 | if (lh->p == 0) | 367 | if (lh->p == 0) |
| 372 | { | 368 | { |
| 373 | n=(LHASH_NODE **)realloc((char *)lh->b, | 369 | n=(LHASH_NODE **)OPENSSL_realloc(lh->b, |
| 374 | (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); | 370 | (unsigned int)(sizeof(LHASH_NODE *)*lh->pmax)); |
| 375 | if (n == NULL) | 371 | if (n == NULL) |
| 376 | { | 372 | { |
| 377 | /* fputs("realloc error in lhash",stderr); */ | 373 | /* fputs("realloc error in lhash",stderr); */ |
| 374 | lh->error++; | ||
| 378 | return; | 375 | return; |
| 379 | } | 376 | } |
| 380 | lh->num_contract_reallocs++; | 377 | lh->num_contract_reallocs++; |
| @@ -400,10 +397,7 @@ LHASH *lh; | |||
| 400 | } | 397 | } |
| 401 | } | 398 | } |
| 402 | 399 | ||
| 403 | static LHASH_NODE **getrn(lh, data, rhash) | 400 | static LHASH_NODE **getrn(LHASH *lh, const void *data, unsigned long *rhash) |
| 404 | LHASH *lh; | ||
| 405 | char *data; | ||
| 406 | unsigned long *rhash; | ||
| 407 | { | 401 | { |
| 408 | LHASH_NODE **ret,*n1; | 402 | LHASH_NODE **ret,*n1; |
| 409 | unsigned long hash,nn; | 403 | unsigned long hash,nn; |
| @@ -421,7 +415,7 @@ unsigned long *rhash; | |||
| 421 | ret= &(lh->b[(int)nn]); | 415 | ret= &(lh->b[(int)nn]); |
| 422 | for (n1= *ret; n1 != NULL; n1=n1->next) | 416 | for (n1= *ret; n1 != NULL; n1=n1->next) |
| 423 | { | 417 | { |
| 424 | #ifndef NO_HASH_COMP | 418 | #ifndef OPENSSL_NO_HASH_COMP |
| 425 | lh->num_hash_comps++; | 419 | lh->num_hash_comps++; |
| 426 | if (n1->hash != hash) | 420 | if (n1->hash != hash) |
| 427 | { | 421 | { |
| @@ -430,35 +424,18 @@ unsigned long *rhash; | |||
| 430 | } | 424 | } |
| 431 | #endif | 425 | #endif |
| 432 | lh->num_comp_calls++; | 426 | lh->num_comp_calls++; |
| 433 | if ((*cf)(n1->data,data) == 0) | 427 | if(cf(n1->data,data) == 0) |
| 434 | break; | 428 | break; |
| 435 | ret= &(n1->next); | 429 | ret= &(n1->next); |
| 436 | } | 430 | } |
| 437 | return(ret); | 431 | return(ret); |
| 438 | } | 432 | } |
| 439 | 433 | ||
| 440 | /* | ||
| 441 | static unsigned long lh_strhash(str) | ||
| 442 | char *str; | ||
| 443 | { | ||
| 444 | int i,l; | ||
| 445 | unsigned long ret=0; | ||
| 446 | unsigned short *s; | ||
| 447 | |||
| 448 | if (str == NULL) return(0); | ||
| 449 | l=(strlen(str)+1)/2; | ||
| 450 | s=(unsigned short *)str; | ||
| 451 | for (i=0; i<l; i++) | ||
| 452 | ret^=(s[i]<<(i&0x0f)); | ||
| 453 | return(ret); | ||
| 454 | } */ | ||
| 455 | |||
| 456 | /* The following hash seems to work very well on normal text strings | 434 | /* The following hash seems to work very well on normal text strings |
| 457 | * no collisions on /usr/dict/words and it distributes on %2^n quite | 435 | * no collisions on /usr/dict/words and it distributes on %2^n quite |
| 458 | * well, not as good as MD5, but still good. | 436 | * well, not as good as MD5, but still good. |
| 459 | */ | 437 | */ |
| 460 | unsigned long lh_strhash(c) | 438 | unsigned long lh_strhash(const char *c) |
| 461 | char *c; | ||
| 462 | { | 439 | { |
| 463 | unsigned long ret=0; | 440 | unsigned long ret=0; |
| 464 | long n; | 441 | long n; |
| @@ -487,3 +464,7 @@ char *c; | |||
| 487 | return((ret>>16)^ret); | 464 | return((ret>>16)^ret); |
| 488 | } | 465 | } |
| 489 | 466 | ||
| 467 | unsigned long lh_num_items(const LHASH *lh) | ||
| 468 | { | ||
| 469 | return lh ? lh->num_items : 0; | ||
| 470 | } | ||
diff --git a/src/lib/libcrypto/lhash/lhash.h b/src/lib/libcrypto/lhash/lhash.h index 70cbc6dfe7..dee8207333 100644 --- a/src/lib/libcrypto/lhash/lhash.h +++ b/src/lib/libcrypto/lhash/lhash.h | |||
| @@ -63,24 +63,82 @@ | |||
| 63 | #ifndef HEADER_LHASH_H | 63 | #ifndef HEADER_LHASH_H |
| 64 | #define HEADER_LHASH_H | 64 | #define HEADER_LHASH_H |
| 65 | 65 | ||
| 66 | #ifndef OPENSSL_NO_FP_API | ||
| 67 | #include <stdio.h> | ||
| 68 | #endif | ||
| 69 | |||
| 70 | #ifndef OPENSSL_NO_BIO | ||
| 71 | #include <openssl/bio.h> | ||
| 72 | #endif | ||
| 73 | |||
| 66 | #ifdef __cplusplus | 74 | #ifdef __cplusplus |
| 67 | extern "C" { | 75 | extern "C" { |
| 68 | #endif | 76 | #endif |
| 69 | 77 | ||
| 70 | typedef struct lhash_node_st | 78 | typedef struct lhash_node_st |
| 71 | { | 79 | { |
| 72 | char *data; | 80 | const void *data; |
| 73 | struct lhash_node_st *next; | 81 | struct lhash_node_st *next; |
| 74 | #ifndef NO_HASH_COMP | 82 | #ifndef OPENSSL_NO_HASH_COMP |
| 75 | unsigned long hash; | 83 | unsigned long hash; |
| 76 | #endif | 84 | #endif |
| 77 | } LHASH_NODE; | 85 | } LHASH_NODE; |
| 78 | 86 | ||
| 87 | typedef int (*LHASH_COMP_FN_TYPE)(const void *, const void *); | ||
| 88 | typedef unsigned long (*LHASH_HASH_FN_TYPE)(const void *); | ||
| 89 | typedef void (*LHASH_DOALL_FN_TYPE)(const void *); | ||
| 90 | typedef void (*LHASH_DOALL_ARG_FN_TYPE)(const void *, void *); | ||
| 91 | |||
| 92 | /* Macros for declaring and implementing type-safe wrappers for LHASH callbacks. | ||
| 93 | * This way, callbacks can be provided to LHASH structures without function | ||
| 94 | * pointer casting and the macro-defined callbacks provide per-variable casting | ||
| 95 | * before deferring to the underlying type-specific callbacks. NB: It is | ||
| 96 | * possible to place a "static" in front of both the DECLARE and IMPLEMENT | ||
| 97 | * macros if the functions are strictly internal. */ | ||
| 98 | |||
| 99 | /* First: "hash" functions */ | ||
| 100 | #define DECLARE_LHASH_HASH_FN(f_name,o_type) \ | ||
| 101 | unsigned long f_name##_LHASH_HASH(const void *); | ||
| 102 | #define IMPLEMENT_LHASH_HASH_FN(f_name,o_type) \ | ||
| 103 | unsigned long f_name##_LHASH_HASH(const void *arg) { \ | ||
| 104 | o_type a = (o_type)arg; \ | ||
| 105 | return f_name(a); } | ||
| 106 | #define LHASH_HASH_FN(f_name) f_name##_LHASH_HASH | ||
| 107 | |||
| 108 | /* Second: "compare" functions */ | ||
| 109 | #define DECLARE_LHASH_COMP_FN(f_name,o_type) \ | ||
| 110 | int f_name##_LHASH_COMP(const void *, const void *); | ||
| 111 | #define IMPLEMENT_LHASH_COMP_FN(f_name,o_type) \ | ||
| 112 | int f_name##_LHASH_COMP(const void *arg1, const void *arg2) { \ | ||
| 113 | o_type a = (o_type)arg1; \ | ||
| 114 | o_type b = (o_type)arg2; \ | ||
| 115 | return f_name(a,b); } | ||
| 116 | #define LHASH_COMP_FN(f_name) f_name##_LHASH_COMP | ||
| 117 | |||
| 118 | /* Third: "doall" functions */ | ||
| 119 | #define DECLARE_LHASH_DOALL_FN(f_name,o_type) \ | ||
| 120 | void f_name##_LHASH_DOALL(const void *); | ||
| 121 | #define IMPLEMENT_LHASH_DOALL_FN(f_name,o_type) \ | ||
| 122 | void f_name##_LHASH_DOALL(const void *arg) { \ | ||
| 123 | o_type a = (o_type)arg; \ | ||
| 124 | f_name(a); } | ||
| 125 | #define LHASH_DOALL_FN(f_name) f_name##_LHASH_DOALL | ||
| 126 | |||
| 127 | /* Fourth: "doall_arg" functions */ | ||
| 128 | #define DECLARE_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ | ||
| 129 | void f_name##_LHASH_DOALL_ARG(const void *, void *); | ||
| 130 | #define IMPLEMENT_LHASH_DOALL_ARG_FN(f_name,o_type,a_type) \ | ||
| 131 | void f_name##_LHASH_DOALL_ARG(const void *arg1, void *arg2) { \ | ||
| 132 | o_type a = (o_type)arg1; \ | ||
| 133 | a_type b = (a_type)arg2; \ | ||
| 134 | f_name(a,b); } | ||
| 135 | #define LHASH_DOALL_ARG_FN(f_name) f_name##_LHASH_DOALL_ARG | ||
| 136 | |||
| 79 | typedef struct lhash_st | 137 | typedef struct lhash_st |
| 80 | { | 138 | { |
| 81 | LHASH_NODE **b; | 139 | LHASH_NODE **b; |
| 82 | int (*comp)(); | 140 | LHASH_COMP_FN_TYPE comp; |
| 83 | unsigned long (*hash)(); | 141 | LHASH_HASH_FN_TYPE hash; |
| 84 | unsigned int num_nodes; | 142 | unsigned int num_nodes; |
| 85 | unsigned int num_alloc_nodes; | 143 | unsigned int num_alloc_nodes; |
| 86 | unsigned int p; | 144 | unsigned int p; |
| @@ -102,51 +160,37 @@ typedef struct lhash_st | |||
| 102 | unsigned long num_retrieve; | 160 | unsigned long num_retrieve; |
| 103 | unsigned long num_retrieve_miss; | 161 | unsigned long num_retrieve_miss; |
| 104 | unsigned long num_hash_comps; | 162 | unsigned long num_hash_comps; |
| 163 | |||
| 164 | int error; | ||
| 105 | } LHASH; | 165 | } LHASH; |
| 106 | 166 | ||
| 107 | #define LH_LOAD_MULT 256 | 167 | #define LH_LOAD_MULT 256 |
| 108 | 168 | ||
| 109 | #ifndef NOPROTO | 169 | /* Indicates a malloc() error in the last call, this is only bad |
| 110 | LHASH *lh_new(unsigned long (*h)(), int (*c)()); | 170 | * in lh_insert(). */ |
| 171 | #define lh_error(lh) ((lh)->error) | ||
| 172 | |||
| 173 | LHASH *lh_new(LHASH_HASH_FN_TYPE h, LHASH_COMP_FN_TYPE c); | ||
| 111 | void lh_free(LHASH *lh); | 174 | void lh_free(LHASH *lh); |
| 112 | char *lh_insert(LHASH *lh, char *data); | 175 | void *lh_insert(LHASH *lh, const void *data); |
| 113 | char *lh_delete(LHASH *lh, char *data); | 176 | void *lh_delete(LHASH *lh, const void *data); |
| 114 | char *lh_retrieve(LHASH *lh, char *data); | 177 | void *lh_retrieve(LHASH *lh, const void *data); |
| 115 | void lh_doall(LHASH *lh, void (*func)(/* char *b */)); | 178 | void lh_doall(LHASH *lh, LHASH_DOALL_FN_TYPE func); |
| 116 | void lh_doall_arg(LHASH *lh, void (*func)(/*char *a,char *b*/),char *arg); | 179 | void lh_doall_arg(LHASH *lh, LHASH_DOALL_ARG_FN_TYPE func, void *arg); |
| 117 | unsigned long lh_strhash(char *c); | 180 | unsigned long lh_strhash(const char *c); |
| 118 | 181 | unsigned long lh_num_items(const LHASH *lh); | |
| 119 | #ifndef NO_FP_API | ||
| 120 | void lh_stats(LHASH *lh, FILE *out); | ||
| 121 | void lh_node_stats(LHASH *lh, FILE *out); | ||
| 122 | void lh_node_usage_stats(LHASH *lh, FILE *out); | ||
| 123 | #endif | ||
| 124 | 182 | ||
| 125 | #ifdef HEADER_BIO_H | 183 | #ifndef OPENSSL_NO_FP_API |
| 126 | void lh_stats_bio(LHASH *lh, BIO *out); | 184 | void lh_stats(const LHASH *lh, FILE *out); |
| 127 | void lh_node_stats_bio(LHASH *lh, BIO *out); | 185 | void lh_node_stats(const LHASH *lh, FILE *out); |
| 128 | void lh_node_usage_stats_bio(LHASH *lh, BIO *out); | 186 | void lh_node_usage_stats(const LHASH *lh, FILE *out); |
| 129 | #endif | ||
| 130 | #else | ||
| 131 | LHASH *lh_new(); | ||
| 132 | void lh_free(); | ||
| 133 | char *lh_insert(); | ||
| 134 | char *lh_delete(); | ||
| 135 | char *lh_retrieve(); | ||
| 136 | void lh_doall(); | ||
| 137 | void lh_doall_arg(); | ||
| 138 | unsigned long lh_strhash(); | ||
| 139 | |||
| 140 | #ifndef NO_FP_API | ||
| 141 | void lh_stats(); | ||
| 142 | void lh_node_stats(); | ||
| 143 | void lh_node_usage_stats(); | ||
| 144 | #endif | ||
| 145 | void lh_stats_bio(); | ||
| 146 | void lh_node_stats_bio(); | ||
| 147 | void lh_node_usage_stats_bio(); | ||
| 148 | #endif | 187 | #endif |
| 149 | 188 | ||
| 189 | #ifndef OPENSSL_NO_BIO | ||
| 190 | void lh_stats_bio(const LHASH *lh, BIO *out); | ||
| 191 | void lh_node_stats_bio(const LHASH *lh, BIO *out); | ||
| 192 | void lh_node_usage_stats_bio(const LHASH *lh, BIO *out); | ||
| 193 | #endif | ||
| 150 | #ifdef __cplusplus | 194 | #ifdef __cplusplus |
| 151 | } | 195 | } |
| 152 | #endif | 196 | #endif |
diff --git a/src/lib/libcrypto/md32_common.h b/src/lib/libcrypto/md32_common.h index 2b91f9eef2..353d2b96ad 100644 --- a/src/lib/libcrypto/md32_common.h +++ b/src/lib/libcrypto/md32_common.h | |||
| @@ -94,6 +94,8 @@ | |||
| 94 | * in original (data) byte order, implemented externally (it | 94 | * in original (data) byte order, implemented externally (it |
| 95 | * actually is optional if data and host are of the same | 95 | * actually is optional if data and host are of the same |
| 96 | * "endianess"). | 96 | * "endianess"). |
| 97 | * HASH_MAKE_STRING | ||
| 98 | * macro convering context variables to an ASCII hash string. | ||
| 97 | * | 99 | * |
| 98 | * Optional macros: | 100 | * Optional macros: |
| 99 | * | 101 | * |
| @@ -177,9 +179,18 @@ | |||
| 177 | */ | 179 | */ |
| 178 | #undef ROTATE | 180 | #undef ROTATE |
| 179 | #ifndef PEDANTIC | 181 | #ifndef PEDANTIC |
| 180 | # if defined(_MSC_VER) | 182 | # if 0 /* defined(_MSC_VER) */ |
| 181 | # define ROTATE(a,n) _lrotl(a,n) | 183 | # define ROTATE(a,n) _lrotl(a,n) |
| 182 | # elif defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) | 184 | # elif defined(__MWERKS__) |
| 185 | # if defined(__POWERPC__) | ||
| 186 | # define ROTATE(a,n) __rlwinm(a,n,0,31) | ||
| 187 | # elif defined(__MC68K__) | ||
| 188 | /* Motorola specific tweak. <appro@fy.chalmers.se> */ | ||
| 189 | # define ROTATE(a,n) ( n<24 ? __rol(a,n) : __ror(a,32-n) ) | ||
| 190 | # else | ||
| 191 | # define ROTATE(a,n) __rol(a,n) | ||
| 192 | # endif | ||
| 193 | # elif defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) | ||
| 183 | /* | 194 | /* |
| 184 | * Some GNU C inline assembler templates. Note that these are | 195 | * Some GNU C inline assembler templates. Note that these are |
| 185 | * rotates by *constant* number of bits! But that's exactly | 196 | * rotates by *constant* number of bits! But that's exactly |
| @@ -187,18 +198,18 @@ | |||
| 187 | * | 198 | * |
| 188 | * <appro@fy.chalmers.se> | 199 | * <appro@fy.chalmers.se> |
| 189 | */ | 200 | */ |
| 190 | # if defined(__i386) | 201 | # if defined(__i386) || defined(__i386__) |
| 191 | # define ROTATE(a,n) ({ register unsigned int ret; \ | 202 | # define ROTATE(a,n) ({ register unsigned int ret; \ |
| 192 | asm volatile ( \ | 203 | asm ( \ |
| 193 | "roll %1,%0" \ | 204 | "roll %1,%0" \ |
| 194 | : "=r"(ret) \ | 205 | : "=r"(ret) \ |
| 195 | : "I"(n), "0"(a) \ | 206 | : "I"(n), "0"(a) \ |
| 196 | : "cc"); \ | 207 | : "cc"); \ |
| 197 | ret; \ | 208 | ret; \ |
| 198 | }) | 209 | }) |
| 199 | # elif defined(__powerpc) | 210 | # elif defined(__powerpc) || defined(__ppc) |
| 200 | # define ROTATE(a,n) ({ register unsigned int ret; \ | 211 | # define ROTATE(a,n) ({ register unsigned int ret; \ |
| 201 | asm volatile ( \ | 212 | asm ( \ |
| 202 | "rlwinm %0,%1,%2,0,31" \ | 213 | "rlwinm %0,%1,%2,0,31" \ |
| 203 | : "=r"(ret) \ | 214 | : "=r"(ret) \ |
| 204 | : "r"(a), "I"(n)); \ | 215 | : "r"(a), "I"(n)); \ |
| @@ -211,27 +222,27 @@ | |||
| 211 | * Engage compiler specific "fetch in reverse byte order" | 222 | * Engage compiler specific "fetch in reverse byte order" |
| 212 | * intrinsic function if available. | 223 | * intrinsic function if available. |
| 213 | */ | 224 | */ |
| 214 | # if defined(__GNUC__) && __GNUC__>=2 && !defined(NO_ASM) | 225 | # if defined(__GNUC__) && __GNUC__>=2 && !defined(OPENSSL_NO_ASM) && !defined(OPENSSL_NO_INLINE_ASM) |
| 215 | /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */ | 226 | /* some GNU C inline assembler templates by <appro@fy.chalmers.se> */ |
| 216 | # if defined(__i386) && !defined(I386_ONLY) | 227 | # if (defined(__i386) || defined(__i386__)) && !defined(I386_ONLY) |
| 217 | # define BE_FETCH32(a) ({ register unsigned int l=(a);\ | 228 | # define BE_FETCH32(a) ({ register unsigned int l=(a);\ |
| 218 | asm volatile ( \ | 229 | asm ( \ |
| 219 | "bswapl %0" \ | 230 | "bswapl %0" \ |
| 220 | : "=r"(l) : "0"(l)); \ | 231 | : "=r"(l) : "0"(l)); \ |
| 221 | l; \ | 232 | l; \ |
| 222 | }) | 233 | }) |
| 223 | # elif defined(__powerpc) | 234 | # elif defined(__powerpc) |
| 224 | # define LE_FETCH32(a) ({ register unsigned int l; \ | 235 | # define LE_FETCH32(a) ({ register unsigned int l; \ |
| 225 | asm volatile ( \ | 236 | asm ( \ |
| 226 | "lwbrx %0,0,%1" \ | 237 | "lwbrx %0,0,%1" \ |
| 227 | : "=r"(l) \ | 238 | : "=r"(l) \ |
| 228 | : "r"(a)); \ | 239 | : "r"(a)); \ |
| 229 | l; \ | 240 | l; \ |
| 230 | }) | 241 | }) |
| 231 | 242 | ||
| 232 | # elif defined(__sparc) && defined(ULTRASPARC) | 243 | # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) |
| 233 | # define LE_FETCH32(a) ({ register unsigned int l; \ | 244 | # define LE_FETCH32(a) ({ register unsigned int l; \ |
| 234 | asm volatile ( \ | 245 | asm ( \ |
| 235 | "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ | 246 | "lda [%1]#ASI_PRIMARY_LITTLE,%0"\ |
| 236 | : "=r"(l) \ | 247 | : "=r"(l) \ |
| 237 | : "r"(a)); \ | 248 | : "r"(a)); \ |
| @@ -399,13 +410,14 @@ | |||
| 399 | * Time for some action:-) | 410 | * Time for some action:-) |
| 400 | */ | 411 | */ |
| 401 | 412 | ||
| 402 | void HASH_UPDATE (HASH_CTX *c, const unsigned char *data, unsigned long len) | 413 | int HASH_UPDATE (HASH_CTX *c, const void *data_, unsigned long len) |
| 403 | { | 414 | { |
| 415 | const unsigned char *data=data_; | ||
| 404 | register HASH_LONG * p; | 416 | register HASH_LONG * p; |
| 405 | register unsigned long l; | 417 | register unsigned long l; |
| 406 | int sw,sc,ew,ec; | 418 | int sw,sc,ew,ec; |
| 407 | 419 | ||
| 408 | if (len==0) return; | 420 | if (len==0) return 1; |
| 409 | 421 | ||
| 410 | l=(c->Nl+(len<<3))&0xffffffffL; | 422 | l=(c->Nl+(len<<3))&0xffffffffL; |
| 411 | /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to | 423 | /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to |
| @@ -454,7 +466,7 @@ void HASH_UPDATE (HASH_CTX *c, const unsigned char *data, unsigned long len) | |||
| 454 | HOST_c2l_p(data,l,ec); p[sw]=l; | 466 | HOST_c2l_p(data,l,ec); p[sw]=l; |
| 455 | } | 467 | } |
| 456 | } | 468 | } |
| 457 | return; | 469 | return 1; |
| 458 | } | 470 | } |
| 459 | } | 471 | } |
| 460 | 472 | ||
| @@ -508,6 +520,7 @@ void HASH_UPDATE (HASH_CTX *c, const unsigned char *data, unsigned long len) | |||
| 508 | HOST_c2l_p(data,l,ec); | 520 | HOST_c2l_p(data,l,ec); |
| 509 | *p=l; | 521 | *p=l; |
| 510 | } | 522 | } |
| 523 | return 1; | ||
| 511 | } | 524 | } |
| 512 | 525 | ||
| 513 | 526 | ||
| @@ -531,7 +544,7 @@ void HASH_TRANSFORM (HASH_CTX *c, const unsigned char *data) | |||
| 531 | } | 544 | } |
| 532 | 545 | ||
| 533 | 546 | ||
| 534 | void HASH_FINAL (unsigned char *md, HASH_CTX *c) | 547 | int HASH_FINAL (unsigned char *md, HASH_CTX *c) |
| 535 | { | 548 | { |
| 536 | register HASH_LONG *p; | 549 | register HASH_LONG *p; |
| 537 | register unsigned long l; | 550 | register unsigned long l; |
| @@ -581,14 +594,16 @@ void HASH_FINAL (unsigned char *md, HASH_CTX *c) | |||
| 581 | #endif | 594 | #endif |
| 582 | HASH_BLOCK_HOST_ORDER (c,p,1); | 595 | HASH_BLOCK_HOST_ORDER (c,p,1); |
| 583 | 596 | ||
| 584 | l=c->A; HOST_l2c(l,md); | 597 | #ifndef HASH_MAKE_STRING |
| 585 | l=c->B; HOST_l2c(l,md); | 598 | #error "HASH_MAKE_STRING must be defined!" |
| 586 | l=c->C; HOST_l2c(l,md); | 599 | #else |
| 587 | l=c->D; HOST_l2c(l,md); | 600 | HASH_MAKE_STRING(c,md); |
| 601 | #endif | ||
| 588 | 602 | ||
| 589 | c->num=0; | 603 | c->num=0; |
| 590 | /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack | 604 | /* clear stuff, HASH_BLOCK may be leaving some stuff on the stack |
| 591 | * but I'm not worried :-) | 605 | * but I'm not worried :-) |
| 592 | memset((void *)c,0,sizeof(HASH_CTX)); | 606 | memset((void *)c,0,sizeof(HASH_CTX)); |
| 593 | */ | 607 | */ |
| 608 | return 1; | ||
| 594 | } | 609 | } |
diff --git a/src/lib/libcrypto/md4/md4.h b/src/lib/libcrypto/md4/md4.h index c794e186db..7a7b23682f 100644 --- a/src/lib/libcrypto/md4/md4.h +++ b/src/lib/libcrypto/md4/md4.h | |||
| @@ -59,11 +59,13 @@ | |||
| 59 | #ifndef HEADER_MD4_H | 59 | #ifndef HEADER_MD4_H |
| 60 | #define HEADER_MD4_H | 60 | #define HEADER_MD4_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 66 | #ifdef NO_MD4 | 68 | #ifdef OPENSSL_NO_MD4 |
| 67 | #error MD4 is disabled. | 69 | #error MD4 is disabled. |
| 68 | #endif | 70 | #endif |
| 69 | 71 | ||
| @@ -74,9 +76,9 @@ extern "C" { | |||
| 74 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | 76 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! |
| 75 | */ | 77 | */ |
| 76 | 78 | ||
| 77 | #if defined(WIN16) || defined(__LP32__) | 79 | #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) |
| 78 | #define MD4_LONG unsigned long | 80 | #define MD4_LONG unsigned long |
| 79 | #elif defined(_CRAY) || defined(__ILP64__) | 81 | #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) |
| 80 | #define MD4_LONG unsigned long | 82 | #define MD4_LONG unsigned long |
| 81 | #define MD4_LONG_LOG2 3 | 83 | #define MD4_LONG_LOG2 3 |
| 82 | /* | 84 | /* |
| @@ -102,9 +104,9 @@ typedef struct MD4state_st | |||
| 102 | int num; | 104 | int num; |
| 103 | } MD4_CTX; | 105 | } MD4_CTX; |
| 104 | 106 | ||
| 105 | void MD4_Init(MD4_CTX *c); | 107 | int MD4_Init(MD4_CTX *c); |
| 106 | void MD4_Update(MD4_CTX *c, const void *data, unsigned long len); | 108 | int MD4_Update(MD4_CTX *c, const void *data, unsigned long len); |
| 107 | void MD4_Final(unsigned char *md, MD4_CTX *c); | 109 | int MD4_Final(unsigned char *md, MD4_CTX *c); |
| 108 | unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); | 110 | unsigned char *MD4(const unsigned char *d, unsigned long n, unsigned char *md); |
| 109 | void MD4_Transform(MD4_CTX *c, const unsigned char *b); | 111 | void MD4_Transform(MD4_CTX *c, const unsigned char *b); |
| 110 | #ifdef __cplusplus | 112 | #ifdef __cplusplus |
diff --git a/src/lib/libcrypto/md4/md4_dgst.c b/src/lib/libcrypto/md4/md4_dgst.c index 81488ae2e2..6446f5f5e7 100644 --- a/src/lib/libcrypto/md4/md4_dgst.c +++ b/src/lib/libcrypto/md4/md4_dgst.c | |||
| @@ -70,7 +70,7 @@ const char *MD4_version="MD4" OPENSSL_VERSION_PTEXT; | |||
| 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL |
| 71 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L |
| 72 | 72 | ||
| 73 | void MD4_Init(MD4_CTX *c) | 73 | int MD4_Init(MD4_CTX *c) |
| 74 | { | 74 | { |
| 75 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; |
| 76 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; |
| @@ -79,6 +79,7 @@ void MD4_Init(MD4_CTX *c) | |||
| 79 | c->Nl=0; | 79 | c->Nl=0; |
| 80 | c->Nh=0; | 80 | c->Nh=0; |
| 81 | c->num=0; | 81 | c->num=0; |
| 82 | return 1; | ||
| 82 | } | 83 | } |
| 83 | 84 | ||
| 84 | #ifndef md4_block_host_order | 85 | #ifndef md4_block_host_order |
diff --git a/src/lib/libcrypto/md4/md4_locl.h b/src/lib/libcrypto/md4/md4_locl.h index 0a2b39018d..a8d31d7a73 100644 --- a/src/lib/libcrypto/md4/md4_locl.h +++ b/src/lib/libcrypto/md4/md4_locl.h | |||
| @@ -68,7 +68,7 @@ | |||
| 68 | void md4_block_host_order (MD4_CTX *c, const void *p,int num); | 68 | void md4_block_host_order (MD4_CTX *c, const void *p,int num); |
| 69 | void md4_block_data_order (MD4_CTX *c, const void *p,int num); | 69 | void md4_block_data_order (MD4_CTX *c, const void *p,int num); |
| 70 | 70 | ||
| 71 | #if defined(__i386) || defined(_M_IX86) || defined(__INTEL__) | 71 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) |
| 72 | /* | 72 | /* |
| 73 | * *_block_host_order is expected to handle aligned data while | 73 | * *_block_host_order is expected to handle aligned data while |
| 74 | * *_block_data_order - unaligned. As algorithm and host (x86) | 74 | * *_block_data_order - unaligned. As algorithm and host (x86) |
diff --git a/src/lib/libcrypto/md5/asm/md5-586.pl b/src/lib/libcrypto/md5/asm/md5-586.pl index 2c7fb7dd98..5fc6a205ce 100644 --- a/src/lib/libcrypto/md5/asm/md5-586.pl +++ b/src/lib/libcrypto/md5/asm/md5-586.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # Normal is the | 3 | # Normal is the |
| 4 | # md5_block_x86(MD5_CTX *c, ULONG *X); | 4 | # md5_block_x86(MD5_CTX *c, ULONG *X); |
| @@ -29,7 +29,7 @@ $X="esi"; | |||
| 29 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 | 29 | 0, 7, 14, 5, 12, 3, 10, 1, 8, 15, 6, 13, 4, 11, 2, 9, # R3 |
| 30 | ); | 30 | ); |
| 31 | 31 | ||
| 32 | &md5_block("md5_block_x86"); | 32 | &md5_block("md5_block_asm_host_order"); |
| 33 | &asm_finish(); | 33 | &asm_finish(); |
| 34 | 34 | ||
| 35 | sub Np | 35 | sub Np |
| @@ -44,7 +44,7 @@ sub R0 | |||
| 44 | local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; | 44 | local($pos,$a,$b,$c,$d,$K,$ki,$s,$t)=@_; |
| 45 | 45 | ||
| 46 | &mov($tmp1,$C) if $pos < 0; | 46 | &mov($tmp1,$C) if $pos < 0; |
| 47 | &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one | 47 | &mov($tmp2,&DWP($xo[$ki]*4,$K,"",0)) if $pos < 0; # very first one |
| 48 | 48 | ||
| 49 | # body proper | 49 | # body proper |
| 50 | 50 | ||
| @@ -54,7 +54,6 @@ sub R0 | |||
| 54 | &and($tmp1,$b); # F function - part 3 | 54 | &and($tmp1,$b); # F function - part 3 |
| 55 | &lea($a,&DWP($t,$a,$tmp2,1)); | 55 | &lea($a,&DWP($t,$a,$tmp2,1)); |
| 56 | 56 | ||
| 57 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); | ||
| 58 | &xor($tmp1,$d); # F function - part 4 | 57 | &xor($tmp1,$d); # F function - part 4 |
| 59 | 58 | ||
| 60 | &add($a,$tmp1); | 59 | &add($a,$tmp1); |
| @@ -62,8 +61,10 @@ sub R0 | |||
| 62 | &mov($tmp1,&Np($c)) if $pos == 1; # next tmp1 for R1 | 61 | &mov($tmp1,&Np($c)) if $pos == 1; # next tmp1 for R1 |
| 63 | 62 | ||
| 64 | &rotl($a,$s); | 63 | &rotl($a,$s); |
| 65 | &add($a,$b); | ||
| 66 | 64 | ||
| 65 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); | ||
| 66 | |||
| 67 | &add($a,$b); | ||
| 67 | } | 68 | } |
| 68 | 69 | ||
| 69 | sub R1 | 70 | sub R1 |
| @@ -100,16 +101,16 @@ if (($n & 1) == 0) | |||
| 100 | # make sure to do 'D' first, not 'B', else we clash with | 101 | # make sure to do 'D' first, not 'B', else we clash with |
| 101 | # the last add from the previous round. | 102 | # the last add from the previous round. |
| 102 | 103 | ||
| 103 | &xor($tmp1,$d); # H function - part 2 | 104 | &xor($tmp1,$d); # H function - part 2 |
| 104 | 105 | ||
| 105 | &xor($tmp1,$b); # H function - part 3 | 106 | &xor($tmp1,$b); # H function - part 3 |
| 106 | &lea($a,&DWP($t,$a,$tmp2,1)); | 107 | &lea($a,&DWP($t,$a,$tmp2,1)); |
| 107 | 108 | ||
| 108 | &add($a,$tmp1); | 109 | &add($a,$tmp1); |
| 109 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)); | ||
| 110 | 110 | ||
| 111 | &rotl($a,$s); | 111 | &rotl($a,$s); |
| 112 | 112 | ||
| 113 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)); | ||
| 113 | &mov($tmp1,&Np($c)); | 114 | &mov($tmp1,&Np($c)); |
| 114 | } | 115 | } |
| 115 | else | 116 | else |
| @@ -118,17 +119,17 @@ else | |||
| 118 | # make sure to do 'D' first, not 'B', else we clash with | 119 | # make sure to do 'D' first, not 'B', else we clash with |
| 119 | # the last add from the previous round. | 120 | # the last add from the previous round. |
| 120 | 121 | ||
| 121 | &lea($a,&DWP($t,$a,$tmp2,1)); | 122 | &lea($a,&DWP($t,$a,$tmp2,1)); |
| 122 | 123 | ||
| 123 | &add($b,$c); # MOVED FORWARD | 124 | &add($b,$c); # MOVED FORWARD |
| 124 | &xor($tmp1,$d); # H function - part 2 | 125 | &xor($tmp1,$d); # H function - part 2 |
| 125 | 126 | ||
| 126 | &xor($tmp1,$b); # H function - part 3 | 127 | &xor($tmp1,$b); # H function - part 3 |
| 127 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); | 128 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if ($pos != 2); |
| 128 | 129 | ||
| 129 | &add($a,$tmp1); | 130 | &add($a,$tmp1); |
| 130 | &mov($tmp1,&Np($c)) if $pos < 1; # H function - part 1 | 131 | &mov($tmp1,&Np($c)) if $pos < 1; # H function - part 1 |
| 131 | &mov($tmp1,-1) if $pos == 1; # I function - part 1 | 132 | &mov($tmp1,-1) if $pos == 1; # I function - part 1 |
| 132 | 133 | ||
| 133 | &rotl($a,$s); | 134 | &rotl($a,$s); |
| 134 | 135 | ||
| @@ -146,21 +147,21 @@ sub R3 | |||
| 146 | &xor($tmp1,$d) if $pos < 0; # I function - part 2 | 147 | &xor($tmp1,$d) if $pos < 0; # I function - part 2 |
| 147 | 148 | ||
| 148 | &or($tmp1,$b); # I function - part 3 | 149 | &or($tmp1,$b); # I function - part 3 |
| 149 | &lea($a,&DWP($t,$a,$tmp2,1)); | 150 | &lea($a,&DWP($t,$a,$tmp2,1)); |
| 150 | 151 | ||
| 151 | &xor($tmp1,$c); # I function - part 4 | 152 | &xor($tmp1,$c); # I function - part 4 |
| 152 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if $pos != 2; # load X/k value | 153 | &mov($tmp2,&DWP($xo[$ki+1]*4,$K,"",0)) if $pos != 2; # load X/k value |
| 153 | &mov($tmp2,&wparam(0)) if $pos == 2; | 154 | &mov($tmp2,&wparam(0)) if $pos == 2; |
| 154 | 155 | ||
| 155 | &add($a,$tmp1); | 156 | &add($a,$tmp1); |
| 156 | &mov($tmp1,-1) if $pos < 1; # H function - part 1 | 157 | &mov($tmp1,-1) if $pos < 1; # H function - part 1 |
| 157 | &add($K,64) if $pos >=1 && !$normal; | 158 | &add($K,64) if $pos >=1 && !$normal; |
| 158 | 159 | ||
| 159 | &rotl($a,$s); | 160 | &rotl($a,$s); |
| 160 | 161 | ||
| 161 | &xor($tmp1,&Np($d)) if $pos <= 0; # I function - part = first time | 162 | &xor($tmp1,&Np($d)) if $pos <= 0; # I function - part = first time |
| 162 | &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0; | 163 | &mov($tmp1,&DWP( 0,$tmp2,"",0)) if $pos > 0; |
| 163 | &add($a,$b); | 164 | &add($a,$b); |
| 164 | } | 165 | } |
| 165 | 166 | ||
| 166 | 167 | ||
| @@ -182,6 +183,7 @@ sub md5_block | |||
| 182 | &mov($X, &wparam(1)); # esi | 183 | &mov($X, &wparam(1)); # esi |
| 183 | &mov($C, &wparam(2)); | 184 | &mov($C, &wparam(2)); |
| 184 | &push("ebp"); | 185 | &push("ebp"); |
| 186 | &shl($C, 6); | ||
| 185 | &push("ebx"); | 187 | &push("ebx"); |
| 186 | &add($C, $X); # offset we end at | 188 | &add($C, $X); # offset we end at |
| 187 | &sub($C, 64); | 189 | &sub($C, 64); |
diff --git a/src/lib/libcrypto/md5/md5.h b/src/lib/libcrypto/md5/md5.h index 357c6c625d..52cb753e6a 100644 --- a/src/lib/libcrypto/md5/md5.h +++ b/src/lib/libcrypto/md5/md5.h | |||
| @@ -63,35 +63,50 @@ | |||
| 63 | extern "C" { | 63 | extern "C" { |
| 64 | #endif | 64 | #endif |
| 65 | 65 | ||
| 66 | #ifdef OPENSSL_NO_MD5 | ||
| 67 | #error MD5 is disabled. | ||
| 68 | #endif | ||
| 69 | |||
| 70 | /* | ||
| 71 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| 72 | * ! MD5_LONG has to be at least 32 bits wide. If it's wider, then ! | ||
| 73 | * ! MD5_LONG_LOG2 has to be defined along. ! | ||
| 74 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| 75 | */ | ||
| 76 | |||
| 77 | #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) | ||
| 78 | #define MD5_LONG unsigned long | ||
| 79 | #elif defined(OENSSL_SYS_CRAY) || defined(__ILP64__) | ||
| 80 | #define MD5_LONG unsigned long | ||
| 81 | #define MD5_LONG_LOG2 3 | ||
| 82 | /* | ||
| 83 | * _CRAY note. I could declare short, but I have no idea what impact | ||
| 84 | * does it have on performance on none-T3E machines. I could declare | ||
| 85 | * int, but at least on C90 sizeof(int) can be chosen at compile time. | ||
| 86 | * So I've chosen long... | ||
| 87 | * <appro@fy.chalmers.se> | ||
| 88 | */ | ||
| 89 | #else | ||
| 90 | #define MD5_LONG unsigned int | ||
| 91 | #endif | ||
| 92 | |||
| 66 | #define MD5_CBLOCK 64 | 93 | #define MD5_CBLOCK 64 |
| 67 | #define MD5_LBLOCK 16 | 94 | #define MD5_LBLOCK (MD5_CBLOCK/4) |
| 68 | #define MD5_BLOCK 16 | ||
| 69 | #define MD5_LAST_BLOCK 56 | ||
| 70 | #define MD5_LENGTH_BLOCK 8 | ||
| 71 | #define MD5_DIGEST_LENGTH 16 | 95 | #define MD5_DIGEST_LENGTH 16 |
| 72 | 96 | ||
| 73 | typedef struct MD5state_st | 97 | typedef struct MD5state_st |
| 74 | { | 98 | { |
| 75 | unsigned long A,B,C,D; | 99 | MD5_LONG A,B,C,D; |
| 76 | unsigned long Nl,Nh; | 100 | MD5_LONG Nl,Nh; |
| 77 | unsigned long data[MD5_LBLOCK]; | 101 | MD5_LONG data[MD5_LBLOCK]; |
| 78 | int num; | 102 | int num; |
| 79 | } MD5_CTX; | 103 | } MD5_CTX; |
| 80 | 104 | ||
| 81 | #ifndef NOPROTO | 105 | int MD5_Init(MD5_CTX *c); |
| 82 | void MD5_Init(MD5_CTX *c); | 106 | int MD5_Update(MD5_CTX *c, const void *data, unsigned long len); |
| 83 | void MD5_Update(MD5_CTX *c, unsigned char *data, unsigned long len); | 107 | int MD5_Final(unsigned char *md, MD5_CTX *c); |
| 84 | void MD5_Final(unsigned char *md, MD5_CTX *c); | 108 | unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md); |
| 85 | unsigned char *MD5(unsigned char *d, unsigned long n, unsigned char *md); | 109 | void MD5_Transform(MD5_CTX *c, const unsigned char *b); |
| 86 | void MD5_Transform(MD5_CTX *c, unsigned char *b); | ||
| 87 | #else | ||
| 88 | void MD5_Init(); | ||
| 89 | void MD5_Update(); | ||
| 90 | void MD5_Final(); | ||
| 91 | unsigned char *MD5(); | ||
| 92 | void MD5_Transform(); | ||
| 93 | #endif | ||
| 94 | |||
| 95 | #ifdef __cplusplus | 110 | #ifdef __cplusplus |
| 96 | } | 111 | } |
| 97 | #endif | 112 | #endif |
diff --git a/src/lib/libcrypto/md5/md5_dgst.c b/src/lib/libcrypto/md5/md5_dgst.c index 43b3498d92..c38a3f021e 100644 --- a/src/lib/libcrypto/md5/md5_dgst.c +++ b/src/lib/libcrypto/md5/md5_dgst.c | |||
| @@ -58,8 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "md5_locl.h" | 60 | #include "md5_locl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *MD5_version="MD5 part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *MD5_version="MD5" OPENSSL_VERSION_PTEXT; |
| 63 | 64 | ||
| 64 | /* Implemented from RFC1321 The MD5 Message-Digest Algorithm | 65 | /* Implemented from RFC1321 The MD5 Message-Digest Algorithm |
| 65 | */ | 66 | */ |
| @@ -69,24 +70,7 @@ char *MD5_version="MD5 part of SSLeay 0.9.0b 29-Jun-1998"; | |||
| 69 | #define INIT_DATA_C (unsigned long)0x98badcfeL | 70 | #define INIT_DATA_C (unsigned long)0x98badcfeL |
| 70 | #define INIT_DATA_D (unsigned long)0x10325476L | 71 | #define INIT_DATA_D (unsigned long)0x10325476L |
| 71 | 72 | ||
| 72 | #ifndef NOPROTO | 73 | int MD5_Init(MD5_CTX *c) |
| 73 | # ifdef MD5_ASM | ||
| 74 | void md5_block_x86(MD5_CTX *c, unsigned long *p,int num); | ||
| 75 | # define md5_block md5_block_x86 | ||
| 76 | # else | ||
| 77 | static void md5_block(MD5_CTX *c, unsigned long *p,int num); | ||
| 78 | # endif | ||
| 79 | #else | ||
| 80 | # ifdef MD5_ASM | ||
| 81 | void md5_block_x86(); | ||
| 82 | # define md5_block md5_block_x86 | ||
| 83 | # else | ||
| 84 | static void md5_block(); | ||
| 85 | # endif | ||
| 86 | #endif | ||
| 87 | |||
| 88 | void MD5_Init(c) | ||
| 89 | MD5_CTX *c; | ||
| 90 | { | 74 | { |
| 91 | c->A=INIT_DATA_A; | 75 | c->A=INIT_DATA_A; |
| 92 | c->B=INIT_DATA_B; | 76 | c->B=INIT_DATA_B; |
| @@ -95,192 +79,35 @@ MD5_CTX *c; | |||
| 95 | c->Nl=0; | 79 | c->Nl=0; |
| 96 | c->Nh=0; | 80 | c->Nh=0; |
| 97 | c->num=0; | 81 | c->num=0; |
| 82 | return 1; | ||
| 98 | } | 83 | } |
| 99 | 84 | ||
| 100 | void MD5_Update(c, data, len) | 85 | #ifndef md5_block_host_order |
| 101 | MD5_CTX *c; | 86 | void md5_block_host_order (MD5_CTX *c, const void *data, int num) |
| 102 | register unsigned char *data; | ||
| 103 | unsigned long len; | ||
| 104 | { | ||
| 105 | register ULONG *p; | ||
| 106 | int sw,sc; | ||
| 107 | ULONG l; | ||
| 108 | |||
| 109 | if (len == 0) return; | ||
| 110 | |||
| 111 | l=(c->Nl+(len<<3))&0xffffffffL; | ||
| 112 | /* 95-05-24 eay Fixed a bug with the overflow handling, thanks to | ||
| 113 | * Wei Dai <weidai@eskimo.com> for pointing it out. */ | ||
| 114 | if (l < c->Nl) /* overflow */ | ||
| 115 | c->Nh++; | ||
| 116 | c->Nh+=(len>>29); | ||
| 117 | c->Nl=l; | ||
| 118 | |||
| 119 | if (c->num != 0) | ||
| 120 | { | ||
| 121 | p=c->data; | ||
| 122 | sw=c->num>>2; | ||
| 123 | sc=c->num&0x03; | ||
| 124 | |||
| 125 | if ((c->num+len) >= MD5_CBLOCK) | ||
| 126 | { | ||
| 127 | l= p[sw]; | ||
| 128 | p_c2l(data,l,sc); | ||
| 129 | p[sw++]=l; | ||
| 130 | for (; sw<MD5_LBLOCK; sw++) | ||
| 131 | { | ||
| 132 | c2l(data,l); | ||
| 133 | p[sw]=l; | ||
| 134 | } | ||
| 135 | len-=(MD5_CBLOCK-c->num); | ||
| 136 | |||
| 137 | md5_block(c,p,64); | ||
| 138 | c->num=0; | ||
| 139 | /* drop through and do the rest */ | ||
| 140 | } | ||
| 141 | else | ||
| 142 | { | ||
| 143 | int ew,ec; | ||
| 144 | |||
| 145 | c->num+=(int)len; | ||
| 146 | if ((sc+len) < 4) /* ugly, add char's to a word */ | ||
| 147 | { | ||
| 148 | l= p[sw]; | ||
| 149 | p_c2l_p(data,l,sc,len); | ||
| 150 | p[sw]=l; | ||
| 151 | } | ||
| 152 | else | ||
| 153 | { | ||
| 154 | ew=(c->num>>2); | ||
| 155 | ec=(c->num&0x03); | ||
| 156 | l= p[sw]; | ||
| 157 | p_c2l(data,l,sc); | ||
| 158 | p[sw++]=l; | ||
| 159 | for (; sw < ew; sw++) | ||
| 160 | { c2l(data,l); p[sw]=l; } | ||
| 161 | if (ec) | ||
| 162 | { | ||
| 163 | c2l_p(data,l,ec); | ||
| 164 | p[sw]=l; | ||
| 165 | } | ||
| 166 | } | ||
| 167 | return; | ||
| 168 | } | ||
| 169 | } | ||
| 170 | /* we now can process the input data in blocks of MD5_CBLOCK | ||
| 171 | * chars and save the leftovers to c->data. */ | ||
| 172 | #ifdef L_ENDIAN | ||
| 173 | if ((((unsigned long)data)%sizeof(ULONG)) == 0) | ||
| 174 | { | ||
| 175 | sw=(int)len/MD5_CBLOCK; | ||
| 176 | if (sw > 0) | ||
| 177 | { | ||
| 178 | sw*=MD5_CBLOCK; | ||
| 179 | md5_block(c,(ULONG *)data,sw); | ||
| 180 | data+=sw; | ||
| 181 | len-=sw; | ||
| 182 | } | ||
| 183 | } | ||
| 184 | #endif | ||
| 185 | p=c->data; | ||
| 186 | while (len >= MD5_CBLOCK) | ||
| 187 | { | ||
| 188 | #if defined(L_ENDIAN) || defined(B_ENDIAN) | ||
| 189 | if (p != (unsigned long *)data) | ||
| 190 | memcpy(p,data,MD5_CBLOCK); | ||
| 191 | data+=MD5_CBLOCK; | ||
| 192 | #ifdef B_ENDIAN | ||
| 193 | for (sw=(MD5_LBLOCK/4); sw; sw--) | ||
| 194 | { | ||
| 195 | Endian_Reverse32(p[0]); | ||
| 196 | Endian_Reverse32(p[1]); | ||
| 197 | Endian_Reverse32(p[2]); | ||
| 198 | Endian_Reverse32(p[3]); | ||
| 199 | p+=4; | ||
| 200 | } | ||
| 201 | #endif | ||
| 202 | #else | ||
| 203 | for (sw=(MD5_LBLOCK/4); sw; sw--) | ||
| 204 | { | ||
| 205 | c2l(data,l); *(p++)=l; | ||
| 206 | c2l(data,l); *(p++)=l; | ||
| 207 | c2l(data,l); *(p++)=l; | ||
| 208 | c2l(data,l); *(p++)=l; | ||
| 209 | } | ||
| 210 | #endif | ||
| 211 | p=c->data; | ||
| 212 | md5_block(c,p,64); | ||
| 213 | len-=MD5_CBLOCK; | ||
| 214 | } | ||
| 215 | sc=(int)len; | ||
| 216 | c->num=sc; | ||
| 217 | if (sc) | ||
| 218 | { | ||
| 219 | sw=sc>>2; /* words to copy */ | ||
| 220 | #ifdef L_ENDIAN | ||
| 221 | p[sw]=0; | ||
| 222 | memcpy(p,data,sc); | ||
| 223 | #else | ||
| 224 | sc&=0x03; | ||
| 225 | for ( ; sw; sw--) | ||
| 226 | { c2l(data,l); *(p++)=l; } | ||
| 227 | c2l_p(data,l,sc); | ||
| 228 | *p=l; | ||
| 229 | #endif | ||
| 230 | } | ||
| 231 | } | ||
| 232 | |||
| 233 | void MD5_Transform(c,b) | ||
| 234 | MD5_CTX *c; | ||
| 235 | unsigned char *b; | ||
| 236 | { | ||
| 237 | ULONG p[16]; | ||
| 238 | #if !defined(L_ENDIAN) | ||
| 239 | ULONG *q; | ||
| 240 | int i; | ||
| 241 | #endif | ||
| 242 | |||
| 243 | #if defined(B_ENDIAN) || defined(L_ENDIAN) | ||
| 244 | memcpy(p,b,64); | ||
| 245 | #ifdef B_ENDIAN | ||
| 246 | q=p; | ||
| 247 | for (i=(MD5_LBLOCK/4); i; i--) | ||
| 248 | { | ||
| 249 | Endian_Reverse32(q[0]); | ||
| 250 | Endian_Reverse32(q[1]); | ||
| 251 | Endian_Reverse32(q[2]); | ||
| 252 | Endian_Reverse32(q[3]); | ||
| 253 | q+=4; | ||
| 254 | } | ||
| 255 | #endif | ||
| 256 | #else | ||
| 257 | q=p; | ||
| 258 | for (i=(MD5_LBLOCK/4); i; i--) | ||
| 259 | { | ||
| 260 | ULONG l; | ||
| 261 | c2l(b,l); *(q++)=l; | ||
| 262 | c2l(b,l); *(q++)=l; | ||
| 263 | c2l(b,l); *(q++)=l; | ||
| 264 | c2l(b,l); *(q++)=l; | ||
| 265 | } | ||
| 266 | #endif | ||
| 267 | md5_block(c,p,64); | ||
| 268 | } | ||
| 269 | |||
| 270 | #ifndef MD5_ASM | ||
| 271 | |||
| 272 | static void md5_block(c, X, num) | ||
| 273 | MD5_CTX *c; | ||
| 274 | register ULONG *X; | ||
| 275 | int num; | ||
| 276 | { | 87 | { |
| 277 | register ULONG A,B,C,D; | 88 | const MD5_LONG *X=data; |
| 89 | register unsigned long A,B,C,D; | ||
| 90 | /* | ||
| 91 | * In case you wonder why A-D are declared as long and not | ||
| 92 | * as MD5_LONG. Doing so results in slight performance | ||
| 93 | * boost on LP64 architectures. The catch is we don't | ||
| 94 | * really care if 32 MSBs of a 64-bit register get polluted | ||
| 95 | * with eventual overflows as we *save* only 32 LSBs in | ||
| 96 | * *either* case. Now declaring 'em long excuses the compiler | ||
| 97 | * from keeping 32 MSBs zeroed resulting in 13% performance | ||
| 98 | * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. | ||
| 99 | * Well, to be honest it should say that this *prevents* | ||
| 100 | * performance degradation. | ||
| 101 | * | ||
| 102 | * <appro@fy.chalmers.se> | ||
| 103 | */ | ||
| 278 | 104 | ||
| 279 | A=c->A; | 105 | A=c->A; |
| 280 | B=c->B; | 106 | B=c->B; |
| 281 | C=c->C; | 107 | C=c->C; |
| 282 | D=c->D; | 108 | D=c->D; |
| 283 | for (;;) | 109 | |
| 110 | for (;num--;X+=HASH_LBLOCK) | ||
| 284 | { | 111 | { |
| 285 | /* Round 0 */ | 112 | /* Round 0 */ |
| 286 | R0(A,B,C,D,X[ 0], 7,0xd76aa478L); | 113 | R0(A,B,C,D,X[ 0], 7,0xd76aa478L); |
| @@ -351,80 +178,133 @@ int num; | |||
| 351 | R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); | 178 | R3(C,D,A,B,X[ 2],15,0x2ad7d2bbL); |
| 352 | R3(B,C,D,A,X[ 9],21,0xeb86d391L); | 179 | R3(B,C,D,A,X[ 9],21,0xeb86d391L); |
| 353 | 180 | ||
| 354 | A+=c->A&0xffffffffL; | 181 | A = c->A += A; |
| 355 | B+=c->B&0xffffffffL; | 182 | B = c->B += B; |
| 356 | c->A=A; | 183 | C = c->C += C; |
| 357 | c->B=B; | 184 | D = c->D += D; |
| 358 | C+=c->C&0xffffffffL; | ||
| 359 | D+=c->D&0xffffffffL; | ||
| 360 | c->C=C; | ||
| 361 | c->D=D; | ||
| 362 | X+=16; | ||
| 363 | num-=64; | ||
| 364 | if (num <= 0) break; | ||
| 365 | } | 185 | } |
| 366 | } | 186 | } |
| 367 | #endif | 187 | #endif |
| 368 | 188 | ||
| 369 | void MD5_Final(md, c) | 189 | #ifndef md5_block_data_order |
| 370 | unsigned char *md; | 190 | #ifdef X |
| 371 | MD5_CTX *c; | 191 | #undef X |
| 192 | #endif | ||
| 193 | void md5_block_data_order (MD5_CTX *c, const void *data_, int num) | ||
| 372 | { | 194 | { |
| 373 | register int i,j; | 195 | const unsigned char *data=data_; |
| 374 | register ULONG l; | 196 | register unsigned long A,B,C,D,l; |
| 375 | register ULONG *p; | 197 | /* |
| 376 | static unsigned char end[4]={0x80,0x00,0x00,0x00}; | 198 | * In case you wonder why A-D are declared as long and not |
| 377 | unsigned char *cp=end; | 199 | * as MD5_LONG. Doing so results in slight performance |
| 200 | * boost on LP64 architectures. The catch is we don't | ||
| 201 | * really care if 32 MSBs of a 64-bit register get polluted | ||
| 202 | * with eventual overflows as we *save* only 32 LSBs in | ||
| 203 | * *either* case. Now declaring 'em long excuses the compiler | ||
| 204 | * from keeping 32 MSBs zeroed resulting in 13% performance | ||
| 205 | * improvement under SPARC Solaris7/64 and 5% under AlphaLinux. | ||
| 206 | * Well, to be honest it should say that this *prevents* | ||
| 207 | * performance degradation. | ||
| 208 | * | ||
| 209 | * <appro@fy.chalmers.se> | ||
| 210 | */ | ||
| 211 | #ifndef MD32_XARRAY | ||
| 212 | /* See comment in crypto/sha/sha_locl.h for details. */ | ||
| 213 | unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | ||
| 214 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | ||
| 215 | # define X(i) XX##i | ||
| 216 | #else | ||
| 217 | MD5_LONG XX[MD5_LBLOCK]; | ||
| 218 | # define X(i) XX[i] | ||
| 219 | #endif | ||
| 378 | 220 | ||
| 379 | /* c->num should definitly have room for at least one more byte. */ | 221 | A=c->A; |
| 380 | p=c->data; | 222 | B=c->B; |
| 381 | j=c->num; | 223 | C=c->C; |
| 382 | i=j>>2; | 224 | D=c->D; |
| 383 | 225 | ||
| 384 | /* purify often complains about the following line as an | 226 | for (;num--;) |
| 385 | * Uninitialized Memory Read. While this can be true, the | ||
| 386 | * following p_c2l macro will reset l when that case is true. | ||
| 387 | * This is because j&0x03 contains the number of 'valid' bytes | ||
| 388 | * already in p[i]. If and only if j&0x03 == 0, the UMR will | ||
| 389 | * occur but this is also the only time p_c2l will do | ||
| 390 | * l= *(cp++) instead of l|= *(cp++) | ||
| 391 | * Many thanks to Alex Tang <altitude@cic.net> for pickup this | ||
| 392 | * 'potential bug' */ | ||
| 393 | #ifdef PURIFY | ||
| 394 | if ((j&0x03) == 0) p[i]=0; | ||
| 395 | #endif | ||
| 396 | l=p[i]; | ||
| 397 | p_c2l(cp,l,j&0x03); | ||
| 398 | p[i]=l; | ||
| 399 | i++; | ||
| 400 | /* i is the next 'undefined word' */ | ||
| 401 | if (c->num >= MD5_LAST_BLOCK) | ||
| 402 | { | 227 | { |
| 403 | for (; i<MD5_LBLOCK; i++) | 228 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; |
| 404 | p[i]=0; | 229 | /* Round 0 */ |
| 405 | md5_block(c,p,64); | 230 | R0(A,B,C,D,X( 0), 7,0xd76aa478L); HOST_c2l(data,l); X( 2)=l; |
| 406 | i=0; | 231 | R0(D,A,B,C,X( 1),12,0xe8c7b756L); HOST_c2l(data,l); X( 3)=l; |
| 407 | } | 232 | R0(C,D,A,B,X( 2),17,0x242070dbL); HOST_c2l(data,l); X( 4)=l; |
| 408 | for (; i<(MD5_LBLOCK-2); i++) | 233 | R0(B,C,D,A,X( 3),22,0xc1bdceeeL); HOST_c2l(data,l); X( 5)=l; |
| 409 | p[i]=0; | 234 | R0(A,B,C,D,X( 4), 7,0xf57c0fafL); HOST_c2l(data,l); X( 6)=l; |
| 410 | p[MD5_LBLOCK-2]=c->Nl; | 235 | R0(D,A,B,C,X( 5),12,0x4787c62aL); HOST_c2l(data,l); X( 7)=l; |
| 411 | p[MD5_LBLOCK-1]=c->Nh; | 236 | R0(C,D,A,B,X( 6),17,0xa8304613L); HOST_c2l(data,l); X( 8)=l; |
| 412 | md5_block(c,p,64); | 237 | R0(B,C,D,A,X( 7),22,0xfd469501L); HOST_c2l(data,l); X( 9)=l; |
| 413 | cp=md; | 238 | R0(A,B,C,D,X( 8), 7,0x698098d8L); HOST_c2l(data,l); X(10)=l; |
| 414 | l=c->A; l2c(l,cp); | 239 | R0(D,A,B,C,X( 9),12,0x8b44f7afL); HOST_c2l(data,l); X(11)=l; |
| 415 | l=c->B; l2c(l,cp); | 240 | R0(C,D,A,B,X(10),17,0xffff5bb1L); HOST_c2l(data,l); X(12)=l; |
| 416 | l=c->C; l2c(l,cp); | 241 | R0(B,C,D,A,X(11),22,0x895cd7beL); HOST_c2l(data,l); X(13)=l; |
| 417 | l=c->D; l2c(l,cp); | 242 | R0(A,B,C,D,X(12), 7,0x6b901122L); HOST_c2l(data,l); X(14)=l; |
| 243 | R0(D,A,B,C,X(13),12,0xfd987193L); HOST_c2l(data,l); X(15)=l; | ||
| 244 | R0(C,D,A,B,X(14),17,0xa679438eL); | ||
| 245 | R0(B,C,D,A,X(15),22,0x49b40821L); | ||
| 246 | /* Round 1 */ | ||
| 247 | R1(A,B,C,D,X( 1), 5,0xf61e2562L); | ||
| 248 | R1(D,A,B,C,X( 6), 9,0xc040b340L); | ||
| 249 | R1(C,D,A,B,X(11),14,0x265e5a51L); | ||
| 250 | R1(B,C,D,A,X( 0),20,0xe9b6c7aaL); | ||
| 251 | R1(A,B,C,D,X( 5), 5,0xd62f105dL); | ||
| 252 | R1(D,A,B,C,X(10), 9,0x02441453L); | ||
| 253 | R1(C,D,A,B,X(15),14,0xd8a1e681L); | ||
| 254 | R1(B,C,D,A,X( 4),20,0xe7d3fbc8L); | ||
| 255 | R1(A,B,C,D,X( 9), 5,0x21e1cde6L); | ||
| 256 | R1(D,A,B,C,X(14), 9,0xc33707d6L); | ||
| 257 | R1(C,D,A,B,X( 3),14,0xf4d50d87L); | ||
| 258 | R1(B,C,D,A,X( 8),20,0x455a14edL); | ||
| 259 | R1(A,B,C,D,X(13), 5,0xa9e3e905L); | ||
| 260 | R1(D,A,B,C,X( 2), 9,0xfcefa3f8L); | ||
| 261 | R1(C,D,A,B,X( 7),14,0x676f02d9L); | ||
| 262 | R1(B,C,D,A,X(12),20,0x8d2a4c8aL); | ||
| 263 | /* Round 2 */ | ||
| 264 | R2(A,B,C,D,X( 5), 4,0xfffa3942L); | ||
| 265 | R2(D,A,B,C,X( 8),11,0x8771f681L); | ||
| 266 | R2(C,D,A,B,X(11),16,0x6d9d6122L); | ||
| 267 | R2(B,C,D,A,X(14),23,0xfde5380cL); | ||
| 268 | R2(A,B,C,D,X( 1), 4,0xa4beea44L); | ||
| 269 | R2(D,A,B,C,X( 4),11,0x4bdecfa9L); | ||
| 270 | R2(C,D,A,B,X( 7),16,0xf6bb4b60L); | ||
| 271 | R2(B,C,D,A,X(10),23,0xbebfbc70L); | ||
| 272 | R2(A,B,C,D,X(13), 4,0x289b7ec6L); | ||
| 273 | R2(D,A,B,C,X( 0),11,0xeaa127faL); | ||
| 274 | R2(C,D,A,B,X( 3),16,0xd4ef3085L); | ||
| 275 | R2(B,C,D,A,X( 6),23,0x04881d05L); | ||
| 276 | R2(A,B,C,D,X( 9), 4,0xd9d4d039L); | ||
| 277 | R2(D,A,B,C,X(12),11,0xe6db99e5L); | ||
| 278 | R2(C,D,A,B,X(15),16,0x1fa27cf8L); | ||
| 279 | R2(B,C,D,A,X( 2),23,0xc4ac5665L); | ||
| 280 | /* Round 3 */ | ||
| 281 | R3(A,B,C,D,X( 0), 6,0xf4292244L); | ||
| 282 | R3(D,A,B,C,X( 7),10,0x432aff97L); | ||
| 283 | R3(C,D,A,B,X(14),15,0xab9423a7L); | ||
| 284 | R3(B,C,D,A,X( 5),21,0xfc93a039L); | ||
| 285 | R3(A,B,C,D,X(12), 6,0x655b59c3L); | ||
| 286 | R3(D,A,B,C,X( 3),10,0x8f0ccc92L); | ||
| 287 | R3(C,D,A,B,X(10),15,0xffeff47dL); | ||
| 288 | R3(B,C,D,A,X( 1),21,0x85845dd1L); | ||
| 289 | R3(A,B,C,D,X( 8), 6,0x6fa87e4fL); | ||
| 290 | R3(D,A,B,C,X(15),10,0xfe2ce6e0L); | ||
| 291 | R3(C,D,A,B,X( 6),15,0xa3014314L); | ||
| 292 | R3(B,C,D,A,X(13),21,0x4e0811a1L); | ||
| 293 | R3(A,B,C,D,X( 4), 6,0xf7537e82L); | ||
| 294 | R3(D,A,B,C,X(11),10,0xbd3af235L); | ||
| 295 | R3(C,D,A,B,X( 2),15,0x2ad7d2bbL); | ||
| 296 | R3(B,C,D,A,X( 9),21,0xeb86d391L); | ||
| 418 | 297 | ||
| 419 | /* clear stuff, md5_block may be leaving some stuff on the stack | 298 | A = c->A += A; |
| 420 | * but I'm not worried :-) */ | 299 | B = c->B += B; |
| 421 | c->num=0; | 300 | C = c->C += C; |
| 422 | /* memset((char *)&c,0,sizeof(c));*/ | 301 | D = c->D += D; |
| 302 | } | ||
| 423 | } | 303 | } |
| 304 | #endif | ||
| 424 | 305 | ||
| 425 | #ifdef undef | 306 | #ifdef undef |
| 426 | int printit(l) | 307 | int printit(unsigned long *l) |
| 427 | unsigned long *l; | ||
| 428 | { | 308 | { |
| 429 | int i,ii; | 309 | int i,ii; |
| 430 | 310 | ||
diff --git a/src/lib/libcrypto/md5/md5_locl.h b/src/lib/libcrypto/md5/md5_locl.h index dbbe1b71ca..34c5257306 100644 --- a/src/lib/libcrypto/md5/md5_locl.h +++ b/src/lib/libcrypto/md5/md5_locl.h | |||
| @@ -56,109 +56,94 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* On sparc, this actually slows things down :-( */ | ||
| 60 | #if defined(sun) | ||
| 61 | #undef B_ENDIAN | ||
| 62 | #endif | ||
| 63 | |||
| 64 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 65 | #include <string.h> | 60 | #include <string.h> |
| 66 | #include "md5.h" | 61 | #include <openssl/opensslconf.h> |
| 67 | 62 | #include <openssl/md5.h> | |
| 68 | #define ULONG unsigned long | ||
| 69 | #define UCHAR unsigned char | ||
| 70 | #define UINT unsigned int | ||
| 71 | 63 | ||
| 72 | #if defined(NOCONST) | 64 | #ifndef MD5_LONG_LOG2 |
| 73 | #define const | 65 | #define MD5_LONG_LOG2 2 /* default to 32 bits */ |
| 74 | #endif | 66 | #endif |
| 75 | 67 | ||
| 76 | #undef c2l | 68 | #ifdef MD5_ASM |
| 77 | #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ | 69 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) |
| 78 | l|=(((unsigned long)(*((c)++)))<< 8), \ | 70 | # define md5_block_host_order md5_block_asm_host_order |
| 79 | l|=(((unsigned long)(*((c)++)))<<16), \ | 71 | # elif defined(__sparc) && defined(OPENSSL_SYS_ULTRASPARC) |
| 80 | l|=(((unsigned long)(*((c)++)))<<24)) | 72 | void md5_block_asm_data_order_aligned (MD5_CTX *c, const MD5_LONG *p,int num); |
| 81 | 73 | # define HASH_BLOCK_DATA_ORDER_ALIGNED md5_block_asm_data_order_aligned | |
| 82 | #undef p_c2l | 74 | # endif |
| 83 | #define p_c2l(c,l,n) { \ | 75 | #endif |
| 84 | switch (n) { \ | ||
| 85 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 86 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 87 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 88 | case 3: l|=((unsigned long)(*((c)++)))<<24; \ | ||
| 89 | } \ | ||
| 90 | } | ||
| 91 | 76 | ||
| 92 | /* NOTE the pointer is not incremented at the end of this */ | 77 | void md5_block_host_order (MD5_CTX *c, const void *p,int num); |
| 93 | #undef c2l_p | 78 | void md5_block_data_order (MD5_CTX *c, const void *p,int num); |
| 94 | #define c2l_p(c,l,n) { \ | ||
| 95 | l=0; \ | ||
| 96 | (c)+=n; \ | ||
| 97 | switch (n) { \ | ||
| 98 | case 3: l =((unsigned long)(*(--(c))))<<16; \ | ||
| 99 | case 2: l|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 100 | case 1: l|=((unsigned long)(*(--(c)))) ; \ | ||
| 101 | } \ | ||
| 102 | } | ||
| 103 | 79 | ||
| 104 | #undef p_c2l_p | 80 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) |
| 105 | #define p_c2l_p(c,l,sc,len) { \ | 81 | /* |
| 106 | switch (sc) \ | 82 | * *_block_host_order is expected to handle aligned data while |
| 107 | { \ | 83 | * *_block_data_order - unaligned. As algorithm and host (x86) |
| 108 | case 0: l =((unsigned long)(*((c)++))); \ | 84 | * are in this case of the same "endianness" these two are |
| 109 | if (--len == 0) break; \ | 85 | * otherwise indistinguishable. But normally you don't want to |
| 110 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | 86 | * call the same function because unaligned access in places |
| 111 | if (--len == 0) break; \ | 87 | * where alignment is expected is usually a "Bad Thing". Indeed, |
| 112 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | 88 | * on RISCs you get punished with BUS ERROR signal or *severe* |
| 113 | } \ | 89 | * performance degradation. Intel CPUs are in turn perfectly |
| 114 | } | 90 | * capable of loading unaligned data without such drastic side |
| 91 | * effect. Yes, they say it's slower than aligned load, but no | ||
| 92 | * exception is generated and therefore performance degradation | ||
| 93 | * is *incomparable* with RISCs. What we should weight here is | ||
| 94 | * costs of unaligned access against costs of aligning data. | ||
| 95 | * According to my measurements allowing unaligned access results | ||
| 96 | * in ~9% performance improvement on Pentium II operating at | ||
| 97 | * 266MHz. I won't be surprised if the difference will be higher | ||
| 98 | * on faster systems:-) | ||
| 99 | * | ||
| 100 | * <appro@fy.chalmers.se> | ||
| 101 | */ | ||
| 102 | #define md5_block_data_order md5_block_host_order | ||
| 103 | #endif | ||
| 115 | 104 | ||
| 116 | #undef l2c | 105 | #define DATA_ORDER_IS_LITTLE_ENDIAN |
| 117 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | 106 | |
| 118 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 107 | #define HASH_LONG MD5_LONG |
| 119 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 108 | #define HASH_LONG_LOG2 MD5_LONG_LOG2 |
| 120 | *((c)++)=(unsigned char)(((l)>>24)&0xff)) | 109 | #define HASH_CTX MD5_CTX |
| 110 | #define HASH_CBLOCK MD5_CBLOCK | ||
| 111 | #define HASH_LBLOCK MD5_LBLOCK | ||
| 112 | #define HASH_UPDATE MD5_Update | ||
| 113 | #define HASH_TRANSFORM MD5_Transform | ||
| 114 | #define HASH_FINAL MD5_Final | ||
| 115 | #define HASH_MAKE_STRING(c,s) do { \ | ||
| 116 | unsigned long ll; \ | ||
| 117 | ll=(c)->A; HOST_l2c(ll,(s)); \ | ||
| 118 | ll=(c)->B; HOST_l2c(ll,(s)); \ | ||
| 119 | ll=(c)->C; HOST_l2c(ll,(s)); \ | ||
| 120 | ll=(c)->D; HOST_l2c(ll,(s)); \ | ||
| 121 | } while (0) | ||
| 122 | #define HASH_BLOCK_HOST_ORDER md5_block_host_order | ||
| 123 | #if !defined(L_ENDIAN) || defined(md5_block_data_order) | ||
| 124 | #define HASH_BLOCK_DATA_ORDER md5_block_data_order | ||
| 125 | /* | ||
| 126 | * Little-endians (Intel and Alpha) feel better without this. | ||
| 127 | * It looks like memcpy does better job than generic | ||
| 128 | * md5_block_data_order on copying-n-aligning input data. | ||
| 129 | * But frankly speaking I didn't expect such result on Alpha. | ||
| 130 | * On the other hand I've got this with egcs-1.0.2 and if | ||
| 131 | * program is compiled with another (better?) compiler it | ||
| 132 | * might turn out other way around. | ||
| 133 | * | ||
| 134 | * <appro@fy.chalmers.se> | ||
| 135 | */ | ||
| 136 | #endif | ||
| 121 | 137 | ||
| 122 | /* NOTE - c is not incremented as per l2c */ | 138 | #include "md32_common.h" |
| 123 | #undef l2cn | ||
| 124 | #define l2cn(l1,l2,c,n) { \ | ||
| 125 | c+=n; \ | ||
| 126 | switch (n) { \ | ||
| 127 | case 8: *(--(c))=(unsigned char)(((l2)>>24)&0xff); \ | ||
| 128 | case 7: *(--(c))=(unsigned char)(((l2)>>16)&0xff); \ | ||
| 129 | case 6: *(--(c))=(unsigned char)(((l2)>> 8)&0xff); \ | ||
| 130 | case 5: *(--(c))=(unsigned char)(((l2) )&0xff); \ | ||
| 131 | case 4: *(--(c))=(unsigned char)(((l1)>>24)&0xff); \ | ||
| 132 | case 3: *(--(c))=(unsigned char)(((l1)>>16)&0xff); \ | ||
| 133 | case 2: *(--(c))=(unsigned char)(((l1)>> 8)&0xff); \ | ||
| 134 | case 1: *(--(c))=(unsigned char)(((l1) )&0xff); \ | ||
| 135 | } \ | ||
| 136 | } | ||
| 137 | 139 | ||
| 138 | /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */ | ||
| 139 | #if defined(WIN32) | ||
| 140 | /* 5 instructions with rotate instruction, else 9 */ | ||
| 141 | #define Endian_Reverse32(a) \ | ||
| 142 | { \ | ||
| 143 | unsigned long l=(a); \ | ||
| 144 | (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ | ||
| 145 | } | ||
| 146 | #else | ||
| 147 | /* 6 instructions with rotate instruction, else 8 */ | ||
| 148 | #define Endian_Reverse32(a) \ | ||
| 149 | { \ | ||
| 150 | unsigned long l=(a); \ | ||
| 151 | l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ | ||
| 152 | (a)=ROTATE(l,16L); \ | ||
| 153 | } | ||
| 154 | #endif | ||
| 155 | /* | 140 | /* |
| 156 | #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) | 141 | #define F(x,y,z) (((x) & (y)) | ((~(x)) & (z))) |
| 157 | #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) | 142 | #define G(x,y,z) (((x) & (z)) | ((y) & (~(z)))) |
| 158 | */ | 143 | */ |
| 159 | 144 | ||
| 160 | /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be | 145 | /* As pointed out by Wei Dai <weidai@eskimo.com>, the above can be |
| 161 | * simplified to the code below. Wei attributes these optimisations | 146 | * simplified to the code below. Wei attributes these optimizations |
| 162 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. | 147 | * to Peter Gutmann's SHS code, and he attributes it to Rich Schroeppel. |
| 163 | */ | 148 | */ |
| 164 | #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) | 149 | #define F(b,c,d) ((((c) ^ (d)) & (b)) ^ (d)) |
| @@ -166,14 +151,6 @@ | |||
| 166 | #define H(b,c,d) ((b) ^ (c) ^ (d)) | 151 | #define H(b,c,d) ((b) ^ (c) ^ (d)) |
| 167 | #define I(b,c,d) (((~(d)) | (b)) ^ (c)) | 152 | #define I(b,c,d) (((~(d)) | (b)) ^ (c)) |
| 168 | 153 | ||
| 169 | #undef ROTATE | ||
| 170 | #if defined(WIN32) | ||
| 171 | #define ROTATE(a,n) _lrotl(a,n) | ||
| 172 | #else | ||
| 173 | #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) | ||
| 174 | #endif | ||
| 175 | |||
| 176 | |||
| 177 | #define R0(a,b,c,d,k,s,t) { \ | 154 | #define R0(a,b,c,d,k,s,t) { \ |
| 178 | a+=((k)+(t)+F((b),(c),(d))); \ | 155 | a+=((k)+(t)+F((b),(c),(d))); \ |
| 179 | a=ROTATE(a,s); \ | 156 | a=ROTATE(a,s); \ |
diff --git a/src/lib/libcrypto/md5/md5_one.c b/src/lib/libcrypto/md5/md5_one.c index ab6bb435f9..b89dec850d 100644 --- a/src/lib/libcrypto/md5/md5_one.c +++ b/src/lib/libcrypto/md5/md5_one.c | |||
| @@ -57,19 +57,37 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "md5_locl.h" | 60 | #include <string.h> |
| 61 | #include <openssl/md5.h> | ||
| 61 | 62 | ||
| 62 | unsigned char *MD5(d, n, md) | 63 | #ifdef CHARSET_EBCDIC |
| 63 | unsigned char *d; | 64 | #include <openssl/ebcdic.h> |
| 64 | unsigned long n; | 65 | #endif |
| 65 | unsigned char *md; | 66 | |
| 67 | unsigned char *MD5(const unsigned char *d, unsigned long n, unsigned char *md) | ||
| 66 | { | 68 | { |
| 67 | MD5_CTX c; | 69 | MD5_CTX c; |
| 68 | static unsigned char m[MD5_DIGEST_LENGTH]; | 70 | static unsigned char m[MD5_DIGEST_LENGTH]; |
| 69 | 71 | ||
| 70 | if (md == NULL) md=m; | 72 | if (md == NULL) md=m; |
| 71 | MD5_Init(&c); | 73 | MD5_Init(&c); |
| 74 | #ifndef CHARSET_EBCDIC | ||
| 72 | MD5_Update(&c,d,n); | 75 | MD5_Update(&c,d,n); |
| 76 | #else | ||
| 77 | { | ||
| 78 | char temp[1024]; | ||
| 79 | unsigned long chunk; | ||
| 80 | |||
| 81 | while (n > 0) | ||
| 82 | { | ||
| 83 | chunk = (n > sizeof(temp)) ? sizeof(temp) : n; | ||
| 84 | ebcdic2ascii(temp, d, chunk); | ||
| 85 | MD5_Update(&c,temp,chunk); | ||
| 86 | n -= chunk; | ||
| 87 | d += chunk; | ||
| 88 | } | ||
| 89 | } | ||
| 90 | #endif | ||
| 73 | MD5_Final(md,&c); | 91 | MD5_Final(md,&c); |
| 74 | memset(&c,0,sizeof(c)); /* security consideration */ | 92 | memset(&c,0,sizeof(c)); /* security consideration */ |
| 75 | return(md); | 93 | return(md); |
diff --git a/src/lib/libcrypto/mem_dbg.c b/src/lib/libcrypto/mem_dbg.c index 14770c0733..1c4e04f51f 100644 --- a/src/lib/libcrypto/mem_dbg.c +++ b/src/lib/libcrypto/mem_dbg.c | |||
| @@ -81,7 +81,8 @@ static int mh_mode=CRYPTO_MEM_CHECK_OFF; | |||
| 81 | */ | 81 | */ |
| 82 | 82 | ||
| 83 | static unsigned long order = 0; /* number of memory requests */ | 83 | static unsigned long order = 0; /* number of memory requests */ |
| 84 | static LHASH *mh=NULL; /* hash-table of memory requests (address as key) */ | 84 | static LHASH *mh=NULL; /* hash-table of memory requests (address as key); |
| 85 | * access requires MALLOC2 lock */ | ||
| 85 | 86 | ||
| 86 | 87 | ||
| 87 | typedef struct app_mem_info_st | 88 | typedef struct app_mem_info_st |
| @@ -103,12 +104,13 @@ typedef struct app_mem_info_st | |||
| 103 | 104 | ||
| 104 | static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's | 105 | static LHASH *amih=NULL; /* hash-table with those app_mem_info_st's |
| 105 | * that are at the top of their thread's stack | 106 | * that are at the top of their thread's stack |
| 106 | * (with `thread' as key) */ | 107 | * (with `thread' as key); |
| 108 | * access requires MALLOC2 lock */ | ||
| 107 | 109 | ||
| 108 | typedef struct mem_st | 110 | typedef struct mem_st |
| 109 | /* memory-block description */ | 111 | /* memory-block description */ |
| 110 | { | 112 | { |
| 111 | char *addr; | 113 | void *addr; |
| 112 | int num; | 114 | int num; |
| 113 | const char *file; | 115 | const char *file; |
| 114 | int line; | 116 | int line; |
| @@ -128,7 +130,15 @@ static long options = /* extra information to be recorded */ | |||
| 128 | 0; | 130 | 0; |
| 129 | 131 | ||
| 130 | 132 | ||
| 131 | static unsigned long disabling_thread = 0; | 133 | static unsigned int num_disable = 0; /* num_disable > 0 |
| 134 | * iff | ||
| 135 | * mh_mode == CRYPTO_MEM_CHECK_ON (w/o ..._ENABLE) | ||
| 136 | */ | ||
| 137 | static unsigned long disabling_thread = 0; /* Valid iff num_disable > 0. | ||
| 138 | * CRYPTO_LOCK_MALLOC2 is locked | ||
| 139 | * exactly in this case (by the | ||
| 140 | * thread named in disabling_thread). | ||
| 141 | */ | ||
| 132 | 142 | ||
| 133 | int CRYPTO_mem_ctrl(int mode) | 143 | int CRYPTO_mem_ctrl(int mode) |
| 134 | { | 144 | { |
| @@ -137,22 +147,23 @@ int CRYPTO_mem_ctrl(int mode) | |||
| 137 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); | 147 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); |
| 138 | switch (mode) | 148 | switch (mode) |
| 139 | { | 149 | { |
| 140 | /* for applications: */ | 150 | /* for applications (not to be called while multiple threads |
| 151 | * use the library): */ | ||
| 141 | case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ | 152 | case CRYPTO_MEM_CHECK_ON: /* aka MemCheck_start() */ |
| 142 | mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; | 153 | mh_mode = CRYPTO_MEM_CHECK_ON|CRYPTO_MEM_CHECK_ENABLE; |
| 143 | disabling_thread = 0; | 154 | num_disable = 0; |
| 144 | break; | 155 | break; |
| 145 | case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ | 156 | case CRYPTO_MEM_CHECK_OFF: /* aka MemCheck_stop() */ |
| 146 | mh_mode = 0; | 157 | mh_mode = 0; |
| 147 | disabling_thread = 0; | 158 | num_disable = 0; /* should be true *before* MemCheck_stop is used, |
| 159 | or there'll be a lot of confusion */ | ||
| 148 | break; | 160 | break; |
| 149 | 161 | ||
| 150 | /* switch off temporarily (for library-internal use): */ | 162 | /* switch off temporarily (for library-internal use): */ |
| 151 | case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ | 163 | case CRYPTO_MEM_CHECK_DISABLE: /* aka MemCheck_off() */ |
| 152 | if (mh_mode & CRYPTO_MEM_CHECK_ON) | 164 | if (mh_mode & CRYPTO_MEM_CHECK_ON) |
| 153 | { | 165 | { |
| 154 | mh_mode&= ~CRYPTO_MEM_CHECK_ENABLE; | 166 | if (!num_disable || (disabling_thread != CRYPTO_thread_id())) /* otherwise we already have the MALLOC2 lock */ |
| 155 | if (disabling_thread != CRYPTO_thread_id()) /* otherwise we already have the MALLOC2 lock */ | ||
| 156 | { | 167 | { |
| 157 | /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while | 168 | /* Long-time lock CRYPTO_LOCK_MALLOC2 must not be claimed while |
| 158 | * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if | 169 | * we're holding CRYPTO_LOCK_MALLOC, or we'll deadlock if |
| @@ -169,18 +180,23 @@ int CRYPTO_mem_ctrl(int mode) | |||
| 169 | * OpenSSL threads. */ | 180 | * OpenSSL threads. */ |
| 170 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); | 181 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); |
| 171 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); | 182 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); |
| 183 | mh_mode &= ~CRYPTO_MEM_CHECK_ENABLE; | ||
| 172 | disabling_thread=CRYPTO_thread_id(); | 184 | disabling_thread=CRYPTO_thread_id(); |
| 173 | } | 185 | } |
| 186 | num_disable++; | ||
| 174 | } | 187 | } |
| 175 | break; | 188 | break; |
| 176 | case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ | 189 | case CRYPTO_MEM_CHECK_ENABLE: /* aka MemCheck_on() */ |
| 177 | if (mh_mode & CRYPTO_MEM_CHECK_ON) | 190 | if (mh_mode & CRYPTO_MEM_CHECK_ON) |
| 178 | { | 191 | { |
| 179 | mh_mode|=CRYPTO_MEM_CHECK_ENABLE; | 192 | if (num_disable) /* always true, or something is going wrong */ |
| 180 | if (disabling_thread != 0) | ||
| 181 | { | 193 | { |
| 182 | disabling_thread=0; | 194 | num_disable--; |
| 183 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); | 195 | if (num_disable == 0) |
| 196 | { | ||
| 197 | mh_mode|=CRYPTO_MEM_CHECK_ENABLE; | ||
| 198 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); | ||
| 199 | } | ||
| 184 | } | 200 | } |
| 185 | } | 201 | } |
| 186 | break; | 202 | break; |
| @@ -198,12 +214,12 @@ int CRYPTO_is_mem_check_on(void) | |||
| 198 | 214 | ||
| 199 | if (mh_mode & CRYPTO_MEM_CHECK_ON) | 215 | if (mh_mode & CRYPTO_MEM_CHECK_ON) |
| 200 | { | 216 | { |
| 201 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); | 217 | CRYPTO_r_lock(CRYPTO_LOCK_MALLOC); |
| 202 | 218 | ||
| 203 | ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) | 219 | ret = (mh_mode & CRYPTO_MEM_CHECK_ENABLE) |
| 204 | && disabling_thread != CRYPTO_thread_id(); | 220 | || (disabling_thread != CRYPTO_thread_id()); |
| 205 | 221 | ||
| 206 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); | 222 | CRYPTO_r_unlock(CRYPTO_LOCK_MALLOC); |
| 207 | } | 223 | } |
| 208 | return(ret); | 224 | return(ret); |
| 209 | } | 225 | } |
| @@ -219,37 +235,43 @@ long CRYPTO_dbg_get_options(void) | |||
| 219 | return options; | 235 | return options; |
| 220 | } | 236 | } |
| 221 | 237 | ||
| 222 | static int mem_cmp(MEM *a, MEM *b) | 238 | /* static int mem_cmp(MEM *a, MEM *b) */ |
| 239 | static int mem_cmp(const void *a_void, const void *b_void) | ||
| 223 | { | 240 | { |
| 224 | return(a->addr - b->addr); | 241 | return((const char *)((const MEM *)a_void)->addr |
| 242 | - (const char *)((const MEM *)b_void)->addr); | ||
| 225 | } | 243 | } |
| 226 | 244 | ||
| 227 | static unsigned long mem_hash(MEM *a) | 245 | /* static unsigned long mem_hash(MEM *a) */ |
| 246 | static unsigned long mem_hash(const void *a_void) | ||
| 228 | { | 247 | { |
| 229 | unsigned long ret; | 248 | unsigned long ret; |
| 230 | 249 | ||
| 231 | ret=(unsigned long)a->addr; | 250 | ret=(unsigned long)((const MEM *)a_void)->addr; |
| 232 | 251 | ||
| 233 | ret=ret*17851+(ret>>14)*7+(ret>>4)*251; | 252 | ret=ret*17851+(ret>>14)*7+(ret>>4)*251; |
| 234 | return(ret); | 253 | return(ret); |
| 235 | } | 254 | } |
| 236 | 255 | ||
| 237 | static int app_info_cmp(APP_INFO *a, APP_INFO *b) | 256 | /* static int app_info_cmp(APP_INFO *a, APP_INFO *b) */ |
| 257 | static int app_info_cmp(const void *a_void, const void *b_void) | ||
| 238 | { | 258 | { |
| 239 | return(a->thread != b->thread); | 259 | return(((const APP_INFO *)a_void)->thread |
| 260 | != ((const APP_INFO *)b_void)->thread); | ||
| 240 | } | 261 | } |
| 241 | 262 | ||
| 242 | static unsigned long app_info_hash(APP_INFO *a) | 263 | /* static unsigned long app_info_hash(APP_INFO *a) */ |
| 264 | static unsigned long app_info_hash(const void *a_void) | ||
| 243 | { | 265 | { |
| 244 | unsigned long ret; | 266 | unsigned long ret; |
| 245 | 267 | ||
| 246 | ret=(unsigned long)a->thread; | 268 | ret=(unsigned long)((const APP_INFO *)a_void)->thread; |
| 247 | 269 | ||
| 248 | ret=ret*17851+(ret>>14)*7+(ret>>4)*251; | 270 | ret=ret*17851+(ret>>14)*7+(ret>>4)*251; |
| 249 | return(ret); | 271 | return(ret); |
| 250 | } | 272 | } |
| 251 | 273 | ||
| 252 | static APP_INFO *pop_info() | 274 | static APP_INFO *pop_info(void) |
| 253 | { | 275 | { |
| 254 | APP_INFO tmp; | 276 | APP_INFO tmp; |
| 255 | APP_INFO *ret = NULL; | 277 | APP_INFO *ret = NULL; |
| @@ -266,7 +288,7 @@ static APP_INFO *pop_info() | |||
| 266 | next->references++; | 288 | next->references++; |
| 267 | lh_insert(amih,(char *)next); | 289 | lh_insert(amih,(char *)next); |
| 268 | } | 290 | } |
| 269 | #ifdef LEVITTE_DEBUG | 291 | #ifdef LEVITTE_DEBUG_MEM |
| 270 | if (ret->thread != tmp.thread) | 292 | if (ret->thread != tmp.thread) |
| 271 | { | 293 | { |
| 272 | fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", | 294 | fprintf(stderr, "pop_info(): deleted info has other thread ID (%lu) than the current thread (%lu)!!!!\n", |
| @@ -279,7 +301,7 @@ static APP_INFO *pop_info() | |||
| 279 | ret->next = NULL; | 301 | ret->next = NULL; |
| 280 | if (next != NULL) | 302 | if (next != NULL) |
| 281 | next->references--; | 303 | next->references--; |
| 282 | Free(ret); | 304 | OPENSSL_free(ret); |
| 283 | } | 305 | } |
| 284 | } | 306 | } |
| 285 | } | 307 | } |
| @@ -293,18 +315,18 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) | |||
| 293 | 315 | ||
| 294 | if (is_MemCheck_on()) | 316 | if (is_MemCheck_on()) |
| 295 | { | 317 | { |
| 296 | MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ | 318 | MemCheck_off(); /* obtain MALLOC2 lock */ |
| 297 | 319 | ||
| 298 | if ((ami = (APP_INFO *)Malloc(sizeof(APP_INFO))) == NULL) | 320 | if ((ami = (APP_INFO *)OPENSSL_malloc(sizeof(APP_INFO))) == NULL) |
| 299 | { | 321 | { |
| 300 | ret=0; | 322 | ret=0; |
| 301 | goto err; | 323 | goto err; |
| 302 | } | 324 | } |
| 303 | if (amih == NULL) | 325 | if (amih == NULL) |
| 304 | { | 326 | { |
| 305 | if ((amih=lh_new(app_info_hash,app_info_cmp)) == NULL) | 327 | if ((amih=lh_new(app_info_hash, app_info_cmp)) == NULL) |
| 306 | { | 328 | { |
| 307 | Free(ami); | 329 | OPENSSL_free(ami); |
| 308 | ret=0; | 330 | ret=0; |
| 309 | goto err; | 331 | goto err; |
| 310 | } | 332 | } |
| @@ -319,7 +341,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) | |||
| 319 | 341 | ||
| 320 | if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) | 342 | if ((amim=(APP_INFO *)lh_insert(amih,(char *)ami)) != NULL) |
| 321 | { | 343 | { |
| 322 | #ifdef LEVITTE_DEBUG | 344 | #ifdef LEVITTE_DEBUG_MEM |
| 323 | if (ami->thread != amim->thread) | 345 | if (ami->thread != amim->thread) |
| 324 | { | 346 | { |
| 325 | fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", | 347 | fprintf(stderr, "CRYPTO_push_info(): previous info has other thread ID (%lu) than the current thread (%lu)!!!!\n", |
| @@ -330,7 +352,7 @@ int CRYPTO_push_info_(const char *info, const char *file, int line) | |||
| 330 | ami->next=amim; | 352 | ami->next=amim; |
| 331 | } | 353 | } |
| 332 | err: | 354 | err: |
| 333 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 355 | MemCheck_on(); /* release MALLOC2 lock */ |
| 334 | } | 356 | } |
| 335 | 357 | ||
| 336 | return(ret); | 358 | return(ret); |
| @@ -342,11 +364,11 @@ int CRYPTO_pop_info(void) | |||
| 342 | 364 | ||
| 343 | if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ | 365 | if (is_MemCheck_on()) /* _must_ be true, or something went severely wrong */ |
| 344 | { | 366 | { |
| 345 | MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ | 367 | MemCheck_off(); /* obtain MALLOC2 lock */ |
| 346 | 368 | ||
| 347 | ret=(pop_info() != NULL); | 369 | ret=(pop_info() != NULL); |
| 348 | 370 | ||
| 349 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 371 | MemCheck_on(); /* release MALLOC2 lock */ |
| 350 | } | 372 | } |
| 351 | return(ret); | 373 | return(ret); |
| 352 | } | 374 | } |
| @@ -357,12 +379,12 @@ int CRYPTO_remove_all_info(void) | |||
| 357 | 379 | ||
| 358 | if (is_MemCheck_on()) /* _must_ be true */ | 380 | if (is_MemCheck_on()) /* _must_ be true */ |
| 359 | { | 381 | { |
| 360 | MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ | 382 | MemCheck_off(); /* obtain MALLOC2 lock */ |
| 361 | 383 | ||
| 362 | while(pop_info() != NULL) | 384 | while(pop_info() != NULL) |
| 363 | ret++; | 385 | ret++; |
| 364 | 386 | ||
| 365 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 387 | MemCheck_on(); /* release MALLOC2 lock */ |
| 366 | } | 388 | } |
| 367 | return(ret); | 389 | return(ret); |
| 368 | } | 390 | } |
| @@ -385,19 +407,20 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, | |||
| 385 | 407 | ||
| 386 | if (is_MemCheck_on()) | 408 | if (is_MemCheck_on()) |
| 387 | { | 409 | { |
| 388 | MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ | 410 | MemCheck_off(); /* make sure we hold MALLOC2 lock */ |
| 389 | if ((m=(MEM *)Malloc(sizeof(MEM))) == NULL) | 411 | if ((m=(MEM *)OPENSSL_malloc(sizeof(MEM))) == NULL) |
| 390 | { | 412 | { |
| 391 | Free(addr); | 413 | OPENSSL_free(addr); |
| 392 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 414 | MemCheck_on(); /* release MALLOC2 lock |
| 415 | * if num_disabled drops to 0 */ | ||
| 393 | return; | 416 | return; |
| 394 | } | 417 | } |
| 395 | if (mh == NULL) | 418 | if (mh == NULL) |
| 396 | { | 419 | { |
| 397 | if ((mh=lh_new(mem_hash,mem_cmp)) == NULL) | 420 | if ((mh=lh_new(mem_hash, mem_cmp)) == NULL) |
| 398 | { | 421 | { |
| 399 | Free(addr); | 422 | OPENSSL_free(addr); |
| 400 | Free(m); | 423 | OPENSSL_free(m); |
| 401 | addr=NULL; | 424 | addr=NULL; |
| 402 | goto err; | 425 | goto err; |
| 403 | } | 426 | } |
| @@ -418,8 +441,8 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, | |||
| 418 | m->order=order; | 441 | m->order=order; |
| 419 | } | 442 | } |
| 420 | m->order=order++; | 443 | m->order=order++; |
| 421 | #ifdef LEVITTE_DEBUG | 444 | #ifdef LEVITTE_DEBUG_MEM |
| 422 | fprintf(stderr, "LEVITTE_DEBUG: [%5d] %c 0x%p (%d)\n", | 445 | fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] %c 0x%p (%d)\n", |
| 423 | m->order, | 446 | m->order, |
| 424 | (before_p & 128) ? '*' : '+', | 447 | (before_p & 128) ? '*' : '+', |
| 425 | m->addr, m->num); | 448 | m->addr, m->num); |
| @@ -445,10 +468,11 @@ void CRYPTO_dbg_malloc(void *addr, int num, const char *file, int line, | |||
| 445 | { | 468 | { |
| 446 | mm->app_info->references--; | 469 | mm->app_info->references--; |
| 447 | } | 470 | } |
| 448 | Free(mm); | 471 | OPENSSL_free(mm); |
| 449 | } | 472 | } |
| 450 | err: | 473 | err: |
| 451 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 474 | MemCheck_on(); /* release MALLOC2 lock |
| 475 | * if num_disabled drops to 0 */ | ||
| 452 | } | 476 | } |
| 453 | break; | 477 | break; |
| 454 | } | 478 | } |
| @@ -467,24 +491,25 @@ void CRYPTO_dbg_free(void *addr, int before_p) | |||
| 467 | 491 | ||
| 468 | if (is_MemCheck_on() && (mh != NULL)) | 492 | if (is_MemCheck_on() && (mh != NULL)) |
| 469 | { | 493 | { |
| 470 | MemCheck_off(); | 494 | MemCheck_off(); /* make sure we hold MALLOC2 lock */ |
| 471 | 495 | ||
| 472 | m.addr=addr; | 496 | m.addr=addr; |
| 473 | mp=(MEM *)lh_delete(mh,(char *)&m); | 497 | mp=(MEM *)lh_delete(mh,(char *)&m); |
| 474 | if (mp != NULL) | 498 | if (mp != NULL) |
| 475 | { | 499 | { |
| 476 | #ifdef LEVITTE_DEBUG | 500 | #ifdef LEVITTE_DEBUG_MEM |
| 477 | fprintf(stderr, "LEVITTE_DEBUG: [%5d] - 0x%p (%d)\n", | 501 | fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] - 0x%p (%d)\n", |
| 478 | mp->order, mp->addr, mp->num); | 502 | mp->order, mp->addr, mp->num); |
| 479 | #endif | 503 | #endif |
| 480 | if (mp->app_info != NULL) | 504 | if (mp->app_info != NULL) |
| 481 | { | 505 | { |
| 482 | mp->app_info->references--; | 506 | mp->app_info->references--; |
| 483 | } | 507 | } |
| 484 | Free(mp); | 508 | OPENSSL_free(mp); |
| 485 | } | 509 | } |
| 486 | 510 | ||
| 487 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 511 | MemCheck_on(); /* release MALLOC2 lock |
| 512 | * if num_disabled drops to 0 */ | ||
| 488 | } | 513 | } |
| 489 | break; | 514 | break; |
| 490 | case 1: | 515 | case 1: |
| @@ -497,8 +522,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, | |||
| 497 | { | 522 | { |
| 498 | MEM m,*mp; | 523 | MEM m,*mp; |
| 499 | 524 | ||
| 500 | #ifdef LEVITTE_DEBUG | 525 | #ifdef LEVITTE_DEBUG_MEM |
| 501 | fprintf(stderr, "LEVITTE_DEBUG: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", | 526 | fprintf(stderr, "LEVITTE_DEBUG_MEM: --> CRYPTO_dbg_malloc(addr1 = %p, addr2 = %p, num = %d, file = \"%s\", line = %d, before_p = %d)\n", |
| 502 | addr1, addr2, num, file, line, before_p); | 527 | addr1, addr2, num, file, line, before_p); |
| 503 | #endif | 528 | #endif |
| 504 | 529 | ||
| @@ -518,14 +543,14 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, | |||
| 518 | 543 | ||
| 519 | if (is_MemCheck_on()) | 544 | if (is_MemCheck_on()) |
| 520 | { | 545 | { |
| 521 | MemCheck_off(); /* obtains CRYPTO_LOCK_MALLOC2 */ | 546 | MemCheck_off(); /* make sure we hold MALLOC2 lock */ |
| 522 | 547 | ||
| 523 | m.addr=addr1; | 548 | m.addr=addr1; |
| 524 | mp=(MEM *)lh_delete(mh,(char *)&m); | 549 | mp=(MEM *)lh_delete(mh,(char *)&m); |
| 525 | if (mp != NULL) | 550 | if (mp != NULL) |
| 526 | { | 551 | { |
| 527 | #ifdef LEVITTE_DEBUG | 552 | #ifdef LEVITTE_DEBUG_MEM |
| 528 | fprintf(stderr, "LEVITTE_DEBUG: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", | 553 | fprintf(stderr, "LEVITTE_DEBUG_MEM: [%5d] * 0x%p (%d) -> 0x%p (%d)\n", |
| 529 | mp->order, | 554 | mp->order, |
| 530 | mp->addr, mp->num, | 555 | mp->addr, mp->num, |
| 531 | addr2, num); | 556 | addr2, num); |
| @@ -535,7 +560,8 @@ void CRYPTO_dbg_realloc(void *addr1, void *addr2, int num, | |||
| 535 | lh_insert(mh,(char *)mp); | 560 | lh_insert(mh,(char *)mp); |
| 536 | } | 561 | } |
| 537 | 562 | ||
| 538 | MemCheck_on(); /* releases CRYPTO_LOCK_MALLOC2 */ | 563 | MemCheck_on(); /* release MALLOC2 lock |
| 564 | * if num_disabled drops to 0 */ | ||
| 539 | } | 565 | } |
| 540 | break; | 566 | break; |
| 541 | } | 567 | } |
| @@ -550,7 +576,7 @@ typedef struct mem_leak_st | |||
| 550 | long bytes; | 576 | long bytes; |
| 551 | } MEM_LEAK; | 577 | } MEM_LEAK; |
| 552 | 578 | ||
| 553 | static void print_leak(MEM *m, MEM_LEAK *l) | 579 | static void print_leak(const MEM *m, MEM_LEAK *l) |
| 554 | { | 580 | { |
| 555 | char buf[1024]; | 581 | char buf[1024]; |
| 556 | char *bufp = buf; | 582 | char *bufp = buf; |
| @@ -626,7 +652,7 @@ static void print_leak(MEM *m, MEM_LEAK *l) | |||
| 626 | } | 652 | } |
| 627 | while(amip && amip->thread == ti); | 653 | while(amip && amip->thread == ti); |
| 628 | 654 | ||
| 629 | #ifdef LEVITTE_DEBUG | 655 | #ifdef LEVITTE_DEBUG_MEM |
| 630 | if (amip) | 656 | if (amip) |
| 631 | { | 657 | { |
| 632 | fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); | 658 | fprintf(stderr, "Thread switch detected in backtrace!!!!\n"); |
| @@ -635,69 +661,114 @@ static void print_leak(MEM *m, MEM_LEAK *l) | |||
| 635 | #endif | 661 | #endif |
| 636 | } | 662 | } |
| 637 | 663 | ||
| 664 | static IMPLEMENT_LHASH_DOALL_ARG_FN(print_leak, const MEM *, MEM_LEAK *) | ||
| 665 | |||
| 638 | void CRYPTO_mem_leaks(BIO *b) | 666 | void CRYPTO_mem_leaks(BIO *b) |
| 639 | { | 667 | { |
| 640 | MEM_LEAK ml; | 668 | MEM_LEAK ml; |
| 641 | char buf[80]; | 669 | char buf[80]; |
| 642 | 670 | ||
| 643 | if (mh == NULL) return; | 671 | if (mh == NULL && amih == NULL) |
| 672 | return; | ||
| 673 | |||
| 674 | MemCheck_off(); /* obtain MALLOC2 lock */ | ||
| 675 | |||
| 644 | ml.bio=b; | 676 | ml.bio=b; |
| 645 | ml.bytes=0; | 677 | ml.bytes=0; |
| 646 | ml.chunks=0; | 678 | ml.chunks=0; |
| 647 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); | 679 | if (mh != NULL) |
| 648 | lh_doall_arg(mh,(void (*)())print_leak,(char *)&ml); | 680 | lh_doall_arg(mh, LHASH_DOALL_ARG_FN(print_leak), |
| 649 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); | 681 | (char *)&ml); |
| 650 | if (ml.chunks != 0) | 682 | if (ml.chunks != 0) |
| 651 | { | 683 | { |
| 652 | sprintf(buf,"%ld bytes leaked in %d chunks\n", | 684 | sprintf(buf,"%ld bytes leaked in %d chunks\n", |
| 653 | ml.bytes,ml.chunks); | 685 | ml.bytes,ml.chunks); |
| 654 | BIO_puts(b,buf); | 686 | BIO_puts(b,buf); |
| 655 | } | 687 | } |
| 688 | else | ||
| 689 | { | ||
| 690 | /* Make sure that, if we found no leaks, memory-leak debugging itself | ||
| 691 | * does not introduce memory leaks (which might irritate | ||
| 692 | * external debugging tools). | ||
| 693 | * (When someone enables leak checking, but does not call | ||
| 694 | * this function, we declare it to be their fault.) | ||
| 695 | * | ||
| 696 | * XXX This should be in CRYPTO_mem_leaks_cb, | ||
| 697 | * and CRYPTO_mem_leaks should be implemented by | ||
| 698 | * using CRYPTO_mem_leaks_cb. | ||
| 699 | * (Also their should be a variant of lh_doall_arg | ||
| 700 | * that takes a function pointer instead of a void *; | ||
| 701 | * this would obviate the ugly and illegal | ||
| 702 | * void_fn_to_char kludge in CRYPTO_mem_leaks_cb. | ||
| 703 | * Otherwise the code police will come and get us.) | ||
| 704 | */ | ||
| 705 | int old_mh_mode; | ||
| 656 | 706 | ||
| 657 | #if 0 | 707 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC); |
| 658 | lh_stats_bio(mh,b); | ||
| 659 | lh_node_stats_bio(mh,b); | ||
| 660 | lh_node_usage_stats_bio(mh,b); | ||
| 661 | #endif | ||
| 662 | } | ||
| 663 | |||
| 664 | union void_fn_to_char_u | ||
| 665 | { | ||
| 666 | char *char_p; | ||
| 667 | void (*fn_p)(); | ||
| 668 | }; | ||
| 669 | |||
| 670 | static void cb_leak(MEM *m, char *cb) | ||
| 671 | { | ||
| 672 | union void_fn_to_char_u mem_callback; | ||
| 673 | 708 | ||
| 674 | mem_callback.char_p=cb; | 709 | /* avoid deadlock when lh_free() uses CRYPTO_dbg_free(), |
| 675 | mem_callback.fn_p(m->order,m->file,m->line,m->num,m->addr); | 710 | * which uses CRYPTO_is_mem_check_on */ |
| 676 | } | 711 | old_mh_mode = mh_mode; |
| 712 | mh_mode = CRYPTO_MEM_CHECK_OFF; | ||
| 677 | 713 | ||
| 678 | void CRYPTO_mem_leaks_cb(void (*cb)()) | 714 | if (mh != NULL) |
| 679 | { | 715 | { |
| 680 | union void_fn_to_char_u mem_cb; | 716 | lh_free(mh); |
| 717 | mh = NULL; | ||
| 718 | } | ||
| 719 | if (amih != NULL) | ||
| 720 | { | ||
| 721 | if (lh_num_items(amih) == 0) | ||
| 722 | { | ||
| 723 | lh_free(amih); | ||
| 724 | amih = NULL; | ||
| 725 | } | ||
| 726 | } | ||
| 681 | 727 | ||
| 682 | if (mh == NULL) return; | 728 | mh_mode = old_mh_mode; |
| 683 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); | 729 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC); |
| 684 | mem_cb.fn_p=cb; | 730 | } |
| 685 | lh_doall_arg(mh,(void (*)())cb_leak,mem_cb.char_p); | 731 | MemCheck_on(); /* release MALLOC2 lock */ |
| 686 | mem_cb.char_p=NULL; | ||
| 687 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); | ||
| 688 | } | 732 | } |
| 689 | 733 | ||
| 690 | #ifndef NO_FP_API | 734 | #ifndef OPENSSL_NO_FP_API |
| 691 | void CRYPTO_mem_leaks_fp(FILE *fp) | 735 | void CRYPTO_mem_leaks_fp(FILE *fp) |
| 692 | { | 736 | { |
| 693 | BIO *b; | 737 | BIO *b; |
| 694 | 738 | ||
| 695 | if (mh == NULL) return; | 739 | if (mh == NULL) return; |
| 696 | if ((b=BIO_new(BIO_s_file())) == NULL) | 740 | /* Need to turn off memory checking when allocated BIOs ... especially |
| 697 | return; | 741 | * as we're creating them at a time when we're trying to check we've not |
| 742 | * left anything un-free()'d!! */ | ||
| 743 | MemCheck_off(); | ||
| 744 | b = BIO_new(BIO_s_file()); | ||
| 745 | MemCheck_on(); | ||
| 746 | if(!b) return; | ||
| 698 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 747 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 699 | CRYPTO_mem_leaks(b); | 748 | CRYPTO_mem_leaks(b); |
| 700 | BIO_free(b); | 749 | BIO_free(b); |
| 701 | } | 750 | } |
| 702 | #endif | 751 | #endif |
| 703 | 752 | ||
| 753 | |||
| 754 | |||
| 755 | /* FIXME: We really don't allow much to the callback. For example, it has | ||
| 756 | no chance of reaching the info stack for the item it processes. Should | ||
| 757 | it really be this way? -- Richard Levitte */ | ||
| 758 | /* NB: The prototypes have been typedef'd to CRYPTO_MEM_LEAK_CB inside crypto.h | ||
| 759 | * If this code is restructured, remove the callback type if it is no longer | ||
| 760 | * needed. -- Geoff Thorpe */ | ||
| 761 | static void cb_leak(const MEM *m, CRYPTO_MEM_LEAK_CB **cb) | ||
| 762 | { | ||
| 763 | (**cb)(m->order,m->file,m->line,m->num,m->addr); | ||
| 764 | } | ||
| 765 | |||
| 766 | static IMPLEMENT_LHASH_DOALL_ARG_FN(cb_leak, const MEM *, CRYPTO_MEM_LEAK_CB **) | ||
| 767 | |||
| 768 | void CRYPTO_mem_leaks_cb(CRYPTO_MEM_LEAK_CB *cb) | ||
| 769 | { | ||
| 770 | if (mh == NULL) return; | ||
| 771 | CRYPTO_w_lock(CRYPTO_LOCK_MALLOC2); | ||
| 772 | lh_doall_arg(mh, LHASH_DOALL_ARG_FN(cb_leak), &cb); | ||
| 773 | CRYPTO_w_unlock(CRYPTO_LOCK_MALLOC2); | ||
| 774 | } | ||
diff --git a/src/lib/libcrypto/objects/o_names.c b/src/lib/libcrypto/objects/o_names.c index 4da5e45b9c..b4453b4a98 100644 --- a/src/lib/libcrypto/objects/o_names.c +++ b/src/lib/libcrypto/objects/o_names.c | |||
| @@ -4,78 +4,119 @@ | |||
| 4 | 4 | ||
| 5 | #include <openssl/lhash.h> | 5 | #include <openssl/lhash.h> |
| 6 | #include <openssl/objects.h> | 6 | #include <openssl/objects.h> |
| 7 | #include <openssl/safestack.h> | ||
| 8 | #include <openssl/e_os2.h> | ||
| 9 | |||
| 10 | /* Later versions of DEC C has started to add lnkage information to certain | ||
| 11 | * functions, which makes it tricky to use them as values to regular function | ||
| 12 | * pointers. One way is to define a macro that takes care of casting them | ||
| 13 | * correctly. | ||
| 14 | */ | ||
| 15 | #ifdef OPENSSL_SYS_VMS_DECC | ||
| 16 | # define OPENSSL_strcmp (int (*)(const char *,const char *))strcmp | ||
| 17 | #else | ||
| 18 | # define OPENSSL_strcmp strcmp | ||
| 19 | #endif | ||
| 7 | 20 | ||
| 8 | /* I use the ex_data stuff to manage the identifiers for the obj_name_types | 21 | /* I use the ex_data stuff to manage the identifiers for the obj_name_types |
| 9 | * that applications may define. I only really use the free function field. | 22 | * that applications may define. I only really use the free function field. |
| 10 | */ | 23 | */ |
| 11 | static LHASH *names_lh=NULL; | 24 | static LHASH *names_lh=NULL; |
| 12 | static int names_type_num=OBJ_NAME_TYPE_NUM; | 25 | static int names_type_num=OBJ_NAME_TYPE_NUM; |
| 13 | static STACK *names_cmp=NULL; | ||
| 14 | static STACK *names_hash=NULL; | ||
| 15 | static STACK *names_free=NULL; | ||
| 16 | 26 | ||
| 17 | static unsigned long obj_name_hash(OBJ_NAME *a); | 27 | typedef struct name_funcs_st |
| 18 | static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); | 28 | { |
| 29 | unsigned long (*hash_func)(const char *name); | ||
| 30 | int (*cmp_func)(const char *a,const char *b); | ||
| 31 | void (*free_func)(const char *, int, const char *); | ||
| 32 | } NAME_FUNCS; | ||
| 33 | |||
| 34 | DECLARE_STACK_OF(NAME_FUNCS) | ||
| 35 | IMPLEMENT_STACK_OF(NAME_FUNCS) | ||
| 36 | |||
| 37 | static STACK_OF(NAME_FUNCS) *name_funcs_stack; | ||
| 38 | |||
| 39 | /* The LHASH callbacks now use the raw "void *" prototypes and do per-variable | ||
| 40 | * casting in the functions. This prevents function pointer casting without the | ||
| 41 | * need for macro-generated wrapper functions. */ | ||
| 42 | |||
| 43 | /* static unsigned long obj_name_hash(OBJ_NAME *a); */ | ||
| 44 | static unsigned long obj_name_hash(const void *a_void); | ||
| 45 | /* static int obj_name_cmp(OBJ_NAME *a,OBJ_NAME *b); */ | ||
| 46 | static int obj_name_cmp(const void *a_void,const void *b_void); | ||
| 19 | 47 | ||
| 20 | int OBJ_NAME_init(void) | 48 | int OBJ_NAME_init(void) |
| 21 | { | 49 | { |
| 22 | if (names_lh != NULL) return(1); | 50 | if (names_lh != NULL) return(1); |
| 23 | MemCheck_off(); | 51 | MemCheck_off(); |
| 24 | names_lh=lh_new(obj_name_hash,obj_name_cmp); | 52 | names_lh=lh_new(obj_name_hash, obj_name_cmp); |
| 25 | MemCheck_on(); | 53 | MemCheck_on(); |
| 26 | return(names_lh != NULL); | 54 | return(names_lh != NULL); |
| 27 | } | 55 | } |
| 28 | 56 | ||
| 29 | int OBJ_NAME_new_index(unsigned long (*hash_func)(), int (*cmp_func)(), | 57 | int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), |
| 30 | void (*free_func)()) | 58 | int (*cmp_func)(const char *, const char *), |
| 59 | void (*free_func)(const char *, int, const char *)) | ||
| 31 | { | 60 | { |
| 32 | int ret; | 61 | int ret; |
| 33 | int i; | 62 | int i; |
| 63 | NAME_FUNCS *name_funcs; | ||
| 34 | 64 | ||
| 35 | if (names_free == NULL) | 65 | if (name_funcs_stack == NULL) |
| 36 | { | 66 | { |
| 37 | MemCheck_off(); | 67 | MemCheck_off(); |
| 38 | names_hash=sk_new_null(); | 68 | name_funcs_stack=sk_NAME_FUNCS_new_null(); |
| 39 | names_cmp=sk_new_null(); | ||
| 40 | names_free=sk_new_null(); | ||
| 41 | MemCheck_on(); | 69 | MemCheck_on(); |
| 42 | } | 70 | } |
| 43 | if ((names_free == NULL) || (names_hash == NULL) || (names_cmp == NULL)) | 71 | if ((name_funcs_stack == NULL)) |
| 44 | { | 72 | { |
| 45 | /* ERROR */ | 73 | /* ERROR */ |
| 46 | return(0); | 74 | return(0); |
| 47 | } | 75 | } |
| 48 | ret=names_type_num; | 76 | ret=names_type_num; |
| 49 | names_type_num++; | 77 | names_type_num++; |
| 50 | for (i=sk_num(names_free); i<names_type_num; i++) | 78 | for (i=sk_NAME_FUNCS_num(name_funcs_stack); i<names_type_num; i++) |
| 51 | { | 79 | { |
| 52 | MemCheck_off(); | 80 | MemCheck_off(); |
| 53 | sk_push(names_hash,(char *)strcmp); | 81 | name_funcs = OPENSSL_malloc(sizeof(NAME_FUNCS)); |
| 54 | sk_push(names_cmp,(char *)lh_strhash); | 82 | MemCheck_on(); |
| 55 | sk_push(names_free,NULL); | 83 | if (!name_funcs) return(0); |
| 84 | name_funcs->hash_func = lh_strhash; | ||
| 85 | name_funcs->cmp_func = OPENSSL_strcmp; | ||
| 86 | name_funcs->free_func = 0; /* NULL is often declared to | ||
| 87 | * ((void *)0), which according | ||
| 88 | * to Compaq C is not really | ||
| 89 | * compatible with a function | ||
| 90 | * pointer. -- Richard Levitte*/ | ||
| 91 | MemCheck_off(); | ||
| 92 | sk_NAME_FUNCS_push(name_funcs_stack,name_funcs); | ||
| 56 | MemCheck_on(); | 93 | MemCheck_on(); |
| 57 | } | 94 | } |
| 95 | name_funcs = sk_NAME_FUNCS_value(name_funcs_stack, ret); | ||
| 58 | if (hash_func != NULL) | 96 | if (hash_func != NULL) |
| 59 | sk_set(names_hash,ret,(char *)hash_func); | 97 | name_funcs->hash_func = hash_func; |
| 60 | if (cmp_func != NULL) | 98 | if (cmp_func != NULL) |
| 61 | sk_set(names_cmp,ret,(char *)cmp_func); | 99 | name_funcs->cmp_func = cmp_func; |
| 62 | if (free_func != NULL) | 100 | if (free_func != NULL) |
| 63 | sk_set(names_free,ret,(char *)free_func); | 101 | name_funcs->free_func = free_func; |
| 64 | return(ret); | 102 | return(ret); |
| 65 | } | 103 | } |
| 66 | 104 | ||
| 67 | static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) | 105 | /* static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) */ |
| 106 | static int obj_name_cmp(const void *a_void, const void *b_void) | ||
| 68 | { | 107 | { |
| 69 | int ret; | 108 | int ret; |
| 70 | int (*cmp)(); | 109 | OBJ_NAME *a = (OBJ_NAME *)a_void; |
| 110 | OBJ_NAME *b = (OBJ_NAME *)b_void; | ||
| 71 | 111 | ||
| 72 | ret=a->type-b->type; | 112 | ret=a->type-b->type; |
| 73 | if (ret == 0) | 113 | if (ret == 0) |
| 74 | { | 114 | { |
| 75 | if ((names_cmp != NULL) && (sk_num(names_cmp) > a->type)) | 115 | if ((name_funcs_stack != NULL) |
| 116 | && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) | ||
| 76 | { | 117 | { |
| 77 | cmp=(int (*)())sk_value(names_cmp,a->type); | 118 | ret=sk_NAME_FUNCS_value(name_funcs_stack, |
| 78 | ret=cmp(a->name,b->name); | 119 | a->type)->cmp_func(a->name,b->name); |
| 79 | } | 120 | } |
| 80 | else | 121 | else |
| 81 | ret=strcmp(a->name,b->name); | 122 | ret=strcmp(a->name,b->name); |
| @@ -83,15 +124,16 @@ static int obj_name_cmp(OBJ_NAME *a, OBJ_NAME *b) | |||
| 83 | return(ret); | 124 | return(ret); |
| 84 | } | 125 | } |
| 85 | 126 | ||
| 86 | static unsigned long obj_name_hash(OBJ_NAME *a) | 127 | /* static unsigned long obj_name_hash(OBJ_NAME *a) */ |
| 128 | static unsigned long obj_name_hash(const void *a_void) | ||
| 87 | { | 129 | { |
| 88 | unsigned long ret; | 130 | unsigned long ret; |
| 89 | unsigned long (*hash)(); | 131 | OBJ_NAME *a = (OBJ_NAME *)a_void; |
| 90 | 132 | ||
| 91 | if ((names_hash != NULL) && (sk_num(names_hash) > a->type)) | 133 | if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > a->type)) |
| 92 | { | 134 | { |
| 93 | hash=(unsigned long (*)())sk_value(names_hash,a->type); | 135 | ret=sk_NAME_FUNCS_value(name_funcs_stack, |
| 94 | ret=hash(a->name); | 136 | a->type)->hash_func(a->name); |
| 95 | } | 137 | } |
| 96 | else | 138 | else |
| 97 | { | 139 | { |
| @@ -116,8 +158,8 @@ const char *OBJ_NAME_get(const char *name, int type) | |||
| 116 | on.type=type; | 158 | on.type=type; |
| 117 | 159 | ||
| 118 | for (;;) | 160 | for (;;) |
| 119 | { | 161 | { |
| 120 | ret=(OBJ_NAME *)lh_retrieve(names_lh,(char *)&on); | 162 | ret=(OBJ_NAME *)lh_retrieve(names_lh,&on); |
| 121 | if (ret == NULL) return(NULL); | 163 | if (ret == NULL) return(NULL); |
| 122 | if ((ret->alias) && !alias) | 164 | if ((ret->alias) && !alias) |
| 123 | { | 165 | { |
| @@ -133,7 +175,6 @@ const char *OBJ_NAME_get(const char *name, int type) | |||
| 133 | 175 | ||
| 134 | int OBJ_NAME_add(const char *name, int type, const char *data) | 176 | int OBJ_NAME_add(const char *name, int type, const char *data) |
| 135 | { | 177 | { |
| 136 | void (*f)(); | ||
| 137 | OBJ_NAME *onp,*ret; | 178 | OBJ_NAME *onp,*ret; |
| 138 | int alias; | 179 | int alias; |
| 139 | 180 | ||
| @@ -142,7 +183,7 @@ int OBJ_NAME_add(const char *name, int type, const char *data) | |||
| 142 | alias=type&OBJ_NAME_ALIAS; | 183 | alias=type&OBJ_NAME_ALIAS; |
| 143 | type&= ~OBJ_NAME_ALIAS; | 184 | type&= ~OBJ_NAME_ALIAS; |
| 144 | 185 | ||
| 145 | onp=(OBJ_NAME *)Malloc(sizeof(OBJ_NAME)); | 186 | onp=(OBJ_NAME *)OPENSSL_malloc(sizeof(OBJ_NAME)); |
| 146 | if (onp == NULL) | 187 | if (onp == NULL) |
| 147 | { | 188 | { |
| 148 | /* ERROR */ | 189 | /* ERROR */ |
| @@ -154,16 +195,20 @@ int OBJ_NAME_add(const char *name, int type, const char *data) | |||
| 154 | onp->type=type; | 195 | onp->type=type; |
| 155 | onp->data=data; | 196 | onp->data=data; |
| 156 | 197 | ||
| 157 | ret=(OBJ_NAME *)lh_insert(names_lh,(char *)onp); | 198 | ret=(OBJ_NAME *)lh_insert(names_lh,onp); |
| 158 | if (ret != NULL) | 199 | if (ret != NULL) |
| 159 | { | 200 | { |
| 160 | /* free things */ | 201 | /* free things */ |
| 161 | if ((names_free != NULL) && (sk_num(names_free) > ret->type)) | 202 | if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) |
| 162 | { | 203 | { |
| 163 | f=(void (*)())sk_value(names_free,ret->type); | 204 | /* XXX: I'm not sure I understand why the free |
| 164 | f(ret->name,ret->type,ret->data); | 205 | * function should get three arguments... |
| 206 | * -- Richard Levitte | ||
| 207 | */ | ||
| 208 | sk_NAME_FUNCS_value(name_funcs_stack, | ||
| 209 | ret->type)->free_func(ret->name,ret->type,ret->data); | ||
| 165 | } | 210 | } |
| 166 | Free((char *)ret); | 211 | OPENSSL_free(ret); |
| 167 | } | 212 | } |
| 168 | else | 213 | else |
| 169 | { | 214 | { |
| @@ -179,35 +224,108 @@ int OBJ_NAME_add(const char *name, int type, const char *data) | |||
| 179 | int OBJ_NAME_remove(const char *name, int type) | 224 | int OBJ_NAME_remove(const char *name, int type) |
| 180 | { | 225 | { |
| 181 | OBJ_NAME on,*ret; | 226 | OBJ_NAME on,*ret; |
| 182 | void (*f)(); | ||
| 183 | 227 | ||
| 184 | if (names_lh == NULL) return(0); | 228 | if (names_lh == NULL) return(0); |
| 185 | 229 | ||
| 186 | type&= ~OBJ_NAME_ALIAS; | 230 | type&= ~OBJ_NAME_ALIAS; |
| 187 | on.name=name; | 231 | on.name=name; |
| 188 | on.type=type; | 232 | on.type=type; |
| 189 | ret=(OBJ_NAME *)lh_delete(names_lh,(char *)&on); | 233 | ret=(OBJ_NAME *)lh_delete(names_lh,&on); |
| 190 | if (ret != NULL) | 234 | if (ret != NULL) |
| 191 | { | 235 | { |
| 192 | /* free things */ | 236 | /* free things */ |
| 193 | if ((names_free != NULL) && (sk_num(names_free) > type)) | 237 | if ((name_funcs_stack != NULL) && (sk_NAME_FUNCS_num(name_funcs_stack) > ret->type)) |
| 194 | { | 238 | { |
| 195 | f=(void (*)())sk_value(names_free,type); | 239 | /* XXX: I'm not sure I understand why the free |
| 196 | f(ret->name,ret->type,ret->data); | 240 | * function should get three arguments... |
| 241 | * -- Richard Levitte | ||
| 242 | */ | ||
| 243 | sk_NAME_FUNCS_value(name_funcs_stack, | ||
| 244 | ret->type)->free_func(ret->name,ret->type,ret->data); | ||
| 197 | } | 245 | } |
| 198 | Free((char *)ret); | 246 | OPENSSL_free(ret); |
| 199 | return(1); | 247 | return(1); |
| 200 | } | 248 | } |
| 201 | else | 249 | else |
| 202 | return(0); | 250 | return(0); |
| 203 | } | 251 | } |
| 204 | 252 | ||
| 253 | struct doall | ||
| 254 | { | ||
| 255 | int type; | ||
| 256 | void (*fn)(const OBJ_NAME *,void *arg); | ||
| 257 | void *arg; | ||
| 258 | }; | ||
| 259 | |||
| 260 | static void do_all_fn(const OBJ_NAME *name,struct doall *d) | ||
| 261 | { | ||
| 262 | if(name->type == d->type) | ||
| 263 | d->fn(name,d->arg); | ||
| 264 | } | ||
| 265 | |||
| 266 | static IMPLEMENT_LHASH_DOALL_ARG_FN(do_all_fn, const OBJ_NAME *, struct doall *) | ||
| 267 | |||
| 268 | void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg),void *arg) | ||
| 269 | { | ||
| 270 | struct doall d; | ||
| 271 | |||
| 272 | d.type=type; | ||
| 273 | d.fn=fn; | ||
| 274 | d.arg=arg; | ||
| 275 | |||
| 276 | lh_doall_arg(names_lh,LHASH_DOALL_ARG_FN(do_all_fn),&d); | ||
| 277 | } | ||
| 278 | |||
| 279 | struct doall_sorted | ||
| 280 | { | ||
| 281 | int type; | ||
| 282 | int n; | ||
| 283 | const OBJ_NAME **names; | ||
| 284 | }; | ||
| 285 | |||
| 286 | static void do_all_sorted_fn(const OBJ_NAME *name,void *d_) | ||
| 287 | { | ||
| 288 | struct doall_sorted *d=d_; | ||
| 289 | |||
| 290 | if(name->type != d->type) | ||
| 291 | return; | ||
| 292 | |||
| 293 | d->names[d->n++]=name; | ||
| 294 | } | ||
| 295 | |||
| 296 | static int do_all_sorted_cmp(const void *n1_,const void *n2_) | ||
| 297 | { | ||
| 298 | const OBJ_NAME * const *n1=n1_; | ||
| 299 | const OBJ_NAME * const *n2=n2_; | ||
| 300 | |||
| 301 | return strcmp((*n1)->name,(*n2)->name); | ||
| 302 | } | ||
| 303 | |||
| 304 | void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), | ||
| 305 | void *arg) | ||
| 306 | { | ||
| 307 | struct doall_sorted d; | ||
| 308 | int n; | ||
| 309 | |||
| 310 | d.type=type; | ||
| 311 | d.names=OPENSSL_malloc(lh_num_items(names_lh)*sizeof *d.names); | ||
| 312 | d.n=0; | ||
| 313 | OBJ_NAME_do_all(type,do_all_sorted_fn,&d); | ||
| 314 | |||
| 315 | qsort((void *)d.names,d.n,sizeof *d.names,do_all_sorted_cmp); | ||
| 316 | |||
| 317 | for(n=0 ; n < d.n ; ++n) | ||
| 318 | fn(d.names[n],arg); | ||
| 319 | |||
| 320 | OPENSSL_free((void *)d.names); | ||
| 321 | } | ||
| 322 | |||
| 205 | static int free_type; | 323 | static int free_type; |
| 206 | 324 | ||
| 207 | static void names_lh_free(OBJ_NAME *onp, int type) | 325 | static void names_lh_free(OBJ_NAME *onp) |
| 208 | { | 326 | { |
| 209 | if(onp == NULL) | 327 | if(onp == NULL) |
| 210 | return; | 328 | return; |
| 211 | 329 | ||
| 212 | if ((free_type < 0) || (free_type == onp->type)) | 330 | if ((free_type < 0) || (free_type == onp->type)) |
| 213 | { | 331 | { |
| @@ -215,6 +333,13 @@ static void names_lh_free(OBJ_NAME *onp, int type) | |||
| 215 | } | 333 | } |
| 216 | } | 334 | } |
| 217 | 335 | ||
| 336 | static IMPLEMENT_LHASH_DOALL_FN(names_lh_free, OBJ_NAME *) | ||
| 337 | |||
| 338 | static void name_funcs_free(NAME_FUNCS *ptr) | ||
| 339 | { | ||
| 340 | OPENSSL_free(ptr); | ||
| 341 | } | ||
| 342 | |||
| 218 | void OBJ_NAME_cleanup(int type) | 343 | void OBJ_NAME_cleanup(int type) |
| 219 | { | 344 | { |
| 220 | unsigned long down_load; | 345 | unsigned long down_load; |
| @@ -225,17 +350,13 @@ void OBJ_NAME_cleanup(int type) | |||
| 225 | down_load=names_lh->down_load; | 350 | down_load=names_lh->down_load; |
| 226 | names_lh->down_load=0; | 351 | names_lh->down_load=0; |
| 227 | 352 | ||
| 228 | lh_doall(names_lh,names_lh_free); | 353 | lh_doall(names_lh,LHASH_DOALL_FN(names_lh_free)); |
| 229 | if (type < 0) | 354 | if (type < 0) |
| 230 | { | 355 | { |
| 231 | lh_free(names_lh); | 356 | lh_free(names_lh); |
| 232 | sk_free(names_hash); | 357 | sk_NAME_FUNCS_pop_free(name_funcs_stack,name_funcs_free); |
| 233 | sk_free(names_cmp); | ||
| 234 | sk_free(names_free); | ||
| 235 | names_lh=NULL; | 358 | names_lh=NULL; |
| 236 | names_hash=NULL; | 359 | name_funcs_stack = NULL; |
| 237 | names_cmp=NULL; | ||
| 238 | names_free=NULL; | ||
| 239 | } | 360 | } |
| 240 | else | 361 | else |
| 241 | names_lh->down_load=down_load; | 362 | names_lh->down_load=down_load; |
diff --git a/src/lib/libcrypto/objects/obj_dat.c b/src/lib/libcrypto/objects/obj_dat.c index 34866ebbd2..3ff64bb8d1 100644 --- a/src/lib/libcrypto/objects/obj_dat.c +++ b/src/lib/libcrypto/objects/obj_dat.c | |||
| @@ -59,23 +59,29 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <ctype.h> | 60 | #include <ctype.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "lhash.h" | 62 | #include <openssl/lhash.h> |
| 63 | #include "asn1.h" | 63 | #include <openssl/asn1.h> |
| 64 | #include "objects.h" | 64 | #include <openssl/objects.h> |
| 65 | 65 | ||
| 66 | /* obj_dat.h is generated from objects.h by obj_dat.pl */ | 66 | /* obj_dat.h is generated from objects.h by obj_dat.pl */ |
| 67 | #ifndef OPENSSL_NO_OBJECT | ||
| 67 | #include "obj_dat.h" | 68 | #include "obj_dat.h" |
| 68 | |||
| 69 | #ifndef NOPROTO | ||
| 70 | static int sn_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); | ||
| 71 | static int ln_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); | ||
| 72 | static int obj_cmp(ASN1_OBJECT **a, ASN1_OBJECT **b); | ||
| 73 | #else | 69 | #else |
| 74 | static int sn_cmp(); | 70 | /* You will have to load all the objects needed manually in the application */ |
| 75 | static int ln_cmp(); | 71 | #define NUM_NID 0 |
| 76 | static int obj_cmp(); | 72 | #define NUM_SN 0 |
| 73 | #define NUM_LN 0 | ||
| 74 | #define NUM_OBJ 0 | ||
| 75 | static unsigned char lvalues[1]; | ||
| 76 | static ASN1_OBJECT nid_objs[1]; | ||
| 77 | static ASN1_OBJECT *sn_objs[1]; | ||
| 78 | static ASN1_OBJECT *ln_objs[1]; | ||
| 79 | static ASN1_OBJECT *obj_objs[1]; | ||
| 77 | #endif | 80 | #endif |
| 78 | 81 | ||
| 82 | static int sn_cmp(const void *a, const void *b); | ||
| 83 | static int ln_cmp(const void *a, const void *b); | ||
| 84 | static int obj_cmp(const void *a, const void *b); | ||
| 79 | #define ADDED_DATA 0 | 85 | #define ADDED_DATA 0 |
| 80 | #define ADDED_SNAME 1 | 86 | #define ADDED_SNAME 1 |
| 81 | #define ADDED_LNAME 2 | 87 | #define ADDED_LNAME 2 |
| @@ -90,23 +96,26 @@ typedef struct added_obj_st | |||
| 90 | static int new_nid=NUM_NID; | 96 | static int new_nid=NUM_NID; |
| 91 | static LHASH *added=NULL; | 97 | static LHASH *added=NULL; |
| 92 | 98 | ||
| 93 | static int sn_cmp(ap,bp) | 99 | static int sn_cmp(const void *a, const void *b) |
| 94 | ASN1_OBJECT **ap; | 100 | { |
| 95 | ASN1_OBJECT **bp; | 101 | const ASN1_OBJECT * const *ap = a, * const *bp = b; |
| 96 | { return(strcmp((*ap)->sn,(*bp)->sn)); } | 102 | return(strcmp((*ap)->sn,(*bp)->sn)); |
| 103 | } | ||
| 97 | 104 | ||
| 98 | static int ln_cmp(ap,bp) | 105 | static int ln_cmp(const void *a, const void *b) |
| 99 | ASN1_OBJECT **ap; | 106 | { |
| 100 | ASN1_OBJECT **bp; | 107 | const ASN1_OBJECT * const *ap = a, * const *bp = b; |
| 101 | { return(strcmp((*ap)->ln,(*bp)->ln)); } | 108 | return(strcmp((*ap)->ln,(*bp)->ln)); |
| 109 | } | ||
| 102 | 110 | ||
| 103 | static unsigned long add_hash(ca) | 111 | /* static unsigned long add_hash(ADDED_OBJ *ca) */ |
| 104 | ADDED_OBJ *ca; | 112 | static unsigned long add_hash(const void *ca_void) |
| 105 | { | 113 | { |
| 106 | ASN1_OBJECT *a; | 114 | const ASN1_OBJECT *a; |
| 107 | int i; | 115 | int i; |
| 108 | unsigned long ret=0; | 116 | unsigned long ret=0; |
| 109 | unsigned char *p; | 117 | unsigned char *p; |
| 118 | ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; | ||
| 110 | 119 | ||
| 111 | a=ca->obj; | 120 | a=ca->obj; |
| 112 | switch (ca->type) | 121 | switch (ca->type) |
| @@ -127,18 +136,21 @@ ADDED_OBJ *ca; | |||
| 127 | ret=a->nid; | 136 | ret=a->nid; |
| 128 | break; | 137 | break; |
| 129 | default: | 138 | default: |
| 130 | abort(); | 139 | /* abort(); */ |
| 140 | return 0; | ||
| 131 | } | 141 | } |
| 132 | ret&=0x3fffffffL; | 142 | ret&=0x3fffffffL; |
| 133 | ret|=ca->type<<30L; | 143 | ret|=ca->type<<30L; |
| 134 | return(ret); | 144 | return(ret); |
| 135 | } | 145 | } |
| 136 | 146 | ||
| 137 | static int add_cmp(ca,cb) | 147 | /* static int add_cmp(ADDED_OBJ *ca, ADDED_OBJ *cb) */ |
| 138 | ADDED_OBJ *ca,*cb; | 148 | static int add_cmp(const void *ca_void, const void *cb_void) |
| 139 | { | 149 | { |
| 140 | ASN1_OBJECT *a,*b; | 150 | ASN1_OBJECT *a,*b; |
| 141 | int i; | 151 | int i; |
| 152 | ADDED_OBJ *ca = (ADDED_OBJ *)ca_void; | ||
| 153 | ADDED_OBJ *cb = (ADDED_OBJ *)cb_void; | ||
| 142 | 154 | ||
| 143 | i=ca->type-cb->type; | 155 | i=ca->type-cb->type; |
| 144 | if (i) return(i); | 156 | if (i) return(i); |
| @@ -161,50 +173,52 @@ ADDED_OBJ *ca,*cb; | |||
| 161 | case ADDED_NID: | 173 | case ADDED_NID: |
| 162 | return(a->nid-b->nid); | 174 | return(a->nid-b->nid); |
| 163 | default: | 175 | default: |
| 164 | abort(); | 176 | /* abort(); */ |
| 177 | return 0; | ||
| 165 | } | 178 | } |
| 166 | } | 179 | } |
| 167 | 180 | ||
| 168 | static int init_added() | 181 | static int init_added(void) |
| 169 | { | 182 | { |
| 170 | if (added != NULL) return(1); | 183 | if (added != NULL) return(1); |
| 171 | added=lh_new(add_hash,add_cmp); | 184 | added=lh_new(add_hash,add_cmp); |
| 172 | return(added != NULL); | 185 | return(added != NULL); |
| 173 | } | 186 | } |
| 174 | 187 | ||
| 175 | static void cleanup1(a) | 188 | static void cleanup1(ADDED_OBJ *a) |
| 176 | ADDED_OBJ *a; | ||
| 177 | { | 189 | { |
| 178 | a->obj->nid=0; | 190 | a->obj->nid=0; |
| 179 | a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| | 191 | a->obj->flags|=ASN1_OBJECT_FLAG_DYNAMIC| |
| 180 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS; | 192 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| |
| 193 | ASN1_OBJECT_FLAG_DYNAMIC_DATA; | ||
| 181 | } | 194 | } |
| 182 | 195 | ||
| 183 | static void cleanup2(a) | 196 | static void cleanup2(ADDED_OBJ *a) |
| 184 | ADDED_OBJ *a; | ||
| 185 | { a->obj->nid++; } | 197 | { a->obj->nid++; } |
| 186 | 198 | ||
| 187 | static void cleanup3(a) | 199 | static void cleanup3(ADDED_OBJ *a) |
| 188 | ADDED_OBJ *a; | ||
| 189 | { | 200 | { |
| 190 | if (--a->obj->nid == 0) | 201 | if (--a->obj->nid == 0) |
| 191 | ASN1_OBJECT_free(a->obj); | 202 | ASN1_OBJECT_free(a->obj); |
| 192 | Free(a); | 203 | OPENSSL_free(a); |
| 193 | } | 204 | } |
| 194 | 205 | ||
| 195 | void OBJ_cleanup() | 206 | static IMPLEMENT_LHASH_DOALL_FN(cleanup1, ADDED_OBJ *) |
| 207 | static IMPLEMENT_LHASH_DOALL_FN(cleanup2, ADDED_OBJ *) | ||
| 208 | static IMPLEMENT_LHASH_DOALL_FN(cleanup3, ADDED_OBJ *) | ||
| 209 | |||
| 210 | void OBJ_cleanup(void) | ||
| 196 | { | 211 | { |
| 197 | if (added == NULL) return; | 212 | if (added == NULL) return; |
| 198 | added->down_load=0; | 213 | added->down_load=0; |
| 199 | lh_doall(added,cleanup1); /* zero counters */ | 214 | lh_doall(added,LHASH_DOALL_FN(cleanup1)); /* zero counters */ |
| 200 | lh_doall(added,cleanup2); /* set counters */ | 215 | lh_doall(added,LHASH_DOALL_FN(cleanup2)); /* set counters */ |
| 201 | lh_doall(added,cleanup3); /* free objects */ | 216 | lh_doall(added,LHASH_DOALL_FN(cleanup3)); /* free objects */ |
| 202 | lh_free(added); | 217 | lh_free(added); |
| 203 | added=NULL; | 218 | added=NULL; |
| 204 | } | 219 | } |
| 205 | 220 | ||
| 206 | int OBJ_new_nid(num) | 221 | int OBJ_new_nid(int num) |
| 207 | int num; | ||
| 208 | { | 222 | { |
| 209 | int i; | 223 | int i; |
| 210 | 224 | ||
| @@ -213,27 +227,22 @@ int num; | |||
| 213 | return(i); | 227 | return(i); |
| 214 | } | 228 | } |
| 215 | 229 | ||
| 216 | int OBJ_add_object(obj) | 230 | int OBJ_add_object(const ASN1_OBJECT *obj) |
| 217 | ASN1_OBJECT *obj; | ||
| 218 | { | 231 | { |
| 219 | ASN1_OBJECT *o; | 232 | ASN1_OBJECT *o; |
| 220 | ADDED_OBJ *ao[4],*aop; | 233 | ADDED_OBJ *ao[4]={NULL,NULL,NULL,NULL},*aop; |
| 221 | int i; | 234 | int i; |
| 222 | 235 | ||
| 223 | if (added == NULL) | 236 | if (added == NULL) |
| 224 | if (!init_added()) return(0); | 237 | if (!init_added()) return(0); |
| 225 | if ((o=OBJ_dup(obj)) == NULL) goto err; | 238 | if ((o=OBJ_dup(obj)) == NULL) goto err; |
| 226 | ao[ADDED_DATA]=NULL; | 239 | if (!(ao[ADDED_NID]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)))) goto err; |
| 227 | ao[ADDED_SNAME]=NULL; | ||
| 228 | ao[ADDED_LNAME]=NULL; | ||
| 229 | ao[ADDED_NID]=NULL; | ||
| 230 | ao[ADDED_NID]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); | ||
| 231 | if ((o->length != 0) && (obj->data != NULL)) | 240 | if ((o->length != 0) && (obj->data != NULL)) |
| 232 | ao[ADDED_DATA]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); | 241 | ao[ADDED_DATA]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); |
| 233 | if (o->sn != NULL) | 242 | if (o->sn != NULL) |
| 234 | ao[ADDED_SNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); | 243 | ao[ADDED_SNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); |
| 235 | if (o->ln != NULL) | 244 | if (o->ln != NULL) |
| 236 | ao[ADDED_LNAME]=(ADDED_OBJ *)Malloc(sizeof(ADDED_OBJ)); | 245 | ao[ADDED_LNAME]=(ADDED_OBJ *)OPENSSL_malloc(sizeof(ADDED_OBJ)); |
| 237 | 246 | ||
| 238 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 247 | for (i=ADDED_DATA; i<=ADDED_NID; i++) |
| 239 | { | 248 | { |
| @@ -241,23 +250,24 @@ ASN1_OBJECT *obj; | |||
| 241 | { | 250 | { |
| 242 | ao[i]->type=i; | 251 | ao[i]->type=i; |
| 243 | ao[i]->obj=o; | 252 | ao[i]->obj=o; |
| 244 | aop=(ADDED_OBJ *)lh_insert(added,(char *)ao[i]); | 253 | aop=(ADDED_OBJ *)lh_insert(added,ao[i]); |
| 245 | /* memory leak, buit should not normally matter */ | 254 | /* memory leak, buit should not normally matter */ |
| 246 | if (aop != NULL) | 255 | if (aop != NULL) |
| 247 | Free(aop); | 256 | OPENSSL_free(aop); |
| 248 | } | 257 | } |
| 249 | } | 258 | } |
| 250 | o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS); | 259 | o->flags&= ~(ASN1_OBJECT_FLAG_DYNAMIC|ASN1_OBJECT_FLAG_DYNAMIC_STRINGS| |
| 260 | ASN1_OBJECT_FLAG_DYNAMIC_DATA); | ||
| 261 | |||
| 251 | return(o->nid); | 262 | return(o->nid); |
| 252 | err: | 263 | err: |
| 253 | for (i=ADDED_DATA; i<=ADDED_NID; i++) | 264 | for (i=ADDED_DATA; i<=ADDED_NID; i++) |
| 254 | if (ao[i] != NULL) Free(ao[i]); | 265 | if (ao[i] != NULL) OPENSSL_free(ao[i]); |
| 255 | if (o != NULL) Free(o); | 266 | if (o != NULL) OPENSSL_free(o); |
| 256 | return(NID_undef); | 267 | return(NID_undef); |
| 257 | } | 268 | } |
| 258 | 269 | ||
| 259 | ASN1_OBJECT *OBJ_nid2obj(n) | 270 | ASN1_OBJECT *OBJ_nid2obj(int n) |
| 260 | int n; | ||
| 261 | { | 271 | { |
| 262 | ADDED_OBJ ad,*adp; | 272 | ADDED_OBJ ad,*adp; |
| 263 | ASN1_OBJECT ob; | 273 | ASN1_OBJECT ob; |
| @@ -278,7 +288,7 @@ int n; | |||
| 278 | ad.type=ADDED_NID; | 288 | ad.type=ADDED_NID; |
| 279 | ad.obj= &ob; | 289 | ad.obj= &ob; |
| 280 | ob.nid=n; | 290 | ob.nid=n; |
| 281 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 291 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 282 | if (adp != NULL) | 292 | if (adp != NULL) |
| 283 | return(adp->obj); | 293 | return(adp->obj); |
| 284 | else | 294 | else |
| @@ -289,8 +299,7 @@ int n; | |||
| 289 | } | 299 | } |
| 290 | } | 300 | } |
| 291 | 301 | ||
| 292 | char *OBJ_nid2sn(n) | 302 | const char *OBJ_nid2sn(int n) |
| 293 | int n; | ||
| 294 | { | 303 | { |
| 295 | ADDED_OBJ ad,*adp; | 304 | ADDED_OBJ ad,*adp; |
| 296 | ASN1_OBJECT ob; | 305 | ASN1_OBJECT ob; |
| @@ -311,7 +320,7 @@ int n; | |||
| 311 | ad.type=ADDED_NID; | 320 | ad.type=ADDED_NID; |
| 312 | ad.obj= &ob; | 321 | ad.obj= &ob; |
| 313 | ob.nid=n; | 322 | ob.nid=n; |
| 314 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 323 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 315 | if (adp != NULL) | 324 | if (adp != NULL) |
| 316 | return(adp->obj->sn); | 325 | return(adp->obj->sn); |
| 317 | else | 326 | else |
| @@ -322,8 +331,7 @@ int n; | |||
| 322 | } | 331 | } |
| 323 | } | 332 | } |
| 324 | 333 | ||
| 325 | char *OBJ_nid2ln(n) | 334 | const char *OBJ_nid2ln(int n) |
| 326 | int n; | ||
| 327 | { | 335 | { |
| 328 | ADDED_OBJ ad,*adp; | 336 | ADDED_OBJ ad,*adp; |
| 329 | ASN1_OBJECT ob; | 337 | ASN1_OBJECT ob; |
| @@ -344,7 +352,7 @@ int n; | |||
| 344 | ad.type=ADDED_NID; | 352 | ad.type=ADDED_NID; |
| 345 | ad.obj= &ob; | 353 | ad.obj= &ob; |
| 346 | ob.nid=n; | 354 | ob.nid=n; |
| 347 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 355 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 348 | if (adp != NULL) | 356 | if (adp != NULL) |
| 349 | return(adp->obj->ln); | 357 | return(adp->obj->ln); |
| 350 | else | 358 | else |
| @@ -355,8 +363,7 @@ int n; | |||
| 355 | } | 363 | } |
| 356 | } | 364 | } |
| 357 | 365 | ||
| 358 | int OBJ_obj2nid(a) | 366 | int OBJ_obj2nid(const ASN1_OBJECT *a) |
| 359 | ASN1_OBJECT *a; | ||
| 360 | { | 367 | { |
| 361 | ASN1_OBJECT **op; | 368 | ASN1_OBJECT **op; |
| 362 | ADDED_OBJ ad,*adp; | 369 | ADDED_OBJ ad,*adp; |
| @@ -369,56 +376,136 @@ ASN1_OBJECT *a; | |||
| 369 | if (added != NULL) | 376 | if (added != NULL) |
| 370 | { | 377 | { |
| 371 | ad.type=ADDED_DATA; | 378 | ad.type=ADDED_DATA; |
| 372 | ad.obj=a; | 379 | ad.obj=(ASN1_OBJECT *)a; /* XXX: ugly but harmless */ |
| 373 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 380 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 374 | if (adp != NULL) return (adp->obj->nid); | 381 | if (adp != NULL) return (adp->obj->nid); |
| 375 | } | 382 | } |
| 376 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, | 383 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&a,(char *)obj_objs,NUM_OBJ, |
| 377 | sizeof(ASN1_OBJECT *),(int (*)())obj_cmp); | 384 | sizeof(ASN1_OBJECT *),obj_cmp); |
| 378 | if (op == NULL) | 385 | if (op == NULL) |
| 379 | return(NID_undef); | 386 | return(NID_undef); |
| 380 | return((*op)->nid); | 387 | return((*op)->nid); |
| 381 | } | 388 | } |
| 382 | 389 | ||
| 383 | int OBJ_txt2nid(s) | 390 | /* Convert an object name into an ASN1_OBJECT |
| 384 | char *s; | 391 | * if "noname" is not set then search for short and long names first. |
| 392 | * This will convert the "dotted" form into an object: unlike OBJ_txt2nid | ||
| 393 | * it can be used with any objects, not just registered ones. | ||
| 394 | */ | ||
| 395 | |||
| 396 | ASN1_OBJECT *OBJ_txt2obj(const char *s, int no_name) | ||
| 385 | { | 397 | { |
| 386 | int ret; | 398 | int nid = NID_undef; |
| 399 | ASN1_OBJECT *op=NULL; | ||
| 400 | unsigned char *buf,*p; | ||
| 401 | int i, j; | ||
| 387 | 402 | ||
| 388 | ret=OBJ_sn2nid(s); | 403 | if(!no_name) { |
| 389 | if (ret == NID_undef) | 404 | if( ((nid = OBJ_sn2nid(s)) != NID_undef) || |
| 390 | { | 405 | ((nid = OBJ_ln2nid(s)) != NID_undef) ) |
| 391 | ret=OBJ_ln2nid(s); | 406 | return OBJ_nid2obj(nid); |
| 392 | if (ret == NID_undef) | 407 | } |
| 393 | { | ||
| 394 | ASN1_OBJECT *op=NULL; | ||
| 395 | unsigned char *buf,*p; | ||
| 396 | int i; | ||
| 397 | 408 | ||
| 398 | i=a2d_ASN1_OBJECT(NULL,0,s,-1); | 409 | /* Work out size of content octets */ |
| 399 | if (i <= 0) | 410 | i=a2d_ASN1_OBJECT(NULL,0,s,-1); |
| 400 | { | 411 | if (i <= 0) { |
| 401 | /* clear the error */ | 412 | /* Clear the error */ |
| 402 | ERR_get_error(); | 413 | ERR_get_error(); |
| 403 | return(0); | 414 | return NULL; |
| 404 | } | 415 | } |
| 416 | /* Work out total size */ | ||
| 417 | j = ASN1_object_size(0,i,V_ASN1_OBJECT); | ||
| 418 | |||
| 419 | if((buf=(unsigned char *)OPENSSL_malloc(j)) == NULL) return NULL; | ||
| 420 | |||
| 421 | p = buf; | ||
| 422 | /* Write out tag+length */ | ||
| 423 | ASN1_put_object(&p,0,i,V_ASN1_OBJECT,V_ASN1_UNIVERSAL); | ||
| 424 | /* Write out contents */ | ||
| 425 | a2d_ASN1_OBJECT(p,i,s,-1); | ||
| 426 | |||
| 427 | p=buf; | ||
| 428 | op=d2i_ASN1_OBJECT(NULL,&p,i); | ||
| 429 | OPENSSL_free(buf); | ||
| 430 | return op; | ||
| 431 | } | ||
| 432 | |||
| 433 | int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name) | ||
| 434 | { | ||
| 435 | int i,idx=0,n=0,len,nid; | ||
| 436 | unsigned long l; | ||
| 437 | unsigned char *p; | ||
| 438 | const char *s; | ||
| 439 | char tbuf[32]; | ||
| 440 | |||
| 441 | if (buf_len <= 0) return(0); | ||
| 405 | 442 | ||
| 406 | if ((buf=(unsigned char *)Malloc(i)) == NULL) | 443 | if ((a == NULL) || (a->data == NULL)) { |
| 407 | return(NID_undef); | 444 | buf[0]='\0'; |
| 408 | a2d_ASN1_OBJECT(buf,i,s,-1); | 445 | return(0); |
| 409 | p=buf; | 446 | } |
| 410 | op=d2i_ASN1_OBJECT(NULL,&p,i); | 447 | |
| 411 | if (op == NULL) return(NID_undef); | 448 | if (no_name || (nid=OBJ_obj2nid(a)) == NID_undef) { |
| 412 | ret=OBJ_obj2nid(op); | 449 | len=a->length; |
| 413 | ASN1_OBJECT_free(op); | 450 | p=a->data; |
| 414 | Free(buf); | 451 | |
| 452 | idx=0; | ||
| 453 | l=0; | ||
| 454 | while (idx < a->length) { | ||
| 455 | l|=(p[idx]&0x7f); | ||
| 456 | if (!(p[idx] & 0x80)) break; | ||
| 457 | l<<=7L; | ||
| 458 | idx++; | ||
| 459 | } | ||
| 460 | idx++; | ||
| 461 | i=(int)(l/40); | ||
| 462 | if (i > 2) i=2; | ||
| 463 | l-=(long)(i*40); | ||
| 464 | |||
| 465 | sprintf(tbuf,"%d.%lu",i,l); | ||
| 466 | i=strlen(tbuf); | ||
| 467 | strncpy(buf,tbuf,buf_len); | ||
| 468 | buf_len-=i; | ||
| 469 | buf+=i; | ||
| 470 | n+=i; | ||
| 471 | |||
| 472 | l=0; | ||
| 473 | for (; idx<len; idx++) { | ||
| 474 | l|=p[idx]&0x7f; | ||
| 475 | if (!(p[idx] & 0x80)) { | ||
| 476 | sprintf(tbuf,".%lu",l); | ||
| 477 | i=strlen(tbuf); | ||
| 478 | if (buf_len > 0) | ||
| 479 | strncpy(buf,tbuf,buf_len); | ||
| 480 | buf_len-=i; | ||
| 481 | buf+=i; | ||
| 482 | n+=i; | ||
| 483 | l=0; | ||
| 415 | } | 484 | } |
| 485 | l<<=7L; | ||
| 416 | } | 486 | } |
| 417 | return(ret); | 487 | } else { |
| 488 | s=OBJ_nid2ln(nid); | ||
| 489 | if (s == NULL) | ||
| 490 | s=OBJ_nid2sn(nid); | ||
| 491 | strncpy(buf,s,buf_len); | ||
| 492 | n=strlen(s); | ||
| 418 | } | 493 | } |
| 494 | buf[buf_len-1]='\0'; | ||
| 495 | return(n); | ||
| 496 | } | ||
| 419 | 497 | ||
| 420 | int OBJ_ln2nid(s) | 498 | int OBJ_txt2nid(const char *s) |
| 421 | char *s; | 499 | { |
| 500 | ASN1_OBJECT *obj; | ||
| 501 | int nid; | ||
| 502 | obj = OBJ_txt2obj(s, 0); | ||
| 503 | nid = OBJ_obj2nid(obj); | ||
| 504 | ASN1_OBJECT_free(obj); | ||
| 505 | return nid; | ||
| 506 | } | ||
| 507 | |||
| 508 | int OBJ_ln2nid(const char *s) | ||
| 422 | { | 509 | { |
| 423 | ASN1_OBJECT o,*oo= &o,**op; | 510 | ASN1_OBJECT o,*oo= &o,**op; |
| 424 | ADDED_OBJ ad,*adp; | 511 | ADDED_OBJ ad,*adp; |
| @@ -428,17 +515,16 @@ char *s; | |||
| 428 | { | 515 | { |
| 429 | ad.type=ADDED_LNAME; | 516 | ad.type=ADDED_LNAME; |
| 430 | ad.obj= &o; | 517 | ad.obj= &o; |
| 431 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 518 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 432 | if (adp != NULL) return (adp->obj->nid); | 519 | if (adp != NULL) return (adp->obj->nid); |
| 433 | } | 520 | } |
| 434 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, | 521 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)ln_objs,NUM_LN, |
| 435 | sizeof(ASN1_OBJECT *),(int (*)())ln_cmp); | 522 | sizeof(ASN1_OBJECT *),ln_cmp); |
| 436 | if (op == NULL) return(NID_undef); | 523 | if (op == NULL) return(NID_undef); |
| 437 | return((*op)->nid); | 524 | return((*op)->nid); |
| 438 | } | 525 | } |
| 439 | 526 | ||
| 440 | int OBJ_sn2nid(s) | 527 | int OBJ_sn2nid(const char *s) |
| 441 | char *s; | ||
| 442 | { | 528 | { |
| 443 | ASN1_OBJECT o,*oo= &o,**op; | 529 | ASN1_OBJECT o,*oo= &o,**op; |
| 444 | ADDED_OBJ ad,*adp; | 530 | ADDED_OBJ ad,*adp; |
| @@ -448,37 +534,31 @@ char *s; | |||
| 448 | { | 534 | { |
| 449 | ad.type=ADDED_SNAME; | 535 | ad.type=ADDED_SNAME; |
| 450 | ad.obj= &o; | 536 | ad.obj= &o; |
| 451 | adp=(ADDED_OBJ *)lh_retrieve(added,(char *)&ad); | 537 | adp=(ADDED_OBJ *)lh_retrieve(added,&ad); |
| 452 | if (adp != NULL) return (adp->obj->nid); | 538 | if (adp != NULL) return (adp->obj->nid); |
| 453 | } | 539 | } |
| 454 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, | 540 | op=(ASN1_OBJECT **)OBJ_bsearch((char *)&oo,(char *)sn_objs,NUM_SN, |
| 455 | sizeof(ASN1_OBJECT *),(int (*)())sn_cmp); | 541 | sizeof(ASN1_OBJECT *),sn_cmp); |
| 456 | if (op == NULL) return(NID_undef); | 542 | if (op == NULL) return(NID_undef); |
| 457 | return((*op)->nid); | 543 | return((*op)->nid); |
| 458 | } | 544 | } |
| 459 | 545 | ||
| 460 | static int obj_cmp(ap, bp) | 546 | static int obj_cmp(const void *ap, const void *bp) |
| 461 | ASN1_OBJECT **ap; | ||
| 462 | ASN1_OBJECT **bp; | ||
| 463 | { | 547 | { |
| 464 | int j; | 548 | int j; |
| 465 | ASN1_OBJECT *a= *ap; | 549 | ASN1_OBJECT *a= *(ASN1_OBJECT **)ap; |
| 466 | ASN1_OBJECT *b= *bp; | 550 | ASN1_OBJECT *b= *(ASN1_OBJECT **)bp; |
| 467 | 551 | ||
| 468 | j=(a->length - b->length); | 552 | j=(a->length - b->length); |
| 469 | if (j) return(j); | 553 | if (j) return(j); |
| 470 | return(memcmp(a->data,b->data,a->length)); | 554 | return(memcmp(a->data,b->data,a->length)); |
| 471 | } | 555 | } |
| 472 | 556 | ||
| 473 | char *OBJ_bsearch(key,base,num,size,cmp) | 557 | const char *OBJ_bsearch(const char *key, const char *base, int num, int size, |
| 474 | char *key; | 558 | int (*cmp)(const void *, const void *)) |
| 475 | char *base; | ||
| 476 | int num; | ||
| 477 | int size; | ||
| 478 | int (*cmp)(); | ||
| 479 | { | 559 | { |
| 480 | int l,h,i,c; | 560 | int l,h,i,c; |
| 481 | char *p; | 561 | const char *p; |
| 482 | 562 | ||
| 483 | if (num == 0) return(NULL); | 563 | if (num == 0) return(NULL); |
| 484 | l=0; | 564 | l=0; |
| @@ -495,14 +575,24 @@ int (*cmp)(); | |||
| 495 | else | 575 | else |
| 496 | return(p); | 576 | return(p); |
| 497 | } | 577 | } |
| 578 | #ifdef CHARSET_EBCDIC | ||
| 579 | /* THIS IS A KLUDGE - Because the *_obj is sorted in ASCII order, and | ||
| 580 | * I don't have perl (yet), we revert to a *LINEAR* search | ||
| 581 | * when the object wasn't found in the binary search. | ||
| 582 | */ | ||
| 583 | for (i=0; i<num; ++i) { | ||
| 584 | p= &(base[i*size]); | ||
| 585 | if ((*cmp)(key,p) == 0) | ||
| 586 | return p; | ||
| 587 | } | ||
| 588 | #endif | ||
| 498 | return(NULL); | 589 | return(NULL); |
| 499 | } | 590 | } |
| 500 | 591 | ||
| 501 | int OBJ_create_objects(in) | 592 | int OBJ_create_objects(BIO *in) |
| 502 | BIO *in; | ||
| 503 | { | 593 | { |
| 504 | MS_STATIC char buf[512]; | 594 | MS_STATIC char buf[512]; |
| 505 | int i,num= -1; | 595 | int i,num=0; |
| 506 | char *o,*s,*l=NULL; | 596 | char *o,*s,*l=NULL; |
| 507 | 597 | ||
| 508 | for (;;) | 598 | for (;;) |
| @@ -511,26 +601,26 @@ BIO *in; | |||
| 511 | i=BIO_gets(in,buf,512); | 601 | i=BIO_gets(in,buf,512); |
| 512 | if (i <= 0) return(num); | 602 | if (i <= 0) return(num); |
| 513 | buf[i-1]='\0'; | 603 | buf[i-1]='\0'; |
| 514 | if (!isalnum(buf[0])) return(num); | 604 | if (!isalnum((unsigned char)buf[0])) return(num); |
| 515 | o=s=buf; | 605 | o=s=buf; |
| 516 | while (isdigit(*s) || (*s == '.')) | 606 | while (isdigit((unsigned char)*s) || (*s == '.')) |
| 517 | s++; | 607 | s++; |
| 518 | if (*s != '\0') | 608 | if (*s != '\0') |
| 519 | { | 609 | { |
| 520 | *(s++)='\0'; | 610 | *(s++)='\0'; |
| 521 | while (isspace(*s)) | 611 | while (isspace((unsigned char)*s)) |
| 522 | s++; | 612 | s++; |
| 523 | if (*s == '\0') | 613 | if (*s == '\0') |
| 524 | s=NULL; | 614 | s=NULL; |
| 525 | else | 615 | else |
| 526 | { | 616 | { |
| 527 | l=s; | 617 | l=s; |
| 528 | while ((*l != '\0') && !isspace(*l)) | 618 | while ((*l != '\0') && !isspace((unsigned char)*l)) |
| 529 | l++; | 619 | l++; |
| 530 | if (*l != '\0') | 620 | if (*l != '\0') |
| 531 | { | 621 | { |
| 532 | *(l++)='\0'; | 622 | *(l++)='\0'; |
| 533 | while (isspace(*l)) | 623 | while (isspace((unsigned char)*l)) |
| 534 | l++; | 624 | l++; |
| 535 | if (*l == '\0') l=NULL; | 625 | if (*l == '\0') l=NULL; |
| 536 | } | 626 | } |
| @@ -544,13 +634,10 @@ BIO *in; | |||
| 544 | if (!OBJ_create(o,s,l)) return(num); | 634 | if (!OBJ_create(o,s,l)) return(num); |
| 545 | num++; | 635 | num++; |
| 546 | } | 636 | } |
| 547 | return(num); | 637 | /* return(num); */ |
| 548 | } | 638 | } |
| 549 | 639 | ||
| 550 | int OBJ_create(oid,sn,ln) | 640 | int OBJ_create(const char *oid, const char *sn, const char *ln) |
| 551 | char *oid; | ||
| 552 | char *sn; | ||
| 553 | char *ln; | ||
| 554 | { | 641 | { |
| 555 | int ok=0; | 642 | int ok=0; |
| 556 | ASN1_OBJECT *op=NULL; | 643 | ASN1_OBJECT *op=NULL; |
| @@ -560,19 +647,21 @@ char *ln; | |||
| 560 | i=a2d_ASN1_OBJECT(NULL,0,oid,-1); | 647 | i=a2d_ASN1_OBJECT(NULL,0,oid,-1); |
| 561 | if (i <= 0) return(0); | 648 | if (i <= 0) return(0); |
| 562 | 649 | ||
| 563 | if ((buf=(unsigned char *)Malloc(i)) == NULL) | 650 | if ((buf=(unsigned char *)OPENSSL_malloc(i)) == NULL) |
| 564 | { | 651 | { |
| 565 | OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE); | 652 | OBJerr(OBJ_F_OBJ_CREATE,OBJ_R_MALLOC_FAILURE); |
| 566 | return(0); | 653 | return(0); |
| 567 | } | 654 | } |
| 568 | i=a2d_ASN1_OBJECT(buf,i,oid,-1); | 655 | i=a2d_ASN1_OBJECT(buf,i,oid,-1); |
| 656 | if (i == 0) | ||
| 657 | goto err; | ||
| 569 | op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); | 658 | op=(ASN1_OBJECT *)ASN1_OBJECT_create(OBJ_new_nid(1),buf,i,sn,ln); |
| 570 | if (op == NULL) | 659 | if (op == NULL) |
| 571 | goto err; | 660 | goto err; |
| 572 | ok=OBJ_add_object(op); | 661 | ok=OBJ_add_object(op); |
| 573 | err: | 662 | err: |
| 574 | ASN1_OBJECT_free(op); | 663 | ASN1_OBJECT_free(op); |
| 575 | Free((char *)buf); | 664 | OPENSSL_free(buf); |
| 576 | return(ok); | 665 | return(ok); |
| 577 | } | 666 | } |
| 578 | 667 | ||
diff --git a/src/lib/libcrypto/objects/obj_dat.pl b/src/lib/libcrypto/objects/obj_dat.pl index 4e7879d3f3..5dfb84ea00 100644 --- a/src/lib/libcrypto/objects/obj_dat.pl +++ b/src/lib/libcrypto/objects/obj_dat.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | sub obj_cmp | 3 | sub obj_cmp |
| 4 | { | 4 | { |
| @@ -38,15 +38,36 @@ sub expand_obj | |||
| 38 | return(%objn); | 38 | return(%objn); |
| 39 | } | 39 | } |
| 40 | 40 | ||
| 41 | while (<>) | 41 | open (IN,"$ARGV[0]") || die "Can't open input file $ARGV[0]"; |
| 42 | open (OUT,">$ARGV[1]") || die "Can't open output file $ARGV[1]"; | ||
| 43 | |||
| 44 | while (<IN>) | ||
| 42 | { | 45 | { |
| 43 | next unless /^\#define\s+(\S+)\s+(.*)$/; | 46 | next unless /^\#define\s+(\S+)\s+(.*)$/; |
| 44 | $v=$1; | 47 | $v=$1; |
| 45 | $d=$2; | 48 | $d=$2; |
| 49 | $d =~ s/^\"//; | ||
| 50 | $d =~ s/\"$//; | ||
| 46 | if ($v =~ /^SN_(.*)$/) | 51 | if ($v =~ /^SN_(.*)$/) |
| 47 | { $sn{$1}=$d; } | 52 | { |
| 53 | if(defined $snames{$d}) | ||
| 54 | { | ||
| 55 | print "WARNING: Duplicate short name \"$d\"\n"; | ||
| 56 | } | ||
| 57 | else | ||
| 58 | { $snames{$d} = "X"; } | ||
| 59 | $sn{$1}=$d; | ||
| 60 | } | ||
| 48 | elsif ($v =~ /^LN_(.*)$/) | 61 | elsif ($v =~ /^LN_(.*)$/) |
| 49 | { $ln{$1}=$d; } | 62 | { |
| 63 | if(defined $lnames{$d}) | ||
| 64 | { | ||
| 65 | print "WARNING: Duplicate long name \"$d\"\n"; | ||
| 66 | } | ||
| 67 | else | ||
| 68 | { $lnames{$d} = "X"; } | ||
| 69 | $ln{$1}=$d; | ||
| 70 | } | ||
| 50 | elsif ($v =~ /^NID_(.*)$/) | 71 | elsif ($v =~ /^NID_(.*)$/) |
| 51 | { $nid{$d}=$1; } | 72 | { $nid{$d}=$1; } |
| 52 | elsif ($v =~ /^OBJ_(.*)$/) | 73 | elsif ($v =~ /^OBJ_(.*)$/) |
| @@ -55,6 +76,7 @@ while (<>) | |||
| 55 | $objd{$v}=$d; | 76 | $objd{$v}=$d; |
| 56 | } | 77 | } |
| 57 | } | 78 | } |
| 79 | close IN; | ||
| 58 | 80 | ||
| 59 | %ob=&expand_obj(*objd); | 81 | %ob=&expand_obj(*objd); |
| 60 | 82 | ||
| @@ -74,11 +96,20 @@ for ($i=0; $i<$n; $i++) | |||
| 74 | { | 96 | { |
| 75 | $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL"; | 97 | $sn=defined($sn{$nid{$i}})?"$sn{$nid{$i}}":"NULL"; |
| 76 | $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL"; | 98 | $ln=defined($ln{$nid{$i}})?"$ln{$nid{$i}}":"NULL"; |
| 77 | $sn=$ln if ($sn eq "NULL"); | 99 | |
| 78 | $ln=$sn if ($ln eq "NULL"); | 100 | if ($sn eq "NULL") { |
| 101 | $sn=$ln; | ||
| 102 | $sn{$nid{$i}} = $ln; | ||
| 103 | } | ||
| 104 | |||
| 105 | if ($ln eq "NULL") { | ||
| 106 | $ln=$sn; | ||
| 107 | $ln{$nid{$i}} = $sn; | ||
| 108 | } | ||
| 109 | |||
| 79 | $out ="{"; | 110 | $out ="{"; |
| 80 | $out.=$sn; | 111 | $out.="\"$sn\""; |
| 81 | $out.=",".$ln; | 112 | $out.=","."\"$ln\""; |
| 82 | $out.=",NID_$nid{$i},"; | 113 | $out.=",NID_$nid{$i},"; |
| 83 | if (defined($obj{$nid{$i}})) | 114 | if (defined($obj{$nid{$i}})) |
| 84 | { | 115 | { |
| @@ -113,13 +144,13 @@ for ($i=0; $i<$n; $i++) | |||
| 113 | @a=grep(defined($sn{$nid{$_}}),0 .. $n); | 144 | @a=grep(defined($sn{$nid{$_}}),0 .. $n); |
| 114 | foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) | 145 | foreach (sort { $sn{$nid{$a}} cmp $sn{$nid{$b}} } @a) |
| 115 | { | 146 | { |
| 116 | push(@sn,sprintf("&(nid_objs[%2d]),/* $sn{$nid{$_}} */\n",$_)); | 147 | push(@sn,sprintf("&(nid_objs[%2d]),/* \"$sn{$nid{$_}}\" */\n",$_)); |
| 117 | } | 148 | } |
| 118 | 149 | ||
| 119 | @a=grep(defined($ln{$nid{$_}}),0 .. $n); | 150 | @a=grep(defined($ln{$nid{$_}}),0 .. $n); |
| 120 | foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) | 151 | foreach (sort { $ln{$nid{$a}} cmp $ln{$nid{$b}} } @a) |
| 121 | { | 152 | { |
| 122 | push(@ln,sprintf("&(nid_objs[%2d]),/* $ln{$nid{$_}} */\n",$_)); | 153 | push(@ln,sprintf("&(nid_objs[%2d]),/* \"$ln{$nid{$_}}\" */\n",$_)); |
| 123 | } | 154 | } |
| 124 | 155 | ||
| 125 | @a=grep(defined($obj{$nid{$_}}),0 .. $n); | 156 | @a=grep(defined($obj{$nid{$_}}),0 .. $n); |
| @@ -132,8 +163,14 @@ foreach (sort obj_cmp @a) | |||
| 132 | push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); | 163 | push(@ob,sprintf("&(nid_objs[%2d]),/* %-32s %s */\n",$_,$m,$v)); |
| 133 | } | 164 | } |
| 134 | 165 | ||
| 135 | print <<'EOF'; | 166 | print OUT <<'EOF'; |
| 136 | /* lib/obj/obj_dat.h */ | 167 | /* crypto/objects/obj_dat.h */ |
| 168 | |||
| 169 | /* THIS FILE IS GENERATED FROM objects.h by obj_dat.pl via the | ||
| 170 | * following command: | ||
| 171 | * perl obj_dat.pl obj_mac.h obj_dat.h | ||
| 172 | */ | ||
| 173 | |||
| 137 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 174 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 138 | * All rights reserved. | 175 | * All rights reserved. |
| 139 | * | 176 | * |
| @@ -191,23 +228,18 @@ print <<'EOF'; | |||
| 191 | * [including the GNU Public Licence.] | 228 | * [including the GNU Public Licence.] |
| 192 | */ | 229 | */ |
| 193 | 230 | ||
| 194 | /* THIS FILE IS GENERATED FROM Objects.h by obj_dat.pl via the | ||
| 195 | * following command: | ||
| 196 | * perl obj_dat.pl < objects.h > obj_dat.h | ||
| 197 | */ | ||
| 198 | |||
| 199 | EOF | 231 | EOF |
| 200 | 232 | ||
| 201 | printf "#define NUM_NID %d\n",$n; | 233 | printf OUT "#define NUM_NID %d\n",$n; |
| 202 | printf "#define NUM_SN %d\n",$#sn+1; | 234 | printf OUT "#define NUM_SN %d\n",$#sn+1; |
| 203 | printf "#define NUM_LN %d\n",$#ln+1; | 235 | printf OUT "#define NUM_LN %d\n",$#ln+1; |
| 204 | printf "#define NUM_OBJ %d\n\n",$#ob+1; | 236 | printf OUT "#define NUM_OBJ %d\n\n",$#ob+1; |
| 205 | 237 | ||
| 206 | printf "static unsigned char lvalues[%d]={\n",$lvalues+1; | 238 | printf OUT "static unsigned char lvalues[%d]={\n",$lvalues+1; |
| 207 | print @lvalues; | 239 | print OUT @lvalues; |
| 208 | print "};\n\n"; | 240 | print OUT "};\n\n"; |
| 209 | 241 | ||
| 210 | printf "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; | 242 | printf OUT "static ASN1_OBJECT nid_objs[NUM_NID]={\n"; |
| 211 | foreach (@out) | 243 | foreach (@out) |
| 212 | { | 244 | { |
| 213 | if (length($_) > 75) | 245 | if (length($_) > 75) |
| @@ -218,30 +250,32 @@ foreach (@out) | |||
| 218 | $t=$out.$_.","; | 250 | $t=$out.$_.","; |
| 219 | if (length($t) > 70) | 251 | if (length($t) > 70) |
| 220 | { | 252 | { |
| 221 | print "$out\n"; | 253 | print OUT "$out\n"; |
| 222 | $t="\t$_,"; | 254 | $t="\t$_,"; |
| 223 | } | 255 | } |
| 224 | $out=$t; | 256 | $out=$t; |
| 225 | } | 257 | } |
| 226 | chop $out; | 258 | chop $out; |
| 227 | print "$out"; | 259 | print OUT "$out"; |
| 228 | } | 260 | } |
| 229 | else | 261 | else |
| 230 | { print $_; } | 262 | { print OUT $_; } |
| 231 | } | 263 | } |
| 232 | print "};\n\n"; | 264 | print OUT "};\n\n"; |
| 265 | |||
| 266 | printf OUT "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; | ||
| 267 | print OUT @sn; | ||
| 268 | print OUT "};\n\n"; | ||
| 233 | 269 | ||
| 234 | printf "static ASN1_OBJECT *sn_objs[NUM_SN]={\n"; | 270 | printf OUT "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; |
| 235 | print @sn; | 271 | print OUT @ln; |
| 236 | print "};\n\n"; | 272 | print OUT "};\n\n"; |
| 237 | 273 | ||
| 238 | printf "static ASN1_OBJECT *ln_objs[NUM_LN]={\n"; | 274 | printf OUT "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; |
| 239 | print @ln; | 275 | print OUT @ob; |
| 240 | print "};\n\n"; | 276 | print OUT "};\n\n"; |
| 241 | 277 | ||
| 242 | printf "static ASN1_OBJECT *obj_objs[NUM_OBJ]={\n"; | 278 | close OUT; |
| 243 | print @ob; | ||
| 244 | print "};\n\n"; | ||
| 245 | 279 | ||
| 246 | sub der_it | 280 | sub der_it |
| 247 | { | 281 | { |
| @@ -252,7 +286,7 @@ sub der_it | |||
| 252 | $ret.=pack("C*",$a[0]*40+$a[1]); | 286 | $ret.=pack("C*",$a[0]*40+$a[1]); |
| 253 | shift @a; | 287 | shift @a; |
| 254 | shift @a; | 288 | shift @a; |
| 255 | while ($_=shift(@a)) | 289 | foreach (@a) |
| 256 | { | 290 | { |
| 257 | @r=(); | 291 | @r=(); |
| 258 | $t=0; | 292 | $t=0; |
diff --git a/src/lib/libcrypto/objects/obj_err.c b/src/lib/libcrypto/objects/obj_err.c index 45206c616c..80ab6855af 100644 --- a/src/lib/libcrypto/objects/obj_err.c +++ b/src/lib/libcrypto/objects/obj_err.c | |||
| @@ -1,66 +1,69 @@ | |||
| 1 | /* lib/obj/obj_err.c */ | 1 | /* crypto/objects/obj_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA OBJ_str_functs[]= | 67 | static ERR_STRING_DATA OBJ_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, | 69 | {ERR_PACK(0,OBJ_F_OBJ_CREATE,0), "OBJ_create"}, |
| @@ -68,26 +71,26 @@ static ERR_STRING_DATA OBJ_str_functs[]= | |||
| 68 | {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, | 71 | {ERR_PACK(0,OBJ_F_OBJ_NID2LN,0), "OBJ_nid2ln"}, |
| 69 | {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, | 72 | {ERR_PACK(0,OBJ_F_OBJ_NID2OBJ,0), "OBJ_nid2obj"}, |
| 70 | {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, | 73 | {ERR_PACK(0,OBJ_F_OBJ_NID2SN,0), "OBJ_nid2sn"}, |
| 71 | {0,NULL}, | 74 | {0,NULL} |
| 72 | }; | 75 | }; |
| 73 | 76 | ||
| 74 | static ERR_STRING_DATA OBJ_str_reasons[]= | 77 | static ERR_STRING_DATA OBJ_str_reasons[]= |
| 75 | { | 78 | { |
| 76 | {OBJ_R_MALLOC_FAILURE ,"malloc failure"}, | 79 | {OBJ_R_MALLOC_FAILURE ,"malloc failure"}, |
| 77 | {OBJ_R_UNKNOWN_NID ,"unknown nid"}, | 80 | {OBJ_R_UNKNOWN_NID ,"unknown nid"}, |
| 78 | {0,NULL}, | 81 | {0,NULL} |
| 79 | }; | 82 | }; |
| 80 | 83 | ||
| 81 | #endif | 84 | #endif |
| 82 | 85 | ||
| 83 | void ERR_load_OBJ_strings() | 86 | void ERR_load_OBJ_strings(void) |
| 84 | { | 87 | { |
| 85 | static int init=1; | 88 | static int init=1; |
| 86 | 89 | ||
| 87 | if (init); | 90 | if (init) |
| 88 | {; | 91 | { |
| 89 | init=0; | 92 | init=0; |
| 90 | #ifndef NO_ERR | 93 | #ifndef OPENSSL_NO_ERR |
| 91 | ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); | 94 | ERR_load_strings(ERR_LIB_OBJ,OBJ_str_functs); |
| 92 | ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); | 95 | ERR_load_strings(ERR_LIB_OBJ,OBJ_str_reasons); |
| 93 | #endif | 96 | #endif |
diff --git a/src/lib/libcrypto/objects/obj_lib.c b/src/lib/libcrypto/objects/obj_lib.c index 0a9c756197..b0b0f2ff24 100644 --- a/src/lib/libcrypto/objects/obj_lib.c +++ b/src/lib/libcrypto/objects/obj_lib.c | |||
| @@ -58,27 +58,28 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "lhash.h" | 61 | #include <openssl/lhash.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | 64 | ||
| 65 | ASN1_OBJECT *OBJ_dup(o) | 65 | ASN1_OBJECT *OBJ_dup(const ASN1_OBJECT *o) |
| 66 | ASN1_OBJECT *o; | ||
| 67 | { | 66 | { |
| 68 | ASN1_OBJECT *r; | 67 | ASN1_OBJECT *r; |
| 69 | int i; | 68 | int i; |
| 69 | char *ln=NULL; | ||
| 70 | 70 | ||
| 71 | if (o == NULL) return(NULL); | 71 | if (o == NULL) return(NULL); |
| 72 | if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) | 72 | if (!(o->flags & ASN1_OBJECT_FLAG_DYNAMIC)) |
| 73 | return(o); | 73 | return((ASN1_OBJECT *)o); /* XXX: ugh! Why? What kind of |
| 74 | duplication is this??? */ | ||
| 74 | 75 | ||
| 75 | r=(ASN1_OBJECT *)ASN1_OBJECT_new(); | 76 | r=ASN1_OBJECT_new(); |
| 76 | if (r == NULL) | 77 | if (r == NULL) |
| 77 | { | 78 | { |
| 78 | OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); | 79 | OBJerr(OBJ_F_OBJ_DUP,ERR_R_ASN1_LIB); |
| 79 | return(NULL); | 80 | return(NULL); |
| 80 | } | 81 | } |
| 81 | r->data=(unsigned char *)Malloc(o->length); | 82 | r->data=OPENSSL_malloc(o->length); |
| 82 | if (r->data == NULL) | 83 | if (r->data == NULL) |
| 83 | goto err; | 84 | goto err; |
| 84 | memcpy(r->data,o->data,o->length); | 85 | memcpy(r->data,o->data,o->length); |
| @@ -88,35 +89,35 @@ ASN1_OBJECT *o; | |||
| 88 | if (o->ln != NULL) | 89 | if (o->ln != NULL) |
| 89 | { | 90 | { |
| 90 | i=strlen(o->ln)+1; | 91 | i=strlen(o->ln)+1; |
| 91 | r->ln=(char *)Malloc(i); | 92 | r->ln=ln=OPENSSL_malloc(i); |
| 92 | if (r->ln == NULL) goto err; | 93 | if (r->ln == NULL) goto err; |
| 93 | memcpy(r->ln,o->ln,i); | 94 | memcpy(ln,o->ln,i); |
| 94 | } | 95 | } |
| 95 | 96 | ||
| 96 | if (o->sn != NULL) | 97 | if (o->sn != NULL) |
| 97 | { | 98 | { |
| 99 | char *s; | ||
| 100 | |||
| 98 | i=strlen(o->sn)+1; | 101 | i=strlen(o->sn)+1; |
| 99 | r->sn=(char *)Malloc(i); | 102 | r->sn=s=OPENSSL_malloc(i); |
| 100 | if (r->sn == NULL) goto err; | 103 | if (r->sn == NULL) goto err; |
| 101 | memcpy(r->sn,o->sn,i); | 104 | memcpy(s,o->sn,i); |
| 102 | } | 105 | } |
| 103 | r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| | 106 | r->flags=o->flags|(ASN1_OBJECT_FLAG_DYNAMIC| |
| 104 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS); | 107 | ASN1_OBJECT_FLAG_DYNAMIC_STRINGS|ASN1_OBJECT_FLAG_DYNAMIC_DATA); |
| 105 | return(r); | 108 | return(r); |
| 106 | err: | 109 | err: |
| 107 | OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); | 110 | OBJerr(OBJ_F_OBJ_DUP,ERR_R_MALLOC_FAILURE); |
| 108 | if (r != NULL) | 111 | if (r != NULL) |
| 109 | { | 112 | { |
| 110 | if (r->ln != NULL) Free(r->ln); | 113 | if (ln != NULL) OPENSSL_free(ln); |
| 111 | if (r->data != NULL) Free(r->data); | 114 | if (r->data != NULL) OPENSSL_free(r->data); |
| 112 | Free(r); | 115 | OPENSSL_free(r); |
| 113 | } | 116 | } |
| 114 | return(NULL); | 117 | return(NULL); |
| 115 | } | 118 | } |
| 116 | 119 | ||
| 117 | int OBJ_cmp(a,b) | 120 | int OBJ_cmp(const ASN1_OBJECT *a, const ASN1_OBJECT *b) |
| 118 | ASN1_OBJECT *a; | ||
| 119 | ASN1_OBJECT *b; | ||
| 120 | { | 121 | { |
| 121 | int ret; | 122 | int ret; |
| 122 | 123 | ||
diff --git a/src/lib/libcrypto/objects/obj_mac.num b/src/lib/libcrypto/objects/obj_mac.num index d73a51370f..02b39062fe 100644 --- a/src/lib/libcrypto/objects/obj_mac.num +++ b/src/lib/libcrypto/objects/obj_mac.num | |||
| @@ -30,8 +30,8 @@ dhKeyAgreement 28 | |||
| 30 | des_ecb 29 | 30 | des_ecb 29 |
| 31 | des_cfb64 30 | 31 | des_cfb64 30 |
| 32 | des_cbc 31 | 32 | des_cbc 31 |
| 33 | des_ede 32 | 33 | des_ede_ecb 32 |
| 34 | des_ede3 33 | 34 | des_ede3_ecb 33 |
| 35 | idea_cbc 34 | 35 | idea_cbc 34 |
| 36 | idea_cfb64 35 | 36 | idea_cfb64 35 |
| 37 | idea_ecb 36 | 37 | idea_ecb 36 |
| @@ -390,3 +390,120 @@ Enterprises 389 | |||
| 390 | dcObject 390 | 390 | dcObject 390 |
| 391 | domainComponent 391 | 391 | domainComponent 391 |
| 392 | Domain 392 | 392 | Domain 392 |
| 393 | joint_iso_ccitt 393 | ||
| 394 | selected_attribute_types 394 | ||
| 395 | clearance 395 | ||
| 396 | md4WithRSAEncryption 396 | ||
| 397 | ac_proxying 397 | ||
| 398 | sinfo_access 398 | ||
| 399 | id_aca_encAttrs 399 | ||
| 400 | role 400 | ||
| 401 | policy_constraints 401 | ||
| 402 | target_information 402 | ||
| 403 | no_rev_avail 403 | ||
| 404 | ccitt 404 | ||
| 405 | ansi_X9_62 405 | ||
| 406 | X9_62_prime_field 406 | ||
| 407 | X9_62_characteristic_two_field 407 | ||
| 408 | X9_62_id_ecPublicKey 408 | ||
| 409 | X9_62_prime192v1 409 | ||
| 410 | X9_62_prime192v2 410 | ||
| 411 | X9_62_prime192v3 411 | ||
| 412 | X9_62_prime239v1 412 | ||
| 413 | X9_62_prime239v2 413 | ||
| 414 | X9_62_prime239v3 414 | ||
| 415 | X9_62_prime256v1 415 | ||
| 416 | ecdsa_with_SHA1 416 | ||
| 417 | ms_csp_name 417 | ||
| 418 | aes_128_ecb 418 | ||
| 419 | aes_128_cbc 419 | ||
| 420 | aes_128_ofb128 420 | ||
| 421 | aes_128_cfb128 421 | ||
| 422 | aes_192_ecb 422 | ||
| 423 | aes_192_cbc 423 | ||
| 424 | aes_192_ofb128 424 | ||
| 425 | aes_192_cfb128 425 | ||
| 426 | aes_256_ecb 426 | ||
| 427 | aes_256_cbc 427 | ||
| 428 | aes_256_ofb128 428 | ||
| 429 | aes_256_cfb128 429 | ||
| 430 | hold_instruction_code 430 | ||
| 431 | hold_instruction_none 431 | ||
| 432 | hold_instruction_call_issuer 432 | ||
| 433 | hold_instruction_reject 433 | ||
| 434 | data 434 | ||
| 435 | pss 435 | ||
| 436 | ucl 436 | ||
| 437 | pilot 437 | ||
| 438 | pilotAttributeType 438 | ||
| 439 | pilotAttributeSyntax 439 | ||
| 440 | pilotObjectClass 440 | ||
| 441 | pilotGroups 441 | ||
| 442 | iA5StringSyntax 442 | ||
| 443 | caseIgnoreIA5StringSyntax 443 | ||
| 444 | pilotObject 444 | ||
| 445 | pilotPerson 445 | ||
| 446 | account 446 | ||
| 447 | document 447 | ||
| 448 | room 448 | ||
| 449 | documentSeries 449 | ||
| 450 | rFC822localPart 450 | ||
| 451 | dNSDomain 451 | ||
| 452 | domainRelatedObject 452 | ||
| 453 | friendlyCountry 453 | ||
| 454 | simpleSecurityObject 454 | ||
| 455 | pilotOrganization 455 | ||
| 456 | pilotDSA 456 | ||
| 457 | qualityLabelledData 457 | ||
| 458 | userId 458 | ||
| 459 | textEncodedORAddress 459 | ||
| 460 | rfc822Mailbox 460 | ||
| 461 | info 461 | ||
| 462 | favouriteDrink 462 | ||
| 463 | roomNumber 463 | ||
| 464 | photo 464 | ||
| 465 | userClass 465 | ||
| 466 | host 466 | ||
| 467 | manager 467 | ||
| 468 | documentIdentifier 468 | ||
| 469 | documentTitle 469 | ||
| 470 | documentVersion 470 | ||
| 471 | documentAuthor 471 | ||
| 472 | documentLocation 472 | ||
| 473 | homeTelephoneNumber 473 | ||
| 474 | secretary 474 | ||
| 475 | otherMailbox 475 | ||
| 476 | lastModifiedTime 476 | ||
| 477 | lastModifiedBy 477 | ||
| 478 | aRecord 478 | ||
| 479 | pilotAttributeType27 479 | ||
| 480 | mXRecord 480 | ||
| 481 | nSRecord 481 | ||
| 482 | sOARecord 482 | ||
| 483 | cNAMERecord 483 | ||
| 484 | associatedDomain 484 | ||
| 485 | associatedName 485 | ||
| 486 | homePostalAddress 486 | ||
| 487 | personalTitle 487 | ||
| 488 | mobileTelephoneNumber 488 | ||
| 489 | pagerTelephoneNumber 489 | ||
| 490 | friendlyCountryName 490 | ||
| 491 | organizationalStatus 491 | ||
| 492 | janetMailbox 492 | ||
| 493 | mailPreferenceOption 493 | ||
| 494 | buildingName 494 | ||
| 495 | dSAQuality 495 | ||
| 496 | singleLevelQuality 496 | ||
| 497 | subtreeMinimumQuality 497 | ||
| 498 | subtreeMaximumQuality 498 | ||
| 499 | personalSignature 499 | ||
| 500 | dITRedirect 500 | ||
| 501 | audio 501 | ||
| 502 | documentPublisher 502 | ||
| 503 | x500UniqueIdentifier 503 | ||
| 504 | mime_mhs 504 | ||
| 505 | mime_mhs_headings 505 | ||
| 506 | mime_mhs_bodies 506 | ||
| 507 | id_hex_partial_message 507 | ||
| 508 | id_hex_multipart_message 508 | ||
| 509 | generationQualifier 509 | ||
diff --git a/src/lib/libcrypto/objects/objects.h b/src/lib/libcrypto/objects/objects.h index e1d555b47c..de10532813 100644 --- a/src/lib/libcrypto/objects/objects.h +++ b/src/lib/libcrypto/objects/objects.h | |||
| @@ -59,13 +59,15 @@ | |||
| 59 | #ifndef HEADER_OBJECTS_H | 59 | #ifndef HEADER_OBJECTS_H |
| 60 | #define HEADER_OBJECTS_H | 60 | #define HEADER_OBJECTS_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #define USE_OBJ_MAC |
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | 63 | ||
| 64 | #ifdef USE_OBJ_MAC | ||
| 65 | #include <openssl/obj_mac.h> | ||
| 66 | #else | ||
| 66 | #define SN_undef "UNDEF" | 67 | #define SN_undef "UNDEF" |
| 67 | #define LN_undef "undefined" | 68 | #define LN_undef "undefined" |
| 68 | #define NID_undef 0 | 69 | #define NID_undef 0 |
| 70 | #define OBJ_undef 0L | ||
| 69 | 71 | ||
| 70 | #define SN_Algorithm "Algorithm" | 72 | #define SN_Algorithm "Algorithm" |
| 71 | #define LN_algorithm "algorithm" | 73 | #define LN_algorithm "algorithm" |
| @@ -109,10 +111,12 @@ extern "C" { | |||
| 109 | #define NID_md5WithRSAEncryption 8 | 111 | #define NID_md5WithRSAEncryption 8 |
| 110 | #define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L | 112 | #define OBJ_md5WithRSAEncryption OBJ_pkcs,1L,4L |
| 111 | 113 | ||
| 114 | #define SN_pbeWithMD2AndDES_CBC "PBE-MD2-DES" | ||
| 112 | #define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" | 115 | #define LN_pbeWithMD2AndDES_CBC "pbeWithMD2AndDES-CBC" |
| 113 | #define NID_pbeWithMD2AndDES_CBC 9 | 116 | #define NID_pbeWithMD2AndDES_CBC 9 |
| 114 | #define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L | 117 | #define OBJ_pbeWithMD2AndDES_CBC OBJ_pkcs,5L,1L |
| 115 | 118 | ||
| 119 | #define SN_pbeWithMD5AndDES_CBC "PBE-MD5-DES" | ||
| 116 | #define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" | 120 | #define LN_pbeWithMD5AndDES_CBC "pbeWithMD5AndDES-CBC" |
| 117 | #define NID_pbeWithMD5AndDES_CBC 10 | 121 | #define NID_pbeWithMD5AndDES_CBC 10 |
| 118 | #define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L | 122 | #define OBJ_pbeWithMD5AndDES_CBC OBJ_pkcs,5L,3L |
| @@ -229,6 +233,7 @@ extern "C" { | |||
| 229 | #define SN_idea_cbc "IDEA-CBC" | 233 | #define SN_idea_cbc "IDEA-CBC" |
| 230 | #define LN_idea_cbc "idea-cbc" | 234 | #define LN_idea_cbc "idea-cbc" |
| 231 | #define NID_idea_cbc 34 | 235 | #define NID_idea_cbc 34 |
| 236 | #define OBJ_idea_cbc 1L,3L,6L,1L,4L,1L,188L,7L,1L,1L,2L | ||
| 232 | 237 | ||
| 233 | #define SN_idea_cfb64 "IDEA-CFB" | 238 | #define SN_idea_cfb64 "IDEA-CFB" |
| 234 | #define LN_idea_cfb64 "idea-cfb" | 239 | #define LN_idea_cfb64 "idea-cfb" |
| @@ -379,17 +384,21 @@ extern "C" { | |||
| 379 | #define OBJ_dsa_2 OBJ_algorithm,12L | 384 | #define OBJ_dsa_2 OBJ_algorithm,12L |
| 380 | 385 | ||
| 381 | /* proposed by microsoft to RSA */ | 386 | /* proposed by microsoft to RSA */ |
| 387 | #define SN_pbeWithSHA1AndRC2_CBC "PBE-SHA1-RC2-64" | ||
| 382 | #define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" | 388 | #define LN_pbeWithSHA1AndRC2_CBC "pbeWithSHA1AndRC2-CBC" |
| 383 | #define NID_pbeWithSHA1AndRC2_CBC 68 | 389 | #define NID_pbeWithSHA1AndRC2_CBC 68 |
| 384 | #define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L | 390 | #define OBJ_pbeWithSHA1AndRC2_CBC OBJ_pkcs,5L,11L |
| 385 | 391 | ||
| 386 | /* proposed by microsoft to RSA */ | 392 | /* proposed by microsoft to RSA as pbeWithSHA1AndRC4: it is now |
| 387 | #define LN_pbeWithSHA1AndRC4 "pbeWithSHA1AndRC4" | 393 | * defined explicitly in PKCS#5 v2.0 as id-PBKDF2 which is something |
| 388 | #define NID_pbeWithSHA1AndRC4 69 | 394 | * completely different. |
| 389 | #define OBJ_pbeWithSHA1AndRC4 OBJ_pkcs,5L,12L | 395 | */ |
| 396 | #define LN_id_pbkdf2 "PBKDF2" | ||
| 397 | #define NID_id_pbkdf2 69 | ||
| 398 | #define OBJ_id_pbkdf2 OBJ_pkcs,5L,12L | ||
| 390 | 399 | ||
| 391 | #define SN_dsaWithSHA1_2 "DSA-SHA1-old" | 400 | #define SN_dsaWithSHA1_2 "DSA-SHA1-old" |
| 392 | #define LN_dsaWithSHA1_2 "dsaWithSHA1" | 401 | #define LN_dsaWithSHA1_2 "dsaWithSHA1-old" |
| 393 | #define NID_dsaWithSHA1_2 70 | 402 | #define NID_dsaWithSHA1_2 70 |
| 394 | /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ | 403 | /* Got this one from 'sdn706r20.pdf' which is actually an NSA document :-) */ |
| 395 | #define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L | 404 | #define OBJ_dsaWithSHA1_2 OBJ_algorithm,27L |
| @@ -443,58 +452,59 @@ extern "C" { | |||
| 443 | #define LN_desx_cbc "desx-cbc" | 452 | #define LN_desx_cbc "desx-cbc" |
| 444 | #define NID_desx_cbc 80 | 453 | #define NID_desx_cbc 80 |
| 445 | 454 | ||
| 446 | #define SN_ld_ce "ld-ce" | 455 | #define SN_id_ce "id-ce" |
| 447 | #define NID_ld_ce 81 | 456 | #define NID_id_ce 81 |
| 448 | #define OBJ_ld_ce 2L,5L,29L | 457 | #define OBJ_id_ce 2L,5L,29L |
| 449 | 458 | ||
| 450 | #define SN_subject_key_identifier "subjectKeyIdentifier" | 459 | #define SN_subject_key_identifier "subjectKeyIdentifier" |
| 451 | #define LN_subject_key_identifier "X509v3 Subject Key Identifier" | 460 | #define LN_subject_key_identifier "X509v3 Subject Key Identifier" |
| 452 | #define NID_subject_key_identifier 82 | 461 | #define NID_subject_key_identifier 82 |
| 453 | #define OBJ_subject_key_identifier OBJ_ld_ce,14L | 462 | #define OBJ_subject_key_identifier OBJ_id_ce,14L |
| 454 | 463 | ||
| 455 | #define SN_key_usage "keyUsage" | 464 | #define SN_key_usage "keyUsage" |
| 456 | #define LN_key_usage "X509v3 Key Usage" | 465 | #define LN_key_usage "X509v3 Key Usage" |
| 457 | #define NID_key_usage 83 | 466 | #define NID_key_usage 83 |
| 458 | #define OBJ_key_usage OBJ_ld_ce,15L | 467 | #define OBJ_key_usage OBJ_id_ce,15L |
| 459 | 468 | ||
| 460 | #define SN_private_key_usage_period "privateKeyUsagePeriod" | 469 | #define SN_private_key_usage_period "privateKeyUsagePeriod" |
| 461 | #define LN_private_key_usage_period "X509v3 Private Key Usage Period" | 470 | #define LN_private_key_usage_period "X509v3 Private Key Usage Period" |
| 462 | #define NID_private_key_usage_period 84 | 471 | #define NID_private_key_usage_period 84 |
| 463 | #define OBJ_private_key_usage_period OBJ_ld_ce,16L | 472 | #define OBJ_private_key_usage_period OBJ_id_ce,16L |
| 464 | 473 | ||
| 465 | #define SN_subject_alt_name "subjectAltName" | 474 | #define SN_subject_alt_name "subjectAltName" |
| 466 | #define LN_subject_alt_name "X509v3 Subject Alternative Name" | 475 | #define LN_subject_alt_name "X509v3 Subject Alternative Name" |
| 467 | #define NID_subject_alt_name 85 | 476 | #define NID_subject_alt_name 85 |
| 468 | #define OBJ_subject_alt_name OBJ_ld_ce,17L | 477 | #define OBJ_subject_alt_name OBJ_id_ce,17L |
| 469 | 478 | ||
| 470 | #define SN_issuer_alt_name "issuerAltName" | 479 | #define SN_issuer_alt_name "issuerAltName" |
| 471 | #define LN_issuer_alt_name "X509v3 Issuer Alternative Name" | 480 | #define LN_issuer_alt_name "X509v3 Issuer Alternative Name" |
| 472 | #define NID_issuer_alt_name 86 | 481 | #define NID_issuer_alt_name 86 |
| 473 | #define OBJ_issuer_alt_name OBJ_ld_ce,18L | 482 | #define OBJ_issuer_alt_name OBJ_id_ce,18L |
| 474 | 483 | ||
| 475 | #define SN_basic_constraints "basicConstraints" | 484 | #define SN_basic_constraints "basicConstraints" |
| 476 | #define LN_basic_constraints "X509v3 Basic Constraints" | 485 | #define LN_basic_constraints "X509v3 Basic Constraints" |
| 477 | #define NID_basic_constraints 87 | 486 | #define NID_basic_constraints 87 |
| 478 | #define OBJ_basic_constraints OBJ_ld_ce,19L | 487 | #define OBJ_basic_constraints OBJ_id_ce,19L |
| 479 | 488 | ||
| 480 | #define SN_crl_number "crlNumber" | 489 | #define SN_crl_number "crlNumber" |
| 481 | #define LN_crl_number "X509v3 CRL Number" | 490 | #define LN_crl_number "X509v3 CRL Number" |
| 482 | #define NID_crl_number 88 | 491 | #define NID_crl_number 88 |
| 483 | #define OBJ_crl_number OBJ_ld_ce,20L | 492 | #define OBJ_crl_number OBJ_id_ce,20L |
| 484 | 493 | ||
| 485 | #define SN_certificate_policies "certificatePolicies" | 494 | #define SN_certificate_policies "certificatePolicies" |
| 486 | #define LN_certificate_policies "X509v3 Certificate Policies" | 495 | #define LN_certificate_policies "X509v3 Certificate Policies" |
| 487 | #define NID_certificate_policies 89 | 496 | #define NID_certificate_policies 89 |
| 488 | #define OBJ_certificate_policies OBJ_ld_ce,32L | 497 | #define OBJ_certificate_policies OBJ_id_ce,32L |
| 489 | 498 | ||
| 490 | #define SN_authority_key_identifier "authorityKeyIdentifier" | 499 | #define SN_authority_key_identifier "authorityKeyIdentifier" |
| 491 | #define LN_authority_key_identifier "X509v3 Authority Key Identifier" | 500 | #define LN_authority_key_identifier "X509v3 Authority Key Identifier" |
| 492 | #define NID_authority_key_identifier 90 | 501 | #define NID_authority_key_identifier 90 |
| 493 | #define OBJ_authority_key_identifier OBJ_ld_ce,35L | 502 | #define OBJ_authority_key_identifier OBJ_id_ce,35L |
| 494 | 503 | ||
| 495 | #define SN_bf_cbc "BF-CBC" | 504 | #define SN_bf_cbc "BF-CBC" |
| 496 | #define LN_bf_cbc "bf-cbc" | 505 | #define LN_bf_cbc "bf-cbc" |
| 497 | #define NID_bf_cbc 91 | 506 | #define NID_bf_cbc 91 |
| 507 | #define OBJ_bf_cbc 1L,3L,6L,1L,4L,1L,3029L,1L,2L | ||
| 498 | 508 | ||
| 499 | #define SN_bf_ecb "BF-ECB" | 509 | #define SN_bf_ecb "BF-ECB" |
| 500 | #define LN_bf_ecb "bf-ecb" | 510 | #define LN_bf_ecb "bf-ecb" |
| @@ -550,7 +560,7 @@ extern "C" { | |||
| 550 | #define SN_crl_distribution_points "crlDistributionPoints" | 560 | #define SN_crl_distribution_points "crlDistributionPoints" |
| 551 | #define LN_crl_distribution_points "X509v3 CRL Distribution Points" | 561 | #define LN_crl_distribution_points "X509v3 CRL Distribution Points" |
| 552 | #define NID_crl_distribution_points 103 | 562 | #define NID_crl_distribution_points 103 |
| 553 | #define OBJ_crl_distribution_points OBJ_ld_ce,31L | 563 | #define OBJ_crl_distribution_points OBJ_id_ce,31L |
| 554 | 564 | ||
| 555 | #define SN_md5WithRSA "RSA-NP-MD5" | 565 | #define SN_md5WithRSA "RSA-NP-MD5" |
| 556 | #define LN_md5WithRSA "md5WithRSA" | 566 | #define LN_md5WithRSA "md5WithRSA" |
| @@ -623,7 +633,7 @@ extern "C" { | |||
| 623 | #define OBJ_ripemd160 1L,3L,36L,3L,2L,1L | 633 | #define OBJ_ripemd160 1L,3L,36L,3L,2L,1L |
| 624 | 634 | ||
| 625 | /* The name should actually be rsaSignatureWithripemd160, but I'm going | 635 | /* The name should actually be rsaSignatureWithripemd160, but I'm going |
| 626 | * to contiune using the convention I'm using with the other ciphers */ | 636 | * to continue using the convention I'm using with the other ciphers */ |
| 627 | #define SN_ripemd160WithRSA "RSA-RIPEMD160" | 637 | #define SN_ripemd160WithRSA "RSA-RIPEMD160" |
| 628 | #define LN_ripemd160WithRSA "ripemd160WithRSA" | 638 | #define LN_ripemd160WithRSA "ripemd160WithRSA" |
| 629 | #define NID_ripemd160WithRSA 119 | 639 | #define NID_ripemd160WithRSA 119 |
| @@ -654,56 +664,365 @@ extern "C" { | |||
| 654 | #define LN_rc5_ofb64 "rc5-ofb" | 664 | #define LN_rc5_ofb64 "rc5-ofb" |
| 655 | #define NID_rc5_ofb64 123 | 665 | #define NID_rc5_ofb64 123 |
| 656 | 666 | ||
| 657 | #include "bio.h" | 667 | #define SN_rle_compression "RLE" |
| 658 | #include "asn1.h" | 668 | #define LN_rle_compression "run length compression" |
| 669 | #define NID_rle_compression 124 | ||
| 670 | #define OBJ_rle_compression 1L,1L,1L,1L,666L,1L | ||
| 671 | |||
| 672 | #define SN_zlib_compression "ZLIB" | ||
| 673 | #define LN_zlib_compression "zlib compression" | ||
| 674 | #define NID_zlib_compression 125 | ||
| 675 | #define OBJ_zlib_compression 1L,1L,1L,1L,666L,2L | ||
| 676 | |||
| 677 | #define SN_ext_key_usage "extendedKeyUsage" | ||
| 678 | #define LN_ext_key_usage "X509v3 Extended Key Usage" | ||
| 679 | #define NID_ext_key_usage 126 | ||
| 680 | #define OBJ_ext_key_usage OBJ_id_ce,37 | ||
| 681 | |||
| 682 | #define SN_id_pkix "PKIX" | ||
| 683 | #define NID_id_pkix 127 | ||
| 684 | #define OBJ_id_pkix 1L,3L,6L,1L,5L,5L,7L | ||
| 685 | |||
| 686 | #define SN_id_kp "id-kp" | ||
| 687 | #define NID_id_kp 128 | ||
| 688 | #define OBJ_id_kp OBJ_id_pkix,3L | ||
| 689 | |||
| 690 | /* PKIX extended key usage OIDs */ | ||
| 691 | |||
| 692 | #define SN_server_auth "serverAuth" | ||
| 693 | #define LN_server_auth "TLS Web Server Authentication" | ||
| 694 | #define NID_server_auth 129 | ||
| 695 | #define OBJ_server_auth OBJ_id_kp,1L | ||
| 696 | |||
| 697 | #define SN_client_auth "clientAuth" | ||
| 698 | #define LN_client_auth "TLS Web Client Authentication" | ||
| 699 | #define NID_client_auth 130 | ||
| 700 | #define OBJ_client_auth OBJ_id_kp,2L | ||
| 701 | |||
| 702 | #define SN_code_sign "codeSigning" | ||
| 703 | #define LN_code_sign "Code Signing" | ||
| 704 | #define NID_code_sign 131 | ||
| 705 | #define OBJ_code_sign OBJ_id_kp,3L | ||
| 706 | |||
| 707 | #define SN_email_protect "emailProtection" | ||
| 708 | #define LN_email_protect "E-mail Protection" | ||
| 709 | #define NID_email_protect 132 | ||
| 710 | #define OBJ_email_protect OBJ_id_kp,4L | ||
| 711 | |||
| 712 | #define SN_time_stamp "timeStamping" | ||
| 713 | #define LN_time_stamp "Time Stamping" | ||
| 714 | #define NID_time_stamp 133 | ||
| 715 | #define OBJ_time_stamp OBJ_id_kp,8L | ||
| 716 | |||
| 717 | /* Additional extended key usage OIDs: Microsoft */ | ||
| 718 | |||
| 719 | #define SN_ms_code_ind "msCodeInd" | ||
| 720 | #define LN_ms_code_ind "Microsoft Individual Code Signing" | ||
| 721 | #define NID_ms_code_ind 134 | ||
| 722 | #define OBJ_ms_code_ind 1L,3L,6L,1L,4L,1L,311L,2L,1L,21L | ||
| 723 | |||
| 724 | #define SN_ms_code_com "msCodeCom" | ||
| 725 | #define LN_ms_code_com "Microsoft Commercial Code Signing" | ||
| 726 | #define NID_ms_code_com 135 | ||
| 727 | #define OBJ_ms_code_com 1L,3L,6L,1L,4L,1L,311L,2L,1L,22L | ||
| 728 | |||
| 729 | #define SN_ms_ctl_sign "msCTLSign" | ||
| 730 | #define LN_ms_ctl_sign "Microsoft Trust List Signing" | ||
| 731 | #define NID_ms_ctl_sign 136 | ||
| 732 | #define OBJ_ms_ctl_sign 1L,3L,6L,1L,4L,1L,311L,10L,3L,1L | ||
| 733 | |||
| 734 | #define SN_ms_sgc "msSGC" | ||
| 735 | #define LN_ms_sgc "Microsoft Server Gated Crypto" | ||
| 736 | #define NID_ms_sgc 137 | ||
| 737 | #define OBJ_ms_sgc 1L,3L,6L,1L,4L,1L,311L,10L,3L,3L | ||
| 738 | |||
| 739 | #define SN_ms_efs "msEFS" | ||
| 740 | #define LN_ms_efs "Microsoft Encrypted File System" | ||
| 741 | #define NID_ms_efs 138 | ||
| 742 | #define OBJ_ms_efs 1L,3L,6L,1L,4L,1L,311L,10L,3L,4L | ||
| 743 | |||
| 744 | /* Additional usage: Netscape */ | ||
| 745 | |||
| 746 | #define SN_ns_sgc "nsSGC" | ||
| 747 | #define LN_ns_sgc "Netscape Server Gated Crypto" | ||
| 748 | #define NID_ns_sgc 139 | ||
| 749 | #define OBJ_ns_sgc OBJ_netscape,4L,1L | ||
| 750 | |||
| 751 | #define SN_delta_crl "deltaCRL" | ||
| 752 | #define LN_delta_crl "X509v3 Delta CRL Indicator" | ||
| 753 | #define NID_delta_crl 140 | ||
| 754 | #define OBJ_delta_crl OBJ_id_ce,27L | ||
| 755 | |||
| 756 | #define SN_crl_reason "CRLReason" | ||
| 757 | #define LN_crl_reason "CRL Reason Code" | ||
| 758 | #define NID_crl_reason 141 | ||
| 759 | #define OBJ_crl_reason OBJ_id_ce,21L | ||
| 659 | 760 | ||
| 660 | #define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) | 761 | #define SN_invalidity_date "invalidityDate" |
| 762 | #define LN_invalidity_date "Invalidity Date" | ||
| 763 | #define NID_invalidity_date 142 | ||
| 764 | #define OBJ_invalidity_date OBJ_id_ce,24L | ||
| 765 | |||
| 766 | #define SN_sxnet "SXNetID" | ||
| 767 | #define LN_sxnet "Strong Extranet ID" | ||
| 768 | #define NID_sxnet 143 | ||
| 769 | #define OBJ_sxnet 1L,3L,101L,1L,4L,1L | ||
| 770 | |||
| 771 | /* PKCS12 and related OBJECT IDENTIFIERS */ | ||
| 772 | |||
| 773 | #define OBJ_pkcs12 OBJ_pkcs,12L | ||
| 774 | #define OBJ_pkcs12_pbeids OBJ_pkcs12, 1 | ||
| 661 | 775 | ||
| 662 | #ifndef NOPROTO | 776 | #define SN_pbe_WithSHA1And128BitRC4 "PBE-SHA1-RC4-128" |
| 777 | #define LN_pbe_WithSHA1And128BitRC4 "pbeWithSHA1And128BitRC4" | ||
| 778 | #define NID_pbe_WithSHA1And128BitRC4 144 | ||
| 779 | #define OBJ_pbe_WithSHA1And128BitRC4 OBJ_pkcs12_pbeids, 1L | ||
| 663 | 780 | ||
| 664 | ASN1_OBJECT * OBJ_dup(ASN1_OBJECT *o); | 781 | #define SN_pbe_WithSHA1And40BitRC4 "PBE-SHA1-RC4-40" |
| 665 | ASN1_OBJECT * OBJ_nid2obj(int n); | 782 | #define LN_pbe_WithSHA1And40BitRC4 "pbeWithSHA1And40BitRC4" |
| 666 | char * OBJ_nid2ln(int n); | 783 | #define NID_pbe_WithSHA1And40BitRC4 145 |
| 667 | char * OBJ_nid2sn(int n); | 784 | #define OBJ_pbe_WithSHA1And40BitRC4 OBJ_pkcs12_pbeids, 2L |
| 668 | int OBJ_obj2nid(ASN1_OBJECT *o); | ||
| 669 | int OBJ_txt2nid(char *s); | ||
| 670 | int OBJ_ln2nid(char *s); | ||
| 671 | int OBJ_sn2nid(char *s); | ||
| 672 | int OBJ_cmp(ASN1_OBJECT *a,ASN1_OBJECT *b); | ||
| 673 | char * OBJ_bsearch(char *key,char *base,int num,int size,int (*cmp)()); | ||
| 674 | 785 | ||
| 675 | void ERR_load_OBJ_strings(void ); | 786 | #define SN_pbe_WithSHA1And3_Key_TripleDES_CBC "PBE-SHA1-3DES" |
| 787 | #define LN_pbe_WithSHA1And3_Key_TripleDES_CBC "pbeWithSHA1And3-KeyTripleDES-CBC" | ||
| 788 | #define NID_pbe_WithSHA1And3_Key_TripleDES_CBC 146 | ||
| 789 | #define OBJ_pbe_WithSHA1And3_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 3L | ||
| 790 | |||
| 791 | #define SN_pbe_WithSHA1And2_Key_TripleDES_CBC "PBE-SHA1-2DES" | ||
| 792 | #define LN_pbe_WithSHA1And2_Key_TripleDES_CBC "pbeWithSHA1And2-KeyTripleDES-CBC" | ||
| 793 | #define NID_pbe_WithSHA1And2_Key_TripleDES_CBC 147 | ||
| 794 | #define OBJ_pbe_WithSHA1And2_Key_TripleDES_CBC OBJ_pkcs12_pbeids, 4L | ||
| 795 | |||
| 796 | #define SN_pbe_WithSHA1And128BitRC2_CBC "PBE-SHA1-RC2-128" | ||
| 797 | #define LN_pbe_WithSHA1And128BitRC2_CBC "pbeWithSHA1And128BitRC2-CBC" | ||
| 798 | #define NID_pbe_WithSHA1And128BitRC2_CBC 148 | ||
| 799 | #define OBJ_pbe_WithSHA1And128BitRC2_CBC OBJ_pkcs12_pbeids, 5L | ||
| 800 | |||
| 801 | #define SN_pbe_WithSHA1And40BitRC2_CBC "PBE-SHA1-RC2-40" | ||
| 802 | #define LN_pbe_WithSHA1And40BitRC2_CBC "pbeWithSHA1And40BitRC2-CBC" | ||
| 803 | #define NID_pbe_WithSHA1And40BitRC2_CBC 149 | ||
| 804 | #define OBJ_pbe_WithSHA1And40BitRC2_CBC OBJ_pkcs12_pbeids, 6L | ||
| 805 | |||
| 806 | #define OBJ_pkcs12_Version1 OBJ_pkcs12, 10L | ||
| 807 | |||
| 808 | #define OBJ_pkcs12_BagIds OBJ_pkcs12_Version1, 1L | ||
| 676 | 809 | ||
| 677 | int OBJ_new_nid(int num); | 810 | #define LN_keyBag "keyBag" |
| 678 | int OBJ_add_object(ASN1_OBJECT *obj); | 811 | #define NID_keyBag 150 |
| 679 | int OBJ_create(char *oid,char *sn,char *ln); | 812 | #define OBJ_keyBag OBJ_pkcs12_BagIds, 1L |
| 680 | void OBJ_cleanup(void ); | 813 | |
| 681 | int OBJ_create_objects(BIO *in); | 814 | #define LN_pkcs8ShroudedKeyBag "pkcs8ShroudedKeyBag" |
| 815 | #define NID_pkcs8ShroudedKeyBag 151 | ||
| 816 | #define OBJ_pkcs8ShroudedKeyBag OBJ_pkcs12_BagIds, 2L | ||
| 817 | |||
| 818 | #define LN_certBag "certBag" | ||
| 819 | #define NID_certBag 152 | ||
| 820 | #define OBJ_certBag OBJ_pkcs12_BagIds, 3L | ||
| 821 | |||
| 822 | #define LN_crlBag "crlBag" | ||
| 823 | #define NID_crlBag 153 | ||
| 824 | #define OBJ_crlBag OBJ_pkcs12_BagIds, 4L | ||
| 825 | |||
| 826 | #define LN_secretBag "secretBag" | ||
| 827 | #define NID_secretBag 154 | ||
| 828 | #define OBJ_secretBag OBJ_pkcs12_BagIds, 5L | ||
| 829 | |||
| 830 | #define LN_safeContentsBag "safeContentsBag" | ||
| 831 | #define NID_safeContentsBag 155 | ||
| 832 | #define OBJ_safeContentsBag OBJ_pkcs12_BagIds, 6L | ||
| 682 | 833 | ||
| 683 | #else | 834 | #define LN_friendlyName "friendlyName" |
| 835 | #define NID_friendlyName 156 | ||
| 836 | #define OBJ_friendlyName OBJ_pkcs9, 20L | ||
| 837 | |||
| 838 | #define LN_localKeyID "localKeyID" | ||
| 839 | #define NID_localKeyID 157 | ||
| 840 | #define OBJ_localKeyID OBJ_pkcs9, 21L | ||
| 841 | |||
| 842 | #define OBJ_certTypes OBJ_pkcs9, 22L | ||
| 843 | |||
| 844 | #define LN_x509Certificate "x509Certificate" | ||
| 845 | #define NID_x509Certificate 158 | ||
| 846 | #define OBJ_x509Certificate OBJ_certTypes, 1L | ||
| 847 | |||
| 848 | #define LN_sdsiCertificate "sdsiCertificate" | ||
| 849 | #define NID_sdsiCertificate 159 | ||
| 850 | #define OBJ_sdsiCertificate OBJ_certTypes, 2L | ||
| 851 | |||
| 852 | #define OBJ_crlTypes OBJ_pkcs9, 23L | ||
| 853 | |||
| 854 | #define LN_x509Crl "x509Crl" | ||
| 855 | #define NID_x509Crl 160 | ||
| 856 | #define OBJ_x509Crl OBJ_crlTypes, 1L | ||
| 857 | |||
| 858 | /* PKCS#5 v2 OIDs */ | ||
| 859 | |||
| 860 | #define LN_pbes2 "PBES2" | ||
| 861 | #define NID_pbes2 161 | ||
| 862 | #define OBJ_pbes2 OBJ_pkcs,5L,13L | ||
| 863 | |||
| 864 | #define LN_pbmac1 "PBMAC1" | ||
| 865 | #define NID_pbmac1 162 | ||
| 866 | #define OBJ_pbmac1 OBJ_pkcs,5L,14L | ||
| 867 | |||
| 868 | #define LN_hmacWithSHA1 "hmacWithSHA1" | ||
| 869 | #define NID_hmacWithSHA1 163 | ||
| 870 | #define OBJ_hmacWithSHA1 OBJ_rsadsi,2L,7L | ||
| 871 | |||
| 872 | /* Policy Qualifier Ids */ | ||
| 873 | |||
| 874 | #define LN_id_qt_cps "Policy Qualifier CPS" | ||
| 875 | #define SN_id_qt_cps "id-qt-cps" | ||
| 876 | #define NID_id_qt_cps 164 | ||
| 877 | #define OBJ_id_qt_cps OBJ_id_pkix,2L,1L | ||
| 878 | |||
| 879 | #define LN_id_qt_unotice "Policy Qualifier User Notice" | ||
| 880 | #define SN_id_qt_unotice "id-qt-unotice" | ||
| 881 | #define NID_id_qt_unotice 165 | ||
| 882 | #define OBJ_id_qt_unotice OBJ_id_pkix,2L,2L | ||
| 883 | |||
| 884 | #define SN_rc2_64_cbc "RC2-64-CBC" | ||
| 885 | #define LN_rc2_64_cbc "rc2-64-cbc" | ||
| 886 | #define NID_rc2_64_cbc 166 | ||
| 887 | |||
| 888 | #define SN_SMIMECapabilities "SMIME-CAPS" | ||
| 889 | #define LN_SMIMECapabilities "S/MIME Capabilities" | ||
| 890 | #define NID_SMIMECapabilities 167 | ||
| 891 | #define OBJ_SMIMECapabilities OBJ_pkcs9,15L | ||
| 892 | |||
| 893 | #define SN_pbeWithMD2AndRC2_CBC "PBE-MD2-RC2-64" | ||
| 894 | #define LN_pbeWithMD2AndRC2_CBC "pbeWithMD2AndRC2-CBC" | ||
| 895 | #define NID_pbeWithMD2AndRC2_CBC 168 | ||
| 896 | #define OBJ_pbeWithMD2AndRC2_CBC OBJ_pkcs,5L,4L | ||
| 897 | |||
| 898 | #define SN_pbeWithMD5AndRC2_CBC "PBE-MD5-RC2-64" | ||
| 899 | #define LN_pbeWithMD5AndRC2_CBC "pbeWithMD5AndRC2-CBC" | ||
| 900 | #define NID_pbeWithMD5AndRC2_CBC 169 | ||
| 901 | #define OBJ_pbeWithMD5AndRC2_CBC OBJ_pkcs,5L,6L | ||
| 902 | |||
| 903 | #define SN_pbeWithSHA1AndDES_CBC "PBE-SHA1-DES" | ||
| 904 | #define LN_pbeWithSHA1AndDES_CBC "pbeWithSHA1AndDES-CBC" | ||
| 905 | #define NID_pbeWithSHA1AndDES_CBC 170 | ||
| 906 | #define OBJ_pbeWithSHA1AndDES_CBC OBJ_pkcs,5L,10L | ||
| 907 | |||
| 908 | /* Extension request OIDs */ | ||
| 909 | |||
| 910 | #define LN_ms_ext_req "Microsoft Extension Request" | ||
| 911 | #define SN_ms_ext_req "msExtReq" | ||
| 912 | #define NID_ms_ext_req 171 | ||
| 913 | #define OBJ_ms_ext_req 1L,3L,6L,1L,4L,1L,311L,2L,1L,14L | ||
| 684 | 914 | ||
| 685 | ASN1_OBJECT * OBJ_dup(); | 915 | #define LN_ext_req "Extension Request" |
| 686 | ASN1_OBJECT * OBJ_nid2obj(); | 916 | #define SN_ext_req "extReq" |
| 687 | char * OBJ_nid2ln(); | 917 | #define NID_ext_req 172 |
| 688 | char * OBJ_nid2sn(); | 918 | #define OBJ_ext_req OBJ_pkcs9,14L |
| 689 | int OBJ_obj2nid(); | ||
| 690 | int OBJ_txt2nid(); | ||
| 691 | int OBJ_ln2nid(); | ||
| 692 | int OBJ_sn2nid(); | ||
| 693 | int OBJ_cmp(); | ||
| 694 | char * OBJ_bsearch(); | ||
| 695 | |||
| 696 | void ERR_load_OBJ_strings(); | ||
| 697 | |||
| 698 | int OBJ_new_nid(); | ||
| 699 | int OBJ_add_object(); | ||
| 700 | int OBJ_create(); | ||
| 701 | void OBJ_cleanup(); | ||
| 702 | int OBJ_create_objects(); | ||
| 703 | 919 | ||
| 920 | #define SN_name "name" | ||
| 921 | #define LN_name "name" | ||
| 922 | #define NID_name 173 | ||
| 923 | #define OBJ_name OBJ_X509,41L | ||
| 924 | |||
| 925 | #define SN_dnQualifier "dnQualifier" | ||
| 926 | #define LN_dnQualifier "dnQualifier" | ||
| 927 | #define NID_dnQualifier 174 | ||
| 928 | #define OBJ_dnQualifier OBJ_X509,46L | ||
| 929 | |||
| 930 | #define SN_id_pe "id-pe" | ||
| 931 | #define NID_id_pe 175 | ||
| 932 | #define OBJ_id_pe OBJ_id_pkix,1L | ||
| 933 | |||
| 934 | #define SN_id_ad "id-ad" | ||
| 935 | #define NID_id_ad 176 | ||
| 936 | #define OBJ_id_ad OBJ_id_pkix,48L | ||
| 937 | |||
| 938 | #define SN_info_access "authorityInfoAccess" | ||
| 939 | #define LN_info_access "Authority Information Access" | ||
| 940 | #define NID_info_access 177 | ||
| 941 | #define OBJ_info_access OBJ_id_pe,1L | ||
| 942 | |||
| 943 | #define SN_ad_OCSP "OCSP" | ||
| 944 | #define LN_ad_OCSP "OCSP" | ||
| 945 | #define NID_ad_OCSP 178 | ||
| 946 | #define OBJ_ad_OCSP OBJ_id_ad,1L | ||
| 947 | |||
| 948 | #define SN_ad_ca_issuers "caIssuers" | ||
| 949 | #define LN_ad_ca_issuers "CA Issuers" | ||
| 950 | #define NID_ad_ca_issuers 179 | ||
| 951 | #define OBJ_ad_ca_issuers OBJ_id_ad,2L | ||
| 952 | |||
| 953 | #define SN_OCSP_sign "OCSPSigning" | ||
| 954 | #define LN_OCSP_sign "OCSP Signing" | ||
| 955 | #define NID_OCSP_sign 180 | ||
| 956 | #define OBJ_OCSP_sign OBJ_id_kp,9L | ||
| 957 | #endif /* USE_OBJ_MAC */ | ||
| 958 | |||
| 959 | #include <openssl/bio.h> | ||
| 960 | #include <openssl/asn1.h> | ||
| 961 | |||
| 962 | #define OBJ_NAME_TYPE_UNDEF 0x00 | ||
| 963 | #define OBJ_NAME_TYPE_MD_METH 0x01 | ||
| 964 | #define OBJ_NAME_TYPE_CIPHER_METH 0x02 | ||
| 965 | #define OBJ_NAME_TYPE_PKEY_METH 0x03 | ||
| 966 | #define OBJ_NAME_TYPE_COMP_METH 0x04 | ||
| 967 | #define OBJ_NAME_TYPE_NUM 0x05 | ||
| 968 | |||
| 969 | #define OBJ_NAME_ALIAS 0x8000 | ||
| 970 | |||
| 971 | |||
| 972 | #ifdef __cplusplus | ||
| 973 | extern "C" { | ||
| 704 | #endif | 974 | #endif |
| 705 | 975 | ||
| 976 | typedef struct obj_name_st | ||
| 977 | { | ||
| 978 | int type; | ||
| 979 | int alias; | ||
| 980 | const char *name; | ||
| 981 | const char *data; | ||
| 982 | } OBJ_NAME; | ||
| 983 | |||
| 984 | #define OBJ_create_and_add_object(a,b,c) OBJ_create(a,b,c) | ||
| 985 | |||
| 986 | |||
| 987 | int OBJ_NAME_init(void); | ||
| 988 | int OBJ_NAME_new_index(unsigned long (*hash_func)(const char *), | ||
| 989 | int (*cmp_func)(const char *, const char *), | ||
| 990 | void (*free_func)(const char *, int, const char *)); | ||
| 991 | const char *OBJ_NAME_get(const char *name,int type); | ||
| 992 | int OBJ_NAME_add(const char *name,int type,const char *data); | ||
| 993 | int OBJ_NAME_remove(const char *name,int type); | ||
| 994 | void OBJ_NAME_cleanup(int type); /* -1 for everything */ | ||
| 995 | void OBJ_NAME_do_all(int type,void (*fn)(const OBJ_NAME *,void *arg), | ||
| 996 | void *arg); | ||
| 997 | void OBJ_NAME_do_all_sorted(int type,void (*fn)(const OBJ_NAME *,void *arg), | ||
| 998 | void *arg); | ||
| 999 | |||
| 1000 | ASN1_OBJECT * OBJ_dup(const ASN1_OBJECT *o); | ||
| 1001 | ASN1_OBJECT * OBJ_nid2obj(int n); | ||
| 1002 | const char * OBJ_nid2ln(int n); | ||
| 1003 | const char * OBJ_nid2sn(int n); | ||
| 1004 | int OBJ_obj2nid(const ASN1_OBJECT *o); | ||
| 1005 | ASN1_OBJECT * OBJ_txt2obj(const char *s, int no_name); | ||
| 1006 | int OBJ_obj2txt(char *buf, int buf_len, const ASN1_OBJECT *a, int no_name); | ||
| 1007 | int OBJ_txt2nid(const char *s); | ||
| 1008 | int OBJ_ln2nid(const char *s); | ||
| 1009 | int OBJ_sn2nid(const char *s); | ||
| 1010 | int OBJ_cmp(const ASN1_OBJECT *a,const ASN1_OBJECT *b); | ||
| 1011 | const char * OBJ_bsearch(const char *key,const char *base,int num,int size, | ||
| 1012 | int (*cmp)(const void *, const void *)); | ||
| 1013 | |||
| 1014 | int OBJ_new_nid(int num); | ||
| 1015 | int OBJ_add_object(const ASN1_OBJECT *obj); | ||
| 1016 | int OBJ_create(const char *oid,const char *sn,const char *ln); | ||
| 1017 | void OBJ_cleanup(void ); | ||
| 1018 | int OBJ_create_objects(BIO *in); | ||
| 1019 | |||
| 706 | /* BEGIN ERROR CODES */ | 1020 | /* BEGIN ERROR CODES */ |
| 1021 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 1022 | * made after this point may be overwritten when the script is next run. | ||
| 1023 | */ | ||
| 1024 | void ERR_load_OBJ_strings(void); | ||
| 1025 | |||
| 707 | /* Error codes for the OBJ functions. */ | 1026 | /* Error codes for the OBJ functions. */ |
| 708 | 1027 | ||
| 709 | /* Function codes. */ | 1028 | /* Function codes. */ |
| @@ -716,9 +1035,8 @@ int OBJ_create_objects(); | |||
| 716 | /* Reason codes. */ | 1035 | /* Reason codes. */ |
| 717 | #define OBJ_R_MALLOC_FAILURE 100 | 1036 | #define OBJ_R_MALLOC_FAILURE 100 |
| 718 | #define OBJ_R_UNKNOWN_NID 101 | 1037 | #define OBJ_R_UNKNOWN_NID 101 |
| 719 | 1038 | ||
| 720 | #ifdef __cplusplus | 1039 | #ifdef __cplusplus |
| 721 | } | 1040 | } |
| 722 | #endif | 1041 | #endif |
| 723 | #endif | 1042 | #endif |
| 724 | |||
diff --git a/src/lib/libcrypto/objects/objects.pl b/src/lib/libcrypto/objects/objects.pl index c956bbb841..76c06cc8f9 100644 --- a/src/lib/libcrypto/objects/objects.pl +++ b/src/lib/libcrypto/objects/objects.pl | |||
| @@ -9,7 +9,9 @@ while(<NUMIN>) | |||
| 9 | $o++; | 9 | $o++; |
| 10 | s/#.*$//; | 10 | s/#.*$//; |
| 11 | next if /^\s*$/; | 11 | next if /^\s*$/; |
| 12 | $_ = 'X'.$_; | ||
| 12 | ($Cname,$mynum) = split; | 13 | ($Cname,$mynum) = split; |
| 14 | $Cname =~ s/^X//; | ||
| 13 | if (defined($nidn{$mynum})) | 15 | if (defined($nidn{$mynum})) |
| 14 | { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } | 16 | { die "$ARGV[1]:$o:There's already an object with NID ",$mynum," on line ",$order{$mynum},"\n"; } |
| 15 | $nid{$Cname} = $mynum; | 17 | $nid{$Cname} = $mynum; |
| @@ -114,7 +116,13 @@ close NUMOUT; | |||
| 114 | 116 | ||
| 115 | open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; | 117 | open (OUT,">$ARGV[2]") || die "Can't open output file $ARGV[2]"; |
| 116 | print OUT <<'EOF'; | 118 | print OUT <<'EOF'; |
| 117 | /* lib/obj/obj_mac.h */ | 119 | /* crypto/objects/obj_mac.h */ |
| 120 | |||
| 121 | /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the | ||
| 122 | * following command: | ||
| 123 | * perl objects.pl objects.txt obj_mac.num obj_mac.h | ||
| 124 | */ | ||
| 125 | |||
| 118 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 126 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 119 | * All rights reserved. | 127 | * All rights reserved. |
| 120 | * | 128 | * |
| @@ -172,11 +180,6 @@ print OUT <<'EOF'; | |||
| 172 | * [including the GNU Public Licence.] | 180 | * [including the GNU Public Licence.] |
| 173 | */ | 181 | */ |
| 174 | 182 | ||
| 175 | /* THIS FILE IS GENERATED FROM objects.txt by objects.pl via the | ||
| 176 | * following command: | ||
| 177 | * perl objects.pl objects.txt obj_mac.num obj_mac.h | ||
| 178 | */ | ||
| 179 | |||
| 180 | #define SN_undef "UNDEF" | 183 | #define SN_undef "UNDEF" |
| 181 | #define LN_undef "undefined" | 184 | #define LN_undef "undefined" |
| 182 | #define NID_undef 0 | 185 | #define NID_undef 0 |
| @@ -207,6 +210,8 @@ sub process_oid | |||
| 207 | if (!($a[0] =~ /^[0-9]+$/)) | 210 | if (!($a[0] =~ /^[0-9]+$/)) |
| 208 | { | 211 | { |
| 209 | $a[0] =~ s/-/_/g; | 212 | $a[0] =~ s/-/_/g; |
| 213 | if (!defined($obj{$a[0]})) | ||
| 214 | { die "$ARGV[0]:$o:Undefined identifier ",$a[0],"\n"; } | ||
| 210 | $pref_oid = "OBJ_" . $a[0]; | 215 | $pref_oid = "OBJ_" . $a[0]; |
| 211 | $pref_sep = ","; | 216 | $pref_sep = ","; |
| 212 | shift @a; | 217 | shift @a; |
diff --git a/src/lib/libcrypto/objects/objects.txt b/src/lib/libcrypto/objects/objects.txt index cb276e90e9..65d0b15629 100644 --- a/src/lib/libcrypto/objects/objects.txt +++ b/src/lib/libcrypto/objects/objects.txt | |||
| @@ -1,40 +1,764 @@ | |||
| 1 | 1 2 : ISO member bodies | 1 | 0 : CCITT : ccitt |
| 2 | 1 2 840 : US (ANSI) | 2 | |
| 3 | 1 2 840 113549 : rsadsi : RSA Data Security, Inc. | 3 | 1 : ISO : iso |
| 4 | 1 2 840 113549 1 : pkcs : RSA Data Security, Inc. PKCS | 4 | |
| 5 | 1 2 840 113549 1 1 1 : rsaEncryption | 5 | 2 : JOINT-ISO-CCITT : joint-iso-ccitt |
| 6 | 1 2 840 113549 1 1 2 : md2withRSAEncryption | 6 | |
| 7 | 1 2 840 113549 1 1 4 : md5withRSAEncryption | 7 | iso 2 : member-body : ISO Member Body |
| 8 | 1 2 840 113549 1 7 : pkcs-7 | 8 | |
| 9 | 1 2 840 113549 1 7 1 : pkcs-7-data | 9 | joint-iso-ccitt 5 1 5 : selected-attribute-types : Selected Attribute Types |
| 10 | 1 2 840 113549 1 7 2 : pkcs-7-signedData | 10 | |
| 11 | 1 2 840 113549 1 7 3 : pkcs-7-envelopedData | 11 | selected-attribute-types 55 : clearance |
| 12 | 1 2 840 113549 1 7 4 : pkcs-7-signedAndEnvelopedData | 12 | |
| 13 | 1 2 840 113549 1 7 5 : pkcs-7-digestData | 13 | member-body 840 : ISO-US : ISO US Member Body |
| 14 | 1 2 840 113549 1 7 6 : pkcs-7-encryptedData | 14 | ISO-US 10040 : X9-57 : X9.57 |
| 15 | 1 2 840 113549 2 2 : md2 | 15 | X9-57 4 : X9cm : X9.57 CM ? |
| 16 | 1 2 840 113549 2 4 : md4 | 16 | |
| 17 | 1 2 840 113549 2 5 : md5 | 17 | !Cname dsa |
| 18 | 1 2 840 113549 3 4 : rc4 | 18 | X9cm 1 : DSA : dsaEncryption |
| 19 | 1 2 840 113549 5 1 : pbeWithMD2AndDES_CBC | 19 | X9cm 3 : DSA-SHA1 : dsaWithSHA1 |
| 20 | 1 2 840 113549 5 3 : pbeWithMD5AndDES_CBC | 20 | |
| 21 | 2 5 : X500 : directory services (X.500) | 21 | |
| 22 | 2 5 4 : X509 | 22 | ISO-US 10045 : ansi-X9-62 : ANSI X9.62 |
| 23 | 2 5 4 3 : commonName | 23 | !module X9-62 |
| 24 | 2 5 4 6 : countryName | 24 | !Alias id-fieldType ansi-X9-62 1 |
| 25 | 2 5 4 7 : localityName | 25 | X9-62_id-fieldType 1 : prime-field |
| 26 | 2 5 4 8 : stateOrProvinceName | 26 | X9-62_id-fieldType 2 : characteristic-two-field |
| 27 | 2 5 4 10 : organizationName | 27 | # ... characteristic-two-field OID subtree |
| 28 | 2 5 4 11 : organizationalUnitName | 28 | !Alias id-publicKeyType ansi-X9-62 2 |
| 29 | 2 5 8 : directory services - algorithms | 29 | X9-62_id-publicKeyType 1 : id-ecPublicKey |
| 30 | 2 5 8 1 1 : rsa | 30 | !Alias ellipticCurve ansi-X9-62 3 |
| 31 | 31 | !Alias c-TwoCurve X9-62_ellipticCurve 0 | |
| 32 | algorithm 18 : sha | 32 | # ... characteristic 2 curve OIDs |
| 33 | encryptionAlgorithm 1 : rsa | 33 | !Alias primeCurve X9-62_ellipticCurve 1 |
| 34 | X9-62_primeCurve 1 : prime192v1 | ||
| 35 | X9-62_primeCurve 2 : prime192v2 | ||
| 36 | X9-62_primeCurve 3 : prime192v3 | ||
| 37 | X9-62_primeCurve 4 : prime239v1 | ||
| 38 | X9-62_primeCurve 5 : prime239v2 | ||
| 39 | X9-62_primeCurve 6 : prime239v3 | ||
| 40 | X9-62_primeCurve 7 : prime256v1 | ||
| 41 | !Alias id-ecSigType ansi-X9-62 4 | ||
| 42 | !global | ||
| 43 | X9-62_id-ecSigType 1 : ecdsa-with-SHA1 | ||
| 44 | |||
| 45 | |||
| 46 | |||
| 47 | ISO-US 113533 7 66 10 : CAST5-CBC : cast5-cbc | ||
| 48 | : CAST5-ECB : cast5-ecb | ||
| 49 | !Cname cast5-cfb64 | ||
| 50 | : CAST5-CFB : cast5-cfb | ||
| 51 | !Cname cast5-ofb64 | ||
| 52 | : CAST5-OFB : cast5-ofb | ||
| 53 | !Cname pbeWithMD5AndCast5-CBC | ||
| 54 | ISO-US 113533 7 66 12 : : pbeWithMD5AndCast5CBC | ||
| 55 | |||
| 56 | ISO-US 113549 : rsadsi : RSA Data Security, Inc. | ||
| 57 | |||
| 58 | rsadsi 1 : pkcs : RSA Data Security, Inc. PKCS | ||
| 59 | |||
| 60 | pkcs 1 : pkcs1 | ||
| 61 | pkcs1 1 : : rsaEncryption | ||
| 62 | pkcs1 2 : RSA-MD2 : md2WithRSAEncryption | ||
| 63 | pkcs1 3 : RSA-MD4 : md4WithRSAEncryption | ||
| 64 | pkcs1 4 : RSA-MD5 : md5WithRSAEncryption | ||
| 65 | pkcs1 5 : RSA-SHA1 : sha1WithRSAEncryption | ||
| 66 | |||
| 67 | pkcs 3 : pkcs3 | ||
| 68 | pkcs3 1 : : dhKeyAgreement | ||
| 69 | |||
| 70 | pkcs 5 : pkcs5 | ||
| 71 | pkcs5 1 : PBE-MD2-DES : pbeWithMD2AndDES-CBC | ||
| 72 | pkcs5 3 : PBE-MD5-DES : pbeWithMD5AndDES-CBC | ||
| 73 | pkcs5 4 : PBE-MD2-RC2-64 : pbeWithMD2AndRC2-CBC | ||
| 74 | pkcs5 6 : PBE-MD5-RC2-64 : pbeWithMD5AndRC2-CBC | ||
| 75 | pkcs5 10 : PBE-SHA1-DES : pbeWithSHA1AndDES-CBC | ||
| 76 | pkcs5 11 : PBE-SHA1-RC2-64 : pbeWithSHA1AndRC2-CBC | ||
| 77 | !Cname id_pbkdf2 | ||
| 78 | pkcs5 12 : : PBKDF2 | ||
| 79 | !Cname pbes2 | ||
| 80 | pkcs5 13 : : PBES2 | ||
| 81 | !Cname pbmac1 | ||
| 82 | pkcs5 14 : : PBMAC1 | ||
| 83 | |||
| 84 | pkcs 7 : pkcs7 | ||
| 85 | pkcs7 1 : : pkcs7-data | ||
| 86 | !Cname pkcs7-signed | ||
| 87 | pkcs7 2 : : pkcs7-signedData | ||
| 88 | !Cname pkcs7-enveloped | ||
| 89 | pkcs7 3 : : pkcs7-envelopedData | ||
| 90 | !Cname pkcs7-signedAndEnveloped | ||
| 91 | pkcs7 4 : : pkcs7-signedAndEnvelopedData | ||
| 92 | !Cname pkcs7-digest | ||
| 93 | pkcs7 5 : : pkcs7-digestData | ||
| 94 | !Cname pkcs7-encrypted | ||
| 95 | pkcs7 6 : : pkcs7-encryptedData | ||
| 96 | |||
| 97 | pkcs 9 : pkcs9 | ||
| 98 | !module pkcs9 | ||
| 99 | pkcs9 1 : : emailAddress | ||
| 100 | pkcs9 2 : : unstructuredName | ||
| 101 | pkcs9 3 : : contentType | ||
| 102 | pkcs9 4 : : messageDigest | ||
| 103 | pkcs9 5 : : signingTime | ||
| 104 | pkcs9 6 : : countersignature | ||
| 105 | pkcs9 7 : : challengePassword | ||
| 106 | pkcs9 8 : : unstructuredAddress | ||
| 107 | !Cname extCertAttributes | ||
| 108 | pkcs9 9 : : extendedCertificateAttributes | ||
| 109 | !global | ||
| 110 | |||
| 111 | !Cname ext-req | ||
| 112 | pkcs9 14 : extReq : Extension Request | ||
| 113 | |||
| 114 | !Cname SMIMECapabilities | ||
| 115 | pkcs9 15 : SMIME-CAPS : S/MIME Capabilities | ||
| 116 | |||
| 117 | # S/MIME | ||
| 118 | !Cname SMIME | ||
| 119 | pkcs9 16 : SMIME : S/MIME | ||
| 120 | SMIME 0 : id-smime-mod | ||
| 121 | SMIME 1 : id-smime-ct | ||
| 122 | SMIME 2 : id-smime-aa | ||
| 123 | SMIME 3 : id-smime-alg | ||
| 124 | SMIME 4 : id-smime-cd | ||
| 125 | SMIME 5 : id-smime-spq | ||
| 126 | SMIME 6 : id-smime-cti | ||
| 127 | |||
| 128 | # S/MIME Modules | ||
| 129 | id-smime-mod 1 : id-smime-mod-cms | ||
| 130 | id-smime-mod 2 : id-smime-mod-ess | ||
| 131 | id-smime-mod 3 : id-smime-mod-oid | ||
| 132 | id-smime-mod 4 : id-smime-mod-msg-v3 | ||
| 133 | id-smime-mod 5 : id-smime-mod-ets-eSignature-88 | ||
| 134 | id-smime-mod 6 : id-smime-mod-ets-eSignature-97 | ||
| 135 | id-smime-mod 7 : id-smime-mod-ets-eSigPolicy-88 | ||
| 136 | id-smime-mod 8 : id-smime-mod-ets-eSigPolicy-97 | ||
| 137 | |||
| 138 | # S/MIME Content Types | ||
| 139 | id-smime-ct 1 : id-smime-ct-receipt | ||
| 140 | id-smime-ct 2 : id-smime-ct-authData | ||
| 141 | id-smime-ct 3 : id-smime-ct-publishCert | ||
| 142 | id-smime-ct 4 : id-smime-ct-TSTInfo | ||
| 143 | id-smime-ct 5 : id-smime-ct-TDTInfo | ||
| 144 | id-smime-ct 6 : id-smime-ct-contentInfo | ||
| 145 | id-smime-ct 7 : id-smime-ct-DVCSRequestData | ||
| 146 | id-smime-ct 8 : id-smime-ct-DVCSResponseData | ||
| 147 | |||
| 148 | # S/MIME Attributes | ||
| 149 | id-smime-aa 1 : id-smime-aa-receiptRequest | ||
| 150 | id-smime-aa 2 : id-smime-aa-securityLabel | ||
| 151 | id-smime-aa 3 : id-smime-aa-mlExpandHistory | ||
| 152 | id-smime-aa 4 : id-smime-aa-contentHint | ||
| 153 | id-smime-aa 5 : id-smime-aa-msgSigDigest | ||
| 154 | # obsolete | ||
| 155 | id-smime-aa 6 : id-smime-aa-encapContentType | ||
| 156 | id-smime-aa 7 : id-smime-aa-contentIdentifier | ||
| 157 | # obsolete | ||
| 158 | id-smime-aa 8 : id-smime-aa-macValue | ||
| 159 | id-smime-aa 9 : id-smime-aa-equivalentLabels | ||
| 160 | id-smime-aa 10 : id-smime-aa-contentReference | ||
| 161 | id-smime-aa 11 : id-smime-aa-encrypKeyPref | ||
| 162 | id-smime-aa 12 : id-smime-aa-signingCertificate | ||
| 163 | id-smime-aa 13 : id-smime-aa-smimeEncryptCerts | ||
| 164 | id-smime-aa 14 : id-smime-aa-timeStampToken | ||
| 165 | id-smime-aa 15 : id-smime-aa-ets-sigPolicyId | ||
| 166 | id-smime-aa 16 : id-smime-aa-ets-commitmentType | ||
| 167 | id-smime-aa 17 : id-smime-aa-ets-signerLocation | ||
| 168 | id-smime-aa 18 : id-smime-aa-ets-signerAttr | ||
| 169 | id-smime-aa 19 : id-smime-aa-ets-otherSigCert | ||
| 170 | id-smime-aa 20 : id-smime-aa-ets-contentTimestamp | ||
| 171 | id-smime-aa 21 : id-smime-aa-ets-CertificateRefs | ||
| 172 | id-smime-aa 22 : id-smime-aa-ets-RevocationRefs | ||
| 173 | id-smime-aa 23 : id-smime-aa-ets-certValues | ||
| 174 | id-smime-aa 24 : id-smime-aa-ets-revocationValues | ||
| 175 | id-smime-aa 25 : id-smime-aa-ets-escTimeStamp | ||
| 176 | id-smime-aa 26 : id-smime-aa-ets-certCRLTimestamp | ||
| 177 | id-smime-aa 27 : id-smime-aa-ets-archiveTimeStamp | ||
| 178 | id-smime-aa 28 : id-smime-aa-signatureType | ||
| 179 | id-smime-aa 29 : id-smime-aa-dvcs-dvc | ||
| 180 | |||
| 181 | # S/MIME Algorithm Identifiers | ||
| 182 | # obsolete | ||
| 183 | id-smime-alg 1 : id-smime-alg-ESDHwith3DES | ||
| 184 | # obsolete | ||
| 185 | id-smime-alg 2 : id-smime-alg-ESDHwithRC2 | ||
| 186 | # obsolete | ||
| 187 | id-smime-alg 3 : id-smime-alg-3DESwrap | ||
| 188 | # obsolete | ||
| 189 | id-smime-alg 4 : id-smime-alg-RC2wrap | ||
| 190 | id-smime-alg 5 : id-smime-alg-ESDH | ||
| 191 | id-smime-alg 6 : id-smime-alg-CMS3DESwrap | ||
| 192 | id-smime-alg 7 : id-smime-alg-CMSRC2wrap | ||
| 193 | |||
| 194 | # S/MIME Certificate Distribution | ||
| 195 | id-smime-cd 1 : id-smime-cd-ldap | ||
| 196 | |||
| 197 | # S/MIME Signature Policy Qualifier | ||
| 198 | id-smime-spq 1 : id-smime-spq-ets-sqt-uri | ||
| 199 | id-smime-spq 2 : id-smime-spq-ets-sqt-unotice | ||
| 200 | |||
| 201 | # S/MIME Commitment Type Identifier | ||
| 202 | id-smime-cti 1 : id-smime-cti-ets-proofOfOrigin | ||
| 203 | id-smime-cti 2 : id-smime-cti-ets-proofOfReceipt | ||
| 204 | id-smime-cti 3 : id-smime-cti-ets-proofOfDelivery | ||
| 205 | id-smime-cti 4 : id-smime-cti-ets-proofOfSender | ||
| 206 | id-smime-cti 5 : id-smime-cti-ets-proofOfApproval | ||
| 207 | id-smime-cti 6 : id-smime-cti-ets-proofOfCreation | ||
| 208 | |||
| 209 | pkcs9 20 : : friendlyName | ||
| 210 | pkcs9 21 : : localKeyID | ||
| 211 | !Cname ms-csp-name | ||
| 212 | 1 3 6 1 4 1 311 17 1 : CSPName : Microsoft CSP Name | ||
| 213 | !Alias certTypes pkcs9 22 | ||
| 214 | certTypes 1 : : x509Certificate | ||
| 215 | certTypes 2 : : sdsiCertificate | ||
| 216 | !Alias crlTypes pkcs9 23 | ||
| 217 | crlTypes 1 : : x509Crl | ||
| 218 | |||
| 219 | !Alias pkcs12 pkcs 12 | ||
| 220 | !Alias pkcs12-pbeids pkcs12 1 | ||
| 221 | |||
| 222 | !Cname pbe-WithSHA1And128BitRC4 | ||
| 223 | pkcs12-pbeids 1 : PBE-SHA1-RC4-128 : pbeWithSHA1And128BitRC4 | ||
| 224 | !Cname pbe-WithSHA1And40BitRC4 | ||
| 225 | pkcs12-pbeids 2 : PBE-SHA1-RC4-40 : pbeWithSHA1And40BitRC4 | ||
| 226 | !Cname pbe-WithSHA1And3_Key_TripleDES-CBC | ||
| 227 | pkcs12-pbeids 3 : PBE-SHA1-3DES : pbeWithSHA1And3-KeyTripleDES-CBC | ||
| 228 | !Cname pbe-WithSHA1And2_Key_TripleDES-CBC | ||
| 229 | pkcs12-pbeids 4 : PBE-SHA1-2DES : pbeWithSHA1And2-KeyTripleDES-CBC | ||
| 230 | !Cname pbe-WithSHA1And128BitRC2-CBC | ||
| 231 | pkcs12-pbeids 5 : PBE-SHA1-RC2-128 : pbeWithSHA1And128BitRC2-CBC | ||
| 232 | !Cname pbe-WithSHA1And40BitRC2-CBC | ||
| 233 | pkcs12-pbeids 6 : PBE-SHA1-RC2-40 : pbeWithSHA1And40BitRC2-CBC | ||
| 234 | |||
| 235 | !Alias pkcs12-Version1 pkcs12 10 | ||
| 236 | !Alias pkcs12-BagIds pkcs12-Version1 1 | ||
| 237 | pkcs12-BagIds 1 : : keyBag | ||
| 238 | pkcs12-BagIds 2 : : pkcs8ShroudedKeyBag | ||
| 239 | pkcs12-BagIds 3 : : certBag | ||
| 240 | pkcs12-BagIds 4 : : crlBag | ||
| 241 | pkcs12-BagIds 5 : : secretBag | ||
| 242 | pkcs12-BagIds 6 : : safeContentsBag | ||
| 243 | |||
| 244 | rsadsi 2 2 : MD2 : md2 | ||
| 245 | rsadsi 2 4 : MD4 : md4 | ||
| 246 | rsadsi 2 5 : MD5 : md5 | ||
| 247 | : MD5-SHA1 : md5-sha1 | ||
| 248 | rsadsi 2 7 : : hmacWithSHA1 | ||
| 249 | rsadsi 3 2 : RC2-CBC : rc2-cbc | ||
| 250 | : RC2-ECB : rc2-ecb | ||
| 251 | !Cname rc2-cfb64 | ||
| 252 | : RC2-CFB : rc2-cfb | ||
| 253 | !Cname rc2-ofb64 | ||
| 254 | : RC2-OFB : rc2-ofb | ||
| 255 | : RC2-40-CBC : rc2-40-cbc | ||
| 256 | : RC2-64-CBC : rc2-64-cbc | ||
| 257 | rsadsi 3 4 : RC4 : rc4 | ||
| 258 | : RC4-40 : rc4-40 | ||
| 259 | rsadsi 3 7 : DES-EDE3-CBC : des-ede3-cbc | ||
| 260 | rsadsi 3 8 : RC5-CBC : rc5-cbc | ||
| 261 | : RC5-ECB : rc5-ecb | ||
| 262 | !Cname rc5-cfb64 | ||
| 263 | : RC5-CFB : rc5-cfb | ||
| 264 | !Cname rc5-ofb64 | ||
| 265 | : RC5-OFB : rc5-ofb | ||
| 266 | |||
| 267 | !Cname ms-ext-req | ||
| 268 | 1 3 6 1 4 1 311 2 1 14 : msExtReq : Microsoft Extension Request | ||
| 269 | !Cname ms-code-ind | ||
| 270 | 1 3 6 1 4 1 311 2 1 21 : msCodeInd : Microsoft Individual Code Signing | ||
| 271 | !Cname ms-code-com | ||
| 272 | 1 3 6 1 4 1 311 2 1 22 : msCodeCom : Microsoft Commercial Code Signing | ||
| 273 | !Cname ms-ctl-sign | ||
| 274 | 1 3 6 1 4 1 311 10 3 1 : msCTLSign : Microsoft Trust List Signing | ||
| 275 | !Cname ms-sgc | ||
| 276 | 1 3 6 1 4 1 311 10 3 3 : msSGC : Microsoft Server Gated Crypto | ||
| 277 | !Cname ms-efs | ||
| 278 | 1 3 6 1 4 1 311 10 3 4 : msEFS : Microsoft Encrypted File System | ||
| 279 | |||
| 280 | 1 3 6 1 4 1 188 7 1 1 2 : IDEA-CBC : idea-cbc | ||
| 281 | : IDEA-ECB : idea-ecb | ||
| 282 | !Cname idea-cfb64 | ||
| 283 | : IDEA-CFB : idea-cfb | ||
| 284 | !Cname idea-ofb64 | ||
| 285 | : IDEA-OFB : idea-ofb | ||
| 286 | |||
| 287 | 1 3 6 1 4 1 3029 1 2 : BF-CBC : bf-cbc | ||
| 288 | : BF-ECB : bf-ecb | ||
| 289 | !Cname bf-cfb64 | ||
| 290 | : BF-CFB : bf-cfb | ||
| 291 | !Cname bf-ofb64 | ||
| 292 | : BF-OFB : bf-ofb | ||
| 293 | |||
| 294 | !Cname id-pkix | ||
| 295 | 1 3 6 1 5 5 7 : PKIX | ||
| 296 | |||
| 297 | # PKIX Arcs | ||
| 298 | id-pkix 0 : id-pkix-mod | ||
| 299 | id-pkix 1 : id-pe | ||
| 300 | id-pkix 2 : id-qt | ||
| 301 | id-pkix 3 : id-kp | ||
| 302 | id-pkix 4 : id-it | ||
| 303 | id-pkix 5 : id-pkip | ||
| 304 | id-pkix 6 : id-alg | ||
| 305 | id-pkix 7 : id-cmc | ||
| 306 | id-pkix 8 : id-on | ||
| 307 | id-pkix 9 : id-pda | ||
| 308 | id-pkix 10 : id-aca | ||
| 309 | id-pkix 11 : id-qcs | ||
| 310 | id-pkix 12 : id-cct | ||
| 311 | id-pkix 48 : id-ad | ||
| 312 | |||
| 313 | # PKIX Modules | ||
| 314 | id-pkix-mod 1 : id-pkix1-explicit-88 | ||
| 315 | id-pkix-mod 2 : id-pkix1-implicit-88 | ||
| 316 | id-pkix-mod 3 : id-pkix1-explicit-93 | ||
| 317 | id-pkix-mod 4 : id-pkix1-implicit-93 | ||
| 318 | id-pkix-mod 5 : id-mod-crmf | ||
| 319 | id-pkix-mod 6 : id-mod-cmc | ||
| 320 | id-pkix-mod 7 : id-mod-kea-profile-88 | ||
| 321 | id-pkix-mod 8 : id-mod-kea-profile-93 | ||
| 322 | id-pkix-mod 9 : id-mod-cmp | ||
| 323 | id-pkix-mod 10 : id-mod-qualified-cert-88 | ||
| 324 | id-pkix-mod 11 : id-mod-qualified-cert-93 | ||
| 325 | id-pkix-mod 12 : id-mod-attribute-cert | ||
| 326 | id-pkix-mod 13 : id-mod-timestamp-protocol | ||
| 327 | id-pkix-mod 14 : id-mod-ocsp | ||
| 328 | id-pkix-mod 15 : id-mod-dvcs | ||
| 329 | id-pkix-mod 16 : id-mod-cmp2000 | ||
| 330 | |||
| 331 | # PKIX Private Extensions | ||
| 332 | !Cname info-access | ||
| 333 | id-pe 1 : authorityInfoAccess : Authority Information Access | ||
| 334 | id-pe 2 : biometricInfo : Biometric Info | ||
| 335 | id-pe 3 : qcStatements | ||
| 336 | id-pe 4 : ac-auditEntity | ||
| 337 | id-pe 5 : ac-targeting | ||
| 338 | id-pe 6 : aaControls | ||
| 339 | id-pe 7 : sbqp-ipAddrBlock | ||
| 340 | id-pe 8 : sbqp-autonomousSysNum | ||
| 341 | id-pe 9 : sbqp-routerIdentifier | ||
| 342 | id-pe 10 : ac-proxying | ||
| 343 | !Cname sinfo-access | ||
| 344 | id-pe 11 : subjectInfoAccess : Subject Information Access | ||
| 345 | |||
| 346 | # PKIX policyQualifiers for Internet policy qualifiers | ||
| 347 | id-qt 1 : id-qt-cps : Policy Qualifier CPS | ||
| 348 | id-qt 2 : id-qt-unotice : Policy Qualifier User Notice | ||
| 349 | id-qt 3 : textNotice | ||
| 350 | |||
| 351 | # PKIX key purpose identifiers | ||
| 352 | !Cname server-auth | ||
| 353 | id-kp 1 : serverAuth : TLS Web Server Authentication | ||
| 354 | !Cname client-auth | ||
| 355 | id-kp 2 : clientAuth : TLS Web Client Authentication | ||
| 356 | !Cname code-sign | ||
| 357 | id-kp 3 : codeSigning : Code Signing | ||
| 358 | !Cname email-protect | ||
| 359 | id-kp 4 : emailProtection : E-mail Protection | ||
| 360 | id-kp 5 : ipsecEndSystem : IPSec End System | ||
| 361 | id-kp 6 : ipsecTunnel : IPSec Tunnel | ||
| 362 | id-kp 7 : ipsecUser : IPSec User | ||
| 363 | !Cname time-stamp | ||
| 364 | id-kp 8 : timeStamping : Time Stamping | ||
| 365 | # From OCSP spec RFC2560 | ||
| 366 | !Cname OCSP-sign | ||
| 367 | id-kp 9 : OCSPSigning : OCSP Signing | ||
| 368 | id-kp 10 : DVCS : dvcs | ||
| 369 | |||
| 370 | # CMP information types | ||
| 371 | id-it 1 : id-it-caProtEncCert | ||
| 372 | id-it 2 : id-it-signKeyPairTypes | ||
| 373 | id-it 3 : id-it-encKeyPairTypes | ||
| 374 | id-it 4 : id-it-preferredSymmAlg | ||
| 375 | id-it 5 : id-it-caKeyUpdateInfo | ||
| 376 | id-it 6 : id-it-currentCRL | ||
| 377 | id-it 7 : id-it-unsupportedOIDs | ||
| 378 | # obsolete | ||
| 379 | id-it 8 : id-it-subscriptionRequest | ||
| 380 | # obsolete | ||
| 381 | id-it 9 : id-it-subscriptionResponse | ||
| 382 | id-it 10 : id-it-keyPairParamReq | ||
| 383 | id-it 11 : id-it-keyPairParamRep | ||
| 384 | id-it 12 : id-it-revPassphrase | ||
| 385 | id-it 13 : id-it-implicitConfirm | ||
| 386 | id-it 14 : id-it-confirmWaitTime | ||
| 387 | id-it 15 : id-it-origPKIMessage | ||
| 388 | |||
| 389 | # CRMF registration | ||
| 390 | id-pkip 1 : id-regCtrl | ||
| 391 | id-pkip 2 : id-regInfo | ||
| 392 | |||
| 393 | # CRMF registration controls | ||
| 394 | id-regCtrl 1 : id-regCtrl-regToken | ||
| 395 | id-regCtrl 2 : id-regCtrl-authenticator | ||
| 396 | id-regCtrl 3 : id-regCtrl-pkiPublicationInfo | ||
| 397 | id-regCtrl 4 : id-regCtrl-pkiArchiveOptions | ||
| 398 | id-regCtrl 5 : id-regCtrl-oldCertID | ||
| 399 | id-regCtrl 6 : id-regCtrl-protocolEncrKey | ||
| 400 | |||
| 401 | # CRMF registration information | ||
| 402 | id-regInfo 1 : id-regInfo-utf8Pairs | ||
| 403 | id-regInfo 2 : id-regInfo-certReq | ||
| 404 | |||
| 405 | # algorithms | ||
| 406 | id-alg 1 : id-alg-des40 | ||
| 407 | id-alg 2 : id-alg-noSignature | ||
| 408 | id-alg 3 : id-alg-dh-sig-hmac-sha1 | ||
| 409 | id-alg 4 : id-alg-dh-pop | ||
| 410 | |||
| 411 | # CMC controls | ||
| 412 | id-cmc 1 : id-cmc-statusInfo | ||
| 413 | id-cmc 2 : id-cmc-identification | ||
| 414 | id-cmc 3 : id-cmc-identityProof | ||
| 415 | id-cmc 4 : id-cmc-dataReturn | ||
| 416 | id-cmc 5 : id-cmc-transactionId | ||
| 417 | id-cmc 6 : id-cmc-senderNonce | ||
| 418 | id-cmc 7 : id-cmc-recipientNonce | ||
| 419 | id-cmc 8 : id-cmc-addExtensions | ||
| 420 | id-cmc 9 : id-cmc-encryptedPOP | ||
| 421 | id-cmc 10 : id-cmc-decryptedPOP | ||
| 422 | id-cmc 11 : id-cmc-lraPOPWitness | ||
| 423 | id-cmc 15 : id-cmc-getCert | ||
| 424 | id-cmc 16 : id-cmc-getCRL | ||
| 425 | id-cmc 17 : id-cmc-revokeRequest | ||
| 426 | id-cmc 18 : id-cmc-regInfo | ||
| 427 | id-cmc 19 : id-cmc-responseInfo | ||
| 428 | id-cmc 21 : id-cmc-queryPending | ||
| 429 | id-cmc 22 : id-cmc-popLinkRandom | ||
| 430 | id-cmc 23 : id-cmc-popLinkWitness | ||
| 431 | id-cmc 24 : id-cmc-confirmCertAcceptance | ||
| 432 | |||
| 433 | # other names | ||
| 434 | id-on 1 : id-on-personalData | ||
| 435 | |||
| 436 | # personal data attributes | ||
| 437 | id-pda 1 : id-pda-dateOfBirth | ||
| 438 | id-pda 2 : id-pda-placeOfBirth | ||
| 439 | id-pda 3 : id-pda-gender | ||
| 440 | id-pda 4 : id-pda-countryOfCitizenship | ||
| 441 | id-pda 5 : id-pda-countryOfResidence | ||
| 442 | |||
| 443 | # attribute certificate attributes | ||
| 444 | id-aca 1 : id-aca-authenticationInfo | ||
| 445 | id-aca 2 : id-aca-accessIdentity | ||
| 446 | id-aca 3 : id-aca-chargingIdentity | ||
| 447 | id-aca 4 : id-aca-group | ||
| 448 | # attention : the following seems to be obsolete, replace by 'role' | ||
| 449 | id-aca 5 : id-aca-role | ||
| 450 | id-aca 6 : id-aca-encAttrs | ||
| 451 | |||
| 452 | # qualified certificate statements | ||
| 453 | id-qcs 1 : id-qcs-pkixQCSyntax-v1 | ||
| 454 | |||
| 455 | # CMC content types | ||
| 456 | id-cct 1 : id-cct-crs | ||
| 457 | id-cct 2 : id-cct-PKIData | ||
| 458 | id-cct 3 : id-cct-PKIResponse | ||
| 459 | |||
| 460 | # access descriptors for authority info access extension | ||
| 461 | !Cname ad-OCSP | ||
| 462 | id-ad 1 : OCSP : OCSP | ||
| 463 | !Cname ad-ca-issuers | ||
| 464 | id-ad 2 : caIssuers : CA Issuers | ||
| 465 | !Cname ad-timeStamping | ||
| 466 | id-ad 3 : ad_timestamping : AD Time Stamping | ||
| 467 | !Cname ad-dvcs | ||
| 468 | id-ad 4 : AD_DVCS : ad dvcs | ||
| 469 | |||
| 470 | |||
| 471 | !Alias id-pkix-OCSP ad-OCSP | ||
| 472 | !module id-pkix-OCSP | ||
| 473 | !Cname basic | ||
| 474 | id-pkix-OCSP 1 : basicOCSPResponse : Basic OCSP Response | ||
| 475 | id-pkix-OCSP 2 : Nonce : OCSP Nonce | ||
| 476 | id-pkix-OCSP 3 : CrlID : OCSP CRL ID | ||
| 477 | id-pkix-OCSP 4 : acceptableResponses : Acceptable OCSP Responses | ||
| 478 | id-pkix-OCSP 5 : noCheck : OCSP No Check | ||
| 479 | id-pkix-OCSP 6 : archiveCutoff : OCSP Archive Cutoff | ||
| 480 | id-pkix-OCSP 7 : serviceLocator : OCSP Service Locator | ||
| 481 | id-pkix-OCSP 8 : extendedStatus : Extended OCSP Status | ||
| 482 | id-pkix-OCSP 9 : valid | ||
| 483 | id-pkix-OCSP 10 : path | ||
| 484 | id-pkix-OCSP 11 : trustRoot : Trust Root | ||
| 485 | !global | ||
| 486 | |||
| 487 | 1 3 14 3 2 : algorithm : algorithm | ||
| 488 | algorithm 3 : RSA-NP-MD5 : md5WithRSA | ||
| 489 | algorithm 6 : DES-ECB : des-ecb | ||
| 490 | algorithm 7 : DES-CBC : des-cbc | ||
| 491 | !Cname des-ofb64 | ||
| 492 | algorithm 8 : DES-OFB : des-ofb | ||
| 493 | !Cname des-cfb64 | ||
| 494 | algorithm 9 : DES-CFB : des-cfb | ||
| 34 | algorithm 11 : rsaSignature | 495 | algorithm 11 : rsaSignature |
| 496 | !Cname dsa-2 | ||
| 497 | algorithm 12 : DSA-old : dsaEncryption-old | ||
| 498 | algorithm 13 : DSA-SHA : dsaWithSHA | ||
| 499 | algorithm 15 : RSA-SHA : shaWithRSAEncryption | ||
| 500 | !Cname des-ede-ecb | ||
| 501 | algorithm 17 : DES-EDE : des-ede | ||
| 502 | !Cname des-ede3-ecb | ||
| 503 | : DES-EDE3 : des-ede3 | ||
| 504 | : DES-EDE-CBC : des-ede-cbc | ||
| 505 | !Cname des-ede-cfb64 | ||
| 506 | : DES-EDE-CFB : des-ede-cfb | ||
| 507 | !Cname des-ede3-cfb64 | ||
| 508 | : DES-EDE3-CFB : des-ede3-cfb | ||
| 509 | !Cname des-ede-ofb64 | ||
| 510 | : DES-EDE-OFB : des-ede-ofb | ||
| 511 | !Cname des-ede3-ofb64 | ||
| 512 | : DES-EDE3-OFB : des-ede3-ofb | ||
| 513 | : DESX-CBC : desx-cbc | ||
| 514 | algorithm 18 : SHA : sha | ||
| 515 | algorithm 26 : SHA1 : sha1 | ||
| 516 | !Cname dsaWithSHA1-2 | ||
| 517 | algorithm 27 : DSA-SHA1-old : dsaWithSHA1-old | ||
| 518 | algorithm 29 : RSA-SHA1-2 : sha1WithRSA | ||
| 519 | |||
| 520 | 1 3 36 3 2 1 : RIPEMD160 : ripemd160 | ||
| 521 | 1 3 36 3 3 1 2 : RSA-RIPEMD160 : ripemd160WithRSA | ||
| 522 | |||
| 523 | !Cname sxnet | ||
| 524 | 1 3 101 1 4 1 : SXNetID : Strong Extranet ID | ||
| 525 | |||
| 526 | 2 5 : X500 : directory services (X.500) | ||
| 527 | |||
| 528 | X500 4 : X509 | ||
| 529 | X509 3 : CN : commonName | ||
| 530 | X509 4 : SN : surname | ||
| 531 | X509 5 : : serialNumber | ||
| 532 | X509 6 : C : countryName | ||
| 533 | X509 7 : L : localityName | ||
| 534 | X509 8 : ST : stateOrProvinceName | ||
| 535 | X509 10 : O : organizationName | ||
| 536 | X509 11 : OU : organizationalUnitName | ||
| 537 | X509 12 : : title | ||
| 538 | X509 13 : : description | ||
| 539 | X509 41 : name : name | ||
| 540 | X509 42 : gn : givenName | ||
| 541 | X509 43 : : initials | ||
| 542 | X509 44 : : generationQualifier | ||
| 543 | X509 45 : : x500UniqueIdentifier | ||
| 544 | X509 46 : dnQualifier : dnQualifier | ||
| 545 | X509 72 : role : role | ||
| 546 | |||
| 547 | X500 8 : X500algorithms : directory services - algorithms | ||
| 548 | X500algorithms 1 1 : RSA : rsa | ||
| 549 | X500algorithms 3 100 : RSA-MDC2 : mdc2WithRSA | ||
| 550 | X500algorithms 3 101 : MDC2 : mdc2 | ||
| 551 | |||
| 552 | X500 29 : id-ce | ||
| 553 | !Cname subject-key-identifier | ||
| 554 | id-ce 14 : subjectKeyIdentifier : X509v3 Subject Key Identifier | ||
| 555 | !Cname key-usage | ||
| 556 | id-ce 15 : keyUsage : X509v3 Key Usage | ||
| 557 | !Cname private-key-usage-period | ||
| 558 | id-ce 16 : privateKeyUsagePeriod : X509v3 Private Key Usage Period | ||
| 559 | !Cname subject-alt-name | ||
| 560 | id-ce 17 : subjectAltName : X509v3 Subject Alternative Name | ||
| 561 | !Cname issuer-alt-name | ||
| 562 | id-ce 18 : issuerAltName : X509v3 Issuer Alternative Name | ||
| 563 | !Cname basic-constraints | ||
| 564 | id-ce 19 : basicConstraints : X509v3 Basic Constraints | ||
| 565 | !Cname crl-number | ||
| 566 | id-ce 20 : crlNumber : X509v3 CRL Number | ||
| 567 | !Cname crl-reason | ||
| 568 | id-ce 21 : CRLReason : X509v3 CRL Reason Code | ||
| 569 | !Cname invalidity-date | ||
| 570 | id-ce 24 : invalidityDate : Invalidity Date | ||
| 571 | !Cname delta-crl | ||
| 572 | id-ce 27 : deltaCRL : X509v3 Delta CRL Indicator | ||
| 573 | !Cname crl-distribution-points | ||
| 574 | id-ce 31 : crlDistributionPoints : X509v3 CRL Distribution Points | ||
| 575 | !Cname certificate-policies | ||
| 576 | id-ce 32 : certificatePolicies : X509v3 Certificate Policies | ||
| 577 | !Cname authority-key-identifier | ||
| 578 | id-ce 35 : authorityKeyIdentifier : X509v3 Authority Key Identifier | ||
| 579 | !Cname policy-constraints | ||
| 580 | id-ce 36 : policyConstraints : X509v3 Policy Constraints | ||
| 581 | !Cname ext-key-usage | ||
| 582 | id-ce 37 : extendedKeyUsage : X509v3 Extended Key Usage | ||
| 583 | !Cname target-information | ||
| 584 | id-ce 55 : targetInformation : X509v3 AC Targeting | ||
| 585 | !Cname no-rev-avail | ||
| 586 | id-ce 56 : noRevAvail : X509v3 No Revocation Available | ||
| 587 | |||
| 588 | !Cname netscape | ||
| 589 | 2 16 840 1 113730 : Netscape : Netscape Communications Corp. | ||
| 590 | !Cname netscape-cert-extension | ||
| 591 | netscape 1 : nsCertExt : Netscape Certificate Extension | ||
| 592 | !Cname netscape-data-type | ||
| 593 | netscape 2 : nsDataType : Netscape Data Type | ||
| 594 | !Cname netscape-cert-type | ||
| 595 | netscape-cert-extension 1 : nsCertType : Netscape Cert Type | ||
| 596 | !Cname netscape-base-url | ||
| 597 | netscape-cert-extension 2 : nsBaseUrl : Netscape Base Url | ||
| 598 | !Cname netscape-revocation-url | ||
| 599 | netscape-cert-extension 3 : nsRevocationUrl : Netscape Revocation Url | ||
| 600 | !Cname netscape-ca-revocation-url | ||
| 601 | netscape-cert-extension 4 : nsCaRevocationUrl : Netscape CA Revocation Url | ||
| 602 | !Cname netscape-renewal-url | ||
| 603 | netscape-cert-extension 7 : nsRenewalUrl : Netscape Renewal Url | ||
| 604 | !Cname netscape-ca-policy-url | ||
| 605 | netscape-cert-extension 8 : nsCaPolicyUrl : Netscape CA Policy Url | ||
| 606 | !Cname netscape-ssl-server-name | ||
| 607 | netscape-cert-extension 12 : nsSslServerName : Netscape SSL Server Name | ||
| 608 | !Cname netscape-comment | ||
| 609 | netscape-cert-extension 13 : nsComment : Netscape Comment | ||
| 610 | !Cname netscape-cert-sequence | ||
| 611 | netscape-data-type 5 : nsCertSequence : Netscape Certificate Sequence | ||
| 612 | !Cname ns-sgc | ||
| 613 | netscape 4 1 : nsSGC : Netscape Server Gated Crypto | ||
| 614 | |||
| 615 | # iso(1) | ||
| 616 | iso 3 : ORG : org | ||
| 617 | org 6 : DOD : dod | ||
| 618 | dod 1 : IANA : iana | ||
| 619 | !Alias internet iana | ||
| 620 | |||
| 621 | internet 1 : directory : Directory | ||
| 622 | internet 2 : mgmt : Management | ||
| 623 | internet 3 : experimental : Experimental | ||
| 624 | internet 4 : private : Private | ||
| 625 | internet 5 : security : Security | ||
| 626 | internet 6 : snmpv2 : SNMPv2 | ||
| 627 | # Documents refer to "internet 7" as "mail". This however leads to ambiguities | ||
| 628 | # with RFC2798, Section 9.1.3, where "mail" is defined as the short name for | ||
| 629 | # rfc822Mailbox. The short name is therefore here left out for a reason. | ||
| 630 | # Subclasses of "mail", e.g. "MIME MHS" don't consitute a problem, as | ||
| 631 | # references are realized via long name "Mail" (with capital M). | ||
| 632 | internet 7 : : Mail | ||
| 633 | |||
| 634 | Private 1 : enterprises : Enterprises | ||
| 635 | |||
| 636 | # RFC 2247 | ||
| 637 | Enterprises 1466 344 : dcobject : dcObject | ||
| 638 | |||
| 639 | # RFC 1495 | ||
| 640 | Mail 1 : mime-mhs : MIME MHS | ||
| 641 | mime-mhs 1 : mime-mhs-headings : mime-mhs-headings | ||
| 642 | mime-mhs 2 : mime-mhs-bodies : mime-mhs-bodies | ||
| 643 | mime-mhs-headings 1 : id-hex-partial-message : id-hex-partial-message | ||
| 644 | mime-mhs-headings 2 : id-hex-multipart-message : id-hex-multipart-message | ||
| 645 | |||
| 646 | # What the hell are these OIDs, really? | ||
| 647 | !Cname rle-compression | ||
| 648 | 1 1 1 1 666 1 : RLE : run length compression | ||
| 649 | !Cname zlib-compression | ||
| 650 | 1 1 1 1 666 2 : ZLIB : zlib compression | ||
| 651 | |||
| 652 | # AES aka Rijndael | ||
| 653 | |||
| 654 | !Alias csor 2 16 840 1 101 3 | ||
| 655 | !Alias nistAlgorithms csor 4 | ||
| 656 | !Alias aes nistAlgorithms 1 | ||
| 657 | |||
| 658 | aes 1 : AES-128-ECB : aes-128-ecb | ||
| 659 | aes 2 : AES-128-CBC : aes-128-cbc | ||
| 660 | !Cname aes-128-ofb128 | ||
| 661 | aes 3 : AES-128-OFB : aes-128-ofb | ||
| 662 | !Cname aes-128-cfb128 | ||
| 663 | aes 4 : AES-128-CFB : aes-128-cfb | ||
| 664 | |||
| 665 | aes 21 : AES-192-ECB : aes-192-ecb | ||
| 666 | aes 22 : AES-192-CBC : aes-192-cbc | ||
| 667 | !Cname aes-192-ofb128 | ||
| 668 | aes 23 : AES-192-OFB : aes-192-ofb | ||
| 669 | !Cname aes-192-cfb128 | ||
| 670 | aes 24 : AES-192-CFB : aes-192-cfb | ||
| 671 | |||
| 672 | aes 41 : AES-256-ECB : aes-256-ecb | ||
| 673 | aes 42 : AES-256-CBC : aes-256-cbc | ||
| 674 | !Cname aes-256-ofb128 | ||
| 675 | aes 43 : AES-256-OFB : aes-256-ofb | ||
| 676 | !Cname aes-256-cfb128 | ||
| 677 | aes 44 : AES-256-CFB : aes-256-cfb | ||
| 678 | |||
| 679 | # Hold instruction CRL entry extension | ||
| 680 | !Cname hold-instruction-code | ||
| 681 | id-ce 23 : holdInstructionCode : Hold Instruction Code | ||
| 682 | !Alias holdInstruction X9-57 2 | ||
| 683 | !Cname hold-instruction-none | ||
| 684 | holdInstruction 1 : holdInstructionNone : Hold Instruction None | ||
| 685 | !Cname hold-instruction-call-issuer | ||
| 686 | holdInstruction 2 : holdInstructionCallIssuer : Hold Instruction Call Issuer | ||
| 687 | !Cname hold-instruction-reject | ||
| 688 | holdInstruction 3 : holdInstructionReject : Hold Instruction Reject | ||
| 35 | 689 | ||
| 36 | algorithm 6 : desECB | 690 | # OID's from CCITT. Most of this is defined in RFC 1274. A couple of |
| 37 | algorithm 7 : desCBC | 691 | # them are also mentioned in RFC 2247 |
| 38 | algorithm 8 : desOFB | 692 | ccitt 9 : data |
| 39 | algorithm 9 : desCFB | 693 | data 2342 : pss |
| 40 | algorithm 17 : desEDE2 | 694 | pss 19200300 : ucl |
| 695 | ucl 100 : pilot | ||
| 696 | pilot 1 : : pilotAttributeType | ||
| 697 | pilot 3 : : pilotAttributeSyntax | ||
| 698 | pilot 4 : : pilotObjectClass | ||
| 699 | pilot 10 : : pilotGroups | ||
| 700 | pilotAttributeSyntax 4 : : iA5StringSyntax | ||
| 701 | pilotAttributeSyntax 5 : : caseIgnoreIA5StringSyntax | ||
| 702 | pilotObjectClass 3 : : pilotObject | ||
| 703 | pilotObjectClass 4 : : pilotPerson | ||
| 704 | pilotObjectClass 5 : account | ||
| 705 | pilotObjectClass 6 : document | ||
| 706 | pilotObjectClass 7 : room | ||
| 707 | pilotObjectClass 9 : : documentSeries | ||
| 708 | pilotObjectClass 13 : domain : Domain | ||
| 709 | pilotObjectClass 14 : : rFC822localPart | ||
| 710 | pilotObjectClass 15 : : dNSDomain | ||
| 711 | pilotObjectClass 17 : : domainRelatedObject | ||
| 712 | pilotObjectClass 18 : : friendlyCountry | ||
| 713 | pilotObjectClass 19 : : simpleSecurityObject | ||
| 714 | pilotObjectClass 20 : : pilotOrganization | ||
| 715 | pilotObjectClass 21 : : pilotDSA | ||
| 716 | pilotObjectClass 22 : : qualityLabelledData | ||
| 717 | pilotAttributeType 1 : UID : userId | ||
| 718 | pilotAttributeType 2 : : textEncodedORAddress | ||
| 719 | pilotAttributeType 3 : mail : rfc822Mailbox | ||
| 720 | pilotAttributeType 4 : info | ||
| 721 | pilotAttributeType 5 : : favouriteDrink | ||
| 722 | pilotAttributeType 6 : : roomNumber | ||
| 723 | pilotAttributeType 7 : photo | ||
| 724 | pilotAttributeType 8 : : userClass | ||
| 725 | pilotAttributeType 9 : host | ||
| 726 | pilotAttributeType 10 : manager | ||
| 727 | pilotAttributeType 11 : : documentIdentifier | ||
| 728 | pilotAttributeType 12 : : documentTitle | ||
| 729 | pilotAttributeType 13 : : documentVersion | ||
| 730 | pilotAttributeType 14 : : documentAuthor | ||
| 731 | pilotAttributeType 15 : : documentLocation | ||
| 732 | pilotAttributeType 20 : : homeTelephoneNumber | ||
| 733 | pilotAttributeType 21 : secretary | ||
| 734 | pilotAttributeType 22 : : otherMailbox | ||
| 735 | pilotAttributeType 23 : : lastModifiedTime | ||
| 736 | pilotAttributeType 24 : : lastModifiedBy | ||
| 737 | pilotAttributeType 25 : DC : domainComponent | ||
| 738 | pilotAttributeType 26 : : aRecord | ||
| 739 | pilotAttributeType 27 : : pilotAttributeType27 | ||
| 740 | pilotAttributeType 28 : : mXRecord | ||
| 741 | pilotAttributeType 29 : : nSRecord | ||
| 742 | pilotAttributeType 30 : : sOARecord | ||
| 743 | pilotAttributeType 31 : : cNAMERecord | ||
| 744 | pilotAttributeType 37 : : associatedDomain | ||
| 745 | pilotAttributeType 38 : : associatedName | ||
| 746 | pilotAttributeType 39 : : homePostalAddress | ||
| 747 | pilotAttributeType 40 : : personalTitle | ||
| 748 | pilotAttributeType 41 : : mobileTelephoneNumber | ||
| 749 | pilotAttributeType 42 : : pagerTelephoneNumber | ||
| 750 | pilotAttributeType 43 : : friendlyCountryName | ||
| 751 | # The following clashes with 2.5.4.45, so commented away | ||
| 752 | #pilotAttributeType 44 : uid : uniqueIdentifier | ||
| 753 | pilotAttributeType 45 : : organizationalStatus | ||
| 754 | pilotAttributeType 46 : : janetMailbox | ||
| 755 | pilotAttributeType 47 : : mailPreferenceOption | ||
| 756 | pilotAttributeType 48 : : buildingName | ||
| 757 | pilotAttributeType 49 : : dSAQuality | ||
| 758 | pilotAttributeType 50 : : singleLevelQuality | ||
| 759 | pilotAttributeType 51 : : subtreeMinimumQuality | ||
| 760 | pilotAttributeType 52 : : subtreeMaximumQuality | ||
| 761 | pilotAttributeType 53 : : personalSignature | ||
| 762 | pilotAttributeType 54 : : dITRedirect | ||
| 763 | pilotAttributeType 55 : audio | ||
| 764 | pilotAttributeType 56 : : documentPublisher | ||
diff --git a/src/lib/libcrypto/opensslv.h b/src/lib/libcrypto/opensslv.h index b841347f05..0d23a02fb2 100644 --- a/src/lib/libcrypto/opensslv.h +++ b/src/lib/libcrypto/opensslv.h | |||
| @@ -2,20 +2,84 @@ | |||
| 2 | #define HEADER_OPENSSLV_H | 2 | #define HEADER_OPENSSLV_H |
| 3 | 3 | ||
| 4 | /* Numeric release version identifier: | 4 | /* Numeric release version identifier: |
| 5 | * MMNNFFRBB: major minor fix final beta/patch | 5 | * MNNFFPPS: major minor fix patch status |
| 6 | * The status nibble has one of the values 0 for development, 1 to e for betas | ||
| 7 | * 1 to 14, and f for release. The patch level is exactly that. | ||
| 6 | * For example: | 8 | * For example: |
| 7 | * 0.9.3-dev 0x00903000 | 9 | * 0.9.3-dev 0x00903000 |
| 8 | * 0.9.3beta1 0x00903001 | 10 | * 0.9.3-beta1 0x00903001 |
| 9 | * 0.9.3beta2-dev 0x00903002 | 11 | * 0.9.3-beta2-dev 0x00903002 |
| 10 | * 0.9.3beta2 0x00903002 | 12 | * 0.9.3-beta2 0x00903002 (same as ...beta2-dev) |
| 11 | * 0.9.3 0x00903100 | 13 | * 0.9.3 0x0090300f |
| 12 | * 0.9.3a 0x00903101 | 14 | * 0.9.3a 0x0090301f |
| 13 | * 0.9.4 0x00904100 | 15 | * 0.9.4 0x0090400f |
| 14 | * 1.2.3z 0x1020311a | 16 | * 1.2.3z 0x102031af |
| 17 | * | ||
| 18 | * For continuity reasons (because 0.9.5 is already out, and is coded | ||
| 19 | * 0x00905100), between 0.9.5 and 0.9.6 the coding of the patch level | ||
| 20 | * part is slightly different, by setting the highest bit. This means | ||
| 21 | * that 0.9.5a looks like this: 0x0090581f. At 0.9.6, we can start | ||
| 22 | * with 0x0090600S... | ||
| 23 | * | ||
| 15 | * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) | 24 | * (Prior to 0.9.3-dev a different scheme was used: 0.9.2b is 0x0922.) |
| 25 | * (Prior to 0.9.5a beta1, a different scheme was used: MMNNFFRBB for | ||
| 26 | * major minor fix final patch/beta) | ||
| 16 | */ | 27 | */ |
| 17 | #define OPENSSL_VERSION_NUMBER 0x00904100L | 28 | #define OPENSSL_VERSION_NUMBER 0x00907001L |
| 18 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.4 09 Aug 1999" | 29 | #define OPENSSL_VERSION_TEXT "OpenSSL 0.9.7-beta1 01 Jun 2002" |
| 19 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT | 30 | #define OPENSSL_VERSION_PTEXT " part of " OPENSSL_VERSION_TEXT |
| 20 | 31 | ||
| 32 | |||
| 33 | /* The macros below are to be used for shared library (.so, .dll, ...) | ||
| 34 | * versioning. That kind of versioning works a bit differently between | ||
| 35 | * operating systems. The most usual scheme is to set a major and a minor | ||
| 36 | * number, and have the runtime loader check that the major number is equal | ||
| 37 | * to what it was at application link time, while the minor number has to | ||
| 38 | * be greater or equal to what it was at application link time. With this | ||
| 39 | * scheme, the version number is usually part of the file name, like this: | ||
| 40 | * | ||
| 41 | * libcrypto.so.0.9 | ||
| 42 | * | ||
| 43 | * Some unixen also make a softlink with the major verson number only: | ||
| 44 | * | ||
| 45 | * libcrypto.so.0 | ||
| 46 | * | ||
| 47 | * On Tru64 and IRIX 6.x it works a little bit differently. There, the | ||
| 48 | * shared library version is stored in the file, and is actually a series | ||
| 49 | * of versions, separated by colons. The rightmost version present in the | ||
| 50 | * library when linking an application is stored in the application to be | ||
| 51 | * matched at run time. When the application is run, a check is done to | ||
| 52 | * see if the library version stored in the application matches any of the | ||
| 53 | * versions in the version string of the library itself. | ||
| 54 | * This version string can be constructed in any way, depending on what | ||
| 55 | * kind of matching is desired. However, to implement the same scheme as | ||
| 56 | * the one used in the other unixen, all compatible versions, from lowest | ||
| 57 | * to highest, should be part of the string. Consecutive builds would | ||
| 58 | * give the following versions strings: | ||
| 59 | * | ||
| 60 | * 3.0 | ||
| 61 | * 3.0:3.1 | ||
| 62 | * 3.0:3.1:3.2 | ||
| 63 | * 4.0 | ||
| 64 | * 4.0:4.1 | ||
| 65 | * | ||
| 66 | * Notice how version 4 is completely incompatible with version, and | ||
| 67 | * therefore give the breach you can see. | ||
| 68 | * | ||
| 69 | * There may be other schemes as well that I haven't yet discovered. | ||
| 70 | * | ||
| 71 | * So, here's the way it works here: first of all, the library version | ||
| 72 | * number doesn't need at all to match the overall OpenSSL version. | ||
| 73 | * However, it's nice and more understandable if it actually does. | ||
| 74 | * The current library version is stored in the macro SHLIB_VERSION_NUMBER, | ||
| 75 | * which is just a piece of text in the format "M.m.e" (Major, minor, edit). | ||
| 76 | * For the sake of Tru64, IRIX, and any other OS that behaves in similar ways, | ||
| 77 | * we need to keep a history of version numbers, which is done in the | ||
| 78 | * macro SHLIB_VERSION_HISTORY. The numbers are separated by colons and | ||
| 79 | * should only keep the versions that are binary compatible with the current. | ||
| 80 | */ | ||
| 81 | #define SHLIB_VERSION_HISTORY "" | ||
| 82 | #define SHLIB_VERSION_NUMBER "0.9.7" | ||
| 83 | |||
| 84 | |||
| 21 | #endif /* HEADER_OPENSSLV_H */ | 85 | #endif /* HEADER_OPENSSLV_H */ |
diff --git a/src/lib/libcrypto/pem/pem.h b/src/lib/libcrypto/pem/pem.h index 55fbaeffe2..3785fca77d 100644 --- a/src/lib/libcrypto/pem/pem.h +++ b/src/lib/libcrypto/pem/pem.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* crypto/pem/pem.org */ | 1 | /* crypto/pem/pem.h */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -56,23 +56,25 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | /* WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | ||
| 60 | * | ||
| 61 | * Always modify pem.org since pem.h is automatically generated from | ||
| 62 | * it during SSLeay configuration. | ||
| 63 | * | ||
| 64 | * WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING | ||
| 65 | */ | ||
| 66 | |||
| 67 | #ifndef HEADER_PEM_H | 59 | #ifndef HEADER_PEM_H |
| 68 | #define HEADER_PEM_H | 60 | #define HEADER_PEM_H |
| 69 | 61 | ||
| 62 | #ifndef OPENSSL_NO_BIO | ||
| 63 | #include <openssl/bio.h> | ||
| 64 | #endif | ||
| 65 | #ifndef OPENSSL_NO_STACK | ||
| 66 | #include <openssl/stack.h> | ||
| 67 | #endif | ||
| 68 | #include <openssl/evp.h> | ||
| 69 | #include <openssl/x509.h> | ||
| 70 | #include <openssl/pem2.h> | ||
| 71 | #include <openssl/e_os2.h> | ||
| 72 | |||
| 70 | #ifdef __cplusplus | 73 | #ifdef __cplusplus |
| 71 | extern "C" { | 74 | extern "C" { |
| 72 | #endif | 75 | #endif |
| 73 | 76 | ||
| 74 | #include "evp.h" | 77 | #define PEM_BUFSIZE 1024 |
| 75 | #include "x509.h" | ||
| 76 | 78 | ||
| 77 | #define PEM_OBJ_UNDEF 0 | 79 | #define PEM_OBJ_UNDEF 0 |
| 78 | #define PEM_OBJ_X509 1 | 80 | #define PEM_OBJ_X509 1 |
| @@ -108,49 +110,25 @@ extern "C" { | |||
| 108 | 110 | ||
| 109 | #define PEM_STRING_X509_OLD "X509 CERTIFICATE" | 111 | #define PEM_STRING_X509_OLD "X509 CERTIFICATE" |
| 110 | #define PEM_STRING_X509 "CERTIFICATE" | 112 | #define PEM_STRING_X509 "CERTIFICATE" |
| 113 | #define PEM_STRING_X509_TRUSTED "TRUSTED CERTIFICATE" | ||
| 111 | #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" | 114 | #define PEM_STRING_X509_REQ_OLD "NEW CERTIFICATE REQUEST" |
| 112 | #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" | 115 | #define PEM_STRING_X509_REQ "CERTIFICATE REQUEST" |
| 113 | #define PEM_STRING_X509_CRL "X509 CRL" | 116 | #define PEM_STRING_X509_CRL "X509 CRL" |
| 114 | #define PEM_STRING_EVP_PKEY "PRIVATE KEY" | 117 | #define PEM_STRING_EVP_PKEY "ANY PRIVATE KEY" |
| 118 | #define PEM_STRING_PUBLIC "PUBLIC KEY" | ||
| 115 | #define PEM_STRING_RSA "RSA PRIVATE KEY" | 119 | #define PEM_STRING_RSA "RSA PRIVATE KEY" |
| 116 | #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" | 120 | #define PEM_STRING_RSA_PUBLIC "RSA PUBLIC KEY" |
| 117 | #define PEM_STRING_DSA "DSA PRIVATE KEY" | 121 | #define PEM_STRING_DSA "DSA PRIVATE KEY" |
| 122 | #define PEM_STRING_DSA_PUBLIC "DSA PUBLIC KEY" | ||
| 118 | #define PEM_STRING_PKCS7 "PKCS7" | 123 | #define PEM_STRING_PKCS7 "PKCS7" |
| 124 | #define PEM_STRING_PKCS8 "ENCRYPTED PRIVATE KEY" | ||
| 125 | #define PEM_STRING_PKCS8INF "PRIVATE KEY" | ||
| 119 | #define PEM_STRING_DHPARAMS "DH PARAMETERS" | 126 | #define PEM_STRING_DHPARAMS "DH PARAMETERS" |
| 120 | #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" | 127 | #define PEM_STRING_SSL_SESSION "SSL SESSION PARAMETERS" |
| 121 | #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" | 128 | #define PEM_STRING_DSAPARAMS "DSA PARAMETERS" |
| 122 | 129 | ||
| 123 | #ifndef HEADER_ENVELOPE_H | 130 | /* Note that this structure is initialised by PEM_SealInit and cleaned up |
| 124 | 131 | by PEM_SealFinal (at least for now) */ | |
| 125 | #define EVP_ENCODE_CTX_SIZE 96 | ||
| 126 | #define EVP_MD_SIZE 60 | ||
| 127 | #define EVP_MD_CTX_SIZE 152 | ||
| 128 | #define EVP_CIPHER_SIZE 40 | ||
| 129 | #define EVP_CIPHER_CTX_SIZE 4212 | ||
| 130 | #define EVP_MAX_MD_SIZE 20 | ||
| 131 | |||
| 132 | typedef struct evp_encode_ctx_st | ||
| 133 | { | ||
| 134 | char data[EVP_ENCODE_CTX_SIZE]; | ||
| 135 | } EVP_ENCODE_CTX; | ||
| 136 | |||
| 137 | typedef struct env_md_ctx_st | ||
| 138 | { | ||
| 139 | char data[EVP_MD_CTX_SIZE]; | ||
| 140 | } EVP_MD_CTX; | ||
| 141 | |||
| 142 | typedef struct evp_cipher_st | ||
| 143 | { | ||
| 144 | char data[EVP_CIPHER_SIZE]; | ||
| 145 | } EVP_CIPHER; | ||
| 146 | |||
| 147 | typedef struct evp_cipher_ctx_st | ||
| 148 | { | ||
| 149 | char data[EVP_CIPHER_CTX_SIZE]; | ||
| 150 | } EVP_CIPHER_CTX; | ||
| 151 | #endif | ||
| 152 | |||
| 153 | |||
| 154 | typedef struct PEM_Encode_Seal_st | 132 | typedef struct PEM_Encode_Seal_st |
| 155 | { | 133 | { |
| 156 | EVP_ENCODE_CTX encode; | 134 | EVP_ENCODE_CTX encode; |
| @@ -195,7 +173,7 @@ typedef struct pem_ctx_st | |||
| 195 | int num_recipient; | 173 | int num_recipient; |
| 196 | PEM_USER **recipient; | 174 | PEM_USER **recipient; |
| 197 | 175 | ||
| 198 | #ifdef HEADER_STACK_H | 176 | #ifndef OPENSSL_NO_STACK |
| 199 | STACK *x509_chain; /* certificate chain */ | 177 | STACK *x509_chain; /* certificate chain */ |
| 200 | #else | 178 | #else |
| 201 | char *x509_chain; /* certificate chain */ | 179 | char *x509_chain; /* certificate chain */ |
| @@ -217,151 +195,324 @@ typedef struct pem_ctx_st | |||
| 217 | unsigned char *data; | 195 | unsigned char *data; |
| 218 | } PEM_CTX; | 196 | } PEM_CTX; |
| 219 | 197 | ||
| 198 | /* These macros make the PEM_read/PEM_write functions easier to maintain and | ||
| 199 | * write. Now they are all implemented with either: | ||
| 200 | * IMPLEMENT_PEM_rw(...) or IMPLEMENT_PEM_rw_cb(...) | ||
| 201 | */ | ||
| 202 | |||
| 203 | #ifdef OPENSSL_NO_FP_API | ||
| 204 | |||
| 205 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) /**/ | ||
| 206 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) /**/ | ||
| 207 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) /**/ | ||
| 208 | |||
| 209 | #else | ||
| 210 | |||
| 211 | #define IMPLEMENT_PEM_read_fp(name, type, str, asn1) \ | ||
| 212 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u)\ | ||
| 213 | { \ | ||
| 214 | return((type *)PEM_ASN1_read((char *(*)())d2i_##asn1, str,fp,(char **)x,\ | ||
| 215 | cb,u)); \ | ||
| 216 | } \ | ||
| 217 | |||
| 218 | #define IMPLEMENT_PEM_write_fp(name, type, str, asn1) \ | ||
| 219 | int PEM_write_##name(FILE *fp, type *x) \ | ||
| 220 | { \ | ||
| 221 | return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, (char *)x, \ | ||
| 222 | NULL,NULL,0,NULL,NULL)); \ | ||
| 223 | } | ||
| 224 | |||
| 225 | #define IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) \ | ||
| 226 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | ||
| 227 | unsigned char *kstr, int klen, pem_password_cb *cb, \ | ||
| 228 | void *u) \ | ||
| 229 | { \ | ||
| 230 | return(PEM_ASN1_write((int (*)())i2d_##asn1,str,fp, \ | ||
| 231 | (char *)x,enc,kstr,klen,cb,u)); \ | ||
| 232 | } | ||
| 233 | |||
| 234 | #endif | ||
| 235 | |||
| 236 | #define IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ | ||
| 237 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u)\ | ||
| 238 | { \ | ||
| 239 | return((type *)PEM_ASN1_read_bio((char *(*)())d2i_##asn1, str,bp,\ | ||
| 240 | (char **)x,cb,u)); \ | ||
| 241 | } | ||
| 242 | |||
| 243 | #define IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ | ||
| 244 | int PEM_write_bio_##name(BIO *bp, type *x) \ | ||
| 245 | { \ | ||
| 246 | return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, (char *)x, \ | ||
| 247 | NULL,NULL,0,NULL,NULL)); \ | ||
| 248 | } | ||
| 249 | |||
| 250 | #define IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ | ||
| 251 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | ||
| 252 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) \ | ||
| 253 | { \ | ||
| 254 | return(PEM_ASN1_write_bio((int (*)())i2d_##asn1,str,bp, \ | ||
| 255 | (char *)x,enc,kstr,klen,cb,u)); \ | ||
| 256 | } | ||
| 257 | |||
| 258 | #define IMPLEMENT_PEM_write(name, type, str, asn1) \ | ||
| 259 | IMPLEMENT_PEM_write_bio(name, type, str, asn1) \ | ||
| 260 | IMPLEMENT_PEM_write_fp(name, type, str, asn1) | ||
| 261 | |||
| 262 | #define IMPLEMENT_PEM_write_cb(name, type, str, asn1) \ | ||
| 263 | IMPLEMENT_PEM_write_cb_bio(name, type, str, asn1) \ | ||
| 264 | IMPLEMENT_PEM_write_cb_fp(name, type, str, asn1) | ||
| 265 | |||
| 266 | #define IMPLEMENT_PEM_read(name, type, str, asn1) \ | ||
| 267 | IMPLEMENT_PEM_read_bio(name, type, str, asn1) \ | ||
| 268 | IMPLEMENT_PEM_read_fp(name, type, str, asn1) | ||
| 269 | |||
| 270 | #define IMPLEMENT_PEM_rw(name, type, str, asn1) \ | ||
| 271 | IMPLEMENT_PEM_read(name, type, str, asn1) \ | ||
| 272 | IMPLEMENT_PEM_write(name, type, str, asn1) | ||
| 273 | |||
| 274 | #define IMPLEMENT_PEM_rw_cb(name, type, str, asn1) \ | ||
| 275 | IMPLEMENT_PEM_read(name, type, str, asn1) \ | ||
| 276 | IMPLEMENT_PEM_write_cb(name, type, str, asn1) | ||
| 277 | |||
| 278 | /* These are the same except they are for the declarations */ | ||
| 279 | |||
| 280 | #if defined(OPENSSL_SYS_WIN16) || defined(OPENSSL_NO_FP_API) | ||
| 281 | |||
| 282 | #define DECLARE_PEM_read_fp(name, type) /**/ | ||
| 283 | #define DECLARE_PEM_write_fp(name, type) /**/ | ||
| 284 | #define DECLARE_PEM_write_cb_fp(name, type) /**/ | ||
| 285 | |||
| 286 | #else | ||
| 287 | |||
| 288 | #define DECLARE_PEM_read_fp(name, type) \ | ||
| 289 | type *PEM_read_##name(FILE *fp, type **x, pem_password_cb *cb, void *u); | ||
| 290 | |||
| 291 | #define DECLARE_PEM_write_fp(name, type) \ | ||
| 292 | int PEM_write_##name(FILE *fp, type *x); | ||
| 293 | |||
| 294 | #define DECLARE_PEM_write_cb_fp(name, type) \ | ||
| 295 | int PEM_write_##name(FILE *fp, type *x, const EVP_CIPHER *enc, \ | ||
| 296 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); | ||
| 297 | |||
| 298 | #endif | ||
| 299 | |||
| 300 | #ifndef OPENSSL_NO_BIO | ||
| 301 | #define DECLARE_PEM_read_bio(name, type) \ | ||
| 302 | type *PEM_read_bio_##name(BIO *bp, type **x, pem_password_cb *cb, void *u); | ||
| 303 | |||
| 304 | #define DECLARE_PEM_write_bio(name, type) \ | ||
| 305 | int PEM_write_bio_##name(BIO *bp, type *x); | ||
| 306 | |||
| 307 | #define DECLARE_PEM_write_cb_bio(name, type) \ | ||
| 308 | int PEM_write_bio_##name(BIO *bp, type *x, const EVP_CIPHER *enc, \ | ||
| 309 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u); | ||
| 310 | |||
| 311 | #else | ||
| 312 | |||
| 313 | #define DECLARE_PEM_read_bio(name, type) /**/ | ||
| 314 | #define DECLARE_PEM_write_bio(name, type) /**/ | ||
| 315 | #define DECLARE_PEM_write_cb_bio(name, type) /**/ | ||
| 316 | |||
| 317 | #endif | ||
| 318 | |||
| 319 | #define DECLARE_PEM_write(name, type) \ | ||
| 320 | DECLARE_PEM_write_bio(name, type) \ | ||
| 321 | DECLARE_PEM_write_fp(name, type) | ||
| 322 | |||
| 323 | #define DECLARE_PEM_write_cb(name, type) \ | ||
| 324 | DECLARE_PEM_write_cb_bio(name, type) \ | ||
| 325 | DECLARE_PEM_write_cb_fp(name, type) | ||
| 326 | |||
| 327 | #define DECLARE_PEM_read(name, type) \ | ||
| 328 | DECLARE_PEM_read_bio(name, type) \ | ||
| 329 | DECLARE_PEM_read_fp(name, type) | ||
| 330 | |||
| 331 | #define DECLARE_PEM_rw(name, type) \ | ||
| 332 | DECLARE_PEM_read(name, type) \ | ||
| 333 | DECLARE_PEM_write(name, type) | ||
| 334 | |||
| 335 | #define DECLARE_PEM_rw_cb(name, type) \ | ||
| 336 | DECLARE_PEM_read(name, type) \ | ||
| 337 | DECLARE_PEM_write_cb(name, type) | ||
| 338 | |||
| 220 | #ifdef SSLEAY_MACROS | 339 | #ifdef SSLEAY_MACROS |
| 221 | 340 | ||
| 222 | #define PEM_write_SSL_SESSION(fp,x) \ | 341 | #define PEM_write_SSL_SESSION(fp,x) \ |
| 223 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ | 342 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ |
| 224 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) | 343 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 225 | #define PEM_write_X509(fp,x) \ | 344 | #define PEM_write_X509(fp,x) \ |
| 226 | PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ | 345 | PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, \ |
| 227 | (char *)x, NULL,NULL,0,NULL) | 346 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 228 | #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ | 347 | #define PEM_write_X509_REQ(fp,x) PEM_ASN1_write( \ |
| 229 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ | 348 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp,(char *)x, \ |
| 230 | NULL,NULL,0,NULL) | 349 | NULL,NULL,0,NULL,NULL) |
| 231 | #define PEM_write_X509_CRL(fp,x) \ | 350 | #define PEM_write_X509_CRL(fp,x) \ |
| 232 | PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ | 351 | PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, \ |
| 233 | fp,(char *)x, NULL,NULL,0,NULL) | 352 | fp,(char *)x, NULL,NULL,0,NULL,NULL) |
| 234 | #define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) \ | 353 | #define PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ |
| 235 | PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ | 354 | PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp,\ |
| 236 | (char *)x,enc,kstr,klen,cb) | 355 | (char *)x,enc,kstr,klen,cb,u) |
| 237 | #define PEM_write_RSAPublicKey(fp,x) \ | 356 | #define PEM_write_RSAPublicKey(fp,x) \ |
| 238 | PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ | 357 | PEM_ASN1_write((int (*)())i2d_RSAPublicKey,\ |
| 239 | PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL) | 358 | PEM_STRING_RSA_PUBLIC,fp,(char *)x,NULL,NULL,0,NULL,NULL) |
| 240 | #define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) \ | 359 | #define PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb,u) \ |
| 241 | PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ | 360 | PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp,\ |
| 242 | (char *)x,enc,kstr,klen,cb) | 361 | (char *)x,enc,kstr,klen,cb,u) |
| 243 | #define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb) \ | 362 | #define PEM_write_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
| 244 | PEM_ASN1_write((int (*)())i2d_PrivateKey,\ | 363 | PEM_ASN1_write((int (*)())i2d_PrivateKey,\ |
| 245 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ | 364 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ |
| 246 | bp,(char *)x,enc,kstr,klen,cb) | 365 | bp,(char *)x,enc,kstr,klen,cb,u) |
| 247 | #define PEM_write_PKCS7(fp,x) \ | 366 | #define PEM_write_PKCS7(fp,x) \ |
| 248 | PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ | 367 | PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, \ |
| 249 | (char *)x, NULL,NULL,0,NULL) | 368 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 250 | #define PEM_write_DHparams(fp,x) \ | 369 | #define PEM_write_DHparams(fp,x) \ |
| 251 | PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ | 370 | PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp,\ |
| 252 | (char *)x,NULL,NULL,0,NULL) | 371 | (char *)x,NULL,NULL,0,NULL,NULL) |
| 253 | 372 | ||
| 254 | #define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ | 373 | #define PEM_write_NETSCAPE_CERT_SEQUENCE(fp,x) \ |
| 255 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) | 374 | PEM_ASN1_write((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ |
| 256 | #define PEM_read_X509(fp,x,cb) (X509 *)PEM_ASN1_read( \ | 375 | PEM_STRING_X509,fp, \ |
| 257 | (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb) | 376 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 258 | #define PEM_read_X509_REQ(fp,x,cb) (X509_REQ *)PEM_ASN1_read( \ | 377 | |
| 259 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb) | 378 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ |
| 260 | #define PEM_read_X509_CRL(fp,x,cb) (X509_CRL *)PEM_ASN1_read( \ | 379 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) |
| 261 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb) | 380 | #define PEM_read_X509(fp,x,cb,u) (X509 *)PEM_ASN1_read( \ |
| 262 | #define PEM_read_RSAPrivateKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ | 381 | (char *(*)())d2i_X509,PEM_STRING_X509,fp,(char **)x,cb,u) |
| 263 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb) | 382 | #define PEM_read_X509_REQ(fp,x,cb,u) (X509_REQ *)PEM_ASN1_read( \ |
| 264 | #define PEM_read_RSAPublicKey(fp,x,cb) (RSA *)PEM_ASN1_read( \ | 383 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,fp,(char **)x,cb,u) |
| 265 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb) | 384 | #define PEM_read_X509_CRL(fp,x,cb,u) (X509_CRL *)PEM_ASN1_read( \ |
| 266 | #define PEM_read_DSAPrivateKey(fp,x,cb) (DSA *)PEM_ASN1_read( \ | 385 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,fp,(char **)x,cb,u) |
| 267 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb) | 386 | #define PEM_read_RSAPrivateKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ |
| 268 | #define PEM_read_PrivateKey(fp,x,cb) (EVP_PKEY *)PEM_ASN1_read( \ | 387 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,fp,(char **)x,cb,u) |
| 269 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb) | 388 | #define PEM_read_RSAPublicKey(fp,x,cb,u) (RSA *)PEM_ASN1_read( \ |
| 270 | #define PEM_read_PKCS7(fp,x,cb) (PKCS7 *)PEM_ASN1_read( \ | 389 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb,u) |
| 271 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb) | 390 | #define PEM_read_DSAPrivateKey(fp,x,cb,u) (DSA *)PEM_ASN1_read( \ |
| 272 | #define PEM_read_DHparams(fp,x,cb) (DH *)PEM_ASN1_read( \ | 391 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,fp,(char **)x,cb,u) |
| 273 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb) | 392 | #define PEM_read_PrivateKey(fp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read( \ |
| 393 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,fp,(char **)x,cb,u) | ||
| 394 | #define PEM_read_PKCS7(fp,x,cb,u) (PKCS7 *)PEM_ASN1_read( \ | ||
| 395 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,fp,(char **)x,cb,u) | ||
| 396 | #define PEM_read_DHparams(fp,x,cb,u) (DH *)PEM_ASN1_read( \ | ||
| 397 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,fp,(char **)x,cb,u) | ||
| 398 | |||
| 399 | #define PEM_read_NETSCAPE_CERT_SEQUENCE(fp,x,cb,u) \ | ||
| 400 | (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read( \ | ||
| 401 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,fp,\ | ||
| 402 | (char **)x,cb,u) | ||
| 274 | 403 | ||
| 275 | #define PEM_write_bio_SSL_SESSION(bp,x) \ | 404 | #define PEM_write_bio_SSL_SESSION(bp,x) \ |
| 276 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ | 405 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ |
| 277 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) | 406 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 278 | #define PEM_write_bio_X509(bp,x) \ | 407 | #define PEM_write_bio_X509(bp,x) \ |
| 279 | PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ | 408 | PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, \ |
| 280 | (char *)x, NULL,NULL,0,NULL) | 409 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 281 | #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ | 410 | #define PEM_write_bio_X509_REQ(bp,x) PEM_ASN1_write_bio( \ |
| 282 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ | 411 | (int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,bp,(char *)x, \ |
| 283 | NULL,NULL,0,NULL) | 412 | NULL,NULL,0,NULL,NULL) |
| 284 | #define PEM_write_bio_X509_CRL(bp,x) \ | 413 | #define PEM_write_bio_X509_CRL(bp,x) \ |
| 285 | PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ | 414 | PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,\ |
| 286 | bp,(char *)x, NULL,NULL,0,NULL) | 415 | bp,(char *)x, NULL,NULL,0,NULL,NULL) |
| 287 | #define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) \ | 416 | #define PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
| 288 | PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ | 417 | PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,\ |
| 289 | bp,(char *)x,enc,kstr,klen,cb) | 418 | bp,(char *)x,enc,kstr,klen,cb,u) |
| 290 | #define PEM_write_bio_RSAPublicKey(bp,x) \ | 419 | #define PEM_write_bio_RSAPublicKey(bp,x) \ |
| 291 | PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ | 420 | PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, \ |
| 292 | PEM_STRING_RSA_PUBLIC,\ | 421 | PEM_STRING_RSA_PUBLIC,\ |
| 293 | bp,(char *)x,NULL,NULL,0,NULL) | 422 | bp,(char *)x,NULL,NULL,0,NULL,NULL) |
| 294 | #define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) \ | 423 | #define PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
| 295 | PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ | 424 | PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,\ |
| 296 | bp,(char *)x,enc,kstr,klen,cb) | 425 | bp,(char *)x,enc,kstr,klen,cb,u) |
| 297 | #define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) \ | 426 | #define PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb,u) \ |
| 298 | PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ | 427 | PEM_ASN1_write_bio((int (*)())i2d_PrivateKey,\ |
| 299 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ | 428 | (((x)->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA),\ |
| 300 | bp,(char *)x,enc,kstr,klen,cb) | 429 | bp,(char *)x,enc,kstr,klen,cb,u) |
| 301 | #define PEM_write_bio_PKCS7(bp,x) \ | 430 | #define PEM_write_bio_PKCS7(bp,x) \ |
| 302 | PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ | 431 | PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, \ |
| 303 | (char *)x, NULL,NULL,0,NULL) | 432 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 304 | #define PEM_write_bio_DHparams(bp,x) \ | 433 | #define PEM_write_bio_DHparams(bp,x) \ |
| 305 | PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ | 434 | PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,\ |
| 306 | bp,(char *)x,NULL,NULL,0,NULL) | 435 | bp,(char *)x,NULL,NULL,0,NULL,NULL) |
| 307 | #define PEM_write_bio_DSAparams(bp,x) \ | 436 | #define PEM_write_bio_DSAparams(bp,x) \ |
| 308 | PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ | 437 | PEM_ASN1_write_bio((int (*)())i2d_DSAparams, \ |
| 309 | PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL) | 438 | PEM_STRING_DSAPARAMS,bp,(char *)x,NULL,NULL,0,NULL,NULL) |
| 310 | 439 | ||
| 311 | #define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ | 440 | #define PEM_write_bio_NETSCAPE_CERT_SEQUENCE(bp,x) \ |
| 312 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) | 441 | PEM_ASN1_write_bio((int (*)())i2d_NETSCAPE_CERT_SEQUENCE, \ |
| 313 | #define PEM_read_bio_X509(bp,x,cb) (X509 *)PEM_ASN1_read_bio( \ | 442 | PEM_STRING_X509,bp, \ |
| 314 | (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb) | 443 | (char *)x, NULL,NULL,0,NULL,NULL) |
| 315 | #define PEM_read_bio_X509_REQ(bp,x,cb) (X509_REQ *)PEM_ASN1_read_bio( \ | 444 | |
| 316 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb) | 445 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ |
| 317 | #define PEM_read_bio_X509_CRL(bp,x,cb) (X509_CRL *)PEM_ASN1_read_bio( \ | 446 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) |
| 318 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb) | 447 | #define PEM_read_bio_X509(bp,x,cb,u) (X509 *)PEM_ASN1_read_bio( \ |
| 319 | #define PEM_read_bio_RSAPrivateKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ | 448 | (char *(*)())d2i_X509,PEM_STRING_X509,bp,(char **)x,cb,u) |
| 320 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb) | 449 | #define PEM_read_bio_X509_REQ(bp,x,cb,u) (X509_REQ *)PEM_ASN1_read_bio( \ |
| 321 | #define PEM_read_bio_RSAPublicKey(bp,x,cb) (RSA *)PEM_ASN1_read_bio( \ | 450 | (char *(*)())d2i_X509_REQ,PEM_STRING_X509_REQ,bp,(char **)x,cb,u) |
| 322 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb) | 451 | #define PEM_read_bio_X509_CRL(bp,x,cb,u) (X509_CRL *)PEM_ASN1_read_bio( \ |
| 323 | #define PEM_read_bio_DSAPrivateKey(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ | 452 | (char *(*)())d2i_X509_CRL,PEM_STRING_X509_CRL,bp,(char **)x,cb,u) |
| 324 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb) | 453 | #define PEM_read_bio_RSAPrivateKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ |
| 325 | #define PEM_read_bio_PrivateKey(bp,x,cb) (EVP_PKEY *)PEM_ASN1_read_bio( \ | 454 | (char *(*)())d2i_RSAPrivateKey,PEM_STRING_RSA,bp,(char **)x,cb,u) |
| 326 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb) | 455 | #define PEM_read_bio_RSAPublicKey(bp,x,cb,u) (RSA *)PEM_ASN1_read_bio( \ |
| 327 | 456 | (char *(*)())d2i_RSAPublicKey,PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb,u) | |
| 328 | #define PEM_read_bio_PKCS7(bp,x,cb) (PKCS7 *)PEM_ASN1_read_bio( \ | 457 | #define PEM_read_bio_DSAPrivateKey(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ |
| 329 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb) | 458 | (char *(*)())d2i_DSAPrivateKey,PEM_STRING_DSA,bp,(char **)x,cb,u) |
| 330 | #define PEM_read_bio_DHparams(bp,x,cb) (DH *)PEM_ASN1_read_bio( \ | 459 | #define PEM_read_bio_PrivateKey(bp,x,cb,u) (EVP_PKEY *)PEM_ASN1_read_bio( \ |
| 331 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb) | 460 | (char *(*)())d2i_PrivateKey,PEM_STRING_EVP_PKEY,bp,(char **)x,cb,u) |
| 332 | #define PEM_read_bio_DSAparams(bp,x,cb) (DSA *)PEM_ASN1_read_bio( \ | 461 | |
| 333 | (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb) | 462 | #define PEM_read_bio_PKCS7(bp,x,cb,u) (PKCS7 *)PEM_ASN1_read_bio( \ |
| 463 | (char *(*)())d2i_PKCS7,PEM_STRING_PKCS7,bp,(char **)x,cb,u) | ||
| 464 | #define PEM_read_bio_DHparams(bp,x,cb,u) (DH *)PEM_ASN1_read_bio( \ | ||
| 465 | (char *(*)())d2i_DHparams,PEM_STRING_DHPARAMS,bp,(char **)x,cb,u) | ||
| 466 | #define PEM_read_bio_DSAparams(bp,x,cb,u) (DSA *)PEM_ASN1_read_bio( \ | ||
| 467 | (char *(*)())d2i_DSAparams,PEM_STRING_DSAPARAMS,bp,(char **)x,cb,u) | ||
| 468 | |||
| 469 | #define PEM_read_bio_NETSCAPE_CERT_SEQUENCE(bp,x,cb,u) \ | ||
| 470 | (NETSCAPE_CERT_SEQUENCE *)PEM_ASN1_read_bio( \ | ||
| 471 | (char *(*)())d2i_NETSCAPE_CERT_SEQUENCE,PEM_STRING_X509,bp,\ | ||
| 472 | (char **)x,cb,u) | ||
| 334 | 473 | ||
| 335 | #endif | 474 | #endif |
| 336 | 475 | ||
| 337 | #ifndef NOPROTO | 476 | #if 1 |
| 477 | /* "userdata": new with OpenSSL 0.9.4 */ | ||
| 478 | typedef int pem_password_cb(char *buf, int size, int rwflag, void *userdata); | ||
| 479 | #else | ||
| 480 | /* OpenSSL 0.9.3, 0.9.3a */ | ||
| 481 | typedef int pem_password_cb(char *buf, int size, int rwflag); | ||
| 482 | #endif | ||
| 483 | |||
| 338 | int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); | 484 | int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher); |
| 339 | int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, | 485 | int PEM_do_header (EVP_CIPHER_INFO *cipher, unsigned char *data,long *len, |
| 340 | int (*callback)()); | 486 | pem_password_cb *callback,void *u); |
| 341 | 487 | ||
| 342 | #ifdef HEADER_BIO_H | 488 | #ifndef OPENSSL_NO_BIO |
| 343 | int PEM_read_bio(BIO *bp, char **name, char **header, | 489 | int PEM_read_bio(BIO *bp, char **name, char **header, |
| 344 | unsigned char **data,long *len); | 490 | unsigned char **data,long *len); |
| 345 | int PEM_write_bio(BIO *bp,char *name,char *hdr,unsigned char *data, | 491 | int PEM_write_bio(BIO *bp,const char *name,char *hdr,unsigned char *data, |
| 346 | long len); | 492 | long len); |
| 347 | char * PEM_ASN1_read_bio(char *(*d2i)(),char *name,BIO *bp,char **x, | 493 | int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, |
| 348 | int (*cb)()); | 494 | pem_password_cb *cb, void *u); |
| 349 | int PEM_ASN1_write_bio(int (*i2d)(),char *name,BIO *bp,char *x, | 495 | char * PEM_ASN1_read_bio(char *(*d2i)(),const char *name,BIO *bp,char **x, |
| 350 | EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); | 496 | pem_password_cb *cb, void *u); |
| 351 | STACK * PEM_X509_INFO_read_bio(BIO *bp, STACK *sk, int (*cb)()); | 497 | int PEM_ASN1_write_bio(int (*i2d)(),const char *name,BIO *bp,char *x, |
| 498 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, | ||
| 499 | pem_password_cb *cb, void *u); | ||
| 500 | STACK_OF(X509_INFO) * PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u); | ||
| 352 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, | 501 | int PEM_X509_INFO_write_bio(BIO *bp,X509_INFO *xi, EVP_CIPHER *enc, |
| 353 | unsigned char *kstr, int klen, int (*cb)()); | 502 | unsigned char *kstr, int klen, pem_password_cb *cd, void *u); |
| 354 | #endif | 503 | #endif |
| 355 | 504 | ||
| 356 | #ifndef WIN16 | 505 | #ifndef OPENSSL_SYS_WIN16 |
| 357 | int PEM_read(FILE *fp, char **name, char **header, | 506 | int PEM_read(FILE *fp, char **name, char **header, |
| 358 | unsigned char **data,long *len); | 507 | unsigned char **data,long *len); |
| 359 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); | 508 | int PEM_write(FILE *fp,char *name,char *hdr,unsigned char *data,long len); |
| 360 | char * PEM_ASN1_read(char *(*d2i)(),char *name,FILE *fp,char **x, | 509 | char * PEM_ASN1_read(char *(*d2i)(),const char *name,FILE *fp,char **x, |
| 361 | int (*cb)()); | 510 | pem_password_cb *cb, void *u); |
| 362 | int PEM_ASN1_write(int (*i2d)(),char *name,FILE *fp,char *x, | 511 | int PEM_ASN1_write(int (*i2d)(),const char *name,FILE *fp,char *x, |
| 363 | EVP_CIPHER *enc,unsigned char *kstr,int klen,int (*callback)()); | 512 | const EVP_CIPHER *enc,unsigned char *kstr,int klen, |
| 364 | STACK * PEM_X509_INFO_read(FILE *fp, STACK *sk, int (*cb)()); | 513 | pem_password_cb *callback, void *u); |
| 514 | STACK_OF(X509_INFO) * PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, | ||
| 515 | pem_password_cb *cb, void *u); | ||
| 365 | #endif | 516 | #endif |
| 366 | 517 | ||
| 367 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, | 518 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, |
| @@ -377,148 +528,102 @@ void PEM_SignUpdate(EVP_MD_CTX *ctx,unsigned char *d,unsigned int cnt); | |||
| 377 | int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, | 528 | int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, |
| 378 | unsigned int *siglen, EVP_PKEY *pkey); | 529 | unsigned int *siglen, EVP_PKEY *pkey); |
| 379 | 530 | ||
| 380 | void ERR_load_PEM_strings(void); | 531 | int PEM_def_callback(char *buf, int num, int w, void *key); |
| 381 | |||
| 382 | void PEM_proc_type(char *buf, int type); | 532 | void PEM_proc_type(char *buf, int type); |
| 383 | void PEM_dek_info(char *buf, char *type, int len, char *str); | 533 | void PEM_dek_info(char *buf, const char *type, int len, char *str); |
| 384 | 534 | ||
| 385 | #ifndef SSLEAY_MACROS | 535 | #ifndef SSLEAY_MACROS |
| 386 | 536 | ||
| 387 | #ifndef WIN16 | 537 | #include <openssl/symhacks.h> |
| 388 | X509 *PEM_read_X509(FILE *fp,X509 **x,int (*cb)()); | 538 | |
| 389 | X509_REQ *PEM_read_X509_REQ(FILE *fp,X509_REQ **x,int (*cb)()); | 539 | DECLARE_PEM_rw(X509, X509) |
| 390 | X509_CRL *PEM_read_X509_CRL(FILE *fp,X509_CRL **x,int (*cb)()); | 540 | |
| 391 | RSA *PEM_read_RSAPrivateKey(FILE *fp,RSA **x,int (*cb)()); | 541 | DECLARE_PEM_rw(X509_AUX, X509) |
| 392 | RSA *PEM_read_RSAPublicKey(FILE *fp,RSA **x,int (*cb)()); | 542 | |
| 393 | DSA *PEM_read_DSAPrivateKey(FILE *fp,DSA **x,int (*cb)()); | 543 | DECLARE_PEM_rw(X509_REQ, X509_REQ) |
| 394 | EVP_PKEY *PEM_read_PrivateKey(FILE *fp,EVP_PKEY **x,int (*cb)()); | 544 | DECLARE_PEM_write(X509_REQ_NEW, X509_REQ) |
| 395 | PKCS7 *PEM_read_PKCS7(FILE *fp,PKCS7 **x,int (*cb)()); | 545 | |
| 396 | DH *PEM_read_DHparams(FILE *fp,DH **x,int (*cb)()); | 546 | DECLARE_PEM_rw(X509_CRL, X509_CRL) |
| 397 | DSA *PEM_read_DSAparams(FILE *fp,DSA **x,int (*cb)()); | 547 | |
| 398 | int PEM_write_X509(FILE *fp,X509 *x); | 548 | DECLARE_PEM_rw(PKCS7, PKCS7) |
| 399 | int PEM_write_X509_REQ(FILE *fp,X509_REQ *x); | 549 | |
| 400 | int PEM_write_X509_CRL(FILE *fp,X509_CRL *x); | 550 | DECLARE_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE) |
| 401 | int PEM_write_RSAPrivateKey(FILE *fp,RSA *x,EVP_CIPHER *enc,unsigned char *kstr, | 551 | |
| 402 | int klen,int (*cb)()); | 552 | DECLARE_PEM_rw(PKCS8, X509_SIG) |
| 403 | int PEM_write_RSAPublicKey(FILE *fp,RSA *x); | 553 | |
| 404 | int PEM_write_DSAPrivateKey(FILE *fp,DSA *x,EVP_CIPHER *enc,unsigned char *kstr, | 554 | DECLARE_PEM_rw(PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO) |
| 405 | int klen,int (*cb)()); | 555 | |
| 406 | int PEM_write_PrivateKey(FILE *fp,EVP_PKEY *x,EVP_CIPHER *enc, | 556 | #ifndef OPENSSL_NO_RSA |
| 407 | unsigned char *kstr,int klen,int (*cb)()); | 557 | |
| 408 | int PEM_write_PKCS7(FILE *fp,PKCS7 *x); | 558 | DECLARE_PEM_rw_cb(RSAPrivateKey, RSA) |
| 409 | int PEM_write_DHparams(FILE *fp,DH *x); | 559 | |
| 410 | int PEM_write_DSAparams(FILE *fp,DSA *x); | 560 | DECLARE_PEM_rw(RSAPublicKey, RSA) |
| 411 | #endif | 561 | DECLARE_PEM_rw(RSA_PUBKEY, RSA) |
| 412 | 562 | ||
| 413 | #ifdef HEADER_BIO_H | ||
| 414 | X509 *PEM_read_bio_X509(BIO *bp,X509 **x,int (*cb)()); | ||
| 415 | X509_REQ *PEM_read_bio_X509_REQ(BIO *bp,X509_REQ **x,int (*cb)()); | ||
| 416 | X509_CRL *PEM_read_bio_X509_CRL(BIO *bp,X509_CRL **x,int (*cb)()); | ||
| 417 | RSA *PEM_read_bio_RSAPrivateKey(BIO *bp,RSA **x,int (*cb)()); | ||
| 418 | RSA *PEM_read_bio_RSAPublicKey(BIO *bp,RSA **x,int (*cb)()); | ||
| 419 | DSA *PEM_read_bio_DSAPrivateKey(BIO *bp,DSA **x,int (*cb)()); | ||
| 420 | EVP_PKEY *PEM_read_bio_PrivateKey(BIO *bp,EVP_PKEY **x,int (*cb)()); | ||
| 421 | PKCS7 *PEM_read_bio_PKCS7(BIO *bp,PKCS7 **x,int (*cb)()); | ||
| 422 | DH *PEM_read_bio_DHparams(BIO *bp,DH **x,int (*cb)()); | ||
| 423 | DSA *PEM_read_bio_DSAparams(BIO *bp,DSA **x,int (*cb)()); | ||
| 424 | int PEM_write_bio_X509(BIO *bp,X509 *x); | ||
| 425 | int PEM_write_bio_X509_REQ(BIO *bp,X509_REQ *x); | ||
| 426 | int PEM_write_bio_X509_CRL(BIO *bp,X509_CRL *x); | ||
| 427 | int PEM_write_bio_RSAPrivateKey(BIO *fp,RSA *x,EVP_CIPHER *enc, | ||
| 428 | unsigned char *kstr,int klen,int (*cb)()); | ||
| 429 | int PEM_write_bio_RSAPublicKey(BIO *fp,RSA *x); | ||
| 430 | int PEM_write_bio_DSAPrivateKey(BIO *fp,DSA *x,EVP_CIPHER *enc, | ||
| 431 | unsigned char *kstr,int klen,int (*cb)()); | ||
| 432 | int PEM_write_bio_PrivateKey(BIO *fp,EVP_PKEY *x,EVP_CIPHER *enc, | ||
| 433 | unsigned char *kstr,int klen,int (*cb)()); | ||
| 434 | int PEM_write_bio_PKCS7(BIO *bp,PKCS7 *x); | ||
| 435 | int PEM_write_bio_DHparams(BIO *bp,DH *x); | ||
| 436 | int PEM_write_bio_DSAparams(BIO *bp,DSA *x); | ||
| 437 | #endif | 563 | #endif |
| 438 | 564 | ||
| 439 | #endif /* SSLEAY_MACROS */ | 565 | #ifndef OPENSSL_NO_DSA |
| 440 | 566 | ||
| 567 | DECLARE_PEM_rw_cb(DSAPrivateKey, DSA) | ||
| 441 | 568 | ||
| 442 | #else | 569 | DECLARE_PEM_rw(DSA_PUBKEY, DSA) |
| 570 | |||
| 571 | DECLARE_PEM_rw(DSAparams, DSA) | ||
| 443 | 572 | ||
| 444 | int PEM_get_EVP_CIPHER_INFO(); | ||
| 445 | int PEM_do_header(); | ||
| 446 | int PEM_read_bio(); | ||
| 447 | int PEM_write_bio(); | ||
| 448 | #ifndef WIN16 | ||
| 449 | int PEM_read(); | ||
| 450 | int PEM_write(); | ||
| 451 | STACK * PEM_X509_INFO_read(); | ||
| 452 | char * PEM_ASN1_read(); | ||
| 453 | int PEM_ASN1_write(); | ||
| 454 | #endif | 573 | #endif |
| 455 | STACK * PEM_X509_INFO_read_bio(); | ||
| 456 | int PEM_X509_INFO_write_bio(); | ||
| 457 | char * PEM_ASN1_read_bio(); | ||
| 458 | int PEM_ASN1_write_bio(); | ||
| 459 | int PEM_SealInit(); | ||
| 460 | void PEM_SealUpdate(); | ||
| 461 | int PEM_SealFinal(); | ||
| 462 | int PEM_SignFinal(); | ||
| 463 | 574 | ||
| 464 | void ERR_load_PEM_strings(); | 575 | #ifndef OPENSSL_NO_DH |
| 465 | 576 | ||
| 466 | void PEM_proc_type(); | 577 | DECLARE_PEM_rw(DHparams, DH) |
| 467 | void PEM_dek_info(); | ||
| 468 | 578 | ||
| 469 | #ifndef SSLEAY_MACROS | ||
| 470 | #ifndef WIN16 | ||
| 471 | X509 *PEM_read_X509(); | ||
| 472 | X509_REQ *PEM_read_X509_REQ(); | ||
| 473 | X509_CRL *PEM_read_X509_CRL(); | ||
| 474 | RSA *PEM_read_RSAPrivateKey(); | ||
| 475 | RSA *PEM_read_RSAPublicKey(); | ||
| 476 | DSA *PEM_read_DSAPrivateKey(); | ||
| 477 | EVP_PKEY *PEM_read_PrivateKey(); | ||
| 478 | PKCS7 *PEM_read_PKCS7(); | ||
| 479 | DH *PEM_read_DHparams(); | ||
| 480 | DSA *PEM_read_DSAparams(); | ||
| 481 | int PEM_write_X509(); | ||
| 482 | int PEM_write_X509_REQ(); | ||
| 483 | int PEM_write_X509_CRL(); | ||
| 484 | int PEM_write_RSAPrivateKey(); | ||
| 485 | int PEM_write_RSAPublicKey(); | ||
| 486 | int PEM_write_DSAPrivateKey(); | ||
| 487 | int PEM_write_PrivateKey(); | ||
| 488 | int PEM_write_PKCS7(); | ||
| 489 | int PEM_write_DHparams(); | ||
| 490 | int PEM_write_DSAparams(); | ||
| 491 | #endif | 579 | #endif |
| 492 | 580 | ||
| 493 | X509 *PEM_read_bio_X509(); | 581 | DECLARE_PEM_rw_cb(PrivateKey, EVP_PKEY) |
| 494 | X509_REQ *PEM_read_bio_X509_REQ(); | 582 | |
| 495 | X509_CRL *PEM_read_bio_X509_CRL(); | 583 | DECLARE_PEM_rw(PUBKEY, EVP_PKEY) |
| 496 | RSA *PEM_read_bio_RSAPrivateKey(); | 584 | |
| 497 | RSA *PEM_read_bio_RSAPublicKey(); | 585 | int PEM_write_bio_PKCS8PrivateKey_nid(BIO *bp, EVP_PKEY *x, int nid, |
| 498 | DSA *PEM_read_bio_DSAPrivateKey(); | 586 | char *kstr, int klen, |
| 499 | EVP_PKEY *PEM_read_bio_PrivateKey(); | 587 | pem_password_cb *cb, void *u); |
| 500 | PKCS7 *PEM_read_bio_PKCS7(); | 588 | int PEM_write_bio_PKCS8PrivateKey(BIO *, EVP_PKEY *, const EVP_CIPHER *, |
| 501 | DH *PEM_read_bio_DHparams(); | 589 | char *, int, pem_password_cb *, void *); |
| 502 | DSA *PEM_read_bio_DSAparams(); | 590 | int i2d_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY *x, const EVP_CIPHER *enc, |
| 503 | int PEM_write_bio_X509(); | 591 | char *kstr, int klen, |
| 504 | int PEM_write_bio_X509_REQ(); | 592 | pem_password_cb *cb, void *u); |
| 505 | int PEM_write_bio_X509_CRL(); | 593 | int i2d_PKCS8PrivateKey_nid_bio(BIO *bp, EVP_PKEY *x, int nid, |
| 506 | int PEM_write_bio_RSAPrivateKey(); | 594 | char *kstr, int klen, |
| 507 | int PEM_write_bio_RSAPublicKey(); | 595 | pem_password_cb *cb, void *u); |
| 508 | int PEM_write_bio_DSAPrivateKey(); | 596 | EVP_PKEY *d2i_PKCS8PrivateKey_bio(BIO *bp, EVP_PKEY **x, pem_password_cb *cb, void *u); |
| 509 | int PEM_write_bio_PrivateKey(); | 597 | |
| 510 | int PEM_write_bio_PKCS7(); | 598 | int i2d_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY *x, const EVP_CIPHER *enc, |
| 511 | int PEM_write_bio_DHparams(); | 599 | char *kstr, int klen, |
| 512 | int PEM_write_bio_DSAparams(); | 600 | pem_password_cb *cb, void *u); |
| 601 | int i2d_PKCS8PrivateKey_nid_fp(FILE *fp, EVP_PKEY *x, int nid, | ||
| 602 | char *kstr, int klen, | ||
| 603 | pem_password_cb *cb, void *u); | ||
| 604 | int PEM_write_PKCS8PrivateKey_nid(FILE *fp, EVP_PKEY *x, int nid, | ||
| 605 | char *kstr, int klen, | ||
| 606 | pem_password_cb *cb, void *u); | ||
| 607 | |||
| 608 | EVP_PKEY *d2i_PKCS8PrivateKey_fp(FILE *fp, EVP_PKEY **x, pem_password_cb *cb, void *u); | ||
| 609 | |||
| 610 | int PEM_write_PKCS8PrivateKey(FILE *fp,EVP_PKEY *x,const EVP_CIPHER *enc, | ||
| 611 | char *kstr,int klen, pem_password_cb *cd, void *u); | ||
| 513 | 612 | ||
| 514 | #endif /* SSLEAY_MACROS */ | 613 | #endif /* SSLEAY_MACROS */ |
| 515 | 614 | ||
| 516 | #endif | ||
| 517 | 615 | ||
| 518 | /* BEGIN ERROR CODES */ | 616 | /* BEGIN ERROR CODES */ |
| 617 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 618 | * made after this point may be overwritten when the script is next run. | ||
| 619 | */ | ||
| 620 | void ERR_load_PEM_strings(void); | ||
| 621 | |||
| 519 | /* Error codes for the PEM functions. */ | 622 | /* Error codes for the PEM functions. */ |
| 520 | 623 | ||
| 521 | /* Function codes. */ | 624 | /* Function codes. */ |
| 625 | #define PEM_F_D2I_PKCS8PRIVATEKEY_BIO 120 | ||
| 626 | #define PEM_F_D2I_PKCS8PRIVATEKEY_FP 121 | ||
| 522 | #define PEM_F_DEF_CALLBACK 100 | 627 | #define PEM_F_DEF_CALLBACK 100 |
| 523 | #define PEM_F_LOAD_IV 101 | 628 | #define PEM_F_LOAD_IV 101 |
| 524 | #define PEM_F_PEM_ASN1_READ 102 | 629 | #define PEM_F_PEM_ASN1_READ 102 |
| @@ -526,6 +631,8 @@ int PEM_write_bio_DSAparams(); | |||
| 526 | #define PEM_F_PEM_ASN1_WRITE 104 | 631 | #define PEM_F_PEM_ASN1_WRITE 104 |
| 527 | #define PEM_F_PEM_ASN1_WRITE_BIO 105 | 632 | #define PEM_F_PEM_ASN1_WRITE_BIO 105 |
| 528 | #define PEM_F_PEM_DO_HEADER 106 | 633 | #define PEM_F_PEM_DO_HEADER 106 |
| 634 | #define PEM_F_PEM_F_DO_PK8KEY_FP 122 | ||
| 635 | #define PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY 118 | ||
| 529 | #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 | 636 | #define PEM_F_PEM_GET_EVP_CIPHER_INFO 107 |
| 530 | #define PEM_F_PEM_READ 108 | 637 | #define PEM_F_PEM_READ 108 |
| 531 | #define PEM_F_PEM_READ_BIO 109 | 638 | #define PEM_F_PEM_READ_BIO 109 |
| @@ -534,6 +641,7 @@ int PEM_write_bio_DSAparams(); | |||
| 534 | #define PEM_F_PEM_SIGNFINAL 112 | 641 | #define PEM_F_PEM_SIGNFINAL 112 |
| 535 | #define PEM_F_PEM_WRITE 113 | 642 | #define PEM_F_PEM_WRITE 113 |
| 536 | #define PEM_F_PEM_WRITE_BIO 114 | 643 | #define PEM_F_PEM_WRITE_BIO 114 |
| 644 | #define PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY 119 | ||
| 537 | #define PEM_F_PEM_X509_INFO_READ 115 | 645 | #define PEM_F_PEM_X509_INFO_READ 115 |
| 538 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 | 646 | #define PEM_F_PEM_X509_INFO_READ_BIO 116 |
| 539 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 | 647 | #define PEM_F_PEM_X509_INFO_WRITE_BIO 117 |
| @@ -544,6 +652,7 @@ int PEM_write_bio_DSAparams(); | |||
| 544 | #define PEM_R_BAD_END_LINE 102 | 652 | #define PEM_R_BAD_END_LINE 102 |
| 545 | #define PEM_R_BAD_IV_CHARS 103 | 653 | #define PEM_R_BAD_IV_CHARS 103 |
| 546 | #define PEM_R_BAD_PASSWORD_READ 104 | 654 | #define PEM_R_BAD_PASSWORD_READ 104 |
| 655 | #define PEM_R_ERROR_CONVERTING_PRIVATE_KEY 115 | ||
| 547 | #define PEM_R_NOT_DEK_INFO 105 | 656 | #define PEM_R_NOT_DEK_INFO 105 |
| 548 | #define PEM_R_NOT_ENCRYPTED 106 | 657 | #define PEM_R_NOT_ENCRYPTED 106 |
| 549 | #define PEM_R_NOT_PROC_TYPE 107 | 658 | #define PEM_R_NOT_PROC_TYPE 107 |
| @@ -554,9 +663,8 @@ int PEM_write_bio_DSAparams(); | |||
| 554 | #define PEM_R_SHORT_HEADER 112 | 663 | #define PEM_R_SHORT_HEADER 112 |
| 555 | #define PEM_R_UNSUPPORTED_CIPHER 113 | 664 | #define PEM_R_UNSUPPORTED_CIPHER 113 |
| 556 | #define PEM_R_UNSUPPORTED_ENCRYPTION 114 | 665 | #define PEM_R_UNSUPPORTED_ENCRYPTION 114 |
| 557 | 666 | ||
| 558 | #ifdef __cplusplus | 667 | #ifdef __cplusplus |
| 559 | } | 668 | } |
| 560 | #endif | 669 | #endif |
| 561 | #endif | 670 | #endif |
| 562 | |||
diff --git a/src/lib/libcrypto/pem/pem2.h b/src/lib/libcrypto/pem/pem2.h index 4a016aacd2..4e484bcd82 100644 --- a/src/lib/libcrypto/pem/pem2.h +++ b/src/lib/libcrypto/pem/pem2.h | |||
| @@ -57,4 +57,12 @@ | |||
| 57 | * Ben 30 Jan 1999. | 57 | * Ben 30 Jan 1999. |
| 58 | */ | 58 | */ |
| 59 | 59 | ||
| 60 | #ifdef __cplusplus | ||
| 61 | extern "C" { | ||
| 62 | #endif | ||
| 63 | |||
| 60 | void ERR_load_PEM_strings(void); | 64 | void ERR_load_PEM_strings(void); |
| 65 | |||
| 66 | #ifdef __cplusplus | ||
| 67 | } | ||
| 68 | #endif | ||
diff --git a/src/lib/libcrypto/pem/pem_all.c b/src/lib/libcrypto/pem/pem_all.c index d1cda7aabe..e72b7134ce 100644 --- a/src/lib/libcrypto/pem/pem_all.c +++ b/src/lib/libcrypto/pem/pem_all.c | |||
| @@ -59,430 +59,138 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #undef SSLEAY_MACROS | 60 | #undef SSLEAY_MACROS |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bio.h" | 62 | #include <openssl/bio.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "pkcs7.h" | 65 | #include <openssl/pkcs7.h> |
| 66 | #include "pem.h" | 66 | #include <openssl/pem.h> |
| 67 | |||
| 68 | #ifndef NO_FP_API | ||
| 69 | /* The X509 functions */ | ||
| 70 | X509 *PEM_read_X509(fp,x,cb) | ||
| 71 | FILE *fp; | ||
| 72 | X509 **x; | ||
| 73 | int (*cb)(); | ||
| 74 | { | ||
| 75 | return((X509 *)PEM_ASN1_read((char *(*)())d2i_X509, | ||
| 76 | PEM_STRING_X509,fp,(char **)x,cb)); | ||
| 77 | } | ||
| 78 | #endif | ||
| 79 | |||
| 80 | X509 *PEM_read_bio_X509(bp,x,cb) | ||
| 81 | BIO *bp; | ||
| 82 | X509 **x; | ||
| 83 | int (*cb)(); | ||
| 84 | { | ||
| 85 | return((X509 *)PEM_ASN1_read_bio((char *(*)())d2i_X509, | ||
| 86 | PEM_STRING_X509,bp,(char **)x,cb)); | ||
| 87 | } | ||
| 88 | 67 | ||
| 89 | #ifndef NO_FP_API | 68 | #ifndef OPENSSL_NO_RSA |
| 90 | int PEM_write_X509(fp,x) | 69 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa); |
| 91 | FILE *fp; | ||
| 92 | X509 *x; | ||
| 93 | { | ||
| 94 | return(PEM_ASN1_write((int (*)())i2d_X509,PEM_STRING_X509,fp, | ||
| 95 | (char *)x, NULL,NULL,0,NULL)); | ||
| 96 | } | ||
| 97 | #endif | 70 | #endif |
| 98 | 71 | #ifndef OPENSSL_NO_DSA | |
| 99 | int PEM_write_bio_X509(bp,x) | 72 | static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa); |
| 100 | BIO *bp; | ||
| 101 | X509 *x; | ||
| 102 | { | ||
| 103 | return(PEM_ASN1_write_bio((int (*)())i2d_X509,PEM_STRING_X509,bp, | ||
| 104 | (char *)x, NULL,NULL,0,NULL)); | ||
| 105 | } | ||
| 106 | |||
| 107 | #ifndef NO_FP_API | ||
| 108 | /* The X509_REQ functions */ | ||
| 109 | X509_REQ *PEM_read_X509_REQ(fp,x,cb) | ||
| 110 | FILE *fp; | ||
| 111 | X509_REQ **x; | ||
| 112 | int (*cb)(); | ||
| 113 | { | ||
| 114 | return((X509_REQ *)PEM_ASN1_read((char *(*)())d2i_X509_REQ, | ||
| 115 | PEM_STRING_X509_REQ,fp,(char **)x,cb)); | ||
| 116 | } | ||
| 117 | #endif | 73 | #endif |
| 118 | 74 | ||
| 119 | X509_REQ *PEM_read_bio_X509_REQ(bp,x,cb) | 75 | IMPLEMENT_PEM_rw(X509_REQ, X509_REQ, PEM_STRING_X509_REQ, X509_REQ) |
| 120 | BIO *bp; | ||
| 121 | X509_REQ **x; | ||
| 122 | int (*cb)(); | ||
| 123 | { | ||
| 124 | return((X509_REQ *)PEM_ASN1_read_bio((char *(*)())d2i_X509_REQ, | ||
| 125 | PEM_STRING_X509_REQ,bp,(char **)x,cb)); | ||
| 126 | } | ||
| 127 | 76 | ||
| 128 | #ifndef NO_FP_API | 77 | IMPLEMENT_PEM_write(X509_REQ_NEW, X509_REQ, PEM_STRING_X509_REQ_OLD, X509_REQ) |
| 129 | int PEM_write_X509_REQ(fp,x) | ||
| 130 | FILE *fp; | ||
| 131 | X509_REQ *x; | ||
| 132 | { | ||
| 133 | return(PEM_ASN1_write((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ,fp, | ||
| 134 | (char *)x, NULL,NULL,0,NULL)); | ||
| 135 | } | ||
| 136 | #endif | ||
| 137 | 78 | ||
| 138 | int PEM_write_bio_X509_REQ(bp,x) | 79 | IMPLEMENT_PEM_rw(X509_CRL, X509_CRL, PEM_STRING_X509_CRL, X509_CRL) |
| 139 | BIO *bp; | ||
| 140 | X509_REQ *x; | ||
| 141 | { | ||
| 142 | return(PEM_ASN1_write_bio((int (*)())i2d_X509_REQ,PEM_STRING_X509_REQ, | ||
| 143 | bp,(char *)x, NULL,NULL,0,NULL)); | ||
| 144 | } | ||
| 145 | 80 | ||
| 146 | #ifndef NO_FP_API | 81 | IMPLEMENT_PEM_rw(PKCS7, PKCS7, PEM_STRING_PKCS7, PKCS7) |
| 147 | /* The X509_CRL functions */ | ||
| 148 | X509_CRL *PEM_read_X509_CRL(fp,x,cb) | ||
| 149 | FILE *fp; | ||
| 150 | X509_CRL **x; | ||
| 151 | int (*cb)(); | ||
| 152 | { | ||
| 153 | return((X509_CRL *)PEM_ASN1_read((char *(*)())d2i_X509_CRL, | ||
| 154 | PEM_STRING_X509_CRL,fp,(char **)x,cb)); | ||
| 155 | } | ||
| 156 | #endif | ||
| 157 | 82 | ||
| 158 | X509_CRL *PEM_read_bio_X509_CRL(bp,x,cb) | 83 | IMPLEMENT_PEM_rw(NETSCAPE_CERT_SEQUENCE, NETSCAPE_CERT_SEQUENCE, |
| 159 | BIO *bp; | 84 | PEM_STRING_X509, NETSCAPE_CERT_SEQUENCE) |
| 160 | X509_CRL **x; | ||
| 161 | int (*cb)(); | ||
| 162 | { | ||
| 163 | return((X509_CRL *)PEM_ASN1_read_bio((char *(*)())d2i_X509_CRL, | ||
| 164 | PEM_STRING_X509_CRL,bp,(char **)x,cb)); | ||
| 165 | } | ||
| 166 | 85 | ||
| 167 | #ifndef NO_FP_API | ||
| 168 | int PEM_write_X509_CRL(fp,x) | ||
| 169 | FILE *fp; | ||
| 170 | X509_CRL *x; | ||
| 171 | { | ||
| 172 | return(PEM_ASN1_write((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL,fp, | ||
| 173 | (char *)x, NULL,NULL,0,NULL)); | ||
| 174 | } | ||
| 175 | #endif | ||
| 176 | |||
| 177 | int PEM_write_bio_X509_CRL(bp,x) | ||
| 178 | BIO *bp; | ||
| 179 | X509_CRL *x; | ||
| 180 | { | ||
| 181 | return(PEM_ASN1_write_bio((int (*)())i2d_X509_CRL,PEM_STRING_X509_CRL, | ||
| 182 | bp,(char *)x, NULL,NULL,0,NULL)); | ||
| 183 | } | ||
| 184 | 86 | ||
| 185 | #ifndef NO_RSA | 87 | #ifndef OPENSSL_NO_RSA |
| 186 | #ifndef NO_FP_API | ||
| 187 | /* The RSAPrivateKey functions */ | ||
| 188 | RSA *PEM_read_RSAPrivateKey(fp,x,cb) | ||
| 189 | FILE *fp; | ||
| 190 | RSA **x; | ||
| 191 | int (*cb)(); | ||
| 192 | { | ||
| 193 | return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPrivateKey, | ||
| 194 | PEM_STRING_RSA,fp,(char **)x,cb)); | ||
| 195 | } | ||
| 196 | |||
| 197 | RSA *PEM_read_RSAPublicKey(fp,x,cb) | ||
| 198 | FILE *fp; | ||
| 199 | RSA **x; | ||
| 200 | int (*cb)(); | ||
| 201 | { | ||
| 202 | return((RSA *)PEM_ASN1_read((char *(*)())d2i_RSAPublicKey, | ||
| 203 | PEM_STRING_RSA_PUBLIC,fp,(char **)x,cb)); | ||
| 204 | } | ||
| 205 | #endif | ||
| 206 | 88 | ||
| 207 | RSA *PEM_read_bio_RSAPrivateKey(bp,x,cb) | 89 | /* We treat RSA or DSA private keys as a special case. |
| 208 | BIO *bp; | 90 | * |
| 209 | RSA **x; | 91 | * For private keys we read in an EVP_PKEY structure with |
| 210 | int (*cb)(); | 92 | * PEM_read_bio_PrivateKey() and extract the relevant private |
| 211 | { | 93 | * key: this means can handle "traditional" and PKCS#8 formats |
| 212 | return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPrivateKey, | 94 | * transparently. |
| 213 | PEM_STRING_RSA,bp,(char **)x,cb)); | 95 | */ |
| 214 | } | ||
| 215 | 96 | ||
| 216 | RSA *PEM_read_bio_RSAPublicKey(bp,x,cb) | 97 | static RSA *pkey_get_rsa(EVP_PKEY *key, RSA **rsa) |
| 217 | BIO *bp; | 98 | { |
| 218 | RSA **x; | 99 | RSA *rtmp; |
| 219 | int (*cb)(); | 100 | if(!key) return NULL; |
| 220 | { | 101 | rtmp = EVP_PKEY_get1_RSA(key); |
| 221 | return((RSA *)PEM_ASN1_read_bio((char *(*)())d2i_RSAPublicKey, | 102 | EVP_PKEY_free(key); |
| 222 | PEM_STRING_RSA_PUBLIC,bp,(char **)x,cb)); | 103 | if(!rtmp) return NULL; |
| 104 | if(rsa) { | ||
| 105 | RSA_free(*rsa); | ||
| 106 | *rsa = rtmp; | ||
| 223 | } | 107 | } |
| 108 | return rtmp; | ||
| 109 | } | ||
| 224 | 110 | ||
| 225 | #ifndef NO_FP_API | 111 | RSA *PEM_read_bio_RSAPrivateKey(BIO *bp, RSA **rsa, pem_password_cb *cb, |
| 226 | int PEM_write_RSAPrivateKey(fp,x,enc,kstr,klen,cb) | 112 | void *u) |
| 227 | FILE *fp; | 113 | { |
| 228 | RSA *x; | 114 | EVP_PKEY *pktmp; |
| 229 | EVP_CIPHER *enc; | 115 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); |
| 230 | unsigned char *kstr; | 116 | return pkey_get_rsa(pktmp, rsa); |
| 231 | int klen; | 117 | } |
| 232 | int (*cb)(); | ||
| 233 | { | ||
| 234 | return(PEM_ASN1_write((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA,fp, | ||
| 235 | (char *)x,enc,kstr,klen,cb)); | ||
| 236 | } | ||
| 237 | 118 | ||
| 238 | int PEM_write_RSAPublicKey(fp,x) | 119 | #ifndef OPENSSL_NO_FP_API |
| 239 | FILE *fp; | ||
| 240 | RSA *x; | ||
| 241 | { | ||
| 242 | return(PEM_ASN1_write((int (*)())i2d_RSAPublicKey, | ||
| 243 | PEM_STRING_RSA_PUBLIC,fp, | ||
| 244 | (char *)x,NULL,NULL,0,NULL)); | ||
| 245 | } | ||
| 246 | #endif | ||
| 247 | 120 | ||
| 248 | int PEM_write_bio_RSAPrivateKey(bp,x,enc,kstr,klen,cb) | 121 | RSA *PEM_read_RSAPrivateKey(FILE *fp, RSA **rsa, pem_password_cb *cb, |
| 249 | BIO *bp; | 122 | void *u) |
| 250 | RSA *x; | 123 | { |
| 251 | EVP_CIPHER *enc; | 124 | EVP_PKEY *pktmp; |
| 252 | unsigned char *kstr; | 125 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
| 253 | int klen; | 126 | return pkey_get_rsa(pktmp, rsa); |
| 254 | int (*cb)(); | 127 | } |
| 255 | { | ||
| 256 | return(PEM_ASN1_write_bio((int (*)())i2d_RSAPrivateKey,PEM_STRING_RSA, | ||
| 257 | bp,(char *)x,enc,kstr,klen,cb)); | ||
| 258 | } | ||
| 259 | 128 | ||
| 260 | int PEM_write_bio_RSAPublicKey(bp,x) | ||
| 261 | BIO *bp; | ||
| 262 | RSA *x; | ||
| 263 | { | ||
| 264 | return(PEM_ASN1_write_bio((int (*)())i2d_RSAPublicKey, | ||
| 265 | PEM_STRING_RSA_PUBLIC, | ||
| 266 | bp,(char *)x,NULL,NULL,0,NULL)); | ||
| 267 | } | ||
| 268 | #endif /* !NO_RSA */ | ||
| 269 | |||
| 270 | #ifndef NO_DSA | ||
| 271 | #ifndef NO_FP_API | ||
| 272 | /* The DSAPrivateKey functions */ | ||
| 273 | DSA *PEM_read_DSAPrivateKey(fp,x,cb) | ||
| 274 | FILE *fp; | ||
| 275 | DSA **x; | ||
| 276 | int (*cb)(); | ||
| 277 | { | ||
| 278 | return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAPrivateKey, | ||
| 279 | PEM_STRING_DSA,fp,(char **)x,cb)); | ||
| 280 | } | ||
| 281 | #endif | 129 | #endif |
| 282 | 130 | ||
| 283 | DSA *PEM_read_bio_DSAPrivateKey(bp,x,cb) | 131 | IMPLEMENT_PEM_write_cb(RSAPrivateKey, RSA, PEM_STRING_RSA, RSAPrivateKey) |
| 284 | BIO *bp; | 132 | IMPLEMENT_PEM_rw(RSAPublicKey, RSA, PEM_STRING_RSA_PUBLIC, RSAPublicKey) |
| 285 | DSA **x; | 133 | IMPLEMENT_PEM_rw(RSA_PUBKEY, RSA, PEM_STRING_PUBLIC, RSA_PUBKEY) |
| 286 | int (*cb)(); | ||
| 287 | { | ||
| 288 | return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAPrivateKey, | ||
| 289 | PEM_STRING_DSA,bp,(char **)x,cb)); | ||
| 290 | } | ||
| 291 | |||
| 292 | #ifndef NO_FP_API | ||
| 293 | int PEM_write_DSAPrivateKey(fp,x,enc,kstr,klen,cb) | ||
| 294 | FILE *fp; | ||
| 295 | DSA *x; | ||
| 296 | EVP_CIPHER *enc; | ||
| 297 | unsigned char *kstr; | ||
| 298 | int klen; | ||
| 299 | int (*cb)(); | ||
| 300 | { | ||
| 301 | return(PEM_ASN1_write((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA,fp, | ||
| 302 | (char *)x,enc,kstr,klen,cb)); | ||
| 303 | } | ||
| 304 | #endif | ||
| 305 | 134 | ||
| 306 | int PEM_write_bio_DSAPrivateKey(bp,x,enc,kstr,klen,cb) | ||
| 307 | BIO *bp; | ||
| 308 | DSA *x; | ||
| 309 | EVP_CIPHER *enc; | ||
| 310 | unsigned char *kstr; | ||
| 311 | int klen; | ||
| 312 | int (*cb)(); | ||
| 313 | { | ||
| 314 | return(PEM_ASN1_write_bio((int (*)())i2d_DSAPrivateKey,PEM_STRING_DSA, | ||
| 315 | bp,(char *)x,enc,kstr,klen,cb)); | ||
| 316 | } | ||
| 317 | #endif | 135 | #endif |
| 318 | 136 | ||
| 319 | #ifndef NO_FP_API | 137 | #ifndef OPENSSL_NO_DSA |
| 320 | /* The PrivateKey functions */ | ||
| 321 | EVP_PKEY *PEM_read_PrivateKey(fp,x,cb) | ||
| 322 | FILE *fp; | ||
| 323 | EVP_PKEY **x; | ||
| 324 | int (*cb)(); | ||
| 325 | { | ||
| 326 | return((EVP_PKEY *)PEM_ASN1_read((char *(*)())d2i_PrivateKey, | ||
| 327 | PEM_STRING_EVP_PKEY,fp,(char **)x,cb)); | ||
| 328 | } | ||
| 329 | #endif | ||
| 330 | 138 | ||
| 331 | EVP_PKEY *PEM_read_bio_PrivateKey(bp,x,cb) | 139 | static DSA *pkey_get_dsa(EVP_PKEY *key, DSA **dsa) |
| 332 | BIO *bp; | 140 | { |
| 333 | EVP_PKEY **x; | 141 | DSA *dtmp; |
| 334 | int (*cb)(); | 142 | if(!key) return NULL; |
| 335 | { | 143 | dtmp = EVP_PKEY_get1_DSA(key); |
| 336 | return((EVP_PKEY *)PEM_ASN1_read_bio((char *(*)())d2i_PrivateKey, | 144 | EVP_PKEY_free(key); |
| 337 | PEM_STRING_EVP_PKEY,bp,(char **)x,cb)); | 145 | if(!dtmp) return NULL; |
| 146 | if(dsa) { | ||
| 147 | DSA_free(*dsa); | ||
| 148 | *dsa = dtmp; | ||
| 338 | } | 149 | } |
| 150 | return dtmp; | ||
| 151 | } | ||
| 339 | 152 | ||
| 340 | #ifndef NO_FP_API | 153 | DSA *PEM_read_bio_DSAPrivateKey(BIO *bp, DSA **dsa, pem_password_cb *cb, |
| 341 | int PEM_write_PrivateKey(fp,x,enc,kstr,klen,cb) | 154 | void *u) |
| 342 | FILE *fp; | 155 | { |
| 343 | EVP_PKEY *x; | 156 | EVP_PKEY *pktmp; |
| 344 | EVP_CIPHER *enc; | 157 | pktmp = PEM_read_bio_PrivateKey(bp, NULL, cb, u); |
| 345 | unsigned char *kstr; | 158 | return pkey_get_dsa(pktmp, dsa); |
| 346 | int klen; | 159 | } |
| 347 | int (*cb)(); | ||
| 348 | { | ||
| 349 | return(PEM_ASN1_write((int (*)())i2d_PrivateKey, | ||
| 350 | ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 351 | fp,(char *)x,enc,kstr,klen,cb)); | ||
| 352 | } | ||
| 353 | #endif | ||
| 354 | 160 | ||
| 355 | int PEM_write_bio_PrivateKey(bp,x,enc,kstr,klen,cb) | 161 | IMPLEMENT_PEM_write_cb(DSAPrivateKey, DSA, PEM_STRING_DSA, DSAPrivateKey) |
| 356 | BIO *bp; | 162 | IMPLEMENT_PEM_rw(DSA_PUBKEY, DSA, PEM_STRING_PUBLIC, DSA_PUBKEY) |
| 357 | EVP_PKEY *x; | ||
| 358 | EVP_CIPHER *enc; | ||
| 359 | unsigned char *kstr; | ||
| 360 | int klen; | ||
| 361 | int (*cb)(); | ||
| 362 | { | ||
| 363 | return(PEM_ASN1_write_bio((int (*)())i2d_PrivateKey, | ||
| 364 | ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), | ||
| 365 | bp,(char *)x,enc,kstr,klen,cb)); | ||
| 366 | } | ||
| 367 | 163 | ||
| 368 | #ifndef NO_FP_API | 164 | #ifndef OPENSSL_NO_FP_API |
| 369 | /* The PKCS7 functions */ | ||
| 370 | PKCS7 *PEM_read_PKCS7(fp,x,cb) | ||
| 371 | FILE *fp; | ||
| 372 | PKCS7 **x; | ||
| 373 | int (*cb)(); | ||
| 374 | { | ||
| 375 | return((PKCS7 *)PEM_ASN1_read((char *(*)())d2i_PKCS7, | ||
| 376 | PEM_STRING_PKCS7,fp,(char **)x,cb)); | ||
| 377 | } | ||
| 378 | #endif | ||
| 379 | 165 | ||
| 380 | PKCS7 *PEM_read_bio_PKCS7(bp,x,cb) | 166 | DSA *PEM_read_DSAPrivateKey(FILE *fp, DSA **dsa, pem_password_cb *cb, |
| 381 | BIO *bp; | 167 | void *u) |
| 382 | PKCS7 **x; | 168 | { |
| 383 | int (*cb)(); | 169 | EVP_PKEY *pktmp; |
| 384 | { | 170 | pktmp = PEM_read_PrivateKey(fp, NULL, cb, u); |
| 385 | return((PKCS7 *)PEM_ASN1_read_bio((char *(*)())d2i_PKCS7, | 171 | return pkey_get_dsa(pktmp, dsa); |
| 386 | PEM_STRING_PKCS7,bp,(char **)x,cb)); | 172 | } |
| 387 | } | ||
| 388 | 173 | ||
| 389 | #ifndef NO_FP_API | ||
| 390 | int PEM_write_PKCS7(fp,x) | ||
| 391 | FILE *fp; | ||
| 392 | PKCS7 *x; | ||
| 393 | { | ||
| 394 | return(PEM_ASN1_write((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,fp, | ||
| 395 | (char *)x, NULL,NULL,0,NULL)); | ||
| 396 | } | ||
| 397 | #endif | 174 | #endif |
| 398 | 175 | ||
| 399 | int PEM_write_bio_PKCS7(bp,x) | 176 | IMPLEMENT_PEM_rw(DSAparams, DSA, PEM_STRING_DSAPARAMS, DSAparams) |
| 400 | BIO *bp; | ||
| 401 | PKCS7 *x; | ||
| 402 | { | ||
| 403 | return(PEM_ASN1_write_bio((int (*)())i2d_PKCS7,PEM_STRING_PKCS7,bp, | ||
| 404 | (char *)x, NULL,NULL,0,NULL)); | ||
| 405 | } | ||
| 406 | 177 | ||
| 407 | #ifndef NO_DH | ||
| 408 | #ifndef NO_FP_API | ||
| 409 | /* The DHparams functions */ | ||
| 410 | DH *PEM_read_DHparams(fp,x,cb) | ||
| 411 | FILE *fp; | ||
| 412 | DH **x; | ||
| 413 | int (*cb)(); | ||
| 414 | { | ||
| 415 | return((DH *)PEM_ASN1_read((char *(*)())d2i_DHparams, | ||
| 416 | PEM_STRING_DHPARAMS,fp,(char **)x,cb)); | ||
| 417 | } | ||
| 418 | #endif | 178 | #endif |
| 419 | 179 | ||
| 420 | DH *PEM_read_bio_DHparams(bp,x,cb) | 180 | #ifndef OPENSSL_NO_DH |
| 421 | BIO *bp; | ||
| 422 | DH **x; | ||
| 423 | int (*cb)(); | ||
| 424 | { | ||
| 425 | return((DH *)PEM_ASN1_read_bio((char *(*)())d2i_DHparams, | ||
| 426 | PEM_STRING_DHPARAMS,bp,(char **)x,cb)); | ||
| 427 | } | ||
| 428 | 181 | ||
| 429 | #ifndef NO_FP_API | 182 | IMPLEMENT_PEM_rw(DHparams, DH, PEM_STRING_DHPARAMS, DHparams) |
| 430 | int PEM_write_DHparams(fp,x) | ||
| 431 | FILE *fp; | ||
| 432 | DH *x; | ||
| 433 | { | ||
| 434 | return(PEM_ASN1_write((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS,fp, | ||
| 435 | (char *)x, NULL,NULL,0,NULL)); | ||
| 436 | } | ||
| 437 | #endif | ||
| 438 | 183 | ||
| 439 | int PEM_write_bio_DHparams(bp,x) | ||
| 440 | BIO *bp; | ||
| 441 | DH *x; | ||
| 442 | { | ||
| 443 | return(PEM_ASN1_write_bio((int (*)())i2d_DHparams,PEM_STRING_DHPARAMS, | ||
| 444 | bp,(char *)x, NULL,NULL,0,NULL)); | ||
| 445 | } | ||
| 446 | #endif | 184 | #endif |
| 447 | 185 | ||
| 448 | #ifndef NO_DSA | ||
| 449 | #ifndef NO_FP_API | ||
| 450 | /* The DSAparams functions */ | ||
| 451 | DSA *PEM_read_DSAparams(fp,x,cb) | ||
| 452 | FILE *fp; | ||
| 453 | DSA **x; | ||
| 454 | int (*cb)(); | ||
| 455 | { | ||
| 456 | return((DSA *)PEM_ASN1_read((char *(*)())d2i_DSAparams, | ||
| 457 | PEM_STRING_DSAPARAMS,fp,(char **)x,cb)); | ||
| 458 | } | ||
| 459 | #endif | ||
| 460 | 186 | ||
| 461 | DSA *PEM_read_bio_DSAparams(bp,x,cb) | 187 | /* The PrivateKey case is not that straightforward. |
| 462 | BIO *bp; | 188 | * IMPLEMENT_PEM_rw_cb(PrivateKey, EVP_PKEY, PEM_STRING_EVP_PKEY, PrivateKey) |
| 463 | DSA **x; | 189 | * does not work, RSA and DSA keys have specific strings. |
| 464 | int (*cb)(); | 190 | * (When reading, parameter PEM_STRING_EVP_PKEY is a wildcard for anything |
| 465 | { | 191 | * appropriate.) |
| 466 | return((DSA *)PEM_ASN1_read_bio((char *(*)())d2i_DSAparams, | 192 | */ |
| 467 | PEM_STRING_DSAPARAMS,bp,(char **)x,cb)); | 193 | IMPLEMENT_PEM_write_cb(PrivateKey, EVP_PKEY, ((x->type == EVP_PKEY_DSA)?PEM_STRING_DSA:PEM_STRING_RSA), PrivateKey) |
| 468 | } | ||
| 469 | |||
| 470 | #ifndef NO_FP_API | ||
| 471 | int PEM_write_DSAparams(fp,x) | ||
| 472 | FILE *fp; | ||
| 473 | DSA *x; | ||
| 474 | { | ||
| 475 | return(PEM_ASN1_write((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS,fp, | ||
| 476 | (char *)x, NULL,NULL,0,NULL)); | ||
| 477 | } | ||
| 478 | #endif | ||
| 479 | 194 | ||
| 480 | int PEM_write_bio_DSAparams(bp,x) | 195 | IMPLEMENT_PEM_rw(PUBKEY, EVP_PKEY, PEM_STRING_PUBLIC, PUBKEY) |
| 481 | BIO *bp; | ||
| 482 | DSA *x; | ||
| 483 | { | ||
| 484 | return(PEM_ASN1_write_bio((int (*)())i2d_DSAparams,PEM_STRING_DSAPARAMS, | ||
| 485 | bp,(char *)x, NULL,NULL,0,NULL)); | ||
| 486 | } | ||
| 487 | #endif | ||
| 488 | 196 | ||
diff --git a/src/lib/libcrypto/pem/pem_err.c b/src/lib/libcrypto/pem/pem_err.c index e17fcdb540..3b39b84d66 100644 --- a/src/lib/libcrypto/pem/pem_err.c +++ b/src/lib/libcrypto/pem/pem_err.c | |||
| @@ -1,68 +1,73 @@ | |||
| 1 | /* lib/pem/pem_err.c */ | 1 | /* crypto/pem/pem_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "pem.h" | 63 | #include <openssl/pem.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA PEM_str_functs[]= | 67 | static ERR_STRING_DATA PEM_str_functs[]= |
| 65 | { | 68 | { |
| 69 | {ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_BIO,0), "d2i_PKCS8PrivateKey_bio"}, | ||
| 70 | {ERR_PACK(0,PEM_F_D2I_PKCS8PRIVATEKEY_FP,0), "d2i_PKCS8PrivateKey_fp"}, | ||
| 66 | {ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, | 71 | {ERR_PACK(0,PEM_F_DEF_CALLBACK,0), "DEF_CALLBACK"}, |
| 67 | {ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, | 72 | {ERR_PACK(0,PEM_F_LOAD_IV,0), "LOAD_IV"}, |
| 68 | {ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, | 73 | {ERR_PACK(0,PEM_F_PEM_ASN1_READ,0), "PEM_ASN1_read"}, |
| @@ -70,6 +75,8 @@ static ERR_STRING_DATA PEM_str_functs[]= | |||
| 70 | {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, | 75 | {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE,0), "PEM_ASN1_write"}, |
| 71 | {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, | 76 | {ERR_PACK(0,PEM_F_PEM_ASN1_WRITE_BIO,0), "PEM_ASN1_write_bio"}, |
| 72 | {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, | 77 | {ERR_PACK(0,PEM_F_PEM_DO_HEADER,0), "PEM_do_header"}, |
| 78 | {ERR_PACK(0,PEM_F_PEM_F_DO_PK8KEY_FP,0), "PEM_F_DO_PK8KEY_FP"}, | ||
| 79 | {ERR_PACK(0,PEM_F_PEM_F_PEM_WRITE_PKCS8PRIVATEKEY,0), "PEM_F_PEM_WRITE_PKCS8PRIVATEKEY"}, | ||
| 73 | {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, | 80 | {ERR_PACK(0,PEM_F_PEM_GET_EVP_CIPHER_INFO,0), "PEM_get_EVP_CIPHER_INFO"}, |
| 74 | {ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, | 81 | {ERR_PACK(0,PEM_F_PEM_READ,0), "PEM_read"}, |
| 75 | {ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, | 82 | {ERR_PACK(0,PEM_F_PEM_READ_BIO,0), "PEM_read_bio"}, |
| @@ -78,10 +85,11 @@ static ERR_STRING_DATA PEM_str_functs[]= | |||
| 78 | {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, | 85 | {ERR_PACK(0,PEM_F_PEM_SIGNFINAL,0), "PEM_SignFinal"}, |
| 79 | {ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, | 86 | {ERR_PACK(0,PEM_F_PEM_WRITE,0), "PEM_write"}, |
| 80 | {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, | 87 | {ERR_PACK(0,PEM_F_PEM_WRITE_BIO,0), "PEM_write_bio"}, |
| 88 | {ERR_PACK(0,PEM_F_PEM_WRITE_BIO_PKCS8PRIVATEKEY,0), "PEM_write_bio_PKCS8PrivateKey"}, | ||
| 81 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, | 89 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ,0), "PEM_X509_INFO_read"}, |
| 82 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, | 90 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_READ_BIO,0), "PEM_X509_INFO_read_bio"}, |
| 83 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, | 91 | {ERR_PACK(0,PEM_F_PEM_X509_INFO_WRITE_BIO,0), "PEM_X509_INFO_write_bio"}, |
| 84 | {0,NULL}, | 92 | {0,NULL} |
| 85 | }; | 93 | }; |
| 86 | 94 | ||
| 87 | static ERR_STRING_DATA PEM_str_reasons[]= | 95 | static ERR_STRING_DATA PEM_str_reasons[]= |
| @@ -91,6 +99,7 @@ static ERR_STRING_DATA PEM_str_reasons[]= | |||
| 91 | {PEM_R_BAD_END_LINE ,"bad end line"}, | 99 | {PEM_R_BAD_END_LINE ,"bad end line"}, |
| 92 | {PEM_R_BAD_IV_CHARS ,"bad iv chars"}, | 100 | {PEM_R_BAD_IV_CHARS ,"bad iv chars"}, |
| 93 | {PEM_R_BAD_PASSWORD_READ ,"bad password read"}, | 101 | {PEM_R_BAD_PASSWORD_READ ,"bad password read"}, |
| 102 | {PEM_R_ERROR_CONVERTING_PRIVATE_KEY ,"error converting private key"}, | ||
| 94 | {PEM_R_NOT_DEK_INFO ,"not dek info"}, | 103 | {PEM_R_NOT_DEK_INFO ,"not dek info"}, |
| 95 | {PEM_R_NOT_ENCRYPTED ,"not encrypted"}, | 104 | {PEM_R_NOT_ENCRYPTED ,"not encrypted"}, |
| 96 | {PEM_R_NOT_PROC_TYPE ,"not proc type"}, | 105 | {PEM_R_NOT_PROC_TYPE ,"not proc type"}, |
| @@ -101,19 +110,19 @@ static ERR_STRING_DATA PEM_str_reasons[]= | |||
| 101 | {PEM_R_SHORT_HEADER ,"short header"}, | 110 | {PEM_R_SHORT_HEADER ,"short header"}, |
| 102 | {PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, | 111 | {PEM_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, |
| 103 | {PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, | 112 | {PEM_R_UNSUPPORTED_ENCRYPTION ,"unsupported encryption"}, |
| 104 | {0,NULL}, | 113 | {0,NULL} |
| 105 | }; | 114 | }; |
| 106 | 115 | ||
| 107 | #endif | 116 | #endif |
| 108 | 117 | ||
| 109 | void ERR_load_PEM_strings() | 118 | void ERR_load_PEM_strings(void) |
| 110 | { | 119 | { |
| 111 | static int init=1; | 120 | static int init=1; |
| 112 | 121 | ||
| 113 | if (init); | 122 | if (init) |
| 114 | {; | 123 | { |
| 115 | init=0; | 124 | init=0; |
| 116 | #ifndef NO_ERR | 125 | #ifndef OPENSSL_NO_ERR |
| 117 | ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); | 126 | ERR_load_strings(ERR_LIB_PEM,PEM_str_functs); |
| 118 | ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); | 127 | ERR_load_strings(ERR_LIB_PEM,PEM_str_reasons); |
| 119 | #endif | 128 | #endif |
diff --git a/src/lib/libcrypto/pem/pem_info.c b/src/lib/libcrypto/pem/pem_info.c index 4b69833b62..9a6dffb45c 100644 --- a/src/lib/libcrypto/pem/pem_info.c +++ b/src/lib/libcrypto/pem/pem_info.c | |||
| @@ -58,20 +58,17 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "pem.h" | 65 | #include <openssl/pem.h> |
| 66 | 66 | ||
| 67 | #ifndef NO_FP_API | 67 | #ifndef OPENSSL_NO_FP_API |
| 68 | STACK *PEM_X509_INFO_read(fp,sk,cb) | 68 | STACK_OF(X509_INFO) *PEM_X509_INFO_read(FILE *fp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) |
| 69 | FILE *fp; | ||
| 70 | STACK *sk; | ||
| 71 | int (*cb)(); | ||
| 72 | { | 69 | { |
| 73 | BIO *b; | 70 | BIO *b; |
| 74 | STACK *ret; | 71 | STACK_OF(X509_INFO) *ret; |
| 75 | 72 | ||
| 76 | if ((b=BIO_new(BIO_s_file())) == NULL) | 73 | if ((b=BIO_new(BIO_s_file())) == NULL) |
| 77 | { | 74 | { |
| @@ -79,29 +76,26 @@ int (*cb)(); | |||
| 79 | return(0); | 76 | return(0); |
| 80 | } | 77 | } |
| 81 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 78 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 82 | ret=PEM_X509_INFO_read_bio(b,sk,cb); | 79 | ret=PEM_X509_INFO_read_bio(b,sk,cb,u); |
| 83 | BIO_free(b); | 80 | BIO_free(b); |
| 84 | return(ret); | 81 | return(ret); |
| 85 | } | 82 | } |
| 86 | #endif | 83 | #endif |
| 87 | 84 | ||
| 88 | STACK *PEM_X509_INFO_read_bio(bp,sk,cb) | 85 | STACK_OF(X509_INFO) *PEM_X509_INFO_read_bio(BIO *bp, STACK_OF(X509_INFO) *sk, pem_password_cb *cb, void *u) |
| 89 | BIO *bp; | ||
| 90 | STACK *sk; | ||
| 91 | int (*cb)(); | ||
| 92 | { | 86 | { |
| 93 | X509_INFO *xi=NULL; | 87 | X509_INFO *xi=NULL; |
| 94 | char *name=NULL,*header=NULL,**pp; | 88 | char *name=NULL,*header=NULL,**pp; |
| 95 | unsigned char *data=NULL,*p; | 89 | unsigned char *data=NULL,*p; |
| 96 | long len,error=0; | 90 | long len,error=0; |
| 97 | int ok=0; | 91 | int ok=0; |
| 98 | STACK *ret=NULL; | 92 | STACK_OF(X509_INFO) *ret=NULL; |
| 99 | unsigned int i,raw; | 93 | unsigned int i,raw; |
| 100 | char *(*d2i)(); | 94 | char *(*d2i)(); |
| 101 | 95 | ||
| 102 | if (sk == NULL) | 96 | if (sk == NULL) |
| 103 | { | 97 | { |
| 104 | if ((ret=sk_new_null()) == NULL) | 98 | if ((ret=sk_X509_INFO_new_null()) == NULL) |
| 105 | { | 99 | { |
| 106 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); | 100 | PEMerr(PEM_F_PEM_X509_INFO_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 107 | goto err; | 101 | goto err; |
| @@ -117,7 +111,7 @@ int (*cb)(); | |||
| 117 | i=PEM_read_bio(bp,&name,&header,&data,&len); | 111 | i=PEM_read_bio(bp,&name,&header,&data,&len); |
| 118 | if (i == 0) | 112 | if (i == 0) |
| 119 | { | 113 | { |
| 120 | error=ERR_GET_REASON(ERR_peek_error()); | 114 | error=ERR_GET_REASON(ERR_peek_last_error()); |
| 121 | if (error == PEM_R_NO_START_LINE) | 115 | if (error == PEM_R_NO_START_LINE) |
| 122 | { | 116 | { |
| 123 | ERR_clear_error(); | 117 | ERR_clear_error(); |
| @@ -132,7 +126,18 @@ start: | |||
| 132 | d2i=(char *(*)())d2i_X509; | 126 | d2i=(char *(*)())d2i_X509; |
| 133 | if (xi->x509 != NULL) | 127 | if (xi->x509 != NULL) |
| 134 | { | 128 | { |
| 135 | if (!sk_push(ret,(char *)xi)) goto err; | 129 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 130 | if ((xi=X509_INFO_new()) == NULL) goto err; | ||
| 131 | goto start; | ||
| 132 | } | ||
| 133 | pp=(char **)&(xi->x509); | ||
| 134 | } | ||
| 135 | else if ((strcmp(name,PEM_STRING_X509_TRUSTED) == 0)) | ||
| 136 | { | ||
| 137 | d2i=(char *(*)())d2i_X509_AUX; | ||
| 138 | if (xi->x509 != NULL) | ||
| 139 | { | ||
| 140 | if (!sk_X509_INFO_push(ret,xi)) goto err; | ||
| 136 | if ((xi=X509_INFO_new()) == NULL) goto err; | 141 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 137 | goto start; | 142 | goto start; |
| 138 | } | 143 | } |
| @@ -143,20 +148,20 @@ start: | |||
| 143 | d2i=(char *(*)())d2i_X509_CRL; | 148 | d2i=(char *(*)())d2i_X509_CRL; |
| 144 | if (xi->crl != NULL) | 149 | if (xi->crl != NULL) |
| 145 | { | 150 | { |
| 146 | if (!sk_push(ret,(char *)xi)) goto err; | 151 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 147 | if ((xi=X509_INFO_new()) == NULL) goto err; | 152 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 148 | goto start; | 153 | goto start; |
| 149 | } | 154 | } |
| 150 | pp=(char **)&(xi->crl); | 155 | pp=(char **)&(xi->crl); |
| 151 | } | 156 | } |
| 152 | else | 157 | else |
| 153 | #ifndef NO_RSA | 158 | #ifndef OPENSSL_NO_RSA |
| 154 | if (strcmp(name,PEM_STRING_RSA) == 0) | 159 | if (strcmp(name,PEM_STRING_RSA) == 0) |
| 155 | { | 160 | { |
| 156 | d2i=(char *(*)())d2i_RSAPrivateKey; | 161 | d2i=(char *(*)())d2i_RSAPrivateKey; |
| 157 | if (xi->x_pkey != NULL) | 162 | if (xi->x_pkey != NULL) |
| 158 | { | 163 | { |
| 159 | if (!sk_push(ret,(char *)xi)) goto err; | 164 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 160 | if ((xi=X509_INFO_new()) == NULL) goto err; | 165 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 161 | goto start; | 166 | goto start; |
| 162 | } | 167 | } |
| @@ -174,13 +179,13 @@ start: | |||
| 174 | } | 179 | } |
| 175 | else | 180 | else |
| 176 | #endif | 181 | #endif |
| 177 | #ifndef NO_DSA | 182 | #ifndef OPENSSL_NO_DSA |
| 178 | if (strcmp(name,PEM_STRING_DSA) == 0) | 183 | if (strcmp(name,PEM_STRING_DSA) == 0) |
| 179 | { | 184 | { |
| 180 | d2i=(char *(*)())d2i_DSAPrivateKey; | 185 | d2i=(char *(*)())d2i_DSAPrivateKey; |
| 181 | if (xi->x_pkey != NULL) | 186 | if (xi->x_pkey != NULL) |
| 182 | { | 187 | { |
| 183 | if (!sk_push(ret,(char *)xi)) goto err; | 188 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 184 | if ((xi=X509_INFO_new()) == NULL) goto err; | 189 | if ((xi=X509_INFO_new()) == NULL) goto err; |
| 185 | goto start; | 190 | goto start; |
| 186 | } | 191 | } |
| @@ -211,7 +216,7 @@ start: | |||
| 211 | 216 | ||
| 212 | if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) | 217 | if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) |
| 213 | goto err; | 218 | goto err; |
| 214 | if (!PEM_do_header(&cipher,data,&len,cb)) | 219 | if (!PEM_do_header(&cipher,data,&len,cb,u)) |
| 215 | goto err; | 220 | goto err; |
| 216 | p=data; | 221 | p=data; |
| 217 | if (d2i(pp,&p,len) == NULL) | 222 | if (d2i(pp,&p,len) == NULL) |
| @@ -232,9 +237,9 @@ start: | |||
| 232 | else { | 237 | else { |
| 233 | /* unknown */ | 238 | /* unknown */ |
| 234 | } | 239 | } |
| 235 | if (name != NULL) Free(name); | 240 | if (name != NULL) OPENSSL_free(name); |
| 236 | if (header != NULL) Free(header); | 241 | if (header != NULL) OPENSSL_free(header); |
| 237 | if (data != NULL) Free(data); | 242 | if (data != NULL) OPENSSL_free(data); |
| 238 | name=NULL; | 243 | name=NULL; |
| 239 | header=NULL; | 244 | header=NULL; |
| 240 | data=NULL; | 245 | data=NULL; |
| @@ -246,7 +251,7 @@ start: | |||
| 246 | if ((xi->x509 != NULL) || (xi->crl != NULL) || | 251 | if ((xi->x509 != NULL) || (xi->crl != NULL) || |
| 247 | (xi->x_pkey != NULL) || (xi->enc_data != NULL)) | 252 | (xi->x_pkey != NULL) || (xi->enc_data != NULL)) |
| 248 | { | 253 | { |
| 249 | if (!sk_push(ret,(char *)xi)) goto err; | 254 | if (!sk_X509_INFO_push(ret,xi)) goto err; |
| 250 | xi=NULL; | 255 | xi=NULL; |
| 251 | } | 256 | } |
| 252 | ok=1; | 257 | ok=1; |
| @@ -254,36 +259,30 @@ err: | |||
| 254 | if (xi != NULL) X509_INFO_free(xi); | 259 | if (xi != NULL) X509_INFO_free(xi); |
| 255 | if (!ok) | 260 | if (!ok) |
| 256 | { | 261 | { |
| 257 | for (i=0; ((int)i)<sk_num(ret); i++) | 262 | for (i=0; ((int)i)<sk_X509_INFO_num(ret); i++) |
| 258 | { | 263 | { |
| 259 | xi=(X509_INFO *)sk_value(ret,i); | 264 | xi=sk_X509_INFO_value(ret,i); |
| 260 | X509_INFO_free(xi); | 265 | X509_INFO_free(xi); |
| 261 | } | 266 | } |
| 262 | if (ret != sk) sk_free(ret); | 267 | if (ret != sk) sk_X509_INFO_free(ret); |
| 263 | ret=NULL; | 268 | ret=NULL; |
| 264 | } | 269 | } |
| 265 | 270 | ||
| 266 | if (name != NULL) Free(name); | 271 | if (name != NULL) OPENSSL_free(name); |
| 267 | if (header != NULL) Free(header); | 272 | if (header != NULL) OPENSSL_free(header); |
| 268 | if (data != NULL) Free(data); | 273 | if (data != NULL) OPENSSL_free(data); |
| 269 | return(ret); | 274 | return(ret); |
| 270 | } | 275 | } |
| 271 | 276 | ||
| 272 | 277 | ||
| 273 | /* A TJH addition */ | 278 | /* A TJH addition */ |
| 274 | int PEM_X509_INFO_write_bio(bp,xi,enc,kstr,klen,cb) | 279 | int PEM_X509_INFO_write_bio(BIO *bp, X509_INFO *xi, EVP_CIPHER *enc, |
| 275 | BIO *bp; | 280 | unsigned char *kstr, int klen, pem_password_cb *cb, void *u) |
| 276 | X509_INFO *xi; | ||
| 277 | EVP_CIPHER *enc; | ||
| 278 | unsigned char *kstr; | ||
| 279 | int klen; | ||
| 280 | int (*cb)(); | ||
| 281 | { | 281 | { |
| 282 | EVP_CIPHER_CTX ctx; | 282 | EVP_CIPHER_CTX ctx; |
| 283 | int i,ret=0; | 283 | int i,ret=0; |
| 284 | unsigned char *data=NULL; | 284 | unsigned char *data=NULL; |
| 285 | char *objstr=NULL; | 285 | const char *objstr=NULL; |
| 286 | #define PEM_BUFSIZE 1024 | ||
| 287 | char buf[PEM_BUFSIZE]; | 286 | char buf[PEM_BUFSIZE]; |
| 288 | unsigned char *iv=NULL; | 287 | unsigned char *iv=NULL; |
| 289 | 288 | ||
| @@ -306,7 +305,7 @@ int (*cb)(); | |||
| 306 | { | 305 | { |
| 307 | if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) | 306 | if ( (xi->enc_data!=NULL) && (xi->enc_len>0) ) |
| 308 | { | 307 | { |
| 309 | /* copy from wierdo names into more normal things */ | 308 | /* copy from weirdo names into more normal things */ |
| 310 | iv=xi->enc_cipher.iv; | 309 | iv=xi->enc_cipher.iv; |
| 311 | data=(unsigned char *)xi->enc_data; | 310 | data=(unsigned char *)xi->enc_data; |
| 312 | i=xi->enc_len; | 311 | i=xi->enc_len; |
| @@ -327,7 +326,7 @@ int (*cb)(); | |||
| 327 | /* create the right magic header stuff */ | 326 | /* create the right magic header stuff */ |
| 328 | buf[0]='\0'; | 327 | buf[0]='\0'; |
| 329 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); | 328 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); |
| 330 | PEM_dek_info(buf,objstr,8,(char *)iv); | 329 | PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); |
| 331 | 330 | ||
| 332 | /* use the normal code to write things out */ | 331 | /* use the normal code to write things out */ |
| 333 | i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); | 332 | i=PEM_write_bio(bp,PEM_STRING_RSA,buf,data,i); |
| @@ -336,18 +335,18 @@ int (*cb)(); | |||
| 336 | else | 335 | else |
| 337 | { | 336 | { |
| 338 | /* Add DSA/DH */ | 337 | /* Add DSA/DH */ |
| 339 | #ifndef NO_RSA | 338 | #ifndef OPENSSL_NO_RSA |
| 340 | /* normal optionally encrypted stuff */ | 339 | /* normal optionally encrypted stuff */ |
| 341 | if (PEM_write_bio_RSAPrivateKey(bp, | 340 | if (PEM_write_bio_RSAPrivateKey(bp, |
| 342 | xi->x_pkey->dec_pkey->pkey.rsa, | 341 | xi->x_pkey->dec_pkey->pkey.rsa, |
| 343 | enc,kstr,klen,cb)<=0) | 342 | enc,kstr,klen,cb,u)<=0) |
| 344 | goto err; | 343 | goto err; |
| 345 | #endif | 344 | #endif |
| 346 | } | 345 | } |
| 347 | } | 346 | } |
| 348 | 347 | ||
| 349 | /* if we have a certificate then write it out now */ | 348 | /* if we have a certificate then write it out now */ |
| 350 | if ((xi->x509 != NULL) || (PEM_write_bio_X509(bp,xi->x509) <= 0)) | 349 | if ((xi->x509 != NULL) && (PEM_write_bio_X509(bp,xi->x509) <= 0)) |
| 351 | goto err; | 350 | goto err; |
| 352 | 351 | ||
| 353 | /* we are ignoring anything else that is loaded into the X509_INFO | 352 | /* we are ignoring anything else that is loaded into the X509_INFO |
diff --git a/src/lib/libcrypto/pem/pem_lib.c b/src/lib/libcrypto/pem/pem_lib.c index 7a2c0ad83b..18b751a91a 100644 --- a/src/lib/libcrypto/pem/pem_lib.c +++ b/src/lib/libcrypto/pem/pem_lib.c | |||
| @@ -58,45 +58,40 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "buffer.h" | 61 | #include <openssl/buffer.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "rand.h" | 64 | #include <openssl/rand.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include "pem.h" | 66 | #include <openssl/pem.h> |
| 67 | #ifndef NO_DES | 67 | #include <openssl/pkcs12.h> |
| 68 | #include "des.h" | 68 | #ifndef OPENSSL_NO_DES |
| 69 | #include <openssl/des.h> | ||
| 69 | #endif | 70 | #endif |
| 70 | 71 | ||
| 71 | char *PEM_version="PEM part of SSLeay 0.9.0b 29-Jun-1998"; | 72 | const char *PEM_version="PEM" OPENSSL_VERSION_PTEXT; |
| 72 | 73 | ||
| 73 | #define MIN_LENGTH 4 | 74 | #define MIN_LENGTH 4 |
| 74 | 75 | ||
| 75 | /* PEMerr(PEM_F_PEM_WRITE_BIO,ERR_R_MALLOC_FAILURE); | ||
| 76 | * PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | ||
| 77 | */ | ||
| 78 | |||
| 79 | #ifndef NOPROTO | ||
| 80 | static int def_callback(char *buf, int num, int w); | ||
| 81 | static int load_iv(unsigned char **fromp,unsigned char *to, int num); | 76 | static int load_iv(unsigned char **fromp,unsigned char *to, int num); |
| 82 | #else | 77 | static int check_pem(const char *nm, const char *name); |
| 83 | static int def_callback(); | ||
| 84 | static int load_iv(); | ||
| 85 | #endif | ||
| 86 | 78 | ||
| 87 | static int def_callback(buf, num, w) | 79 | int PEM_def_callback(char *buf, int num, int w, void *key) |
| 88 | char *buf; | ||
| 89 | int num; | ||
| 90 | int w; | ||
| 91 | { | 80 | { |
| 92 | #ifdef NO_FP_API | 81 | #ifdef OPENSSL_NO_FP_API |
| 93 | /* We should not ever call the default callback routine from | 82 | /* We should not ever call the default callback routine from |
| 94 | * windows. */ | 83 | * windows. */ |
| 95 | PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 84 | PEMerr(PEM_F_DEF_CALLBACK,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 96 | return(-1); | 85 | return(-1); |
| 97 | #else | 86 | #else |
| 98 | int i,j; | 87 | int i,j; |
| 99 | char *prompt; | 88 | const char *prompt; |
| 89 | if(key) { | ||
| 90 | i=strlen(key); | ||
| 91 | i=(i > num)?num:i; | ||
| 92 | memcpy(buf,key,i); | ||
| 93 | return(i); | ||
| 94 | } | ||
| 100 | 95 | ||
| 101 | prompt=EVP_get_pw_prompt(); | 96 | prompt=EVP_get_pw_prompt(); |
| 102 | if (prompt == NULL) | 97 | if (prompt == NULL) |
| @@ -123,11 +118,9 @@ int w; | |||
| 123 | #endif | 118 | #endif |
| 124 | } | 119 | } |
| 125 | 120 | ||
| 126 | void PEM_proc_type(buf, type) | 121 | void PEM_proc_type(char *buf, int type) |
| 127 | char *buf; | ||
| 128 | int type; | ||
| 129 | { | 122 | { |
| 130 | char *str; | 123 | const char *str; |
| 131 | 124 | ||
| 132 | if (type == PEM_TYPE_ENCRYPTED) | 125 | if (type == PEM_TYPE_ENCRYPTED) |
| 133 | str="ENCRYPTED"; | 126 | str="ENCRYPTED"; |
| @@ -143,11 +136,7 @@ int type; | |||
| 143 | strcat(buf,"\n"); | 136 | strcat(buf,"\n"); |
| 144 | } | 137 | } |
| 145 | 138 | ||
| 146 | void PEM_dek_info(buf, type, len, str) | 139 | void PEM_dek_info(char *buf, const char *type, int len, char *str) |
| 147 | char *buf; | ||
| 148 | char *type; | ||
| 149 | int len; | ||
| 150 | char *str; | ||
| 151 | { | 140 | { |
| 152 | static unsigned char map[17]="0123456789ABCDEF"; | 141 | static unsigned char map[17]="0123456789ABCDEF"; |
| 153 | long i; | 142 | long i; |
| @@ -166,13 +155,9 @@ char *str; | |||
| 166 | buf[j+i*2+1]='\0'; | 155 | buf[j+i*2+1]='\0'; |
| 167 | } | 156 | } |
| 168 | 157 | ||
| 169 | #ifndef NO_FP_API | 158 | #ifndef OPENSSL_NO_FP_API |
| 170 | char *PEM_ASN1_read(d2i,name,fp, x, cb) | 159 | char *PEM_ASN1_read(char *(*d2i)(), const char *name, FILE *fp, char **x, |
| 171 | char *(*d2i)(); | 160 | pem_password_cb *cb, void *u) |
| 172 | char *name; | ||
| 173 | FILE *fp; | ||
| 174 | char **x; | ||
| 175 | int (*cb)(); | ||
| 176 | { | 161 | { |
| 177 | BIO *b; | 162 | BIO *b; |
| 178 | char *ret; | 163 | char *ret; |
| @@ -183,74 +168,97 @@ int (*cb)(); | |||
| 183 | return(0); | 168 | return(0); |
| 184 | } | 169 | } |
| 185 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 170 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 186 | ret=PEM_ASN1_read_bio(d2i,name,b,x,cb); | 171 | ret=PEM_ASN1_read_bio(d2i,name,b,x,cb,u); |
| 187 | BIO_free(b); | 172 | BIO_free(b); |
| 188 | return(ret); | 173 | return(ret); |
| 189 | } | 174 | } |
| 190 | #endif | 175 | #endif |
| 191 | 176 | ||
| 192 | char *PEM_ASN1_read_bio(d2i,name,bp, x, cb) | 177 | static int check_pem(const char *nm, const char *name) |
| 193 | char *(*d2i)(); | 178 | { |
| 194 | char *name; | 179 | /* Normal matching nm and name */ |
| 195 | BIO *bp; | 180 | if (!strcmp(nm,name)) return 1; |
| 196 | char **x; | 181 | |
| 197 | int (*cb)(); | 182 | /* Make PEM_STRING_EVP_PKEY match any private key */ |
| 183 | |||
| 184 | if(!strcmp(nm,PEM_STRING_PKCS8) && | ||
| 185 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
| 186 | |||
| 187 | if(!strcmp(nm,PEM_STRING_PKCS8INF) && | ||
| 188 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
| 189 | |||
| 190 | if(!strcmp(nm,PEM_STRING_RSA) && | ||
| 191 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
| 192 | |||
| 193 | if(!strcmp(nm,PEM_STRING_DSA) && | ||
| 194 | !strcmp(name,PEM_STRING_EVP_PKEY)) return 1; | ||
| 195 | |||
| 196 | /* Permit older strings */ | ||
| 197 | |||
| 198 | if(!strcmp(nm,PEM_STRING_X509_OLD) && | ||
| 199 | !strcmp(name,PEM_STRING_X509)) return 1; | ||
| 200 | |||
| 201 | if(!strcmp(nm,PEM_STRING_X509_REQ_OLD) && | ||
| 202 | !strcmp(name,PEM_STRING_X509_REQ)) return 1; | ||
| 203 | |||
| 204 | /* Allow normal certs to be read as trusted certs */ | ||
| 205 | if(!strcmp(nm,PEM_STRING_X509) && | ||
| 206 | !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; | ||
| 207 | |||
| 208 | if(!strcmp(nm,PEM_STRING_X509_OLD) && | ||
| 209 | !strcmp(name,PEM_STRING_X509_TRUSTED)) return 1; | ||
| 210 | |||
| 211 | /* Some CAs use PKCS#7 with CERTIFICATE headers */ | ||
| 212 | if(!strcmp(nm, PEM_STRING_X509) && | ||
| 213 | !strcmp(name, PEM_STRING_PKCS7)) return 1; | ||
| 214 | |||
| 215 | return 0; | ||
| 216 | } | ||
| 217 | |||
| 218 | int PEM_bytes_read_bio(unsigned char **pdata, long *plen, char **pnm, const char *name, BIO *bp, | ||
| 219 | pem_password_cb *cb, void *u) | ||
| 198 | { | 220 | { |
| 199 | EVP_CIPHER_INFO cipher; | 221 | EVP_CIPHER_INFO cipher; |
| 200 | char *nm=NULL,*header=NULL; | 222 | char *nm=NULL,*header=NULL; |
| 201 | unsigned char *p=NULL,*data=NULL; | 223 | unsigned char *data=NULL; |
| 202 | long len; | 224 | long len; |
| 203 | char *ret=NULL; | 225 | int ret = 0; |
| 204 | 226 | ||
| 205 | for (;;) | 227 | for (;;) |
| 206 | { | 228 | { |
| 207 | if (!PEM_read_bio(bp,&nm,&header,&data,&len)) return(NULL); | 229 | if (!PEM_read_bio(bp,&nm,&header,&data,&len)) { |
| 208 | if ( (strcmp(nm,name) == 0) || | 230 | if(ERR_GET_REASON(ERR_peek_error()) == |
| 209 | ((strcmp(nm,PEM_STRING_RSA) == 0) && | 231 | PEM_R_NO_START_LINE) |
| 210 | (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || | 232 | ERR_add_error_data(2, "Expecting: ", name); |
| 211 | ((strcmp(nm,PEM_STRING_DSA) == 0) && | 233 | return 0; |
| 212 | (strcmp(name,PEM_STRING_EVP_PKEY) == 0)) || | ||
| 213 | ((strcmp(nm,PEM_STRING_X509_OLD) == 0) && | ||
| 214 | (strcmp(name,PEM_STRING_X509) == 0)) || | ||
| 215 | ((strcmp(nm,PEM_STRING_X509_REQ_OLD) == 0) && | ||
| 216 | (strcmp(name,PEM_STRING_X509_REQ) == 0)) | ||
| 217 | ) | ||
| 218 | break; | ||
| 219 | Free(nm); | ||
| 220 | Free(header); | ||
| 221 | Free(data); | ||
| 222 | } | 234 | } |
| 223 | if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; | 235 | if(check_pem(nm, name)) break; |
| 224 | if (!PEM_do_header(&cipher,data,&len,cb)) goto err; | 236 | OPENSSL_free(nm); |
| 225 | p=data; | 237 | OPENSSL_free(header); |
| 226 | if (strcmp(name,PEM_STRING_EVP_PKEY) == 0) | 238 | OPENSSL_free(data); |
| 227 | { | ||
| 228 | if (strcmp(nm,PEM_STRING_RSA) == 0) | ||
| 229 | ret=d2i(EVP_PKEY_RSA,x,&p,len); | ||
| 230 | else if (strcmp(nm,PEM_STRING_DSA) == 0) | ||
| 231 | ret=d2i(EVP_PKEY_DSA,x,&p,len); | ||
| 232 | } | 239 | } |
| 233 | else | 240 | if (!PEM_get_EVP_CIPHER_INFO(header,&cipher)) goto err; |
| 234 | ret=d2i(x,&p,len); | 241 | if (!PEM_do_header(&cipher,data,&len,cb,u)) goto err; |
| 235 | if (ret == NULL) | 242 | |
| 236 | PEMerr(PEM_F_PEM_ASN1_READ_BIO,ERR_R_ASN1_LIB); | 243 | *pdata = data; |
| 244 | *plen = len; | ||
| 245 | |||
| 246 | if (pnm) | ||
| 247 | *pnm = nm; | ||
| 248 | |||
| 249 | ret = 1; | ||
| 250 | |||
| 237 | err: | 251 | err: |
| 238 | Free(nm); | 252 | if (!pnm) OPENSSL_free(nm); |
| 239 | Free(header); | 253 | OPENSSL_free(header); |
| 240 | Free(data); | 254 | if (!ret) OPENSSL_free(data); |
| 241 | return(ret); | 255 | return ret; |
| 242 | } | 256 | } |
| 243 | 257 | ||
| 244 | #ifndef NO_FP_API | 258 | #ifndef OPENSSL_NO_FP_API |
| 245 | int PEM_ASN1_write(i2d,name,fp, x, enc, kstr, klen, callback) | 259 | int PEM_ASN1_write(int (*i2d)(), const char *name, FILE *fp, char *x, |
| 246 | int (*i2d)(); | 260 | const EVP_CIPHER *enc, unsigned char *kstr, int klen, |
| 247 | char *name; | 261 | pem_password_cb *callback, void *u) |
| 248 | FILE *fp; | ||
| 249 | char *x; | ||
| 250 | EVP_CIPHER *enc; | ||
| 251 | unsigned char *kstr; | ||
| 252 | int klen; | ||
| 253 | int (*callback)(); | ||
| 254 | { | 262 | { |
| 255 | BIO *b; | 263 | BIO *b; |
| 256 | int ret; | 264 | int ret; |
| @@ -261,27 +269,20 @@ int (*callback)(); | |||
| 261 | return(0); | 269 | return(0); |
| 262 | } | 270 | } |
| 263 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 271 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 264 | ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback); | 272 | ret=PEM_ASN1_write_bio(i2d,name,b,x,enc,kstr,klen,callback,u); |
| 265 | BIO_free(b); | 273 | BIO_free(b); |
| 266 | return(ret); | 274 | return(ret); |
| 267 | } | 275 | } |
| 268 | #endif | 276 | #endif |
| 269 | 277 | ||
| 270 | int PEM_ASN1_write_bio(i2d,name,bp, x, enc, kstr, klen, callback) | 278 | int PEM_ASN1_write_bio(int (*i2d)(), const char *name, BIO *bp, char *x, |
| 271 | int (*i2d)(); | 279 | const EVP_CIPHER *enc, unsigned char *kstr, int klen, |
| 272 | char *name; | 280 | pem_password_cb *callback, void *u) |
| 273 | BIO *bp; | ||
| 274 | char *x; | ||
| 275 | EVP_CIPHER *enc; | ||
| 276 | unsigned char *kstr; | ||
| 277 | int klen; | ||
| 278 | int (*callback)(); | ||
| 279 | { | 281 | { |
| 280 | EVP_CIPHER_CTX ctx; | 282 | EVP_CIPHER_CTX ctx; |
| 281 | int dsize=0,i,j,ret=0; | 283 | int dsize=0,i,j,ret=0; |
| 282 | unsigned char *p,*data=NULL; | 284 | unsigned char *p,*data=NULL; |
| 283 | char *objstr=NULL; | 285 | const char *objstr=NULL; |
| 284 | #define PEM_BUFSIZE 1024 | ||
| 285 | char buf[PEM_BUFSIZE]; | 286 | char buf[PEM_BUFSIZE]; |
| 286 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 287 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 287 | unsigned char iv[EVP_MAX_IV_LENGTH]; | 288 | unsigned char iv[EVP_MAX_IV_LENGTH]; |
| @@ -303,7 +304,7 @@ int (*callback)(); | |||
| 303 | goto err; | 304 | goto err; |
| 304 | } | 305 | } |
| 305 | /* dzise + 8 bytes are needed */ | 306 | /* dzise + 8 bytes are needed */ |
| 306 | data=(unsigned char *)Malloc((unsigned int)dsize+20); | 307 | data=(unsigned char *)OPENSSL_malloc((unsigned int)dsize+20); |
| 307 | if (data == NULL) | 308 | if (data == NULL) |
| 308 | { | 309 | { |
| 309 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); | 310 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,ERR_R_MALLOC_FAILURE); |
| @@ -317,18 +318,23 @@ int (*callback)(); | |||
| 317 | if (kstr == NULL) | 318 | if (kstr == NULL) |
| 318 | { | 319 | { |
| 319 | if (callback == NULL) | 320 | if (callback == NULL) |
| 320 | klen=def_callback(buf,PEM_BUFSIZE,1); | 321 | klen=PEM_def_callback(buf,PEM_BUFSIZE,1,u); |
| 321 | else | 322 | else |
| 322 | klen=(*callback)(buf,PEM_BUFSIZE,1); | 323 | klen=(*callback)(buf,PEM_BUFSIZE,1,u); |
| 323 | if (klen <= 0) | 324 | if (klen <= 0) |
| 324 | { | 325 | { |
| 325 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); | 326 | PEMerr(PEM_F_PEM_ASN1_WRITE_BIO,PEM_R_READ_KEY); |
| 326 | goto err; | 327 | goto err; |
| 327 | } | 328 | } |
| 329 | #ifdef CHARSET_EBCDIC | ||
| 330 | /* Convert the pass phrase from EBCDIC */ | ||
| 331 | ebcdic2ascii(buf, buf, klen); | ||
| 332 | #endif | ||
| 328 | kstr=(unsigned char *)buf; | 333 | kstr=(unsigned char *)buf; |
| 329 | } | 334 | } |
| 330 | RAND_seed(data,i);/* put in the RSA key. */ | 335 | RAND_add(data,i,0);/* put in the RSA key. */ |
| 331 | RAND_bytes(iv,8); /* Generate a salt */ | 336 | if (RAND_pseudo_bytes(iv,enc->iv_len) < 0) /* Generate a salt */ |
| 337 | goto err; | ||
| 332 | /* The 'iv' is used as the iv and as a salt. It is | 338 | /* The 'iv' is used as the iv and as a salt. It is |
| 333 | * NOT taken from the BytesToKey function */ | 339 | * NOT taken from the BytesToKey function */ |
| 334 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); | 340 | EVP_BytesToKey(enc,EVP_md5(),iv,kstr,klen,1,key,NULL); |
| @@ -337,12 +343,14 @@ int (*callback)(); | |||
| 337 | 343 | ||
| 338 | buf[0]='\0'; | 344 | buf[0]='\0'; |
| 339 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); | 345 | PEM_proc_type(buf,PEM_TYPE_ENCRYPTED); |
| 340 | PEM_dek_info(buf,objstr,8,(char *)iv); | 346 | PEM_dek_info(buf,objstr,enc->iv_len,(char *)iv); |
| 341 | /* k=strlen(buf); */ | 347 | /* k=strlen(buf); */ |
| 342 | 348 | ||
| 343 | EVP_EncryptInit(&ctx,enc,key,iv); | 349 | EVP_CIPHER_CTX_init(&ctx); |
| 350 | EVP_EncryptInit_ex(&ctx,enc,NULL,key,iv); | ||
| 344 | EVP_EncryptUpdate(&ctx,data,&j,data,i); | 351 | EVP_EncryptUpdate(&ctx,data,&j,data,i); |
| 345 | EVP_EncryptFinal(&ctx,&(data[j]),&i); | 352 | EVP_EncryptFinal_ex(&ctx,&(data[j]),&i); |
| 353 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 346 | i+=j; | 354 | i+=j; |
| 347 | ret=1; | 355 | ret=1; |
| 348 | } | 356 | } |
| @@ -359,15 +367,12 @@ err: | |||
| 359 | memset((char *)&ctx,0,sizeof(ctx)); | 367 | memset((char *)&ctx,0,sizeof(ctx)); |
| 360 | memset(buf,0,PEM_BUFSIZE); | 368 | memset(buf,0,PEM_BUFSIZE); |
| 361 | memset(data,0,(unsigned int)dsize); | 369 | memset(data,0,(unsigned int)dsize); |
| 362 | Free(data); | 370 | OPENSSL_free(data); |
| 363 | return(ret); | 371 | return(ret); |
| 364 | } | 372 | } |
| 365 | 373 | ||
| 366 | int PEM_do_header(cipher, data, plen, callback) | 374 | int PEM_do_header(EVP_CIPHER_INFO *cipher, unsigned char *data, long *plen, |
| 367 | EVP_CIPHER_INFO *cipher; | 375 | pem_password_cb *callback,void *u) |
| 368 | unsigned char *data; | ||
| 369 | long *plen; | ||
| 370 | int (*callback)(); | ||
| 371 | { | 376 | { |
| 372 | int i,j,o,klen; | 377 | int i,j,o,klen; |
| 373 | long len; | 378 | long len; |
| @@ -379,21 +384,27 @@ int (*callback)(); | |||
| 379 | 384 | ||
| 380 | if (cipher->cipher == NULL) return(1); | 385 | if (cipher->cipher == NULL) return(1); |
| 381 | if (callback == NULL) | 386 | if (callback == NULL) |
| 382 | klen=def_callback(buf,PEM_BUFSIZE,0); | 387 | klen=PEM_def_callback(buf,PEM_BUFSIZE,0,u); |
| 383 | else | 388 | else |
| 384 | klen=callback(buf,PEM_BUFSIZE,0); | 389 | klen=callback(buf,PEM_BUFSIZE,0,u); |
| 385 | if (klen <= 0) | 390 | if (klen <= 0) |
| 386 | { | 391 | { |
| 387 | PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); | 392 | PEMerr(PEM_F_PEM_DO_HEADER,PEM_R_BAD_PASSWORD_READ); |
| 388 | return(0); | 393 | return(0); |
| 389 | } | 394 | } |
| 395 | #ifdef CHARSET_EBCDIC | ||
| 396 | /* Convert the pass phrase from EBCDIC */ | ||
| 397 | ebcdic2ascii(buf, buf, klen); | ||
| 398 | #endif | ||
| 399 | |||
| 390 | EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), | 400 | EVP_BytesToKey(cipher->cipher,EVP_md5(),&(cipher->iv[0]), |
| 391 | (unsigned char *)buf,klen,1,key,NULL); | 401 | (unsigned char *)buf,klen,1,key,NULL); |
| 392 | 402 | ||
| 393 | j=(int)len; | 403 | j=(int)len; |
| 394 | EVP_DecryptInit(&ctx,cipher->cipher,key,&(cipher->iv[0])); | 404 | EVP_CIPHER_CTX_init(&ctx); |
| 405 | EVP_DecryptInit_ex(&ctx,cipher->cipher,NULL, key,&(cipher->iv[0])); | ||
| 395 | EVP_DecryptUpdate(&ctx,data,&i,data,j); | 406 | EVP_DecryptUpdate(&ctx,data,&i,data,j); |
| 396 | o=EVP_DecryptFinal(&ctx,&(data[i]),&j); | 407 | o=EVP_DecryptFinal_ex(&ctx,&(data[i]),&j); |
| 397 | EVP_CIPHER_CTX_cleanup(&ctx); | 408 | EVP_CIPHER_CTX_cleanup(&ctx); |
| 398 | memset((char *)buf,0,sizeof(buf)); | 409 | memset((char *)buf,0,sizeof(buf)); |
| 399 | memset((char *)key,0,sizeof(key)); | 410 | memset((char *)key,0,sizeof(key)); |
| @@ -407,12 +418,10 @@ int (*callback)(); | |||
| 407 | return(1); | 418 | return(1); |
| 408 | } | 419 | } |
| 409 | 420 | ||
| 410 | int PEM_get_EVP_CIPHER_INFO(header,cipher) | 421 | int PEM_get_EVP_CIPHER_INFO(char *header, EVP_CIPHER_INFO *cipher) |
| 411 | char *header; | ||
| 412 | EVP_CIPHER_INFO *cipher; | ||
| 413 | { | 422 | { |
| 414 | int o; | 423 | int o; |
| 415 | EVP_CIPHER *enc=NULL; | 424 | const EVP_CIPHER *enc=NULL; |
| 416 | char *p,c; | 425 | char *p,c; |
| 417 | 426 | ||
| 418 | cipher->cipher=NULL; | 427 | cipher->cipher=NULL; |
| @@ -438,9 +447,15 @@ EVP_CIPHER_INFO *cipher; | |||
| 438 | for (;;) | 447 | for (;;) |
| 439 | { | 448 | { |
| 440 | c= *header; | 449 | c= *header; |
| 450 | #ifndef CHARSET_EBCDIC | ||
| 441 | if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || | 451 | if (!( ((c >= 'A') && (c <= 'Z')) || (c == '-') || |
| 442 | ((c >= '0') && (c <= '9')))) | 452 | ((c >= '0') && (c <= '9')))) |
| 443 | break; | 453 | break; |
| 454 | #else | ||
| 455 | if (!( isupper(c) || (c == '-') || | ||
| 456 | isdigit(c))) | ||
| 457 | break; | ||
| 458 | #endif | ||
| 444 | header++; | 459 | header++; |
| 445 | } | 460 | } |
| 446 | *header='\0'; | 461 | *header='\0'; |
| @@ -454,14 +469,12 @@ EVP_CIPHER_INFO *cipher; | |||
| 454 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); | 469 | PEMerr(PEM_F_PEM_GET_EVP_CIPHER_INFO,PEM_R_UNSUPPORTED_ENCRYPTION); |
| 455 | return(0); | 470 | return(0); |
| 456 | } | 471 | } |
| 457 | if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),8)) return(0); | 472 | if (!load_iv((unsigned char **)&header,&(cipher->iv[0]),enc->iv_len)) return(0); |
| 458 | 473 | ||
| 459 | return(1); | 474 | return(1); |
| 460 | } | 475 | } |
| 461 | 476 | ||
| 462 | static int load_iv(fromp,to,num) | 477 | static int load_iv(unsigned char **fromp, unsigned char *to, int num) |
| 463 | unsigned char **fromp,*to; | ||
| 464 | int num; | ||
| 465 | { | 478 | { |
| 466 | int v,i; | 479 | int v,i; |
| 467 | unsigned char *from; | 480 | unsigned char *from; |
| @@ -490,13 +503,9 @@ int num; | |||
| 490 | return(1); | 503 | return(1); |
| 491 | } | 504 | } |
| 492 | 505 | ||
| 493 | #ifndef NO_FP_API | 506 | #ifndef OPENSSL_NO_FP_API |
| 494 | int PEM_write(fp, name, header, data,len) | 507 | int PEM_write(FILE *fp, char *name, char *header, unsigned char *data, |
| 495 | FILE *fp; | 508 | long len) |
| 496 | char *name; | ||
| 497 | char *header; | ||
| 498 | unsigned char *data; | ||
| 499 | long len; | ||
| 500 | { | 509 | { |
| 501 | BIO *b; | 510 | BIO *b; |
| 502 | int ret; | 511 | int ret; |
| @@ -513,12 +522,8 @@ long len; | |||
| 513 | } | 522 | } |
| 514 | #endif | 523 | #endif |
| 515 | 524 | ||
| 516 | int PEM_write_bio(bp, name, header, data,len) | 525 | int PEM_write_bio(BIO *bp, const char *name, char *header, unsigned char *data, |
| 517 | BIO *bp; | 526 | long len) |
| 518 | char *name; | ||
| 519 | char *header; | ||
| 520 | unsigned char *data; | ||
| 521 | long len; | ||
| 522 | { | 527 | { |
| 523 | int nlen,n,i,j,outl; | 528 | int nlen,n,i,j,outl; |
| 524 | unsigned char *buf; | 529 | unsigned char *buf; |
| @@ -541,7 +546,7 @@ long len; | |||
| 541 | goto err; | 546 | goto err; |
| 542 | } | 547 | } |
| 543 | 548 | ||
| 544 | buf=(unsigned char *)Malloc(PEM_BUFSIZE*8); | 549 | buf=(unsigned char *)OPENSSL_malloc(PEM_BUFSIZE*8); |
| 545 | if (buf == NULL) | 550 | if (buf == NULL) |
| 546 | { | 551 | { |
| 547 | reason=ERR_R_MALLOC_FAILURE; | 552 | reason=ERR_R_MALLOC_FAILURE; |
| @@ -561,7 +566,7 @@ long len; | |||
| 561 | } | 566 | } |
| 562 | EVP_EncodeFinal(&ctx,buf,&outl); | 567 | EVP_EncodeFinal(&ctx,buf,&outl); |
| 563 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; | 568 | if ((outl > 0) && (BIO_write(bp,(char *)buf,outl) != outl)) goto err; |
| 564 | Free(buf); | 569 | OPENSSL_free(buf); |
| 565 | if ( (BIO_write(bp,"-----END ",9) != 9) || | 570 | if ( (BIO_write(bp,"-----END ",9) != 9) || |
| 566 | (BIO_write(bp,name,nlen) != nlen) || | 571 | (BIO_write(bp,name,nlen) != nlen) || |
| 567 | (BIO_write(bp,"-----\n",6) != 6)) | 572 | (BIO_write(bp,"-----\n",6) != 6)) |
| @@ -572,13 +577,9 @@ err: | |||
| 572 | return(0); | 577 | return(0); |
| 573 | } | 578 | } |
| 574 | 579 | ||
| 575 | #ifndef NO_FP_API | 580 | #ifndef OPENSSL_NO_FP_API |
| 576 | int PEM_read(fp, name, header, data,len) | 581 | int PEM_read(FILE *fp, char **name, char **header, unsigned char **data, |
| 577 | FILE *fp; | 582 | long *len) |
| 578 | char **name; | ||
| 579 | char **header; | ||
| 580 | unsigned char **data; | ||
| 581 | long *len; | ||
| 582 | { | 583 | { |
| 583 | BIO *b; | 584 | BIO *b; |
| 584 | int ret; | 585 | int ret; |
| @@ -595,12 +596,8 @@ long *len; | |||
| 595 | } | 596 | } |
| 596 | #endif | 597 | #endif |
| 597 | 598 | ||
| 598 | int PEM_read_bio(bp, name, header, data, len) | 599 | int PEM_read_bio(BIO *bp, char **name, char **header, unsigned char **data, |
| 599 | BIO *bp; | 600 | long *len) |
| 600 | char **name; | ||
| 601 | char **header; | ||
| 602 | unsigned char **data; | ||
| 603 | long *len; | ||
| 604 | { | 601 | { |
| 605 | EVP_ENCODE_CTX ctx; | 602 | EVP_ENCODE_CTX ctx; |
| 606 | int end=0,i,k,bl=0,hl=0,nohead=0; | 603 | int end=0,i,k,bl=0,hl=0,nohead=0; |
| @@ -643,7 +640,7 @@ long *len; | |||
| 643 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 640 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 644 | goto err; | 641 | goto err; |
| 645 | } | 642 | } |
| 646 | strncpy(nameB->data,&(buf[11]),(unsigned int)i-6); | 643 | memcpy(nameB->data,&(buf[11]),i-6); |
| 647 | nameB->data[i-6]='\0'; | 644 | nameB->data[i-6]='\0'; |
| 648 | break; | 645 | break; |
| 649 | } | 646 | } |
| @@ -668,7 +665,7 @@ long *len; | |||
| 668 | nohead=1; | 665 | nohead=1; |
| 669 | break; | 666 | break; |
| 670 | } | 667 | } |
| 671 | strncpy(&(headerB->data[hl]),buf,(unsigned int)i); | 668 | memcpy(&(headerB->data[hl]),buf,i); |
| 672 | headerB->data[hl+i]='\0'; | 669 | headerB->data[hl+i]='\0'; |
| 673 | hl+=i; | 670 | hl+=i; |
| 674 | } | 671 | } |
| @@ -696,7 +693,7 @@ long *len; | |||
| 696 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); | 693 | PEMerr(PEM_F_PEM_READ_BIO,ERR_R_MALLOC_FAILURE); |
| 697 | goto err; | 694 | goto err; |
| 698 | } | 695 | } |
| 699 | strncpy(&(dataB->data[bl]),buf,(unsigned int)i); | 696 | memcpy(&(dataB->data[bl]),buf,i); |
| 700 | dataB->data[bl+i]='\0'; | 697 | dataB->data[bl+i]='\0'; |
| 701 | bl+=i; | 698 | bl+=i; |
| 702 | if (end) | 699 | if (end) |
| @@ -721,7 +718,7 @@ long *len; | |||
| 721 | } | 718 | } |
| 722 | i=strlen(nameB->data); | 719 | i=strlen(nameB->data); |
| 723 | if ( (strncmp(buf,"-----END ",9) != 0) || | 720 | if ( (strncmp(buf,"-----END ",9) != 0) || |
| 724 | (strncmp(nameB->data,&(buf[9]),(unsigned int)i) != 0) || | 721 | (strncmp(nameB->data,&(buf[9]),i) != 0) || |
| 725 | (strncmp(&(buf[9+i]),"-----\n",6) != 0)) | 722 | (strncmp(&(buf[9+i]),"-----\n",6) != 0)) |
| 726 | { | 723 | { |
| 727 | PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); | 724 | PEMerr(PEM_F_PEM_READ_BIO,PEM_R_BAD_END_LINE); |
| @@ -750,9 +747,9 @@ long *len; | |||
| 750 | *header=headerB->data; | 747 | *header=headerB->data; |
| 751 | *data=(unsigned char *)dataB->data; | 748 | *data=(unsigned char *)dataB->data; |
| 752 | *len=bl; | 749 | *len=bl; |
| 753 | Free(nameB); | 750 | OPENSSL_free(nameB); |
| 754 | Free(headerB); | 751 | OPENSSL_free(headerB); |
| 755 | Free(dataB); | 752 | OPENSSL_free(dataB); |
| 756 | return(1); | 753 | return(1); |
| 757 | err: | 754 | err: |
| 758 | BUF_MEM_free(nameB); | 755 | BUF_MEM_free(nameB); |
diff --git a/src/lib/libcrypto/pem/pem_seal.c b/src/lib/libcrypto/pem/pem_seal.c index b4b36df453..ae463a301d 100644 --- a/src/lib/libcrypto/pem/pem_seal.c +++ b/src/lib/libcrypto/pem/pem_seal.c | |||
| @@ -56,23 +56,18 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef OPENSSL_NO_RSA | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 62 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 63 | #include "objects.h" | 64 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 65 | #include "pem.h" | 66 | #include <openssl/pem.h> |
| 66 | 67 | ||
| 67 | int PEM_SealInit(ctx,type,md_type,ek,ekl,iv,pubk,npubk) | 68 | int PEM_SealInit(PEM_ENCODE_SEAL_CTX *ctx, EVP_CIPHER *type, EVP_MD *md_type, |
| 68 | PEM_ENCODE_SEAL_CTX *ctx; | 69 | unsigned char **ek, int *ekl, unsigned char *iv, EVP_PKEY **pubk, |
| 69 | EVP_CIPHER *type; | 70 | int npubk) |
| 70 | EVP_MD *md_type; | ||
| 71 | unsigned char **ek; | ||
| 72 | int *ekl; | ||
| 73 | unsigned char *iv; | ||
| 74 | EVP_PKEY **pubk; | ||
| 75 | int npubk; | ||
| 76 | { | 71 | { |
| 77 | unsigned char key[EVP_MAX_KEY_LENGTH]; | 72 | unsigned char key[EVP_MAX_KEY_LENGTH]; |
| 78 | int ret= -1; | 73 | int ret= -1; |
| @@ -89,17 +84,20 @@ int npubk; | |||
| 89 | j=RSA_size(pubk[i]->pkey.rsa); | 84 | j=RSA_size(pubk[i]->pkey.rsa); |
| 90 | if (j > max) max=j; | 85 | if (j > max) max=j; |
| 91 | } | 86 | } |
| 92 | s=(char *)Malloc(max*2); | 87 | s=(char *)OPENSSL_malloc(max*2); |
| 93 | if (s == NULL) | 88 | if (s == NULL) |
| 94 | { | 89 | { |
| 95 | PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); | 90 | PEMerr(PEM_F_PEM_SEALINIT,ERR_R_MALLOC_FAILURE); |
| 96 | goto err; | 91 | goto err; |
| 97 | } | 92 | } |
| 98 | 93 | ||
| 99 | EVP_EncodeInit(&(ctx->encode)); | 94 | EVP_EncodeInit(&ctx->encode); |
| 100 | EVP_SignInit(&(ctx->md),md_type); | 95 | |
| 96 | EVP_MD_CTX_init(&ctx->md); | ||
| 97 | EVP_SignInit(&ctx->md,md_type); | ||
| 101 | 98 | ||
| 102 | ret=EVP_SealInit(&(ctx->cipher),type,ek,ekl,iv,pubk,npubk); | 99 | EVP_CIPHER_CTX_init(&ctx->cipher); |
| 100 | ret=EVP_SealInit(&ctx->cipher,type,ek,ekl,iv,pubk,npubk); | ||
| 103 | if (!ret) goto err; | 101 | if (!ret) goto err; |
| 104 | 102 | ||
| 105 | /* base64 encode the keys */ | 103 | /* base64 encode the keys */ |
| @@ -113,23 +111,19 @@ int npubk; | |||
| 113 | 111 | ||
| 114 | ret=npubk; | 112 | ret=npubk; |
| 115 | err: | 113 | err: |
| 116 | if (s != NULL) Free(s); | 114 | if (s != NULL) OPENSSL_free(s); |
| 117 | memset(key,0,EVP_MAX_KEY_LENGTH); | 115 | memset(key,0,EVP_MAX_KEY_LENGTH); |
| 118 | return(ret); | 116 | return(ret); |
| 119 | } | 117 | } |
| 120 | 118 | ||
| 121 | void PEM_SealUpdate(ctx,out,outl,in,inl) | 119 | void PEM_SealUpdate(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *out, int *outl, |
| 122 | PEM_ENCODE_SEAL_CTX *ctx; | 120 | unsigned char *in, int inl) |
| 123 | unsigned char *out; | ||
| 124 | int *outl; | ||
| 125 | unsigned char *in; | ||
| 126 | int inl; | ||
| 127 | { | 121 | { |
| 128 | unsigned char buffer[1600]; | 122 | unsigned char buffer[1600]; |
| 129 | int i,j; | 123 | int i,j; |
| 130 | 124 | ||
| 131 | *outl=0; | 125 | *outl=0; |
| 132 | EVP_SignUpdate(&(ctx->md),in,inl); | 126 | EVP_SignUpdate(&ctx->md,in,inl); |
| 133 | for (;;) | 127 | for (;;) |
| 134 | { | 128 | { |
| 135 | if (inl <= 0) break; | 129 | if (inl <= 0) break; |
| @@ -137,8 +131,8 @@ int inl; | |||
| 137 | i=1200; | 131 | i=1200; |
| 138 | else | 132 | else |
| 139 | i=inl; | 133 | i=inl; |
| 140 | EVP_EncryptUpdate(&(ctx->cipher),buffer,&j,in,i); | 134 | EVP_EncryptUpdate(&ctx->cipher,buffer,&j,in,i); |
| 141 | EVP_EncodeUpdate(&(ctx->encode),out,&j,buffer,j); | 135 | EVP_EncodeUpdate(&ctx->encode,out,&j,buffer,j); |
| 142 | *outl+=j; | 136 | *outl+=j; |
| 143 | out+=j; | 137 | out+=j; |
| 144 | in+=i; | 138 | in+=i; |
| @@ -146,13 +140,8 @@ int inl; | |||
| 146 | } | 140 | } |
| 147 | } | 141 | } |
| 148 | 142 | ||
| 149 | int PEM_SealFinal(ctx,sig,sigl,out,outl,priv) | 143 | int PEM_SealFinal(PEM_ENCODE_SEAL_CTX *ctx, unsigned char *sig, int *sigl, |
| 150 | PEM_ENCODE_SEAL_CTX *ctx; | 144 | unsigned char *out, int *outl, EVP_PKEY *priv) |
| 151 | unsigned char *sig; | ||
| 152 | int *sigl; | ||
| 153 | unsigned char *out; | ||
| 154 | int *outl; | ||
| 155 | EVP_PKEY *priv; | ||
| 156 | { | 145 | { |
| 157 | unsigned char *s=NULL; | 146 | unsigned char *s=NULL; |
| 158 | int ret=0,j; | 147 | int ret=0,j; |
| @@ -165,27 +154,34 @@ EVP_PKEY *priv; | |||
| 165 | } | 154 | } |
| 166 | i=RSA_size(priv->pkey.rsa); | 155 | i=RSA_size(priv->pkey.rsa); |
| 167 | if (i < 100) i=100; | 156 | if (i < 100) i=100; |
| 168 | s=(unsigned char *)Malloc(i*2); | 157 | s=(unsigned char *)OPENSSL_malloc(i*2); |
| 169 | if (s == NULL) | 158 | if (s == NULL) |
| 170 | { | 159 | { |
| 171 | PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); | 160 | PEMerr(PEM_F_PEM_SEALFINAL,ERR_R_MALLOC_FAILURE); |
| 172 | goto err; | 161 | goto err; |
| 173 | } | 162 | } |
| 174 | 163 | ||
| 175 | EVP_EncryptFinal(&(ctx->cipher),s,(int *)&i); | 164 | EVP_EncryptFinal_ex(&ctx->cipher,s,(int *)&i); |
| 176 | EVP_EncodeUpdate(&(ctx->encode),out,&j,s,i); | 165 | EVP_EncodeUpdate(&ctx->encode,out,&j,s,i); |
| 177 | *outl=j; | 166 | *outl=j; |
| 178 | out+=j; | 167 | out+=j; |
| 179 | EVP_EncodeFinal(&(ctx->encode),out,&j); | 168 | EVP_EncodeFinal(&ctx->encode,out,&j); |
| 180 | *outl+=j; | 169 | *outl+=j; |
| 181 | 170 | ||
| 182 | if (!EVP_SignFinal(&(ctx->md),s,&i,priv)) goto err; | 171 | if (!EVP_SignFinal(&ctx->md,s,&i,priv)) goto err; |
| 183 | *sigl=EVP_EncodeBlock(sig,s,i); | 172 | *sigl=EVP_EncodeBlock(sig,s,i); |
| 184 | 173 | ||
| 185 | ret=1; | 174 | ret=1; |
| 186 | err: | 175 | err: |
| 187 | memset((char *)&(ctx->md),0,sizeof(ctx->md)); | 176 | EVP_MD_CTX_cleanup(&ctx->md); |
| 188 | memset((char *)&(ctx->cipher),0,sizeof(ctx->cipher)); | 177 | EVP_CIPHER_CTX_cleanup(&ctx->cipher); |
| 189 | if (s != NULL) Free(s); | 178 | if (s != NULL) OPENSSL_free(s); |
| 190 | return(ret); | 179 | return(ret); |
| 191 | } | 180 | } |
| 181 | #else /* !OPENSSL_NO_RSA */ | ||
| 182 | |||
| 183 | # if PEDANTIC | ||
| 184 | static void *dummy=&dummy; | ||
| 185 | # endif | ||
| 186 | |||
| 187 | #endif | ||
diff --git a/src/lib/libcrypto/pem/pem_sign.c b/src/lib/libcrypto/pem/pem_sign.c index d56f9f9e14..c3b9808cb2 100644 --- a/src/lib/libcrypto/pem/pem_sign.c +++ b/src/lib/libcrypto/pem/pem_sign.c | |||
| @@ -58,38 +58,31 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "pem.h" | 65 | #include <openssl/pem.h> |
| 66 | 66 | ||
| 67 | void PEM_SignInit(ctx,type) | 67 | void PEM_SignInit(EVP_MD_CTX *ctx, EVP_MD *type) |
| 68 | EVP_MD_CTX *ctx; | ||
| 69 | EVP_MD *type; | ||
| 70 | { | 68 | { |
| 71 | EVP_DigestInit(ctx,type); | 69 | EVP_DigestInit_ex(ctx, type, NULL); |
| 72 | } | 70 | } |
| 73 | 71 | ||
| 74 | void PEM_SignUpdate(ctx,data,count) | 72 | void PEM_SignUpdate(EVP_MD_CTX *ctx, unsigned char *data, |
| 75 | EVP_MD_CTX *ctx; | 73 | unsigned int count) |
| 76 | unsigned char *data; | ||
| 77 | unsigned int count; | ||
| 78 | { | 74 | { |
| 79 | EVP_DigestUpdate(ctx,data,count); | 75 | EVP_DigestUpdate(ctx,data,count); |
| 80 | } | 76 | } |
| 81 | 77 | ||
| 82 | int PEM_SignFinal(ctx,sigret,siglen,pkey) | 78 | int PEM_SignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, unsigned int *siglen, |
| 83 | EVP_MD_CTX *ctx; | 79 | EVP_PKEY *pkey) |
| 84 | unsigned char *sigret; | ||
| 85 | unsigned int *siglen; | ||
| 86 | EVP_PKEY *pkey; | ||
| 87 | { | 80 | { |
| 88 | unsigned char *m; | 81 | unsigned char *m; |
| 89 | int i,ret=0; | 82 | int i,ret=0; |
| 90 | unsigned int m_len; | 83 | unsigned int m_len; |
| 91 | 84 | ||
| 92 | m=(unsigned char *)Malloc(EVP_PKEY_size(pkey)+2); | 85 | m=(unsigned char *)OPENSSL_malloc(EVP_PKEY_size(pkey)+2); |
| 93 | if (m == NULL) | 86 | if (m == NULL) |
| 94 | { | 87 | { |
| 95 | PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); | 88 | PEMerr(PEM_F_PEM_SIGNFINAL,ERR_R_MALLOC_FAILURE); |
| @@ -103,7 +96,7 @@ EVP_PKEY *pkey; | |||
| 103 | ret=1; | 96 | ret=1; |
| 104 | err: | 97 | err: |
| 105 | /* ctx has been zeroed by EVP_SignFinal() */ | 98 | /* ctx has been zeroed by EVP_SignFinal() */ |
| 106 | if (m != NULL) Free(m); | 99 | if (m != NULL) OPENSSL_free(m); |
| 107 | return(ret); | 100 | return(ret); |
| 108 | } | 101 | } |
| 109 | 102 | ||
diff --git a/src/lib/libcrypto/perlasm/cbc.pl b/src/lib/libcrypto/perlasm/cbc.pl index 2789305790..0145c4f0cc 100644 --- a/src/lib/libcrypto/perlasm/cbc.pl +++ b/src/lib/libcrypto/perlasm/cbc.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) | 3 | # void des_ncbc_encrypt(input, output, length, schedule, ivec, enc) |
| 4 | # des_cblock (*input); | 4 | # des_cblock (*input); |
diff --git a/src/lib/libcrypto/perlasm/x86asm.pl b/src/lib/libcrypto/perlasm/x86asm.pl index 6a9156ae9a..81c6e64e87 100644 --- a/src/lib/libcrypto/perlasm/x86asm.pl +++ b/src/lib/libcrypto/perlasm/x86asm.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # require 'x86asm.pl'; | 3 | # require 'x86asm.pl'; |
| 4 | # &asm_init("cpp","des-586.pl"); | 4 | # &asm_init("cpp","des-586.pl"); |
| @@ -15,20 +15,24 @@ sub main'asm_finish | |||
| 15 | 15 | ||
| 16 | sub main'asm_init | 16 | sub main'asm_init |
| 17 | { | 17 | { |
| 18 | ($type,$fn)=@_; | 18 | ($type,$fn,$i386)=@_; |
| 19 | $filename=$fn; | 19 | $filename=$fn; |
| 20 | 20 | ||
| 21 | $cpp=$sol=$aout=$win32=0; | 21 | $cpp=$sol=$aout=$win32=$gaswin=0; |
| 22 | if ( ($type eq "elf")) | 22 | if ( ($type eq "elf")) |
| 23 | { require "x86unix.pl"; } | 23 | { require "x86unix.pl"; } |
| 24 | elsif ( ($type eq "a.out")) | 24 | elsif ( ($type eq "a.out")) |
| 25 | { $aout=1; require "x86unix.pl"; } | 25 | { $aout=1; require "x86unix.pl"; } |
| 26 | elsif ( ($type eq "gaswin")) | ||
| 27 | { $gaswin=1; $aout=1; require "x86unix.pl"; } | ||
| 26 | elsif ( ($type eq "sol")) | 28 | elsif ( ($type eq "sol")) |
| 27 | { $sol=1; require "x86unix.pl"; } | 29 | { $sol=1; require "x86unix.pl"; } |
| 28 | elsif ( ($type eq "cpp")) | 30 | elsif ( ($type eq "cpp")) |
| 29 | { $cpp=1; require "x86unix.pl"; } | 31 | { $cpp=1; require "x86unix.pl"; } |
| 30 | elsif ( ($type eq "win32")) | 32 | elsif ( ($type eq "win32")) |
| 31 | { $win32=1; require "x86ms.pl"; } | 33 | { $win32=1; require "x86ms.pl"; } |
| 34 | elsif ( ($type eq "win32n")) | ||
| 35 | { $win32=1; require "x86nasm.pl"; } | ||
| 32 | else | 36 | else |
| 33 | { | 37 | { |
| 34 | print STDERR <<"EOF"; | 38 | print STDERR <<"EOF"; |
| @@ -38,6 +42,7 @@ Pick one target type from | |||
| 38 | sol - x86 solaris | 42 | sol - x86 solaris |
| 39 | cpp - format so x86unix.cpp can be used | 43 | cpp - format so x86unix.cpp can be used |
| 40 | win32 - Windows 95/Windows NT | 44 | win32 - Windows 95/Windows NT |
| 45 | win32n - Windows 95/Windows NT NASM format | ||
| 41 | EOF | 46 | EOF |
| 42 | exit(1); | 47 | exit(1); |
| 43 | } | 48 | } |
| @@ -47,7 +52,7 @@ EOF | |||
| 47 | &comment("Don't even think of reading this code"); | 52 | &comment("Don't even think of reading this code"); |
| 48 | &comment("It was automatically generated by $filename"); | 53 | &comment("It was automatically generated by $filename"); |
| 49 | &comment("Which is a perl program used to generate the x86 assember for"); | 54 | &comment("Which is a perl program used to generate the x86 assember for"); |
| 50 | &comment("any of elf, a.out, BSDI,Win32, or Solaris"); | 55 | &comment("any of elf, a.out, BSDI, Win32, gaswin (for GNU as on Win32) or Solaris"); |
| 51 | &comment("eric <eay\@cryptsoft.com>"); | 56 | &comment("eric <eay\@cryptsoft.com>"); |
| 52 | &comment(""); | 57 | &comment(""); |
| 53 | 58 | ||
| @@ -75,7 +80,7 @@ sub asm_finish_cpp | |||
| 75 | #define TYPE(a,b) .type a,b | 80 | #define TYPE(a,b) .type a,b |
| 76 | #define SIZE(a,b) .size a,b | 81 | #define SIZE(a,b) .size a,b |
| 77 | 82 | ||
| 78 | #if defined(OUT) || defined(BSDI) | 83 | #if defined(OUT) || (defined(BSDI) && !defined(ELF)) |
| 79 | $tmp | 84 | $tmp |
| 80 | #endif | 85 | #endif |
| 81 | 86 | ||
| @@ -84,7 +89,7 @@ $tmp | |||
| 84 | #define ALIGN 4 | 89 | #define ALIGN 4 |
| 85 | #endif | 90 | #endif |
| 86 | 91 | ||
| 87 | #ifdef BSDI | 92 | #if defined(BSDI) && !defined(ELF) |
| 88 | #define OK 1 | 93 | #define OK 1 |
| 89 | #define ALIGN 4 | 94 | #define ALIGN 4 |
| 90 | #undef SIZE | 95 | #undef SIZE |
diff --git a/src/lib/libcrypto/pkcs12/p12_add.c b/src/lib/libcrypto/pkcs12/p12_add.c index ae3d9de3b4..1909f28506 100644 --- a/src/lib/libcrypto/pkcs12/p12_add.c +++ b/src/lib/libcrypto/pkcs12/p12_add.c | |||
| @@ -62,21 +62,21 @@ | |||
| 62 | 62 | ||
| 63 | /* Pack an object into an OCTET STRING and turn into a safebag */ | 63 | /* Pack an object into an OCTET STRING and turn into a safebag */ |
| 64 | 64 | ||
| 65 | PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1, | 65 | PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, |
| 66 | int nid2) | 66 | int nid2) |
| 67 | { | 67 | { |
| 68 | PKCS12_BAGS *bag; | 68 | PKCS12_BAGS *bag; |
| 69 | PKCS12_SAFEBAG *safebag; | 69 | PKCS12_SAFEBAG *safebag; |
| 70 | if (!(bag = PKCS12_BAGS_new ())) { | 70 | if (!(bag = PKCS12_BAGS_new())) { |
| 71 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 71 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 72 | return NULL; | 72 | return NULL; |
| 73 | } | 73 | } |
| 74 | bag->type = OBJ_nid2obj(nid1); | 74 | bag->type = OBJ_nid2obj(nid1); |
| 75 | if (!ASN1_pack_string(obj, i2d, &bag->value.octet)) { | 75 | if (!ASN1_item_pack(obj, it, &bag->value.octet)) { |
| 76 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 76 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 77 | return NULL; | 77 | return NULL; |
| 78 | } | 78 | } |
| 79 | if (!(safebag = PKCS12_SAFEBAG_new ())) { | 79 | if (!(safebag = PKCS12_SAFEBAG_new())) { |
| 80 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); | 80 | PKCS12err(PKCS12_F_PKCS12_PACK_SAFEBAG, ERR_R_MALLOC_FAILURE); |
| 81 | return NULL; | 81 | return NULL; |
| 82 | } | 82 | } |
| @@ -87,7 +87,7 @@ PKCS12_SAFEBAG *PKCS12_pack_safebag (char *obj, int (*i2d)(), int nid1, | |||
| 87 | 87 | ||
| 88 | /* Turn PKCS8 object into a keybag */ | 88 | /* Turn PKCS8 object into a keybag */ |
| 89 | 89 | ||
| 90 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8) | 90 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8) |
| 91 | { | 91 | { |
| 92 | PKCS12_SAFEBAG *bag; | 92 | PKCS12_SAFEBAG *bag; |
| 93 | if (!(bag = PKCS12_SAFEBAG_new())) { | 93 | if (!(bag = PKCS12_SAFEBAG_new())) { |
| @@ -101,14 +101,14 @@ PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG (PKCS8_PRIV_KEY_INFO *p8) | |||
| 101 | 101 | ||
| 102 | /* Turn PKCS8 object into a shrouded keybag */ | 102 | /* Turn PKCS8 object into a shrouded keybag */ |
| 103 | 103 | ||
| 104 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, | 104 | PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, |
| 105 | int passlen, unsigned char *salt, int saltlen, int iter, | 105 | int passlen, unsigned char *salt, int saltlen, int iter, |
| 106 | PKCS8_PRIV_KEY_INFO *p8) | 106 | PKCS8_PRIV_KEY_INFO *p8) |
| 107 | { | 107 | { |
| 108 | PKCS12_SAFEBAG *bag; | 108 | PKCS12_SAFEBAG *bag; |
| 109 | 109 | ||
| 110 | /* Set up the safe bag */ | 110 | /* Set up the safe bag */ |
| 111 | if (!(bag = PKCS12_SAFEBAG_new ())) { | 111 | if (!(bag = PKCS12_SAFEBAG_new())) { |
| 112 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); | 112 | PKCS12err(PKCS12_F_PKCS12_MAKE_SHKEYBAG, ERR_R_MALLOC_FAILURE); |
| 113 | return NULL; | 113 | return NULL; |
| 114 | } | 114 | } |
| @@ -125,7 +125,7 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG (int pbe_nid, const char *pass, | |||
| 125 | } | 125 | } |
| 126 | 126 | ||
| 127 | /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ | 127 | /* Turn a stack of SAFEBAGS into a PKCS#7 data Contentinfo */ |
| 128 | PKCS7 *PKCS12_pack_p7data (STACK *sk) | 128 | PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk) |
| 129 | { | 129 | { |
| 130 | PKCS7 *p7; | 130 | PKCS7 *p7; |
| 131 | if (!(p7 = PKCS7_new())) { | 131 | if (!(p7 = PKCS7_new())) { |
| @@ -133,23 +133,30 @@ PKCS7 *PKCS12_pack_p7data (STACK *sk) | |||
| 133 | return NULL; | 133 | return NULL; |
| 134 | } | 134 | } |
| 135 | p7->type = OBJ_nid2obj(NID_pkcs7_data); | 135 | p7->type = OBJ_nid2obj(NID_pkcs7_data); |
| 136 | if (!(p7->d.data = ASN1_OCTET_STRING_new())) { | 136 | if (!(p7->d.data = M_ASN1_OCTET_STRING_new())) { |
| 137 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); | 137 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, ERR_R_MALLOC_FAILURE); |
| 138 | return NULL; | 138 | return NULL; |
| 139 | } | 139 | } |
| 140 | 140 | ||
| 141 | if (!ASN1_seq_pack(sk, i2d_PKCS12_SAFEBAG, &p7->d.data->data, | 141 | if (!ASN1_item_pack(sk, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), &p7->d.data)) { |
| 142 | &p7->d.data->length)) { | ||
| 143 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); | 142 | PKCS12err(PKCS12_F_PKCS12_PACK_P7DATA, PKCS12_R_CANT_PACK_STRUCTURE); |
| 144 | return NULL; | 143 | return NULL; |
| 145 | } | 144 | } |
| 146 | return p7; | 145 | return p7; |
| 147 | } | 146 | } |
| 148 | 147 | ||
| 148 | /* Unpack SAFEBAGS from PKCS#7 data ContentInfo */ | ||
| 149 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7) | ||
| 150 | { | ||
| 151 | if(!PKCS7_type_is_data(p7)) return NULL; | ||
| 152 | return ASN1_item_unpack(p7->d.data, ASN1_ITEM_rptr(PKCS12_SAFEBAGS)); | ||
| 153 | } | ||
| 154 | |||
| 149 | /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ | 155 | /* Turn a stack of SAFEBAGS into a PKCS#7 encrypted data ContentInfo */ |
| 150 | 156 | ||
| 151 | PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, | 157 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, |
| 152 | unsigned char *salt, int saltlen, int iter, STACK *bags) | 158 | unsigned char *salt, int saltlen, int iter, |
| 159 | STACK_OF(PKCS12_SAFEBAG) *bags) | ||
| 153 | { | 160 | { |
| 154 | PKCS7 *p7; | 161 | PKCS7 *p7; |
| 155 | X509_ALGOR *pbe; | 162 | X509_ALGOR *pbe; |
| @@ -157,23 +164,21 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, | |||
| 157 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | 164 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); |
| 158 | return NULL; | 165 | return NULL; |
| 159 | } | 166 | } |
| 160 | p7->type = OBJ_nid2obj(NID_pkcs7_encrypted); | 167 | if(!PKCS7_set_type(p7, NID_pkcs7_encrypted)) { |
| 161 | if (!(p7->d.encrypted = PKCS7_ENCRYPT_new ())) { | 168 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, |
| 162 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | 169 | PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE); |
| 163 | return NULL; | 170 | return NULL; |
| 164 | } | 171 | } |
| 165 | ASN1_INTEGER_set (p7->d.encrypted->version, 0); | 172 | if (!(pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen))) { |
| 166 | p7->d.encrypted->enc_data->content_type = OBJ_nid2obj(NID_pkcs7_data); | ||
| 167 | if (!(pbe = PKCS5_pbe_set (pbe_nid, iter, salt, saltlen))) { | ||
| 168 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); | 173 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, ERR_R_MALLOC_FAILURE); |
| 169 | return NULL; | 174 | return NULL; |
| 170 | } | 175 | } |
| 171 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); | 176 | X509_ALGOR_free(p7->d.encrypted->enc_data->algorithm); |
| 172 | p7->d.encrypted->enc_data->algorithm = pbe; | 177 | p7->d.encrypted->enc_data->algorithm = pbe; |
| 173 | ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); | 178 | M_ASN1_OCTET_STRING_free(p7->d.encrypted->enc_data->enc_data); |
| 174 | if (!(p7->d.encrypted->enc_data->enc_data = | 179 | if (!(p7->d.encrypted->enc_data->enc_data = |
| 175 | PKCS12_i2d_encrypt (pbe, i2d_PKCS12_SAFEBAG, pass, passlen, | 180 | PKCS12_item_i2d_encrypt(pbe, ASN1_ITEM_rptr(PKCS12_SAFEBAGS), pass, passlen, |
| 176 | (char *)bags, 1))) { | 181 | bags, 1))) { |
| 177 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); | 182 | PKCS12err(PKCS12_F_PKCS12_PACK_P7ENCDATA, PKCS12_R_ENCRYPT_ERROR); |
| 178 | return NULL; | 183 | return NULL; |
| 179 | } | 184 | } |
| @@ -181,34 +186,30 @@ PKCS7 *PKCS12_pack_p7encdata (int pbe_nid, const char *pass, int passlen, | |||
| 181 | return p7; | 186 | return p7; |
| 182 | } | 187 | } |
| 183 | 188 | ||
| 184 | X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, | 189 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen) |
| 185 | const char *pass, int passlen, | ||
| 186 | unsigned char *salt, int saltlen, int iter, | ||
| 187 | PKCS8_PRIV_KEY_INFO *p8inf) | ||
| 188 | { | 190 | { |
| 189 | X509_SIG *p8; | 191 | if(!PKCS7_type_is_encrypted(p7)) return NULL; |
| 190 | X509_ALGOR *pbe; | 192 | return PKCS12_item_decrypt_d2i(p7->d.encrypted->enc_data->algorithm, |
| 193 | ASN1_ITEM_rptr(PKCS12_SAFEBAGS), | ||
| 194 | pass, passlen, | ||
| 195 | p7->d.encrypted->enc_data->enc_data, 1); | ||
| 196 | } | ||
| 191 | 197 | ||
| 192 | if (!(p8 = X509_SIG_new())) { | 198 | PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, |
| 193 | PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); | 199 | int passlen) |
| 194 | return NULL; | 200 | { |
| 195 | } | 201 | return PKCS8_decrypt(bag->value.shkeybag, pass, passlen); |
| 202 | } | ||
| 196 | 203 | ||
| 197 | if(pbe_nid == -1) pbe = PKCS5_pbe2_set(cipher, iter, salt, saltlen); | 204 | int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes) |
| 198 | else pbe = PKCS5_pbe_set(pbe_nid, iter, salt, saltlen); | 205 | { |
| 199 | if(!pbe) { | 206 | if(ASN1_item_pack(safes, ASN1_ITEM_rptr(PKCS12_AUTHSAFES), |
| 200 | PKCS12err(PKCS12_F_PKCS8_ENCRYPT, ERR_R_MALLOC_FAILURE); | 207 | &p12->authsafes->d.data)) |
| 201 | return NULL; | 208 | return 1; |
| 202 | } | 209 | return 0; |
| 203 | X509_ALGOR_free(p8->algor); | 210 | } |
| 204 | p8->algor = pbe; | ||
| 205 | ASN1_OCTET_STRING_free(p8->digest); | ||
| 206 | if (!(p8->digest = | ||
| 207 | PKCS12_i2d_encrypt (pbe, i2d_PKCS8_PRIV_KEY_INFO, pass, passlen, | ||
| 208 | (char *)p8inf, 0))) { | ||
| 209 | PKCS12err(PKCS12_F_PKCS8_ENCRYPT, PKCS12_R_ENCRYPT_ERROR); | ||
| 210 | return NULL; | ||
| 211 | } | ||
| 212 | 211 | ||
| 213 | return p8; | 212 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12) |
| 213 | { | ||
| 214 | return ASN1_item_unpack(p12->authsafes->d.data, ASN1_ITEM_rptr(PKCS12_AUTHSAFES)); | ||
| 214 | } | 215 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_attr.c b/src/lib/libcrypto/pkcs12/p12_attr.c index 31c9782b77..026cf3826a 100644 --- a/src/lib/libcrypto/pkcs12/p12_attr.c +++ b/src/lib/libcrypto/pkcs12/p12_attr.c | |||
| @@ -62,156 +62,63 @@ | |||
| 62 | 62 | ||
| 63 | /* Add a local keyid to a safebag */ | 63 | /* Add a local keyid to a safebag */ |
| 64 | 64 | ||
| 65 | int PKCS12_add_localkeyid (PKCS12_SAFEBAG *bag, unsigned char *name, | 65 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, |
| 66 | int namelen) | 66 | int namelen) |
| 67 | { | 67 | { |
| 68 | X509_ATTRIBUTE *attrib; | 68 | if (X509at_add1_attr_by_NID(&bag->attrib, NID_localKeyID, |
| 69 | ASN1_BMPSTRING *oct; | 69 | V_ASN1_OCTET_STRING, name, namelen)) |
| 70 | ASN1_TYPE *keyid; | 70 | return 1; |
| 71 | if (!(keyid = ASN1_TYPE_new ())) { | 71 | else |
| 72 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 73 | return 0; | ||
| 74 | } | ||
| 75 | keyid->type = V_ASN1_OCTET_STRING; | ||
| 76 | if (!(oct = ASN1_OCTET_STRING_new())) { | ||
| 77 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 78 | return 0; | ||
| 79 | } | ||
| 80 | if (!ASN1_OCTET_STRING_set(oct, name, namelen)) { | ||
| 81 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 82 | return 0; | ||
| 83 | } | ||
| 84 | keyid->value.octet_string = oct; | ||
| 85 | if (!(attrib = X509_ATTRIBUTE_new ())) { | ||
| 86 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 87 | return 0; | ||
| 88 | } | ||
| 89 | attrib->object = OBJ_nid2obj(NID_localKeyID); | ||
| 90 | if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) { | ||
| 91 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 92 | return 0; | ||
| 93 | } | ||
| 94 | sk_ASN1_TYPE_push (attrib->value.set,keyid); | ||
| 95 | attrib->set = 1; | ||
| 96 | if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) { | ||
| 97 | PKCS12err(PKCS12_F_PKCS12_ADD_LOCALKEYID, ERR_R_MALLOC_FAILURE); | ||
| 98 | return 0; | 72 | return 0; |
| 99 | } | ||
| 100 | sk_X509_ATTRIBUTE_push (bag->attrib, attrib); | ||
| 101 | return 1; | ||
| 102 | } | 73 | } |
| 103 | 74 | ||
| 104 | /* Add key usage to PKCS#8 structure */ | 75 | /* Add key usage to PKCS#8 structure */ |
| 105 | 76 | ||
| 106 | int PKCS8_add_keyusage (PKCS8_PRIV_KEY_INFO *p8, int usage) | 77 | int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage) |
| 107 | { | 78 | { |
| 108 | X509_ATTRIBUTE *attrib; | ||
| 109 | ASN1_BIT_STRING *bstr; | ||
| 110 | ASN1_TYPE *keyid; | ||
| 111 | unsigned char us_val; | 79 | unsigned char us_val; |
| 112 | us_val = (unsigned char) usage; | 80 | us_val = (unsigned char) usage; |
| 113 | if (!(keyid = ASN1_TYPE_new ())) { | 81 | if (X509at_add1_attr_by_NID(&p8->attributes, NID_key_usage, |
| 114 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | 82 | V_ASN1_BIT_STRING, &us_val, 1)) |
| 115 | return 0; | 83 | return 1; |
| 116 | } | 84 | else |
| 117 | keyid->type = V_ASN1_BIT_STRING; | ||
| 118 | if (!(bstr = ASN1_BIT_STRING_new())) { | ||
| 119 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | ||
| 120 | return 0; | ||
| 121 | } | ||
| 122 | if (!ASN1_BIT_STRING_set(bstr, &us_val, 1)) { | ||
| 123 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | ||
| 124 | return 0; | ||
| 125 | } | ||
| 126 | keyid->value.bit_string = bstr; | ||
| 127 | if (!(attrib = X509_ATTRIBUTE_new ())) { | ||
| 128 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | ||
| 129 | return 0; | ||
| 130 | } | ||
| 131 | attrib->object = OBJ_nid2obj(NID_key_usage); | ||
| 132 | if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) { | ||
| 133 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | ||
| 134 | return 0; | 85 | return 0; |
| 135 | } | ||
| 136 | sk_ASN1_TYPE_push (attrib->value.set,keyid); | ||
| 137 | attrib->set = 1; | ||
| 138 | if (!p8->attributes | ||
| 139 | && !(p8->attributes = sk_X509_ATTRIBUTE_new (NULL))) { | ||
| 140 | PKCS12err(PKCS12_F_PKCS8_ADD_KEYUSAGE, ERR_R_MALLOC_FAILURE); | ||
| 141 | return 0; | ||
| 142 | } | ||
| 143 | sk_X509_ATTRIBUTE_push (p8->attributes, attrib); | ||
| 144 | return 1; | ||
| 145 | } | 86 | } |
| 146 | 87 | ||
| 147 | /* Add a friendlyname to a safebag */ | 88 | /* Add a friendlyname to a safebag */ |
| 148 | 89 | ||
| 149 | int PKCS12_add_friendlyname_asc (PKCS12_SAFEBAG *bag, const char *name, | 90 | int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, |
| 150 | int namelen) | 91 | int namelen) |
| 151 | { | 92 | { |
| 152 | unsigned char *uniname; | 93 | if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, |
| 153 | int ret, unilen; | 94 | MBSTRING_ASC, (unsigned char *)name, namelen)) |
| 154 | if (!asc2uni(name, &uniname, &unilen)) { | 95 | return 1; |
| 155 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_ASC, | 96 | else |
| 156 | ERR_R_MALLOC_FAILURE); | ||
| 157 | return 0; | 97 | return 0; |
| 158 | } | ||
| 159 | ret = PKCS12_add_friendlyname_uni (bag, uniname, unilen); | ||
| 160 | Free(uniname); | ||
| 161 | return ret; | ||
| 162 | } | 98 | } |
| 163 | |||
| 164 | 99 | ||
| 165 | int PKCS12_add_friendlyname_uni (PKCS12_SAFEBAG *bag, | 100 | |
| 101 | int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, | ||
| 166 | const unsigned char *name, int namelen) | 102 | const unsigned char *name, int namelen) |
| 167 | { | 103 | { |
| 168 | X509_ATTRIBUTE *attrib; | 104 | if (X509at_add1_attr_by_NID(&bag->attrib, NID_friendlyName, |
| 169 | ASN1_BMPSTRING *bmp; | 105 | MBSTRING_BMP, name, namelen)) |
| 170 | ASN1_TYPE *fname; | 106 | return 1; |
| 171 | /* Zap ending double null if included */ | 107 | else |
| 172 | if(!name[namelen - 1] && !name[namelen - 2]) namelen -= 2; | ||
| 173 | if (!(fname = ASN1_TYPE_new ())) { | ||
| 174 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, | ||
| 175 | ERR_R_MALLOC_FAILURE); | ||
| 176 | return 0; | ||
| 177 | } | ||
| 178 | fname->type = V_ASN1_BMPSTRING; | ||
| 179 | if (!(bmp = ASN1_BMPSTRING_new())) { | ||
| 180 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, | ||
| 181 | ERR_R_MALLOC_FAILURE); | ||
| 182 | return 0; | ||
| 183 | } | ||
| 184 | if (!(bmp->data = Malloc (namelen))) { | ||
| 185 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, | ||
| 186 | ERR_R_MALLOC_FAILURE); | ||
| 187 | return 0; | 108 | return 0; |
| 188 | } | 109 | } |
| 189 | memcpy (bmp->data, name, namelen); | 110 | |
| 190 | bmp->length = namelen; | 111 | int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, |
| 191 | fname->value.bmpstring = bmp; | 112 | int namelen) |
| 192 | if (!(attrib = X509_ATTRIBUTE_new ())) { | 113 | { |
| 193 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, | 114 | if (X509at_add1_attr_by_NID(&bag->attrib, NID_ms_csp_name, |
| 194 | ERR_R_MALLOC_FAILURE); | 115 | MBSTRING_ASC, (unsigned char *)name, namelen)) |
| 195 | return 0; | 116 | return 1; |
| 196 | } | 117 | else |
| 197 | attrib->object = OBJ_nid2obj(NID_friendlyName); | ||
| 198 | if (!(attrib->value.set = sk_ASN1_TYPE_new(NULL))) { | ||
| 199 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME, | ||
| 200 | ERR_R_MALLOC_FAILURE); | ||
| 201 | return 0; | ||
| 202 | } | ||
| 203 | sk_ASN1_TYPE_push (attrib->value.set,fname); | ||
| 204 | attrib->set = 1; | ||
| 205 | if (!bag->attrib && !(bag->attrib = sk_X509_ATTRIBUTE_new (NULL))) { | ||
| 206 | PKCS12err(PKCS12_F_PKCS12_ADD_FRIENDLYNAME_UNI, | ||
| 207 | ERR_R_MALLOC_FAILURE); | ||
| 208 | return 0; | 118 | return 0; |
| 209 | } | ||
| 210 | sk_X509_ATTRIBUTE_push (bag->attrib, attrib); | ||
| 211 | return PKCS12_OK; | ||
| 212 | } | 119 | } |
| 213 | 120 | ||
| 214 | ASN1_TYPE *PKCS12_get_attr_gen (STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) | 121 | ASN1_TYPE *PKCS12_get_attr_gen(STACK_OF(X509_ATTRIBUTE) *attrs, int attr_nid) |
| 215 | { | 122 | { |
| 216 | X509_ATTRIBUTE *attrib; | 123 | X509_ATTRIBUTE *attrib; |
| 217 | int i; | 124 | int i; |
diff --git a/src/lib/libcrypto/pkcs12/p12_crpt.c b/src/lib/libcrypto/pkcs12/p12_crpt.c index 6de6f8128f..97be6a5fb5 100644 --- a/src/lib/libcrypto/pkcs12/p12_crpt.c +++ b/src/lib/libcrypto/pkcs12/p12_crpt.c | |||
| @@ -64,17 +64,19 @@ | |||
| 64 | 64 | ||
| 65 | void PKCS12_PBE_add(void) | 65 | void PKCS12_PBE_add(void) |
| 66 | { | 66 | { |
| 67 | #ifndef NO_RC4 | 67 | #ifndef OPENSSL_NO_RC4 |
| 68 | EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), | 68 | EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC4, EVP_rc4(), EVP_sha1(), |
| 69 | PKCS12_PBE_keyivgen); | 69 | PKCS12_PBE_keyivgen); |
| 70 | EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), | 70 | EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC4, EVP_rc4_40(), EVP_sha1(), |
| 71 | PKCS12_PBE_keyivgen); | 71 | PKCS12_PBE_keyivgen); |
| 72 | #endif | 72 | #endif |
| 73 | #ifndef OPENSSL_NO_DES | ||
| 73 | EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, | 74 | EVP_PBE_alg_add(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, |
| 74 | EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); | 75 | EVP_des_ede3_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); |
| 75 | EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, | 76 | EVP_PBE_alg_add(NID_pbe_WithSHA1And2_Key_TripleDES_CBC, |
| 76 | EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); | 77 | EVP_des_ede_cbc(), EVP_sha1(), PKCS12_PBE_keyivgen); |
| 77 | #ifndef NO_RC2 | 78 | #endif |
| 79 | #ifndef OPENSSL_NO_RC2 | ||
| 78 | EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), | 80 | EVP_PBE_alg_add(NID_pbe_WithSHA1And128BitRC2_CBC, EVP_rc2_cbc(), |
| 79 | EVP_sha1(), PKCS12_PBE_keyivgen); | 81 | EVP_sha1(), PKCS12_PBE_keyivgen); |
| 80 | EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), | 82 | EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), |
| @@ -83,7 +85,7 @@ EVP_PBE_alg_add(NID_pbe_WithSHA1And40BitRC2_CBC, EVP_rc2_40_cbc(), | |||
| 83 | } | 85 | } |
| 84 | 86 | ||
| 85 | int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 87 | int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 86 | ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md, int en_de) | 88 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md, int en_de) |
| 87 | { | 89 | { |
| 88 | PBEPARAM *pbe; | 90 | PBEPARAM *pbe; |
| 89 | int saltlen, iter; | 91 | int saltlen, iter; |
| @@ -115,7 +117,7 @@ int PKCS12_PBE_keyivgen (EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | |||
| 115 | return 0; | 117 | return 0; |
| 116 | } | 118 | } |
| 117 | PBEPARAM_free(pbe); | 119 | PBEPARAM_free(pbe); |
| 118 | EVP_CipherInit(ctx, cipher, key, iv, en_de); | 120 | EVP_CipherInit_ex(ctx, cipher, NULL, key, iv, en_de); |
| 119 | memset(key, 0, EVP_MAX_KEY_LENGTH); | 121 | memset(key, 0, EVP_MAX_KEY_LENGTH); |
| 120 | memset(iv, 0, EVP_MAX_IV_LENGTH); | 122 | memset(iv, 0, EVP_MAX_IV_LENGTH); |
| 121 | return 1; | 123 | return 1; |
diff --git a/src/lib/libcrypto/pkcs12/p12_crt.c b/src/lib/libcrypto/pkcs12/p12_crt.c index 56d88b0759..4c36c643ce 100644 --- a/src/lib/libcrypto/pkcs12/p12_crt.c +++ b/src/lib/libcrypto/pkcs12/p12_crt.c | |||
| @@ -61,11 +61,12 @@ | |||
| 61 | #include <openssl/pkcs12.h> | 61 | #include <openssl/pkcs12.h> |
| 62 | 62 | ||
| 63 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | 63 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
| 64 | STACK *ca, int nid_key, int nid_cert, int iter, int mac_iter, | 64 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, int mac_iter, |
| 65 | int keytype) | 65 | int keytype) |
| 66 | { | 66 | { |
| 67 | PKCS12 *p12; | 67 | PKCS12 *p12; |
| 68 | STACK *bags, *safes; | 68 | STACK_OF(PKCS12_SAFEBAG) *bags; |
| 69 | STACK_OF(PKCS7) *safes; | ||
| 69 | PKCS12_SAFEBAG *bag; | 70 | PKCS12_SAFEBAG *bag; |
| 70 | PKCS8_PRIV_KEY_INFO *p8; | 71 | PKCS8_PRIV_KEY_INFO *p8; |
| 71 | PKCS7 *authsafe; | 72 | PKCS7 *authsafe; |
| @@ -85,28 +86,30 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
| 85 | return NULL; | 86 | return NULL; |
| 86 | } | 87 | } |
| 87 | 88 | ||
| 88 | if(!(bags = sk_new (NULL))) { | 89 | if(!X509_check_private_key(cert, pkey)) return NULL; |
| 90 | |||
| 91 | if(!(bags = sk_PKCS12_SAFEBAG_new_null ())) { | ||
| 89 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 92 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 90 | return NULL; | 93 | return NULL; |
| 91 | } | 94 | } |
| 92 | 95 | ||
| 93 | /* Add user certificate */ | 96 | /* Add user certificate */ |
| 94 | if(!(bag = M_PKCS12_x5092certbag(cert))) return NULL; | 97 | if(!(bag = PKCS12_x5092certbag(cert))) return NULL; |
| 95 | if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; | 98 | if(name && !PKCS12_add_friendlyname(bag, name, -1)) return NULL; |
| 96 | X509_digest(cert, EVP_sha1(), keyid, &keyidlen); | 99 | X509_digest(cert, EVP_sha1(), keyid, &keyidlen); |
| 97 | if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; | 100 | if(!PKCS12_add_localkeyid(bag, keyid, keyidlen)) return NULL; |
| 98 | 101 | ||
| 99 | if(!sk_push(bags, (char *)bag)) { | 102 | if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { |
| 100 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 103 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 101 | return NULL; | 104 | return NULL; |
| 102 | } | 105 | } |
| 103 | 106 | ||
| 104 | /* Add all other certificates */ | 107 | /* Add all other certificates */ |
| 105 | if(ca) { | 108 | if(ca) { |
| 106 | for(i = 0; i < sk_num(ca); i++) { | 109 | for(i = 0; i < sk_X509_num(ca); i++) { |
| 107 | tcert = (X509 *)sk_value(ca, i); | 110 | tcert = sk_X509_value(ca, i); |
| 108 | if(!(bag = M_PKCS12_x5092certbag(tcert))) return NULL; | 111 | if(!(bag = PKCS12_x5092certbag(tcert))) return NULL; |
| 109 | if(!sk_push(bags, (char *)bag)) { | 112 | if(!sk_PKCS12_SAFEBAG_push(bags, bag)) { |
| 110 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 113 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 111 | return NULL; | 114 | return NULL; |
| 112 | } | 115 | } |
| @@ -116,11 +119,12 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
| 116 | /* Turn certbags into encrypted authsafe */ | 119 | /* Turn certbags into encrypted authsafe */ |
| 117 | authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, | 120 | authsafe = PKCS12_pack_p7encdata (nid_cert, pass, -1, NULL, 0, |
| 118 | iter, bags); | 121 | iter, bags); |
| 119 | sk_pop_free(bags, PKCS12_SAFEBAG_free); | 122 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 120 | 123 | ||
| 121 | if (!authsafe) return NULL; | 124 | if (!authsafe) return NULL; |
| 122 | 125 | ||
| 123 | if(!(safes = sk_new (NULL)) || !sk_push(safes, (char *)authsafe)) { | 126 | if(!(safes = sk_PKCS7_new_null ()) |
| 127 | || !sk_PKCS7_push(safes, authsafe)) { | ||
| 124 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 128 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 125 | return NULL; | 129 | return NULL; |
| 126 | } | 130 | } |
| @@ -133,23 +137,24 @@ PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | |||
| 133 | PKCS8_PRIV_KEY_INFO_free(p8); | 137 | PKCS8_PRIV_KEY_INFO_free(p8); |
| 134 | if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; | 138 | if (name && !PKCS12_add_friendlyname (bag, name, -1)) return NULL; |
| 135 | if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; | 139 | if(!PKCS12_add_localkeyid (bag, keyid, keyidlen)) return NULL; |
| 136 | if(!(bags = sk_new(NULL)) || !sk_push (bags, (char *)bag)) { | 140 | if(!(bags = sk_PKCS12_SAFEBAG_new_null()) |
| 141 | || !sk_PKCS12_SAFEBAG_push (bags, bag)) { | ||
| 137 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 142 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 138 | return NULL; | 143 | return NULL; |
| 139 | } | 144 | } |
| 140 | /* Turn it into unencrypted safe bag */ | 145 | /* Turn it into unencrypted safe bag */ |
| 141 | if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; | 146 | if(!(authsafe = PKCS12_pack_p7data (bags))) return NULL; |
| 142 | sk_pop_free(bags, PKCS12_SAFEBAG_free); | 147 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 143 | if(!sk_push(safes, (char *)authsafe)) { | 148 | if(!sk_PKCS7_push(safes, authsafe)) { |
| 144 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); | 149 | PKCS12err(PKCS12_F_PKCS12_CREATE,ERR_R_MALLOC_FAILURE); |
| 145 | return NULL; | 150 | return NULL; |
| 146 | } | 151 | } |
| 147 | 152 | ||
| 148 | if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; | 153 | if(!(p12 = PKCS12_init (NID_pkcs7_data))) return NULL; |
| 149 | 154 | ||
| 150 | if(!M_PKCS12_pack_authsafes (p12, safes)) return NULL; | 155 | if(!PKCS12_pack_authsafes (p12, safes)) return NULL; |
| 151 | 156 | ||
| 152 | sk_pop_free(safes, PKCS7_free); | 157 | sk_PKCS7_pop_free(safes, PKCS7_free); |
| 153 | 158 | ||
| 154 | if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) | 159 | if(!PKCS12_set_mac (p12, pass, -1, NULL, 0, mac_iter, NULL)) |
| 155 | return NULL; | 160 | return NULL; |
diff --git a/src/lib/libcrypto/pkcs12/p12_decr.c b/src/lib/libcrypto/pkcs12/p12_decr.c index d3d288e187..394af368f4 100644 --- a/src/lib/libcrypto/pkcs12/p12_decr.c +++ b/src/lib/libcrypto/pkcs12/p12_decr.c | |||
| @@ -65,10 +65,10 @@ | |||
| 65 | 65 | ||
| 66 | 66 | ||
| 67 | /* Encrypt/Decrypt a buffer based on password and algor, result in a | 67 | /* Encrypt/Decrypt a buffer based on password and algor, result in a |
| 68 | * Malloc'ed buffer | 68 | * OPENSSL_malloc'ed buffer |
| 69 | */ | 69 | */ |
| 70 | 70 | ||
| 71 | unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass, | 71 | unsigned char * PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, |
| 72 | int passlen, unsigned char *in, int inlen, unsigned char **data, | 72 | int passlen, unsigned char *in, int inlen, unsigned char **data, |
| 73 | int *datalen, int en_de) | 73 | int *datalen, int en_de) |
| 74 | { | 74 | { |
| @@ -76,47 +76,48 @@ unsigned char * PKCS12_pbe_crypt (X509_ALGOR *algor, const char *pass, | |||
| 76 | int outlen, i; | 76 | int outlen, i; |
| 77 | EVP_CIPHER_CTX ctx; | 77 | EVP_CIPHER_CTX ctx; |
| 78 | 78 | ||
| 79 | EVP_CIPHER_CTX_init(&ctx); | ||
| 79 | /* Decrypt data */ | 80 | /* Decrypt data */ |
| 80 | if (!EVP_PBE_CipherInit (algor->algorithm, pass, passlen, | 81 | if (!EVP_PBE_CipherInit(algor->algorithm, pass, passlen, |
| 81 | algor->parameter, &ctx, en_de)) { | 82 | algor->parameter, &ctx, en_de)) { |
| 82 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); | 83 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_ALGOR_CIPHERINIT_ERROR); |
| 83 | return NULL; | 84 | return NULL; |
| 84 | } | 85 | } |
| 85 | 86 | ||
| 86 | if(!(out = Malloc (inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { | 87 | if(!(out = OPENSSL_malloc(inlen + EVP_CIPHER_CTX_block_size(&ctx)))) { |
| 87 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); | 88 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,ERR_R_MALLOC_FAILURE); |
| 88 | return NULL; | 89 | goto err; |
| 89 | } | 90 | } |
| 90 | 91 | ||
| 91 | EVP_CipherUpdate (&ctx, out, &i, in, inlen); | 92 | EVP_CipherUpdate(&ctx, out, &i, in, inlen); |
| 92 | outlen = i; | 93 | outlen = i; |
| 93 | if(!EVP_CipherFinal (&ctx, out + i, &i)) { | 94 | if(!EVP_CipherFinal_ex(&ctx, out + i, &i)) { |
| 94 | Free (out); | 95 | OPENSSL_free(out); |
| 96 | out = NULL; | ||
| 95 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); | 97 | PKCS12err(PKCS12_F_PKCS12_PBE_CRYPT,PKCS12_R_PKCS12_CIPHERFINAL_ERROR); |
| 96 | return NULL; | 98 | goto err; |
| 97 | } | 99 | } |
| 98 | outlen += i; | 100 | outlen += i; |
| 99 | if (datalen) *datalen = outlen; | 101 | if (datalen) *datalen = outlen; |
| 100 | if (data) *data = out; | 102 | if (data) *data = out; |
| 103 | err: | ||
| 104 | EVP_CIPHER_CTX_cleanup(&ctx); | ||
| 101 | return out; | 105 | return out; |
| 102 | 106 | ||
| 103 | } | 107 | } |
| 104 | 108 | ||
| 105 | /* Decrypt an OCTET STRING and decode ASN1 structure | 109 | /* Decrypt an OCTET STRING and decode ASN1 structure |
| 106 | * if seq & 1 'obj' is a stack of structures to be encoded | 110 | * if zbuf set zero buffer after use. |
| 107 | * if seq & 2 zero buffer after use | ||
| 108 | * as a sequence. | ||
| 109 | */ | 111 | */ |
| 110 | 112 | ||
| 111 | char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(), | 113 | void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, |
| 112 | void (*free_func)(), const char *pass, int passlen, | 114 | const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf) |
| 113 | ASN1_OCTET_STRING *oct, int seq) | ||
| 114 | { | 115 | { |
| 115 | unsigned char *out, *p; | 116 | unsigned char *out, *p; |
| 116 | char *ret; | 117 | void *ret; |
| 117 | int outlen; | 118 | int outlen; |
| 118 | 119 | ||
| 119 | if (!PKCS12_pbe_crypt (algor, pass, passlen, oct->data, oct->length, | 120 | if (!PKCS12_pbe_crypt(algor, pass, passlen, oct->data, oct->length, |
| 120 | &out, &outlen, 0)) { | 121 | &out, &outlen, 0)) { |
| 121 | PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); | 122 | PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_PKCS12_PBE_CRYPT_ERROR); |
| 122 | return NULL; | 123 | return NULL; |
| @@ -134,52 +135,42 @@ char * PKCS12_decrypt_d2i (X509_ALGOR *algor, char * (*d2i)(), | |||
| 134 | fclose(op); | 135 | fclose(op); |
| 135 | } | 136 | } |
| 136 | #endif | 137 | #endif |
| 137 | if (seq & 1) ret = (char *) d2i_ASN1_SET(NULL, &p, outlen, d2i, | 138 | ret = ASN1_item_d2i(NULL, &p, outlen, it); |
| 138 | free_func, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | 139 | if (zbuf) memset(out, 0, outlen); |
| 139 | else ret = d2i(NULL, &p, outlen); | ||
| 140 | if (seq & 2) memset(out, 0, outlen); | ||
| 141 | if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); | 140 | if(!ret) PKCS12err(PKCS12_F_PKCS12_DECRYPT_D2I,PKCS12_R_DECODE_ERROR); |
| 142 | Free (out); | 141 | OPENSSL_free(out); |
| 143 | return ret; | 142 | return ret; |
| 144 | } | 143 | } |
| 145 | 144 | ||
| 146 | /* Encode ASN1 structure and encrypt, return OCTET STRING | 145 | /* Encode ASN1 structure and encrypt, return OCTET STRING |
| 147 | * if 'seq' is non-zero 'obj' is a stack of structures to be encoded | 146 | * if zbuf set zero encoding. |
| 148 | * as a sequence | ||
| 149 | */ | 147 | */ |
| 150 | 148 | ||
| 151 | ASN1_OCTET_STRING *PKCS12_i2d_encrypt (X509_ALGOR *algor, int (*i2d)(), | 149 | ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, |
| 152 | const char *pass, int passlen, | 150 | const char *pass, int passlen, |
| 153 | char *obj, int seq) | 151 | void *obj, int zbuf) |
| 154 | { | 152 | { |
| 155 | ASN1_OCTET_STRING *oct; | 153 | ASN1_OCTET_STRING *oct; |
| 156 | unsigned char *in, *p; | 154 | unsigned char *in = NULL; |
| 157 | int inlen; | 155 | int inlen; |
| 158 | if (!(oct = ASN1_OCTET_STRING_new ())) { | 156 | if (!(oct = M_ASN1_OCTET_STRING_new ())) { |
| 159 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); | 157 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); |
| 160 | return NULL; | 158 | return NULL; |
| 161 | } | 159 | } |
| 162 | if (seq) inlen = i2d_ASN1_SET((STACK *)obj, NULL, i2d, V_ASN1_SEQUENCE, | 160 | inlen = ASN1_item_i2d(obj, &in, it); |
| 163 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | 161 | if (!in) { |
| 164 | else inlen = i2d (obj, NULL); | ||
| 165 | if (!inlen) { | ||
| 166 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); | 162 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCODE_ERROR); |
| 167 | return NULL; | 163 | return NULL; |
| 168 | } | 164 | } |
| 169 | if (!(in = Malloc (inlen))) { | 165 | if (!PKCS12_pbe_crypt(algor, pass, passlen, in, inlen, &oct->data, |
| 170 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,ERR_R_MALLOC_FAILURE); | ||
| 171 | return NULL; | ||
| 172 | } | ||
| 173 | p = in; | ||
| 174 | if (seq) i2d_ASN1_SET((STACK *)obj, &p, i2d, V_ASN1_SEQUENCE, | ||
| 175 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 176 | else i2d (obj, &p); | ||
| 177 | if (!PKCS12_pbe_crypt (algor, pass, passlen, in, inlen, &oct->data, | ||
| 178 | &oct->length, 1)) { | 166 | &oct->length, 1)) { |
| 179 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); | 167 | PKCS12err(PKCS12_F_PKCS12_I2D_ENCRYPT,PKCS12_R_ENCRYPT_ERROR); |
| 180 | Free(in); | 168 | OPENSSL_free(in); |
| 181 | return NULL; | 169 | return NULL; |
| 182 | } | 170 | } |
| 183 | Free (in); | 171 | if (zbuf) memset(in, 0, inlen); |
| 172 | OPENSSL_free(in); | ||
| 184 | return oct; | 173 | return oct; |
| 185 | } | 174 | } |
| 175 | |||
| 176 | IMPLEMENT_PKCS12_STACK_OF(PKCS7) | ||
diff --git a/src/lib/libcrypto/pkcs12/p12_init.c b/src/lib/libcrypto/pkcs12/p12_init.c index dc6ab41db8..eb837a78cf 100644 --- a/src/lib/libcrypto/pkcs12/p12_init.c +++ b/src/lib/libcrypto/pkcs12/p12_init.c | |||
| @@ -69,20 +69,12 @@ PKCS12 *PKCS12_init (int mode) | |||
| 69 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | 69 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); |
| 70 | return NULL; | 70 | return NULL; |
| 71 | } | 71 | } |
| 72 | if (!(pkcs12->version = ASN1_INTEGER_new ())) { | 72 | ASN1_INTEGER_set(pkcs12->version, 3); |
| 73 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | ||
| 74 | return NULL; | ||
| 75 | } | ||
| 76 | ASN1_INTEGER_set (pkcs12->version, 3); | ||
| 77 | if (!(pkcs12->authsafes = PKCS7_new())) { | ||
| 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | ||
| 79 | return NULL; | ||
| 80 | } | ||
| 81 | pkcs12->authsafes->type = OBJ_nid2obj(mode); | 73 | pkcs12->authsafes->type = OBJ_nid2obj(mode); |
| 82 | switch (mode) { | 74 | switch (mode) { |
| 83 | case NID_pkcs7_data: | 75 | case NID_pkcs7_data: |
| 84 | if (!(pkcs12->authsafes->d.data = | 76 | if (!(pkcs12->authsafes->d.data = |
| 85 | ASN1_OCTET_STRING_new())) { | 77 | M_ASN1_OCTET_STRING_new())) { |
| 86 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); | 78 | PKCS12err(PKCS12_F_PKCS12_INIT,ERR_R_MALLOC_FAILURE); |
| 87 | return NULL; | 79 | return NULL; |
| 88 | } | 80 | } |
diff --git a/src/lib/libcrypto/pkcs12/p12_key.c b/src/lib/libcrypto/pkcs12/p12_key.c index 25d8cdae57..0d39ebde8c 100644 --- a/src/lib/libcrypto/pkcs12/p12_key.c +++ b/src/lib/libcrypto/pkcs12/p12_key.c | |||
| @@ -64,7 +64,7 @@ | |||
| 64 | /* Uncomment out this line to get debugging info about key generation */ | 64 | /* Uncomment out this line to get debugging info about key generation */ |
| 65 | /*#define DEBUG_KEYGEN*/ | 65 | /*#define DEBUG_KEYGEN*/ |
| 66 | #ifdef DEBUG_KEYGEN | 66 | #ifdef DEBUG_KEYGEN |
| 67 | #include <bio.h> | 67 | #include <openssl/bio.h> |
| 68 | extern BIO *bio_err; | 68 | extern BIO *bio_err; |
| 69 | void h__dump (unsigned char *p, int len); | 69 | void h__dump (unsigned char *p, int len); |
| 70 | #endif | 70 | #endif |
| @@ -74,53 +74,69 @@ void h__dump (unsigned char *p, int len); | |||
| 74 | #define min(a,b) ((a) < (b) ? (a) : (b)) | 74 | #define min(a,b) ((a) < (b) ? (a) : (b)) |
| 75 | #endif | 75 | #endif |
| 76 | 76 | ||
| 77 | int PKCS12_key_gen_asc (const char *pass, int passlen, unsigned char *salt, | 77 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
| 78 | int saltlen, int id, int iter, int n, unsigned char *out, | 78 | int saltlen, int id, int iter, int n, unsigned char *out, |
| 79 | const EVP_MD *md_type) | 79 | const EVP_MD *md_type) |
| 80 | { | 80 | { |
| 81 | int ret; | 81 | int ret; |
| 82 | unsigned char *unipass; | 82 | unsigned char *unipass; |
| 83 | int uniplen; | 83 | int uniplen; |
| 84 | if (!asc2uni (pass, &unipass, &uniplen)) { | 84 | if(!pass) { |
| 85 | unipass = NULL; | ||
| 86 | uniplen = 0; | ||
| 87 | } else if (!asc2uni(pass, passlen, &unipass, &uniplen)) { | ||
| 85 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); | 88 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_ASC,ERR_R_MALLOC_FAILURE); |
| 86 | return 0; | 89 | return 0; |
| 87 | } | 90 | } |
| 88 | ret = PKCS12_key_gen_uni (unipass, uniplen, salt, saltlen, | 91 | ret = PKCS12_key_gen_uni(unipass, uniplen, salt, saltlen, |
| 89 | id, iter, n, out, md_type); | 92 | id, iter, n, out, md_type); |
| 90 | memset(unipass, 0, uniplen); /* Clear password from memory */ | 93 | if(unipass) { |
| 91 | Free(unipass); | 94 | memset(unipass, 0, uniplen); /* Clear password from memory */ |
| 95 | OPENSSL_free(unipass); | ||
| 96 | } | ||
| 92 | return ret; | 97 | return ret; |
| 93 | } | 98 | } |
| 94 | 99 | ||
| 95 | int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt, | 100 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, |
| 96 | int saltlen, int id, int iter, int n, unsigned char *out, | 101 | int saltlen, int id, int iter, int n, unsigned char *out, |
| 97 | const EVP_MD *md_type) | 102 | const EVP_MD *md_type) |
| 98 | { | 103 | { |
| 99 | unsigned char *B, *D, *I, *p, *Ai; | 104 | unsigned char *B, *D, *I, *p, *Ai; |
| 100 | int Slen, Plen, Ilen; | 105 | int Slen, Plen, Ilen, Ijlen; |
| 101 | int i, j, u, v; | 106 | int i, j, u, v; |
| 102 | BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ | 107 | BIGNUM *Ij, *Bpl1; /* These hold Ij and B + 1 */ |
| 103 | EVP_MD_CTX ctx; | 108 | EVP_MD_CTX ctx; |
| 104 | #ifdef DEBUG_KEYGEN | 109 | #ifdef DEBUG_KEYGEN |
| 105 | unsigned char *tmpout = out; | 110 | unsigned char *tmpout = out; |
| 106 | int tmpn = n; | 111 | int tmpn = n; |
| 107 | BIO_printf (bio_err, "KEYGEN DEBUG\n"); | 112 | #endif |
| 108 | BIO_printf (bio_err, "ID %d, ITER %d\n", id, iter); | 113 | |
| 109 | BIO_printf (bio_err, "Password (length %d):\n", passlen); | 114 | #if 0 |
| 110 | h__dump (pass, passlen); | 115 | if (!pass) { |
| 111 | BIO_printf (bio_err, "Salt (length %d):\n", saltlen); | 116 | PKCS12err(PKCS12_F_PKCS12_KEY_GEN_UNI,ERR_R_PASSED_NULL_PARAMETER); |
| 112 | h__dump (salt, saltlen); | 117 | return 0; |
| 113 | BIO_printf (bio_err, "ID %d, ITER %d\n\n", id, iter); | 118 | } |
| 119 | #endif | ||
| 120 | |||
| 121 | EVP_MD_CTX_init(&ctx); | ||
| 122 | #ifdef DEBUG_KEYGEN | ||
| 123 | fprintf(stderr, "KEYGEN DEBUG\n"); | ||
| 124 | fprintf(stderr, "ID %d, ITER %d\n", id, iter); | ||
| 125 | fprintf(stderr, "Password (length %d):\n", passlen); | ||
| 126 | h__dump(pass, passlen); | ||
| 127 | fprintf(stderr, "Salt (length %d):\n", saltlen); | ||
| 128 | h__dump(salt, saltlen); | ||
| 114 | #endif | 129 | #endif |
| 115 | v = EVP_MD_block_size (md_type); | 130 | v = EVP_MD_block_size (md_type); |
| 116 | u = EVP_MD_size (md_type); | 131 | u = EVP_MD_size (md_type); |
| 117 | D = Malloc (v); | 132 | D = OPENSSL_malloc (v); |
| 118 | Ai = Malloc (u); | 133 | Ai = OPENSSL_malloc (u); |
| 119 | B = Malloc (v + 1); | 134 | B = OPENSSL_malloc (v + 1); |
| 120 | Slen = v * ((saltlen+v-1)/v); | 135 | Slen = v * ((saltlen+v-1)/v); |
| 121 | Plen = v * ((passlen+v-1)/v); | 136 | if(passlen) Plen = v * ((passlen+v-1)/v); |
| 137 | else Plen = 0; | ||
| 122 | Ilen = Slen + Plen; | 138 | Ilen = Slen + Plen; |
| 123 | I = Malloc (Ilen); | 139 | I = OPENSSL_malloc (Ilen); |
| 124 | Ij = BN_new(); | 140 | Ij = BN_new(); |
| 125 | Bpl1 = BN_new(); | 141 | Bpl1 = BN_new(); |
| 126 | if (!D || !Ai || !B || !I || !Ij || !Bpl1) { | 142 | if (!D || !Ai || !B || !I || !Ij || !Bpl1) { |
| @@ -132,26 +148,27 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt, | |||
| 132 | for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; | 148 | for (i = 0; i < Slen; i++) *p++ = salt[i % saltlen]; |
| 133 | for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; | 149 | for (i = 0; i < Plen; i++) *p++ = pass[i % passlen]; |
| 134 | for (;;) { | 150 | for (;;) { |
| 135 | EVP_DigestInit (&ctx, md_type); | 151 | EVP_DigestInit_ex(&ctx, md_type, NULL); |
| 136 | EVP_DigestUpdate (&ctx, D, v); | 152 | EVP_DigestUpdate(&ctx, D, v); |
| 137 | EVP_DigestUpdate (&ctx, I, Ilen); | 153 | EVP_DigestUpdate(&ctx, I, Ilen); |
| 138 | EVP_DigestFinal (&ctx, Ai, NULL); | 154 | EVP_DigestFinal_ex(&ctx, Ai, NULL); |
| 139 | for (j = 1; j < iter; j++) { | 155 | for (j = 1; j < iter; j++) { |
| 140 | EVP_DigestInit (&ctx, md_type); | 156 | EVP_DigestInit_ex(&ctx, md_type, NULL); |
| 141 | EVP_DigestUpdate (&ctx, Ai, u); | 157 | EVP_DigestUpdate(&ctx, Ai, u); |
| 142 | EVP_DigestFinal (&ctx, Ai, NULL); | 158 | EVP_DigestFinal_ex(&ctx, Ai, NULL); |
| 143 | } | 159 | } |
| 144 | memcpy (out, Ai, min (n, u)); | 160 | memcpy (out, Ai, min (n, u)); |
| 145 | if (u >= n) { | 161 | if (u >= n) { |
| 146 | Free (Ai); | 162 | OPENSSL_free (Ai); |
| 147 | Free (B); | 163 | OPENSSL_free (B); |
| 148 | Free (D); | 164 | OPENSSL_free (D); |
| 149 | Free (I); | 165 | OPENSSL_free (I); |
| 150 | BN_free (Ij); | 166 | BN_free (Ij); |
| 151 | BN_free (Bpl1); | 167 | BN_free (Bpl1); |
| 168 | EVP_MD_CTX_cleanup(&ctx); | ||
| 152 | #ifdef DEBUG_KEYGEN | 169 | #ifdef DEBUG_KEYGEN |
| 153 | BIO_printf (bio_err, "Output KEY (length %d)\n", tmpn); | 170 | fprintf(stderr, "Output KEY (length %d)\n", tmpn); |
| 154 | h__dump (tmpout, tmpn); | 171 | h__dump(tmpout, tmpn); |
| 155 | #endif | 172 | #endif |
| 156 | return 1; | 173 | return 1; |
| 157 | } | 174 | } |
| @@ -165,10 +182,17 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt, | |||
| 165 | BN_bin2bn (I + j, v, Ij); | 182 | BN_bin2bn (I + j, v, Ij); |
| 166 | BN_add (Ij, Ij, Bpl1); | 183 | BN_add (Ij, Ij, Bpl1); |
| 167 | BN_bn2bin (Ij, B); | 184 | BN_bn2bin (Ij, B); |
| 185 | Ijlen = BN_num_bytes (Ij); | ||
| 168 | /* If more than 2^(v*8) - 1 cut off MSB */ | 186 | /* If more than 2^(v*8) - 1 cut off MSB */ |
| 169 | if (BN_num_bytes (Ij) > v) { | 187 | if (Ijlen > v) { |
| 170 | BN_bn2bin (Ij, B); | 188 | BN_bn2bin (Ij, B); |
| 171 | memcpy (I + j, B + 1, v); | 189 | memcpy (I + j, B + 1, v); |
| 190 | #ifndef PKCS12_BROKEN_KEYGEN | ||
| 191 | /* If less than v bytes pad with zeroes */ | ||
| 192 | } else if (Ijlen < v) { | ||
| 193 | memset(I + j, 0, v - Ijlen); | ||
| 194 | BN_bn2bin(Ij, I + j + v - Ijlen); | ||
| 195 | #endif | ||
| 172 | } else BN_bn2bin (Ij, I + j); | 196 | } else BN_bn2bin (Ij, I + j); |
| 173 | } | 197 | } |
| 174 | } | 198 | } |
| @@ -176,7 +200,7 @@ int PKCS12_key_gen_uni (unsigned char *pass, int passlen, unsigned char *salt, | |||
| 176 | #ifdef DEBUG_KEYGEN | 200 | #ifdef DEBUG_KEYGEN |
| 177 | void h__dump (unsigned char *p, int len) | 201 | void h__dump (unsigned char *p, int len) |
| 178 | { | 202 | { |
| 179 | for (; len --; p++) BIO_printf (bio_err, "%02X", *p); | 203 | for (; len --; p++) fprintf(stderr, "%02X", *p); |
| 180 | BIO_printf (bio_err, "\n"); | 204 | fprintf(stderr, "\n"); |
| 181 | } | 205 | } |
| 182 | #endif | 206 | #endif |
diff --git a/src/lib/libcrypto/pkcs12/p12_kiss.c b/src/lib/libcrypto/pkcs12/p12_kiss.c index 767e1303da..885087ad00 100644 --- a/src/lib/libcrypto/pkcs12/p12_kiss.c +++ b/src/lib/libcrypto/pkcs12/p12_kiss.c | |||
| @@ -62,9 +62,18 @@ | |||
| 62 | 62 | ||
| 63 | /* Simplified PKCS#12 routines */ | 63 | /* Simplified PKCS#12 routines */ |
| 64 | 64 | ||
| 65 | static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca); | 65 | static int parse_pk12( PKCS12 *p12, const char *pass, int passlen, |
| 66 | static int parse_bags( STACK *bags, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); | 66 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca); |
| 67 | static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PKEY **pkey, X509 **cert, STACK **ca, ASN1_OCTET_STRING **keyid, char *keymatch); | 67 | |
| 68 | static int parse_bags( STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, | ||
| 69 | int passlen, EVP_PKEY **pkey, X509 **cert, | ||
| 70 | STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, | ||
| 71 | char *keymatch); | ||
| 72 | |||
| 73 | static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, | ||
| 74 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, | ||
| 75 | ASN1_OCTET_STRING **keyid, char *keymatch); | ||
| 76 | |||
| 68 | /* Parse and decrypt a PKCS#12 structure returning user key, user cert | 77 | /* Parse and decrypt a PKCS#12 structure returning user key, user cert |
| 69 | * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, | 78 | * and other (CA) certs. Note either ca should be NULL, *ca should be NULL, |
| 70 | * or it should point to a valid STACK structure. pkey and cert can be | 79 | * or it should point to a valid STACK structure. pkey and cert can be |
| @@ -72,94 +81,111 @@ static int parse_bag( PKCS12_SAFEBAG *bag, const char *pass, int passlen, EVP_PK | |||
| 72 | */ | 81 | */ |
| 73 | 82 | ||
| 74 | int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | 83 | int PKCS12_parse (PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, |
| 75 | STACK **ca) | 84 | STACK_OF(X509) **ca) |
| 76 | { | 85 | { |
| 77 | 86 | ||
| 78 | /* Check for NULL PKCS12 structure */ | 87 | /* Check for NULL PKCS12 structure */ |
| 79 | 88 | ||
| 80 | if(!p12) { | 89 | if(!p12) { |
| 81 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); | 90 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_INVALID_NULL_PKCS12_POINTER); |
| 82 | return 0; | ||
| 83 | } | ||
| 84 | |||
| 85 | /* Allocate stack for ca certificates if needed */ | ||
| 86 | if ((ca != NULL) && (*ca == NULL)) { | ||
| 87 | if (!(*ca = sk_new(NULL))) { | ||
| 88 | PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); | ||
| 89 | return 0; | 91 | return 0; |
| 90 | } | 92 | } |
| 91 | } | ||
| 92 | 93 | ||
| 93 | if(pkey) *pkey = NULL; | 94 | /* Allocate stack for ca certificates if needed */ |
| 94 | if(cert) *cert = NULL; | 95 | if ((ca != NULL) && (*ca == NULL)) { |
| 96 | if (!(*ca = sk_X509_new_null())) { | ||
| 97 | PKCS12err(PKCS12_F_PKCS12_PARSE,ERR_R_MALLOC_FAILURE); | ||
| 98 | return 0; | ||
| 99 | } | ||
| 100 | } | ||
| 95 | 101 | ||
| 96 | /* Check the mac */ | 102 | if(pkey) *pkey = NULL; |
| 103 | if(cert) *cert = NULL; | ||
| 97 | 104 | ||
| 98 | if (!PKCS12_verify_mac (p12, pass, -1)) { | 105 | /* Check the mac */ |
| 99 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 100 | goto err; | ||
| 101 | } | ||
| 102 | 106 | ||
| 103 | if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) { | 107 | /* If password is zero length or NULL then try verifying both cases |
| 104 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); | 108 | * to determine which password is correct. The reason for this is that |
| 105 | goto err; | 109 | * under PKCS#12 password based encryption no password and a zero length |
| 106 | } | 110 | * password are two different things... |
| 111 | */ | ||
| 112 | |||
| 113 | if(!pass || !*pass) { | ||
| 114 | if(PKCS12_verify_mac(p12, NULL, 0)) pass = NULL; | ||
| 115 | else if(PKCS12_verify_mac(p12, "", 0)) pass = ""; | ||
| 116 | else { | ||
| 117 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 118 | goto err; | ||
| 119 | } | ||
| 120 | } else if (!PKCS12_verify_mac(p12, pass, -1)) { | ||
| 121 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_MAC_VERIFY_FAILURE); | ||
| 122 | goto err; | ||
| 123 | } | ||
| 107 | 124 | ||
| 108 | return 1; | 125 | if (!parse_pk12 (p12, pass, -1, pkey, cert, ca)) |
| 126 | { | ||
| 127 | PKCS12err(PKCS12_F_PKCS12_PARSE,PKCS12_R_PARSE_ERROR); | ||
| 128 | goto err; | ||
| 129 | } | ||
| 109 | 130 | ||
| 110 | err: | 131 | return 1; |
| 111 | 132 | ||
| 112 | if (pkey && *pkey) EVP_PKEY_free (*pkey); | 133 | err: |
| 113 | if (cert && *cert) X509_free (*cert); | 134 | |
| 114 | if (ca) sk_pop_free (*ca, X509_free); | 135 | if (pkey && *pkey) EVP_PKEY_free(*pkey); |
| 115 | return 0; | 136 | if (cert && *cert) X509_free(*cert); |
| 137 | if (ca) sk_X509_pop_free(*ca, X509_free); | ||
| 138 | return 0; | ||
| 116 | 139 | ||
| 117 | } | 140 | } |
| 118 | 141 | ||
| 119 | /* Parse the outer PKCS#12 structure */ | 142 | /* Parse the outer PKCS#12 structure */ |
| 120 | 143 | ||
| 121 | static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, | 144 | static int parse_pk12 (PKCS12 *p12, const char *pass, int passlen, |
| 122 | EVP_PKEY **pkey, X509 **cert, STACK **ca) | 145 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca) |
| 123 | { | 146 | { |
| 124 | STACK *asafes, *bags; | 147 | STACK_OF(PKCS7) *asafes; |
| 148 | STACK_OF(PKCS12_SAFEBAG) *bags; | ||
| 125 | int i, bagnid; | 149 | int i, bagnid; |
| 126 | PKCS7 *p7; | 150 | PKCS7 *p7; |
| 127 | ASN1_OCTET_STRING *keyid = NULL; | 151 | ASN1_OCTET_STRING *keyid = NULL; |
| 152 | |||
| 128 | char keymatch = 0; | 153 | char keymatch = 0; |
| 129 | if (!( asafes = M_PKCS12_unpack_authsafes (p12))) return 0; | 154 | if (!(asafes = PKCS12_unpack_authsafes (p12))) return 0; |
| 130 | for (i = 0; i < sk_num (asafes); i++) { | 155 | for (i = 0; i < sk_PKCS7_num (asafes); i++) { |
| 131 | p7 = (PKCS7 *) sk_value (asafes, i); | 156 | p7 = sk_PKCS7_value (asafes, i); |
| 132 | bagnid = OBJ_obj2nid (p7->type); | 157 | bagnid = OBJ_obj2nid (p7->type); |
| 133 | if (bagnid == NID_pkcs7_data) { | 158 | if (bagnid == NID_pkcs7_data) { |
| 134 | bags = M_PKCS12_unpack_p7data (p7); | 159 | bags = PKCS12_unpack_p7data(p7); |
| 135 | } else if (bagnid == NID_pkcs7_encrypted) { | 160 | } else if (bagnid == NID_pkcs7_encrypted) { |
| 136 | bags = M_PKCS12_unpack_p7encdata (p7, pass, passlen); | 161 | bags = PKCS12_unpack_p7encdata(p7, pass, passlen); |
| 137 | } else continue; | 162 | } else continue; |
| 138 | if (!bags) { | 163 | if (!bags) { |
| 139 | sk_pop_free (asafes, PKCS7_free); | 164 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 140 | return 0; | 165 | return 0; |
| 141 | } | 166 | } |
| 142 | if (!parse_bags (bags, pass, passlen, pkey, cert, ca, | 167 | if (!parse_bags(bags, pass, passlen, pkey, cert, ca, |
| 143 | &keyid, &keymatch)) { | 168 | &keyid, &keymatch)) { |
| 144 | sk_pop_free (bags, PKCS12_SAFEBAG_free); | 169 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 145 | sk_pop_free (asafes, PKCS7_free); | 170 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 146 | return 0; | 171 | return 0; |
| 147 | } | 172 | } |
| 148 | sk_pop_free (bags, PKCS12_SAFEBAG_free); | 173 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 149 | } | 174 | } |
| 150 | sk_pop_free (asafes, PKCS7_free); | 175 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 151 | if (keyid) ASN1_OCTET_STRING_free (keyid); | 176 | if (keyid) M_ASN1_OCTET_STRING_free(keyid); |
| 152 | return 1; | 177 | return 1; |
| 153 | } | 178 | } |
| 154 | 179 | ||
| 155 | 180 | ||
| 156 | static int parse_bags (STACK *bags, const char *pass, int passlen, | 181 | static int parse_bags (STACK_OF(PKCS12_SAFEBAG) *bags, const char *pass, |
| 157 | EVP_PKEY **pkey, X509 **cert, STACK **ca, | 182 | int passlen, EVP_PKEY **pkey, X509 **cert, |
| 158 | ASN1_OCTET_STRING **keyid, char *keymatch) | 183 | STACK_OF(X509) **ca, ASN1_OCTET_STRING **keyid, |
| 184 | char *keymatch) | ||
| 159 | { | 185 | { |
| 160 | int i; | 186 | int i; |
| 161 | for (i = 0; i < sk_num (bags); i++) { | 187 | for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { |
| 162 | if (!parse_bag ((PKCS12_SAFEBAG *)sk_value (bags, i), | 188 | if (!parse_bag(sk_PKCS12_SAFEBAG_value (bags, i), |
| 163 | pass, passlen, pkey, cert, ca, keyid, | 189 | pass, passlen, pkey, cert, ca, keyid, |
| 164 | keymatch)) return 0; | 190 | keymatch)) return 0; |
| 165 | } | 191 | } |
| @@ -170,26 +196,31 @@ static int parse_bags (STACK *bags, const char *pass, int passlen, | |||
| 170 | #define MATCH_CERT 0x2 | 196 | #define MATCH_CERT 0x2 |
| 171 | #define MATCH_ALL 0x3 | 197 | #define MATCH_ALL 0x3 |
| 172 | 198 | ||
| 173 | static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen, | 199 | static int parse_bag(PKCS12_SAFEBAG *bag, const char *pass, int passlen, |
| 174 | EVP_PKEY **pkey, X509 **cert, STACK **ca, | 200 | EVP_PKEY **pkey, X509 **cert, STACK_OF(X509) **ca, |
| 175 | ASN1_OCTET_STRING **keyid, | 201 | ASN1_OCTET_STRING **keyid, |
| 176 | char *keymatch) | 202 | char *keymatch) |
| 177 | { | 203 | { |
| 178 | PKCS8_PRIV_KEY_INFO *p8; | 204 | PKCS8_PRIV_KEY_INFO *p8; |
| 179 | X509 *x509; | 205 | X509 *x509; |
| 180 | ASN1_OCTET_STRING *lkey = NULL; | 206 | ASN1_OCTET_STRING *lkey = NULL, *ckid = NULL; |
| 181 | ASN1_TYPE *attrib; | 207 | ASN1_TYPE *attrib; |
| 208 | ASN1_BMPSTRING *fname = NULL; | ||
| 182 | 209 | ||
| 210 | if ((attrib = PKCS12_get_attr (bag, NID_friendlyName))) | ||
| 211 | fname = attrib->value.bmpstring; | ||
| 183 | 212 | ||
| 184 | if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) | 213 | if ((attrib = PKCS12_get_attr (bag, NID_localKeyID))) { |
| 185 | lkey = attrib->value.octet_string; | 214 | lkey = attrib->value.octet_string; |
| 215 | ckid = lkey; | ||
| 216 | } | ||
| 186 | 217 | ||
| 187 | /* Check for any local key id matching (if needed) */ | 218 | /* Check for any local key id matching (if needed) */ |
| 188 | if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { | 219 | if (lkey && ((*keymatch & MATCH_ALL) != MATCH_ALL)) { |
| 189 | if (*keyid) { | 220 | if (*keyid) { |
| 190 | if (ASN1_OCTET_STRING_cmp (*keyid, lkey)) lkey = NULL; | 221 | if (M_ASN1_OCTET_STRING_cmp(*keyid, lkey)) lkey = NULL; |
| 191 | } else { | 222 | } else { |
| 192 | if (!(*keyid = ASN1_OCTET_STRING_dup (lkey))) { | 223 | if (!(*keyid = M_ASN1_OCTET_STRING_dup(lkey))) { |
| 193 | PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); | 224 | PKCS12err(PKCS12_F_PARSE_BAGS,ERR_R_MALLOC_FAILURE); |
| 194 | return 0; | 225 | return 0; |
| 195 | } | 226 | } |
| @@ -200,16 +231,16 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 200 | { | 231 | { |
| 201 | case NID_keyBag: | 232 | case NID_keyBag: |
| 202 | if (!lkey || !pkey) return 1; | 233 | if (!lkey || !pkey) return 1; |
| 203 | if (!(*pkey = EVP_PKCS82PKEY (bag->value.keybag))) return 0; | 234 | if (!(*pkey = EVP_PKCS82PKEY(bag->value.keybag))) return 0; |
| 204 | *keymatch |= MATCH_KEY; | 235 | *keymatch |= MATCH_KEY; |
| 205 | break; | 236 | break; |
| 206 | 237 | ||
| 207 | case NID_pkcs8ShroudedKeyBag: | 238 | case NID_pkcs8ShroudedKeyBag: |
| 208 | if (!lkey || !pkey) return 1; | 239 | if (!lkey || !pkey) return 1; |
| 209 | if (!(p8 = M_PKCS12_decrypt_skey (bag, pass, passlen))) | 240 | if (!(p8 = PKCS12_decrypt_skey(bag, pass, passlen))) |
| 210 | return 0; | 241 | return 0; |
| 211 | *pkey = EVP_PKCS82PKEY (p8); | 242 | *pkey = EVP_PKCS82PKEY(p8); |
| 212 | PKCS8_PRIV_KEY_INFO_free (p8); | 243 | PKCS8_PRIV_KEY_INFO_free(p8); |
| 213 | if (!(*pkey)) return 0; | 244 | if (!(*pkey)) return 0; |
| 214 | *keymatch |= MATCH_KEY; | 245 | *keymatch |= MATCH_KEY; |
| 215 | break; | 246 | break; |
| @@ -217,11 +248,27 @@ static int parse_bag (PKCS12_SAFEBAG *bag, const char *pass, int passlen, | |||
| 217 | case NID_certBag: | 248 | case NID_certBag: |
| 218 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) | 249 | if (M_PKCS12_cert_bag_type(bag) != NID_x509Certificate ) |
| 219 | return 1; | 250 | return 1; |
| 220 | if (!(x509 = M_PKCS12_certbag2x509(bag))) return 0; | 251 | if (!(x509 = PKCS12_certbag2x509(bag))) return 0; |
| 252 | if(ckid) X509_keyid_set1(x509, ckid->data, ckid->length); | ||
| 253 | if(fname) { | ||
| 254 | int len; | ||
| 255 | unsigned char *data; | ||
| 256 | len = ASN1_STRING_to_UTF8(&data, fname); | ||
| 257 | if(len > 0) { | ||
| 258 | X509_alias_set1(x509, data, len); | ||
| 259 | OPENSSL_free(data); | ||
| 260 | } | ||
| 261 | } | ||
| 262 | |||
| 263 | |||
| 221 | if (lkey) { | 264 | if (lkey) { |
| 222 | *keymatch |= MATCH_CERT; | 265 | *keymatch |= MATCH_CERT; |
| 223 | if (cert) *cert = x509; | 266 | if (cert) *cert = x509; |
| 224 | } else if (ca) sk_push (*ca, (char *)x509); | 267 | else X509_free(x509); |
| 268 | } else { | ||
| 269 | if(ca) sk_X509_push (*ca, x509); | ||
| 270 | else X509_free(x509); | ||
| 271 | } | ||
| 225 | break; | 272 | break; |
| 226 | 273 | ||
| 227 | case NID_safeContentsBag: | 274 | case NID_safeContentsBag: |
diff --git a/src/lib/libcrypto/pkcs12/p12_mutl.c b/src/lib/libcrypto/pkcs12/p12_mutl.c index bac558d6b9..0fb67f74b8 100644 --- a/src/lib/libcrypto/pkcs12/p12_mutl.c +++ b/src/lib/libcrypto/pkcs12/p12_mutl.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * | 56 | * |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef NO_HMAC | 59 | #ifndef OPENSSL_NO_HMAC |
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/hmac.h> | 62 | #include <openssl/hmac.h> |
| @@ -71,6 +71,7 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 71 | HMAC_CTX hmac; | 71 | HMAC_CTX hmac; |
| 72 | unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; | 72 | unsigned char key[PKCS12_MAC_KEY_LENGTH], *salt; |
| 73 | int saltlen, iter; | 73 | int saltlen, iter; |
| 74 | |||
| 74 | salt = p12->mac->salt->data; | 75 | salt = p12->mac->salt->data; |
| 75 | saltlen = p12->mac->salt->length; | 76 | saltlen = p12->mac->salt->length; |
| 76 | if (!p12->mac->iter) iter = 1; | 77 | if (!p12->mac->iter) iter = 1; |
| @@ -85,10 +86,12 @@ int PKCS12_gen_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 85 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); | 86 | PKCS12err(PKCS12_F_PKCS12_GEN_MAC,PKCS12_R_KEY_GEN_ERROR); |
| 86 | return 0; | 87 | return 0; |
| 87 | } | 88 | } |
| 88 | HMAC_Init (&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type); | 89 | HMAC_CTX_init(&hmac); |
| 89 | HMAC_Update (&hmac, p12->authsafes->d.data->data, | 90 | HMAC_Init_ex(&hmac, key, PKCS12_MAC_KEY_LENGTH, md_type, NULL); |
| 91 | HMAC_Update(&hmac, p12->authsafes->d.data->data, | ||
| 90 | p12->authsafes->d.data->length); | 92 | p12->authsafes->d.data->length); |
| 91 | HMAC_Final (&hmac, mac, maclen); | 93 | HMAC_Final(&hmac, mac, maclen); |
| 94 | HMAC_CTX_cleanup(&hmac); | ||
| 92 | return 1; | 95 | return 1; |
| 93 | } | 96 | } |
| 94 | 97 | ||
| @@ -106,17 +109,14 @@ int PKCS12_verify_mac (PKCS12 *p12, const char *pass, int passlen) | |||
| 106 | return 0; | 109 | return 0; |
| 107 | } | 110 | } |
| 108 | if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) | 111 | if ((maclen != (unsigned int)p12->mac->dinfo->digest->length) |
| 109 | || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) { | 112 | || memcmp (mac, p12->mac->dinfo->digest->data, maclen)) return 0; |
| 110 | PKCS12err(PKCS12_F_VERIFY_MAC,PKCS12_R_MAC_VERIFY_ERROR); | ||
| 111 | return 0; | ||
| 112 | } | ||
| 113 | return 1; | 113 | return 1; |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | /* Set a mac */ | 116 | /* Set a mac */ |
| 117 | 117 | ||
| 118 | int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, | 118 | int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, |
| 119 | unsigned char *salt, int saltlen, int iter, EVP_MD *md_type) | 119 | unsigned char *salt, int saltlen, int iter, const EVP_MD *md_type) |
| 120 | { | 120 | { |
| 121 | unsigned char mac[EVP_MAX_MD_SIZE]; | 121 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| 122 | unsigned int maclen; | 122 | unsigned int maclen; |
| @@ -131,7 +131,7 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 131 | PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); | 131 | PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_GENERATION_ERROR); |
| 132 | return 0; | 132 | return 0; |
| 133 | } | 133 | } |
| 134 | if (!(ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { | 134 | if (!(M_ASN1_OCTET_STRING_set (p12->mac->dinfo->digest, mac, maclen))) { |
| 135 | PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); | 135 | PKCS12err(PKCS12_F_PKCS12_SET_MAC,PKCS12_R_MAC_STRING_SET_ERROR); |
| 136 | return 0; | 136 | return 0; |
| 137 | } | 137 | } |
| @@ -140,23 +140,26 @@ int PKCS12_set_mac (PKCS12 *p12, const char *pass, int passlen, | |||
| 140 | 140 | ||
| 141 | /* Set up a mac structure */ | 141 | /* Set up a mac structure */ |
| 142 | int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, | 142 | int PKCS12_setup_mac (PKCS12 *p12, int iter, unsigned char *salt, int saltlen, |
| 143 | EVP_MD *md_type) | 143 | const EVP_MD *md_type) |
| 144 | { | 144 | { |
| 145 | if (!(p12->mac = PKCS12_MAC_DATA_new ())) return PKCS12_ERROR; | 145 | if (!(p12->mac = PKCS12_MAC_DATA_new())) return PKCS12_ERROR; |
| 146 | if (iter > 1) { | 146 | if (iter > 1) { |
| 147 | if(!(p12->mac->iter = ASN1_INTEGER_new())) { | 147 | if(!(p12->mac->iter = M_ASN1_INTEGER_new())) { |
| 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 148 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); |
| 149 | return 0; | 149 | return 0; |
| 150 | } | 150 | } |
| 151 | ASN1_INTEGER_set (p12->mac->iter, iter); | 151 | ASN1_INTEGER_set(p12->mac->iter, iter); |
| 152 | } | 152 | } |
| 153 | if (!saltlen) saltlen = PKCS12_SALT_LEN; | 153 | if (!saltlen) saltlen = PKCS12_SALT_LEN; |
| 154 | p12->mac->salt->length = saltlen; | 154 | p12->mac->salt->length = saltlen; |
| 155 | if (!(p12->mac->salt->data = Malloc (saltlen))) { | 155 | if (!(p12->mac->salt->data = OPENSSL_malloc (saltlen))) { |
| 156 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); | 156 | PKCS12err(PKCS12_F_PKCS12_SETUP_MAC, ERR_R_MALLOC_FAILURE); |
| 157 | return 0; | 157 | return 0; |
| 158 | } | 158 | } |
| 159 | if (!salt) RAND_bytes (p12->mac->salt->data, saltlen); | 159 | if (!salt) { |
| 160 | if (RAND_pseudo_bytes (p12->mac->salt->data, saltlen) < 0) | ||
| 161 | return 0; | ||
| 162 | } | ||
| 160 | else memcpy (p12->mac->salt->data, salt, saltlen); | 163 | else memcpy (p12->mac->salt->data, salt, saltlen); |
| 161 | p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); | 164 | p12->mac->dinfo->algor->algorithm = OBJ_nid2obj(EVP_MD_type(md_type)); |
| 162 | if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { | 165 | if (!(p12->mac->dinfo->algor->parameter = ASN1_TYPE_new())) { |
diff --git a/src/lib/libcrypto/pkcs12/p12_npas.c b/src/lib/libcrypto/pkcs12/p12_npas.c index ee71707e2c..a549433eeb 100644 --- a/src/lib/libcrypto/pkcs12/p12_npas.c +++ b/src/lib/libcrypto/pkcs12/p12_npas.c | |||
| @@ -66,7 +66,8 @@ | |||
| 66 | /* PKCS#12 password change routine */ | 66 | /* PKCS#12 password change routine */ |
| 67 | 67 | ||
| 68 | static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); | 68 | static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass); |
| 69 | static int newpass_bags(STACK *bags, char *oldpass, char *newpass); | 69 | static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, |
| 70 | char *newpass); | ||
| 70 | static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); | 71 | static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass); |
| 71 | static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); | 72 | static int alg_get(X509_ALGOR *alg, int *pnid, int *piter, int *psaltlen); |
| 72 | 73 | ||
| @@ -104,51 +105,53 @@ return 1; | |||
| 104 | 105 | ||
| 105 | static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | 106 | static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) |
| 106 | { | 107 | { |
| 107 | STACK *asafes, *newsafes, *bags; | 108 | STACK_OF(PKCS7) *asafes, *newsafes; |
| 109 | STACK_OF(PKCS12_SAFEBAG) *bags; | ||
| 108 | int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; | 110 | int i, bagnid, pbe_nid, pbe_iter, pbe_saltlen; |
| 109 | PKCS7 *p7, *p7new; | 111 | PKCS7 *p7, *p7new; |
| 110 | ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; | 112 | ASN1_OCTET_STRING *p12_data_tmp = NULL, *macnew = NULL; |
| 111 | unsigned char mac[EVP_MAX_MD_SIZE]; | 113 | unsigned char mac[EVP_MAX_MD_SIZE]; |
| 112 | unsigned int maclen; | 114 | unsigned int maclen; |
| 113 | if (!(asafes = M_PKCS12_unpack_authsafes(p12))) return 0; | 115 | |
| 114 | if(!(newsafes = sk_new(NULL))) return 0; | 116 | if (!(asafes = PKCS12_unpack_authsafes(p12))) return 0; |
| 115 | for (i = 0; i < sk_num (asafes); i++) { | 117 | if(!(newsafes = sk_PKCS7_new_null())) return 0; |
| 116 | p7 = (PKCS7 *) sk_value(asafes, i); | 118 | for (i = 0; i < sk_PKCS7_num (asafes); i++) { |
| 119 | p7 = sk_PKCS7_value(asafes, i); | ||
| 117 | bagnid = OBJ_obj2nid(p7->type); | 120 | bagnid = OBJ_obj2nid(p7->type); |
| 118 | if (bagnid == NID_pkcs7_data) { | 121 | if (bagnid == NID_pkcs7_data) { |
| 119 | bags = M_PKCS12_unpack_p7data(p7); | 122 | bags = PKCS12_unpack_p7data(p7); |
| 120 | } else if (bagnid == NID_pkcs7_encrypted) { | 123 | } else if (bagnid == NID_pkcs7_encrypted) { |
| 121 | bags = M_PKCS12_unpack_p7encdata(p7, oldpass, -1); | 124 | bags = PKCS12_unpack_p7encdata(p7, oldpass, -1); |
| 122 | alg_get(p7->d.encrypted->enc_data->algorithm, | 125 | alg_get(p7->d.encrypted->enc_data->algorithm, |
| 123 | &pbe_nid, &pbe_iter, &pbe_saltlen); | 126 | &pbe_nid, &pbe_iter, &pbe_saltlen); |
| 124 | } else continue; | 127 | } else continue; |
| 125 | if (!bags) { | 128 | if (!bags) { |
| 126 | sk_pop_free(asafes, PKCS7_free); | 129 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 127 | return 0; | 130 | return 0; |
| 128 | } | 131 | } |
| 129 | if (!newpass_bags(bags, oldpass, newpass)) { | 132 | if (!newpass_bags(bags, oldpass, newpass)) { |
| 130 | sk_pop_free(bags, PKCS12_SAFEBAG_free); | 133 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 131 | sk_pop_free(asafes, PKCS7_free); | 134 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 132 | return 0; | 135 | return 0; |
| 133 | } | 136 | } |
| 134 | /* Repack bag in same form with new password */ | 137 | /* Repack bag in same form with new password */ |
| 135 | if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); | 138 | if (bagnid == NID_pkcs7_data) p7new = PKCS12_pack_p7data(bags); |
| 136 | else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, | 139 | else p7new = PKCS12_pack_p7encdata(pbe_nid, newpass, -1, NULL, |
| 137 | pbe_saltlen, pbe_iter, bags); | 140 | pbe_saltlen, pbe_iter, bags); |
| 138 | sk_pop_free(bags, PKCS12_SAFEBAG_free); | 141 | sk_PKCS12_SAFEBAG_pop_free(bags, PKCS12_SAFEBAG_free); |
| 139 | if(!p7new) { | 142 | if(!p7new) { |
| 140 | sk_pop_free(asafes, PKCS7_free); | 143 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 141 | return 0; | 144 | return 0; |
| 142 | } | 145 | } |
| 143 | sk_push(newsafes, (char *)p7new); | 146 | sk_PKCS7_push(newsafes, p7new); |
| 144 | } | 147 | } |
| 145 | sk_pop_free(asafes, PKCS7_free); | 148 | sk_PKCS7_pop_free(asafes, PKCS7_free); |
| 146 | 149 | ||
| 147 | /* Repack safe: save old safe in case of error */ | 150 | /* Repack safe: save old safe in case of error */ |
| 148 | 151 | ||
| 149 | p12_data_tmp = p12->authsafes->d.data; | 152 | p12_data_tmp = p12->authsafes->d.data; |
| 150 | if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; | 153 | if(!(p12->authsafes->d.data = ASN1_OCTET_STRING_new())) goto saferr; |
| 151 | if(!M_PKCS12_pack_authsafes(p12, newsafes)) goto saferr; | 154 | if(!PKCS12_pack_authsafes(p12, newsafes)) goto saferr; |
| 152 | 155 | ||
| 153 | if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; | 156 | if(!PKCS12_gen_mac(p12, newpass, -1, mac, &maclen)) goto saferr; |
| 154 | if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; | 157 | if(!(macnew = ASN1_OCTET_STRING_new())) goto saferr; |
| @@ -169,12 +172,14 @@ static int newpass_p12(PKCS12 *p12, char *oldpass, char *newpass) | |||
| 169 | } | 172 | } |
| 170 | 173 | ||
| 171 | 174 | ||
| 172 | static int newpass_bags(STACK *bags, char *oldpass, char *newpass) | 175 | static int newpass_bags(STACK_OF(PKCS12_SAFEBAG) *bags, char *oldpass, |
| 176 | char *newpass) | ||
| 173 | { | 177 | { |
| 174 | int i; | 178 | int i; |
| 175 | for (i = 0; i < sk_num(bags); i++) { | 179 | for (i = 0; i < sk_PKCS12_SAFEBAG_num(bags); i++) { |
| 176 | if (!newpass_bag((PKCS12_SAFEBAG *)sk_value(bags, i), | 180 | if (!newpass_bag(sk_PKCS12_SAFEBAG_value(bags, i), |
| 177 | oldpass, newpass)) return 0; | 181 | oldpass, newpass)) |
| 182 | return 0; | ||
| 178 | } | 183 | } |
| 179 | return 1; | 184 | return 1; |
| 180 | } | 185 | } |
| @@ -189,7 +194,7 @@ static int newpass_bag(PKCS12_SAFEBAG *bag, char *oldpass, char *newpass) | |||
| 189 | 194 | ||
| 190 | if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; | 195 | if(M_PKCS12_bag_type(bag) != NID_pkcs8ShroudedKeyBag) return 1; |
| 191 | 196 | ||
| 192 | if (!(p8 = M_PKCS12_decrypt_skey(bag, oldpass, -1))) return 0; | 197 | if (!(p8 = PKCS8_decrypt(bag->value.shkeybag, oldpass, -1))) return 0; |
| 193 | alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); | 198 | alg_get(bag->value.shkeybag->algor, &p8_nid, &p8_iter, &p8_saltlen); |
| 194 | if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, | 199 | if(!(p8new = PKCS8_encrypt(p8_nid, NULL, newpass, -1, NULL, p8_saltlen, |
| 195 | p8_iter, p8))) return 0; | 200 | p8_iter, p8))) return 0; |
diff --git a/src/lib/libcrypto/pkcs12/p12_utl.c b/src/lib/libcrypto/pkcs12/p12_utl.c index 2adcbc95e1..243ec76be9 100644 --- a/src/lib/libcrypto/pkcs12/p12_utl.c +++ b/src/lib/libcrypto/pkcs12/p12_utl.c | |||
| @@ -62,30 +62,34 @@ | |||
| 62 | 62 | ||
| 63 | /* Cheap and nasty Unicode stuff */ | 63 | /* Cheap and nasty Unicode stuff */ |
| 64 | 64 | ||
| 65 | unsigned char *asc2uni (const char *asc, unsigned char **uni, int *unilen) | 65 | unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen) |
| 66 | { | 66 | { |
| 67 | int ulen, i; | 67 | int ulen, i; |
| 68 | unsigned char *unitmp; | 68 | unsigned char *unitmp; |
| 69 | ulen = strlen(asc)*2 + 2; | 69 | if (asclen == -1) asclen = strlen(asc); |
| 70 | if (!(unitmp = Malloc (ulen))) return NULL; | 70 | ulen = asclen*2 + 2; |
| 71 | for (i = 0; i < ulen; i+=2) { | 71 | if (!(unitmp = OPENSSL_malloc(ulen))) return NULL; |
| 72 | for (i = 0; i < ulen - 2; i+=2) { | ||
| 72 | unitmp[i] = 0; | 73 | unitmp[i] = 0; |
| 73 | unitmp[i + 1] = asc[i>>1]; | 74 | unitmp[i + 1] = asc[i>>1]; |
| 74 | } | 75 | } |
| 76 | /* Make result double null terminated */ | ||
| 77 | unitmp[ulen - 2] = 0; | ||
| 78 | unitmp[ulen - 1] = 0; | ||
| 75 | if (unilen) *unilen = ulen; | 79 | if (unilen) *unilen = ulen; |
| 76 | if (uni) *uni = unitmp; | 80 | if (uni) *uni = unitmp; |
| 77 | return unitmp; | 81 | return unitmp; |
| 78 | } | 82 | } |
| 79 | 83 | ||
| 80 | char *uni2asc (unsigned char *uni, int unilen) | 84 | char *uni2asc(unsigned char *uni, int unilen) |
| 81 | { | 85 | { |
| 82 | int asclen, i; | 86 | int asclen, i; |
| 83 | char *asctmp; | 87 | char *asctmp; |
| 84 | asclen = unilen / 2; | 88 | asclen = unilen / 2; |
| 85 | /* If no terminating zero allow for one */ | 89 | /* If no terminating zero allow for one */ |
| 86 | if (uni[unilen - 1]) asclen++; | 90 | if (!unilen || uni[unilen - 1]) asclen++; |
| 87 | uni++; | 91 | uni++; |
| 88 | if (!(asctmp = Malloc (asclen))) return NULL; | 92 | if (!(asctmp = OPENSSL_malloc(asclen))) return NULL; |
| 89 | for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; | 93 | for (i = 0; i < unilen; i+=2) asctmp[i>>1] = uni[i]; |
| 90 | asctmp[asclen - 1] = 0; | 94 | asctmp[asclen - 1] = 0; |
| 91 | return asctmp; | 95 | return asctmp; |
| @@ -93,26 +97,50 @@ char *uni2asc (unsigned char *uni, int unilen) | |||
| 93 | 97 | ||
| 94 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) | 98 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12) |
| 95 | { | 99 | { |
| 96 | return ASN1_i2d_bio((int(*)())i2d_PKCS12, bp, (unsigned char *)p12); | 100 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); |
| 97 | } | 101 | } |
| 98 | 102 | ||
| 99 | #ifndef NO_FP_API | 103 | #ifndef OPENSSL_NO_FP_API |
| 100 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) | 104 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12) |
| 101 | { | 105 | { |
| 102 | return ASN1_i2d_fp((int(*)())i2d_PKCS12, fp, (unsigned char *)p12); | 106 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); |
| 103 | } | 107 | } |
| 104 | #endif | 108 | #endif |
| 105 | 109 | ||
| 106 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) | 110 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12) |
| 107 | { | 111 | { |
| 108 | return (PKCS12 *)ASN1_d2i_bio((char *(*)())PKCS12_new, | 112 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS12), bp, p12); |
| 109 | (char *(*)())d2i_PKCS12, bp, (unsigned char **)p12); | ||
| 110 | } | 113 | } |
| 111 | #ifndef NO_FP_API | 114 | #ifndef OPENSSL_NO_FP_API |
| 112 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) | 115 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12) |
| 113 | { | 116 | { |
| 114 | return (PKCS12 *)ASN1_d2i_fp((char *(*)())PKCS12_new, | 117 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS12), fp, p12); |
| 115 | (char *(*)())d2i_PKCS12, fp, (unsigned char **)(p12)); | ||
| 116 | } | 118 | } |
| 117 | #endif | 119 | #endif |
| 118 | 120 | ||
| 121 | PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509) | ||
| 122 | { | ||
| 123 | return PKCS12_item_pack_safebag(x509, ASN1_ITEM_rptr(X509), | ||
| 124 | NID_x509Certificate, NID_certBag); | ||
| 125 | } | ||
| 126 | |||
| 127 | PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl) | ||
| 128 | { | ||
| 129 | return PKCS12_item_pack_safebag(crl, ASN1_ITEM_rptr(X509_CRL), | ||
| 130 | NID_x509Crl, NID_crlBag); | ||
| 131 | } | ||
| 132 | |||
| 133 | X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag) | ||
| 134 | { | ||
| 135 | if(M_PKCS12_bag_type(bag) != NID_certBag) return NULL; | ||
| 136 | if(M_PKCS12_cert_bag_type(bag) != NID_x509Certificate) return NULL; | ||
| 137 | return ASN1_item_unpack(bag->value.bag->value.octet, ASN1_ITEM_rptr(X509)); | ||
| 138 | } | ||
| 139 | |||
| 140 | X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag) | ||
| 141 | { | ||
| 142 | if(M_PKCS12_bag_type(bag) != NID_crlBag) return NULL; | ||
| 143 | if(M_PKCS12_cert_bag_type(bag) != NID_x509Crl) return NULL; | ||
| 144 | return ASN1_item_unpack(bag->value.bag->value.octet, | ||
| 145 | ASN1_ITEM_rptr(X509_CRL)); | ||
| 146 | } | ||
diff --git a/src/lib/libcrypto/pkcs12/pk12err.c b/src/lib/libcrypto/pkcs12/pk12err.c index 38d7be7675..10ab80502c 100644 --- a/src/lib/libcrypto/pkcs12/pk12err.c +++ b/src/lib/libcrypto/pkcs12/pk12err.c | |||
| @@ -54,7 +54,8 @@ | |||
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes |
| 57 | * made to it will be overwritten when the script next updates this file. | 57 | * made to it will be overwritten when the script next updates this file, |
| 58 | * only reason strings will be preserved. | ||
| 58 | */ | 59 | */ |
| 59 | 60 | ||
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| @@ -62,7 +63,7 @@ | |||
| 62 | #include <openssl/pkcs12.h> | 63 | #include <openssl/pkcs12.h> |
| 63 | 64 | ||
| 64 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 65 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | static ERR_STRING_DATA PKCS12_str_functs[]= | 67 | static ERR_STRING_DATA PKCS12_str_functs[]= |
| 67 | { | 68 | { |
| 68 | {ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, | 69 | {ERR_PACK(0,PKCS12_F_PARSE_BAGS,0), "PARSE_BAGS"}, |
| @@ -79,6 +80,7 @@ static ERR_STRING_DATA PKCS12_str_functs[]= | |||
| 79 | {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, | 80 | {ERR_PACK(0,PKCS12_F_PKCS12_KEY_GEN_UNI,0), "PKCS12_key_gen_uni"}, |
| 80 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, | 81 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_KEYBAG,0), "PKCS12_MAKE_KEYBAG"}, |
| 81 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, | 82 | {ERR_PACK(0,PKCS12_F_PKCS12_MAKE_SHKEYBAG,0), "PKCS12_MAKE_SHKEYBAG"}, |
| 83 | {ERR_PACK(0,PKCS12_F_PKCS12_NEWPASS,0), "PKCS12_newpass"}, | ||
| 82 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, | 84 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7DATA,0), "PKCS12_pack_p7data"}, |
| 83 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, | 85 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_P7ENCDATA,0), "PKCS12_pack_p7encdata"}, |
| 84 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, | 86 | {ERR_PACK(0,PKCS12_F_PKCS12_PACK_SAFEBAG,0), "PKCS12_pack_safebag"}, |
| @@ -99,6 +101,7 @@ static ERR_STRING_DATA PKCS12_str_reasons[]= | |||
| 99 | {PKCS12_R_DECODE_ERROR ,"decode error"}, | 101 | {PKCS12_R_DECODE_ERROR ,"decode error"}, |
| 100 | {PKCS12_R_ENCODE_ERROR ,"encode error"}, | 102 | {PKCS12_R_ENCODE_ERROR ,"encode error"}, |
| 101 | {PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, | 103 | {PKCS12_R_ENCRYPT_ERROR ,"encrypt error"}, |
| 104 | {PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE,"error setting encrypted data type"}, | ||
| 102 | {PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, | 105 | {PKCS12_R_INVALID_NULL_ARGUMENT ,"invalid null argument"}, |
| 103 | {PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, | 106 | {PKCS12_R_INVALID_NULL_PKCS12_POINTER ,"invalid null pkcs12 pointer"}, |
| 104 | {PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, | 107 | {PKCS12_R_IV_GEN_ERROR ,"iv gen error"}, |
| @@ -127,7 +130,7 @@ void ERR_load_PKCS12_strings(void) | |||
| 127 | if (init) | 130 | if (init) |
| 128 | { | 131 | { |
| 129 | init=0; | 132 | init=0; |
| 130 | #ifndef NO_ERR | 133 | #ifndef OPENSSL_NO_ERR |
| 131 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); | 134 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_functs); |
| 132 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); | 135 | ERR_load_strings(ERR_LIB_PKCS12,PKCS12_str_reasons); |
| 133 | #endif | 136 | #endif |
diff --git a/src/lib/libcrypto/pkcs12/pkcs12.h b/src/lib/libcrypto/pkcs12/pkcs12.h index 4cfba5e6c6..1786b6d4f3 100644 --- a/src/lib/libcrypto/pkcs12/pkcs12.h +++ b/src/lib/libcrypto/pkcs12/pkcs12.h | |||
| @@ -59,13 +59,13 @@ | |||
| 59 | #ifndef HEADER_PKCS12_H | 59 | #ifndef HEADER_PKCS12_H |
| 60 | #define HEADER_PKCS12_H | 60 | #define HEADER_PKCS12_H |
| 61 | 61 | ||
| 62 | #include <openssl/bio.h> | ||
| 63 | #include <openssl/x509.h> | ||
| 64 | |||
| 62 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 63 | extern "C" { | 66 | extern "C" { |
| 64 | #endif | 67 | #endif |
| 65 | 68 | ||
| 66 | #include <openssl/bio.h> | ||
| 67 | #include <openssl/x509.h> | ||
| 68 | |||
| 69 | #define PKCS12_KEY_ID 1 | 69 | #define PKCS12_KEY_ID 1 |
| 70 | #define PKCS12_IV_ID 2 | 70 | #define PKCS12_IV_ID 2 |
| 71 | #define PKCS12_MAC_ID 3 | 71 | #define PKCS12_MAC_ID 3 |
| @@ -108,19 +108,24 @@ PKCS12_MAC_DATA *mac; | |||
| 108 | PKCS7 *authsafes; | 108 | PKCS7 *authsafes; |
| 109 | } PKCS12; | 109 | } PKCS12; |
| 110 | 110 | ||
| 111 | PREDECLARE_STACK_OF(PKCS12_SAFEBAG) | ||
| 112 | |||
| 111 | typedef struct { | 113 | typedef struct { |
| 112 | ASN1_OBJECT *type; | 114 | ASN1_OBJECT *type; |
| 113 | union { | 115 | union { |
| 114 | struct pkcs12_bag_st *bag; /* secret, crl and certbag */ | 116 | struct pkcs12_bag_st *bag; /* secret, crl and certbag */ |
| 115 | struct pkcs8_priv_key_info_st *keybag; /* keybag */ | 117 | struct pkcs8_priv_key_info_st *keybag; /* keybag */ |
| 116 | X509_SIG *shkeybag; /* shrouded key bag */ | 118 | X509_SIG *shkeybag; /* shrouded key bag */ |
| 117 | STACK /* PKCS12_SAFEBAG */ *safes; | 119 | STACK_OF(PKCS12_SAFEBAG) *safes; |
| 118 | ASN1_TYPE *other; | 120 | ASN1_TYPE *other; |
| 119 | }value; | 121 | }value; |
| 120 | STACK_OF(X509_ATTRIBUTE) *attrib; | 122 | STACK_OF(X509_ATTRIBUTE) *attrib; |
| 121 | ASN1_TYPE *rest; | ||
| 122 | } PKCS12_SAFEBAG; | 123 | } PKCS12_SAFEBAG; |
| 123 | 124 | ||
| 125 | DECLARE_STACK_OF(PKCS12_SAFEBAG) | ||
| 126 | DECLARE_ASN1_SET_OF(PKCS12_SAFEBAG) | ||
| 127 | DECLARE_PKCS12_STACK_OF(PKCS12_SAFEBAG) | ||
| 128 | |||
| 124 | typedef struct pkcs12_bag_st { | 129 | typedef struct pkcs12_bag_st { |
| 125 | ASN1_OBJECT *type; | 130 | ASN1_OBJECT *type; |
| 126 | union { | 131 | union { |
| @@ -135,56 +140,25 @@ union { | |||
| 135 | #define PKCS12_ERROR 0 | 140 | #define PKCS12_ERROR 0 |
| 136 | #define PKCS12_OK 1 | 141 | #define PKCS12_OK 1 |
| 137 | 142 | ||
| 138 | #define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) | 143 | /* Compatibility macros */ |
| 139 | #define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) | ||
| 140 | #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type | ||
| 141 | |||
| 142 | #define M_PKCS12_x5092certbag(x509) \ | ||
| 143 | PKCS12_pack_safebag ((char *)(x509), i2d_X509, NID_x509Certificate, NID_certBag) | ||
| 144 | |||
| 145 | #define M_PKCS12_x509crl2certbag(crl) \ | ||
| 146 | PKCS12_pack_safebag ((char *)(crl), i2d_X509CRL, NID_x509Crl, NID_crlBag) | ||
| 147 | |||
| 148 | #define M_PKCS12_certbag2x509(bg) \ | ||
| 149 | (X509 *) ASN1_unpack_string ((bg)->value.bag->value.octet, \ | ||
| 150 | (char *(*)())d2i_X509) | ||
| 151 | |||
| 152 | #define M_PKCS12_certbag2x509crl(bg) \ | ||
| 153 | (X509CRL *) ASN1_unpack_string ((bg)->value.bag->value.octet, \ | ||
| 154 | (char *(*)())d2i_X509CRL) | ||
| 155 | 144 | ||
| 156 | /*#define M_PKCS12_pkcs82rsa(p8) \ | 145 | #define M_PKCS12_x5092certbag PKCS12_x5092certbag |
| 157 | (RSA *) ASN1_unpack_string ((p8)->pkey, (char *(*)())d2i_RSAPrivateKey)*/ | 146 | #define M_PKCS12_x509crl2certbag PKCS12_x509crl2certbag |
| 158 | 147 | ||
| 159 | #define M_PKCS12_unpack_p7data(p7) \ | 148 | #define M_PKCS12_certbag2x509 PKCS12_certbag2x509 |
| 160 | ASN1_seq_unpack ((p7)->d.data->data, p7->d.data->length, \ | 149 | #define M_PKCS12_certbag2x509crl PKCS12_certbag2x509crl |
| 161 | (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free) | ||
| 162 | 150 | ||
| 163 | #define M_PKCS12_pack_authsafes(p12, safes) \ | 151 | #define M_PKCS12_unpack_p7data PKCS12_unpack_p7data |
| 164 | ASN1_seq_pack((safes), (int (*)())i2d_PKCS7,\ | 152 | #define M_PKCS12_pack_authsafes PKCS12_pack_authsafes |
| 165 | &(p12)->authsafes->d.data->data, &(p12)->authsafes->d.data->length) | 153 | #define M_PKCS12_unpack_authsafes PKCS12_unpack_authsafes |
| 154 | #define M_PKCS12_unpack_p7encdata PKCS12_unpack_p7encdata | ||
| 166 | 155 | ||
| 167 | #define M_PKCS12_unpack_authsafes(p12) \ | 156 | #define M_PKCS12_decrypt_skey PKCS12_decrypt_skey |
| 168 | ASN1_seq_unpack((p12)->authsafes->d.data->data, \ | 157 | #define M_PKCS8_decrypt PKCS8_decrypt |
| 169 | (p12)->authsafes->d.data->length, (char *(*)())d2i_PKCS7, \ | ||
| 170 | PKCS7_free) | ||
| 171 | 158 | ||
| 172 | #define M_PKCS12_unpack_p7encdata(p7, pass, passlen) \ | 159 | #define M_PKCS12_bag_type(bag) OBJ_obj2nid(bag->type) |
| 173 | (STACK *) PKCS12_decrypt_d2i ((p7)->d.encrypted->enc_data->algorithm,\ | 160 | #define M_PKCS12_cert_bag_type(bag) OBJ_obj2nid(bag->value.bag->type) |
| 174 | (char *(*)())d2i_PKCS12_SAFEBAG, PKCS12_SAFEBAG_free, \ | 161 | #define M_PKCS12_crl_bag_type M_PKCS12_cert_bag_type |
| 175 | (pass), (passlen), \ | ||
| 176 | (p7)->d.encrypted->enc_data->enc_data, 3) | ||
| 177 | |||
| 178 | #define M_PKCS12_decrypt_skey(bag, pass, passlen) \ | ||
| 179 | (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((bag)->value.shkeybag->algor, \ | ||
| 180 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free, \ | ||
| 181 | (pass), (passlen), \ | ||
| 182 | (bag)->value.shkeybag->digest, 2) | ||
| 183 | |||
| 184 | #define M_PKCS8_decrypt(p8, pass, passlen) \ | ||
| 185 | (PKCS8_PRIV_KEY_INFO *) PKCS12_decrypt_d2i ((p8)->algor, \ | ||
| 186 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free,\ | ||
| 187 | (pass), (passlen), (p8)->digest, 2) | ||
| 188 | 162 | ||
| 189 | #define PKCS12_get_attr(bag, attr_nid) \ | 163 | #define PKCS12_get_attr(bag, attr_nid) \ |
| 190 | PKCS12_get_attr_gen(bag->attrib, attr_nid) | 164 | PKCS12_get_attr_gen(bag->attrib, attr_nid) |
| @@ -195,8 +169,17 @@ ASN1_seq_unpack((p12)->authsafes->d.data->data, \ | |||
| 195 | #define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) | 169 | #define PKCS12_mac_present(p12) ((p12)->mac ? 1 : 0) |
| 196 | 170 | ||
| 197 | 171 | ||
| 198 | PKCS12_SAFEBAG *PKCS12_pack_safebag(char *obj, int (*i2d)(), int nid1, int nid2); | 172 | PKCS12_SAFEBAG *PKCS12_x5092certbag(X509 *x509); |
| 173 | PKCS12_SAFEBAG *PKCS12_x509crl2certbag(X509_CRL *crl); | ||
| 174 | X509 *PKCS12_certbag2x509(PKCS12_SAFEBAG *bag); | ||
| 175 | X509_CRL *PKCS12_certbag2x509crl(PKCS12_SAFEBAG *bag); | ||
| 176 | |||
| 177 | PKCS12_SAFEBAG *PKCS12_item_pack_safebag(void *obj, const ASN1_ITEM *it, int nid1, | ||
| 178 | int nid2); | ||
| 199 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); | 179 | PKCS12_SAFEBAG *PKCS12_MAKE_KEYBAG(PKCS8_PRIV_KEY_INFO *p8); |
| 180 | PKCS8_PRIV_KEY_INFO *PKCS8_decrypt(X509_SIG *p8, const char *pass, int passlen); | ||
| 181 | PKCS8_PRIV_KEY_INFO *PKCS12_decrypt_skey(PKCS12_SAFEBAG *bag, const char *pass, | ||
| 182 | int passlen); | ||
| 200 | X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, | 183 | X509_SIG *PKCS8_encrypt(int pbe_nid, const EVP_CIPHER *cipher, |
| 201 | const char *pass, int passlen, | 184 | const char *pass, int passlen, |
| 202 | unsigned char *salt, int saltlen, int iter, | 185 | unsigned char *salt, int saltlen, int iter, |
| @@ -205,13 +188,21 @@ PKCS12_SAFEBAG *PKCS12_MAKE_SHKEYBAG(int pbe_nid, const char *pass, | |||
| 205 | int passlen, unsigned char *salt, | 188 | int passlen, unsigned char *salt, |
| 206 | int saltlen, int iter, | 189 | int saltlen, int iter, |
| 207 | PKCS8_PRIV_KEY_INFO *p8); | 190 | PKCS8_PRIV_KEY_INFO *p8); |
| 208 | PKCS7 *PKCS12_pack_p7data(STACK *sk); | 191 | PKCS7 *PKCS12_pack_p7data(STACK_OF(PKCS12_SAFEBAG) *sk); |
| 192 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7data(PKCS7 *p7); | ||
| 209 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, | 193 | PKCS7 *PKCS12_pack_p7encdata(int pbe_nid, const char *pass, int passlen, |
| 210 | unsigned char *salt, int saltlen, int iter, | 194 | unsigned char *salt, int saltlen, int iter, |
| 211 | STACK *bags); | 195 | STACK_OF(PKCS12_SAFEBAG) *bags); |
| 196 | STACK_OF(PKCS12_SAFEBAG) *PKCS12_unpack_p7encdata(PKCS7 *p7, const char *pass, int passlen); | ||
| 197 | |||
| 198 | int PKCS12_pack_authsafes(PKCS12 *p12, STACK_OF(PKCS7) *safes); | ||
| 199 | STACK_OF(PKCS7) *PKCS12_unpack_authsafes(PKCS12 *p12); | ||
| 200 | |||
| 212 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); | 201 | int PKCS12_add_localkeyid(PKCS12_SAFEBAG *bag, unsigned char *name, int namelen); |
| 213 | int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, | 202 | int PKCS12_add_friendlyname_asc(PKCS12_SAFEBAG *bag, const char *name, |
| 214 | int namelen); | 203 | int namelen); |
| 204 | int PKCS12_add_CSPName_asc(PKCS12_SAFEBAG *bag, const char *name, | ||
| 205 | int namelen); | ||
| 215 | int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, | 206 | int PKCS12_add_friendlyname_uni(PKCS12_SAFEBAG *bag, const unsigned char *name, |
| 216 | int namelen); | 207 | int namelen); |
| 217 | int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); | 208 | int PKCS8_add_keyusage(PKCS8_PRIV_KEY_INFO *p8, int usage); |
| @@ -220,64 +211,55 @@ char *PKCS12_get_friendlyname(PKCS12_SAFEBAG *bag); | |||
| 220 | unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, | 211 | unsigned char *PKCS12_pbe_crypt(X509_ALGOR *algor, const char *pass, |
| 221 | int passlen, unsigned char *in, int inlen, | 212 | int passlen, unsigned char *in, int inlen, |
| 222 | unsigned char **data, int *datalen, int en_de); | 213 | unsigned char **data, int *datalen, int en_de); |
| 223 | char *PKCS12_decrypt_d2i(X509_ALGOR *algor, char *(*d2i)(), | 214 | void * PKCS12_item_decrypt_d2i(X509_ALGOR *algor, const ASN1_ITEM *it, |
| 224 | void (*free_func)(), const char *pass, int passlen, | 215 | const char *pass, int passlen, ASN1_OCTET_STRING *oct, int zbuf); |
| 225 | ASN1_STRING *oct, int seq); | 216 | ASN1_OCTET_STRING *PKCS12_item_i2d_encrypt(X509_ALGOR *algor, const ASN1_ITEM *it, |
| 226 | ASN1_STRING *PKCS12_i2d_encrypt(X509_ALGOR *algor, int (*i2d)(), | 217 | const char *pass, int passlen, |
| 227 | const char *pass, int passlen, char *obj, | 218 | void *obj, int zbuf); |
| 228 | int seq); | ||
| 229 | PKCS12 *PKCS12_init(int mode); | 219 | PKCS12 *PKCS12_init(int mode); |
| 230 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, | 220 | int PKCS12_key_gen_asc(const char *pass, int passlen, unsigned char *salt, |
| 231 | int saltlen, int id, int iter, int n, | 221 | int saltlen, int id, int iter, int n, |
| 232 | unsigned char *out, const EVP_MD *md_type); | 222 | unsigned char *out, const EVP_MD *md_type); |
| 233 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); | 223 | int PKCS12_key_gen_uni(unsigned char *pass, int passlen, unsigned char *salt, int saltlen, int id, int iter, int n, unsigned char *out, const EVP_MD *md_type); |
| 234 | int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, | 224 | int PKCS12_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, |
| 235 | ASN1_TYPE *param, EVP_CIPHER *cipher, EVP_MD *md_type, | 225 | ASN1_TYPE *param, const EVP_CIPHER *cipher, const EVP_MD *md_type, |
| 236 | int en_de); | 226 | int en_de); |
| 237 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, | 227 | int PKCS12_gen_mac(PKCS12 *p12, const char *pass, int passlen, |
| 238 | unsigned char *mac, unsigned int *maclen); | 228 | unsigned char *mac, unsigned int *maclen); |
| 239 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); | 229 | int PKCS12_verify_mac(PKCS12 *p12, const char *pass, int passlen); |
| 240 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, | 230 | int PKCS12_set_mac(PKCS12 *p12, const char *pass, int passlen, |
| 241 | unsigned char *salt, int saltlen, int iter, | 231 | unsigned char *salt, int saltlen, int iter, |
| 242 | EVP_MD *md_type); | 232 | const EVP_MD *md_type); |
| 243 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, | 233 | int PKCS12_setup_mac(PKCS12 *p12, int iter, unsigned char *salt, |
| 244 | int saltlen, EVP_MD *md_type); | 234 | int saltlen, const EVP_MD *md_type); |
| 245 | unsigned char *asc2uni(const char *asc, unsigned char **uni, int *unilen); | 235 | unsigned char *asc2uni(const char *asc, int asclen, unsigned char **uni, int *unilen); |
| 246 | char *uni2asc(unsigned char *uni, int unilen); | 236 | char *uni2asc(unsigned char *uni, int unilen); |
| 247 | int i2d_PKCS12_BAGS(PKCS12_BAGS *a, unsigned char **pp); | 237 | |
| 248 | PKCS12_BAGS *PKCS12_BAGS_new(void); | 238 | DECLARE_ASN1_FUNCTIONS(PKCS12) |
| 249 | PKCS12_BAGS *d2i_PKCS12_BAGS(PKCS12_BAGS **a, unsigned char **pp, long length); | 239 | DECLARE_ASN1_FUNCTIONS(PKCS12_MAC_DATA) |
| 250 | void PKCS12_BAGS_free(PKCS12_BAGS *a); | 240 | DECLARE_ASN1_FUNCTIONS(PKCS12_SAFEBAG) |
| 251 | int i2d_PKCS12(PKCS12 *a, unsigned char **pp); | 241 | DECLARE_ASN1_FUNCTIONS(PKCS12_BAGS) |
| 252 | PKCS12 *d2i_PKCS12(PKCS12 **a, unsigned char **pp, long length); | 242 | |
| 253 | PKCS12 *PKCS12_new(void); | 243 | DECLARE_ASN1_ITEM(PKCS12_SAFEBAGS) |
| 254 | void PKCS12_free(PKCS12 *a); | 244 | DECLARE_ASN1_ITEM(PKCS12_AUTHSAFES) |
| 255 | int i2d_PKCS12_MAC_DATA(PKCS12_MAC_DATA *a, unsigned char **pp); | 245 | |
| 256 | PKCS12_MAC_DATA *PKCS12_MAC_DATA_new(void); | ||
| 257 | PKCS12_MAC_DATA *d2i_PKCS12_MAC_DATA(PKCS12_MAC_DATA **a, unsigned char **pp, | ||
| 258 | long length); | ||
| 259 | void PKCS12_MAC_DATA_free(PKCS12_MAC_DATA *a); | ||
| 260 | int i2d_PKCS12_SAFEBAG(PKCS12_SAFEBAG *a, unsigned char **pp); | ||
| 261 | PKCS12_SAFEBAG *PKCS12_SAFEBAG_new(void); | ||
| 262 | PKCS12_SAFEBAG *d2i_PKCS12_SAFEBAG(PKCS12_SAFEBAG **a, unsigned char **pp, | ||
| 263 | long length); | ||
| 264 | void PKCS12_SAFEBAG_free(PKCS12_SAFEBAG *a); | ||
| 265 | void ERR_load_PKCS12_strings(void); | ||
| 266 | void PKCS12_PBE_add(void); | 246 | void PKCS12_PBE_add(void); |
| 267 | int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, | 247 | int PKCS12_parse(PKCS12 *p12, const char *pass, EVP_PKEY **pkey, X509 **cert, |
| 268 | STACK **ca); | 248 | STACK_OF(X509) **ca); |
| 269 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, | 249 | PKCS12 *PKCS12_create(char *pass, char *name, EVP_PKEY *pkey, X509 *cert, |
| 270 | STACK *ca, int nid_key, int nid_cert, int iter, | 250 | STACK_OF(X509) *ca, int nid_key, int nid_cert, int iter, |
| 271 | int mac_iter, int keytype); | 251 | int mac_iter, int keytype); |
| 272 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); | 252 | int i2d_PKCS12_bio(BIO *bp, PKCS12 *p12); |
| 273 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); | 253 | int i2d_PKCS12_fp(FILE *fp, PKCS12 *p12); |
| 274 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); | 254 | PKCS12 *d2i_PKCS12_bio(BIO *bp, PKCS12 **p12); |
| 275 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | 255 | PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); |
| 256 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); | ||
| 276 | 257 | ||
| 277 | /* BEGIN ERROR CODES */ | 258 | /* BEGIN ERROR CODES */ |
| 278 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 259 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 279 | * made after this point may be overwritten when the script is next run. | 260 | * made after this point may be overwritten when the script is next run. |
| 280 | */ | 261 | */ |
| 262 | void ERR_load_PKCS12_strings(void); | ||
| 281 | 263 | ||
| 282 | /* Error codes for the PKCS12 functions. */ | 264 | /* Error codes for the PKCS12 functions. */ |
| 283 | 265 | ||
| @@ -296,6 +278,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | |||
| 296 | #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 | 278 | #define PKCS12_F_PKCS12_KEY_GEN_UNI 111 |
| 297 | #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 | 279 | #define PKCS12_F_PKCS12_MAKE_KEYBAG 112 |
| 298 | #define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 | 280 | #define PKCS12_F_PKCS12_MAKE_SHKEYBAG 113 |
| 281 | #define PKCS12_F_PKCS12_NEWPASS 128 | ||
| 299 | #define PKCS12_F_PKCS12_PACK_P7DATA 114 | 282 | #define PKCS12_F_PKCS12_PACK_P7DATA 114 |
| 300 | #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 | 283 | #define PKCS12_F_PKCS12_PACK_P7ENCDATA 115 |
| 301 | #define PKCS12_F_PKCS12_PACK_SAFEBAG 117 | 284 | #define PKCS12_F_PKCS12_PACK_SAFEBAG 117 |
| @@ -313,6 +296,7 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | |||
| 313 | #define PKCS12_R_DECODE_ERROR 101 | 296 | #define PKCS12_R_DECODE_ERROR 101 |
| 314 | #define PKCS12_R_ENCODE_ERROR 102 | 297 | #define PKCS12_R_ENCODE_ERROR 102 |
| 315 | #define PKCS12_R_ENCRYPT_ERROR 103 | 298 | #define PKCS12_R_ENCRYPT_ERROR 103 |
| 299 | #define PKCS12_R_ERROR_SETTING_ENCRYPTED_DATA_TYPE 120 | ||
| 316 | #define PKCS12_R_INVALID_NULL_ARGUMENT 104 | 300 | #define PKCS12_R_INVALID_NULL_ARGUMENT 104 |
| 317 | #define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 | 301 | #define PKCS12_R_INVALID_NULL_PKCS12_POINTER 105 |
| 318 | #define PKCS12_R_IV_GEN_ERROR 106 | 302 | #define PKCS12_R_IV_GEN_ERROR 106 |
| @@ -334,4 +318,3 @@ PKCS12 *d2i_PKCS12_fp(FILE *fp, PKCS12 **p12); | |||
| 334 | } | 318 | } |
| 335 | #endif | 319 | #endif |
| 336 | #endif | 320 | #endif |
| 337 | |||
diff --git a/src/lib/libcrypto/pkcs7/pk7_attr.c b/src/lib/libcrypto/pkcs7/pk7_attr.c index 3b9c0fe3f2..5ff5a88b5c 100644 --- a/src/lib/libcrypto/pkcs7/pk7_attr.c +++ b/src/lib/libcrypto/pkcs7/pk7_attr.c | |||
| @@ -1,9 +1,59 @@ | |||
| 1 | /* pk7_attr.c */ | 1 | /* pk7_attr.c */ |
| 2 | /* S/MIME code. | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * Copyright (C) 1997-8 Dr S N Henson (shenson@bigfoot.com) | 3 | * project 2001. |
| 4 | * All Rights Reserved. | 4 | */ |
| 5 | * Redistribution of this code without the authors permission is expressly | 5 | /* ==================================================================== |
| 6 | * prohibited. | 6 | * Copyright (c) 2001 The OpenSSL Project. All rights reserved. |
| 7 | * | ||
| 8 | * Redistribution and use in source and binary forms, with or without | ||
| 9 | * modification, are permitted provided that the following conditions | ||
| 10 | * are met: | ||
| 11 | * | ||
| 12 | * 1. Redistributions of source code must retain the above copyright | ||
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 15 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 16 | * notice, this list of conditions and the following disclaimer in | ||
| 17 | * the documentation and/or other materials provided with the | ||
| 18 | * distribution. | ||
| 19 | * | ||
| 20 | * 3. All advertising materials mentioning features or use of this | ||
| 21 | * software must display the following acknowledgment: | ||
| 22 | * "This product includes software developed by the OpenSSL Project | ||
| 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 24 | * | ||
| 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 26 | * endorse or promote products derived from this software without | ||
| 27 | * prior written permission. For written permission, please contact | ||
| 28 | * licensing@OpenSSL.org. | ||
| 29 | * | ||
| 30 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 31 | * nor may "OpenSSL" appear in their names without prior written | ||
| 32 | * permission of the OpenSSL Project. | ||
| 33 | * | ||
| 34 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 35 | * acknowledgment: | ||
| 36 | * "This product includes software developed by the OpenSSL Project | ||
| 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 38 | * | ||
| 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 7 | */ | 57 | */ |
| 8 | 58 | ||
| 9 | #include <stdio.h> | 59 | #include <stdio.h> |
| @@ -12,22 +62,24 @@ | |||
| 12 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 13 | #include <openssl/pem.h> | 63 | #include <openssl/pem.h> |
| 14 | #include <openssl/pkcs7.h> | 64 | #include <openssl/pkcs7.h> |
| 65 | #include <openssl/x509.h> | ||
| 15 | #include <openssl/err.h> | 66 | #include <openssl/err.h> |
| 16 | 67 | ||
| 17 | int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap) | 68 | int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK_OF(X509_ALGOR) *cap) |
| 18 | { | 69 | { |
| 19 | ASN1_STRING *seq; | 70 | ASN1_STRING *seq; |
| 20 | unsigned char *p, *pp; | 71 | unsigned char *p, *pp; |
| 21 | int len; | 72 | int len; |
| 22 | len=i2d_ASN1_SET(cap,NULL,i2d_X509_ALGOR, V_ASN1_SEQUENCE, | 73 | len=i2d_ASN1_SET_OF_X509_ALGOR(cap,NULL,i2d_X509_ALGOR, |
| 23 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | 74 | V_ASN1_SEQUENCE,V_ASN1_UNIVERSAL, |
| 24 | if(!(pp=(unsigned char *)Malloc(len))) { | 75 | IS_SEQUENCE); |
| 76 | if(!(pp=(unsigned char *)OPENSSL_malloc(len))) { | ||
| 25 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); | 77 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); |
| 26 | return 0; | 78 | return 0; |
| 27 | } | 79 | } |
| 28 | p=pp; | 80 | p=pp; |
| 29 | i2d_ASN1_SET(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, | 81 | i2d_ASN1_SET_OF_X509_ALGOR(cap,&p,i2d_X509_ALGOR, V_ASN1_SEQUENCE, |
| 30 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | 82 | V_ASN1_UNIVERSAL, IS_SEQUENCE); |
| 31 | if(!(seq = ASN1_STRING_new())) { | 83 | if(!(seq = ASN1_STRING_new())) { |
| 32 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); | 84 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); |
| 33 | return 0; | 85 | return 0; |
| @@ -36,27 +88,29 @@ int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, STACK *cap) | |||
| 36 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); | 88 | PKCS7err(PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,ERR_R_MALLOC_FAILURE); |
| 37 | return 0; | 89 | return 0; |
| 38 | } | 90 | } |
| 39 | Free (pp); | 91 | OPENSSL_free (pp); |
| 40 | return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, | 92 | return PKCS7_add_signed_attribute(si, NID_SMIMECapabilities, |
| 41 | V_ASN1_SEQUENCE, seq); | 93 | V_ASN1_SEQUENCE, seq); |
| 42 | } | 94 | } |
| 43 | 95 | ||
| 44 | STACK *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) | 96 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si) |
| 45 | { | 97 | { |
| 46 | ASN1_TYPE *cap; | 98 | ASN1_TYPE *cap; |
| 47 | unsigned char *p; | 99 | unsigned char *p; |
| 48 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); | 100 | cap = PKCS7_get_signed_attribute(si, NID_SMIMECapabilities); |
| 49 | if (!cap) return NULL; | 101 | if (!cap) return NULL; |
| 50 | p = cap->value.sequence->data; | 102 | p = cap->value.sequence->data; |
| 51 | return d2i_ASN1_SET (NULL, &p, cap->value.sequence->length, | 103 | return d2i_ASN1_SET_OF_X509_ALGOR(NULL, &p, |
| 52 | (char *(*)())d2i_X509_ALGOR, X509_ALGOR_free, V_ASN1_SEQUENCE, | 104 | cap->value.sequence->length, |
| 53 | V_ASN1_UNIVERSAL); | 105 | d2i_X509_ALGOR, X509_ALGOR_free, |
| 106 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 54 | } | 107 | } |
| 55 | 108 | ||
| 56 | /* Basic smime-capabilities OID and optional integer arg */ | 109 | /* Basic smime-capabilities OID and optional integer arg */ |
| 57 | int PKCS7_simple_smimecap(STACK *sk, int nid, int arg) | 110 | int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg) |
| 58 | { | 111 | { |
| 59 | X509_ALGOR *alg; | 112 | X509_ALGOR *alg; |
| 113 | |||
| 60 | if(!(alg = X509_ALGOR_new())) { | 114 | if(!(alg = X509_ALGOR_new())) { |
| 61 | PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); | 115 | PKCS7err(PKCS7_F_PKCS7_SIMPLE_SMIMECAP,ERR_R_MALLOC_FAILURE); |
| 62 | return 0; | 116 | return 0; |
| @@ -80,6 +134,6 @@ int PKCS7_simple_smimecap(STACK *sk, int nid, int arg) | |||
| 80 | alg->parameter->value.integer = nbit; | 134 | alg->parameter->value.integer = nbit; |
| 81 | alg->parameter->type = V_ASN1_INTEGER; | 135 | alg->parameter->type = V_ASN1_INTEGER; |
| 82 | } | 136 | } |
| 83 | sk_push (sk, (char *)alg); | 137 | sk_X509_ALGOR_push (sk, alg); |
| 84 | return 1; | 138 | return 1; |
| 85 | } | 139 | } |
diff --git a/src/lib/libcrypto/pkcs7/pk7_doit.c b/src/lib/libcrypto/pkcs7/pk7_doit.c index b5689b3fe4..4a4ff340ce 100644 --- a/src/lib/libcrypto/pkcs7/pk7_doit.c +++ b/src/lib/libcrypto/pkcs7/pk7_doit.c | |||
| @@ -58,20 +58,56 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | #include <openssl/x509v3.h> | ||
| 64 | 65 | ||
| 65 | BIO *PKCS7_dataInit(p7,bio) | 66 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, |
| 66 | PKCS7 *p7; | 67 | void *value); |
| 67 | BIO *bio; | 68 | static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid); |
| 69 | |||
| 70 | static int PKCS7_type_is_other(PKCS7* p7) | ||
| 71 | { | ||
| 72 | int isOther=1; | ||
| 73 | |||
| 74 | int nid=OBJ_obj2nid(p7->type); | ||
| 75 | |||
| 76 | switch( nid ) | ||
| 77 | { | ||
| 78 | case NID_pkcs7_data: | ||
| 79 | case NID_pkcs7_signed: | ||
| 80 | case NID_pkcs7_enveloped: | ||
| 81 | case NID_pkcs7_signedAndEnveloped: | ||
| 82 | case NID_pkcs7_digest: | ||
| 83 | case NID_pkcs7_encrypted: | ||
| 84 | isOther=0; | ||
| 85 | break; | ||
| 86 | default: | ||
| 87 | isOther=1; | ||
| 88 | } | ||
| 89 | |||
| 90 | return isOther; | ||
| 91 | |||
| 92 | } | ||
| 93 | |||
| 94 | static int PKCS7_type_is_octet_string(PKCS7* p7) | ||
| 95 | { | ||
| 96 | if ( 0==PKCS7_type_is_other(p7) ) | ||
| 97 | return 0; | ||
| 98 | |||
| 99 | return (V_ASN1_OCTET_STRING==p7->d.other->type) ? 1 : 0; | ||
| 100 | } | ||
| 101 | |||
| 102 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio) | ||
| 68 | { | 103 | { |
| 69 | int i,j; | 104 | int i,j; |
| 70 | BIO *out=NULL,*btmp; | 105 | BIO *out=NULL,*btmp=NULL; |
| 71 | X509_ALGOR *xa; | 106 | X509_ALGOR *xa; |
| 72 | EVP_MD *evp_md; | 107 | const EVP_MD *evp_md; |
| 73 | EVP_CIPHER *evp_cipher=NULL; | 108 | const EVP_CIPHER *evp_cipher=NULL; |
| 74 | STACK *md_sk=NULL,*rsk=NULL; | 109 | STACK_OF(X509_ALGOR) *md_sk=NULL; |
| 110 | STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; | ||
| 75 | X509_ALGOR *xalg=NULL; | 111 | X509_ALGOR *xalg=NULL; |
| 76 | PKCS7_RECIP_INFO *ri=NULL; | 112 | PKCS7_RECIP_INFO *ri=NULL; |
| 77 | EVP_PKEY *pkey; | 113 | EVP_PKEY *pkey; |
| @@ -87,13 +123,25 @@ BIO *bio; | |||
| 87 | case NID_pkcs7_signedAndEnveloped: | 123 | case NID_pkcs7_signedAndEnveloped: |
| 88 | rsk=p7->d.signed_and_enveloped->recipientinfo; | 124 | rsk=p7->d.signed_and_enveloped->recipientinfo; |
| 89 | md_sk=p7->d.signed_and_enveloped->md_algs; | 125 | md_sk=p7->d.signed_and_enveloped->md_algs; |
| 90 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(p7->d.signed_and_enveloped->enc_data->algorithm->algorithm))); | 126 | xalg=p7->d.signed_and_enveloped->enc_data->algorithm; |
| 127 | evp_cipher=p7->d.signed_and_enveloped->enc_data->cipher; | ||
| 91 | if (evp_cipher == NULL) | 128 | if (evp_cipher == NULL) |
| 92 | { | 129 | { |
| 93 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); | 130 | PKCS7err(PKCS7_F_PKCS7_DATAINIT, |
| 131 | PKCS7_R_CIPHER_NOT_INITIALIZED); | ||
| 132 | goto err; | ||
| 133 | } | ||
| 134 | break; | ||
| 135 | case NID_pkcs7_enveloped: | ||
| 136 | rsk=p7->d.enveloped->recipientinfo; | ||
| 137 | xalg=p7->d.enveloped->enc_data->algorithm; | ||
| 138 | evp_cipher=p7->d.enveloped->enc_data->cipher; | ||
| 139 | if (evp_cipher == NULL) | ||
| 140 | { | ||
| 141 | PKCS7err(PKCS7_F_PKCS7_DATAINIT, | ||
| 142 | PKCS7_R_CIPHER_NOT_INITIALIZED); | ||
| 94 | goto err; | 143 | goto err; |
| 95 | } | 144 | } |
| 96 | xalg=p7->d.signed_and_enveloped->enc_data->algorithm; | ||
| 97 | break; | 145 | break; |
| 98 | default: | 146 | default: |
| 99 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | 147 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
| @@ -102,10 +150,14 @@ BIO *bio; | |||
| 102 | 150 | ||
| 103 | if (md_sk != NULL) | 151 | if (md_sk != NULL) |
| 104 | { | 152 | { |
| 105 | for (i=0; i<sk_num(md_sk); i++) | 153 | for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) |
| 106 | { | 154 | { |
| 107 | xa=(X509_ALGOR *)sk_value(md_sk,i); | 155 | xa=sk_X509_ALGOR_value(md_sk,i); |
| 108 | if ((btmp=BIO_new(BIO_f_md())) == NULL) goto err; | 156 | if ((btmp=BIO_new(BIO_f_md())) == NULL) |
| 157 | { | ||
| 158 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); | ||
| 159 | goto err; | ||
| 160 | } | ||
| 109 | 161 | ||
| 110 | j=OBJ_obj2nid(xa->algorithm); | 162 | j=OBJ_obj2nid(xa->algorithm); |
| 111 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); | 163 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); |
| @@ -120,6 +172,7 @@ BIO *bio; | |||
| 120 | out=btmp; | 172 | out=btmp; |
| 121 | else | 173 | else |
| 122 | BIO_push(out,btmp); | 174 | BIO_push(out,btmp); |
| 175 | btmp=NULL; | ||
| 123 | } | 176 | } |
| 124 | } | 177 | } |
| 125 | 178 | ||
| @@ -130,79 +183,323 @@ BIO *bio; | |||
| 130 | int keylen,ivlen; | 183 | int keylen,ivlen; |
| 131 | int jj,max; | 184 | int jj,max; |
| 132 | unsigned char *tmp; | 185 | unsigned char *tmp; |
| 186 | EVP_CIPHER_CTX *ctx; | ||
| 133 | 187 | ||
| 134 | if ((btmp=BIO_new(BIO_f_cipher())) == NULL) goto err; | 188 | if ((btmp=BIO_new(BIO_f_cipher())) == NULL) |
| 189 | { | ||
| 190 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_BIO_LIB); | ||
| 191 | goto err; | ||
| 192 | } | ||
| 193 | BIO_get_cipher_ctx(btmp, &ctx); | ||
| 135 | keylen=EVP_CIPHER_key_length(evp_cipher); | 194 | keylen=EVP_CIPHER_key_length(evp_cipher); |
| 136 | ivlen=EVP_CIPHER_iv_length(evp_cipher); | 195 | ivlen=EVP_CIPHER_iv_length(evp_cipher); |
| 137 | 196 | if (RAND_bytes(key,keylen) <= 0) | |
| 138 | if (ivlen > 0) | 197 | goto err; |
| 139 | { | 198 | xalg->algorithm = OBJ_nid2obj(EVP_CIPHER_type(evp_cipher)); |
| 140 | ASN1_OCTET_STRING *os; | 199 | if (ivlen > 0) RAND_pseudo_bytes(iv,ivlen); |
| 141 | 200 | EVP_CipherInit_ex(ctx, evp_cipher, NULL, key, iv, 1); | |
| 142 | RAND_bytes(iv,ivlen); | 201 | |
| 143 | os=ASN1_OCTET_STRING_new(); | 202 | if (ivlen > 0) { |
| 144 | ASN1_OCTET_STRING_set(os,iv,ivlen); | 203 | if (xalg->parameter == NULL) |
| 145 | /* ASN1_TYPE_set(xalg->parameter,V_ASN1_OCTET_STRING, | 204 | xalg->parameter=ASN1_TYPE_new(); |
| 146 | (char *)os); | 205 | if(EVP_CIPHER_param_to_asn1(ctx, xalg->parameter) < 0) |
| 147 | */ } | 206 | goto err; |
| 148 | RAND_bytes(key,keylen); | 207 | } |
| 149 | 208 | ||
| 150 | /* Lets do the pub key stuff :-) */ | 209 | /* Lets do the pub key stuff :-) */ |
| 151 | max=0; | 210 | max=0; |
| 152 | for (i=0; i<sk_num(rsk); i++) | 211 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) |
| 153 | { | 212 | { |
| 154 | ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); | 213 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); |
| 155 | if (ri->cert == NULL) abort(); | 214 | if (ri->cert == NULL) |
| 215 | { | ||
| 216 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,PKCS7_R_MISSING_CERIPEND_INFO); | ||
| 217 | goto err; | ||
| 218 | } | ||
| 156 | pkey=X509_get_pubkey(ri->cert); | 219 | pkey=X509_get_pubkey(ri->cert); |
| 157 | jj=EVP_PKEY_size(pkey); | 220 | jj=EVP_PKEY_size(pkey); |
| 221 | EVP_PKEY_free(pkey); | ||
| 158 | if (max < jj) max=jj; | 222 | if (max < jj) max=jj; |
| 159 | } | 223 | } |
| 160 | if ((tmp=(unsigned char *)Malloc(max)) == NULL) abort(); | 224 | if ((tmp=(unsigned char *)OPENSSL_malloc(max)) == NULL) |
| 161 | for (i=0; i<sk_num(rsk); i++) | ||
| 162 | { | 225 | { |
| 163 | ri=(PKCS7_RECIP_INFO *)sk_value(rsk,i); | 226 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_MALLOC_FAILURE); |
| 227 | goto err; | ||
| 228 | } | ||
| 229 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) | ||
| 230 | { | ||
| 231 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); | ||
| 164 | pkey=X509_get_pubkey(ri->cert); | 232 | pkey=X509_get_pubkey(ri->cert); |
| 165 | jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); | 233 | jj=EVP_PKEY_encrypt(tmp,key,keylen,pkey); |
| 166 | if (jj <= 0) abort(); | 234 | EVP_PKEY_free(pkey); |
| 167 | ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); | 235 | if (jj <= 0) |
| 236 | { | ||
| 237 | PKCS7err(PKCS7_F_PKCS7_DATAINIT,ERR_R_EVP_LIB); | ||
| 238 | OPENSSL_free(tmp); | ||
| 239 | goto err; | ||
| 240 | } | ||
| 241 | M_ASN1_OCTET_STRING_set(ri->enc_key,tmp,jj); | ||
| 168 | } | 242 | } |
| 169 | 243 | OPENSSL_free(tmp); | |
| 170 | BIO_set_cipher(btmp,evp_cipher,key,iv,1); | 244 | memset(key, 0, keylen); |
| 171 | 245 | ||
| 172 | if (out == NULL) | 246 | if (out == NULL) |
| 173 | out=btmp; | 247 | out=btmp; |
| 174 | else | 248 | else |
| 175 | BIO_push(out,btmp); | 249 | BIO_push(out,btmp); |
| 250 | btmp=NULL; | ||
| 176 | } | 251 | } |
| 177 | 252 | ||
| 178 | if (bio == NULL) /* ??????????? */ | 253 | if (bio == NULL) { |
| 179 | { | 254 | if (PKCS7_is_detached(p7)) |
| 180 | if (p7->detached) | ||
| 181 | bio=BIO_new(BIO_s_null()); | 255 | bio=BIO_new(BIO_s_null()); |
| 182 | else | 256 | else { |
| 257 | if (PKCS7_type_is_signed(p7) ) { | ||
| 258 | if ( PKCS7_type_is_data(p7->d.sign->contents)) { | ||
| 259 | ASN1_OCTET_STRING *os; | ||
| 260 | os=p7->d.sign->contents->d.data; | ||
| 261 | if (os->length > 0) | ||
| 262 | bio = BIO_new_mem_buf(os->data, os->length); | ||
| 263 | } | ||
| 264 | else if ( PKCS7_type_is_octet_string(p7->d.sign->contents) ) { | ||
| 265 | ASN1_OCTET_STRING *os; | ||
| 266 | os=p7->d.sign->contents->d.other->value.octet_string; | ||
| 267 | if (os->length > 0) | ||
| 268 | bio = BIO_new_mem_buf(os->data, os->length); | ||
| 269 | } | ||
| 270 | } | ||
| 271 | if(bio == NULL) { | ||
| 272 | bio=BIO_new(BIO_s_mem()); | ||
| 273 | BIO_set_mem_eof_return(bio,0); | ||
| 274 | } | ||
| 275 | } | ||
| 276 | } | ||
| 277 | BIO_push(out,bio); | ||
| 278 | bio=NULL; | ||
| 279 | if (0) | ||
| 280 | { | ||
| 281 | err: | ||
| 282 | if (out != NULL) | ||
| 283 | BIO_free_all(out); | ||
| 284 | if (btmp != NULL) | ||
| 285 | BIO_free_all(btmp); | ||
| 286 | out=NULL; | ||
| 287 | } | ||
| 288 | return(out); | ||
| 289 | } | ||
| 290 | |||
| 291 | /* int */ | ||
| 292 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert) | ||
| 293 | { | ||
| 294 | int i,j; | ||
| 295 | BIO *out=NULL,*btmp=NULL,*etmp=NULL,*bio=NULL; | ||
| 296 | unsigned char *tmp=NULL; | ||
| 297 | X509_ALGOR *xa; | ||
| 298 | ASN1_OCTET_STRING *data_body=NULL; | ||
| 299 | const EVP_MD *evp_md; | ||
| 300 | const EVP_CIPHER *evp_cipher=NULL; | ||
| 301 | EVP_CIPHER_CTX *evp_ctx=NULL; | ||
| 302 | X509_ALGOR *enc_alg=NULL; | ||
| 303 | STACK_OF(X509_ALGOR) *md_sk=NULL; | ||
| 304 | STACK_OF(PKCS7_RECIP_INFO) *rsk=NULL; | ||
| 305 | X509_ALGOR *xalg=NULL; | ||
| 306 | PKCS7_RECIP_INFO *ri=NULL; | ||
| 307 | |||
| 308 | i=OBJ_obj2nid(p7->type); | ||
| 309 | p7->state=PKCS7_S_HEADER; | ||
| 310 | |||
| 311 | switch (i) | ||
| 312 | { | ||
| 313 | case NID_pkcs7_signed: | ||
| 314 | data_body=p7->d.sign->contents->d.data; | ||
| 315 | md_sk=p7->d.sign->md_algs; | ||
| 316 | break; | ||
| 317 | case NID_pkcs7_signedAndEnveloped: | ||
| 318 | rsk=p7->d.signed_and_enveloped->recipientinfo; | ||
| 319 | md_sk=p7->d.signed_and_enveloped->md_algs; | ||
| 320 | data_body=p7->d.signed_and_enveloped->enc_data->enc_data; | ||
| 321 | enc_alg=p7->d.signed_and_enveloped->enc_data->algorithm; | ||
| 322 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); | ||
| 323 | if (evp_cipher == NULL) | ||
| 183 | { | 324 | { |
| 184 | bio=BIO_new(BIO_s_mem()); | 325 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); |
| 185 | if (PKCS7_type_is_signed(p7) && | 326 | goto err; |
| 186 | PKCS7_type_is_data(p7->d.sign->contents)) | 327 | } |
| 328 | xalg=p7->d.signed_and_enveloped->enc_data->algorithm; | ||
| 329 | break; | ||
| 330 | case NID_pkcs7_enveloped: | ||
| 331 | rsk=p7->d.enveloped->recipientinfo; | ||
| 332 | enc_alg=p7->d.enveloped->enc_data->algorithm; | ||
| 333 | data_body=p7->d.enveloped->enc_data->enc_data; | ||
| 334 | evp_cipher=EVP_get_cipherbyname(OBJ_nid2sn(OBJ_obj2nid(enc_alg->algorithm))); | ||
| 335 | if (evp_cipher == NULL) | ||
| 336 | { | ||
| 337 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CIPHER_TYPE); | ||
| 338 | goto err; | ||
| 339 | } | ||
| 340 | xalg=p7->d.enveloped->enc_data->algorithm; | ||
| 341 | break; | ||
| 342 | default: | ||
| 343 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | ||
| 344 | goto err; | ||
| 345 | } | ||
| 346 | |||
| 347 | /* We will be checking the signature */ | ||
| 348 | if (md_sk != NULL) | ||
| 349 | { | ||
| 350 | for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) | ||
| 351 | { | ||
| 352 | xa=sk_X509_ALGOR_value(md_sk,i); | ||
| 353 | if ((btmp=BIO_new(BIO_f_md())) == NULL) | ||
| 187 | { | 354 | { |
| 188 | ASN1_OCTET_STRING *os; | 355 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); |
| 356 | goto err; | ||
| 357 | } | ||
| 189 | 358 | ||
| 190 | os=p7->d.sign->contents->d.data; | 359 | j=OBJ_obj2nid(xa->algorithm); |
| 191 | if (os->length > 0) | 360 | evp_md=EVP_get_digestbyname(OBJ_nid2sn(j)); |
| 192 | BIO_write(bio,(char *)os->data, | 361 | if (evp_md == NULL) |
| 193 | os->length); | 362 | { |
| 363 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,PKCS7_R_UNKNOWN_DIGEST_TYPE); | ||
| 364 | goto err; | ||
| 194 | } | 365 | } |
| 366 | |||
| 367 | BIO_set_md(btmp,evp_md); | ||
| 368 | if (out == NULL) | ||
| 369 | out=btmp; | ||
| 370 | else | ||
| 371 | BIO_push(out,btmp); | ||
| 372 | btmp=NULL; | ||
| 195 | } | 373 | } |
| 196 | } | 374 | } |
| 375 | |||
| 376 | if (evp_cipher != NULL) | ||
| 377 | { | ||
| 378 | #if 0 | ||
| 379 | unsigned char key[EVP_MAX_KEY_LENGTH]; | ||
| 380 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 381 | unsigned char *p; | ||
| 382 | int keylen,ivlen; | ||
| 383 | int max; | ||
| 384 | X509_OBJECT ret; | ||
| 385 | #endif | ||
| 386 | int jj; | ||
| 387 | |||
| 388 | if ((etmp=BIO_new(BIO_f_cipher())) == NULL) | ||
| 389 | { | ||
| 390 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_BIO_LIB); | ||
| 391 | goto err; | ||
| 392 | } | ||
| 393 | |||
| 394 | /* It was encrypted, we need to decrypt the secret key | ||
| 395 | * with the private key */ | ||
| 396 | |||
| 397 | /* Find the recipientInfo which matches the passed certificate | ||
| 398 | * (if any) | ||
| 399 | */ | ||
| 400 | |||
| 401 | for (i=0; i<sk_PKCS7_RECIP_INFO_num(rsk); i++) { | ||
| 402 | ri=sk_PKCS7_RECIP_INFO_value(rsk,i); | ||
| 403 | if(!X509_NAME_cmp(ri->issuer_and_serial->issuer, | ||
| 404 | pcert->cert_info->issuer) && | ||
| 405 | !M_ASN1_INTEGER_cmp(pcert->cert_info->serialNumber, | ||
| 406 | ri->issuer_and_serial->serial)) break; | ||
| 407 | ri=NULL; | ||
| 408 | } | ||
| 409 | if (ri == NULL) { | ||
| 410 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, | ||
| 411 | PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE); | ||
| 412 | goto err; | ||
| 413 | } | ||
| 414 | |||
| 415 | jj=EVP_PKEY_size(pkey); | ||
| 416 | tmp=(unsigned char *)OPENSSL_malloc(jj+10); | ||
| 417 | if (tmp == NULL) | ||
| 418 | { | ||
| 419 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_MALLOC_FAILURE); | ||
| 420 | goto err; | ||
| 421 | } | ||
| 422 | |||
| 423 | jj=EVP_PKEY_decrypt(tmp, M_ASN1_STRING_data(ri->enc_key), | ||
| 424 | M_ASN1_STRING_length(ri->enc_key), pkey); | ||
| 425 | if (jj <= 0) | ||
| 426 | { | ||
| 427 | PKCS7err(PKCS7_F_PKCS7_DATADECODE,ERR_R_EVP_LIB); | ||
| 428 | goto err; | ||
| 429 | } | ||
| 430 | |||
| 431 | evp_ctx=NULL; | ||
| 432 | BIO_get_cipher_ctx(etmp,&evp_ctx); | ||
| 433 | EVP_CipherInit_ex(evp_ctx,evp_cipher,NULL,NULL,NULL,0); | ||
| 434 | if (EVP_CIPHER_asn1_to_param(evp_ctx,enc_alg->parameter) < 0) | ||
| 435 | goto err; | ||
| 436 | |||
| 437 | if (jj != EVP_CIPHER_CTX_key_length(evp_ctx)) { | ||
| 438 | /* Some S/MIME clients don't use the same key | ||
| 439 | * and effective key length. The key length is | ||
| 440 | * determined by the size of the decrypted RSA key. | ||
| 441 | */ | ||
| 442 | if(!EVP_CIPHER_CTX_set_key_length(evp_ctx, jj)) | ||
| 443 | { | ||
| 444 | PKCS7err(PKCS7_F_PKCS7_DATADECODE, | ||
| 445 | PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH); | ||
| 446 | goto err; | ||
| 447 | } | ||
| 448 | } | ||
| 449 | EVP_CipherInit_ex(evp_ctx,NULL,NULL,tmp,NULL,0); | ||
| 450 | |||
| 451 | memset(tmp,0,jj); | ||
| 452 | |||
| 453 | if (out == NULL) | ||
| 454 | out=etmp; | ||
| 455 | else | ||
| 456 | BIO_push(out,etmp); | ||
| 457 | etmp=NULL; | ||
| 458 | } | ||
| 459 | |||
| 460 | #if 1 | ||
| 461 | if (PKCS7_is_detached(p7) || (in_bio != NULL)) | ||
| 462 | { | ||
| 463 | bio=in_bio; | ||
| 464 | } | ||
| 465 | else | ||
| 466 | { | ||
| 467 | #if 0 | ||
| 468 | bio=BIO_new(BIO_s_mem()); | ||
| 469 | /* We need to set this so that when we have read all | ||
| 470 | * the data, the encrypt BIO, if present, will read | ||
| 471 | * EOF and encode the last few bytes */ | ||
| 472 | BIO_set_mem_eof_return(bio,0); | ||
| 473 | |||
| 474 | if (data_body->length > 0) | ||
| 475 | BIO_write(bio,(char *)data_body->data,data_body->length); | ||
| 476 | #else | ||
| 477 | if (data_body->length > 0) | ||
| 478 | bio = BIO_new_mem_buf(data_body->data,data_body->length); | ||
| 479 | else { | ||
| 480 | bio=BIO_new(BIO_s_mem()); | ||
| 481 | BIO_set_mem_eof_return(bio,0); | ||
| 482 | } | ||
| 483 | #endif | ||
| 484 | } | ||
| 197 | BIO_push(out,bio); | 485 | BIO_push(out,bio); |
| 198 | return(out); | 486 | bio=NULL; |
| 487 | #endif | ||
| 488 | if (0) | ||
| 489 | { | ||
| 199 | err: | 490 | err: |
| 200 | return(NULL); | 491 | if (out != NULL) BIO_free_all(out); |
| 492 | if (btmp != NULL) BIO_free_all(btmp); | ||
| 493 | if (etmp != NULL) BIO_free_all(etmp); | ||
| 494 | if (bio != NULL) BIO_free_all(bio); | ||
| 495 | out=NULL; | ||
| 496 | } | ||
| 497 | if (tmp != NULL) | ||
| 498 | OPENSSL_free(tmp); | ||
| 499 | return(out); | ||
| 201 | } | 500 | } |
| 202 | 501 | ||
| 203 | int PKCS7_dataSign(p7,bio) | 502 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio) |
| 204 | PKCS7 *p7; | ||
| 205 | BIO *bio; | ||
| 206 | { | 503 | { |
| 207 | int ret=0; | 504 | int ret=0; |
| 208 | int i,j; | 505 | int i,j; |
| @@ -211,11 +508,11 @@ BIO *bio; | |||
| 211 | BUF_MEM *buf=NULL; | 508 | BUF_MEM *buf=NULL; |
| 212 | PKCS7_SIGNER_INFO *si; | 509 | PKCS7_SIGNER_INFO *si; |
| 213 | EVP_MD_CTX *mdc,ctx_tmp; | 510 | EVP_MD_CTX *mdc,ctx_tmp; |
| 214 | STACK *sk,*si_sk=NULL; | 511 | STACK_OF(X509_ATTRIBUTE) *sk; |
| 215 | unsigned char *p,*pp=NULL; | 512 | STACK_OF(PKCS7_SIGNER_INFO) *si_sk=NULL; |
| 216 | int x; | ||
| 217 | ASN1_OCTET_STRING *os=NULL; | 513 | ASN1_OCTET_STRING *os=NULL; |
| 218 | 514 | ||
| 515 | EVP_MD_CTX_init(&ctx_tmp); | ||
| 219 | i=OBJ_obj2nid(p7->type); | 516 | i=OBJ_obj2nid(p7->type); |
| 220 | p7->state=PKCS7_S_HEADER; | 517 | p7->state=PKCS7_S_HEADER; |
| 221 | 518 | ||
| @@ -224,25 +521,38 @@ BIO *bio; | |||
| 224 | case NID_pkcs7_signedAndEnveloped: | 521 | case NID_pkcs7_signedAndEnveloped: |
| 225 | /* XXXXXXXXXXXXXXXX */ | 522 | /* XXXXXXXXXXXXXXXX */ |
| 226 | si_sk=p7->d.signed_and_enveloped->signer_info; | 523 | si_sk=p7->d.signed_and_enveloped->signer_info; |
| 227 | os=ASN1_OCTET_STRING_new(); | 524 | os=M_ASN1_OCTET_STRING_new(); |
| 228 | p7->d.signed_and_enveloped->enc_data->enc_data=os; | 525 | p7->d.signed_and_enveloped->enc_data->enc_data=os; |
| 229 | break; | 526 | break; |
| 527 | case NID_pkcs7_enveloped: | ||
| 528 | /* XXXXXXXXXXXXXXXX */ | ||
| 529 | os=M_ASN1_OCTET_STRING_new(); | ||
| 530 | p7->d.enveloped->enc_data->enc_data=os; | ||
| 531 | break; | ||
| 230 | case NID_pkcs7_signed: | 532 | case NID_pkcs7_signed: |
| 231 | si_sk=p7->d.sign->signer_info; | 533 | si_sk=p7->d.sign->signer_info; |
| 232 | os=p7->d.sign->contents->d.data; | 534 | os=p7->d.sign->contents->d.data; |
| 535 | /* If detached data then the content is excluded */ | ||
| 536 | if(p7->detached) { | ||
| 537 | M_ASN1_OCTET_STRING_free(os); | ||
| 538 | p7->d.sign->contents->d.data = NULL; | ||
| 539 | } | ||
| 233 | break; | 540 | break; |
| 234 | } | 541 | } |
| 235 | 542 | ||
| 236 | if (si_sk != NULL) | 543 | if (si_sk != NULL) |
| 237 | { | 544 | { |
| 238 | if ((buf=BUF_MEM_new()) == NULL) goto err; | 545 | if ((buf=BUF_MEM_new()) == NULL) |
| 239 | for (i=0; i<sk_num(si_sk); i++) | ||
| 240 | { | 546 | { |
| 241 | si=(PKCS7_SIGNER_INFO *) | 547 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); |
| 242 | sk_value(si_sk,i); | 548 | goto err; |
| 243 | if (si->pkey == NULL) | 549 | } |
| 244 | continue; | 550 | for (i=0; i<sk_PKCS7_SIGNER_INFO_num(si_sk); i++) |
| 245 | j=OBJ_obj2nid(si->digest_enc_alg->algorithm); | 551 | { |
| 552 | si=sk_PKCS7_SIGNER_INFO_value(si_sk,i); | ||
| 553 | if (si->pkey == NULL) continue; | ||
| 554 | |||
| 555 | j=OBJ_obj2nid(si->digest_alg->algorithm); | ||
| 246 | 556 | ||
| 247 | btmp=bio; | 557 | btmp=bio; |
| 248 | for (;;) | 558 | for (;;) |
| @@ -256,88 +566,137 @@ BIO *bio; | |||
| 256 | BIO_get_md_ctx(btmp,&mdc); | 566 | BIO_get_md_ctx(btmp,&mdc); |
| 257 | if (mdc == NULL) | 567 | if (mdc == NULL) |
| 258 | { | 568 | { |
| 259 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_INTERNAL_ERROR); | 569 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_INTERNAL_ERROR); |
| 260 | goto err; | 570 | goto err; |
| 261 | } | 571 | } |
| 262 | if (EVP_MD_pkey_type(EVP_MD_CTX_type(mdc)) == j) | 572 | if (EVP_MD_CTX_type(mdc) == j) |
| 263 | break; | 573 | break; |
| 264 | else | 574 | else |
| 265 | btmp=btmp->next_bio; | 575 | btmp=BIO_next(btmp); |
| 266 | } | 576 | } |
| 267 | 577 | ||
| 268 | /* We now have the EVP_MD_CTX, lets do the | 578 | /* We now have the EVP_MD_CTX, lets do the |
| 269 | * signing. */ | 579 | * signing. */ |
| 270 | memcpy(&ctx_tmp,mdc,sizeof(ctx_tmp)); | 580 | EVP_MD_CTX_copy_ex(&ctx_tmp,mdc); |
| 271 | if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) | 581 | if (!BUF_MEM_grow(buf,EVP_PKEY_size(si->pkey))) |
| 582 | { | ||
| 583 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_BIO_LIB); | ||
| 272 | goto err; | 584 | goto err; |
| 585 | } | ||
| 273 | 586 | ||
| 274 | sk=si->auth_attr; | 587 | sk=si->auth_attr; |
| 275 | if ((sk != NULL) && (sk_num(sk) != 0)) | 588 | |
| 589 | /* If there are attributes, we add the digest | ||
| 590 | * attribute and only sign the attributes */ | ||
| 591 | if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) | ||
| 276 | { | 592 | { |
| 277 | x=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, | 593 | unsigned char md_data[EVP_MAX_MD_SIZE], *abuf=NULL; |
| 278 | V_ASN1_SET,V_ASN1_UNIVERSAL); | 594 | unsigned int md_len, alen; |
| 279 | pp=(unsigned char *)Malloc(i); | 595 | ASN1_OCTET_STRING *digest; |
| 280 | p=pp; | 596 | ASN1_UTCTIME *sign_time; |
| 281 | i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, | 597 | const EVP_MD *md_tmp; |
| 282 | V_ASN1_SET,V_ASN1_UNIVERSAL); | 598 | |
| 283 | EVP_SignUpdate(&ctx_tmp,pp,x); | 599 | /* Add signing time if not already present */ |
| 284 | Free(pp); | 600 | if (!PKCS7_get_signed_attribute(si, |
| 601 | NID_pkcs9_signingTime)) | ||
| 602 | { | ||
| 603 | sign_time=X509_gmtime_adj(NULL,0); | ||
| 604 | PKCS7_add_signed_attribute(si, | ||
| 605 | NID_pkcs9_signingTime, | ||
| 606 | V_ASN1_UTCTIME,sign_time); | ||
| 607 | } | ||
| 608 | |||
| 609 | /* Add digest */ | ||
| 610 | md_tmp=EVP_MD_CTX_md(&ctx_tmp); | ||
| 611 | EVP_DigestFinal_ex(&ctx_tmp,md_data,&md_len); | ||
| 612 | digest=M_ASN1_OCTET_STRING_new(); | ||
| 613 | M_ASN1_OCTET_STRING_set(digest,md_data,md_len); | ||
| 614 | PKCS7_add_signed_attribute(si, | ||
| 615 | NID_pkcs9_messageDigest, | ||
| 616 | V_ASN1_OCTET_STRING,digest); | ||
| 617 | |||
| 618 | /* Now sign the attributes */ | ||
| 619 | EVP_SignInit_ex(&ctx_tmp,md_tmp,NULL); | ||
| 620 | alen = ASN1_item_i2d((ASN1_VALUE *)sk,&abuf, | ||
| 621 | ASN1_ITEM_rptr(PKCS7_ATTR_SIGN)); | ||
| 622 | if(!abuf) goto err; | ||
| 623 | EVP_SignUpdate(&ctx_tmp,abuf,alen); | ||
| 624 | OPENSSL_free(abuf); | ||
| 285 | } | 625 | } |
| 286 | 626 | ||
| 627 | #ifndef OPENSSL_NO_DSA | ||
| 628 | if (si->pkey->type == EVP_PKEY_DSA) | ||
| 629 | ctx_tmp.digest=EVP_dss1(); | ||
| 630 | #endif | ||
| 631 | |||
| 287 | if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, | 632 | if (!EVP_SignFinal(&ctx_tmp,(unsigned char *)buf->data, |
| 288 | (unsigned int *)&buf->length,si->pkey)) | 633 | (unsigned int *)&buf->length,si->pkey)) |
| 634 | { | ||
| 635 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_EVP_LIB); | ||
| 289 | goto err; | 636 | goto err; |
| 637 | } | ||
| 290 | if (!ASN1_STRING_set(si->enc_digest, | 638 | if (!ASN1_STRING_set(si->enc_digest, |
| 291 | (unsigned char *)buf->data,buf->length)) | 639 | (unsigned char *)buf->data,buf->length)) |
| 292 | goto err; | ||
| 293 | } | ||
| 294 | if (p7->detached) | ||
| 295 | ASN1_OCTET_STRING_set(os,(unsigned char *)"",0); | ||
| 296 | else | ||
| 297 | { | ||
| 298 | btmp=BIO_find_type(bio,BIO_TYPE_MEM); | ||
| 299 | if (btmp == NULL) | ||
| 300 | { | 640 | { |
| 301 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); | 641 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,ERR_R_ASN1_LIB); |
| 302 | goto err; | 642 | goto err; |
| 303 | } | 643 | } |
| 304 | BIO_get_mem_ptr(btmp,&buf_mem); | ||
| 305 | ASN1_OCTET_STRING_set(os, | ||
| 306 | (unsigned char *)buf_mem->data,buf_mem->length); | ||
| 307 | } | 644 | } |
| 308 | if (pp != NULL) Free(pp); | ||
| 309 | pp=NULL; | ||
| 310 | } | 645 | } |
| 311 | 646 | ||
| 647 | if (!PKCS7_is_detached(p7)) | ||
| 648 | { | ||
| 649 | btmp=BIO_find_type(bio,BIO_TYPE_MEM); | ||
| 650 | if (btmp == NULL) | ||
| 651 | { | ||
| 652 | PKCS7err(PKCS7_F_PKCS7_DATASIGN,PKCS7_R_UNABLE_TO_FIND_MEM_BIO); | ||
| 653 | goto err; | ||
| 654 | } | ||
| 655 | BIO_get_mem_ptr(btmp,&buf_mem); | ||
| 656 | /* Mark the BIO read only then we can use its copy of the data | ||
| 657 | * instead of making an extra copy. | ||
| 658 | */ | ||
| 659 | BIO_set_flags(btmp, BIO_FLAGS_MEM_RDONLY); | ||
| 660 | BIO_set_mem_eof_return(btmp, 0); | ||
| 661 | os->data = (unsigned char *)buf_mem->data; | ||
| 662 | os->length = buf_mem->length; | ||
| 663 | #if 0 | ||
| 664 | M_ASN1_OCTET_STRING_set(os, | ||
| 665 | (unsigned char *)buf_mem->data,buf_mem->length); | ||
| 666 | #endif | ||
| 667 | } | ||
| 312 | ret=1; | 668 | ret=1; |
| 313 | err: | 669 | err: |
| 670 | EVP_MD_CTX_cleanup(&ctx_tmp); | ||
| 314 | if (buf != NULL) BUF_MEM_free(buf); | 671 | if (buf != NULL) BUF_MEM_free(buf); |
| 315 | return(ret); | 672 | return(ret); |
| 316 | } | 673 | } |
| 317 | 674 | ||
| 318 | int PKCS7_dataVerify(cert_store,ctx,bio,p7,si) | 675 | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, BIO *bio, |
| 319 | X509_STORE *cert_store; | 676 | PKCS7 *p7, PKCS7_SIGNER_INFO *si) |
| 320 | X509_STORE_CTX *ctx; | ||
| 321 | BIO *bio; | ||
| 322 | PKCS7 *p7; | ||
| 323 | PKCS7_SIGNER_INFO *si; | ||
| 324 | { | 677 | { |
| 325 | PKCS7_SIGNED *s; | ||
| 326 | ASN1_OCTET_STRING *os; | ||
| 327 | EVP_MD_CTX mdc_tmp,*mdc; | ||
| 328 | unsigned char *pp,*p; | ||
| 329 | PKCS7_ISSUER_AND_SERIAL *ias; | 678 | PKCS7_ISSUER_AND_SERIAL *ias; |
| 330 | int ret=0,md_type,i; | 679 | int ret=0,i; |
| 331 | STACK *sk; | 680 | STACK_OF(X509) *cert; |
| 332 | BIO *btmp; | ||
| 333 | X509 *x509; | 681 | X509 *x509; |
| 334 | 682 | ||
| 335 | if (!PKCS7_type_is_signed(p7)) abort(); | 683 | if (PKCS7_type_is_signed(p7)) |
| 684 | { | ||
| 685 | cert=p7->d.sign->cert; | ||
| 686 | } | ||
| 687 | else if (PKCS7_type_is_signedAndEnveloped(p7)) | ||
| 688 | { | ||
| 689 | cert=p7->d.signed_and_enveloped->cert; | ||
| 690 | } | ||
| 691 | else | ||
| 692 | { | ||
| 693 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_WRONG_PKCS7_TYPE); | ||
| 694 | goto err; | ||
| 695 | } | ||
| 336 | /* XXXXXXXXXXXXXXXXXXXXXXX */ | 696 | /* XXXXXXXXXXXXXXXXXXXXXXX */ |
| 337 | ias=si->issuer_and_serial; | 697 | ias=si->issuer_and_serial; |
| 338 | s=p7->d.sign; | ||
| 339 | 698 | ||
| 340 | x509=X509_find_by_issuer_and_serial(s->cert,ias->issuer,ias->serial); | 699 | x509=X509_find_by_issuer_and_serial(cert,ias->issuer,ias->serial); |
| 341 | 700 | ||
| 342 | /* were we able to find the cert in passed to us */ | 701 | /* were we able to find the cert in passed to us */ |
| 343 | if (x509 == NULL) | 702 | if (x509 == NULL) |
| @@ -347,12 +706,46 @@ PKCS7_SIGNER_INFO *si; | |||
| 347 | } | 706 | } |
| 348 | 707 | ||
| 349 | /* Lets verify */ | 708 | /* Lets verify */ |
| 350 | X509_STORE_CTX_init(ctx,cert_store,x509,s->cert); | 709 | if(!X509_STORE_CTX_init(ctx,cert_store,x509,cert)) |
| 710 | { | ||
| 711 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); | ||
| 712 | goto err; | ||
| 713 | } | ||
| 714 | X509_STORE_CTX_set_purpose(ctx, X509_PURPOSE_SMIME_SIGN); | ||
| 351 | i=X509_verify_cert(ctx); | 715 | i=X509_verify_cert(ctx); |
| 352 | if (i <= 0) goto err; | 716 | if (i <= 0) |
| 717 | { | ||
| 718 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,ERR_R_X509_LIB); | ||
| 719 | X509_STORE_CTX_cleanup(ctx); | ||
| 720 | goto err; | ||
| 721 | } | ||
| 353 | X509_STORE_CTX_cleanup(ctx); | 722 | X509_STORE_CTX_cleanup(ctx); |
| 354 | 723 | ||
| 355 | /* So we like 'x509', lets check the signature. */ | 724 | return PKCS7_signatureVerify(bio, p7, si, x509); |
| 725 | err: | ||
| 726 | return ret; | ||
| 727 | } | ||
| 728 | |||
| 729 | int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, | ||
| 730 | X509 *x509) | ||
| 731 | { | ||
| 732 | ASN1_OCTET_STRING *os; | ||
| 733 | EVP_MD_CTX mdc_tmp,*mdc; | ||
| 734 | int ret=0,i; | ||
| 735 | int md_type; | ||
| 736 | STACK_OF(X509_ATTRIBUTE) *sk; | ||
| 737 | BIO *btmp; | ||
| 738 | EVP_PKEY *pkey; | ||
| 739 | |||
| 740 | EVP_MD_CTX_init(&mdc_tmp); | ||
| 741 | |||
| 742 | if (!PKCS7_type_is_signed(p7) && | ||
| 743 | !PKCS7_type_is_signedAndEnveloped(p7)) { | ||
| 744 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, | ||
| 745 | PKCS7_R_WRONG_PKCS7_TYPE); | ||
| 746 | goto err; | ||
| 747 | } | ||
| 748 | |||
| 356 | md_type=OBJ_obj2nid(si->digest_alg->algorithm); | 749 | md_type=OBJ_obj2nid(si->digest_alg->algorithm); |
| 357 | 750 | ||
| 358 | btmp=bio; | 751 | btmp=bio; |
| @@ -361,48 +754,226 @@ PKCS7_SIGNER_INFO *si; | |||
| 361 | if ((btmp == NULL) || | 754 | if ((btmp == NULL) || |
| 362 | ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) | 755 | ((btmp=BIO_find_type(btmp,BIO_TYPE_MD)) == NULL)) |
| 363 | { | 756 | { |
| 364 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | 757 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, |
| 758 | PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | ||
| 365 | goto err; | 759 | goto err; |
| 366 | } | 760 | } |
| 367 | BIO_get_md_ctx(btmp,&mdc); | 761 | BIO_get_md_ctx(btmp,&mdc); |
| 368 | if (mdc == NULL) | 762 | if (mdc == NULL) |
| 369 | { | 763 | { |
| 370 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_INTERNAL_ERROR); | 764 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, |
| 765 | ERR_R_INTERNAL_ERROR); | ||
| 371 | goto err; | 766 | goto err; |
| 372 | } | 767 | } |
| 373 | if (EVP_MD_type(EVP_MD_CTX_type(mdc)) == md_type) | 768 | if (EVP_MD_CTX_type(mdc) == md_type) |
| 374 | break; | 769 | break; |
| 375 | btmp=btmp->next_bio; | 770 | btmp=BIO_next(btmp); |
| 376 | } | 771 | } |
| 377 | 772 | ||
| 378 | /* mdc is the digest ctx that we want */ | 773 | /* mdc is the digest ctx that we want, unless there are attributes, |
| 379 | memcpy(&mdc_tmp,mdc,sizeof(mdc_tmp)); | 774 | * in which case the digest is the signed attributes */ |
| 775 | EVP_MD_CTX_copy_ex(&mdc_tmp,mdc); | ||
| 380 | 776 | ||
| 381 | sk=si->auth_attr; | 777 | sk=si->auth_attr; |
| 382 | if ((sk != NULL) && (sk_num(sk) != 0)) | 778 | if ((sk != NULL) && (sk_X509_ATTRIBUTE_num(sk) != 0)) |
| 383 | { | 779 | { |
| 384 | i=i2d_ASN1_SET(sk,NULL,i2d_X509_ATTRIBUTE, | 780 | unsigned char md_dat[EVP_MAX_MD_SIZE], *abuf = NULL; |
| 385 | V_ASN1_SET,V_ASN1_UNIVERSAL); | 781 | unsigned int md_len, alen; |
| 386 | pp=(unsigned char *)malloc(i); | 782 | ASN1_OCTET_STRING *message_digest; |
| 387 | p=pp; | 783 | |
| 388 | i2d_ASN1_SET(sk,&p,i2d_X509_ATTRIBUTE, | 784 | EVP_DigestFinal_ex(&mdc_tmp,md_dat,&md_len); |
| 389 | V_ASN1_SET,V_ASN1_UNIVERSAL); | 785 | message_digest=PKCS7_digest_from_attributes(sk); |
| 390 | EVP_VerifyUpdate(&mdc_tmp,pp,i); | 786 | if (!message_digest) |
| 391 | free(pp); | 787 | { |
| 788 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, | ||
| 789 | PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST); | ||
| 790 | goto err; | ||
| 791 | } | ||
| 792 | if ((message_digest->length != (int)md_len) || | ||
| 793 | (memcmp(message_digest->data,md_dat,md_len))) | ||
| 794 | { | ||
| 795 | #if 0 | ||
| 796 | { | ||
| 797 | int ii; | ||
| 798 | for (ii=0; ii<message_digest->length; ii++) | ||
| 799 | printf("%02X",message_digest->data[ii]); printf(" sent\n"); | ||
| 800 | for (ii=0; ii<md_len; ii++) printf("%02X",md_dat[ii]); printf(" calc\n"); | ||
| 801 | } | ||
| 802 | #endif | ||
| 803 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, | ||
| 804 | PKCS7_R_DIGEST_FAILURE); | ||
| 805 | ret= -1; | ||
| 806 | goto err; | ||
| 807 | } | ||
| 808 | |||
| 809 | EVP_VerifyInit_ex(&mdc_tmp,EVP_get_digestbynid(md_type), NULL); | ||
| 810 | |||
| 811 | alen = ASN1_item_i2d((ASN1_VALUE *)sk, &abuf, | ||
| 812 | ASN1_ITEM_rptr(PKCS7_ATTR_VERIFY)); | ||
| 813 | EVP_VerifyUpdate(&mdc_tmp, abuf, alen); | ||
| 814 | |||
| 815 | OPENSSL_free(abuf); | ||
| 392 | } | 816 | } |
| 393 | 817 | ||
| 394 | os=si->enc_digest; | 818 | os=si->enc_digest; |
| 395 | i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, | 819 | pkey = X509_get_pubkey(x509); |
| 396 | X509_get_pubkey(x509)); | 820 | if (!pkey) |
| 821 | { | ||
| 822 | ret = -1; | ||
| 823 | goto err; | ||
| 824 | } | ||
| 825 | #ifndef OPENSSL_NO_DSA | ||
| 826 | if(pkey->type == EVP_PKEY_DSA) mdc_tmp.digest=EVP_dss1(); | ||
| 827 | #endif | ||
| 828 | |||
| 829 | i=EVP_VerifyFinal(&mdc_tmp,os->data,os->length, pkey); | ||
| 830 | EVP_PKEY_free(pkey); | ||
| 397 | if (i <= 0) | 831 | if (i <= 0) |
| 398 | { | 832 | { |
| 399 | PKCS7err(PKCS7_F_PKCS7_DATAVERIFY,PKCS7_R_SIGNATURE_FAILURE); | 833 | PKCS7err(PKCS7_F_PKCS7_SIGNATUREVERIFY, |
| 834 | PKCS7_R_SIGNATURE_FAILURE); | ||
| 400 | ret= -1; | 835 | ret= -1; |
| 401 | goto err; | 836 | goto err; |
| 402 | } | 837 | } |
| 403 | else | 838 | else |
| 404 | ret=1; | 839 | ret=1; |
| 405 | err: | 840 | err: |
| 841 | EVP_MD_CTX_cleanup(&mdc_tmp); | ||
| 406 | return(ret); | 842 | return(ret); |
| 407 | } | 843 | } |
| 408 | 844 | ||
| 845 | PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx) | ||
| 846 | { | ||
| 847 | STACK_OF(PKCS7_RECIP_INFO) *rsk; | ||
| 848 | PKCS7_RECIP_INFO *ri; | ||
| 849 | int i; | ||
| 850 | |||
| 851 | i=OBJ_obj2nid(p7->type); | ||
| 852 | if (i != NID_pkcs7_signedAndEnveloped) return(NULL); | ||
| 853 | rsk=p7->d.signed_and_enveloped->recipientinfo; | ||
| 854 | ri=sk_PKCS7_RECIP_INFO_value(rsk,0); | ||
| 855 | if (sk_PKCS7_RECIP_INFO_num(rsk) <= idx) return(NULL); | ||
| 856 | ri=sk_PKCS7_RECIP_INFO_value(rsk,idx); | ||
| 857 | return(ri->issuer_and_serial); | ||
| 858 | } | ||
| 859 | |||
| 860 | ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid) | ||
| 861 | { | ||
| 862 | return(get_attribute(si->auth_attr,nid)); | ||
| 863 | } | ||
| 864 | |||
| 865 | ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid) | ||
| 866 | { | ||
| 867 | return(get_attribute(si->unauth_attr,nid)); | ||
| 868 | } | ||
| 869 | |||
| 870 | static ASN1_TYPE *get_attribute(STACK_OF(X509_ATTRIBUTE) *sk, int nid) | ||
| 871 | { | ||
| 872 | int i; | ||
| 873 | X509_ATTRIBUTE *xa; | ||
| 874 | ASN1_OBJECT *o; | ||
| 875 | |||
| 876 | o=OBJ_nid2obj(nid); | ||
| 877 | if (!o || !sk) return(NULL); | ||
| 878 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | ||
| 879 | { | ||
| 880 | xa=sk_X509_ATTRIBUTE_value(sk,i); | ||
| 881 | if (OBJ_cmp(xa->object,o) == 0) | ||
| 882 | { | ||
| 883 | if (!xa->single && sk_ASN1_TYPE_num(xa->value.set)) | ||
| 884 | return(sk_ASN1_TYPE_value(xa->value.set,0)); | ||
| 885 | else | ||
| 886 | return(NULL); | ||
| 887 | } | ||
| 888 | } | ||
| 889 | return(NULL); | ||
| 890 | } | ||
| 891 | |||
| 892 | ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk) | ||
| 893 | { | ||
| 894 | ASN1_TYPE *astype; | ||
| 895 | if(!(astype = get_attribute(sk, NID_pkcs9_messageDigest))) return NULL; | ||
| 896 | return astype->value.octet_string; | ||
| 897 | } | ||
| 898 | |||
| 899 | int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, | ||
| 900 | STACK_OF(X509_ATTRIBUTE) *sk) | ||
| 901 | { | ||
| 902 | int i; | ||
| 903 | |||
| 904 | if (p7si->auth_attr != NULL) | ||
| 905 | sk_X509_ATTRIBUTE_pop_free(p7si->auth_attr,X509_ATTRIBUTE_free); | ||
| 906 | p7si->auth_attr=sk_X509_ATTRIBUTE_dup(sk); | ||
| 907 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | ||
| 908 | { | ||
| 909 | if ((sk_X509_ATTRIBUTE_set(p7si->auth_attr,i, | ||
| 910 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) | ||
| 911 | == NULL) | ||
| 912 | return(0); | ||
| 913 | } | ||
| 914 | return(1); | ||
| 915 | } | ||
| 916 | |||
| 917 | int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si, STACK_OF(X509_ATTRIBUTE) *sk) | ||
| 918 | { | ||
| 919 | int i; | ||
| 920 | |||
| 921 | if (p7si->unauth_attr != NULL) | ||
| 922 | sk_X509_ATTRIBUTE_pop_free(p7si->unauth_attr, | ||
| 923 | X509_ATTRIBUTE_free); | ||
| 924 | p7si->unauth_attr=sk_X509_ATTRIBUTE_dup(sk); | ||
| 925 | for (i=0; i<sk_X509_ATTRIBUTE_num(sk); i++) | ||
| 926 | { | ||
| 927 | if ((sk_X509_ATTRIBUTE_set(p7si->unauth_attr,i, | ||
| 928 | X509_ATTRIBUTE_dup(sk_X509_ATTRIBUTE_value(sk,i)))) | ||
| 929 | == NULL) | ||
| 930 | return(0); | ||
| 931 | } | ||
| 932 | return(1); | ||
| 933 | } | ||
| 934 | |||
| 935 | int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, | ||
| 936 | void *value) | ||
| 937 | { | ||
| 938 | return(add_attribute(&(p7si->auth_attr),nid,atrtype,value)); | ||
| 939 | } | ||
| 940 | |||
| 941 | int PKCS7_add_attribute(PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, | ||
| 942 | void *value) | ||
| 943 | { | ||
| 944 | return(add_attribute(&(p7si->unauth_attr),nid,atrtype,value)); | ||
| 945 | } | ||
| 946 | |||
| 947 | static int add_attribute(STACK_OF(X509_ATTRIBUTE) **sk, int nid, int atrtype, | ||
| 948 | void *value) | ||
| 949 | { | ||
| 950 | X509_ATTRIBUTE *attr=NULL; | ||
| 951 | |||
| 952 | if (*sk == NULL) | ||
| 953 | { | ||
| 954 | *sk = sk_X509_ATTRIBUTE_new_null(); | ||
| 955 | new_attrib: | ||
| 956 | attr=X509_ATTRIBUTE_create(nid,atrtype,value); | ||
| 957 | sk_X509_ATTRIBUTE_push(*sk,attr); | ||
| 958 | } | ||
| 959 | else | ||
| 960 | { | ||
| 961 | int i; | ||
| 962 | |||
| 963 | for (i=0; i<sk_X509_ATTRIBUTE_num(*sk); i++) | ||
| 964 | { | ||
| 965 | attr=sk_X509_ATTRIBUTE_value(*sk,i); | ||
| 966 | if (OBJ_obj2nid(attr->object) == nid) | ||
| 967 | { | ||
| 968 | X509_ATTRIBUTE_free(attr); | ||
| 969 | attr=X509_ATTRIBUTE_create(nid,atrtype,value); | ||
| 970 | sk_X509_ATTRIBUTE_set(*sk,i,attr); | ||
| 971 | goto end; | ||
| 972 | } | ||
| 973 | } | ||
| 974 | goto new_attrib; | ||
| 975 | } | ||
| 976 | end: | ||
| 977 | return(1); | ||
| 978 | } | ||
| 979 | |||
diff --git a/src/lib/libcrypto/pkcs7/pk7_lib.c b/src/lib/libcrypto/pkcs7/pk7_lib.c index 7d14ad1173..c00ed6833a 100644 --- a/src/lib/libcrypto/pkcs7/pk7_lib.c +++ b/src/lib/libcrypto/pkcs7/pk7_lib.c | |||
| @@ -58,14 +58,10 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "objects.h" | 61 | #include <openssl/objects.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 63 | 63 | ||
| 64 | long PKCS7_ctrl(p7,cmd,larg,parg) | 64 | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg) |
| 65 | PKCS7 *p7; | ||
| 66 | int cmd; | ||
| 67 | long larg; | ||
| 68 | char *parg; | ||
| 69 | { | 65 | { |
| 70 | int nid; | 66 | int nid; |
| 71 | long ret; | 67 | long ret; |
| @@ -88,7 +84,11 @@ char *parg; | |||
| 88 | case PKCS7_OP_GET_DETACHED_SIGNATURE: | 84 | case PKCS7_OP_GET_DETACHED_SIGNATURE: |
| 89 | if (nid == NID_pkcs7_signed) | 85 | if (nid == NID_pkcs7_signed) |
| 90 | { | 86 | { |
| 91 | ret=p7->detached; | 87 | if(!p7->d.sign || !p7->d.sign->contents->d.ptr) |
| 88 | ret = 1; | ||
| 89 | else ret = 0; | ||
| 90 | |||
| 91 | p7->detached = ret; | ||
| 92 | } | 92 | } |
| 93 | else | 93 | else |
| 94 | { | 94 | { |
| @@ -98,14 +98,13 @@ char *parg; | |||
| 98 | 98 | ||
| 99 | break; | 99 | break; |
| 100 | default: | 100 | default: |
| 101 | abort(); | 101 | PKCS7err(PKCS7_F_PKCS7_CTRL,PKCS7_R_UNKNOWN_OPERATION); |
| 102 | ret=0; | ||
| 102 | } | 103 | } |
| 103 | return(ret); | 104 | return(ret); |
| 104 | } | 105 | } |
| 105 | 106 | ||
| 106 | int PKCS7_content_new(p7,type) | 107 | int PKCS7_content_new(PKCS7 *p7, int type) |
| 107 | PKCS7 *p7; | ||
| 108 | int type; | ||
| 109 | { | 108 | { |
| 110 | PKCS7 *ret=NULL; | 109 | PKCS7 *ret=NULL; |
| 111 | 110 | ||
| @@ -119,9 +118,7 @@ err: | |||
| 119 | return(0); | 118 | return(0); |
| 120 | } | 119 | } |
| 121 | 120 | ||
| 122 | int PKCS7_set_content(p7,p7_data) | 121 | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data) |
| 123 | PKCS7 *p7; | ||
| 124 | PKCS7 *p7_data; | ||
| 125 | { | 122 | { |
| 126 | int i; | 123 | int i; |
| 127 | 124 | ||
| @@ -130,7 +127,7 @@ PKCS7 *p7_data; | |||
| 130 | { | 127 | { |
| 131 | case NID_pkcs7_signed: | 128 | case NID_pkcs7_signed: |
| 132 | if (p7->d.sign->contents != NULL) | 129 | if (p7->d.sign->contents != NULL) |
| 133 | PKCS7_content_free(p7->d.sign->contents); | 130 | PKCS7_free(p7->d.sign->contents); |
| 134 | p7->d.sign->contents=p7_data; | 131 | p7->d.sign->contents=p7_data; |
| 135 | break; | 132 | break; |
| 136 | case NID_pkcs7_digest: | 133 | case NID_pkcs7_digest: |
| @@ -147,13 +144,11 @@ err: | |||
| 147 | return(0); | 144 | return(0); |
| 148 | } | 145 | } |
| 149 | 146 | ||
| 150 | int PKCS7_set_type(p7,type) | 147 | int PKCS7_set_type(PKCS7 *p7, int type) |
| 151 | PKCS7 *p7; | ||
| 152 | int type; | ||
| 153 | { | 148 | { |
| 154 | ASN1_OBJECT *obj; | 149 | ASN1_OBJECT *obj; |
| 155 | 150 | ||
| 156 | PKCS7_content_free(p7); | 151 | /*PKCS7_content_free(p7);*/ |
| 157 | obj=OBJ_nid2obj(type); /* will not fail */ | 152 | obj=OBJ_nid2obj(type); /* will not fail */ |
| 158 | 153 | ||
| 159 | switch (type) | 154 | switch (type) |
| @@ -166,19 +161,35 @@ int type; | |||
| 166 | break; | 161 | break; |
| 167 | case NID_pkcs7_data: | 162 | case NID_pkcs7_data: |
| 168 | p7->type=obj; | 163 | p7->type=obj; |
| 169 | if ((p7->d.data=ASN1_OCTET_STRING_new()) == NULL) | 164 | if ((p7->d.data=M_ASN1_OCTET_STRING_new()) == NULL) |
| 170 | goto err; | 165 | goto err; |
| 171 | break; | 166 | break; |
| 172 | case NID_pkcs7_signedAndEnveloped: | 167 | case NID_pkcs7_signedAndEnveloped: |
| 173 | p7->type=obj; | 168 | p7->type=obj; |
| 174 | if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) | 169 | if ((p7->d.signed_and_enveloped=PKCS7_SIGN_ENVELOPE_new()) |
| 175 | == NULL) | 170 | == NULL) goto err; |
| 176 | goto err; | 171 | ASN1_INTEGER_set(p7->d.signed_and_enveloped->version,1); |
| 177 | ASN1_INTEGER_set(p7->d.sign->version,1); | 172 | p7->d.signed_and_enveloped->enc_data->content_type |
| 173 | = OBJ_nid2obj(NID_pkcs7_data); | ||
| 178 | break; | 174 | break; |
| 179 | case NID_pkcs7_digest: | ||
| 180 | case NID_pkcs7_enveloped: | 175 | case NID_pkcs7_enveloped: |
| 176 | p7->type=obj; | ||
| 177 | if ((p7->d.enveloped=PKCS7_ENVELOPE_new()) | ||
| 178 | == NULL) goto err; | ||
| 179 | ASN1_INTEGER_set(p7->d.enveloped->version,0); | ||
| 180 | p7->d.enveloped->enc_data->content_type | ||
| 181 | = OBJ_nid2obj(NID_pkcs7_data); | ||
| 182 | break; | ||
| 181 | case NID_pkcs7_encrypted: | 183 | case NID_pkcs7_encrypted: |
| 184 | p7->type=obj; | ||
| 185 | if ((p7->d.encrypted=PKCS7_ENCRYPT_new()) | ||
| 186 | == NULL) goto err; | ||
| 187 | ASN1_INTEGER_set(p7->d.encrypted->version,0); | ||
| 188 | p7->d.encrypted->enc_data->content_type | ||
| 189 | = OBJ_nid2obj(NID_pkcs7_data); | ||
| 190 | break; | ||
| 191 | |||
| 192 | case NID_pkcs7_digest: | ||
| 182 | default: | 193 | default: |
| 183 | PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); | 194 | PKCS7err(PKCS7_F_PKCS7_SET_TYPE,PKCS7_R_UNSUPPORTED_CONTENT_TYPE); |
| 184 | goto err; | 195 | goto err; |
| @@ -188,14 +199,12 @@ err: | |||
| 188 | return(0); | 199 | return(0); |
| 189 | } | 200 | } |
| 190 | 201 | ||
| 191 | int PKCS7_add_signer(p7,psi) | 202 | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *psi) |
| 192 | PKCS7 *p7; | ||
| 193 | PKCS7_SIGNER_INFO *psi; | ||
| 194 | { | 203 | { |
| 195 | int i,j,nid; | 204 | int i,j,nid; |
| 196 | X509_ALGOR *alg; | 205 | X509_ALGOR *alg; |
| 197 | STACK *signer_sk; | 206 | STACK_OF(PKCS7_SIGNER_INFO) *signer_sk; |
| 198 | STACK *md_sk; | 207 | STACK_OF(X509_ALGOR) *md_sk; |
| 199 | 208 | ||
| 200 | i=OBJ_obj2nid(p7->type); | 209 | i=OBJ_obj2nid(p7->type); |
| 201 | switch (i) | 210 | switch (i) |
| @@ -217,9 +226,9 @@ PKCS7_SIGNER_INFO *psi; | |||
| 217 | 226 | ||
| 218 | /* If the digest is not currently listed, add it */ | 227 | /* If the digest is not currently listed, add it */ |
| 219 | j=0; | 228 | j=0; |
| 220 | for (i=0; i<sk_num(md_sk); i++) | 229 | for (i=0; i<sk_X509_ALGOR_num(md_sk); i++) |
| 221 | { | 230 | { |
| 222 | alg=(X509_ALGOR *)sk_value(md_sk,i); | 231 | alg=sk_X509_ALGOR_value(md_sk,i); |
| 223 | if (OBJ_obj2nid(alg->algorithm) == nid) | 232 | if (OBJ_obj2nid(alg->algorithm) == nid) |
| 224 | { | 233 | { |
| 225 | j=1; | 234 | j=1; |
| @@ -228,21 +237,24 @@ PKCS7_SIGNER_INFO *psi; | |||
| 228 | } | 237 | } |
| 229 | if (!j) /* we need to add another algorithm */ | 238 | if (!j) /* we need to add another algorithm */ |
| 230 | { | 239 | { |
| 231 | alg=X509_ALGOR_new(); | 240 | if(!(alg=X509_ALGOR_new()) |
| 241 | || !(alg->parameter = ASN1_TYPE_new())) { | ||
| 242 | PKCS7err(PKCS7_F_PKCS7_ADD_SIGNER,ERR_R_MALLOC_FAILURE); | ||
| 243 | return(0); | ||
| 244 | } | ||
| 232 | alg->algorithm=OBJ_nid2obj(nid); | 245 | alg->algorithm=OBJ_nid2obj(nid); |
| 233 | sk_push(md_sk,(char *)alg); | 246 | alg->parameter->type = V_ASN1_NULL; |
| 247 | sk_X509_ALGOR_push(md_sk,alg); | ||
| 234 | } | 248 | } |
| 235 | 249 | ||
| 236 | sk_push(signer_sk,(char *)psi); | 250 | sk_PKCS7_SIGNER_INFO_push(signer_sk,psi); |
| 237 | return(1); | 251 | return(1); |
| 238 | } | 252 | } |
| 239 | 253 | ||
| 240 | int PKCS7_add_certificate(p7,x509) | 254 | int PKCS7_add_certificate(PKCS7 *p7, X509 *x509) |
| 241 | PKCS7 *p7; | ||
| 242 | X509 *x509; | ||
| 243 | { | 255 | { |
| 244 | int i; | 256 | int i; |
| 245 | STACK **sk; | 257 | STACK_OF(X509) **sk; |
| 246 | 258 | ||
| 247 | i=OBJ_obj2nid(p7->type); | 259 | i=OBJ_obj2nid(p7->type); |
| 248 | switch (i) | 260 | switch (i) |
| @@ -259,18 +271,16 @@ X509 *x509; | |||
| 259 | } | 271 | } |
| 260 | 272 | ||
| 261 | if (*sk == NULL) | 273 | if (*sk == NULL) |
| 262 | *sk=sk_new_null(); | 274 | *sk=sk_X509_new_null(); |
| 263 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); | 275 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); |
| 264 | sk_push(*sk,(char *)x509); | 276 | sk_X509_push(*sk,x509); |
| 265 | return(1); | 277 | return(1); |
| 266 | } | 278 | } |
| 267 | 279 | ||
| 268 | int PKCS7_add_crl(p7,crl) | 280 | int PKCS7_add_crl(PKCS7 *p7, X509_CRL *crl) |
| 269 | PKCS7 *p7; | ||
| 270 | X509_CRL *crl; | ||
| 271 | { | 281 | { |
| 272 | int i; | 282 | int i; |
| 273 | STACK **sk; | 283 | STACK_OF(X509_CRL) **sk; |
| 274 | 284 | ||
| 275 | i=OBJ_obj2nid(p7->type); | 285 | i=OBJ_obj2nid(p7->type); |
| 276 | switch (i) | 286 | switch (i) |
| @@ -287,19 +297,19 @@ X509_CRL *crl; | |||
| 287 | } | 297 | } |
| 288 | 298 | ||
| 289 | if (*sk == NULL) | 299 | if (*sk == NULL) |
| 290 | *sk=sk_new_null(); | 300 | *sk=sk_X509_CRL_new_null(); |
| 291 | 301 | ||
| 292 | CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); | 302 | CRYPTO_add(&crl->references,1,CRYPTO_LOCK_X509_CRL); |
| 293 | sk_push(*sk,(char *)crl); | 303 | sk_X509_CRL_push(*sk,crl); |
| 294 | return(1); | 304 | return(1); |
| 295 | } | 305 | } |
| 296 | 306 | ||
| 297 | int PKCS7_SIGNER_INFO_set(p7i,x509,pkey,dgst) | 307 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, |
| 298 | PKCS7_SIGNER_INFO *p7i; | 308 | const EVP_MD *dgst) |
| 299 | X509 *x509; | ||
| 300 | EVP_PKEY *pkey; | ||
| 301 | EVP_MD *dgst; | ||
| 302 | { | 309 | { |
| 310 | char is_dsa; | ||
| 311 | if (pkey->type == EVP_PKEY_DSA) is_dsa = 1; | ||
| 312 | else is_dsa = 0; | ||
| 303 | /* We now need to add another PKCS7_SIGNER_INFO entry */ | 313 | /* We now need to add another PKCS7_SIGNER_INFO entry */ |
| 304 | ASN1_INTEGER_set(p7i->version,1); | 314 | ASN1_INTEGER_set(p7i->version,1); |
| 305 | X509_NAME_set(&p7i->issuer_and_serial->issuer, | 315 | X509_NAME_set(&p7i->issuer_and_serial->issuer, |
| @@ -307,36 +317,43 @@ EVP_MD *dgst; | |||
| 307 | 317 | ||
| 308 | /* because ASN1_INTEGER_set is used to set a 'long' we will do | 318 | /* because ASN1_INTEGER_set is used to set a 'long' we will do |
| 309 | * things the ugly way. */ | 319 | * things the ugly way. */ |
| 310 | ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 320 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); |
| 311 | p7i->issuer_and_serial->serial= | 321 | p7i->issuer_and_serial->serial= |
| 312 | ASN1_INTEGER_dup(X509_get_serialNumber(x509)); | 322 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); |
| 313 | 323 | ||
| 314 | /* lets keep the pkey around for a while */ | 324 | /* lets keep the pkey around for a while */ |
| 315 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); | 325 | CRYPTO_add(&pkey->references,1,CRYPTO_LOCK_EVP_PKEY); |
| 316 | p7i->pkey=pkey; | 326 | p7i->pkey=pkey; |
| 317 | 327 | ||
| 318 | /* Set the algorithms */ | 328 | /* Set the algorithms */ |
| 319 | p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); | 329 | if (is_dsa) p7i->digest_alg->algorithm=OBJ_nid2obj(NID_sha1); |
| 320 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_MD_pkey_type(dgst)); | 330 | else |
| 331 | p7i->digest_alg->algorithm=OBJ_nid2obj(EVP_MD_type(dgst)); | ||
| 332 | |||
| 333 | if (p7i->digest_alg->parameter != NULL) | ||
| 334 | ASN1_TYPE_free(p7i->digest_alg->parameter); | ||
| 335 | if ((p7i->digest_alg->parameter=ASN1_TYPE_new()) == NULL) | ||
| 336 | goto err; | ||
| 337 | p7i->digest_alg->parameter->type=V_ASN1_NULL; | ||
| 338 | |||
| 339 | p7i->digest_enc_alg->algorithm=OBJ_nid2obj(EVP_PKEY_type(pkey->type)); | ||
| 321 | 340 | ||
| 322 | #if 1 | ||
| 323 | if (p7i->digest_enc_alg->parameter != NULL) | 341 | if (p7i->digest_enc_alg->parameter != NULL) |
| 324 | ASN1_TYPE_free(p7i->digest_enc_alg->parameter); | 342 | ASN1_TYPE_free(p7i->digest_enc_alg->parameter); |
| 325 | if ((p7i->digest_enc_alg->parameter=ASN1_TYPE_new()) == NULL) | 343 | if(is_dsa) p7i->digest_enc_alg->parameter = NULL; |
| 326 | goto err; | 344 | else { |
| 327 | p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; | 345 | if (!(p7i->digest_enc_alg->parameter=ASN1_TYPE_new())) |
| 328 | #endif | 346 | goto err; |
| 347 | p7i->digest_enc_alg->parameter->type=V_ASN1_NULL; | ||
| 348 | } | ||
| 329 | 349 | ||
| 330 | return(1); | 350 | return(1); |
| 331 | err: | 351 | err: |
| 332 | return(0); | 352 | return(0); |
| 333 | } | 353 | } |
| 334 | 354 | ||
| 335 | PKCS7_SIGNER_INFO *PKCS7_add_signature(p7,x509,pkey,dgst) | 355 | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, EVP_PKEY *pkey, |
| 336 | PKCS7 *p7; | 356 | const EVP_MD *dgst) |
| 337 | X509 *x509; | ||
| 338 | EVP_PKEY *pkey; | ||
| 339 | EVP_MD *dgst; | ||
| 340 | { | 357 | { |
| 341 | PKCS7_SIGNER_INFO *si; | 358 | PKCS7_SIGNER_INFO *si; |
| 342 | 359 | ||
| @@ -348,20 +365,21 @@ err: | |||
| 348 | return(NULL); | 365 | return(NULL); |
| 349 | } | 366 | } |
| 350 | 367 | ||
| 351 | STACK *PKCS7_get_signer_info(p7) | 368 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7) |
| 352 | PKCS7 *p7; | ||
| 353 | { | 369 | { |
| 354 | if (PKCS7_type_is_signed(p7)) | 370 | if (PKCS7_type_is_signed(p7)) |
| 355 | { | 371 | { |
| 356 | return(p7->d.sign->signer_info); | 372 | return(p7->d.sign->signer_info); |
| 357 | } | 373 | } |
| 374 | else if (PKCS7_type_is_signedAndEnveloped(p7)) | ||
| 375 | { | ||
| 376 | return(p7->d.signed_and_enveloped->signer_info); | ||
| 377 | } | ||
| 358 | else | 378 | else |
| 359 | return(NULL); | 379 | return(NULL); |
| 360 | } | 380 | } |
| 361 | 381 | ||
| 362 | PKCS7_RECIP_INFO *PKCS7_add_recipient(p7,x509) | 382 | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509) |
| 363 | PKCS7 *p7; | ||
| 364 | X509 *x509; | ||
| 365 | { | 383 | { |
| 366 | PKCS7_RECIP_INFO *ri; | 384 | PKCS7_RECIP_INFO *ri; |
| 367 | 385 | ||
| @@ -373,12 +391,10 @@ err: | |||
| 373 | return(NULL); | 391 | return(NULL); |
| 374 | } | 392 | } |
| 375 | 393 | ||
| 376 | int PKCS7_add_recipient_info(p7,ri) | 394 | int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri) |
| 377 | PKCS7 *p7; | ||
| 378 | PKCS7_RECIP_INFO *ri; | ||
| 379 | { | 395 | { |
| 380 | int i; | 396 | int i; |
| 381 | STACK *sk; | 397 | STACK_OF(PKCS7_RECIP_INFO) *sk; |
| 382 | 398 | ||
| 383 | i=OBJ_obj2nid(p7->type); | 399 | i=OBJ_obj2nid(p7->type); |
| 384 | switch (i) | 400 | switch (i) |
| @@ -386,26 +402,30 @@ PKCS7_RECIP_INFO *ri; | |||
| 386 | case NID_pkcs7_signedAndEnveloped: | 402 | case NID_pkcs7_signedAndEnveloped: |
| 387 | sk= p7->d.signed_and_enveloped->recipientinfo; | 403 | sk= p7->d.signed_and_enveloped->recipientinfo; |
| 388 | break; | 404 | break; |
| 405 | case NID_pkcs7_enveloped: | ||
| 406 | sk= p7->d.enveloped->recipientinfo; | ||
| 407 | break; | ||
| 389 | default: | 408 | default: |
| 390 | PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); | 409 | PKCS7err(PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,PKCS7_R_WRONG_CONTENT_TYPE); |
| 391 | return(0); | 410 | return(0); |
| 392 | } | 411 | } |
| 393 | 412 | ||
| 394 | sk_push(sk,(char *)ri); | 413 | sk_PKCS7_RECIP_INFO_push(sk,ri); |
| 395 | return(1); | 414 | return(1); |
| 396 | } | 415 | } |
| 397 | 416 | ||
| 398 | int PKCS7_RECIP_INFO_set(p7i,x509) | 417 | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509) |
| 399 | PKCS7_RECIP_INFO *p7i; | ||
| 400 | X509 *x509; | ||
| 401 | { | 418 | { |
| 402 | ASN1_INTEGER_set(p7i->version,0); | 419 | ASN1_INTEGER_set(p7i->version,0); |
| 403 | X509_NAME_set(&p7i->issuer_and_serial->issuer, | 420 | X509_NAME_set(&p7i->issuer_and_serial->issuer, |
| 404 | X509_get_issuer_name(x509)); | 421 | X509_get_issuer_name(x509)); |
| 405 | 422 | ||
| 406 | ASN1_INTEGER_free(p7i->issuer_and_serial->serial); | 423 | M_ASN1_INTEGER_free(p7i->issuer_and_serial->serial); |
| 407 | p7i->issuer_and_serial->serial= | 424 | p7i->issuer_and_serial->serial= |
| 408 | ASN1_INTEGER_dup(X509_get_serialNumber(x509)); | 425 | M_ASN1_INTEGER_dup(X509_get_serialNumber(x509)); |
| 426 | |||
| 427 | X509_ALGOR_free(p7i->key_enc_algor); | ||
| 428 | p7i->key_enc_algor= X509_ALGOR_dup(x509->cert_info->key->algor); | ||
| 409 | 429 | ||
| 410 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); | 430 | CRYPTO_add(&x509->references,1,CRYPTO_LOCK_X509); |
| 411 | p7i->cert=x509; | 431 | p7i->cert=x509; |
| @@ -413,9 +433,7 @@ X509 *x509; | |||
| 413 | return(1); | 433 | return(1); |
| 414 | } | 434 | } |
| 415 | 435 | ||
| 416 | X509 *PKCS7_cert_from_signer_info(p7,si) | 436 | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si) |
| 417 | PKCS7 *p7; | ||
| 418 | PKCS7_SIGNER_INFO *si; | ||
| 419 | { | 437 | { |
| 420 | if (PKCS7_type_is_signed(p7)) | 438 | if (PKCS7_type_is_signed(p7)) |
| 421 | return(X509_find_by_issuer_and_serial(p7->d.sign->cert, | 439 | return(X509_find_by_issuer_and_serial(p7->d.sign->cert, |
| @@ -425,11 +443,10 @@ PKCS7_SIGNER_INFO *si; | |||
| 425 | return(NULL); | 443 | return(NULL); |
| 426 | } | 444 | } |
| 427 | 445 | ||
| 428 | int PKCS7_set_cipher(p7,cipher) | 446 | int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher) |
| 429 | PKCS7 *p7; | ||
| 430 | EVP_CIPHER *cipher; | ||
| 431 | { | 447 | { |
| 432 | int i; | 448 | int i; |
| 449 | ASN1_OBJECT *objtmp; | ||
| 433 | PKCS7_ENC_CONTENT *ec; | 450 | PKCS7_ENC_CONTENT *ec; |
| 434 | 451 | ||
| 435 | i=OBJ_obj2nid(p7->type); | 452 | i=OBJ_obj2nid(p7->type); |
| @@ -438,12 +455,23 @@ EVP_CIPHER *cipher; | |||
| 438 | case NID_pkcs7_signedAndEnveloped: | 455 | case NID_pkcs7_signedAndEnveloped: |
| 439 | ec=p7->d.signed_and_enveloped->enc_data; | 456 | ec=p7->d.signed_and_enveloped->enc_data; |
| 440 | break; | 457 | break; |
| 458 | case NID_pkcs7_enveloped: | ||
| 459 | ec=p7->d.enveloped->enc_data; | ||
| 460 | break; | ||
| 441 | default: | 461 | default: |
| 442 | PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); | 462 | PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_WRONG_CONTENT_TYPE); |
| 443 | return(0); | 463 | return(0); |
| 444 | } | 464 | } |
| 445 | 465 | ||
| 446 | ec->algorithm->algorithm=OBJ_nid2obj(EVP_CIPHER_nid(cipher)); | 466 | /* Check cipher OID exists and has data in it*/ |
| 447 | return(ec->algorithm->algorithm != NULL); | 467 | i = EVP_CIPHER_type(cipher); |
| 468 | if(i == NID_undef) { | ||
| 469 | PKCS7err(PKCS7_F_PKCS7_SET_CIPHER,PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER); | ||
| 470 | return(0); | ||
| 471 | } | ||
| 472 | objtmp = OBJ_nid2obj(i); | ||
| 473 | |||
| 474 | ec->cipher = cipher; | ||
| 475 | return 1; | ||
| 448 | } | 476 | } |
| 449 | 477 | ||
diff --git a/src/lib/libcrypto/pkcs7/pk7_mime.c b/src/lib/libcrypto/pkcs7/pk7_mime.c index 734643be28..086d394270 100644 --- a/src/lib/libcrypto/pkcs7/pk7_mime.c +++ b/src/lib/libcrypto/pkcs7/pk7_mime.c | |||
| @@ -70,16 +70,21 @@ | |||
| 70 | */ | 70 | */ |
| 71 | 71 | ||
| 72 | typedef struct { | 72 | typedef struct { |
| 73 | char *name; /* Name of line e.g. "content-type" */ | ||
| 74 | char *value; /* Value of line e.g. "text/plain" */ | ||
| 75 | STACK /* MIME_PARAM */ *params; /* Zero or more parameters */ | ||
| 76 | } MIME_HEADER; | ||
| 77 | |||
| 78 | typedef struct { | ||
| 79 | char *param_name; /* Param name e.g. "micalg" */ | 73 | char *param_name; /* Param name e.g. "micalg" */ |
| 80 | char *param_value; /* Param value e.g. "sha1" */ | 74 | char *param_value; /* Param value e.g. "sha1" */ |
| 81 | } MIME_PARAM; | 75 | } MIME_PARAM; |
| 82 | 76 | ||
| 77 | DECLARE_STACK_OF(MIME_PARAM) | ||
| 78 | IMPLEMENT_STACK_OF(MIME_PARAM) | ||
| 79 | |||
| 80 | typedef struct { | ||
| 81 | char *name; /* Name of line e.g. "content-type" */ | ||
| 82 | char *value; /* Value of line e.g. "text/plain" */ | ||
| 83 | STACK_OF(MIME_PARAM) *params; /* Zero or more parameters */ | ||
| 84 | } MIME_HEADER; | ||
| 85 | |||
| 86 | DECLARE_STACK_OF(MIME_HEADER) | ||
| 87 | IMPLEMENT_STACK_OF(MIME_HEADER) | ||
| 83 | 88 | ||
| 84 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); | 89 | static int B64_write_PKCS7(BIO *bio, PKCS7 *p7); |
| 85 | static PKCS7 *B64_read_PKCS7(BIO *bio); | 90 | static PKCS7 *B64_read_PKCS7(BIO *bio); |
| @@ -88,14 +93,16 @@ static char * strip_start(char *name); | |||
| 88 | static char * strip_end(char *name); | 93 | static char * strip_end(char *name); |
| 89 | static MIME_HEADER *mime_hdr_new(char *name, char *value); | 94 | static MIME_HEADER *mime_hdr_new(char *name, char *value); |
| 90 | static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); | 95 | static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value); |
| 91 | static STACK *mime_parse_hdr(BIO *bio); | 96 | static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio); |
| 92 | static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b); | 97 | static int mime_hdr_cmp(const MIME_HEADER * const *a, |
| 93 | static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b); | 98 | const MIME_HEADER * const *b); |
| 99 | static int mime_param_cmp(const MIME_PARAM * const *a, | ||
| 100 | const MIME_PARAM * const *b); | ||
| 94 | static void mime_param_free(MIME_PARAM *param); | 101 | static void mime_param_free(MIME_PARAM *param); |
| 95 | static int mime_bound_check(char *line, int linelen, char *bound, int blen); | 102 | static int mime_bound_check(char *line, int linelen, char *bound, int blen); |
| 96 | static int multi_split(BIO *bio, char *bound, STACK **ret); | 103 | static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret); |
| 97 | static int iscrlf(char c); | 104 | static int iscrlf(char c); |
| 98 | static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name); | 105 | static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name); |
| 99 | static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); | 106 | static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name); |
| 100 | static void mime_hdr_free(MIME_HEADER *hdr); | 107 | static void mime_hdr_free(MIME_HEADER *hdr); |
| 101 | 108 | ||
| @@ -158,12 +165,12 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 158 | } | 165 | } |
| 159 | bound[32] = 0; | 166 | bound[32] = 0; |
| 160 | BIO_printf(bio, "MIME-Version: 1.0\n"); | 167 | BIO_printf(bio, "MIME-Version: 1.0\n"); |
| 161 | BIO_printf(bio, "Content-Type: multipart/signed ; "); | 168 | BIO_printf(bio, "Content-Type: multipart/signed;"); |
| 162 | BIO_printf(bio, "protocol=\"application/x-pkcs7-signature\" ; "); | 169 | BIO_printf(bio, " protocol=\"application/x-pkcs7-signature\";"); |
| 163 | BIO_printf(bio, "micalg=sha1 ; boundary=\"----%s\"\n\n", bound); | 170 | BIO_printf(bio, " micalg=sha1; boundary=\"----%s\"\n\n", bound); |
| 164 | BIO_printf(bio, "This is an S/MIME signed message\n\n"); | 171 | BIO_printf(bio, "This is an S/MIME signed message\n\n"); |
| 165 | /* Now write out the first part */ | 172 | /* Now write out the first part */ |
| 166 | BIO_printf(bio, "------%s\r\n", bound); | 173 | BIO_printf(bio, "------%s\n", bound); |
| 167 | if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); | 174 | if(flags & PKCS7_TEXT) BIO_printf(bio, "Content-Type: text/plain\n\n"); |
| 168 | while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) | 175 | while((i = BIO_read(data, linebuf, MAX_SMLEN)) > 0) |
| 169 | BIO_write(bio, linebuf, i); | 176 | BIO_write(bio, linebuf, i); |
| @@ -196,8 +203,8 @@ int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags) | |||
| 196 | PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | 203 | PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) |
| 197 | { | 204 | { |
| 198 | BIO *p7in; | 205 | BIO *p7in; |
| 199 | STACK *headers = NULL; | 206 | STACK_OF(MIME_HEADER) *headers = NULL; |
| 200 | STACK *parts = NULL; | 207 | STACK_OF(BIO) *parts = NULL; |
| 201 | MIME_HEADER *hdr; | 208 | MIME_HEADER *hdr; |
| 202 | MIME_PARAM *prm; | 209 | MIME_PARAM *prm; |
| 203 | PKCS7 *p7; | 210 | PKCS7 *p7; |
| @@ -211,7 +218,7 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | |||
| 211 | } | 218 | } |
| 212 | 219 | ||
| 213 | if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { | 220 | if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { |
| 214 | sk_pop_free(headers, mime_hdr_free); | 221 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 215 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); | 222 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_CONTENT_TYPE); |
| 216 | return NULL; | 223 | return NULL; |
| 217 | } | 224 | } |
| @@ -222,24 +229,24 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | |||
| 222 | /* Split into two parts */ | 229 | /* Split into two parts */ |
| 223 | prm = mime_param_find(hdr, "boundary"); | 230 | prm = mime_param_find(hdr, "boundary"); |
| 224 | if(!prm || !prm->param_value) { | 231 | if(!prm || !prm->param_value) { |
| 225 | sk_pop_free(headers, mime_hdr_free); | 232 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 226 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); | 233 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BOUNDARY); |
| 227 | return NULL; | 234 | return NULL; |
| 228 | } | 235 | } |
| 229 | ret = multi_split(bio, prm->param_value, &parts); | 236 | ret = multi_split(bio, prm->param_value, &parts); |
| 230 | sk_pop_free(headers, mime_hdr_free); | 237 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 231 | if(!ret || (sk_num(parts) != 2) ) { | 238 | if(!ret || (sk_BIO_num(parts) != 2) ) { |
| 232 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); | 239 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_MULTIPART_BODY_FAILURE); |
| 233 | sk_pop_free(parts, (stkfree)BIO_free); | 240 | sk_BIO_pop_free(parts, BIO_vfree); |
| 234 | return NULL; | 241 | return NULL; |
| 235 | } | 242 | } |
| 236 | 243 | ||
| 237 | /* Parse the signature piece */ | 244 | /* Parse the signature piece */ |
| 238 | p7in = (BIO *)sk_value(parts, 1); | 245 | p7in = sk_BIO_value(parts, 1); |
| 239 | 246 | ||
| 240 | if (!(headers = mime_parse_hdr(p7in))) { | 247 | if (!(headers = mime_parse_hdr(p7in))) { |
| 241 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); | 248 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_MIME_SIG_PARSE_ERROR); |
| 242 | sk_pop_free(parts, (stkfree)BIO_free); | 249 | sk_BIO_pop_free(parts, BIO_vfree); |
| 243 | return NULL; | 250 | return NULL; |
| 244 | } | 251 | } |
| 245 | 252 | ||
| @@ -247,32 +254,32 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | |||
| 247 | 254 | ||
| 248 | if(!(hdr = mime_hdr_find(headers, "content-type")) || | 255 | if(!(hdr = mime_hdr_find(headers, "content-type")) || |
| 249 | !hdr->value) { | 256 | !hdr->value) { |
| 250 | sk_pop_free(headers, mime_hdr_free); | 257 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 251 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); | 258 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_NO_SIG_CONTENT_TYPE); |
| 252 | return NULL; | 259 | return NULL; |
| 253 | } | 260 | } |
| 254 | 261 | ||
| 255 | if(strcmp(hdr->value, "application/x-pkcs7-signature") && | 262 | if(strcmp(hdr->value, "application/x-pkcs7-signature") && |
| 256 | strcmp(hdr->value, "application/pkcs7-signature")) { | 263 | strcmp(hdr->value, "application/pkcs7-signature")) { |
| 257 | sk_pop_free(headers, mime_hdr_free); | 264 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 258 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); | 265 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_SIG_INVALID_MIME_TYPE); |
| 259 | ERR_add_error_data(2, "type: ", hdr->value); | 266 | ERR_add_error_data(2, "type: ", hdr->value); |
| 260 | sk_pop_free(parts, (stkfree)BIO_free); | 267 | sk_BIO_pop_free(parts, BIO_vfree); |
| 261 | return NULL; | 268 | return NULL; |
| 262 | } | 269 | } |
| 263 | sk_pop_free(headers, mime_hdr_free); | 270 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 264 | /* Read in PKCS#7 */ | 271 | /* Read in PKCS#7 */ |
| 265 | if(!(p7 = B64_read_PKCS7(p7in))) { | 272 | if(!(p7 = B64_read_PKCS7(p7in))) { |
| 266 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); | 273 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_PKCS7_SIG_PARSE_ERROR); |
| 267 | sk_pop_free(parts, (stkfree)BIO_free); | 274 | sk_BIO_pop_free(parts, BIO_vfree); |
| 268 | return NULL; | 275 | return NULL; |
| 269 | } | 276 | } |
| 270 | 277 | ||
| 271 | if(bcont) { | 278 | if(bcont) { |
| 272 | *bcont = (BIO *)sk_value(parts, 0); | 279 | *bcont = sk_BIO_value(parts, 0); |
| 273 | BIO_free(p7in); | 280 | BIO_free(p7in); |
| 274 | sk_free(parts); | 281 | sk_BIO_free(parts); |
| 275 | } else sk_pop_free(parts, (stkfree)BIO_free); | 282 | } else sk_BIO_pop_free(parts, BIO_vfree); |
| 276 | return p7; | 283 | return p7; |
| 277 | } | 284 | } |
| 278 | 285 | ||
| @@ -282,11 +289,11 @@ PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont) | |||
| 282 | strcmp (hdr->value, "application/pkcs7-mime")) { | 289 | strcmp (hdr->value, "application/pkcs7-mime")) { |
| 283 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); | 290 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7,PKCS7_R_INVALID_MIME_TYPE); |
| 284 | ERR_add_error_data(2, "type: ", hdr->value); | 291 | ERR_add_error_data(2, "type: ", hdr->value); |
| 285 | sk_pop_free(headers, mime_hdr_free); | 292 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 286 | return NULL; | 293 | return NULL; |
| 287 | } | 294 | } |
| 288 | 295 | ||
| 289 | sk_pop_free(headers, mime_hdr_free); | 296 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 290 | 297 | ||
| 291 | if(!(p7 = B64_read_PKCS7(bio))) { | 298 | if(!(p7 = B64_read_PKCS7(bio))) { |
| 292 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); | 299 | PKCS7err(PKCS7_F_SMIME_READ_PKCS7, PKCS7_R_PKCS7_PARSE_ERROR); |
| @@ -325,24 +332,25 @@ int SMIME_text(BIO *in, BIO *out) | |||
| 325 | { | 332 | { |
| 326 | char iobuf[4096]; | 333 | char iobuf[4096]; |
| 327 | int len; | 334 | int len; |
| 328 | STACK *headers; | 335 | STACK_OF(MIME_HEADER) *headers; |
| 329 | MIME_HEADER *hdr; | 336 | MIME_HEADER *hdr; |
| 337 | |||
| 330 | if (!(headers = mime_parse_hdr(in))) { | 338 | if (!(headers = mime_parse_hdr(in))) { |
| 331 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); | 339 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_PARSE_ERROR); |
| 332 | return 0; | 340 | return 0; |
| 333 | } | 341 | } |
| 334 | if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { | 342 | if(!(hdr = mime_hdr_find(headers, "content-type")) || !hdr->value) { |
| 335 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); | 343 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_MIME_NO_CONTENT_TYPE); |
| 336 | sk_pop_free(headers, mime_hdr_free); | 344 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 337 | return 0; | 345 | return 0; |
| 338 | } | 346 | } |
| 339 | if (strcmp (hdr->value, "text/plain")) { | 347 | if (strcmp (hdr->value, "text/plain")) { |
| 340 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); | 348 | PKCS7err(PKCS7_F_SMIME_TEXT,PKCS7_R_INVALID_MIME_TYPE); |
| 341 | ERR_add_error_data(2, "type: ", hdr->value); | 349 | ERR_add_error_data(2, "type: ", hdr->value); |
| 342 | sk_pop_free(headers, mime_hdr_free); | 350 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 343 | return 0; | 351 | return 0; |
| 344 | } | 352 | } |
| 345 | sk_pop_free(headers, mime_hdr_free); | 353 | sk_MIME_HEADER_pop_free(headers, mime_hdr_free); |
| 346 | while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) | 354 | while ((len = BIO_read(in, iobuf, sizeof(iobuf))) > 0) |
| 347 | BIO_write(out, iobuf, len); | 355 | BIO_write(out, iobuf, len); |
| 348 | return 1; | 356 | return 1; |
| @@ -352,18 +360,19 @@ int SMIME_text(BIO *in, BIO *out) | |||
| 352 | * canonical parts in a STACK of bios | 360 | * canonical parts in a STACK of bios |
| 353 | */ | 361 | */ |
| 354 | 362 | ||
| 355 | static int multi_split(BIO *bio, char *bound, STACK **ret) | 363 | static int multi_split(BIO *bio, char *bound, STACK_OF(BIO) **ret) |
| 356 | { | 364 | { |
| 357 | char linebuf[MAX_SMLEN]; | 365 | char linebuf[MAX_SMLEN]; |
| 358 | int len, blen; | 366 | int len, blen; |
| 359 | BIO *bpart = NULL; | 367 | BIO *bpart = NULL; |
| 360 | STACK *parts; | 368 | STACK_OF(BIO) *parts; |
| 361 | char state, part, first; | 369 | char state, part, first; |
| 370 | |||
| 362 | blen = strlen(bound); | 371 | blen = strlen(bound); |
| 363 | part = 0; | 372 | part = 0; |
| 364 | state = 0; | 373 | state = 0; |
| 365 | first = 1; | 374 | first = 1; |
| 366 | parts = sk_new(NULL); | 375 | parts = sk_BIO_new_null(); |
| 367 | *ret = parts; | 376 | *ret = parts; |
| 368 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { | 377 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { |
| 369 | state = mime_bound_check(linebuf, len, bound, blen); | 378 | state = mime_bound_check(linebuf, len, bound, blen); |
| @@ -371,12 +380,12 @@ static int multi_split(BIO *bio, char *bound, STACK **ret) | |||
| 371 | first = 1; | 380 | first = 1; |
| 372 | part++; | 381 | part++; |
| 373 | } else if(state == 2) { | 382 | } else if(state == 2) { |
| 374 | sk_push(parts, (char *)bpart); | 383 | sk_BIO_push(parts, bpart); |
| 375 | return 1; | 384 | return 1; |
| 376 | } else if(part) { | 385 | } else if(part) { |
| 377 | if(first) { | 386 | if(first) { |
| 378 | first = 0; | 387 | first = 0; |
| 379 | if(bpart) sk_push(parts, (char *)bpart); | 388 | if(bpart) sk_BIO_push(parts, bpart); |
| 380 | bpart = BIO_new(BIO_s_mem()); | 389 | bpart = BIO_new(BIO_s_mem()); |
| 381 | 390 | ||
| 382 | } else BIO_write(bpart, "\r\n", 2); | 391 | } else BIO_write(bpart, "\r\n", 2); |
| @@ -405,15 +414,16 @@ static int iscrlf(char c) | |||
| 405 | #define MIME_COMMENT 6 | 414 | #define MIME_COMMENT 6 |
| 406 | 415 | ||
| 407 | 416 | ||
| 408 | static STACK *mime_parse_hdr(BIO *bio) | 417 | static STACK_OF(MIME_HEADER) *mime_parse_hdr(BIO *bio) |
| 409 | { | 418 | { |
| 410 | char *p, *q, c; | 419 | char *p, *q, c; |
| 411 | char *ntmp; | 420 | char *ntmp; |
| 412 | char linebuf[MAX_SMLEN]; | 421 | char linebuf[MAX_SMLEN]; |
| 413 | MIME_HEADER *mhdr = NULL; | 422 | MIME_HEADER *mhdr = NULL; |
| 414 | STACK *headers; | 423 | STACK_OF(MIME_HEADER) *headers; |
| 415 | int len, state, save_state = 0; | 424 | int len, state, save_state = 0; |
| 416 | headers = sk_new(mime_hdr_cmp); | 425 | |
| 426 | headers = sk_MIME_HEADER_new(mime_hdr_cmp); | ||
| 417 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { | 427 | while ((len = BIO_gets(bio, linebuf, MAX_SMLEN)) > 0) { |
| 418 | /* If whitespace at line start then continuation line */ | 428 | /* If whitespace at line start then continuation line */ |
| 419 | if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; | 429 | if(mhdr && isspace((unsigned char)linebuf[0])) state = MIME_NAME; |
| @@ -441,7 +451,7 @@ static STACK *mime_parse_hdr(BIO *bio) | |||
| 441 | mime_debug("Found End Value\n"); | 451 | mime_debug("Found End Value\n"); |
| 442 | *p = 0; | 452 | *p = 0; |
| 443 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); | 453 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); |
| 444 | sk_push(headers, (char *)mhdr); | 454 | sk_MIME_HEADER_push(headers, mhdr); |
| 445 | ntmp = NULL; | 455 | ntmp = NULL; |
| 446 | q = p + 1; | 456 | q = p + 1; |
| 447 | state = MIME_NAME; | 457 | state = MIME_NAME; |
| @@ -493,7 +503,7 @@ static STACK *mime_parse_hdr(BIO *bio) | |||
| 493 | 503 | ||
| 494 | if(state == MIME_TYPE) { | 504 | if(state == MIME_TYPE) { |
| 495 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); | 505 | mhdr = mime_hdr_new(ntmp, strip_ends(q)); |
| 496 | sk_push(headers, (char *)mhdr); | 506 | sk_MIME_HEADER_push(headers, mhdr); |
| 497 | } else if(state == MIME_VALUE) | 507 | } else if(state == MIME_VALUE) |
| 498 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); | 508 | mime_hdr_addparam(mhdr, ntmp, strip_ends(q)); |
| 499 | if(p == linebuf) break; /* Blank line means end of headers */ | 509 | if(p == linebuf) break; /* Blank line means end of headers */ |
| @@ -569,11 +579,11 @@ static MIME_HEADER *mime_hdr_new(char *name, char *value) | |||
| 569 | } | 579 | } |
| 570 | } | 580 | } |
| 571 | } else tmpval = NULL; | 581 | } else tmpval = NULL; |
| 572 | mhdr = (MIME_HEADER *) Malloc(sizeof(MIME_HEADER)); | 582 | mhdr = (MIME_HEADER *) OPENSSL_malloc(sizeof(MIME_HEADER)); |
| 573 | if(!mhdr) return NULL; | 583 | if(!mhdr) return NULL; |
| 574 | mhdr->name = tmpname; | 584 | mhdr->name = tmpname; |
| 575 | mhdr->value = tmpval; | 585 | mhdr->value = tmpval; |
| 576 | if(!(mhdr->params = sk_new(mime_param_cmp))) return NULL; | 586 | if(!(mhdr->params = sk_MIME_PARAM_new(mime_param_cmp))) return NULL; |
| 577 | return mhdr; | 587 | return mhdr; |
| 578 | } | 588 | } |
| 579 | 589 | ||
| @@ -598,34 +608,36 @@ static int mime_hdr_addparam(MIME_HEADER *mhdr, char *name, char *value) | |||
| 598 | if(!tmpval) return 0; | 608 | if(!tmpval) return 0; |
| 599 | } else tmpval = NULL; | 609 | } else tmpval = NULL; |
| 600 | /* Parameter values are case sensitive so leave as is */ | 610 | /* Parameter values are case sensitive so leave as is */ |
| 601 | mparam = (MIME_PARAM *) Malloc(sizeof(MIME_PARAM)); | 611 | mparam = (MIME_PARAM *) OPENSSL_malloc(sizeof(MIME_PARAM)); |
| 602 | if(!mparam) return 0; | 612 | if(!mparam) return 0; |
| 603 | mparam->param_name = tmpname; | 613 | mparam->param_name = tmpname; |
| 604 | mparam->param_value = tmpval; | 614 | mparam->param_value = tmpval; |
| 605 | sk_push(mhdr->params, (char *)mparam); | 615 | sk_MIME_PARAM_push(mhdr->params, mparam); |
| 606 | return 1; | 616 | return 1; |
| 607 | } | 617 | } |
| 608 | 618 | ||
| 609 | static int mime_hdr_cmp(MIME_HEADER **a, MIME_HEADER **b) | 619 | static int mime_hdr_cmp(const MIME_HEADER * const *a, |
| 620 | const MIME_HEADER * const *b) | ||
| 610 | { | 621 | { |
| 611 | return(strcmp((*a)->name, (*b)->name)); | 622 | return(strcmp((*a)->name, (*b)->name)); |
| 612 | } | 623 | } |
| 613 | 624 | ||
| 614 | static int mime_param_cmp(MIME_PARAM **a, MIME_PARAM **b) | 625 | static int mime_param_cmp(const MIME_PARAM * const *a, |
| 626 | const MIME_PARAM * const *b) | ||
| 615 | { | 627 | { |
| 616 | return(strcmp((*a)->param_name, (*b)->param_name)); | 628 | return(strcmp((*a)->param_name, (*b)->param_name)); |
| 617 | } | 629 | } |
| 618 | 630 | ||
| 619 | /* Find a header with a given name (if possible) */ | 631 | /* Find a header with a given name (if possible) */ |
| 620 | 632 | ||
| 621 | static MIME_HEADER *mime_hdr_find(STACK *hdrs, char *name) | 633 | static MIME_HEADER *mime_hdr_find(STACK_OF(MIME_HEADER) *hdrs, char *name) |
| 622 | { | 634 | { |
| 623 | MIME_HEADER htmp; | 635 | MIME_HEADER htmp; |
| 624 | int idx; | 636 | int idx; |
| 625 | htmp.name = name; | 637 | htmp.name = name; |
| 626 | idx = sk_find(hdrs, (char *)&htmp); | 638 | idx = sk_MIME_HEADER_find(hdrs, &htmp); |
| 627 | if(idx < 0) return NULL; | 639 | if(idx < 0) return NULL; |
| 628 | return (MIME_HEADER *)sk_value(hdrs, idx); | 640 | return sk_MIME_HEADER_value(hdrs, idx); |
| 629 | } | 641 | } |
| 630 | 642 | ||
| 631 | static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) | 643 | static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) |
| @@ -633,24 +645,24 @@ static MIME_PARAM *mime_param_find(MIME_HEADER *hdr, char *name) | |||
| 633 | MIME_PARAM param; | 645 | MIME_PARAM param; |
| 634 | int idx; | 646 | int idx; |
| 635 | param.param_name = name; | 647 | param.param_name = name; |
| 636 | idx = sk_find(hdr->params, (char *)¶m); | 648 | idx = sk_MIME_PARAM_find(hdr->params, ¶m); |
| 637 | if(idx < 0) return NULL; | 649 | if(idx < 0) return NULL; |
| 638 | return (MIME_PARAM *)sk_value(hdr->params, idx); | 650 | return sk_MIME_PARAM_value(hdr->params, idx); |
| 639 | } | 651 | } |
| 640 | 652 | ||
| 641 | static void mime_hdr_free(MIME_HEADER *hdr) | 653 | static void mime_hdr_free(MIME_HEADER *hdr) |
| 642 | { | 654 | { |
| 643 | if(hdr->name) Free(hdr->name); | 655 | if(hdr->name) OPENSSL_free(hdr->name); |
| 644 | if(hdr->value) Free(hdr->value); | 656 | if(hdr->value) OPENSSL_free(hdr->value); |
| 645 | if(hdr->params) sk_pop_free(hdr->params, mime_param_free); | 657 | if(hdr->params) sk_MIME_PARAM_pop_free(hdr->params, mime_param_free); |
| 646 | Free(hdr); | 658 | OPENSSL_free(hdr); |
| 647 | } | 659 | } |
| 648 | 660 | ||
| 649 | static void mime_param_free(MIME_PARAM *param) | 661 | static void mime_param_free(MIME_PARAM *param) |
| 650 | { | 662 | { |
| 651 | if(param->param_name) Free(param->param_name); | 663 | if(param->param_name) OPENSSL_free(param->param_name); |
| 652 | if(param->param_value) Free(param->param_value); | 664 | if(param->param_value) OPENSSL_free(param->param_value); |
| 653 | Free(param); | 665 | OPENSSL_free(param); |
| 654 | } | 666 | } |
| 655 | 667 | ||
| 656 | /* Check for a multipart boundary. Returns: | 668 | /* Check for a multipart boundary. Returns: |
diff --git a/src/lib/libcrypto/pkcs7/pk7_smime.c b/src/lib/libcrypto/pkcs7/pk7_smime.c index b41f42ed04..f0d071e282 100644 --- a/src/lib/libcrypto/pkcs7/pk7_smime.c +++ b/src/lib/libcrypto/pkcs7/pk7_smime.c | |||
| @@ -64,12 +64,12 @@ | |||
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | 66 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
| 67 | BIO *data, int flags) | 67 | BIO *data, int flags) |
| 68 | { | 68 | { |
| 69 | PKCS7 *p7; | 69 | PKCS7 *p7; |
| 70 | PKCS7_SIGNER_INFO *si; | 70 | PKCS7_SIGNER_INFO *si; |
| 71 | BIO *p7bio; | 71 | BIO *p7bio; |
| 72 | STACK *smcap; | 72 | STACK_OF(X509_ALGOR) *smcap; |
| 73 | int i; | 73 | int i; |
| 74 | 74 | ||
| 75 | if(!X509_check_private_key(signcert, pkey)) { | 75 | if(!X509_check_private_key(signcert, pkey)) { |
| @@ -109,25 +109,28 @@ PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, | |||
| 109 | PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, | 109 | PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, |
| 110 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); | 110 | V_ASN1_OBJECT, OBJ_nid2obj(NID_pkcs7_data)); |
| 111 | /* Add SMIMECapabilities */ | 111 | /* Add SMIMECapabilities */ |
| 112 | if(!(smcap = sk_new(NULL))) { | 112 | if(!(flags & PKCS7_NOSMIMECAP)) |
| 113 | { | ||
| 114 | if(!(smcap = sk_X509_ALGOR_new_null())) { | ||
| 113 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); | 115 | PKCS7err(PKCS7_F_PKCS7_SIGN,ERR_R_MALLOC_FAILURE); |
| 114 | return NULL; | 116 | return NULL; |
| 115 | } | 117 | } |
| 116 | #ifndef NO_DES | 118 | #ifndef OPENSSL_NO_DES |
| 117 | PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); | 119 | PKCS7_simple_smimecap (smcap, NID_des_ede3_cbc, -1); |
| 118 | #endif | 120 | #endif |
| 119 | #ifndef NO_RC2 | 121 | #ifndef OPENSSL_NO_RC2 |
| 120 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); | 122 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 128); |
| 121 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); | 123 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 64); |
| 122 | #endif | 124 | #endif |
| 123 | #ifndef NO_DES | 125 | #ifndef OPENSSL_NO_DES |
| 124 | PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); | 126 | PKCS7_simple_smimecap (smcap, NID_des_cbc, -1); |
| 125 | #endif | 127 | #endif |
| 126 | #ifndef NO_RC2 | 128 | #ifndef OPENSSL_NO_RC2 |
| 127 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); | 129 | PKCS7_simple_smimecap (smcap, NID_rc2_cbc, 40); |
| 128 | #endif | 130 | #endif |
| 129 | PKCS7_add_attrib_smimecap (si, smcap); | 131 | PKCS7_add_attrib_smimecap (si, smcap); |
| 130 | sk_pop_free(smcap, X509_ALGOR_free); | 132 | sk_X509_ALGOR_pop_free(smcap, X509_ALGOR_free); |
| 133 | } | ||
| 131 | } | 134 | } |
| 132 | 135 | ||
| 133 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); | 136 | if(flags & PKCS7_DETACHED)PKCS7_set_detached(p7, 1); |
| @@ -150,7 +153,7 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 150 | PKCS7_SIGNER_INFO *si; | 153 | PKCS7_SIGNER_INFO *si; |
| 151 | X509_STORE_CTX cert_ctx; | 154 | X509_STORE_CTX cert_ctx; |
| 152 | char buf[4096]; | 155 | char buf[4096]; |
| 153 | int i, j=0; | 156 | int i, j=0, k, ret = 0; |
| 154 | BIO *p7bio; | 157 | BIO *p7bio; |
| 155 | BIO *tmpout; | 158 | BIO *tmpout; |
| 156 | 159 | ||
| @@ -169,12 +172,17 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 169 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); | 172 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_NO_CONTENT); |
| 170 | return 0; | 173 | return 0; |
| 171 | } | 174 | } |
| 175 | #if 0 | ||
| 176 | /* NB: this test commented out because some versions of Netscape | ||
| 177 | * illegally include zero length content when signing data. | ||
| 178 | */ | ||
| 172 | 179 | ||
| 173 | /* Check for data and content: two sets of data */ | 180 | /* Check for data and content: two sets of data */ |
| 174 | if(!PKCS7_get_detached(p7) && indata) { | 181 | if(!PKCS7_get_detached(p7) && indata) { |
| 175 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); | 182 | PKCS7err(PKCS7_F_PKCS7_VERIFY,PKCS7_R_CONTENT_AND_DATA_PRESENT); |
| 176 | return 0; | 183 | return 0; |
| 177 | } | 184 | } |
| 185 | #endif | ||
| 178 | 186 | ||
| 179 | sinfos = PKCS7_get_signer_info(p7); | 187 | sinfos = PKCS7_get_signer_info(p7); |
| 180 | 188 | ||
| @@ -190,14 +198,23 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 190 | 198 | ||
| 191 | /* Now verify the certificates */ | 199 | /* Now verify the certificates */ |
| 192 | 200 | ||
| 193 | if (!(flags & PKCS7_NOVERIFY)) for (i = 0; i < sk_X509_num(signers); i++) { | 201 | if (!(flags & PKCS7_NOVERIFY)) for (k = 0; k < sk_X509_num(signers); k++) { |
| 194 | signer = sk_X509_value (signers, i); | 202 | signer = sk_X509_value (signers, k); |
| 195 | if (!(flags & PKCS7_NOCHAIN)) { | 203 | if (!(flags & PKCS7_NOCHAIN)) { |
| 196 | X509_STORE_CTX_init(&cert_ctx, store, signer, | 204 | if(!X509_STORE_CTX_init(&cert_ctx, store, signer, |
| 197 | p7->d.sign->cert); | 205 | p7->d.sign->cert)) |
| 206 | { | ||
| 207 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); | ||
| 208 | sk_X509_free(signers); | ||
| 209 | return 0; | ||
| 210 | } | ||
| 198 | X509_STORE_CTX_set_purpose(&cert_ctx, | 211 | X509_STORE_CTX_set_purpose(&cert_ctx, |
| 199 | X509_PURPOSE_SMIME_SIGN); | 212 | X509_PURPOSE_SMIME_SIGN); |
| 200 | } else X509_STORE_CTX_init (&cert_ctx, store, signer, NULL); | 213 | } else if(!X509_STORE_CTX_init (&cert_ctx, store, signer, NULL)) { |
| 214 | PKCS7err(PKCS7_F_PKCS7_VERIFY,ERR_R_X509_LIB); | ||
| 215 | sk_X509_free(signers); | ||
| 216 | return 0; | ||
| 217 | } | ||
| 201 | i = X509_verify_cert(&cert_ctx); | 218 | i = X509_verify_cert(&cert_ctx); |
| 202 | if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); | 219 | if (i <= 0) j = X509_STORE_CTX_get_error(&cert_ctx); |
| 203 | X509_STORE_CTX_cleanup(&cert_ctx); | 220 | X509_STORE_CTX_cleanup(&cert_ctx); |
| @@ -250,18 +267,15 @@ int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, | |||
| 250 | } | 267 | } |
| 251 | } | 268 | } |
| 252 | 269 | ||
| 253 | sk_X509_free(signers); | 270 | ret = 1; |
| 254 | if(indata) BIO_pop(p7bio); | ||
| 255 | BIO_free_all(p7bio); | ||
| 256 | |||
| 257 | return 1; | ||
| 258 | 271 | ||
| 259 | err: | 272 | err: |
| 260 | 273 | ||
| 274 | if(indata) BIO_pop(p7bio); | ||
| 275 | BIO_free_all(p7bio); | ||
| 261 | sk_X509_free(signers); | 276 | sk_X509_free(signers); |
| 262 | BIO_free(p7bio); | ||
| 263 | 277 | ||
| 264 | return 0; | 278 | return ret; |
| 265 | } | 279 | } |
| 266 | 280 | ||
| 267 | STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | 281 | STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) |
| @@ -282,7 +296,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 282 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); | 296 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,PKCS7_R_WRONG_CONTENT_TYPE); |
| 283 | return NULL; | 297 | return NULL; |
| 284 | } | 298 | } |
| 285 | if(!(signers = sk_X509_new(NULL))) { | 299 | if(!(signers = sk_X509_new_null())) { |
| 286 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); | 300 | PKCS7err(PKCS7_F_PKCS7_GET0_SIGNERS,ERR_R_MALLOC_FAILURE); |
| 287 | return NULL; | 301 | return NULL; |
| 288 | } | 302 | } |
| @@ -322,7 +336,7 @@ STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags) | |||
| 322 | 336 | ||
| 323 | /* Build a complete PKCS#7 enveloped data */ | 337 | /* Build a complete PKCS#7 enveloped data */ |
| 324 | 338 | ||
| 325 | PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, EVP_CIPHER *cipher, | 339 | PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, |
| 326 | int flags) | 340 | int flags) |
| 327 | { | 341 | { |
| 328 | PKCS7 *p7; | 342 | PKCS7 *p7; |
diff --git a/src/lib/libcrypto/pkcs7/pkcs7.h b/src/lib/libcrypto/pkcs7/pkcs7.h index ee12f670a8..5819700a85 100644 --- a/src/lib/libcrypto/pkcs7/pkcs7.h +++ b/src/lib/libcrypto/pkcs7/pkcs7.h | |||
| @@ -59,12 +59,22 @@ | |||
| 59 | #ifndef HEADER_PKCS7_H | 59 | #ifndef HEADER_PKCS7_H |
| 60 | #define HEADER_PKCS7_H | 60 | #define HEADER_PKCS7_H |
| 61 | 61 | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | #include <openssl/bio.h> | ||
| 64 | #include <openssl/e_os2.h> | ||
| 65 | |||
| 66 | #include <openssl/symhacks.h> | ||
| 67 | #include <openssl/ossl_typ.h> | ||
| 68 | |||
| 62 | #ifdef __cplusplus | 69 | #ifdef __cplusplus |
| 63 | extern "C" { | 70 | extern "C" { |
| 64 | #endif | 71 | #endif |
| 65 | 72 | ||
| 66 | #include "bio.h" | 73 | #ifdef OPENSSL_SYS_WIN32 |
| 67 | #include "x509.h" | 74 | /* Under Win32 thes are defined in wincrypt.h */ |
| 75 | #undef PKCS7_ISSUER_AND_SERIAL | ||
| 76 | #undef PKCS7_SIGNER_INFO | ||
| 77 | #endif | ||
| 68 | 78 | ||
| 69 | /* | 79 | /* |
| 70 | Encryption_ID DES-CBC | 80 | Encryption_ID DES-CBC |
| @@ -84,15 +94,18 @@ typedef struct pkcs7_signer_info_st | |||
| 84 | ASN1_INTEGER *version; /* version 1 */ | 94 | ASN1_INTEGER *version; /* version 1 */ |
| 85 | PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; | 95 | PKCS7_ISSUER_AND_SERIAL *issuer_and_serial; |
| 86 | X509_ALGOR *digest_alg; | 96 | X509_ALGOR *digest_alg; |
| 87 | STACK /* X509_ATTRIBUTE */ *auth_attr; /* [ 0 ] */ | 97 | STACK_OF(X509_ATTRIBUTE) *auth_attr; /* [ 0 ] */ |
| 88 | X509_ALGOR *digest_enc_alg; | 98 | X509_ALGOR *digest_enc_alg; |
| 89 | ASN1_OCTET_STRING *enc_digest; | 99 | ASN1_OCTET_STRING *enc_digest; |
| 90 | STACK /* X509_ATTRIBUTE */ *unauth_attr; /* [ 1 ] */ | 100 | STACK_OF(X509_ATTRIBUTE) *unauth_attr; /* [ 1 ] */ |
| 91 | 101 | ||
| 92 | /* The private key to sign with */ | 102 | /* The private key to sign with */ |
| 93 | EVP_PKEY *pkey; | 103 | EVP_PKEY *pkey; |
| 94 | } PKCS7_SIGNER_INFO; | 104 | } PKCS7_SIGNER_INFO; |
| 95 | 105 | ||
| 106 | DECLARE_STACK_OF(PKCS7_SIGNER_INFO) | ||
| 107 | DECLARE_ASN1_SET_OF(PKCS7_SIGNER_INFO) | ||
| 108 | |||
| 96 | typedef struct pkcs7_recip_info_st | 109 | typedef struct pkcs7_recip_info_st |
| 97 | { | 110 | { |
| 98 | ASN1_INTEGER *version; /* version 0 */ | 111 | ASN1_INTEGER *version; /* version 0 */ |
| @@ -102,13 +115,16 @@ typedef struct pkcs7_recip_info_st | |||
| 102 | X509 *cert; /* get the pub-key from this */ | 115 | X509 *cert; /* get the pub-key from this */ |
| 103 | } PKCS7_RECIP_INFO; | 116 | } PKCS7_RECIP_INFO; |
| 104 | 117 | ||
| 118 | DECLARE_STACK_OF(PKCS7_RECIP_INFO) | ||
| 119 | DECLARE_ASN1_SET_OF(PKCS7_RECIP_INFO) | ||
| 120 | |||
| 105 | typedef struct pkcs7_signed_st | 121 | typedef struct pkcs7_signed_st |
| 106 | { | 122 | { |
| 107 | ASN1_INTEGER *version; /* version 1 */ | 123 | ASN1_INTEGER *version; /* version 1 */ |
| 108 | STACK /* X509_ALGOR's */ *md_algs; /* md used */ | 124 | STACK_OF(X509_ALGOR) *md_algs; /* md used */ |
| 109 | STACK /* X509 */ *cert; /* [ 0 ] */ | 125 | STACK_OF(X509) *cert; /* [ 0 ] */ |
| 110 | STACK /* X509_CRL */ *crl; /* [ 1 ] */ | 126 | STACK_OF(X509_CRL) *crl; /* [ 1 ] */ |
| 111 | STACK /* PKCS7_SIGNER_INFO */ *signer_info; | 127 | STACK_OF(PKCS7_SIGNER_INFO) *signer_info; |
| 112 | 128 | ||
| 113 | struct pkcs7_st *contents; | 129 | struct pkcs7_st *contents; |
| 114 | } PKCS7_SIGNED; | 130 | } PKCS7_SIGNED; |
| @@ -120,25 +136,26 @@ typedef struct pkcs7_enc_content_st | |||
| 120 | ASN1_OBJECT *content_type; | 136 | ASN1_OBJECT *content_type; |
| 121 | X509_ALGOR *algorithm; | 137 | X509_ALGOR *algorithm; |
| 122 | ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ | 138 | ASN1_OCTET_STRING *enc_data; /* [ 0 ] */ |
| 139 | const EVP_CIPHER *cipher; | ||
| 123 | } PKCS7_ENC_CONTENT; | 140 | } PKCS7_ENC_CONTENT; |
| 124 | 141 | ||
| 125 | typedef struct pkcs7_enveloped_st | 142 | typedef struct pkcs7_enveloped_st |
| 126 | { | 143 | { |
| 127 | ASN1_INTEGER *version; /* version 0 */ | 144 | ASN1_INTEGER *version; /* version 0 */ |
| 128 | STACK /* PKCS7_RECIP_INFO */ *recipientinfo; | 145 | STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; |
| 129 | PKCS7_ENC_CONTENT *enc_data; | 146 | PKCS7_ENC_CONTENT *enc_data; |
| 130 | } PKCS7_ENVELOPE; | 147 | } PKCS7_ENVELOPE; |
| 131 | 148 | ||
| 132 | typedef struct pkcs7_signedandenveloped_st | 149 | typedef struct pkcs7_signedandenveloped_st |
| 133 | { | 150 | { |
| 134 | ASN1_INTEGER *version; /* version 1 */ | 151 | ASN1_INTEGER *version; /* version 1 */ |
| 135 | STACK /* X509_ALGOR's */ *md_algs; /* md used */ | 152 | STACK_OF(X509_ALGOR) *md_algs; /* md used */ |
| 136 | STACK /* X509 */ *cert; /* [ 0 ] */ | 153 | STACK_OF(X509) *cert; /* [ 0 ] */ |
| 137 | STACK /* X509_CRL */ *crl; /* [ 1 ] */ | 154 | STACK_OF(X509_CRL) *crl; /* [ 1 ] */ |
| 138 | STACK /* PKCS7_SIGNER_INFO */ *signer_info; | 155 | STACK_OF(PKCS7_SIGNER_INFO) *signer_info; |
| 139 | 156 | ||
| 140 | PKCS7_ENC_CONTENT *enc_data; | 157 | PKCS7_ENC_CONTENT *enc_data; |
| 141 | STACK /* PKCS7_RECIP_INFO */ *recipientinfo; | 158 | STACK_OF(PKCS7_RECIP_INFO) *recipientinfo; |
| 142 | } PKCS7_SIGN_ENVELOPE; | 159 | } PKCS7_SIGN_ENVELOPE; |
| 143 | 160 | ||
| 144 | typedef struct pkcs7_digest_st | 161 | typedef struct pkcs7_digest_st |
| @@ -193,13 +210,27 @@ typedef struct pkcs7_st | |||
| 193 | 210 | ||
| 194 | /* NID_pkcs7_encrypted */ | 211 | /* NID_pkcs7_encrypted */ |
| 195 | PKCS7_ENCRYPT *encrypted; | 212 | PKCS7_ENCRYPT *encrypted; |
| 213 | |||
| 214 | /* Anything else */ | ||
| 215 | ASN1_TYPE *other; | ||
| 196 | } d; | 216 | } d; |
| 197 | } PKCS7; | 217 | } PKCS7; |
| 198 | 218 | ||
| 219 | DECLARE_STACK_OF(PKCS7) | ||
| 220 | DECLARE_ASN1_SET_OF(PKCS7) | ||
| 221 | DECLARE_PKCS12_STACK_OF(PKCS7) | ||
| 222 | |||
| 199 | #define PKCS7_OP_SET_DETACHED_SIGNATURE 1 | 223 | #define PKCS7_OP_SET_DETACHED_SIGNATURE 1 |
| 200 | #define PKCS7_OP_GET_DETACHED_SIGNATURE 2 | 224 | #define PKCS7_OP_GET_DETACHED_SIGNATURE 2 |
| 201 | 225 | ||
| 226 | #define PKCS7_get_signed_attributes(si) ((si)->auth_attr) | ||
| 227 | #define PKCS7_get_attributes(si) ((si)->unauth_attr) | ||
| 228 | |||
| 202 | #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) | 229 | #define PKCS7_type_is_signed(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_signed) |
| 230 | #define PKCS7_type_is_encrypted(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_encrypted) | ||
| 231 | #define PKCS7_type_is_enveloped(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_enveloped) | ||
| 232 | #define PKCS7_type_is_signedAndEnveloped(a) \ | ||
| 233 | (OBJ_obj2nid((a)->type) == NID_pkcs7_signedAndEnveloped) | ||
| 203 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) | 234 | #define PKCS7_type_is_data(a) (OBJ_obj2nid((a)->type) == NID_pkcs7_data) |
| 204 | 235 | ||
| 205 | #define PKCS7_set_detached(p,v) \ | 236 | #define PKCS7_set_detached(p,v) \ |
| @@ -207,101 +238,67 @@ typedef struct pkcs7_st | |||
| 207 | #define PKCS7_get_detached(p) \ | 238 | #define PKCS7_get_detached(p) \ |
| 208 | PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) | 239 | PKCS7_ctrl(p,PKCS7_OP_GET_DETACHED_SIGNATURE,0,NULL) |
| 209 | 240 | ||
| 210 | #ifdef SSLEAY_MACROS | 241 | #define PKCS7_is_detached(p7) (PKCS7_type_is_signed(p7) && PKCS7_get_detached(p7)) |
| 211 | 242 | ||
| 243 | #ifdef SSLEAY_MACROS | ||
| 244 | #ifndef PKCS7_ISSUER_AND_SERIAL_digest | ||
| 212 | #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ | 245 | #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ |
| 213 | ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ | 246 | ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ |
| 214 | (char *)data,md,len) | 247 | (char *)data,md,len) |
| 215 | #endif | 248 | #endif |
| 249 | #endif | ||
| 216 | 250 | ||
| 217 | 251 | /* S/MIME related flags */ | |
| 218 | #ifndef NOPROTO | 252 | |
| 219 | PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(void ); | 253 | #define PKCS7_TEXT 0x1 |
| 220 | void PKCS7_ISSUER_AND_SERIAL_free( | 254 | #define PKCS7_NOCERTS 0x2 |
| 221 | PKCS7_ISSUER_AND_SERIAL *a); | 255 | #define PKCS7_NOSIGS 0x4 |
| 222 | int i2d_PKCS7_ISSUER_AND_SERIAL( | 256 | #define PKCS7_NOCHAIN 0x8 |
| 223 | PKCS7_ISSUER_AND_SERIAL *a,unsigned char **pp); | 257 | #define PKCS7_NOINTERN 0x10 |
| 224 | PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL( | 258 | #define PKCS7_NOVERIFY 0x20 |
| 225 | PKCS7_ISSUER_AND_SERIAL **a, | 259 | #define PKCS7_DETACHED 0x40 |
| 226 | unsigned char **pp, long length); | 260 | #define PKCS7_BINARY 0x80 |
| 261 | #define PKCS7_NOATTR 0x100 | ||
| 262 | #define PKCS7_NOSMIMECAP 0x200 | ||
| 263 | |||
| 264 | /* Flags: for compatibility with older code */ | ||
| 265 | |||
| 266 | #define SMIME_TEXT PKCS7_TEXT | ||
| 267 | #define SMIME_NOCERTS PKCS7_NOCERTS | ||
| 268 | #define SMIME_NOSIGS PKCS7_NOSIGS | ||
| 269 | #define SMIME_NOCHAIN PKCS7_NOCHAIN | ||
| 270 | #define SMIME_NOINTERN PKCS7_NOINTERN | ||
| 271 | #define SMIME_NOVERIFY PKCS7_NOVERIFY | ||
| 272 | #define SMIME_DETACHED PKCS7_DETACHED | ||
| 273 | #define SMIME_BINARY PKCS7_BINARY | ||
| 274 | #define SMIME_NOATTR PKCS7_NOATTR | ||
| 275 | |||
| 276 | DECLARE_ASN1_FUNCTIONS(PKCS7_ISSUER_AND_SERIAL) | ||
| 227 | 277 | ||
| 228 | #ifndef SSLEAY_MACROS | 278 | #ifndef SSLEAY_MACROS |
| 229 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,EVP_MD *type, | 279 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data,const EVP_MD *type, |
| 230 | unsigned char *md,unsigned int *len); | 280 | unsigned char *md,unsigned int *len); |
| 231 | #ifndef NO_FP_API | 281 | #ifndef OPENSSL_NO_FP_API |
| 232 | PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 *p7); | 282 | PKCS7 *d2i_PKCS7_fp(FILE *fp,PKCS7 **p7); |
| 233 | int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); | 283 | int i2d_PKCS7_fp(FILE *fp,PKCS7 *p7); |
| 234 | #endif | 284 | #endif |
| 235 | PKCS7 *PKCS7_dup(PKCS7 *p7); | 285 | PKCS7 *PKCS7_dup(PKCS7 *p7); |
| 236 | PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 *p7); | 286 | PKCS7 *d2i_PKCS7_bio(BIO *bp,PKCS7 **p7); |
| 237 | int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); | 287 | int i2d_PKCS7_bio(BIO *bp,PKCS7 *p7); |
| 238 | #endif | 288 | #endif |
| 239 | 289 | ||
| 240 | PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(void); | 290 | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNER_INFO) |
| 241 | void PKCS7_SIGNER_INFO_free(PKCS7_SIGNER_INFO *a); | 291 | DECLARE_ASN1_FUNCTIONS(PKCS7_RECIP_INFO) |
| 242 | int i2d_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO *a, | 292 | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGNED) |
| 243 | unsigned char **pp); | 293 | DECLARE_ASN1_FUNCTIONS(PKCS7_ENC_CONTENT) |
| 244 | PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(PKCS7_SIGNER_INFO **a, | 294 | DECLARE_ASN1_FUNCTIONS(PKCS7_ENVELOPE) |
| 245 | unsigned char **pp,long length); | 295 | DECLARE_ASN1_FUNCTIONS(PKCS7_SIGN_ENVELOPE) |
| 246 | 296 | DECLARE_ASN1_FUNCTIONS(PKCS7_DIGEST) | |
| 247 | PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(void); | 297 | DECLARE_ASN1_FUNCTIONS(PKCS7_ENCRYPT) |
| 248 | void PKCS7_RECIP_INFO_free(PKCS7_RECIP_INFO *a); | 298 | DECLARE_ASN1_FUNCTIONS(PKCS7) |
| 249 | int i2d_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO *a, | ||
| 250 | unsigned char **pp); | ||
| 251 | PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(PKCS7_RECIP_INFO **a, | ||
| 252 | unsigned char **pp,long length); | ||
| 253 | |||
| 254 | PKCS7_SIGNED *PKCS7_SIGNED_new(void); | ||
| 255 | void PKCS7_SIGNED_free(PKCS7_SIGNED *a); | ||
| 256 | int i2d_PKCS7_SIGNED(PKCS7_SIGNED *a, | ||
| 257 | unsigned char **pp); | ||
| 258 | PKCS7_SIGNED *d2i_PKCS7_SIGNED(PKCS7_SIGNED **a, | ||
| 259 | unsigned char **pp,long length); | ||
| 260 | |||
| 261 | PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(void); | ||
| 262 | void PKCS7_ENC_CONTENT_free(PKCS7_ENC_CONTENT *a); | ||
| 263 | int i2d_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT *a, | ||
| 264 | unsigned char **pp); | ||
| 265 | PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(PKCS7_ENC_CONTENT **a, | ||
| 266 | unsigned char **pp,long length); | ||
| 267 | |||
| 268 | PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(void); | ||
| 269 | void PKCS7_ENVELOPE_free(PKCS7_ENVELOPE *a); | ||
| 270 | int i2d_PKCS7_ENVELOPE(PKCS7_ENVELOPE *a, | ||
| 271 | unsigned char **pp); | ||
| 272 | PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(PKCS7_ENVELOPE **a, | ||
| 273 | unsigned char **pp,long length); | ||
| 274 | |||
| 275 | PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(void); | ||
| 276 | void PKCS7_SIGN_ENVELOPE_free(PKCS7_SIGN_ENVELOPE *a); | ||
| 277 | int i2d_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE *a, | ||
| 278 | unsigned char **pp); | ||
| 279 | PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(PKCS7_SIGN_ENVELOPE **a, | ||
| 280 | unsigned char **pp,long length); | ||
| 281 | |||
| 282 | PKCS7_DIGEST *PKCS7_DIGEST_new(void); | ||
| 283 | void PKCS7_DIGEST_free(PKCS7_DIGEST *a); | ||
| 284 | int i2d_PKCS7_DIGEST(PKCS7_DIGEST *a, | ||
| 285 | unsigned char **pp); | ||
| 286 | PKCS7_DIGEST *d2i_PKCS7_DIGEST(PKCS7_DIGEST **a, | ||
| 287 | unsigned char **pp,long length); | ||
| 288 | |||
| 289 | PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(void); | ||
| 290 | void PKCS7_ENCRYPT_free(PKCS7_ENCRYPT *a); | ||
| 291 | int i2d_PKCS7_ENCRYPT(PKCS7_ENCRYPT *a, | ||
| 292 | unsigned char **pp); | ||
| 293 | PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(PKCS7_ENCRYPT **a, | ||
| 294 | unsigned char **pp,long length); | ||
| 295 | |||
| 296 | PKCS7 *PKCS7_new(void); | ||
| 297 | void PKCS7_free(PKCS7 *a); | ||
| 298 | void PKCS7_content_free(PKCS7 *a); | ||
| 299 | int i2d_PKCS7(PKCS7 *a, | ||
| 300 | unsigned char **pp); | ||
| 301 | PKCS7 *d2i_PKCS7(PKCS7 **a, | ||
| 302 | unsigned char **pp,long length); | ||
| 303 | 299 | ||
| 304 | void ERR_load_PKCS7_strings(void); | 300 | DECLARE_ASN1_ITEM(PKCS7_ATTR_SIGN) |
| 301 | DECLARE_ASN1_ITEM(PKCS7_ATTR_VERIFY) | ||
| 305 | 302 | ||
| 306 | 303 | ||
| 307 | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); | 304 | long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); |
| @@ -309,141 +306,144 @@ long PKCS7_ctrl(PKCS7 *p7, int cmd, long larg, char *parg); | |||
| 309 | int PKCS7_set_type(PKCS7 *p7, int type); | 306 | int PKCS7_set_type(PKCS7 *p7, int type); |
| 310 | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); | 307 | int PKCS7_set_content(PKCS7 *p7, PKCS7 *p7_data); |
| 311 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, | 308 | int PKCS7_SIGNER_INFO_set(PKCS7_SIGNER_INFO *p7i, X509 *x509, EVP_PKEY *pkey, |
| 312 | EVP_MD *dgst); | 309 | const EVP_MD *dgst); |
| 313 | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); | 310 | int PKCS7_add_signer(PKCS7 *p7, PKCS7_SIGNER_INFO *p7i); |
| 314 | int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); | 311 | int PKCS7_add_certificate(PKCS7 *p7, X509 *x509); |
| 315 | int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); | 312 | int PKCS7_add_crl(PKCS7 *p7, X509_CRL *x509); |
| 316 | int PKCS7_content_new(PKCS7 *p7, int nid); | 313 | int PKCS7_content_new(PKCS7 *p7, int nid); |
| 317 | int PKCS7_dataSign(PKCS7 *p7, BIO *bio); | ||
| 318 | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, | 314 | int PKCS7_dataVerify(X509_STORE *cert_store, X509_STORE_CTX *ctx, |
| 319 | BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); | 315 | BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si); |
| 316 | int PKCS7_signatureVerify(BIO *bio, PKCS7 *p7, PKCS7_SIGNER_INFO *si, | ||
| 317 | X509 *x509); | ||
| 320 | 318 | ||
| 321 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); | 319 | BIO *PKCS7_dataInit(PKCS7 *p7, BIO *bio); |
| 322 | /*int PKCS7_DataFinal(PKCS7 *p7, BIO *bio); */ | 320 | int PKCS7_dataFinal(PKCS7 *p7, BIO *bio); |
| 321 | BIO *PKCS7_dataDecode(PKCS7 *p7, EVP_PKEY *pkey, BIO *in_bio, X509 *pcert); | ||
| 322 | |||
| 323 | 323 | ||
| 324 | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, | 324 | PKCS7_SIGNER_INFO *PKCS7_add_signature(PKCS7 *p7, X509 *x509, |
| 325 | EVP_PKEY *pkey, EVP_MD *dgst); | 325 | EVP_PKEY *pkey, const EVP_MD *dgst); |
| 326 | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); | 326 | X509 *PKCS7_cert_from_signer_info(PKCS7 *p7, PKCS7_SIGNER_INFO *si); |
| 327 | STACK *PKCS7_get_signer_info(PKCS7 *p7); | 327 | STACK_OF(PKCS7_SIGNER_INFO) *PKCS7_get_signer_info(PKCS7 *p7); |
| 328 | 328 | ||
| 329 | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); | 329 | PKCS7_RECIP_INFO *PKCS7_add_recipient(PKCS7 *p7, X509 *x509); |
| 330 | int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); | 330 | int PKCS7_add_recipient_info(PKCS7 *p7, PKCS7_RECIP_INFO *ri); |
| 331 | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); | 331 | int PKCS7_RECIP_INFO_set(PKCS7_RECIP_INFO *p7i, X509 *x509); |
| 332 | int PKCS7_set_cipher(PKCS7 *p7, EVP_CIPHER *cipher); | 332 | int PKCS7_set_cipher(PKCS7 *p7, const EVP_CIPHER *cipher); |
| 333 | 333 | ||
| 334 | 334 | PKCS7_ISSUER_AND_SERIAL *PKCS7_get_issuer_and_serial(PKCS7 *p7, int idx); | |
| 335 | 335 | ASN1_OCTET_STRING *PKCS7_digest_from_attributes(STACK_OF(X509_ATTRIBUTE) *sk); | |
| 336 | #else | 336 | int PKCS7_add_signed_attribute(PKCS7_SIGNER_INFO *p7si,int nid,int type, |
| 337 | 337 | void *data); | |
| 338 | PKCS7_ISSUER_AND_SERIAL *PKCS7_ISSUER_AND_SERIAL_new(); | 338 | int PKCS7_add_attribute (PKCS7_SIGNER_INFO *p7si, int nid, int atrtype, |
| 339 | void PKCS7_ISSUER_AND_SERIAL_free(); | 339 | void *value); |
| 340 | int i2d_PKCS7_ISSUER_AND_SERIAL(); | 340 | ASN1_TYPE *PKCS7_get_attribute(PKCS7_SIGNER_INFO *si, int nid); |
| 341 | PKCS7_ISSUER_AND_SERIAL *d2i_PKCS7_ISSUER_AND_SERIAL(); | 341 | ASN1_TYPE *PKCS7_get_signed_attribute(PKCS7_SIGNER_INFO *si, int nid); |
| 342 | 342 | int PKCS7_set_signed_attributes(PKCS7_SIGNER_INFO *p7si, | |
| 343 | #ifndef SSLEAY_MACROS | 343 | STACK_OF(X509_ATTRIBUTE) *sk); |
| 344 | int PKCS7_ISSUER_AND_SERIAL_digest(); | 344 | int PKCS7_set_attributes(PKCS7_SIGNER_INFO *p7si,STACK_OF(X509_ATTRIBUTE) *sk); |
| 345 | #ifndef NO_FP_API | 345 | |
| 346 | PKCS7 *d2i_PKCS7_fp(); | 346 | |
| 347 | int i2d_PKCS7_fp(); | 347 | PKCS7 *PKCS7_sign(X509 *signcert, EVP_PKEY *pkey, STACK_OF(X509) *certs, |
| 348 | #endif | 348 | BIO *data, int flags); |
| 349 | PKCS7 *PKCS7_dup(); | 349 | int PKCS7_verify(PKCS7 *p7, STACK_OF(X509) *certs, X509_STORE *store, |
| 350 | PKCS7 *d2i_PKCS7_bio(); | 350 | BIO *indata, BIO *out, int flags); |
| 351 | int i2d_PKCS7_bio(); | 351 | STACK_OF(X509) *PKCS7_get0_signers(PKCS7 *p7, STACK_OF(X509) *certs, int flags); |
| 352 | 352 | PKCS7 *PKCS7_encrypt(STACK_OF(X509) *certs, BIO *in, const EVP_CIPHER *cipher, | |
| 353 | #endif | 353 | int flags); |
| 354 | 354 | int PKCS7_decrypt(PKCS7 *p7, EVP_PKEY *pkey, X509 *cert, BIO *data, int flags); | |
| 355 | PKCS7_SIGNER_INFO *PKCS7_SIGNER_INFO_new(); | 355 | |
| 356 | void PKCS7_SIGNER_INFO_free(); | 356 | int PKCS7_add_attrib_smimecap(PKCS7_SIGNER_INFO *si, |
| 357 | int i2d_PKCS7_SIGNER_INFO(); | 357 | STACK_OF(X509_ALGOR) *cap); |
| 358 | PKCS7_SIGNER_INFO *d2i_PKCS7_SIGNER_INFO(); | 358 | STACK_OF(X509_ALGOR) *PKCS7_get_smimecap(PKCS7_SIGNER_INFO *si); |
| 359 | PKCS7_RECIP_INFO *PKCS7_RECIP_INFO_new(); | 359 | int PKCS7_simple_smimecap(STACK_OF(X509_ALGOR) *sk, int nid, int arg); |
| 360 | void PKCS7_RECIP_INFO_free(); | 360 | |
| 361 | int i2d_PKCS7_RECIP_INFO(); | 361 | int SMIME_write_PKCS7(BIO *bio, PKCS7 *p7, BIO *data, int flags); |
| 362 | PKCS7_RECIP_INFO *d2i_PKCS7_RECIP_INFO(); | 362 | PKCS7 *SMIME_read_PKCS7(BIO *bio, BIO **bcont); |
| 363 | PKCS7_SIGNED *PKCS7_SIGNED_new(); | 363 | int SMIME_crlf_copy(BIO *in, BIO *out, int flags); |
| 364 | void PKCS7_SIGNED_free(); | 364 | int SMIME_text(BIO *in, BIO *out); |
| 365 | int i2d_PKCS7_SIGNED(); | ||
| 366 | PKCS7_SIGNED *d2i_PKCS7_SIGNED(); | ||
| 367 | PKCS7_ENC_CONTENT *PKCS7_ENC_CONTENT_new(); | ||
| 368 | void PKCS7_ENC_CONTENT_free(); | ||
| 369 | int i2d_PKCS7_ENC_CONTENT(); | ||
| 370 | PKCS7_ENC_CONTENT *d2i_PKCS7_ENC_CONTENT(); | ||
| 371 | PKCS7_ENVELOPE *PKCS7_ENVELOPE_new(); | ||
| 372 | void PKCS7_ENVELOPE_free(); | ||
| 373 | int i2d_PKCS7_ENVELOPE(); | ||
| 374 | PKCS7_ENVELOPE *d2i_PKCS7_ENVELOPE(); | ||
| 375 | PKCS7_SIGN_ENVELOPE *PKCS7_SIGN_ENVELOPE_new(); | ||
| 376 | void PKCS7_SIGN_ENVELOPE_free(); | ||
| 377 | int i2d_PKCS7_SIGN_ENVELOPE(); | ||
| 378 | PKCS7_SIGN_ENVELOPE *d2i_PKCS7_SIGN_ENVELOPE(); | ||
| 379 | PKCS7_DIGEST *PKCS7_DIGEST_new(); | ||
| 380 | void PKCS7_DIGEST_free(); | ||
| 381 | int i2d_PKCS7_DIGEST(); | ||
| 382 | PKCS7_DIGEST *d2i_PKCS7_DIGEST(); | ||
| 383 | PKCS7_ENCRYPT *PKCS7_ENCRYPT_new(); | ||
| 384 | void PKCS7_ENCRYPT_free(); | ||
| 385 | int i2d_PKCS7_ENCRYPT(); | ||
| 386 | PKCS7_ENCRYPT *d2i_PKCS7_ENCRYPT(); | ||
| 387 | PKCS7 *PKCS7_new(); | ||
| 388 | void PKCS7_free(); | ||
| 389 | void PKCS7_content_free(); | ||
| 390 | int i2d_PKCS7(); | ||
| 391 | PKCS7 *d2i_PKCS7(); | ||
| 392 | |||
| 393 | void ERR_load_PKCS7_strings(); | ||
| 394 | |||
| 395 | long PKCS7_ctrl(); | ||
| 396 | int PKCS7_set_type(); | ||
| 397 | int PKCS7_set_content(); | ||
| 398 | int PKCS7_SIGNER_INFO_set(); | ||
| 399 | int PKCS7_add_signer(); | ||
| 400 | int PKCS7_add_certificate(); | ||
| 401 | int PKCS7_add_crl(); | ||
| 402 | int PKCS7_content_new(); | ||
| 403 | int PKCS7_dataSign(); | ||
| 404 | int PKCS7_dataVerify(); | ||
| 405 | BIO *PKCS7_dataInit(); | ||
| 406 | PKCS7_SIGNER_INFO *PKCS7_add_signature(); | ||
| 407 | X509 *PKCS7_cert_from_signer_info(); | ||
| 408 | STACK *PKCS7_get_signer_info(); | ||
| 409 | |||
| 410 | PKCS7_RECIP_INFO *PKCS7_add_recipient(); | ||
| 411 | int PKCS7_add_recipient_info(); | ||
| 412 | int PKCS7_RECIP_INFO_set(); | ||
| 413 | int PKCS7_set_cipher(); | ||
| 414 | |||
| 415 | #endif | ||
| 416 | 365 | ||
| 417 | /* BEGIN ERROR CODES */ | 366 | /* BEGIN ERROR CODES */ |
| 367 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 368 | * made after this point may be overwritten when the script is next run. | ||
| 369 | */ | ||
| 370 | void ERR_load_PKCS7_strings(void); | ||
| 371 | |||
| 418 | /* Error codes for the PKCS7 functions. */ | 372 | /* Error codes for the PKCS7 functions. */ |
| 419 | 373 | ||
| 420 | /* Function codes. */ | 374 | /* Function codes. */ |
| 375 | #define PKCS7_F_B64_READ_PKCS7 120 | ||
| 376 | #define PKCS7_F_B64_WRITE_PKCS7 121 | ||
| 377 | #define PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP 118 | ||
| 421 | #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 | 378 | #define PKCS7_F_PKCS7_ADD_CERTIFICATE 100 |
| 422 | #define PKCS7_F_PKCS7_ADD_CRL 101 | 379 | #define PKCS7_F_PKCS7_ADD_CRL 101 |
| 423 | #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 | 380 | #define PKCS7_F_PKCS7_ADD_RECIPIENT_INFO 102 |
| 424 | #define PKCS7_F_PKCS7_ADD_SIGNER 103 | 381 | #define PKCS7_F_PKCS7_ADD_SIGNER 103 |
| 425 | #define PKCS7_F_PKCS7_CTRL 104 | 382 | #define PKCS7_F_PKCS7_CTRL 104 |
| 383 | #define PKCS7_F_PKCS7_DATADECODE 112 | ||
| 426 | #define PKCS7_F_PKCS7_DATAINIT 105 | 384 | #define PKCS7_F_PKCS7_DATAINIT 105 |
| 427 | #define PKCS7_F_PKCS7_DATASIGN 106 | 385 | #define PKCS7_F_PKCS7_DATASIGN 106 |
| 428 | #define PKCS7_F_PKCS7_DATAVERIFY 107 | 386 | #define PKCS7_F_PKCS7_DATAVERIFY 107 |
| 387 | #define PKCS7_F_PKCS7_DECRYPT 114 | ||
| 388 | #define PKCS7_F_PKCS7_ENCRYPT 115 | ||
| 389 | #define PKCS7_F_PKCS7_GET0_SIGNERS 124 | ||
| 429 | #define PKCS7_F_PKCS7_SET_CIPHER 108 | 390 | #define PKCS7_F_PKCS7_SET_CIPHER 108 |
| 430 | #define PKCS7_F_PKCS7_SET_CONTENT 109 | 391 | #define PKCS7_F_PKCS7_SET_CONTENT 109 |
| 431 | #define PKCS7_F_PKCS7_SET_TYPE 110 | 392 | #define PKCS7_F_PKCS7_SET_TYPE 110 |
| 393 | #define PKCS7_F_PKCS7_SIGN 116 | ||
| 394 | #define PKCS7_F_PKCS7_SIGNATUREVERIFY 113 | ||
| 395 | #define PKCS7_F_PKCS7_SIMPLE_SMIMECAP 119 | ||
| 396 | #define PKCS7_F_PKCS7_VERIFY 117 | ||
| 397 | #define PKCS7_F_SMIME_READ_PKCS7 122 | ||
| 398 | #define PKCS7_F_SMIME_TEXT 123 | ||
| 432 | 399 | ||
| 433 | /* Reason codes. */ | 400 | /* Reason codes. */ |
| 434 | #define PKCS7_R_INTERNAL_ERROR 100 | 401 | #define PKCS7_R_CERTIFICATE_VERIFY_ERROR 117 |
| 435 | #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 101 | 402 | #define PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER 144 |
| 436 | #define PKCS7_R_SIGNATURE_FAILURE 102 | 403 | #define PKCS7_R_CIPHER_NOT_INITIALIZED 116 |
| 437 | #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 103 | 404 | #define PKCS7_R_CONTENT_AND_DATA_PRESENT 118 |
| 438 | #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 104 | 405 | #define PKCS7_R_DECODE_ERROR 130 |
| 439 | #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 105 | 406 | #define PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH 100 |
| 440 | #define PKCS7_R_UNKNOWN_DIGEST_TYPE 106 | 407 | #define PKCS7_R_DECRYPT_ERROR 119 |
| 441 | #define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 107 | 408 | #define PKCS7_R_DIGEST_FAILURE 101 |
| 442 | #define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 108 | 409 | #define PKCS7_R_ERROR_ADDING_RECIPIENT 120 |
| 443 | #define PKCS7_R_WRONG_CONTENT_TYPE 109 | 410 | #define PKCS7_R_ERROR_SETTING_CIPHER 121 |
| 444 | 411 | #define PKCS7_R_INVALID_MIME_TYPE 131 | |
| 412 | #define PKCS7_R_INVALID_NULL_POINTER 143 | ||
| 413 | #define PKCS7_R_MIME_NO_CONTENT_TYPE 132 | ||
| 414 | #define PKCS7_R_MIME_PARSE_ERROR 133 | ||
| 415 | #define PKCS7_R_MIME_SIG_PARSE_ERROR 134 | ||
| 416 | #define PKCS7_R_MISSING_CERIPEND_INFO 103 | ||
| 417 | #define PKCS7_R_NO_CONTENT 122 | ||
| 418 | #define PKCS7_R_NO_CONTENT_TYPE 135 | ||
| 419 | #define PKCS7_R_NO_MULTIPART_BODY_FAILURE 136 | ||
| 420 | #define PKCS7_R_NO_MULTIPART_BOUNDARY 137 | ||
| 421 | #define PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE 115 | ||
| 422 | #define PKCS7_R_NO_SIGNATURES_ON_DATA 123 | ||
| 423 | #define PKCS7_R_NO_SIGNERS 142 | ||
| 424 | #define PKCS7_R_NO_SIG_CONTENT_TYPE 138 | ||
| 425 | #define PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE 104 | ||
| 426 | #define PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR 124 | ||
| 427 | #define PKCS7_R_PKCS7_DATAFINAL_ERROR 125 | ||
| 428 | #define PKCS7_R_PKCS7_DATASIGN 126 | ||
| 429 | #define PKCS7_R_PKCS7_PARSE_ERROR 139 | ||
| 430 | #define PKCS7_R_PKCS7_SIG_PARSE_ERROR 140 | ||
| 431 | #define PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE 127 | ||
| 432 | #define PKCS7_R_SIGNATURE_FAILURE 105 | ||
| 433 | #define PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND 128 | ||
| 434 | #define PKCS7_R_SIG_INVALID_MIME_TYPE 141 | ||
| 435 | #define PKCS7_R_SMIME_TEXT_ERROR 129 | ||
| 436 | #define PKCS7_R_UNABLE_TO_FIND_CERTIFICATE 106 | ||
| 437 | #define PKCS7_R_UNABLE_TO_FIND_MEM_BIO 107 | ||
| 438 | #define PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST 108 | ||
| 439 | #define PKCS7_R_UNKNOWN_DIGEST_TYPE 109 | ||
| 440 | #define PKCS7_R_UNKNOWN_OPERATION 110 | ||
| 441 | #define PKCS7_R_UNSUPPORTED_CIPHER_TYPE 111 | ||
| 442 | #define PKCS7_R_UNSUPPORTED_CONTENT_TYPE 112 | ||
| 443 | #define PKCS7_R_WRONG_CONTENT_TYPE 113 | ||
| 444 | #define PKCS7_R_WRONG_PKCS7_TYPE 114 | ||
| 445 | |||
| 445 | #ifdef __cplusplus | 446 | #ifdef __cplusplus |
| 446 | } | 447 | } |
| 447 | #endif | 448 | #endif |
| 448 | #endif | 449 | #endif |
| 449 | |||
diff --git a/src/lib/libcrypto/pkcs7/pkcs7err.c b/src/lib/libcrypto/pkcs7/pkcs7err.c index f851057422..5e51527a40 100644 --- a/src/lib/libcrypto/pkcs7/pkcs7err.c +++ b/src/lib/libcrypto/pkcs7/pkcs7err.c | |||
| @@ -1,107 +1,157 @@ | |||
| 1 | /* lib/pkcs7/pkcs7_err.c */ | 1 | /* crypto/pkcs7/pkcs7err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "pkcs7.h" | 63 | #include <openssl/pkcs7.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA PKCS7_str_functs[]= | 67 | static ERR_STRING_DATA PKCS7_str_functs[]= |
| 65 | { | 68 | { |
| 69 | {ERR_PACK(0,PKCS7_F_B64_READ_PKCS7,0), "B64_READ_PKCS7"}, | ||
| 70 | {ERR_PACK(0,PKCS7_F_B64_WRITE_PKCS7,0), "B64_WRITE_PKCS7"}, | ||
| 71 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_ATTRIB_SMIMECAP,0), "PKCS7_add_attrib_smimecap"}, | ||
| 66 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, | 72 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CERTIFICATE,0), "PKCS7_add_certificate"}, |
| 67 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, | 73 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_CRL,0), "PKCS7_add_crl"}, |
| 68 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, | 74 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_RECIPIENT_INFO,0), "PKCS7_add_recipient_info"}, |
| 69 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, | 75 | {ERR_PACK(0,PKCS7_F_PKCS7_ADD_SIGNER,0), "PKCS7_add_signer"}, |
| 70 | {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, | 76 | {ERR_PACK(0,PKCS7_F_PKCS7_CTRL,0), "PKCS7_ctrl"}, |
| 77 | {ERR_PACK(0,PKCS7_F_PKCS7_DATADECODE,0), "PKCS7_dataDecode"}, | ||
| 71 | {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, | 78 | {ERR_PACK(0,PKCS7_F_PKCS7_DATAINIT,0), "PKCS7_dataInit"}, |
| 72 | {ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_dataSign"}, | 79 | {ERR_PACK(0,PKCS7_F_PKCS7_DATASIGN,0), "PKCS7_DATASIGN"}, |
| 73 | {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, | 80 | {ERR_PACK(0,PKCS7_F_PKCS7_DATAVERIFY,0), "PKCS7_dataVerify"}, |
| 81 | {ERR_PACK(0,PKCS7_F_PKCS7_DECRYPT,0), "PKCS7_decrypt"}, | ||
| 82 | {ERR_PACK(0,PKCS7_F_PKCS7_ENCRYPT,0), "PKCS7_encrypt"}, | ||
| 83 | {ERR_PACK(0,PKCS7_F_PKCS7_GET0_SIGNERS,0), "PKCS7_get0_signers"}, | ||
| 74 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, | 84 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_CIPHER,0), "PKCS7_set_cipher"}, |
| 75 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, | 85 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_CONTENT,0), "PKCS7_set_content"}, |
| 76 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, | 86 | {ERR_PACK(0,PKCS7_F_PKCS7_SET_TYPE,0), "PKCS7_set_type"}, |
| 77 | {0,NULL}, | 87 | {ERR_PACK(0,PKCS7_F_PKCS7_SIGN,0), "PKCS7_sign"}, |
| 88 | {ERR_PACK(0,PKCS7_F_PKCS7_SIGNATUREVERIFY,0), "PKCS7_signatureVerify"}, | ||
| 89 | {ERR_PACK(0,PKCS7_F_PKCS7_SIMPLE_SMIMECAP,0), "PKCS7_simple_smimecap"}, | ||
| 90 | {ERR_PACK(0,PKCS7_F_PKCS7_VERIFY,0), "PKCS7_verify"}, | ||
| 91 | {ERR_PACK(0,PKCS7_F_SMIME_READ_PKCS7,0), "SMIME_read_PKCS7"}, | ||
| 92 | {ERR_PACK(0,PKCS7_F_SMIME_TEXT,0), "SMIME_text"}, | ||
| 93 | {0,NULL} | ||
| 78 | }; | 94 | }; |
| 79 | 95 | ||
| 80 | static ERR_STRING_DATA PKCS7_str_reasons[]= | 96 | static ERR_STRING_DATA PKCS7_str_reasons[]= |
| 81 | { | 97 | { |
| 82 | {PKCS7_R_INTERNAL_ERROR ,"internal error"}, | 98 | {PKCS7_R_CERTIFICATE_VERIFY_ERROR ,"certificate verify error"}, |
| 99 | {PKCS7_R_CIPHER_HAS_NO_OBJECT_IDENTIFIER ,"cipher has no object identifier"}, | ||
| 100 | {PKCS7_R_CIPHER_NOT_INITIALIZED ,"cipher not initialized"}, | ||
| 101 | {PKCS7_R_CONTENT_AND_DATA_PRESENT ,"content and data present"}, | ||
| 102 | {PKCS7_R_DECODE_ERROR ,"decode error"}, | ||
| 103 | {PKCS7_R_DECRYPTED_KEY_IS_WRONG_LENGTH ,"decrypted key is wrong length"}, | ||
| 104 | {PKCS7_R_DECRYPT_ERROR ,"decrypt error"}, | ||
| 105 | {PKCS7_R_DIGEST_FAILURE ,"digest failure"}, | ||
| 106 | {PKCS7_R_ERROR_ADDING_RECIPIENT ,"error adding recipient"}, | ||
| 107 | {PKCS7_R_ERROR_SETTING_CIPHER ,"error setting cipher"}, | ||
| 108 | {PKCS7_R_INVALID_MIME_TYPE ,"invalid mime type"}, | ||
| 109 | {PKCS7_R_INVALID_NULL_POINTER ,"invalid null pointer"}, | ||
| 110 | {PKCS7_R_MIME_NO_CONTENT_TYPE ,"mime no content type"}, | ||
| 111 | {PKCS7_R_MIME_PARSE_ERROR ,"mime parse error"}, | ||
| 112 | {PKCS7_R_MIME_SIG_PARSE_ERROR ,"mime sig parse error"}, | ||
| 113 | {PKCS7_R_MISSING_CERIPEND_INFO ,"missing ceripend info"}, | ||
| 114 | {PKCS7_R_NO_CONTENT ,"no content"}, | ||
| 115 | {PKCS7_R_NO_CONTENT_TYPE ,"no content type"}, | ||
| 116 | {PKCS7_R_NO_MULTIPART_BODY_FAILURE ,"no multipart body failure"}, | ||
| 117 | {PKCS7_R_NO_MULTIPART_BOUNDARY ,"no multipart boundary"}, | ||
| 118 | {PKCS7_R_NO_RECIPIENT_MATCHES_CERTIFICATE,"no recipient matches certificate"}, | ||
| 119 | {PKCS7_R_NO_SIGNATURES_ON_DATA ,"no signatures on data"}, | ||
| 120 | {PKCS7_R_NO_SIGNERS ,"no signers"}, | ||
| 121 | {PKCS7_R_NO_SIG_CONTENT_TYPE ,"no sig content type"}, | ||
| 83 | {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, | 122 | {PKCS7_R_OPERATION_NOT_SUPPORTED_ON_THIS_TYPE,"operation not supported on this type"}, |
| 123 | {PKCS7_R_PKCS7_ADD_SIGNATURE_ERROR ,"pkcs7 add signature error"}, | ||
| 124 | {PKCS7_R_PKCS7_DATAFINAL_ERROR ,"pkcs7 datafinal error"}, | ||
| 125 | {PKCS7_R_PKCS7_DATASIGN ,"pkcs7 datasign"}, | ||
| 126 | {PKCS7_R_PKCS7_PARSE_ERROR ,"pkcs7 parse error"}, | ||
| 127 | {PKCS7_R_PKCS7_SIG_PARSE_ERROR ,"pkcs7 sig parse error"}, | ||
| 128 | {PKCS7_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE,"private key does not match certificate"}, | ||
| 84 | {PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, | 129 | {PKCS7_R_SIGNATURE_FAILURE ,"signature failure"}, |
| 130 | {PKCS7_R_SIGNER_CERTIFICATE_NOT_FOUND ,"signer certificate not found"}, | ||
| 131 | {PKCS7_R_SIG_INVALID_MIME_TYPE ,"sig invalid mime type"}, | ||
| 132 | {PKCS7_R_SMIME_TEXT_ERROR ,"smime text error"}, | ||
| 85 | {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, | 133 | {PKCS7_R_UNABLE_TO_FIND_CERTIFICATE ,"unable to find certificate"}, |
| 86 | {PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, | 134 | {PKCS7_R_UNABLE_TO_FIND_MEM_BIO ,"unable to find mem bio"}, |
| 87 | {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, | 135 | {PKCS7_R_UNABLE_TO_FIND_MESSAGE_DIGEST ,"unable to find message digest"}, |
| 88 | {PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, | 136 | {PKCS7_R_UNKNOWN_DIGEST_TYPE ,"unknown digest type"}, |
| 137 | {PKCS7_R_UNKNOWN_OPERATION ,"unknown operation"}, | ||
| 89 | {PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, | 138 | {PKCS7_R_UNSUPPORTED_CIPHER_TYPE ,"unsupported cipher type"}, |
| 90 | {PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, | 139 | {PKCS7_R_UNSUPPORTED_CONTENT_TYPE ,"unsupported content type"}, |
| 91 | {PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, | 140 | {PKCS7_R_WRONG_CONTENT_TYPE ,"wrong content type"}, |
| 92 | {0,NULL}, | 141 | {PKCS7_R_WRONG_PKCS7_TYPE ,"wrong pkcs7 type"}, |
| 142 | {0,NULL} | ||
| 93 | }; | 143 | }; |
| 94 | 144 | ||
| 95 | #endif | 145 | #endif |
| 96 | 146 | ||
| 97 | void ERR_load_PKCS7_strings() | 147 | void ERR_load_PKCS7_strings(void) |
| 98 | { | 148 | { |
| 99 | static int init=1; | 149 | static int init=1; |
| 100 | 150 | ||
| 101 | if (init); | 151 | if (init) |
| 102 | {; | 152 | { |
| 103 | init=0; | 153 | init=0; |
| 104 | #ifndef NO_ERR | 154 | #ifndef OPENSSL_NO_ERR |
| 105 | ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); | 155 | ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_functs); |
| 106 | ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); | 156 | ERR_load_strings(ERR_LIB_PKCS7,PKCS7_str_reasons); |
| 107 | #endif | 157 | #endif |
diff --git a/src/lib/libcrypto/rand/rand.h b/src/lib/libcrypto/rand/rand.h index 477d7a150a..e17aa7a9f7 100644 --- a/src/lib/libcrypto/rand/rand.h +++ b/src/lib/libcrypto/rand/rand.h | |||
| @@ -59,34 +59,68 @@ | |||
| 59 | #ifndef HEADER_RAND_H | 59 | #ifndef HEADER_RAND_H |
| 60 | #define HEADER_RAND_H | 60 | #define HEADER_RAND_H |
| 61 | 61 | ||
| 62 | #include <stdlib.h> | ||
| 63 | #include <openssl/ossl_typ.h> | ||
| 64 | |||
| 62 | #ifdef __cplusplus | 65 | #ifdef __cplusplus |
| 63 | extern "C" { | 66 | extern "C" { |
| 64 | #endif | 67 | #endif |
| 65 | 68 | ||
| 66 | #ifndef NOPROTO | 69 | typedef struct rand_meth_st |
| 70 | { | ||
| 71 | void (*seed)(const void *buf, int num); | ||
| 72 | int (*bytes)(unsigned char *buf, int num); | ||
| 73 | void (*cleanup)(void); | ||
| 74 | void (*add)(const void *buf, int num, double entropy); | ||
| 75 | int (*pseudorand)(unsigned char *buf, int num); | ||
| 76 | int (*status)(void); | ||
| 77 | } RAND_METHOD; | ||
| 78 | |||
| 79 | #ifdef BN_DEBUG | ||
| 80 | extern int rand_predictable; | ||
| 81 | #endif | ||
| 82 | |||
| 83 | int RAND_set_rand_method(const RAND_METHOD *meth); | ||
| 84 | const RAND_METHOD *RAND_get_rand_method(void); | ||
| 85 | int RAND_set_rand_engine(ENGINE *engine); | ||
| 86 | RAND_METHOD *RAND_SSLeay(void); | ||
| 67 | void RAND_cleanup(void ); | 87 | void RAND_cleanup(void ); |
| 68 | void RAND_bytes( unsigned char *buf,int num); | 88 | int RAND_bytes(unsigned char *buf,int num); |
| 69 | void RAND_seed( unsigned char *buf,int num); | 89 | int RAND_pseudo_bytes(unsigned char *buf,int num); |
| 70 | int RAND_load_file(char *file,long max_bytes); | 90 | void RAND_seed(const void *buf,int num); |
| 71 | int RAND_write_file(char *file); | 91 | void RAND_add(const void *buf,int num,double entropy); |
| 72 | char *RAND_file_name(char *file,int num); | 92 | int RAND_load_file(const char *file,long max_bytes); |
| 73 | #ifdef WINDOWS | 93 | int RAND_write_file(const char *file); |
| 94 | const char *RAND_file_name(char *file,size_t num); | ||
| 95 | int RAND_status(void); | ||
| 96 | int RAND_query_egd_bytes(const char *path, unsigned char *buf, int bytes); | ||
| 97 | int RAND_egd(const char *path); | ||
| 98 | int RAND_egd_bytes(const char *path,int bytes); | ||
| 99 | int RAND_poll(void); | ||
| 100 | |||
| 101 | #if defined(OPENSSL_SYS_WINDOWS) || defined(OPENSSL_SYS_WIN32) | ||
| 102 | |||
| 74 | void RAND_screen(void); | 103 | void RAND_screen(void); |
| 104 | int RAND_event(UINT, WPARAM, LPARAM); | ||
| 105 | |||
| 75 | #endif | 106 | #endif |
| 76 | #else | 107 | |
| 77 | void RAND_cleanup(); | 108 | /* BEGIN ERROR CODES */ |
| 78 | void RAND_bytes(); | 109 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 79 | void RAND_seed(); | 110 | * made after this point may be overwritten when the script is next run. |
| 80 | int RAND_load_file(); | 111 | */ |
| 81 | int RAND_write_file(); | 112 | void ERR_load_RAND_strings(void); |
| 82 | char *RAND_file_name(); | 113 | |
| 83 | #ifdef WINDOWS | 114 | /* Error codes for the RAND functions. */ |
| 84 | void RAND_screen(); | 115 | |
| 85 | #endif | 116 | /* Function codes. */ |
| 86 | #endif | 117 | #define RAND_F_RAND_GET_RAND_METHOD 101 |
| 118 | #define RAND_F_SSLEAY_RAND_BYTES 100 | ||
| 119 | |||
| 120 | /* Reason codes. */ | ||
| 121 | #define RAND_R_PRNG_NOT_SEEDED 100 | ||
| 87 | 122 | ||
| 88 | #ifdef __cplusplus | 123 | #ifdef __cplusplus |
| 89 | } | 124 | } |
| 90 | #endif | 125 | #endif |
| 91 | |||
| 92 | #endif | 126 | #endif |
diff --git a/src/lib/libcrypto/rand/rand_err.c b/src/lib/libcrypto/rand/rand_err.c index d1263edf80..b77267e213 100644 --- a/src/lib/libcrypto/rand/rand_err.c +++ b/src/lib/libcrypto/rand/rand_err.c | |||
| @@ -54,7 +54,8 @@ | |||
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes |
| 57 | * made to it will be overwritten when the script next updates this file. | 57 | * made to it will be overwritten when the script next updates this file, |
| 58 | * only reason strings will be preserved. | ||
| 58 | */ | 59 | */ |
| 59 | 60 | ||
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| @@ -62,16 +63,17 @@ | |||
| 62 | #include <openssl/rand.h> | 63 | #include <openssl/rand.h> |
| 63 | 64 | ||
| 64 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 65 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | static ERR_STRING_DATA RAND_str_functs[]= | 67 | static ERR_STRING_DATA RAND_str_functs[]= |
| 67 | { | 68 | { |
| 69 | {ERR_PACK(0,RAND_F_RAND_GET_RAND_METHOD,0), "RAND_get_rand_method"}, | ||
| 68 | {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, | 70 | {ERR_PACK(0,RAND_F_SSLEAY_RAND_BYTES,0), "SSLEAY_RAND_BYTES"}, |
| 69 | {0,NULL} | 71 | {0,NULL} |
| 70 | }; | 72 | }; |
| 71 | 73 | ||
| 72 | static ERR_STRING_DATA RAND_str_reasons[]= | 74 | static ERR_STRING_DATA RAND_str_reasons[]= |
| 73 | { | 75 | { |
| 74 | {RAND_R_PRNG_NOT_SEEDED ,"prng not seeded"}, | 76 | {RAND_R_PRNG_NOT_SEEDED ,"PRNG not seeded"}, |
| 75 | {0,NULL} | 77 | {0,NULL} |
| 76 | }; | 78 | }; |
| 77 | 79 | ||
| @@ -84,7 +86,7 @@ void ERR_load_RAND_strings(void) | |||
| 84 | if (init) | 86 | if (init) |
| 85 | { | 87 | { |
| 86 | init=0; | 88 | init=0; |
| 87 | #ifndef NO_ERR | 89 | #ifndef OPENSSL_NO_ERR |
| 88 | ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); | 90 | ERR_load_strings(ERR_LIB_RAND,RAND_str_functs); |
| 89 | ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); | 91 | ERR_load_strings(ERR_LIB_RAND,RAND_str_reasons); |
| 90 | #endif | 92 | #endif |
diff --git a/src/lib/libcrypto/rand/rand_lib.c b/src/lib/libcrypto/rand/rand_lib.c index 34c6d5b968..5cf5dc1188 100644 --- a/src/lib/libcrypto/rand/rand_lib.c +++ b/src/lib/libcrypto/rand/rand_lib.c | |||
| @@ -57,42 +57,110 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <sys/types.h> | ||
| 61 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include "cryptlib.h" | ||
| 62 | #include <openssl/rand.h> | 62 | #include <openssl/rand.h> |
| 63 | #include <openssl/engine.h> | ||
| 63 | 64 | ||
| 64 | #ifdef NO_RAND | 65 | /* non-NULL if default_RAND_meth is ENGINE-provided */ |
| 65 | static RAND_METHOD *rand_meth=NULL; | 66 | static ENGINE *funct_ref =NULL; |
| 66 | #else | 67 | static const RAND_METHOD *default_RAND_meth = NULL; |
| 67 | extern RAND_METHOD rand_ssleay_meth; | ||
| 68 | static RAND_METHOD *rand_meth= &rand_ssleay_meth; | ||
| 69 | #endif | ||
| 70 | 68 | ||
| 71 | void RAND_set_rand_method(RAND_METHOD *meth) | 69 | int RAND_set_rand_method(const RAND_METHOD *meth) |
| 72 | { | 70 | { |
| 73 | rand_meth=meth; | 71 | if(funct_ref) |
| 72 | { | ||
| 73 | ENGINE_finish(funct_ref); | ||
| 74 | funct_ref = NULL; | ||
| 75 | } | ||
| 76 | default_RAND_meth = meth; | ||
| 77 | return 1; | ||
| 74 | } | 78 | } |
| 75 | 79 | ||
| 76 | RAND_METHOD *RAND_get_rand_method(void) | 80 | const RAND_METHOD *RAND_get_rand_method(void) |
| 77 | { | 81 | { |
| 78 | return(rand_meth); | 82 | if (!default_RAND_meth) |
| 83 | { | ||
| 84 | ENGINE *e = ENGINE_get_default_RAND(); | ||
| 85 | if(e) | ||
| 86 | { | ||
| 87 | default_RAND_meth = ENGINE_get_RAND(e); | ||
| 88 | if(!default_RAND_meth) | ||
| 89 | { | ||
| 90 | ENGINE_finish(e); | ||
| 91 | e = NULL; | ||
| 92 | } | ||
| 93 | } | ||
| 94 | if(e) | ||
| 95 | funct_ref = e; | ||
| 96 | else | ||
| 97 | default_RAND_meth = RAND_SSLeay(); | ||
| 98 | } | ||
| 99 | return default_RAND_meth; | ||
| 100 | } | ||
| 101 | |||
| 102 | int RAND_set_rand_engine(ENGINE *engine) | ||
| 103 | { | ||
| 104 | const RAND_METHOD *tmp_meth = NULL; | ||
| 105 | if(engine) | ||
| 106 | { | ||
| 107 | if(!ENGINE_init(engine)) | ||
| 108 | return 0; | ||
| 109 | tmp_meth = ENGINE_get_RAND(engine); | ||
| 110 | if(!tmp_meth) | ||
| 111 | { | ||
| 112 | ENGINE_finish(engine); | ||
| 113 | return 0; | ||
| 114 | } | ||
| 115 | } | ||
| 116 | /* This function releases any prior ENGINE so call it first */ | ||
| 117 | RAND_set_rand_method(tmp_meth); | ||
| 118 | funct_ref = engine; | ||
| 119 | return 1; | ||
| 79 | } | 120 | } |
| 80 | 121 | ||
| 81 | void RAND_cleanup(void) | 122 | void RAND_cleanup(void) |
| 82 | { | 123 | { |
| 83 | if (rand_meth != NULL) | 124 | const RAND_METHOD *meth = RAND_get_rand_method(); |
| 84 | rand_meth->cleanup(); | 125 | if (meth && meth->cleanup) |
| 126 | meth->cleanup(); | ||
| 127 | RAND_set_rand_method(NULL); | ||
| 85 | } | 128 | } |
| 86 | 129 | ||
| 87 | void RAND_seed(const void *buf, int num) | 130 | void RAND_seed(const void *buf, int num) |
| 88 | { | 131 | { |
| 89 | if (rand_meth != NULL) | 132 | const RAND_METHOD *meth = RAND_get_rand_method(); |
| 90 | rand_meth->seed(buf,num); | 133 | if (meth && meth->seed) |
| 134 | meth->seed(buf,num); | ||
| 135 | } | ||
| 136 | |||
| 137 | void RAND_add(const void *buf, int num, double entropy) | ||
| 138 | { | ||
| 139 | const RAND_METHOD *meth = RAND_get_rand_method(); | ||
| 140 | if (meth && meth->add) | ||
| 141 | meth->add(buf,num,entropy); | ||
| 91 | } | 142 | } |
| 92 | 143 | ||
| 93 | void RAND_bytes(unsigned char *buf, int num) | 144 | int RAND_bytes(unsigned char *buf, int num) |
| 94 | { | 145 | { |
| 95 | if (rand_meth != NULL) | 146 | const RAND_METHOD *meth = RAND_get_rand_method(); |
| 96 | rand_meth->bytes(buf,num); | 147 | if (meth && meth->bytes) |
| 148 | return meth->bytes(buf,num); | ||
| 149 | return(-1); | ||
| 97 | } | 150 | } |
| 98 | 151 | ||
| 152 | int RAND_pseudo_bytes(unsigned char *buf, int num) | ||
| 153 | { | ||
| 154 | const RAND_METHOD *meth = RAND_get_rand_method(); | ||
| 155 | if (meth && meth->pseudorand) | ||
| 156 | return meth->pseudorand(buf,num); | ||
| 157 | return(-1); | ||
| 158 | } | ||
| 159 | |||
| 160 | int RAND_status(void) | ||
| 161 | { | ||
| 162 | const RAND_METHOD *meth = RAND_get_rand_method(); | ||
| 163 | if (meth && meth->status) | ||
| 164 | return meth->status(); | ||
| 165 | return 0; | ||
| 166 | } | ||
diff --git a/src/lib/libcrypto/rand/randfile.c b/src/lib/libcrypto/rand/randfile.c index f2b3746363..982074c465 100644 --- a/src/lib/libcrypto/rand/randfile.c +++ b/src/lib/libcrypto/rand/randfile.c | |||
| @@ -56,22 +56,41 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <errno.h> | ||
| 59 | #include <stdio.h> | 60 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 61 | #include <stdlib.h> |
| 61 | #include <sys/stat.h> | 62 | #include <string.h> |
| 62 | #include <sys/types.h> | 63 | |
| 63 | #include "rand.h" | 64 | #include "e_os.h" |
| 65 | #include <openssl/crypto.h> | ||
| 66 | #include <openssl/rand.h> | ||
| 67 | |||
| 68 | #ifdef OPENSSL_SYS_VMS | ||
| 69 | #include <unixio.h> | ||
| 70 | #endif | ||
| 71 | #ifndef NO_SYS_TYPES_H | ||
| 72 | # include <sys/types.h> | ||
| 73 | #endif | ||
| 74 | #ifdef MAC_OS_pre_X | ||
| 75 | # include <stat.h> | ||
| 76 | #else | ||
| 77 | # include <sys/stat.h> | ||
| 78 | #endif | ||
| 64 | 79 | ||
| 65 | #undef BUFSIZE | 80 | #undef BUFSIZE |
| 66 | #define BUFSIZE 1024 | 81 | #define BUFSIZE 1024 |
| 67 | #define RAND_DATA 1024 | 82 | #define RAND_DATA 1024 |
| 68 | 83 | ||
| 69 | /* #define RFILE ".rand" - defined in ../../e_os.h */ | 84 | /* #define RFILE ".rnd" - defined in ../../e_os.h */ |
| 85 | |||
| 86 | /* Note that these functions are intended for seed files only. | ||
| 87 | * Entropy devices and EGD sockets are handled in rand_unix.c */ | ||
| 70 | 88 | ||
| 71 | int RAND_load_file(file,bytes) | 89 | int RAND_load_file(const char *file, long bytes) |
| 72 | char *file; | ||
| 73 | long bytes; | ||
| 74 | { | 90 | { |
| 91 | /* If bytes >= 0, read up to 'bytes' bytes. | ||
| 92 | * if bytes == -1, read complete file. */ | ||
| 93 | |||
| 75 | MS_STATIC unsigned char buf[BUFSIZE]; | 94 | MS_STATIC unsigned char buf[BUFSIZE]; |
| 76 | struct stat sb; | 95 | struct stat sb; |
| 77 | int i,ret=0,n; | 96 | int i,ret=0,n; |
| @@ -81,23 +100,28 @@ long bytes; | |||
| 81 | 100 | ||
| 82 | i=stat(file,&sb); | 101 | i=stat(file,&sb); |
| 83 | /* If the state fails, put some crap in anyway */ | 102 | /* If the state fails, put some crap in anyway */ |
| 84 | RAND_seed((unsigned char *)&sb,sizeof(sb)); | 103 | RAND_add(&sb,sizeof(sb),0); |
| 85 | ret+=sizeof(sb); | ||
| 86 | if (i < 0) return(0); | 104 | if (i < 0) return(0); |
| 87 | if (bytes <= 0) return(ret); | 105 | if (bytes == 0) return(ret); |
| 88 | 106 | ||
| 89 | in=fopen(file,"r"); | 107 | in=fopen(file,"rb"); |
| 90 | if (in == NULL) goto err; | 108 | if (in == NULL) goto err; |
| 91 | for (;;) | 109 | for (;;) |
| 92 | { | 110 | { |
| 93 | n=(bytes < BUFSIZE)?(int)bytes:BUFSIZE; | 111 | if (bytes > 0) |
| 112 | n = (bytes < BUFSIZE)?(int)bytes:BUFSIZE; | ||
| 113 | else | ||
| 114 | n = BUFSIZE; | ||
| 94 | i=fread(buf,1,n,in); | 115 | i=fread(buf,1,n,in); |
| 95 | if (i <= 0) break; | 116 | if (i <= 0) break; |
| 96 | /* even if n != i, use the full array */ | 117 | /* even if n != i, use the full array */ |
| 97 | RAND_seed(buf,n); | 118 | RAND_add(buf,n,i); |
| 98 | ret+=i; | 119 | ret+=i; |
| 99 | bytes-=n; | 120 | if (bytes > 0) |
| 100 | if (bytes <= 0) break; | 121 | { |
| 122 | bytes-=n; | ||
| 123 | if (bytes <= 0) break; | ||
| 124 | } | ||
| 101 | } | 125 | } |
| 102 | fclose(in); | 126 | fclose(in); |
| 103 | memset(buf,0,BUFSIZE); | 127 | memset(buf,0,BUFSIZE); |
| @@ -105,23 +129,36 @@ err: | |||
| 105 | return(ret); | 129 | return(ret); |
| 106 | } | 130 | } |
| 107 | 131 | ||
| 108 | int RAND_write_file(file) | 132 | int RAND_write_file(const char *file) |
| 109 | char *file; | ||
| 110 | { | 133 | { |
| 111 | unsigned char buf[BUFSIZE]; | 134 | unsigned char buf[BUFSIZE]; |
| 112 | int i,ret=0; | 135 | int i,ret=0,rand_err=0; |
| 113 | FILE *out; | 136 | FILE *out = NULL; |
| 114 | int n; | 137 | int n; |
| 115 | 138 | ||
| 116 | out=fopen(file,"w"); | 139 | #if defined(O_CREAT) && !defined(OPENSSL_SYS_WIN32) |
| 140 | /* For some reason Win32 can't write to files created this way */ | ||
| 141 | |||
| 142 | /* chmod(..., 0600) is too late to protect the file, | ||
| 143 | * permissions should be restrictive from the start */ | ||
| 144 | int fd = open(file, O_CREAT, 0600); | ||
| 145 | if (fd != -1) | ||
| 146 | out = fdopen(fd, "wb"); | ||
| 147 | #endif | ||
| 148 | if (out == NULL) | ||
| 149 | out = fopen(file,"wb"); | ||
| 117 | if (out == NULL) goto err; | 150 | if (out == NULL) goto err; |
| 151 | |||
| 152 | #ifndef NO_CHMOD | ||
| 118 | chmod(file,0600); | 153 | chmod(file,0600); |
| 154 | #endif | ||
| 119 | n=RAND_DATA; | 155 | n=RAND_DATA; |
| 120 | for (;;) | 156 | for (;;) |
| 121 | { | 157 | { |
| 122 | i=(n > BUFSIZE)?BUFSIZE:n; | 158 | i=(n > BUFSIZE)?BUFSIZE:n; |
| 123 | n-=BUFSIZE; | 159 | n-=BUFSIZE; |
| 124 | RAND_bytes(buf,i); | 160 | if (RAND_bytes(buf,i) <= 0) |
| 161 | rand_err=1; | ||
| 125 | i=fwrite(buf,1,i,out); | 162 | i=fwrite(buf,1,i,out); |
| 126 | if (i <= 0) | 163 | if (i <= 0) |
| 127 | { | 164 | { |
| @@ -130,21 +167,40 @@ char *file; | |||
| 130 | } | 167 | } |
| 131 | ret+=i; | 168 | ret+=i; |
| 132 | if (n <= 0) break; | 169 | if (n <= 0) break; |
| 170 | } | ||
| 171 | #ifdef OPENSSL_SYS_VMS | ||
| 172 | /* Try to delete older versions of the file, until there aren't | ||
| 173 | any */ | ||
| 174 | { | ||
| 175 | char *tmpf; | ||
| 176 | |||
| 177 | tmpf = OPENSSL_malloc(strlen(file) + 4); /* to add ";-1" and a nul */ | ||
| 178 | if (tmpf) | ||
| 179 | { | ||
| 180 | strcpy(tmpf, file); | ||
| 181 | strcat(tmpf, ";-1"); | ||
| 182 | while(delete(tmpf) == 0) | ||
| 183 | ; | ||
| 184 | rename(file,";1"); /* Make sure it's version 1, or we | ||
| 185 | will reach the limit (32767) at | ||
| 186 | some point... */ | ||
| 133 | } | 187 | } |
| 188 | } | ||
| 189 | #endif /* OPENSSL_SYS_VMS */ | ||
| 190 | |||
| 134 | fclose(out); | 191 | fclose(out); |
| 135 | memset(buf,0,BUFSIZE); | 192 | memset(buf,0,BUFSIZE); |
| 136 | err: | 193 | err: |
| 137 | return(ret); | 194 | return (rand_err ? -1 : ret); |
| 138 | } | 195 | } |
| 139 | 196 | ||
| 140 | char *RAND_file_name(buf,size) | 197 | const char *RAND_file_name(char *buf, size_t size) |
| 141 | char *buf; | ||
| 142 | int size; | ||
| 143 | { | 198 | { |
| 144 | char *s; | 199 | char *s=NULL; |
| 145 | char *ret=NULL; | 200 | char *ret=NULL; |
| 146 | 201 | ||
| 147 | s=getenv("RANDFILE"); | 202 | if (OPENSSL_issetugid() == 0) |
| 203 | s=getenv("RANDFILE"); | ||
| 148 | if (s != NULL) | 204 | if (s != NULL) |
| 149 | { | 205 | { |
| 150 | strncpy(buf,s,size-1); | 206 | strncpy(buf,s,size-1); |
| @@ -153,14 +209,25 @@ int size; | |||
| 153 | } | 209 | } |
| 154 | else | 210 | else |
| 155 | { | 211 | { |
| 156 | s=getenv("HOME"); | 212 | if (OPENSSL_issetugid() == 0) |
| 157 | if (s == NULL) return(RFILE); | 213 | s=getenv("HOME"); |
| 158 | if (((int)(strlen(s)+strlen(RFILE)+2)) > size) | 214 | #ifdef DEFAULT_HOME |
| 159 | return(RFILE); | 215 | if (s == NULL) |
| 160 | strcpy(buf,s); | 216 | { |
| 161 | strcat(buf,"/"); | 217 | s = DEFAULT_HOME; |
| 162 | strcat(buf,RFILE); | 218 | } |
| 163 | ret=buf; | 219 | #endif |
| 220 | if (s != NULL && (strlen(s)+strlen(RFILE)+2 < size)) | ||
| 221 | { | ||
| 222 | strcpy(buf,s); | ||
| 223 | #ifndef OPENSSL_SYS_VMS | ||
| 224 | strcat(buf,"/"); | ||
| 225 | #endif | ||
| 226 | strcat(buf,RFILE); | ||
| 227 | ret=buf; | ||
| 228 | } | ||
| 229 | else | ||
| 230 | buf[0] = '\0'; /* no file name */ | ||
| 164 | } | 231 | } |
| 165 | return(ret); | 232 | return(ret); |
| 166 | } | 233 | } |
diff --git a/src/lib/libcrypto/rc2/rc2.h b/src/lib/libcrypto/rc2/rc2.h index 9571efb755..7816b454dc 100644 --- a/src/lib/libcrypto/rc2/rc2.h +++ b/src/lib/libcrypto/rc2/rc2.h | |||
| @@ -59,11 +59,7 @@ | |||
| 59 | #ifndef HEADER_RC2_H | 59 | #ifndef HEADER_RC2_H |
| 60 | #define HEADER_RC2_H | 60 | #define HEADER_RC2_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifdef OPENSSL_NO_RC2 |
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | #ifdef NO_RC2 | ||
| 67 | #error RC2 is disabled. | 63 | #error RC2 is disabled. |
| 68 | #endif | 64 | #endif |
| 69 | 65 | ||
| @@ -74,23 +70,29 @@ extern "C" { | |||
| 74 | #define RC2_BLOCK 8 | 70 | #define RC2_BLOCK 8 |
| 75 | #define RC2_KEY_LENGTH 16 | 71 | #define RC2_KEY_LENGTH 16 |
| 76 | 72 | ||
| 73 | #ifdef __cplusplus | ||
| 74 | extern "C" { | ||
| 75 | #endif | ||
| 76 | |||
| 77 | typedef struct rc2_key_st | 77 | typedef struct rc2_key_st |
| 78 | { | 78 | { |
| 79 | RC2_INT data[64]; | 79 | RC2_INT data[64]; |
| 80 | } RC2_KEY; | 80 | } RC2_KEY; |
| 81 | 81 | ||
| 82 | 82 | ||
| 83 | void RC2_set_key(RC2_KEY *key, int len, unsigned char *data,int bits); | 83 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data,int bits); |
| 84 | void RC2_ecb_encrypt(unsigned char *in,unsigned char *out,RC2_KEY *key, | 84 | void RC2_ecb_encrypt(const unsigned char *in,unsigned char *out,RC2_KEY *key, |
| 85 | int enc); | 85 | int enc); |
| 86 | void RC2_encrypt(unsigned long *data,RC2_KEY *key); | 86 | void RC2_encrypt(unsigned long *data,RC2_KEY *key); |
| 87 | void RC2_decrypt(unsigned long *data,RC2_KEY *key); | 87 | void RC2_decrypt(unsigned long *data,RC2_KEY *key); |
| 88 | void RC2_cbc_encrypt(unsigned char *in, unsigned char *out, long length, | 88 | void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 89 | RC2_KEY *ks, unsigned char *iv, int enc); | 89 | RC2_KEY *ks, unsigned char *iv, int enc); |
| 90 | void RC2_cfb64_encrypt(unsigned char *in, unsigned char *out, long length, | 90 | void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 91 | RC2_KEY *schedule, unsigned char *ivec, int *num, int enc); | 91 | long length, RC2_KEY *schedule, unsigned char *ivec, |
| 92 | void RC2_ofb64_encrypt(unsigned char *in, unsigned char *out, long length, | 92 | int *num, int enc); |
| 93 | RC2_KEY *schedule, unsigned char *ivec, int *num); | 93 | void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 94 | long length, RC2_KEY *schedule, unsigned char *ivec, | ||
| 95 | int *num); | ||
| 94 | 96 | ||
| 95 | #ifdef __cplusplus | 97 | #ifdef __cplusplus |
| 96 | } | 98 | } |
diff --git a/src/lib/libcrypto/rc2/rc2_cbc.c b/src/lib/libcrypto/rc2/rc2_cbc.c index 22e89f0441..74f48d3d87 100644 --- a/src/lib/libcrypto/rc2/rc2_cbc.c +++ b/src/lib/libcrypto/rc2/rc2_cbc.c | |||
| @@ -56,16 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc2.h" | 59 | #include <openssl/rc2.h> |
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | 61 | ||
| 62 | void RC2_cbc_encrypt(in, out, length, ks, iv, encrypt) | 62 | void RC2_cbc_encrypt(const unsigned char *in, unsigned char *out, long length, |
| 63 | unsigned char *in; | 63 | RC2_KEY *ks, unsigned char *iv, int encrypt) |
| 64 | unsigned char *out; | ||
| 65 | long length; | ||
| 66 | RC2_KEY *ks; | ||
| 67 | unsigned char *iv; | ||
| 68 | int encrypt; | ||
| 69 | { | 64 | { |
| 70 | register unsigned long tin0,tin1; | 65 | register unsigned long tin0,tin1; |
| 71 | register unsigned long tout0,tout1,xor0,xor1; | 66 | register unsigned long tout0,tout1,xor0,xor1; |
| @@ -138,9 +133,7 @@ int encrypt; | |||
| 138 | tin[0]=tin[1]=0; | 133 | tin[0]=tin[1]=0; |
| 139 | } | 134 | } |
| 140 | 135 | ||
| 141 | void RC2_encrypt(d,key) | 136 | void RC2_encrypt(unsigned long *d, RC2_KEY *key) |
| 142 | unsigned long *d; | ||
| 143 | RC2_KEY *key; | ||
| 144 | { | 137 | { |
| 145 | int i,n; | 138 | int i,n; |
| 146 | register RC2_INT *p0,*p1; | 139 | register RC2_INT *p0,*p1; |
| @@ -185,9 +178,7 @@ RC2_KEY *key; | |||
| 185 | d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); | 178 | d[1]=(unsigned long)(x2&0xffff)|((unsigned long)(x3&0xffff)<<16L); |
| 186 | } | 179 | } |
| 187 | 180 | ||
| 188 | void RC2_decrypt(d,key) | 181 | void RC2_decrypt(unsigned long *d, RC2_KEY *key) |
| 189 | unsigned long *d; | ||
| 190 | RC2_KEY *key; | ||
| 191 | { | 182 | { |
| 192 | int i,n; | 183 | int i,n; |
| 193 | register RC2_INT *p0,*p1; | 184 | register RC2_INT *p0,*p1; |
diff --git a/src/lib/libcrypto/rc2/rc2_ecb.c b/src/lib/libcrypto/rc2/rc2_ecb.c index 96239cd4e0..d3e8c2718a 100644 --- a/src/lib/libcrypto/rc2/rc2_ecb.c +++ b/src/lib/libcrypto/rc2/rc2_ecb.c | |||
| @@ -56,10 +56,11 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc2.h" | 59 | #include <openssl/rc2.h> |
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *RC2_version="RC2" OPENSSL_VERSION_PTEXT; |
| 63 | 64 | ||
| 64 | /* RC2 as implemented frm a posting from | 65 | /* RC2 as implemented frm a posting from |
| 65 | * Newsgroups: sci.crypt | 66 | * Newsgroups: sci.crypt |
| @@ -69,11 +70,8 @@ char *RC2_version="RC2 part of SSLeay 0.9.0b 29-Jun-1998"; | |||
| 69 | * Date: 11 Feb 1996 06:45:03 GMT | 70 | * Date: 11 Feb 1996 06:45:03 GMT |
| 70 | */ | 71 | */ |
| 71 | 72 | ||
| 72 | void RC2_ecb_encrypt(in, out, ks, encrypt) | 73 | void RC2_ecb_encrypt(const unsigned char *in, unsigned char *out, RC2_KEY *ks, |
| 73 | unsigned char *in; | 74 | int encrypt) |
| 74 | unsigned char *out; | ||
| 75 | RC2_KEY *ks; | ||
| 76 | int encrypt; | ||
| 77 | { | 75 | { |
| 78 | unsigned long l,d[2]; | 76 | unsigned long l,d[2]; |
| 79 | 77 | ||
diff --git a/src/lib/libcrypto/rc2/rc2_skey.c b/src/lib/libcrypto/rc2/rc2_skey.c index 0f1f253395..cab3080c73 100644 --- a/src/lib/libcrypto/rc2/rc2_skey.c +++ b/src/lib/libcrypto/rc2/rc2_skey.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc2.h" | 59 | #include <openssl/rc2.h> |
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | 61 | ||
| 62 | static unsigned char key_table[256]={ | 62 | static unsigned char key_table[256]={ |
| @@ -90,11 +90,7 @@ static unsigned char key_table[256]={ | |||
| 90 | * BSAFE uses the 'retarded' version. What I previously shipped is | 90 | * BSAFE uses the 'retarded' version. What I previously shipped is |
| 91 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses | 91 | * the same as specifying 1024 for the 'bits' parameter. Bsafe uses |
| 92 | * a version where the bits parameter is the same as len*8 */ | 92 | * a version where the bits parameter is the same as len*8 */ |
| 93 | void RC2_set_key(key,len,data,bits) | 93 | void RC2_set_key(RC2_KEY *key, int len, const unsigned char *data, int bits) |
| 94 | RC2_KEY *key; | ||
| 95 | int len; | ||
| 96 | unsigned char *data; | ||
| 97 | int bits; | ||
| 98 | { | 94 | { |
| 99 | int i,j; | 95 | int i,j; |
| 100 | unsigned char *k; | 96 | unsigned char *k; |
diff --git a/src/lib/libcrypto/rc2/rc2cfb64.c b/src/lib/libcrypto/rc2/rc2cfb64.c index d409fb77e9..b3a0158a6e 100644 --- a/src/lib/libcrypto/rc2/rc2cfb64.c +++ b/src/lib/libcrypto/rc2/rc2cfb64.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc2.h" | 59 | #include <openssl/rc2.h> |
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit cfb mode is being | 62 | /* The input and output encrypted as though 64bit cfb mode is being |
| @@ -64,14 +64,9 @@ | |||
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | 66 | ||
| 67 | void RC2_cfb64_encrypt(in, out, length, schedule, ivec, num, encrypt) | 67 | void RC2_cfb64_encrypt(const unsigned char *in, unsigned char *out, |
| 68 | unsigned char *in; | 68 | long length, RC2_KEY *schedule, unsigned char *ivec, |
| 69 | unsigned char *out; | 69 | int *num, int encrypt) |
| 70 | long length; | ||
| 71 | RC2_KEY *schedule; | ||
| 72 | unsigned char *ivec; | ||
| 73 | int *num; | ||
| 74 | int encrypt; | ||
| 75 | { | 70 | { |
| 76 | register unsigned long v0,v1,t; | 71 | register unsigned long v0,v1,t; |
| 77 | register int n= *num; | 72 | register int n= *num; |
diff --git a/src/lib/libcrypto/rc2/rc2ofb64.c b/src/lib/libcrypto/rc2/rc2ofb64.c index 4f09167447..9e297867ed 100644 --- a/src/lib/libcrypto/rc2/rc2ofb64.c +++ b/src/lib/libcrypto/rc2/rc2ofb64.c | |||
| @@ -56,20 +56,16 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc2.h" | 59 | #include <openssl/rc2.h> |
| 60 | #include "rc2_locl.h" | 60 | #include "rc2_locl.h" |
| 61 | 61 | ||
| 62 | /* The input and output encrypted as though 64bit ofb mode is being | 62 | /* The input and output encrypted as though 64bit ofb mode is being |
| 63 | * used. The extra state information to record how much of the | 63 | * used. The extra state information to record how much of the |
| 64 | * 64bit block we have used is contained in *num; | 64 | * 64bit block we have used is contained in *num; |
| 65 | */ | 65 | */ |
| 66 | void RC2_ofb64_encrypt(in, out, length, schedule, ivec, num) | 66 | void RC2_ofb64_encrypt(const unsigned char *in, unsigned char *out, |
| 67 | unsigned char *in; | 67 | long length, RC2_KEY *schedule, unsigned char *ivec, |
| 68 | unsigned char *out; | 68 | int *num) |
| 69 | long length; | ||
| 70 | RC2_KEY *schedule; | ||
| 71 | unsigned char *ivec; | ||
| 72 | int *num; | ||
| 73 | { | 69 | { |
| 74 | register unsigned long v0,v1,t; | 70 | register unsigned long v0,v1,t; |
| 75 | register int n= *num; | 71 | register int n= *num; |
diff --git a/src/lib/libcrypto/rc4/asm/rc4-586.pl b/src/lib/libcrypto/rc4/asm/rc4-586.pl index 0dd8eb1ba9..7ef889e5a1 100644 --- a/src/lib/libcrypto/rc4/asm/rc4-586.pl +++ b/src/lib/libcrypto/rc4/asm/rc4-586.pl | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # define for pentium pro friendly version | 3 | # define for pentium pro friendly version |
| 4 | 4 | ||
diff --git a/src/lib/libcrypto/rc4/rc4.h b/src/lib/libcrypto/rc4/rc4.h index 7418c2a9a2..8722091f2e 100644 --- a/src/lib/libcrypto/rc4/rc4.h +++ b/src/lib/libcrypto/rc4/rc4.h | |||
| @@ -59,16 +59,16 @@ | |||
| 59 | #ifndef HEADER_RC4_H | 59 | #ifndef HEADER_RC4_H |
| 60 | #define HEADER_RC4_H | 60 | #define HEADER_RC4_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifdef OPENSSL_NO_RC4 |
| 63 | extern "C" { | ||
| 64 | #endif | ||
| 65 | |||
| 66 | #ifdef NO_RC4 | ||
| 67 | #error RC4 is disabled. | 63 | #error RC4 is disabled. |
| 68 | #endif | 64 | #endif |
| 69 | 65 | ||
| 70 | #include <openssl/opensslconf.h> /* RC4_INT */ | 66 | #include <openssl/opensslconf.h> /* RC4_INT */ |
| 71 | 67 | ||
| 68 | #ifdef __cplusplus | ||
| 69 | extern "C" { | ||
| 70 | #endif | ||
| 71 | |||
| 72 | typedef struct rc4_key_st | 72 | typedef struct rc4_key_st |
| 73 | { | 73 | { |
| 74 | RC4_INT x,y; | 74 | RC4_INT x,y; |
| @@ -77,8 +77,8 @@ typedef struct rc4_key_st | |||
| 77 | 77 | ||
| 78 | 78 | ||
| 79 | const char *RC4_options(void); | 79 | const char *RC4_options(void); |
| 80 | void RC4_set_key(RC4_KEY *key, int len, unsigned char *data); | 80 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data); |
| 81 | void RC4(RC4_KEY *key, unsigned long len, unsigned char *indata, | 81 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, |
| 82 | unsigned char *outdata); | 82 | unsigned char *outdata); |
| 83 | 83 | ||
| 84 | #ifdef __cplusplus | 84 | #ifdef __cplusplus |
diff --git a/src/lib/libcrypto/rc4/rc4_enc.c b/src/lib/libcrypto/rc4/rc4_enc.c index ab8a111b52..d5f18a3a70 100644 --- a/src/lib/libcrypto/rc4/rc4_enc.c +++ b/src/lib/libcrypto/rc4/rc4_enc.c | |||
| @@ -56,7 +56,7 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc4.h" | 59 | #include <openssl/rc4.h> |
| 60 | #include "rc4_locl.h" | 60 | #include "rc4_locl.h" |
| 61 | 61 | ||
| 62 | /* RC4 as implemented from a posting from | 62 | /* RC4 as implemented from a posting from |
| @@ -67,11 +67,8 @@ | |||
| 67 | * Date: Wed, 14 Sep 1994 06:35:31 GMT | 67 | * Date: Wed, 14 Sep 1994 06:35:31 GMT |
| 68 | */ | 68 | */ |
| 69 | 69 | ||
| 70 | void RC4(key, len, indata, outdata) | 70 | void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata, |
| 71 | RC4_KEY *key; | 71 | unsigned char *outdata) |
| 72 | unsigned long len; | ||
| 73 | unsigned char *indata; | ||
| 74 | unsigned char *outdata; | ||
| 75 | { | 72 | { |
| 76 | register RC4_INT *d; | 73 | register RC4_INT *d; |
| 77 | register RC4_INT x,y,tx,ty; | 74 | register RC4_INT x,y,tx,ty; |
| @@ -81,6 +78,190 @@ unsigned char *outdata; | |||
| 81 | y=key->y; | 78 | y=key->y; |
| 82 | d=key->data; | 79 | d=key->data; |
| 83 | 80 | ||
| 81 | #if defined(RC4_CHUNK) | ||
| 82 | /* | ||
| 83 | * The original reason for implementing this(*) was the fact that | ||
| 84 | * pre-21164a Alpha CPUs don't have byte load/store instructions | ||
| 85 | * and e.g. a byte store has to be done with 64-bit load, shift, | ||
| 86 | * and, or and finally 64-bit store. Peaking data and operating | ||
| 87 | * at natural word size made it possible to reduce amount of | ||
| 88 | * instructions as well as to perform early read-ahead without | ||
| 89 | * suffering from RAW (read-after-write) hazard. This resulted | ||
| 90 | * in ~40%(**) performance improvement on 21064 box with gcc. | ||
| 91 | * But it's not only Alpha users who win here:-) Thanks to the | ||
| 92 | * early-n-wide read-ahead this implementation also exhibits | ||
| 93 | * >40% speed-up on SPARC and 20-30% on 64-bit MIPS (depending | ||
| 94 | * on sizeof(RC4_INT)). | ||
| 95 | * | ||
| 96 | * (*) "this" means code which recognizes the case when input | ||
| 97 | * and output pointers appear to be aligned at natural CPU | ||
| 98 | * word boundary | ||
| 99 | * (**) i.e. according to 'apps/openssl speed rc4' benchmark, | ||
| 100 | * crypto/rc4/rc4speed.c exhibits almost 70% speed-up... | ||
| 101 | * | ||
| 102 | * Cavets. | ||
| 103 | * | ||
| 104 | * - RC4_CHUNK="unsigned long long" should be a #1 choice for | ||
| 105 | * UltraSPARC. Unfortunately gcc generates very slow code | ||
| 106 | * (2.5-3 times slower than one generated by Sun's WorkShop | ||
| 107 | * C) and therefore gcc (at least 2.95 and earlier) should | ||
| 108 | * always be told that RC4_CHUNK="unsigned long". | ||
| 109 | * | ||
| 110 | * <appro@fy.chalmers.se> | ||
| 111 | */ | ||
| 112 | |||
| 113 | # define RC4_STEP ( \ | ||
| 114 | x=(x+1) &0xff, \ | ||
| 115 | tx=d[x], \ | ||
| 116 | y=(tx+y)&0xff, \ | ||
| 117 | ty=d[y], \ | ||
| 118 | d[y]=tx, \ | ||
| 119 | d[x]=ty, \ | ||
| 120 | (RC4_CHUNK)d[(tx+ty)&0xff]\ | ||
| 121 | ) | ||
| 122 | |||
| 123 | if ( ( ((unsigned long)indata & (sizeof(RC4_CHUNK)-1)) | | ||
| 124 | ((unsigned long)outdata & (sizeof(RC4_CHUNK)-1)) ) == 0 ) | ||
| 125 | { | ||
| 126 | RC4_CHUNK ichunk,otp; | ||
| 127 | const union { long one; char little; } is_endian = {1}; | ||
| 128 | |||
| 129 | /* | ||
| 130 | * I reckon we can afford to implement both endian | ||
| 131 | * cases and to decide which way to take at run-time | ||
| 132 | * because the machine code appears to be very compact | ||
| 133 | * and redundant 1-2KB is perfectly tolerable (i.e. | ||
| 134 | * in case the compiler fails to eliminate it:-). By | ||
| 135 | * suggestion from Terrel Larson <terr@terralogic.net> | ||
| 136 | * who also stands for the is_endian union:-) | ||
| 137 | * | ||
| 138 | * Special notes. | ||
| 139 | * | ||
| 140 | * - is_endian is declared automatic as doing otherwise | ||
| 141 | * (declaring static) prevents gcc from eliminating | ||
| 142 | * the redundant code; | ||
| 143 | * - compilers (those I've tried) don't seem to have | ||
| 144 | * problems eliminating either the operators guarded | ||
| 145 | * by "if (sizeof(RC4_CHUNK)==8)" or the condition | ||
| 146 | * expressions themselves so I've got 'em to replace | ||
| 147 | * corresponding #ifdefs from the previous version; | ||
| 148 | * - I chose to let the redundant switch cases when | ||
| 149 | * sizeof(RC4_CHUNK)!=8 be (were also #ifdefed | ||
| 150 | * before); | ||
| 151 | * - in case you wonder "&(sizeof(RC4_CHUNK)*8-1)" in | ||
| 152 | * [LB]ESHFT guards against "shift is out of range" | ||
| 153 | * warnings when sizeof(RC4_CHUNK)!=8 | ||
| 154 | * | ||
| 155 | * <appro@fy.chalmers.se> | ||
| 156 | */ | ||
| 157 | if (!is_endian.little) | ||
| 158 | { /* BIG-ENDIAN CASE */ | ||
| 159 | # define BESHFT(c) (((sizeof(RC4_CHUNK)-(c)-1)*8)&(sizeof(RC4_CHUNK)*8-1)) | ||
| 160 | for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) | ||
| 161 | { | ||
| 162 | ichunk = *(RC4_CHUNK *)indata; | ||
| 163 | otp = RC4_STEP<<BESHFT(0); | ||
| 164 | otp |= RC4_STEP<<BESHFT(1); | ||
| 165 | otp |= RC4_STEP<<BESHFT(2); | ||
| 166 | otp |= RC4_STEP<<BESHFT(3); | ||
| 167 | if (sizeof(RC4_CHUNK)==8) | ||
| 168 | { | ||
| 169 | otp |= RC4_STEP<<BESHFT(4); | ||
| 170 | otp |= RC4_STEP<<BESHFT(5); | ||
| 171 | otp |= RC4_STEP<<BESHFT(6); | ||
| 172 | otp |= RC4_STEP<<BESHFT(7); | ||
| 173 | } | ||
| 174 | *(RC4_CHUNK *)outdata = otp^ichunk; | ||
| 175 | indata += sizeof(RC4_CHUNK); | ||
| 176 | outdata += sizeof(RC4_CHUNK); | ||
| 177 | } | ||
| 178 | if (len) | ||
| 179 | { | ||
| 180 | RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk; | ||
| 181 | |||
| 182 | ichunk = *(RC4_CHUNK *)indata; | ||
| 183 | ochunk = *(RC4_CHUNK *)outdata; | ||
| 184 | otp = 0; | ||
| 185 | i = BESHFT(0); | ||
| 186 | mask <<= (sizeof(RC4_CHUNK)-len)<<3; | ||
| 187 | switch (len&(sizeof(RC4_CHUNK)-1)) | ||
| 188 | { | ||
| 189 | case 7: otp = RC4_STEP<<i, i-=8; | ||
| 190 | case 6: otp |= RC4_STEP<<i, i-=8; | ||
| 191 | case 5: otp |= RC4_STEP<<i, i-=8; | ||
| 192 | case 4: otp |= RC4_STEP<<i, i-=8; | ||
| 193 | case 3: otp |= RC4_STEP<<i, i-=8; | ||
| 194 | case 2: otp |= RC4_STEP<<i, i-=8; | ||
| 195 | case 1: otp |= RC4_STEP<<i, i-=8; | ||
| 196 | case 0: ; /* | ||
| 197 | * it's never the case, | ||
| 198 | * but it has to be here | ||
| 199 | * for ultrix? | ||
| 200 | */ | ||
| 201 | } | ||
| 202 | ochunk &= ~mask; | ||
| 203 | ochunk |= (otp^ichunk) & mask; | ||
| 204 | *(RC4_CHUNK *)outdata = ochunk; | ||
| 205 | } | ||
| 206 | key->x=x; | ||
| 207 | key->y=y; | ||
| 208 | return; | ||
| 209 | } | ||
| 210 | else | ||
| 211 | { /* LITTLE-ENDIAN CASE */ | ||
| 212 | # define LESHFT(c) (((c)*8)&(sizeof(RC4_CHUNK)*8-1)) | ||
| 213 | for (;len&-sizeof(RC4_CHUNK);len-=sizeof(RC4_CHUNK)) | ||
| 214 | { | ||
| 215 | ichunk = *(RC4_CHUNK *)indata; | ||
| 216 | otp = RC4_STEP; | ||
| 217 | otp |= RC4_STEP<<8; | ||
| 218 | otp |= RC4_STEP<<16; | ||
| 219 | otp |= RC4_STEP<<24; | ||
| 220 | if (sizeof(RC4_CHUNK)==8) | ||
| 221 | { | ||
| 222 | otp |= RC4_STEP<<LESHFT(4); | ||
| 223 | otp |= RC4_STEP<<LESHFT(5); | ||
| 224 | otp |= RC4_STEP<<LESHFT(6); | ||
| 225 | otp |= RC4_STEP<<LESHFT(7); | ||
| 226 | } | ||
| 227 | *(RC4_CHUNK *)outdata = otp^ichunk; | ||
| 228 | indata += sizeof(RC4_CHUNK); | ||
| 229 | outdata += sizeof(RC4_CHUNK); | ||
| 230 | } | ||
| 231 | if (len) | ||
| 232 | { | ||
| 233 | RC4_CHUNK mask=(RC4_CHUNK)-1, ochunk; | ||
| 234 | |||
| 235 | ichunk = *(RC4_CHUNK *)indata; | ||
| 236 | ochunk = *(RC4_CHUNK *)outdata; | ||
| 237 | otp = 0; | ||
| 238 | i = 0; | ||
| 239 | mask >>= (sizeof(RC4_CHUNK)-len)<<3; | ||
| 240 | switch (len&(sizeof(RC4_CHUNK)-1)) | ||
| 241 | { | ||
| 242 | case 7: otp = RC4_STEP, i+=8; | ||
| 243 | case 6: otp |= RC4_STEP<<i, i+=8; | ||
| 244 | case 5: otp |= RC4_STEP<<i, i+=8; | ||
| 245 | case 4: otp |= RC4_STEP<<i, i+=8; | ||
| 246 | case 3: otp |= RC4_STEP<<i, i+=8; | ||
| 247 | case 2: otp |= RC4_STEP<<i, i+=8; | ||
| 248 | case 1: otp |= RC4_STEP<<i, i+=8; | ||
| 249 | case 0: ; /* | ||
| 250 | * it's never the case, | ||
| 251 | * but it has to be here | ||
| 252 | * for ultrix? | ||
| 253 | */ | ||
| 254 | } | ||
| 255 | ochunk &= ~mask; | ||
| 256 | ochunk |= (otp^ichunk) & mask; | ||
| 257 | *(RC4_CHUNK *)outdata = ochunk; | ||
| 258 | } | ||
| 259 | key->x=x; | ||
| 260 | key->y=y; | ||
| 261 | return; | ||
| 262 | } | ||
| 263 | } | ||
| 264 | #endif | ||
| 84 | #define LOOP(in,out) \ | 265 | #define LOOP(in,out) \ |
| 85 | x=((x+1)&0xff); \ | 266 | x=((x+1)&0xff); \ |
| 86 | tx=d[x]; \ | 267 | tx=d[x]; \ |
| @@ -95,7 +276,6 @@ unsigned char *outdata; | |||
| 95 | #define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) | 276 | #define RC4_LOOP(a,b,i) LOOP(a[i],b[i]) |
| 96 | #endif | 277 | #endif |
| 97 | 278 | ||
| 98 | i= -(int)len; | ||
| 99 | i=(int)(len>>3L); | 279 | i=(int)(len>>3L); |
| 100 | if (i) | 280 | if (i) |
| 101 | { | 281 | { |
diff --git a/src/lib/libcrypto/rc4/rc4_skey.c b/src/lib/libcrypto/rc4/rc4_skey.c index 0be5fde67b..bb10c1ebe2 100644 --- a/src/lib/libcrypto/rc4/rc4_skey.c +++ b/src/lib/libcrypto/rc4/rc4_skey.c | |||
| @@ -56,12 +56,13 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include "rc4.h" | 59 | #include <openssl/rc4.h> |
| 60 | #include "rc4_locl.h" | 60 | #include "rc4_locl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *RC4_version="RC4 part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *RC4_version="RC4" OPENSSL_VERSION_PTEXT; |
| 63 | 64 | ||
| 64 | char *RC4_options() | 65 | const char *RC4_options(void) |
| 65 | { | 66 | { |
| 66 | #ifdef RC4_INDEX | 67 | #ifdef RC4_INDEX |
| 67 | if (sizeof(RC4_INT) == 1) | 68 | if (sizeof(RC4_INT) == 1) |
| @@ -84,10 +85,7 @@ char *RC4_options() | |||
| 84 | * Date: Wed, 14 Sep 1994 06:35:31 GMT | 85 | * Date: Wed, 14 Sep 1994 06:35:31 GMT |
| 85 | */ | 86 | */ |
| 86 | 87 | ||
| 87 | void RC4_set_key(key, len, data) | 88 | void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data) |
| 88 | RC4_KEY *key; | ||
| 89 | int len; | ||
| 90 | register unsigned char *data; | ||
| 91 | { | 89 | { |
| 92 | register RC4_INT tmp; | 90 | register RC4_INT tmp; |
| 93 | register int id1,id2; | 91 | register int id1,id2; |
diff --git a/src/lib/libcrypto/ripemd/asm/rmd-586.pl b/src/lib/libcrypto/ripemd/asm/rmd-586.pl index dc3f6c792e..0ab6f76bff 100644 --- a/src/lib/libcrypto/ripemd/asm/rmd-586.pl +++ b/src/lib/libcrypto/ripemd/asm/rmd-586.pl | |||
| @@ -1,9 +1,7 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | # Normal is the | 3 | # Normal is the |
| 4 | # ripemd160_block_x86(MD5_CTX *c, ULONG *X); | 4 | # ripemd160_block_asm_host_order(RIPEMD160_CTX *c, ULONG *X,int blocks); |
| 5 | # version, non-normal is the | ||
| 6 | # ripemd160_block_x86(MD5_CTX *c, ULONG *X,int blocks); | ||
| 7 | 5 | ||
| 8 | $normal=0; | 6 | $normal=0; |
| 9 | 7 | ||
| @@ -12,13 +10,13 @@ require "x86asm.pl"; | |||
| 12 | 10 | ||
| 13 | &asm_init($ARGV[0],$0); | 11 | &asm_init($ARGV[0],$0); |
| 14 | 12 | ||
| 15 | $A="eax"; | 13 | $A="ecx"; |
| 16 | $B="ebx"; | 14 | $B="esi"; |
| 17 | $C="ecx"; | 15 | $C="edi"; |
| 18 | $D="edx"; | 16 | $D="ebx"; |
| 19 | $E="ebp"; | 17 | $E="ebp"; |
| 20 | $tmp1="esi"; | 18 | $tmp1="eax"; |
| 21 | $tmp2="edi"; | 19 | $tmp2="edx"; |
| 22 | 20 | ||
| 23 | $KL1=0x5A827999; | 21 | $KL1=0x5A827999; |
| 24 | $KL2=0x6ED9EBA1; | 22 | $KL2=0x6ED9EBA1; |
| @@ -58,13 +56,13 @@ $KR3=0x7A6D76E9; | |||
| 58 | 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, | 56 | 8, 5,12, 9,12, 5,14, 6, 8,13, 6, 5,15,13,11,11, |
| 59 | ); | 57 | ); |
| 60 | 58 | ||
| 61 | &ripemd160_block("ripemd160_block_x86"); | 59 | &ripemd160_block("ripemd160_block_asm_host_order"); |
| 62 | &asm_finish(); | 60 | &asm_finish(); |
| 63 | 61 | ||
| 64 | sub Xv | 62 | sub Xv |
| 65 | { | 63 | { |
| 66 | local($n)=@_; | 64 | local($n)=@_; |
| 67 | return(&swtmp($n+1)); | 65 | return(&swtmp($n)); |
| 68 | # tmp on stack | 66 | # tmp on stack |
| 69 | } | 67 | } |
| 70 | 68 | ||
| @@ -82,7 +80,7 @@ sub RIP1 | |||
| 82 | &comment($p++); | 80 | &comment($p++); |
| 83 | if ($p & 1) | 81 | if ($p & 1) |
| 84 | { | 82 | { |
| 85 | &mov($tmp1, $c) if $o == -1; | 83 | #&mov($tmp1, $c) if $o == -1; |
| 86 | &xor($tmp1, $d) if $o == -1; | 84 | &xor($tmp1, $d) if $o == -1; |
| 87 | &mov($tmp2, &Xv($pos)); | 85 | &mov($tmp2, &Xv($pos)); |
| 88 | &xor($tmp1, $b); | 86 | &xor($tmp1, $b); |
| @@ -290,7 +288,7 @@ sub RIP5 | |||
| 290 | &rotl($c, 10); | 288 | &rotl($c, 10); |
| 291 | &lea($a, &DWP($K,$a,$tmp1,1)); | 289 | &lea($a, &DWP($K,$a,$tmp1,1)); |
| 292 | &sub($tmp2, &Np($d)) if $o <= 0; | 290 | &sub($tmp2, &Np($d)) if $o <= 0; |
| 293 | &mov(&swtmp(1+16), $A) if $o == 1; | 291 | &mov(&swtmp(16), $A) if $o == 1; |
| 294 | &mov($tmp1, &Np($d)) if $o == 2; | 292 | &mov($tmp1, &Np($d)) if $o == 2; |
| 295 | &rotl($a, $s); | 293 | &rotl($a, $s); |
| 296 | &add($a, $e); | 294 | &add($a, $e); |
| @@ -310,19 +308,25 @@ sub ripemd160_block | |||
| 310 | # D 12 | 308 | # D 12 |
| 311 | # E 16 | 309 | # E 16 |
| 312 | 310 | ||
| 311 | &mov($tmp2, &wparam(0)); | ||
| 312 | &mov($tmp1, &wparam(1)); | ||
| 313 | &push("esi"); | 313 | &push("esi"); |
| 314 | &mov($C, &wparam(2)); | 314 | &mov($A, &DWP( 0,$tmp2,"",0)); |
| 315 | &push("edi"); | 315 | &push("edi"); |
| 316 | &mov($tmp1, &wparam(1)); # edi | 316 | &mov($B, &DWP( 4,$tmp2,"",0)); |
| 317 | &push("ebp"); | 317 | &push("ebp"); |
| 318 | &add($C, $tmp1); # offset we end at | 318 | &mov($C, &DWP( 8,$tmp2,"",0)); |
| 319 | &push("ebx"); | 319 | &push("ebx"); |
| 320 | &sub($C, 64); | 320 | &stack_push(16+5+6); |
| 321 | &stack_push(16+5+1); | 321 | # Special comment about the figure of 6. |
| 322 | # XXX | 322 | # Idea is to pad the current frame so |
| 323 | 323 | # that the top of the stack gets fairly | |
| 324 | &mov(&swtmp(0), $C); | 324 | # aligned. Well, as you realize it would |
| 325 | &mov($tmp2, &wparam(0)); # Done at end of loop | 325 | # always depend on how the frame below is |
| 326 | # aligned. The good news are that gcc-2.95 | ||
| 327 | # and later does keep first argument at | ||
| 328 | # least double-wise aligned. | ||
| 329 | # <appro@fy.chalmers.se> | ||
| 326 | 330 | ||
| 327 | &set_label("start") unless $normal; | 331 | &set_label("start") unless $normal; |
| 328 | &comment(""); | 332 | &comment(""); |
| @@ -332,16 +336,12 @@ sub ripemd160_block | |||
| 332 | 336 | ||
| 333 | for ($z=0; $z<16; $z+=2) | 337 | for ($z=0; $z<16; $z+=2) |
| 334 | { | 338 | { |
| 335 | &mov($A, &DWP( $z*4,$tmp1,"",0)); | 339 | &mov($D, &DWP( $z*4,$tmp1,"",0)); |
| 336 | &mov($B, &DWP( ($z+1)*4,$tmp1,"",0)); | 340 | &mov($E, &DWP( ($z+1)*4,$tmp1,"",0)); |
| 337 | &mov(&swtmp(1+$z), $A); | 341 | &mov(&swtmp($z), $D); |
| 338 | &mov(&swtmp(1+$z+1), $B); | 342 | &mov(&swtmp($z+1), $E); |
| 339 | } | 343 | } |
| 340 | &add($tmp1, 64); | 344 | &mov($tmp1, $C); |
| 341 | &mov($A, &DWP( 0,$tmp2,"",0)); | ||
| 342 | &mov(&wparam(1),$tmp1); | ||
| 343 | &mov($B, &DWP( 4,$tmp2,"",0)); | ||
| 344 | &mov($C, &DWP( 8,$tmp2,"",0)); | ||
| 345 | &mov($D, &DWP(12,$tmp2,"",0)); | 345 | &mov($D, &DWP(12,$tmp2,"",0)); |
| 346 | &mov($E, &DWP(16,$tmp2,"",0)); | 346 | &mov($E, &DWP(16,$tmp2,"",0)); |
| 347 | 347 | ||
| @@ -431,14 +431,14 @@ sub ripemd160_block | |||
| 431 | &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1); | 431 | &RIP5($B,$C,$D,$E,$A,$wl[79],$sl[79],$KL4,1); |
| 432 | 432 | ||
| 433 | # &mov($tmp2, &wparam(0)); # moved into last RIP5 | 433 | # &mov($tmp2, &wparam(0)); # moved into last RIP5 |
| 434 | # &mov(&swtmp(1+16), $A); | 434 | # &mov(&swtmp(16), $A); |
| 435 | &mov($A, &DWP( 0,$tmp2,"",0)); | 435 | &mov($A, &DWP( 0,$tmp2,"",0)); |
| 436 | &mov(&swtmp(1+17), $B); | 436 | &mov(&swtmp(16+1), $B); |
| 437 | &mov(&swtmp(1+18), $C); | 437 | &mov(&swtmp(16+2), $C); |
| 438 | &mov($B, &DWP( 4,$tmp2,"",0)); | 438 | &mov($B, &DWP( 4,$tmp2,"",0)); |
| 439 | &mov(&swtmp(1+19), $D); | 439 | &mov(&swtmp(16+3), $D); |
| 440 | &mov($C, &DWP( 8,$tmp2,"",0)); | 440 | &mov($C, &DWP( 8,$tmp2,"",0)); |
| 441 | &mov(&swtmp(1+20), $E); | 441 | &mov(&swtmp(16+4), $E); |
| 442 | &mov($D, &DWP(12,$tmp2,"",0)); | 442 | &mov($D, &DWP(12,$tmp2,"",0)); |
| 443 | &mov($E, &DWP(16,$tmp2,"",0)); | 443 | &mov($E, &DWP(16,$tmp2,"",0)); |
| 444 | 444 | ||
| @@ -530,47 +530,55 @@ sub ripemd160_block | |||
| 530 | # &mov($tmp2, &wparam(0)); # Moved into last round | 530 | # &mov($tmp2, &wparam(0)); # Moved into last round |
| 531 | 531 | ||
| 532 | &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B | 532 | &mov($tmp1, &DWP( 4,$tmp2,"",0)); # ctx->B |
| 533 | &add($D, $tmp1); | 533 | &add($D, $tmp1); |
| 534 | &mov($tmp1, &swtmp(1+18)); # $c | 534 | &mov($tmp1, &swtmp(16+2)); # $c |
| 535 | &add($D, $tmp1); | 535 | &add($D, $tmp1); |
| 536 | 536 | ||
| 537 | &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C | 537 | &mov($tmp1, &DWP( 8,$tmp2,"",0)); # ctx->C |
| 538 | &add($E, $tmp1); | 538 | &add($E, $tmp1); |
| 539 | &mov($tmp1, &swtmp(1+19)); # $d | 539 | &mov($tmp1, &swtmp(16+3)); # $d |
| 540 | &add($E, $tmp1); | 540 | &add($E, $tmp1); |
| 541 | 541 | ||
| 542 | &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D | 542 | &mov($tmp1, &DWP(12,$tmp2,"",0)); # ctx->D |
| 543 | &add($A, $tmp1); | 543 | &add($A, $tmp1); |
| 544 | &mov($tmp1, &swtmp(1+20)); # $e | 544 | &mov($tmp1, &swtmp(16+4)); # $e |
| 545 | &add($A, $tmp1); | 545 | &add($A, $tmp1); |
| 546 | 546 | ||
| 547 | 547 | ||
| 548 | &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E | 548 | &mov($tmp1, &DWP(16,$tmp2,"",0)); # ctx->E |
| 549 | &add($B, $tmp1); | 549 | &add($B, $tmp1); |
| 550 | &mov($tmp1, &swtmp(1+16)); # $a | 550 | &mov($tmp1, &swtmp(16+0)); # $a |
| 551 | &add($B, $tmp1); | 551 | &add($B, $tmp1); |
| 552 | 552 | ||
| 553 | &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A | 553 | &mov($tmp1, &DWP( 0,$tmp2,"",0)); # ctx->A |
| 554 | &add($C, $tmp1); | 554 | &add($C, $tmp1); |
| 555 | &mov($tmp1, &swtmp(1+17)); # $b | 555 | &mov($tmp1, &swtmp(16+1)); # $b |
| 556 | &add($C, $tmp1); | 556 | &add($C, $tmp1); |
| 557 | 557 | ||
| 558 | &mov($tmp1, &wparam(2)); | ||
| 559 | |||
| 558 | &mov(&DWP( 0,$tmp2,"",0), $D); | 560 | &mov(&DWP( 0,$tmp2,"",0), $D); |
| 559 | &mov(&DWP( 4,$tmp2,"",0), $E); | 561 | &mov(&DWP( 4,$tmp2,"",0), $E); |
| 560 | &mov(&DWP( 8,$tmp2,"",0), $A); | 562 | &mov(&DWP( 8,$tmp2,"",0), $A); |
| 561 | &mov(&DWP(12,$tmp2,"",0), $B); | 563 | &sub($tmp1,1); |
| 562 | &mov(&DWP(16,$tmp2,"",0), $C); | 564 | &mov(&DWP(12,$tmp2,"",0), $B); |
| 565 | &mov(&DWP(16,$tmp2,"",0), $C); | ||
| 563 | 566 | ||
| 564 | &mov($tmp2, &swtmp(0)); | 567 | &jle(&label("get_out")); |
| 565 | &mov($tmp1, &wparam(1)); | 568 | |
| 569 | &mov(&wparam(2),$tmp1); | ||
| 570 | &mov($C, $A); | ||
| 571 | &mov($tmp1, &wparam(1)); | ||
| 572 | &mov($A, $D); | ||
| 573 | &add($tmp1, 64); | ||
| 574 | &mov($B, $E); | ||
| 575 | &mov(&wparam(1),$tmp1); | ||
| 566 | 576 | ||
| 567 | &cmp($tmp2,$tmp1); | 577 | &jmp(&label("start")); |
| 568 | &mov($tmp2, &wparam(0)); | ||
| 569 | 578 | ||
| 570 | # XXX | 579 | &set_label("get_out"); |
| 571 | &jge(&label("start")); | ||
| 572 | 580 | ||
| 573 | &stack_pop(16+5+1); | 581 | &stack_pop(16+5+6); |
| 574 | 582 | ||
| 575 | &pop("ebx"); | 583 | &pop("ebx"); |
| 576 | &pop("ebp"); | 584 | &pop("ebp"); |
diff --git a/src/lib/libcrypto/ripemd/ripemd.h b/src/lib/libcrypto/ripemd/ripemd.h index a3bc6e3ab2..78d5f36560 100644 --- a/src/lib/libcrypto/ripemd/ripemd.h +++ b/src/lib/libcrypto/ripemd/ripemd.h | |||
| @@ -59,39 +59,43 @@ | |||
| 59 | #ifndef HEADER_RIPEMD_H | 59 | #ifndef HEADER_RIPEMD_H |
| 60 | #define HEADER_RIPEMD_H | 60 | #define HEADER_RIPEMD_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 68 | #ifdef OPENSSL_NO_RIPEMD | ||
| 69 | #error RIPEMD is disabled. | ||
| 70 | #endif | ||
| 71 | |||
| 72 | #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) | ||
| 73 | #define RIPEMD160_LONG unsigned long | ||
| 74 | #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) | ||
| 75 | #define RIPEMD160_LONG unsigned long | ||
| 76 | #define RIPEMD160_LONG_LOG2 3 | ||
| 77 | #else | ||
| 78 | #define RIPEMD160_LONG unsigned int | ||
| 79 | #endif | ||
| 80 | |||
| 66 | #define RIPEMD160_CBLOCK 64 | 81 | #define RIPEMD160_CBLOCK 64 |
| 67 | #define RIPEMD160_LBLOCK 16 | 82 | #define RIPEMD160_LBLOCK (RIPEMD160_CBLOCK/4) |
| 68 | #define RIPEMD160_BLOCK 16 | ||
| 69 | #define RIPEMD160_LAST_BLOCK 56 | ||
| 70 | #define RIPEMD160_LENGTH_BLOCK 8 | ||
| 71 | #define RIPEMD160_DIGEST_LENGTH 20 | 83 | #define RIPEMD160_DIGEST_LENGTH 20 |
| 72 | 84 | ||
| 73 | typedef struct RIPEMD160state_st | 85 | typedef struct RIPEMD160state_st |
| 74 | { | 86 | { |
| 75 | unsigned long A,B,C,D,E; | 87 | RIPEMD160_LONG A,B,C,D,E; |
| 76 | unsigned long Nl,Nh; | 88 | RIPEMD160_LONG Nl,Nh; |
| 77 | unsigned long data[RIPEMD160_LBLOCK]; | 89 | RIPEMD160_LONG data[RIPEMD160_LBLOCK]; |
| 78 | int num; | 90 | int num; |
| 79 | } RIPEMD160_CTX; | 91 | } RIPEMD160_CTX; |
| 80 | 92 | ||
| 81 | #ifndef NOPROTO | 93 | int RIPEMD160_Init(RIPEMD160_CTX *c); |
| 82 | void RIPEMD160_Init(RIPEMD160_CTX *c); | 94 | int RIPEMD160_Update(RIPEMD160_CTX *c, const void *data, unsigned long len); |
| 83 | void RIPEMD160_Update(RIPEMD160_CTX *c, unsigned char *data, unsigned long len); | 95 | int RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); |
| 84 | void RIPEMD160_Final(unsigned char *md, RIPEMD160_CTX *c); | 96 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, |
| 85 | unsigned char *RIPEMD160(unsigned char *d, unsigned long n, unsigned char *md); | 97 | unsigned char *md); |
| 86 | void RIPEMD160_Transform(RIPEMD160_CTX *c, unsigned char *b); | 98 | void RIPEMD160_Transform(RIPEMD160_CTX *c, const unsigned char *b); |
| 87 | #else | ||
| 88 | void RIPEMD160_Init(); | ||
| 89 | void RIPEMD160_Update(); | ||
| 90 | void RIPEMD160_Final(); | ||
| 91 | unsigned char *RIPEMD160(); | ||
| 92 | void RIPEMD160_Transform(); | ||
| 93 | #endif | ||
| 94 | |||
| 95 | #ifdef __cplusplus | 99 | #ifdef __cplusplus |
| 96 | } | 100 | } |
| 97 | #endif | 101 | #endif |
diff --git a/src/lib/libcrypto/ripemd/rmd_dgst.c b/src/lib/libcrypto/ripemd/rmd_dgst.c index 210de1977d..a3170f7c8a 100644 --- a/src/lib/libcrypto/ripemd/rmd_dgst.c +++ b/src/lib/libcrypto/ripemd/rmd_dgst.c | |||
| @@ -58,27 +58,18 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "rmd_locl.h" | 60 | #include "rmd_locl.h" |
| 61 | #include <openssl/opensslv.h> | ||
| 61 | 62 | ||
| 62 | char *RMD160_version="RIPEMD160 part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *RMD160_version="RIPE-MD160" OPENSSL_VERSION_PTEXT; |
| 63 | 64 | ||
| 64 | #ifndef NOPROTO | ||
| 65 | # ifdef RMD160_ASM | 65 | # ifdef RMD160_ASM |
| 66 | void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num); | 66 | void ripemd160_block_x86(RIPEMD160_CTX *c, unsigned long *p,int num); |
| 67 | # define ripemd160_block ripemd160_block_x86 | 67 | # define ripemd160_block ripemd160_block_x86 |
| 68 | # else | 68 | # else |
| 69 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); | 69 | void ripemd160_block(RIPEMD160_CTX *c, unsigned long *p,int num); |
| 70 | # endif | 70 | # endif |
| 71 | #else | ||
| 72 | # ifdef RMD160_ASM | ||
| 73 | void ripemd160_block_x86(); | ||
| 74 | # define ripemd160_block ripemd160_block_x86 | ||
| 75 | # else | ||
| 76 | static void ripemd160_block(); | ||
| 77 | # endif | ||
| 78 | #endif | ||
| 79 | 71 | ||
| 80 | void RIPEMD160_Init(c) | 72 | int RIPEMD160_Init(RIPEMD160_CTX *c) |
| 81 | RIPEMD160_CTX *c; | ||
| 82 | { | 73 | { |
| 83 | c->A=RIPEMD160_A; | 74 | c->A=RIPEMD160_A; |
| 84 | c->B=RIPEMD160_B; | 75 | c->B=RIPEMD160_B; |
| @@ -88,189 +79,24 @@ RIPEMD160_CTX *c; | |||
| 88 | c->Nl=0; | 79 | c->Nl=0; |
| 89 | c->Nh=0; | 80 | c->Nh=0; |
| 90 | c->num=0; | 81 | c->num=0; |
| 82 | return 1; | ||
| 91 | } | 83 | } |
| 92 | 84 | ||
| 93 | void RIPEMD160_Update(c, data, len) | 85 | #ifndef ripemd160_block_host_order |
| 94 | RIPEMD160_CTX *c; | 86 | #ifdef X |
| 95 | register unsigned char *data; | 87 | #undef X |
| 96 | unsigned long len; | ||
| 97 | { | ||
| 98 | register ULONG *p; | ||
| 99 | int sw,sc; | ||
| 100 | ULONG l; | ||
| 101 | |||
| 102 | if (len == 0) return; | ||
| 103 | |||
| 104 | l=(c->Nl+(len<<3))&0xffffffffL; | ||
| 105 | if (l < c->Nl) /* overflow */ | ||
| 106 | c->Nh++; | ||
| 107 | c->Nh+=(len>>29); | ||
| 108 | c->Nl=l; | ||
| 109 | |||
| 110 | if (c->num != 0) | ||
| 111 | { | ||
| 112 | p=c->data; | ||
| 113 | sw=c->num>>2; | ||
| 114 | sc=c->num&0x03; | ||
| 115 | |||
| 116 | if ((c->num+len) >= RIPEMD160_CBLOCK) | ||
| 117 | { | ||
| 118 | l= p[sw]; | ||
| 119 | p_c2l(data,l,sc); | ||
| 120 | p[sw++]=l; | ||
| 121 | for (; sw<RIPEMD160_LBLOCK; sw++) | ||
| 122 | { | ||
| 123 | c2l(data,l); | ||
| 124 | p[sw]=l; | ||
| 125 | } | ||
| 126 | len-=(RIPEMD160_CBLOCK-c->num); | ||
| 127 | |||
| 128 | ripemd160_block(c,p,64); | ||
| 129 | c->num=0; | ||
| 130 | /* drop through and do the rest */ | ||
| 131 | } | ||
| 132 | else | ||
| 133 | { | ||
| 134 | int ew,ec; | ||
| 135 | |||
| 136 | c->num+=(int)len; | ||
| 137 | if ((sc+len) < 4) /* ugly, add char's to a word */ | ||
| 138 | { | ||
| 139 | l= p[sw]; | ||
| 140 | p_c2l_p(data,l,sc,len); | ||
| 141 | p[sw]=l; | ||
| 142 | } | ||
| 143 | else | ||
| 144 | { | ||
| 145 | ew=(c->num>>2); | ||
| 146 | ec=(c->num&0x03); | ||
| 147 | l= p[sw]; | ||
| 148 | p_c2l(data,l,sc); | ||
| 149 | p[sw++]=l; | ||
| 150 | for (; sw < ew; sw++) | ||
| 151 | { c2l(data,l); p[sw]=l; } | ||
| 152 | if (ec) | ||
| 153 | { | ||
| 154 | c2l_p(data,l,ec); | ||
| 155 | p[sw]=l; | ||
| 156 | } | ||
| 157 | } | ||
| 158 | return; | ||
| 159 | } | ||
| 160 | } | ||
| 161 | /* we now can process the input data in blocks of RIPEMD160_CBLOCK | ||
| 162 | * chars and save the leftovers to c->data. */ | ||
| 163 | #ifdef L_ENDIAN | ||
| 164 | if ((((unsigned long)data)%sizeof(ULONG)) == 0) | ||
| 165 | { | ||
| 166 | sw=(int)len/RIPEMD160_CBLOCK; | ||
| 167 | if (sw > 0) | ||
| 168 | { | ||
| 169 | sw*=RIPEMD160_CBLOCK; | ||
| 170 | ripemd160_block(c,(ULONG *)data,sw); | ||
| 171 | data+=sw; | ||
| 172 | len-=sw; | ||
| 173 | } | ||
| 174 | } | ||
| 175 | #endif | 88 | #endif |
| 176 | p=c->data; | 89 | #define X(i) XX[i] |
| 177 | while (len >= RIPEMD160_CBLOCK) | 90 | void ripemd160_block_host_order (RIPEMD160_CTX *ctx, const void *p, int num) |
| 178 | { | ||
| 179 | #if defined(L_ENDIAN) || defined(B_ENDIAN) | ||
| 180 | if (p != (unsigned long *)data) | ||
| 181 | memcpy(p,data,RIPEMD160_CBLOCK); | ||
| 182 | data+=RIPEMD160_CBLOCK; | ||
| 183 | #ifdef B_ENDIAN | ||
| 184 | for (sw=(RIPEMD160_LBLOCK/4); sw; sw--) | ||
| 185 | { | ||
| 186 | Endian_Reverse32(p[0]); | ||
| 187 | Endian_Reverse32(p[1]); | ||
| 188 | Endian_Reverse32(p[2]); | ||
| 189 | Endian_Reverse32(p[3]); | ||
| 190 | p+=4; | ||
| 191 | } | ||
| 192 | #endif | ||
| 193 | #else | ||
| 194 | for (sw=(RIPEMD160_LBLOCK/4); sw; sw--) | ||
| 195 | { | ||
| 196 | c2l(data,l); *(p++)=l; | ||
| 197 | c2l(data,l); *(p++)=l; | ||
| 198 | c2l(data,l); *(p++)=l; | ||
| 199 | c2l(data,l); *(p++)=l; | ||
| 200 | } | ||
| 201 | #endif | ||
| 202 | p=c->data; | ||
| 203 | ripemd160_block(c,p,64); | ||
| 204 | len-=RIPEMD160_CBLOCK; | ||
| 205 | } | ||
| 206 | sc=(int)len; | ||
| 207 | c->num=sc; | ||
| 208 | if (sc) | ||
| 209 | { | ||
| 210 | sw=sc>>2; /* words to copy */ | ||
| 211 | #ifdef L_ENDIAN | ||
| 212 | p[sw]=0; | ||
| 213 | memcpy(p,data,sc); | ||
| 214 | #else | ||
| 215 | sc&=0x03; | ||
| 216 | for ( ; sw; sw--) | ||
| 217 | { c2l(data,l); *(p++)=l; } | ||
| 218 | c2l_p(data,l,sc); | ||
| 219 | *p=l; | ||
| 220 | #endif | ||
| 221 | } | ||
| 222 | } | ||
| 223 | |||
| 224 | void RIPEMD160_Transform(c,b) | ||
| 225 | RIPEMD160_CTX *c; | ||
| 226 | unsigned char *b; | ||
| 227 | { | 91 | { |
| 228 | ULONG p[16]; | 92 | const RIPEMD160_LONG *XX=p; |
| 229 | #if !defined(L_ENDIAN) | 93 | register unsigned long A,B,C,D,E; |
| 230 | ULONG *q; | 94 | register unsigned long a,b,c,d,e; |
| 231 | int i; | ||
| 232 | #endif | ||
| 233 | 95 | ||
| 234 | #if defined(B_ENDIAN) || defined(L_ENDIAN) | 96 | for (;num--;XX+=HASH_LBLOCK) |
| 235 | memcpy(p,b,64); | ||
| 236 | #ifdef B_ENDIAN | ||
| 237 | q=p; | ||
| 238 | for (i=(RIPEMD160_LBLOCK/4); i; i--) | ||
| 239 | { | ||
| 240 | Endian_Reverse32(q[0]); | ||
| 241 | Endian_Reverse32(q[1]); | ||
| 242 | Endian_Reverse32(q[2]); | ||
| 243 | Endian_Reverse32(q[3]); | ||
| 244 | q+=4; | ||
| 245 | } | ||
| 246 | #endif | ||
| 247 | #else | ||
| 248 | q=p; | ||
| 249 | for (i=(RIPEMD160_LBLOCK/4); i; i--) | ||
| 250 | { | 97 | { |
| 251 | ULONG l; | ||
| 252 | c2l(b,l); *(q++)=l; | ||
| 253 | c2l(b,l); *(q++)=l; | ||
| 254 | c2l(b,l); *(q++)=l; | ||
| 255 | c2l(b,l); *(q++)=l; | ||
| 256 | } | ||
| 257 | #endif | ||
| 258 | ripemd160_block(c,p,64); | ||
| 259 | } | ||
| 260 | |||
| 261 | #ifndef RMD160_ASM | ||
| 262 | |||
| 263 | void ripemd160_block(ctx, X, num) | ||
| 264 | RIPEMD160_CTX *ctx; | ||
| 265 | register ULONG *X; | ||
| 266 | int num; | ||
| 267 | { | ||
| 268 | register ULONG A,B,C,D,E; | ||
| 269 | ULONG a,b,c,d,e; | ||
| 270 | 98 | ||
| 271 | for (;;) | 99 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; |
| 272 | { | ||
| 273 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | ||
| 274 | 100 | ||
| 275 | RIP1(A,B,C,D,E,WL00,SL00); | 101 | RIP1(A,B,C,D,E,WL00,SL00); |
| 276 | RIP1(E,A,B,C,D,WL01,SL01); | 102 | RIP1(E,A,B,C,D,WL01,SL01); |
| @@ -453,83 +279,216 @@ int num; | |||
| 453 | ctx->E=ctx->A+b+C; | 279 | ctx->E=ctx->A+b+C; |
| 454 | ctx->A=D; | 280 | ctx->A=D; |
| 455 | 281 | ||
| 456 | X+=16; | ||
| 457 | num-=64; | ||
| 458 | if (num <= 0) break; | ||
| 459 | } | 282 | } |
| 460 | } | 283 | } |
| 461 | #endif | 284 | #endif |
| 462 | 285 | ||
| 463 | void RIPEMD160_Final(md, c) | 286 | #ifndef ripemd160_block_data_order |
| 464 | unsigned char *md; | 287 | #ifdef X |
| 465 | RIPEMD160_CTX *c; | 288 | #undef X |
| 289 | #endif | ||
| 290 | void ripemd160_block_data_order (RIPEMD160_CTX *ctx, const void *p, int num) | ||
| 466 | { | 291 | { |
| 467 | register int i,j; | 292 | const unsigned char *data=p; |
| 468 | register ULONG l; | 293 | register unsigned long A,B,C,D,E; |
| 469 | register ULONG *p; | 294 | unsigned long a,b,c,d,e,l; |
| 470 | static unsigned char end[4]={0x80,0x00,0x00,0x00}; | 295 | #ifndef MD32_XARRAY |
| 471 | unsigned char *cp=end; | 296 | /* See comment in crypto/sha/sha_locl.h for details. */ |
| 472 | 297 | unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | |
| 473 | /* c->num should definitly have room for at least one more byte. */ | 298 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; |
| 474 | p=c->data; | 299 | # define X(i) XX##i |
| 475 | j=c->num; | 300 | #else |
| 476 | i=j>>2; | 301 | RIPEMD160_LONG XX[16]; |
| 477 | 302 | # define X(i) XX[i] | |
| 478 | /* purify often complains about the following line as an | ||
| 479 | * Uninitialized Memory Read. While this can be true, the | ||
| 480 | * following p_c2l macro will reset l when that case is true. | ||
| 481 | * This is because j&0x03 contains the number of 'valid' bytes | ||
| 482 | * already in p[i]. If and only if j&0x03 == 0, the UMR will | ||
| 483 | * occur but this is also the only time p_c2l will do | ||
| 484 | * l= *(cp++) instead of l|= *(cp++) | ||
| 485 | * Many thanks to Alex Tang <altitude@cic.net> for pickup this | ||
| 486 | * 'potential bug' */ | ||
| 487 | #ifdef PURIFY | ||
| 488 | if ((j&0x03) == 0) p[i]=0; | ||
| 489 | #endif | 303 | #endif |
| 490 | l=p[i]; | 304 | |
| 491 | p_c2l(cp,l,j&0x03); | 305 | for (;num--;) |
| 492 | p[i]=l; | ||
| 493 | i++; | ||
| 494 | /* i is the next 'undefined word' */ | ||
| 495 | if (c->num >= RIPEMD160_LAST_BLOCK) | ||
| 496 | { | 306 | { |
| 497 | for (; i<RIPEMD160_LBLOCK; i++) | ||
| 498 | p[i]=0; | ||
| 499 | ripemd160_block(c,p,64); | ||
| 500 | i=0; | ||
| 501 | } | ||
| 502 | for (; i<(RIPEMD160_LBLOCK-2); i++) | ||
| 503 | p[i]=0; | ||
| 504 | p[RIPEMD160_LBLOCK-2]=c->Nl; | ||
| 505 | p[RIPEMD160_LBLOCK-1]=c->Nh; | ||
| 506 | ripemd160_block(c,p,64); | ||
| 507 | cp=md; | ||
| 508 | l=c->A; l2c(l,cp); | ||
| 509 | l=c->B; l2c(l,cp); | ||
| 510 | l=c->C; l2c(l,cp); | ||
| 511 | l=c->D; l2c(l,cp); | ||
| 512 | l=c->E; l2c(l,cp); | ||
| 513 | |||
| 514 | /* clear stuff, ripemd160_block may be leaving some stuff on the stack | ||
| 515 | * but I'm not worried :-) */ | ||
| 516 | c->num=0; | ||
| 517 | /* memset((char *)&c,0,sizeof(c));*/ | ||
| 518 | } | ||
| 519 | 307 | ||
| 520 | #ifdef undef | 308 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; |
| 521 | int printit(l) | 309 | |
| 522 | unsigned long *l; | 310 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; |
| 523 | { | 311 | RIP1(A,B,C,D,E,WL00,SL00); HOST_c2l(data,l); X( 2)=l; |
| 524 | int i,ii; | 312 | RIP1(E,A,B,C,D,WL01,SL01); HOST_c2l(data,l); X( 3)=l; |
| 313 | RIP1(D,E,A,B,C,WL02,SL02); HOST_c2l(data,l); X( 4)=l; | ||
| 314 | RIP1(C,D,E,A,B,WL03,SL03); HOST_c2l(data,l); X( 5)=l; | ||
| 315 | RIP1(B,C,D,E,A,WL04,SL04); HOST_c2l(data,l); X( 6)=l; | ||
| 316 | RIP1(A,B,C,D,E,WL05,SL05); HOST_c2l(data,l); X( 7)=l; | ||
| 317 | RIP1(E,A,B,C,D,WL06,SL06); HOST_c2l(data,l); X( 8)=l; | ||
| 318 | RIP1(D,E,A,B,C,WL07,SL07); HOST_c2l(data,l); X( 9)=l; | ||
| 319 | RIP1(C,D,E,A,B,WL08,SL08); HOST_c2l(data,l); X(10)=l; | ||
| 320 | RIP1(B,C,D,E,A,WL09,SL09); HOST_c2l(data,l); X(11)=l; | ||
| 321 | RIP1(A,B,C,D,E,WL10,SL10); HOST_c2l(data,l); X(12)=l; | ||
| 322 | RIP1(E,A,B,C,D,WL11,SL11); HOST_c2l(data,l); X(13)=l; | ||
| 323 | RIP1(D,E,A,B,C,WL12,SL12); HOST_c2l(data,l); X(14)=l; | ||
| 324 | RIP1(C,D,E,A,B,WL13,SL13); HOST_c2l(data,l); X(15)=l; | ||
| 325 | RIP1(B,C,D,E,A,WL14,SL14); | ||
| 326 | RIP1(A,B,C,D,E,WL15,SL15); | ||
| 327 | |||
| 328 | RIP2(E,A,B,C,D,WL16,SL16,KL1); | ||
| 329 | RIP2(D,E,A,B,C,WL17,SL17,KL1); | ||
| 330 | RIP2(C,D,E,A,B,WL18,SL18,KL1); | ||
| 331 | RIP2(B,C,D,E,A,WL19,SL19,KL1); | ||
| 332 | RIP2(A,B,C,D,E,WL20,SL20,KL1); | ||
| 333 | RIP2(E,A,B,C,D,WL21,SL21,KL1); | ||
| 334 | RIP2(D,E,A,B,C,WL22,SL22,KL1); | ||
| 335 | RIP2(C,D,E,A,B,WL23,SL23,KL1); | ||
| 336 | RIP2(B,C,D,E,A,WL24,SL24,KL1); | ||
| 337 | RIP2(A,B,C,D,E,WL25,SL25,KL1); | ||
| 338 | RIP2(E,A,B,C,D,WL26,SL26,KL1); | ||
| 339 | RIP2(D,E,A,B,C,WL27,SL27,KL1); | ||
| 340 | RIP2(C,D,E,A,B,WL28,SL28,KL1); | ||
| 341 | RIP2(B,C,D,E,A,WL29,SL29,KL1); | ||
| 342 | RIP2(A,B,C,D,E,WL30,SL30,KL1); | ||
| 343 | RIP2(E,A,B,C,D,WL31,SL31,KL1); | ||
| 344 | |||
| 345 | RIP3(D,E,A,B,C,WL32,SL32,KL2); | ||
| 346 | RIP3(C,D,E,A,B,WL33,SL33,KL2); | ||
| 347 | RIP3(B,C,D,E,A,WL34,SL34,KL2); | ||
| 348 | RIP3(A,B,C,D,E,WL35,SL35,KL2); | ||
| 349 | RIP3(E,A,B,C,D,WL36,SL36,KL2); | ||
| 350 | RIP3(D,E,A,B,C,WL37,SL37,KL2); | ||
| 351 | RIP3(C,D,E,A,B,WL38,SL38,KL2); | ||
| 352 | RIP3(B,C,D,E,A,WL39,SL39,KL2); | ||
| 353 | RIP3(A,B,C,D,E,WL40,SL40,KL2); | ||
| 354 | RIP3(E,A,B,C,D,WL41,SL41,KL2); | ||
| 355 | RIP3(D,E,A,B,C,WL42,SL42,KL2); | ||
| 356 | RIP3(C,D,E,A,B,WL43,SL43,KL2); | ||
| 357 | RIP3(B,C,D,E,A,WL44,SL44,KL2); | ||
| 358 | RIP3(A,B,C,D,E,WL45,SL45,KL2); | ||
| 359 | RIP3(E,A,B,C,D,WL46,SL46,KL2); | ||
| 360 | RIP3(D,E,A,B,C,WL47,SL47,KL2); | ||
| 361 | |||
| 362 | RIP4(C,D,E,A,B,WL48,SL48,KL3); | ||
| 363 | RIP4(B,C,D,E,A,WL49,SL49,KL3); | ||
| 364 | RIP4(A,B,C,D,E,WL50,SL50,KL3); | ||
| 365 | RIP4(E,A,B,C,D,WL51,SL51,KL3); | ||
| 366 | RIP4(D,E,A,B,C,WL52,SL52,KL3); | ||
| 367 | RIP4(C,D,E,A,B,WL53,SL53,KL3); | ||
| 368 | RIP4(B,C,D,E,A,WL54,SL54,KL3); | ||
| 369 | RIP4(A,B,C,D,E,WL55,SL55,KL3); | ||
| 370 | RIP4(E,A,B,C,D,WL56,SL56,KL3); | ||
| 371 | RIP4(D,E,A,B,C,WL57,SL57,KL3); | ||
| 372 | RIP4(C,D,E,A,B,WL58,SL58,KL3); | ||
| 373 | RIP4(B,C,D,E,A,WL59,SL59,KL3); | ||
| 374 | RIP4(A,B,C,D,E,WL60,SL60,KL3); | ||
| 375 | RIP4(E,A,B,C,D,WL61,SL61,KL3); | ||
| 376 | RIP4(D,E,A,B,C,WL62,SL62,KL3); | ||
| 377 | RIP4(C,D,E,A,B,WL63,SL63,KL3); | ||
| 378 | |||
| 379 | RIP5(B,C,D,E,A,WL64,SL64,KL4); | ||
| 380 | RIP5(A,B,C,D,E,WL65,SL65,KL4); | ||
| 381 | RIP5(E,A,B,C,D,WL66,SL66,KL4); | ||
| 382 | RIP5(D,E,A,B,C,WL67,SL67,KL4); | ||
| 383 | RIP5(C,D,E,A,B,WL68,SL68,KL4); | ||
| 384 | RIP5(B,C,D,E,A,WL69,SL69,KL4); | ||
| 385 | RIP5(A,B,C,D,E,WL70,SL70,KL4); | ||
| 386 | RIP5(E,A,B,C,D,WL71,SL71,KL4); | ||
| 387 | RIP5(D,E,A,B,C,WL72,SL72,KL4); | ||
| 388 | RIP5(C,D,E,A,B,WL73,SL73,KL4); | ||
| 389 | RIP5(B,C,D,E,A,WL74,SL74,KL4); | ||
| 390 | RIP5(A,B,C,D,E,WL75,SL75,KL4); | ||
| 391 | RIP5(E,A,B,C,D,WL76,SL76,KL4); | ||
| 392 | RIP5(D,E,A,B,C,WL77,SL77,KL4); | ||
| 393 | RIP5(C,D,E,A,B,WL78,SL78,KL4); | ||
| 394 | RIP5(B,C,D,E,A,WL79,SL79,KL4); | ||
| 395 | |||
| 396 | a=A; b=B; c=C; d=D; e=E; | ||
| 397 | /* Do other half */ | ||
| 398 | A=ctx->A; B=ctx->B; C=ctx->C; D=ctx->D; E=ctx->E; | ||
| 399 | |||
| 400 | RIP5(A,B,C,D,E,WR00,SR00,KR0); | ||
| 401 | RIP5(E,A,B,C,D,WR01,SR01,KR0); | ||
| 402 | RIP5(D,E,A,B,C,WR02,SR02,KR0); | ||
| 403 | RIP5(C,D,E,A,B,WR03,SR03,KR0); | ||
| 404 | RIP5(B,C,D,E,A,WR04,SR04,KR0); | ||
| 405 | RIP5(A,B,C,D,E,WR05,SR05,KR0); | ||
| 406 | RIP5(E,A,B,C,D,WR06,SR06,KR0); | ||
| 407 | RIP5(D,E,A,B,C,WR07,SR07,KR0); | ||
| 408 | RIP5(C,D,E,A,B,WR08,SR08,KR0); | ||
| 409 | RIP5(B,C,D,E,A,WR09,SR09,KR0); | ||
| 410 | RIP5(A,B,C,D,E,WR10,SR10,KR0); | ||
| 411 | RIP5(E,A,B,C,D,WR11,SR11,KR0); | ||
| 412 | RIP5(D,E,A,B,C,WR12,SR12,KR0); | ||
| 413 | RIP5(C,D,E,A,B,WR13,SR13,KR0); | ||
| 414 | RIP5(B,C,D,E,A,WR14,SR14,KR0); | ||
| 415 | RIP5(A,B,C,D,E,WR15,SR15,KR0); | ||
| 416 | |||
| 417 | RIP4(E,A,B,C,D,WR16,SR16,KR1); | ||
| 418 | RIP4(D,E,A,B,C,WR17,SR17,KR1); | ||
| 419 | RIP4(C,D,E,A,B,WR18,SR18,KR1); | ||
| 420 | RIP4(B,C,D,E,A,WR19,SR19,KR1); | ||
| 421 | RIP4(A,B,C,D,E,WR20,SR20,KR1); | ||
| 422 | RIP4(E,A,B,C,D,WR21,SR21,KR1); | ||
| 423 | RIP4(D,E,A,B,C,WR22,SR22,KR1); | ||
| 424 | RIP4(C,D,E,A,B,WR23,SR23,KR1); | ||
| 425 | RIP4(B,C,D,E,A,WR24,SR24,KR1); | ||
| 426 | RIP4(A,B,C,D,E,WR25,SR25,KR1); | ||
| 427 | RIP4(E,A,B,C,D,WR26,SR26,KR1); | ||
| 428 | RIP4(D,E,A,B,C,WR27,SR27,KR1); | ||
| 429 | RIP4(C,D,E,A,B,WR28,SR28,KR1); | ||
| 430 | RIP4(B,C,D,E,A,WR29,SR29,KR1); | ||
| 431 | RIP4(A,B,C,D,E,WR30,SR30,KR1); | ||
| 432 | RIP4(E,A,B,C,D,WR31,SR31,KR1); | ||
| 433 | |||
| 434 | RIP3(D,E,A,B,C,WR32,SR32,KR2); | ||
| 435 | RIP3(C,D,E,A,B,WR33,SR33,KR2); | ||
| 436 | RIP3(B,C,D,E,A,WR34,SR34,KR2); | ||
| 437 | RIP3(A,B,C,D,E,WR35,SR35,KR2); | ||
| 438 | RIP3(E,A,B,C,D,WR36,SR36,KR2); | ||
| 439 | RIP3(D,E,A,B,C,WR37,SR37,KR2); | ||
| 440 | RIP3(C,D,E,A,B,WR38,SR38,KR2); | ||
| 441 | RIP3(B,C,D,E,A,WR39,SR39,KR2); | ||
| 442 | RIP3(A,B,C,D,E,WR40,SR40,KR2); | ||
| 443 | RIP3(E,A,B,C,D,WR41,SR41,KR2); | ||
| 444 | RIP3(D,E,A,B,C,WR42,SR42,KR2); | ||
| 445 | RIP3(C,D,E,A,B,WR43,SR43,KR2); | ||
| 446 | RIP3(B,C,D,E,A,WR44,SR44,KR2); | ||
| 447 | RIP3(A,B,C,D,E,WR45,SR45,KR2); | ||
| 448 | RIP3(E,A,B,C,D,WR46,SR46,KR2); | ||
| 449 | RIP3(D,E,A,B,C,WR47,SR47,KR2); | ||
| 450 | |||
| 451 | RIP2(C,D,E,A,B,WR48,SR48,KR3); | ||
| 452 | RIP2(B,C,D,E,A,WR49,SR49,KR3); | ||
| 453 | RIP2(A,B,C,D,E,WR50,SR50,KR3); | ||
| 454 | RIP2(E,A,B,C,D,WR51,SR51,KR3); | ||
| 455 | RIP2(D,E,A,B,C,WR52,SR52,KR3); | ||
| 456 | RIP2(C,D,E,A,B,WR53,SR53,KR3); | ||
| 457 | RIP2(B,C,D,E,A,WR54,SR54,KR3); | ||
| 458 | RIP2(A,B,C,D,E,WR55,SR55,KR3); | ||
| 459 | RIP2(E,A,B,C,D,WR56,SR56,KR3); | ||
| 460 | RIP2(D,E,A,B,C,WR57,SR57,KR3); | ||
| 461 | RIP2(C,D,E,A,B,WR58,SR58,KR3); | ||
| 462 | RIP2(B,C,D,E,A,WR59,SR59,KR3); | ||
| 463 | RIP2(A,B,C,D,E,WR60,SR60,KR3); | ||
| 464 | RIP2(E,A,B,C,D,WR61,SR61,KR3); | ||
| 465 | RIP2(D,E,A,B,C,WR62,SR62,KR3); | ||
| 466 | RIP2(C,D,E,A,B,WR63,SR63,KR3); | ||
| 467 | |||
| 468 | RIP1(B,C,D,E,A,WR64,SR64); | ||
| 469 | RIP1(A,B,C,D,E,WR65,SR65); | ||
| 470 | RIP1(E,A,B,C,D,WR66,SR66); | ||
| 471 | RIP1(D,E,A,B,C,WR67,SR67); | ||
| 472 | RIP1(C,D,E,A,B,WR68,SR68); | ||
| 473 | RIP1(B,C,D,E,A,WR69,SR69); | ||
| 474 | RIP1(A,B,C,D,E,WR70,SR70); | ||
| 475 | RIP1(E,A,B,C,D,WR71,SR71); | ||
| 476 | RIP1(D,E,A,B,C,WR72,SR72); | ||
| 477 | RIP1(C,D,E,A,B,WR73,SR73); | ||
| 478 | RIP1(B,C,D,E,A,WR74,SR74); | ||
| 479 | RIP1(A,B,C,D,E,WR75,SR75); | ||
| 480 | RIP1(E,A,B,C,D,WR76,SR76); | ||
| 481 | RIP1(D,E,A,B,C,WR77,SR77); | ||
| 482 | RIP1(C,D,E,A,B,WR78,SR78); | ||
| 483 | RIP1(B,C,D,E,A,WR79,SR79); | ||
| 484 | |||
| 485 | D =ctx->B+c+D; | ||
| 486 | ctx->B=ctx->C+d+E; | ||
| 487 | ctx->C=ctx->D+e+A; | ||
| 488 | ctx->D=ctx->E+a+B; | ||
| 489 | ctx->E=ctx->A+b+C; | ||
| 490 | ctx->A=D; | ||
| 525 | 491 | ||
| 526 | for (i=0; i<2; i++) | ||
| 527 | { | ||
| 528 | for (ii=0; ii<8; ii++) | ||
| 529 | { | ||
| 530 | fprintf(stderr,"%08lx ",l[i*8+ii]); | ||
| 531 | } | ||
| 532 | fprintf(stderr,"\n"); | ||
| 533 | } | 492 | } |
| 534 | } | 493 | } |
| 535 | #endif | 494 | #endif |
diff --git a/src/lib/libcrypto/ripemd/rmd_locl.h b/src/lib/libcrypto/ripemd/rmd_locl.h index a1feccf7c1..7b835dfbd4 100644 --- a/src/lib/libcrypto/ripemd/rmd_locl.h +++ b/src/lib/libcrypto/ripemd/rmd_locl.h | |||
| @@ -58,138 +58,72 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "ripemd.h" | 61 | #include <openssl/opensslconf.h> |
| 62 | #include <openssl/ripemd.h> | ||
| 62 | 63 | ||
| 63 | #define ULONG unsigned long | 64 | #ifndef RIPEMD160_LONG_LOG2 |
| 64 | #define UCHAR unsigned char | 65 | #define RIPEMD160_LONG_LOG2 2 /* default to 32 bits */ |
| 65 | #define UINT unsigned int | 66 | #endif |
| 66 | 67 | ||
| 67 | #ifdef NOCONST | 68 | /* |
| 68 | #define const | 69 | * DO EXAMINE COMMENTS IN crypto/md5/md5_locl.h & crypto/md5/md5_dgst.c |
| 70 | * FOR EXPLANATIONS ON FOLLOWING "CODE." | ||
| 71 | * <appro@fy.chalmers.se> | ||
| 72 | */ | ||
| 73 | #ifdef RMD160_ASM | ||
| 74 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | ||
| 75 | # define ripemd160_block_host_order ripemd160_block_asm_host_order | ||
| 76 | # endif | ||
| 69 | #endif | 77 | #endif |
| 70 | 78 | ||
| 71 | #undef c2nl | 79 | void ripemd160_block_host_order (RIPEMD160_CTX *c, const void *p,int num); |
| 72 | #define c2nl(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ | 80 | void ripemd160_block_data_order (RIPEMD160_CTX *c, const void *p,int num); |
| 73 | l|=(((unsigned long)(*((c)++)))<<16), \ | 81 | |
| 74 | l|=(((unsigned long)(*((c)++)))<< 8), \ | 82 | #if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) |
| 75 | l|=(((unsigned long)(*((c)++))) )) | 83 | #define ripemd160_block_data_order ripemd160_block_host_order |
| 76 | |||
| 77 | #undef p_c2nl | ||
| 78 | #define p_c2nl(c,l,n) { \ | ||
| 79 | switch (n) { \ | ||
| 80 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 81 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 82 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 83 | case 3: l|=((unsigned long)(*((c)++))); \ | ||
| 84 | } \ | ||
| 85 | } | ||
| 86 | |||
| 87 | #undef c2nl_p | ||
| 88 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 89 | #define c2nl_p(c,l,n) { \ | ||
| 90 | l=0; \ | ||
| 91 | (c)+=n; \ | ||
| 92 | switch (n) { \ | ||
| 93 | case 3: l =((unsigned long)(*(--(c))))<< 8; \ | ||
| 94 | case 2: l|=((unsigned long)(*(--(c))))<<16; \ | ||
| 95 | case 1: l|=((unsigned long)(*(--(c))))<<24; \ | ||
| 96 | } \ | ||
| 97 | } | ||
| 98 | |||
| 99 | #undef p_c2nl_p | ||
| 100 | #define p_c2nl_p(c,l,sc,len) { \ | ||
| 101 | switch (sc) \ | ||
| 102 | { \ | ||
| 103 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 104 | if (--len == 0) break; \ | ||
| 105 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 106 | if (--len == 0) break; \ | ||
| 107 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 108 | } \ | ||
| 109 | } | ||
| 110 | |||
| 111 | #undef nl2c | ||
| 112 | #define nl2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 113 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 114 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 115 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 116 | |||
| 117 | #undef c2l | ||
| 118 | #define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ | ||
| 119 | l|=(((unsigned long)(*((c)++)))<< 8), \ | ||
| 120 | l|=(((unsigned long)(*((c)++)))<<16), \ | ||
| 121 | l|=(((unsigned long)(*((c)++)))<<24)) | ||
| 122 | |||
| 123 | #undef p_c2l | ||
| 124 | #define p_c2l(c,l,n) { \ | ||
| 125 | switch (n) { \ | ||
| 126 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 127 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 128 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 129 | case 3: l|=((unsigned long)(*((c)++)))<<24; \ | ||
| 130 | } \ | ||
| 131 | } | ||
| 132 | |||
| 133 | #undef c2l_p | ||
| 134 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 135 | #define c2l_p(c,l,n) { \ | ||
| 136 | l=0; \ | ||
| 137 | (c)+=n; \ | ||
| 138 | switch (n) { \ | ||
| 139 | case 3: l =((unsigned long)(*(--(c))))<<16; \ | ||
| 140 | case 2: l|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 141 | case 1: l|=((unsigned long)(*(--(c)))); \ | ||
| 142 | } \ | ||
| 143 | } | ||
| 144 | |||
| 145 | #undef p_c2l_p | ||
| 146 | #define p_c2l_p(c,l,sc,len) { \ | ||
| 147 | switch (sc) \ | ||
| 148 | { \ | ||
| 149 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 150 | if (--len == 0) break; \ | ||
| 151 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 152 | if (--len == 0) break; \ | ||
| 153 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 154 | } \ | ||
| 155 | } | ||
| 156 | |||
| 157 | #undef l2c | ||
| 158 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
| 159 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 160 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 161 | *((c)++)=(unsigned char)(((l)>>24)&0xff)) | ||
| 162 | |||
| 163 | #undef ROTATE | ||
| 164 | #if defined(WIN32) | ||
| 165 | #define ROTATE(a,n) _lrotl(a,n) | ||
| 166 | #else | ||
| 167 | #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) | ||
| 168 | #endif | 84 | #endif |
| 169 | 85 | ||
| 170 | /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */ | 86 | #define DATA_ORDER_IS_LITTLE_ENDIAN |
| 171 | #if defined(WIN32) | 87 | |
| 172 | /* 5 instructions with rotate instruction, else 9 */ | 88 | #define HASH_LONG RIPEMD160_LONG |
| 173 | #define Endian_Reverse32(a) \ | 89 | #define HASH_LONG_LOG2 RIPEMD160_LONG_LOG2 |
| 174 | { \ | 90 | #define HASH_CTX RIPEMD160_CTX |
| 175 | unsigned long l=(a); \ | 91 | #define HASH_CBLOCK RIPEMD160_CBLOCK |
| 176 | (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ | 92 | #define HASH_LBLOCK RIPEMD160_LBLOCK |
| 177 | } | 93 | #define HASH_UPDATE RIPEMD160_Update |
| 178 | #else | 94 | #define HASH_TRANSFORM RIPEMD160_Transform |
| 179 | /* 6 instructions with rotate instruction, else 8 */ | 95 | #define HASH_FINAL RIPEMD160_Final |
| 180 | #define Endian_Reverse32(a) \ | 96 | #define HASH_BLOCK_HOST_ORDER ripemd160_block_host_order |
| 181 | { \ | 97 | #define HASH_MAKE_STRING(c,s) do { \ |
| 182 | unsigned long l=(a); \ | 98 | unsigned long ll; \ |
| 183 | l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ | 99 | ll=(c)->A; HOST_l2c(ll,(s)); \ |
| 184 | (a)=ROTATE(l,16L); \ | 100 | ll=(c)->B; HOST_l2c(ll,(s)); \ |
| 185 | } | 101 | ll=(c)->C; HOST_l2c(ll,(s)); \ |
| 102 | ll=(c)->D; HOST_l2c(ll,(s)); \ | ||
| 103 | ll=(c)->E; HOST_l2c(ll,(s)); \ | ||
| 104 | } while (0) | ||
| 105 | #if !defined(L_ENDIAN) || defined(ripemd160_block_data_order) | ||
| 106 | #define HASH_BLOCK_DATA_ORDER ripemd160_block_data_order | ||
| 186 | #endif | 107 | #endif |
| 187 | 108 | ||
| 109 | #include "md32_common.h" | ||
| 110 | |||
| 111 | #if 0 | ||
| 188 | #define F1(x,y,z) ((x)^(y)^(z)) | 112 | #define F1(x,y,z) ((x)^(y)^(z)) |
| 189 | #define F2(x,y,z) (((x)&(y))|((~x)&z)) | 113 | #define F2(x,y,z) (((x)&(y))|((~x)&z)) |
| 190 | #define F3(x,y,z) (((x)|(~y))^(z)) | 114 | #define F3(x,y,z) (((x)|(~y))^(z)) |
| 191 | #define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) | 115 | #define F4(x,y,z) (((x)&(z))|((y)&(~(z)))) |
| 192 | #define F5(x,y,z) ((x)^((y)|(~(z)))) | 116 | #define F5(x,y,z) ((x)^((y)|(~(z)))) |
| 117 | #else | ||
| 118 | /* | ||
| 119 | * Transformed F2 and F4 are courtesy of Wei Dai <weidai@eskimo.com> | ||
| 120 | */ | ||
| 121 | #define F1(x,y,z) ((x) ^ (y) ^ (z)) | ||
| 122 | #define F2(x,y,z) ((((y) ^ (z)) & (x)) ^ (z)) | ||
| 123 | #define F3(x,y,z) (((~(y)) | (x)) ^ (z)) | ||
| 124 | #define F4(x,y,z) ((((x) ^ (y)) & (z)) ^ (y)) | ||
| 125 | #define F5(x,y,z) (((~(z)) | (y)) ^ (x)) | ||
| 126 | #endif | ||
| 193 | 127 | ||
| 194 | #define RIPEMD160_A 0x67452301L | 128 | #define RIPEMD160_A 0x67452301L |
| 195 | #define RIPEMD160_B 0xEFCDAB89L | 129 | #define RIPEMD160_B 0xEFCDAB89L |
| @@ -200,27 +134,27 @@ | |||
| 200 | #include "rmdconst.h" | 134 | #include "rmdconst.h" |
| 201 | 135 | ||
| 202 | #define RIP1(a,b,c,d,e,w,s) { \ | 136 | #define RIP1(a,b,c,d,e,w,s) { \ |
| 203 | a+=F1(b,c,d)+X[w]; \ | 137 | a+=F1(b,c,d)+X(w); \ |
| 204 | a=ROTATE(a,s)+e; \ | 138 | a=ROTATE(a,s)+e; \ |
| 205 | c=ROTATE(c,10); } | 139 | c=ROTATE(c,10); } |
| 206 | 140 | ||
| 207 | #define RIP2(a,b,c,d,e,w,s,K) { \ | 141 | #define RIP2(a,b,c,d,e,w,s,K) { \ |
| 208 | a+=F2(b,c,d)+X[w]+K; \ | 142 | a+=F2(b,c,d)+X(w)+K; \ |
| 209 | a=ROTATE(a,s)+e; \ | 143 | a=ROTATE(a,s)+e; \ |
| 210 | c=ROTATE(c,10); } | 144 | c=ROTATE(c,10); } |
| 211 | 145 | ||
| 212 | #define RIP3(a,b,c,d,e,w,s,K) { \ | 146 | #define RIP3(a,b,c,d,e,w,s,K) { \ |
| 213 | a+=F3(b,c,d)+X[w]+K; \ | 147 | a+=F3(b,c,d)+X(w)+K; \ |
| 214 | a=ROTATE(a,s)+e; \ | 148 | a=ROTATE(a,s)+e; \ |
| 215 | c=ROTATE(c,10); } | 149 | c=ROTATE(c,10); } |
| 216 | 150 | ||
| 217 | #define RIP4(a,b,c,d,e,w,s,K) { \ | 151 | #define RIP4(a,b,c,d,e,w,s,K) { \ |
| 218 | a+=F4(b,c,d)+X[w]+K; \ | 152 | a+=F4(b,c,d)+X(w)+K; \ |
| 219 | a=ROTATE(a,s)+e; \ | 153 | a=ROTATE(a,s)+e; \ |
| 220 | c=ROTATE(c,10); } | 154 | c=ROTATE(c,10); } |
| 221 | 155 | ||
| 222 | #define RIP5(a,b,c,d,e,w,s,K) { \ | 156 | #define RIP5(a,b,c,d,e,w,s,K) { \ |
| 223 | a+=F5(b,c,d)+X[w]+K; \ | 157 | a+=F5(b,c,d)+X(w)+K; \ |
| 224 | a=ROTATE(a,s)+e; \ | 158 | a=ROTATE(a,s)+e; \ |
| 225 | c=ROTATE(c,10); } | 159 | c=ROTATE(c,10); } |
| 226 | 160 | ||
diff --git a/src/lib/libcrypto/ripemd/rmd_one.c b/src/lib/libcrypto/ripemd/rmd_one.c index a7626dbcda..efdf2dd6ef 100644 --- a/src/lib/libcrypto/ripemd/rmd_one.c +++ b/src/lib/libcrypto/ripemd/rmd_one.c | |||
| @@ -57,12 +57,11 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "rmd_locl.h" | 60 | #include <string.h> |
| 61 | #include <openssl/ripemd.h> | ||
| 61 | 62 | ||
| 62 | unsigned char *RIPEMD160(d, n, md) | 63 | unsigned char *RIPEMD160(const unsigned char *d, unsigned long n, |
| 63 | unsigned char *d; | 64 | unsigned char *md) |
| 64 | unsigned long n; | ||
| 65 | unsigned char *md; | ||
| 66 | { | 65 | { |
| 67 | RIPEMD160_CTX c; | 66 | RIPEMD160_CTX c; |
| 68 | static unsigned char m[RIPEMD160_DIGEST_LENGTH]; | 67 | static unsigned char m[RIPEMD160_DIGEST_LENGTH]; |
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index aeb78ffcd3..030a6c88e5 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h | |||
| @@ -59,36 +59,73 @@ | |||
| 59 | #ifndef HEADER_RSA_H | 59 | #ifndef HEADER_RSA_H |
| 60 | #define HEADER_RSA_H | 60 | #define HEADER_RSA_H |
| 61 | 61 | ||
| 62 | #include <openssl/asn1.h> | ||
| 63 | |||
| 64 | #ifndef OPENSSL_NO_BIO | ||
| 65 | #include <openssl/bio.h> | ||
| 66 | #endif | ||
| 67 | #include <openssl/bn.h> | ||
| 68 | #include <openssl/crypto.h> | ||
| 69 | #include <openssl/ossl_typ.h> | ||
| 70 | |||
| 71 | #ifdef OPENSSL_NO_RSA | ||
| 72 | #error RSA is disabled. | ||
| 73 | #endif | ||
| 74 | |||
| 62 | #ifdef __cplusplus | 75 | #ifdef __cplusplus |
| 63 | extern "C" { | 76 | extern "C" { |
| 64 | #endif | 77 | #endif |
| 65 | 78 | ||
| 66 | #include "bn.h" | 79 | typedef struct rsa_st RSA; |
| 67 | #include "crypto.h" | ||
| 68 | 80 | ||
| 69 | typedef struct rsa_meth_st | 81 | typedef struct rsa_meth_st |
| 70 | { | 82 | { |
| 71 | char *name; | 83 | const char *name; |
| 72 | int (*rsa_pub_enc)(); | 84 | int (*rsa_pub_enc)(int flen,const unsigned char *from, |
| 73 | int (*rsa_pub_dec)(); | 85 | unsigned char *to, |
| 74 | int (*rsa_priv_enc)(); | 86 | RSA *rsa,int padding); |
| 75 | int (*rsa_priv_dec)(); | 87 | int (*rsa_pub_dec)(int flen,const unsigned char *from, |
| 76 | int (*rsa_mod_exp)(); /* Can be null */ | 88 | unsigned char *to, |
| 77 | int (*bn_mod_exp)(); /* Can be null */ | 89 | RSA *rsa,int padding); |
| 78 | int (*init)(/* RSA * */); /* called at new */ | 90 | int (*rsa_priv_enc)(int flen,const unsigned char *from, |
| 79 | int (*finish)(/* RSA * */); /* called at free */ | 91 | unsigned char *to, |
| 80 | 92 | RSA *rsa,int padding); | |
| 93 | int (*rsa_priv_dec)(int flen,const unsigned char *from, | ||
| 94 | unsigned char *to, | ||
| 95 | RSA *rsa,int padding); | ||
| 96 | int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */ | ||
| 97 | int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | ||
| 98 | const BIGNUM *m, BN_CTX *ctx, | ||
| 99 | BN_MONT_CTX *m_ctx); /* Can be null */ | ||
| 100 | int (*init)(RSA *rsa); /* called at new */ | ||
| 101 | int (*finish)(RSA *rsa); /* called at free */ | ||
| 81 | int flags; /* RSA_METHOD_FLAG_* things */ | 102 | int flags; /* RSA_METHOD_FLAG_* things */ |
| 82 | char *app_data; /* may be needed! */ | 103 | char *app_data; /* may be needed! */ |
| 104 | /* New sign and verify functions: some libraries don't allow arbitrary data | ||
| 105 | * to be signed/verified: this allows them to be used. Note: for this to work | ||
| 106 | * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used | ||
| 107 | * RSA_sign(), RSA_verify() should be used instead. Note: for backwards | ||
| 108 | * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER | ||
| 109 | * option is set in 'flags'. | ||
| 110 | */ | ||
| 111 | int (*rsa_sign)(int type, | ||
| 112 | const unsigned char *m, unsigned int m_length, | ||
| 113 | unsigned char *sigret, unsigned int *siglen, const RSA *rsa); | ||
| 114 | int (*rsa_verify)(int dtype, | ||
| 115 | const unsigned char *m, unsigned int m_length, | ||
| 116 | unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); | ||
| 117 | |||
| 83 | } RSA_METHOD; | 118 | } RSA_METHOD; |
| 84 | 119 | ||
| 85 | typedef struct rsa_st | 120 | struct rsa_st |
| 86 | { | 121 | { |
| 87 | /* The first parameter is used to pickup errors where | 122 | /* The first parameter is used to pickup errors where |
| 88 | * this is passed instead of aEVP_PKEY, it is set to 0 */ | 123 | * this is passed instead of aEVP_PKEY, it is set to 0 */ |
| 89 | int pad; | 124 | int pad; |
| 90 | int version; | 125 | long version; |
| 91 | RSA_METHOD *meth; | 126 | const RSA_METHOD *meth; |
| 127 | /* functional reference if 'meth' is ENGINE-provided */ | ||
| 128 | ENGINE *engine; | ||
| 92 | BIGNUM *n; | 129 | BIGNUM *n; |
| 93 | BIGNUM *e; | 130 | BIGNUM *e; |
| 94 | BIGNUM *d; | 131 | BIGNUM *d; |
| @@ -97,203 +134,182 @@ typedef struct rsa_st | |||
| 97 | BIGNUM *dmp1; | 134 | BIGNUM *dmp1; |
| 98 | BIGNUM *dmq1; | 135 | BIGNUM *dmq1; |
| 99 | BIGNUM *iqmp; | 136 | BIGNUM *iqmp; |
| 100 | /* be carefull using this if the RSA structure is shared */ | 137 | /* be careful using this if the RSA structure is shared */ |
| 101 | CRYPTO_EX_DATA ex_data; | 138 | CRYPTO_EX_DATA ex_data; |
| 102 | int references; | 139 | int references; |
| 103 | int flags; | 140 | int flags; |
| 104 | 141 | ||
| 105 | /* Normally used to cached montgomery values */ | 142 | /* Used to cache montgomery values */ |
| 106 | char *method_mod_n; | 143 | BN_MONT_CTX *_method_mod_n; |
| 107 | char *method_mod_p; | 144 | BN_MONT_CTX *_method_mod_p; |
| 108 | char *method_mod_q; | 145 | BN_MONT_CTX *_method_mod_q; |
| 109 | 146 | ||
| 147 | /* all BIGNUM values are actually in the following data, if it is not | ||
| 148 | * NULL */ | ||
| 149 | char *bignum_data; | ||
| 110 | BN_BLINDING *blinding; | 150 | BN_BLINDING *blinding; |
| 111 | } RSA; | 151 | }; |
| 112 | 152 | ||
| 113 | #define RSA_3 0x3L | 153 | #define RSA_3 0x3L |
| 114 | #define RSA_F4 0x10001L | 154 | #define RSA_F4 0x10001L |
| 115 | 155 | ||
| 116 | #define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ | 156 | #define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ |
| 157 | |||
| 117 | #define RSA_FLAG_CACHE_PUBLIC 0x02 | 158 | #define RSA_FLAG_CACHE_PUBLIC 0x02 |
| 118 | #define RSA_FLAG_CACHE_PRIVATE 0x04 | 159 | #define RSA_FLAG_CACHE_PRIVATE 0x04 |
| 119 | #define RSA_FLAG_BLINDING 0x08 | 160 | #define RSA_FLAG_BLINDING 0x08 |
| 120 | #define RSA_FLAG_THREAD_SAFE 0x10 | 161 | #define RSA_FLAG_THREAD_SAFE 0x10 |
| 162 | /* This flag means the private key operations will be handled by rsa_mod_exp | ||
| 163 | * and that they do not depend on the private key components being present: | ||
| 164 | * for example a key stored in external hardware. Without this flag bn_mod_exp | ||
| 165 | * gets called when private key components are absent. | ||
| 166 | */ | ||
| 167 | #define RSA_FLAG_EXT_PKEY 0x20 | ||
| 168 | |||
| 169 | /* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions. | ||
| 170 | */ | ||
| 171 | #define RSA_FLAG_SIGN_VER 0x40 | ||
| 121 | 172 | ||
| 122 | #define RSA_PKCS1_PADDING 1 | 173 | #define RSA_PKCS1_PADDING 1 |
| 123 | #define RSA_SSLV23_PADDING 2 | 174 | #define RSA_SSLV23_PADDING 2 |
| 124 | #define RSA_NO_PADDING 3 | 175 | #define RSA_NO_PADDING 3 |
| 176 | #define RSA_PKCS1_OAEP_PADDING 4 | ||
| 125 | 177 | ||
| 126 | #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) | 178 | #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg) |
| 127 | #define RSA_get_app_data(s) RSA_get_ex_data(s,0) | 179 | #define RSA_get_app_data(s) RSA_get_ex_data(s,0) |
| 128 | 180 | ||
| 129 | #ifndef NOPROTO | ||
| 130 | RSA * RSA_new(void); | 181 | RSA * RSA_new(void); |
| 131 | RSA * RSA_new_method(RSA_METHOD *method); | 182 | RSA * RSA_new_method(ENGINE *engine); |
| 132 | int RSA_size(RSA *); | 183 | int RSA_size(const RSA *); |
| 133 | RSA * RSA_generate_key(int bits, unsigned long e,void | 184 | RSA * RSA_generate_key(int bits, unsigned long e,void |
| 134 | (*callback)(int,int,char *),char *cb_arg); | 185 | (*callback)(int,int,void *),void *cb_arg); |
| 186 | int RSA_check_key(const RSA *); | ||
| 135 | /* next 4 return -1 on error */ | 187 | /* next 4 return -1 on error */ |
| 136 | int RSA_public_encrypt(int flen, unsigned char *from, | 188 | int RSA_public_encrypt(int flen, const unsigned char *from, |
| 137 | unsigned char *to, RSA *rsa,int padding); | 189 | unsigned char *to, RSA *rsa,int padding); |
| 138 | int RSA_private_encrypt(int flen, unsigned char *from, | 190 | int RSA_private_encrypt(int flen, const unsigned char *from, |
| 139 | unsigned char *to, RSA *rsa,int padding); | 191 | unsigned char *to, RSA *rsa,int padding); |
| 140 | int RSA_public_decrypt(int flen, unsigned char *from, | 192 | int RSA_public_decrypt(int flen, const unsigned char *from, |
| 141 | unsigned char *to, RSA *rsa,int padding); | 193 | unsigned char *to, RSA *rsa,int padding); |
| 142 | int RSA_private_decrypt(int flen, unsigned char *from, | 194 | int RSA_private_decrypt(int flen, const unsigned char *from, |
| 143 | unsigned char *to, RSA *rsa,int padding); | 195 | unsigned char *to, RSA *rsa,int padding); |
| 144 | void RSA_free (RSA *r); | 196 | void RSA_free (RSA *r); |
| 197 | /* "up" the RSA object's reference count */ | ||
| 198 | int RSA_up_ref(RSA *r); | ||
| 145 | 199 | ||
| 146 | int RSA_flags(RSA *r); | 200 | int RSA_flags(const RSA *r); |
| 147 | 201 | ||
| 148 | void RSA_set_default_method(RSA_METHOD *meth); | 202 | void RSA_set_default_method(const RSA_METHOD *meth); |
| 203 | const RSA_METHOD *RSA_get_default_method(void); | ||
| 204 | const RSA_METHOD *RSA_get_method(const RSA *rsa); | ||
| 205 | int RSA_set_method(RSA *rsa, const RSA_METHOD *meth); | ||
| 149 | 206 | ||
| 150 | /* If you have RSAref compiled in. */ | 207 | /* This function needs the memory locking malloc callbacks to be installed */ |
| 151 | RSA_METHOD *RSA_PKCS1_RSAref(void); | 208 | int RSA_memory_lock(RSA *r); |
| 152 | 209 | ||
| 153 | /* these are the actual SSLeay RSA functions */ | 210 | /* these are the actual SSLeay RSA functions */ |
| 154 | RSA_METHOD *RSA_PKCS1_SSLeay(void); | 211 | const RSA_METHOD *RSA_PKCS1_SSLeay(void); |
| 212 | |||
| 213 | const RSA_METHOD *RSA_null_method(void); | ||
| 155 | 214 | ||
| 156 | void ERR_load_RSA_strings(void ); | 215 | DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) |
| 216 | DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) | ||
| 157 | 217 | ||
| 158 | RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); | 218 | #ifndef OPENSSL_NO_FP_API |
| 159 | int i2d_RSAPublicKey(RSA *a, unsigned char **pp); | 219 | int RSA_print_fp(FILE *fp, const RSA *r,int offset); |
| 160 | RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); | ||
| 161 | int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); | ||
| 162 | #ifndef NO_FP_API | ||
| 163 | int RSA_print_fp(FILE *fp, RSA *r,int offset); | ||
| 164 | #endif | 220 | #endif |
| 165 | 221 | ||
| 166 | #ifdef HEADER_BIO_H | 222 | #ifndef OPENSSL_NO_BIO |
| 167 | int RSA_print(BIO *bp, RSA *r,int offset); | 223 | int RSA_print(BIO *bp, const RSA *r,int offset); |
| 168 | #endif | 224 | #endif |
| 169 | 225 | ||
| 170 | int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); | 226 | int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey); |
| 171 | RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); | 227 | RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey); |
| 172 | /* Naughty internal function required elsewhere, to handle a MS structure | 228 | |
| 173 | * that is the same as the netscape one :-) */ | 229 | int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)()); |
| 174 | RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); | 230 | RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)()); |
| 175 | 231 | ||
| 176 | /* The following 2 functions sign and verify a X509_SIG ASN1 object | 232 | /* The following 2 functions sign and verify a X509_SIG ASN1 object |
| 177 | * inside PKCS#1 padded RSA encryption */ | 233 | * inside PKCS#1 padded RSA encryption */ |
| 178 | int RSA_sign(int type, unsigned char *m, unsigned int m_len, | 234 | int RSA_sign(int type, const unsigned char *m, unsigned int m_length, |
| 179 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 235 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); |
| 180 | int RSA_verify(int type, unsigned char *m, unsigned int m_len, | 236 | int RSA_verify(int type, const unsigned char *m, unsigned int m_length, |
| 181 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 237 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); |
| 182 | 238 | ||
| 183 | /* The following 2 function sign and verify a ASN1_OCTET_STRING | 239 | /* The following 2 function sign and verify a ASN1_OCTET_STRING |
| 184 | * object inside PKCS#1 padded RSA encryption */ | 240 | * object inside PKCS#1 padded RSA encryption */ |
| 185 | int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, | 241 | int RSA_sign_ASN1_OCTET_STRING(int type, |
| 242 | const unsigned char *m, unsigned int m_length, | ||
| 186 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); | 243 | unsigned char *sigret, unsigned int *siglen, RSA *rsa); |
| 187 | int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, | 244 | int RSA_verify_ASN1_OCTET_STRING(int type, |
| 245 | const unsigned char *m, unsigned int m_length, | ||
| 188 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); | 246 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa); |
| 189 | 247 | ||
| 190 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); | 248 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); |
| 191 | void RSA_blinding_off(RSA *rsa); | 249 | void RSA_blinding_off(RSA *rsa); |
| 192 | 250 | ||
| 193 | int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, | 251 | int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, |
| 194 | unsigned char *f,int fl); | 252 | const unsigned char *f,int fl); |
| 195 | int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, | 253 | int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, |
| 196 | unsigned char *f,int fl); | 254 | const unsigned char *f,int fl,int rsa_len); |
| 197 | int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, | 255 | int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, |
| 198 | unsigned char *f,int fl); | 256 | const unsigned char *f,int fl); |
| 199 | int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, | 257 | int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, |
| 200 | unsigned char *f,int fl); | 258 | const unsigned char *f,int fl,int rsa_len); |
| 259 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, | ||
| 260 | const unsigned char *f,int fl, | ||
| 261 | const unsigned char *p,int pl); | ||
| 262 | int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, | ||
| 263 | const unsigned char *f,int fl,int rsa_len, | ||
| 264 | const unsigned char *p,int pl); | ||
| 201 | int RSA_padding_add_SSLv23(unsigned char *to,int tlen, | 265 | int RSA_padding_add_SSLv23(unsigned char *to,int tlen, |
| 202 | unsigned char *f,int fl); | 266 | const unsigned char *f,int fl); |
| 203 | int RSA_padding_check_SSLv23(unsigned char *to,int tlen, | 267 | int RSA_padding_check_SSLv23(unsigned char *to,int tlen, |
| 204 | unsigned char *f,int fl); | 268 | const unsigned char *f,int fl,int rsa_len); |
| 205 | int RSA_padding_add_none(unsigned char *to,int tlen, | 269 | int RSA_padding_add_none(unsigned char *to,int tlen, |
| 206 | unsigned char *f,int fl); | 270 | const unsigned char *f,int fl); |
| 207 | int RSA_padding_check_none(unsigned char *to,int tlen, | 271 | int RSA_padding_check_none(unsigned char *to,int tlen, |
| 208 | unsigned char *f,int fl); | 272 | const unsigned char *f,int fl,int rsa_len); |
| 209 | |||
| 210 | int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), | ||
| 211 | int (*dup_func)(), void (*free_func)()); | ||
| 212 | int RSA_set_ex_data(RSA *r,int idx,char *arg); | ||
| 213 | char *RSA_get_ex_data(RSA *r, int idx); | ||
| 214 | |||
| 215 | #else | ||
| 216 | |||
| 217 | RSA * RSA_new(); | ||
| 218 | RSA * RSA_new_method(); | ||
| 219 | int RSA_size(); | ||
| 220 | RSA * RSA_generate_key(); | ||
| 221 | int RSA_public_encrypt(); | ||
| 222 | int RSA_private_encrypt(); | ||
| 223 | int RSA_public_decrypt(); | ||
| 224 | int RSA_private_decrypt(); | ||
| 225 | void RSA_free (); | ||
| 226 | 273 | ||
| 227 | int RSA_flags(); | 274 | int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 228 | 275 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); | |
| 229 | void RSA_set_default_method(); | 276 | int RSA_set_ex_data(RSA *r,int idx,void *arg); |
| 230 | 277 | void *RSA_get_ex_data(const RSA *r, int idx); | |
| 231 | /* RSA_METHOD *RSA_PKCS1_RSAref(); */ | ||
| 232 | RSA_METHOD *RSA_PKCS1_SSLeay(); | ||
| 233 | |||
| 234 | void ERR_load_RSA_strings(); | ||
| 235 | |||
| 236 | RSA * d2i_RSAPublicKey(); | ||
| 237 | int i2d_RSAPublicKey(); | ||
| 238 | RSA * d2i_RSAPrivateKey(); | ||
| 239 | int i2d_RSAPrivateKey(); | ||
| 240 | #ifndef NO_FP_API | ||
| 241 | int RSA_print_fp(); | ||
| 242 | #endif | ||
| 243 | |||
| 244 | int RSA_print(); | ||
| 245 | |||
| 246 | int i2d_Netscape_RSA(); | ||
| 247 | RSA *d2i_Netscape_RSA(); | ||
| 248 | RSA *d2i_Netscape_RSA_2(); | ||
| 249 | |||
| 250 | int RSA_sign(); | ||
| 251 | int RSA_verify(); | ||
| 252 | |||
| 253 | int RSA_sign_ASN1_OCTET_STRING(); | ||
| 254 | int RSA_verify_ASN1_OCTET_STRING(); | ||
| 255 | int RSA_blinding_on(); | ||
| 256 | void RSA_blinding_off(); | ||
| 257 | |||
| 258 | int RSA_padding_add_PKCS1_type_1(); | ||
| 259 | int RSA_padding_check_PKCS1_type_1(); | ||
| 260 | int RSA_padding_add_PKCS1_type_2(); | ||
| 261 | int RSA_padding_check_PKCS1_type_2(); | ||
| 262 | int RSA_padding_add_SSLv23(); | ||
| 263 | int RSA_padding_check_SSLv23(); | ||
| 264 | int RSA_padding_add_none(); | ||
| 265 | int RSA_padding_check_none(); | ||
| 266 | |||
| 267 | int RSA_get_ex_new_index(); | ||
| 268 | int RSA_set_ex_data(); | ||
| 269 | char *RSA_get_ex_data(); | ||
| 270 | |||
| 271 | #endif | ||
| 272 | 278 | ||
| 273 | /* BEGIN ERROR CODES */ | 279 | /* BEGIN ERROR CODES */ |
| 280 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 281 | * made after this point may be overwritten when the script is next run. | ||
| 282 | */ | ||
| 283 | void ERR_load_RSA_strings(void); | ||
| 284 | |||
| 274 | /* Error codes for the RSA functions. */ | 285 | /* Error codes for the RSA functions. */ |
| 275 | 286 | ||
| 276 | /* Function codes. */ | 287 | /* Function codes. */ |
| 277 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 | 288 | #define RSA_F_MEMORY_LOCK 100 |
| 278 | #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 | 289 | #define RSA_F_RSA_CHECK_KEY 123 |
| 279 | #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 | 290 | #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 |
| 280 | #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 | 291 | #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 |
| 281 | #define RSA_F_RSA_GENERATE_KEY 104 | 292 | #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 |
| 282 | #define RSA_F_RSA_NEW_METHOD 105 | 293 | #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 |
| 283 | #define RSA_F_RSA_PADDING_ADD_NONE 106 | 294 | #define RSA_F_RSA_GENERATE_KEY 105 |
| 284 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 | 295 | #define RSA_F_RSA_NEW_METHOD 106 |
| 285 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 | 296 | #define RSA_F_RSA_NULL 124 |
| 286 | #define RSA_F_RSA_PADDING_ADD_SSLV23 109 | 297 | #define RSA_F_RSA_PADDING_ADD_NONE 107 |
| 287 | #define RSA_F_RSA_PADDING_CHECK_NONE 110 | 298 | #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 |
| 288 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 | 299 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 |
| 289 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 | 300 | #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 |
| 290 | #define RSA_F_RSA_PADDING_CHECK_SSLV23 113 | 301 | #define RSA_F_RSA_PADDING_ADD_SSLV23 110 |
| 291 | #define RSA_F_RSA_PRINT 114 | 302 | #define RSA_F_RSA_PADDING_CHECK_NONE 111 |
| 292 | #define RSA_F_RSA_PRINT_FP 115 | 303 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 |
| 293 | #define RSA_F_RSA_SIGN 116 | 304 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 |
| 294 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 | 305 | #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 |
| 295 | #define RSA_F_RSA_VERIFY 118 | 306 | #define RSA_F_RSA_PADDING_CHECK_SSLV23 114 |
| 296 | #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 | 307 | #define RSA_F_RSA_PRINT 115 |
| 308 | #define RSA_F_RSA_PRINT_FP 116 | ||
| 309 | #define RSA_F_RSA_SIGN 117 | ||
| 310 | #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 | ||
| 311 | #define RSA_F_RSA_VERIFY 119 | ||
| 312 | #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 | ||
| 297 | 313 | ||
| 298 | /* Reason codes. */ | 314 | /* Reason codes. */ |
| 299 | #define RSA_R_ALGORITHM_MISMATCH 100 | 315 | #define RSA_R_ALGORITHM_MISMATCH 100 |
| @@ -301,24 +317,35 @@ char *RSA_get_ex_data(); | |||
| 301 | #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 | 317 | #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 |
| 302 | #define RSA_R_BAD_PAD_BYTE_COUNT 103 | 318 | #define RSA_R_BAD_PAD_BYTE_COUNT 103 |
| 303 | #define RSA_R_BAD_SIGNATURE 104 | 319 | #define RSA_R_BAD_SIGNATURE 104 |
| 304 | #define RSA_R_BAD_ZERO_BYTE 105 | ||
| 305 | #define RSA_R_BLOCK_TYPE_IS_NOT_01 106 | 320 | #define RSA_R_BLOCK_TYPE_IS_NOT_01 106 |
| 306 | #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 | 321 | #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 |
| 307 | #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 | 322 | #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 |
| 308 | #define RSA_R_DATA_TOO_LARGE 109 | 323 | #define RSA_R_DATA_TOO_LARGE 109 |
| 309 | #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 | 324 | #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 |
| 325 | #define RSA_R_DATA_TOO_LARGE_FOR_MODULUS 132 | ||
| 310 | #define RSA_R_DATA_TOO_SMALL 111 | 326 | #define RSA_R_DATA_TOO_SMALL 111 |
| 327 | #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 | ||
| 311 | #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 | 328 | #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 |
| 329 | #define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 | ||
| 330 | #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 | ||
| 331 | #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 | ||
| 332 | #define RSA_R_INVALID_MESSAGE_LENGTH 131 | ||
| 333 | #define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 | ||
| 334 | #define RSA_R_KEY_SIZE_TOO_SMALL 120 | ||
| 312 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 | 335 | #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 |
| 336 | #define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 | ||
| 337 | #define RSA_R_OAEP_DECODING_ERROR 121 | ||
| 313 | #define RSA_R_PADDING_CHECK_FAILED 114 | 338 | #define RSA_R_PADDING_CHECK_FAILED 114 |
| 339 | #define RSA_R_P_NOT_PRIME 128 | ||
| 340 | #define RSA_R_Q_NOT_PRIME 129 | ||
| 341 | #define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130 | ||
| 314 | #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 | 342 | #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 |
| 315 | #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 | 343 | #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 |
| 316 | #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 | 344 | #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 |
| 317 | #define RSA_R_UNKNOWN_PADDING_TYPE 118 | 345 | #define RSA_R_UNKNOWN_PADDING_TYPE 118 |
| 318 | #define RSA_R_WRONG_SIGNATURE_LENGTH 119 | 346 | #define RSA_R_WRONG_SIGNATURE_LENGTH 119 |
| 319 | 347 | ||
| 320 | #ifdef __cplusplus | 348 | #ifdef __cplusplus |
| 321 | } | 349 | } |
| 322 | #endif | 350 | #endif |
| 323 | #endif | 351 | #endif |
| 324 | |||
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c index 91b9115798..002f2cb487 100644 --- a/src/lib/libcrypto/rsa/rsa_chk.c +++ b/src/lib/libcrypto/rsa/rsa_chk.c | |||
| @@ -53,7 +53,7 @@ | |||
| 53 | #include <openssl/rsa.h> | 53 | #include <openssl/rsa.h> |
| 54 | 54 | ||
| 55 | 55 | ||
| 56 | int RSA_check_key(RSA *key) | 56 | int RSA_check_key(const RSA *key) |
| 57 | { | 57 | { |
| 58 | BIGNUM *i, *j, *k, *l, *m; | 58 | BIGNUM *i, *j, *k, *l, *m; |
| 59 | BN_CTX *ctx; | 59 | BN_CTX *ctx; |
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 42a77f11cd..0eda816081 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -1,13 +1,3 @@ | |||
| 1 | |||
| 2 | /* This file has been explicitly broken by ryker for OpenBSD, July | ||
| 3 | * 1, 1998. In spite of the title, there is no implementation of the | ||
| 4 | * RSA algorithm left in this file. All these routines will return an | ||
| 5 | * error and fail when called. They exist as stubs and can be | ||
| 6 | * ressurected from the bit bucket by someone in the free world once | ||
| 7 | * the RSA algorithm is no longer subject to patent problems. Eric | ||
| 8 | * Young's original copyright is below. | ||
| 9 | */ | ||
| 10 | |||
| 11 | /* crypto/rsa/rsa_eay.c */ | 1 | /* crypto/rsa/rsa_eay.c */ |
| 12 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 13 | * All rights reserved. | 3 | * All rights reserved. |
| @@ -68,207 +58,552 @@ | |||
| 68 | 58 | ||
| 69 | #include <stdio.h> | 59 | #include <stdio.h> |
| 70 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 71 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 72 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 73 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | #include <openssl/engine.h> | ||
| 74 | 65 | ||
| 75 | #ifndef NOPROTO | 66 | #ifndef RSA_NULL |
| 76 | static int RSA_eay_public_encrypt(int flen, unsigned char *from, | 67 | |
| 68 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | ||
| 77 | unsigned char *to, RSA *rsa,int padding); | 69 | unsigned char *to, RSA *rsa,int padding); |
| 78 | static int RSA_eay_private_encrypt(int flen, unsigned char *from, | 70 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 79 | unsigned char *to, RSA *rsa,int padding); | 71 | unsigned char *to, RSA *rsa,int padding); |
| 80 | static int RSA_eay_public_decrypt(int flen, unsigned char *from, | 72 | static int RSA_eay_public_decrypt(int flen, const unsigned char *from, |
| 81 | unsigned char *to, RSA *rsa,int padding); | 73 | unsigned char *to, RSA *rsa,int padding); |
| 82 | static int RSA_eay_private_decrypt(int flen, unsigned char *from, | 74 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 83 | unsigned char *to, RSA *rsa,int padding); | 75 | unsigned char *to, RSA *rsa,int padding); |
| 84 | static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); | 76 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa); |
| 85 | static int RSA_eay_init(RSA *rsa); | 77 | static int RSA_eay_init(RSA *rsa); |
| 86 | static int RSA_eay_finish(RSA *rsa); | 78 | static int RSA_eay_finish(RSA *rsa); |
| 87 | #else | ||
| 88 | static int RSA_eay_public_encrypt(); | ||
| 89 | static int RSA_eay_private_encrypt(); | ||
| 90 | static int RSA_eay_public_decrypt(); | ||
| 91 | static int RSA_eay_private_decrypt(); | ||
| 92 | static int RSA_eay_mod_exp(); | ||
| 93 | static int RSA_eay_init(); | ||
| 94 | static int RSA_eay_finish(); | ||
| 95 | #endif | ||
| 96 | |||
| 97 | static RSA_METHOD rsa_pkcs1_eay_meth={ | 79 | static RSA_METHOD rsa_pkcs1_eay_meth={ |
| 98 | "Eric Young's PKCS#1 RSA", | 80 | "Eric Young's PKCS#1 RSA", |
| 99 | RSA_eay_public_encrypt, | 81 | RSA_eay_public_encrypt, |
| 100 | RSA_eay_public_decrypt, | 82 | RSA_eay_public_decrypt, /* signature verification */ |
| 101 | RSA_eay_private_encrypt, | 83 | RSA_eay_private_encrypt, /* signing */ |
| 102 | RSA_eay_private_decrypt, | 84 | RSA_eay_private_decrypt, |
| 103 | RSA_eay_mod_exp, | 85 | RSA_eay_mod_exp, |
| 104 | BN_mod_exp_mont, | 86 | BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ |
| 105 | RSA_eay_init, | 87 | RSA_eay_init, |
| 106 | RSA_eay_finish, | 88 | RSA_eay_finish, |
| 107 | 0, | 89 | 0, /* flags */ |
| 108 | NULL, | 90 | NULL, |
| 91 | 0, /* rsa_sign */ | ||
| 92 | 0 /* rsa_verify */ | ||
| 109 | }; | 93 | }; |
| 110 | 94 | ||
| 111 | RSA_METHOD *RSA_PKCS1_SSLeay() | 95 | const RSA_METHOD *RSA_PKCS1_SSLeay(void) |
| 112 | { | 96 | { |
| 113 | return(&rsa_pkcs1_eay_meth); | 97 | return(&rsa_pkcs1_eay_meth); |
| 114 | } | 98 | } |
| 115 | 99 | ||
| 116 | static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) | 100 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, |
| 117 | int flen; | 101 | unsigned char *to, RSA *rsa, int padding) |
| 118 | unsigned char *from; | ||
| 119 | unsigned char *to; | ||
| 120 | RSA *rsa; | ||
| 121 | int padding; | ||
| 122 | { | 102 | { |
| 123 | BIGNUM *f=NULL,*ret=NULL; | 103 | BIGNUM f,ret; |
| 124 | int i,j,k,num=0,r= -1; | 104 | int i,j,k,num=0,r= -1; |
| 125 | unsigned char *buf=NULL; | 105 | unsigned char *buf=NULL; |
| 126 | BN_CTX *ctx=NULL; | 106 | BN_CTX *ctx=NULL; |
| 127 | 107 | ||
| 128 | /* Body of this routine removed for OpenBSD - will return | 108 | BN_init(&f); |
| 129 | * when the RSA patent expires | 109 | BN_init(&ret); |
| 130 | */ | 110 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 111 | num=BN_num_bytes(rsa->n); | ||
| 112 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | ||
| 113 | { | ||
| 114 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); | ||
| 115 | goto err; | ||
| 116 | } | ||
| 131 | 117 | ||
| 118 | switch (padding) | ||
| 119 | { | ||
| 120 | case RSA_PKCS1_PADDING: | ||
| 121 | i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); | ||
| 122 | break; | ||
| 123 | #ifndef OPENSSL_NO_SHA | ||
| 124 | case RSA_PKCS1_OAEP_PADDING: | ||
| 125 | i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); | ||
| 126 | break; | ||
| 127 | #endif | ||
| 128 | case RSA_SSLV23_PADDING: | ||
| 129 | i=RSA_padding_add_SSLv23(buf,num,from,flen); | ||
| 130 | break; | ||
| 131 | case RSA_NO_PADDING: | ||
| 132 | i=RSA_padding_add_none(buf,num,from,flen); | ||
| 133 | break; | ||
| 134 | default: | ||
| 135 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); | ||
| 136 | goto err; | ||
| 137 | } | ||
| 138 | if (i <= 0) goto err; | ||
| 139 | |||
| 140 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; | ||
| 141 | |||
| 142 | if (BN_ucmp(&f, rsa->n) >= 0) | ||
| 143 | { | ||
| 144 | /* usually the padding functions would catch this */ | ||
| 145 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | ||
| 146 | goto err; | ||
| 147 | } | ||
| 148 | |||
| 149 | if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) | ||
| 150 | { | ||
| 151 | BN_MONT_CTX* bn_mont_ctx; | ||
| 152 | if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) | ||
| 153 | goto err; | ||
| 154 | if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) | ||
| 155 | { | ||
| 156 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 157 | goto err; | ||
| 158 | } | ||
| 159 | if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ | ||
| 160 | { | ||
| 161 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
| 162 | if (rsa->_method_mod_n == NULL) | ||
| 163 | { | ||
| 164 | rsa->_method_mod_n = bn_mont_ctx; | ||
| 165 | bn_mont_ctx = NULL; | ||
| 166 | } | ||
| 167 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
| 168 | } | ||
| 169 | if (bn_mont_ctx) | ||
| 170 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 171 | } | ||
| 172 | |||
| 173 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, | ||
| 174 | rsa->_method_mod_n)) goto err; | ||
| 175 | |||
| 176 | /* put in leading 0 bytes if the number is less than the | ||
| 177 | * length of the modulus */ | ||
| 178 | j=BN_num_bytes(&ret); | ||
| 179 | i=BN_bn2bin(&ret,&(to[num-j])); | ||
| 180 | for (k=0; k<(num-i); k++) | ||
| 181 | to[k]=0; | ||
| 182 | |||
| 183 | r=num; | ||
| 132 | err: | 184 | err: |
| 133 | if (ctx != NULL) BN_CTX_free(ctx); | 185 | if (ctx != NULL) BN_CTX_free(ctx); |
| 134 | if (f != NULL) BN_free(f); | 186 | BN_clear_free(&f); |
| 135 | if (ret != NULL) BN_free(ret); | 187 | BN_clear_free(&ret); |
| 136 | if (buf != NULL) | 188 | if (buf != NULL) |
| 137 | { | 189 | { |
| 138 | memset(buf,0,num); | 190 | memset(buf,0,num); |
| 139 | Free(buf); | 191 | OPENSSL_free(buf); |
| 140 | } | 192 | } |
| 141 | return(r); | 193 | return(r); |
| 142 | } | 194 | } |
| 143 | 195 | ||
| 144 | static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) | 196 | /* signing */ |
| 145 | int flen; | 197 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 146 | unsigned char *from; | 198 | unsigned char *to, RSA *rsa, int padding) |
| 147 | unsigned char *to; | ||
| 148 | RSA *rsa; | ||
| 149 | int padding; | ||
| 150 | { | 199 | { |
| 151 | BIGNUM *f=NULL,*ret=NULL; | 200 | BIGNUM f,ret; |
| 152 | int i,j,k,num=0,r= -1; | 201 | int i,j,k,num=0,r= -1; |
| 153 | unsigned char *buf=NULL; | 202 | unsigned char *buf=NULL; |
| 154 | BN_CTX *ctx=NULL; | 203 | BN_CTX *ctx=NULL; |
| 155 | 204 | ||
| 156 | /* Body of this routine removed for OpenBSD - will return | 205 | BN_init(&f); |
| 157 | * when the RSA patent expires | 206 | BN_init(&ret); |
| 158 | */ | ||
| 159 | 207 | ||
| 208 | if ((ctx=BN_CTX_new()) == NULL) goto err; | ||
| 209 | num=BN_num_bytes(rsa->n); | ||
| 210 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | ||
| 211 | { | ||
| 212 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); | ||
| 213 | goto err; | ||
| 214 | } | ||
| 215 | |||
| 216 | switch (padding) | ||
| 217 | { | ||
| 218 | case RSA_PKCS1_PADDING: | ||
| 219 | i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); | ||
| 220 | break; | ||
| 221 | case RSA_NO_PADDING: | ||
| 222 | i=RSA_padding_add_none(buf,num,from,flen); | ||
| 223 | break; | ||
| 224 | case RSA_SSLV23_PADDING: | ||
| 225 | default: | ||
| 226 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); | ||
| 227 | goto err; | ||
| 228 | } | ||
| 229 | if (i <= 0) goto err; | ||
| 230 | |||
| 231 | if (BN_bin2bn(buf,num,&f) == NULL) goto err; | ||
| 232 | |||
| 233 | if (BN_ucmp(&f, rsa->n) >= 0) | ||
| 234 | { | ||
| 235 | /* usually the padding functions would catch this */ | ||
| 236 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | ||
| 237 | goto err; | ||
| 238 | } | ||
| 239 | |||
| 240 | if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) | ||
| 241 | RSA_blinding_on(rsa,ctx); | ||
| 242 | if (rsa->flags & RSA_FLAG_BLINDING) | ||
| 243 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; | ||
| 244 | |||
| 245 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | ||
| 246 | ((rsa->p != NULL) && | ||
| 247 | (rsa->q != NULL) && | ||
| 248 | (rsa->dmp1 != NULL) && | ||
| 249 | (rsa->dmq1 != NULL) && | ||
| 250 | (rsa->iqmp != NULL)) ) | ||
| 251 | { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } | ||
| 252 | else | ||
| 253 | { | ||
| 254 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; | ||
| 255 | } | ||
| 256 | |||
| 257 | if (rsa->flags & RSA_FLAG_BLINDING) | ||
| 258 | if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; | ||
| 259 | |||
| 260 | /* put in leading 0 bytes if the number is less than the | ||
| 261 | * length of the modulus */ | ||
| 262 | j=BN_num_bytes(&ret); | ||
| 263 | i=BN_bn2bin(&ret,&(to[num-j])); | ||
| 264 | for (k=0; k<(num-i); k++) | ||
| 265 | to[k]=0; | ||
| 266 | |||
| 267 | r=num; | ||
| 160 | err: | 268 | err: |
| 161 | if (ctx != NULL) BN_CTX_free(ctx); | 269 | if (ctx != NULL) BN_CTX_free(ctx); |
| 162 | if (ret != NULL) BN_free(ret); | 270 | BN_clear_free(&ret); |
| 163 | if (f != NULL) BN_free(f); | 271 | BN_clear_free(&f); |
| 164 | if (buf != NULL) | 272 | if (buf != NULL) |
| 165 | { | 273 | { |
| 166 | memset(buf,0,num); | 274 | memset(buf,0,num); |
| 167 | Free(buf); | 275 | OPENSSL_free(buf); |
| 168 | } | 276 | } |
| 169 | return(r); | 277 | return(r); |
| 170 | } | 278 | } |
| 171 | 279 | ||
| 172 | static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) | 280 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 173 | int flen; | 281 | unsigned char *to, RSA *rsa, int padding) |
| 174 | unsigned char *from; | ||
| 175 | unsigned char *to; | ||
| 176 | RSA *rsa; | ||
| 177 | int padding; | ||
| 178 | { | 282 | { |
| 179 | BIGNUM *f=NULL,*ret=NULL; | 283 | BIGNUM f,ret; |
| 180 | int j,num=0,r= -1; | 284 | int j,num=0,r= -1; |
| 181 | unsigned char *p; | 285 | unsigned char *p; |
| 182 | unsigned char *buf=NULL; | 286 | unsigned char *buf=NULL; |
| 183 | BN_CTX *ctx=NULL; | 287 | BN_CTX *ctx=NULL; |
| 184 | 288 | ||
| 185 | /* Body of this routine removed for OpenBSD - will return | 289 | BN_init(&f); |
| 186 | * when the RSA patent expires | 290 | BN_init(&ret); |
| 187 | */ | 291 | ctx=BN_CTX_new(); |
| 292 | if (ctx == NULL) goto err; | ||
| 293 | |||
| 294 | num=BN_num_bytes(rsa->n); | ||
| 295 | |||
| 296 | if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL) | ||
| 297 | { | ||
| 298 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); | ||
| 299 | goto err; | ||
| 300 | } | ||
| 301 | |||
| 302 | /* This check was for equality but PGP does evil things | ||
| 303 | * and chops off the top '0' bytes */ | ||
| 304 | if (flen > num) | ||
| 305 | { | ||
| 306 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); | ||
| 307 | goto err; | ||
| 308 | } | ||
| 309 | |||
| 310 | /* make data into a big number */ | ||
| 311 | if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; | ||
| 312 | |||
| 313 | if (BN_ucmp(&f, rsa->n) >= 0) | ||
| 314 | { | ||
| 315 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | ||
| 316 | goto err; | ||
| 317 | } | ||
| 318 | |||
| 319 | if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) | ||
| 320 | RSA_blinding_on(rsa,ctx); | ||
| 321 | if (rsa->flags & RSA_FLAG_BLINDING) | ||
| 322 | if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; | ||
| 323 | |||
| 324 | /* do the decrypt */ | ||
| 325 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | ||
| 326 | ((rsa->p != NULL) && | ||
| 327 | (rsa->q != NULL) && | ||
| 328 | (rsa->dmp1 != NULL) && | ||
| 329 | (rsa->dmq1 != NULL) && | ||
| 330 | (rsa->iqmp != NULL)) ) | ||
| 331 | { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } | ||
| 332 | else | ||
| 333 | { | ||
| 334 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) | ||
| 335 | goto err; | ||
| 336 | } | ||
| 337 | |||
| 338 | if (rsa->flags & RSA_FLAG_BLINDING) | ||
| 339 | if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; | ||
| 340 | |||
| 341 | p=buf; | ||
| 342 | j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ | ||
| 343 | |||
| 344 | switch (padding) | ||
| 345 | { | ||
| 346 | case RSA_PKCS1_PADDING: | ||
| 347 | r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); | ||
| 348 | break; | ||
| 349 | #ifndef OPENSSL_NO_SHA | ||
| 350 | case RSA_PKCS1_OAEP_PADDING: | ||
| 351 | r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); | ||
| 352 | break; | ||
| 353 | #endif | ||
| 354 | case RSA_SSLV23_PADDING: | ||
| 355 | r=RSA_padding_check_SSLv23(to,num,buf,j,num); | ||
| 356 | break; | ||
| 357 | case RSA_NO_PADDING: | ||
| 358 | r=RSA_padding_check_none(to,num,buf,j,num); | ||
| 359 | break; | ||
| 360 | default: | ||
| 361 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); | ||
| 362 | goto err; | ||
| 363 | } | ||
| 364 | if (r < 0) | ||
| 365 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); | ||
| 188 | 366 | ||
| 189 | err: | 367 | err: |
| 190 | if (ctx != NULL) BN_CTX_free(ctx); | 368 | if (ctx != NULL) BN_CTX_free(ctx); |
| 191 | if (f != NULL) BN_free(f); | 369 | BN_clear_free(&f); |
| 192 | if (ret != NULL) BN_free(ret); | 370 | BN_clear_free(&ret); |
| 193 | if (buf != NULL) | 371 | if (buf != NULL) |
| 194 | { | 372 | { |
| 195 | memset(buf,0,num); | 373 | memset(buf,0,num); |
| 196 | Free(buf); | 374 | OPENSSL_free(buf); |
| 197 | } | 375 | } |
| 198 | return(r); | 376 | return(r); |
| 199 | } | 377 | } |
| 200 | 378 | ||
| 201 | static int RSA_eay_public_decrypt(flen, from, to, rsa, padding) | 379 | /* signature verification */ |
| 202 | int flen; | 380 | static int RSA_eay_public_decrypt(int flen, const unsigned char *from, |
| 203 | unsigned char *from; | 381 | unsigned char *to, RSA *rsa, int padding) |
| 204 | unsigned char *to; | ||
| 205 | RSA *rsa; | ||
| 206 | int padding; | ||
| 207 | { | 382 | { |
| 208 | BIGNUM *f=NULL,*ret=NULL; | 383 | BIGNUM f,ret; |
| 209 | int i,num=0,r= -1; | 384 | int i,num=0,r= -1; |
| 210 | unsigned char *p; | 385 | unsigned char *p; |
| 211 | unsigned char *buf=NULL; | 386 | unsigned char *buf=NULL; |
| 212 | BN_CTX *ctx=NULL; | 387 | BN_CTX *ctx=NULL; |
| 213 | 388 | ||
| 389 | BN_init(&f); | ||
| 390 | BN_init(&ret); | ||
| 391 | ctx=BN_CTX_new(); | ||
| 392 | if (ctx == NULL) goto err; | ||
| 393 | |||
| 394 | num=BN_num_bytes(rsa->n); | ||
| 395 | buf=(unsigned char *)OPENSSL_malloc(num); | ||
| 396 | if (buf == NULL) | ||
| 397 | { | ||
| 398 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); | ||
| 399 | goto err; | ||
| 400 | } | ||
| 401 | |||
| 402 | /* This check was for equality but PGP does evil things | ||
| 403 | * and chops off the top '0' bytes */ | ||
| 404 | if (flen > num) | ||
| 405 | { | ||
| 406 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); | ||
| 407 | goto err; | ||
| 408 | } | ||
| 214 | 409 | ||
| 215 | /* Body of this routine removed for OpenBSD - will return | 410 | if (BN_bin2bn(from,flen,&f) == NULL) goto err; |
| 216 | * when the RSA patent expires | 411 | |
| 217 | */ | 412 | if (BN_ucmp(&f, rsa->n) >= 0) |
| 413 | { | ||
| 414 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); | ||
| 415 | goto err; | ||
| 416 | } | ||
| 417 | |||
| 418 | /* do the decrypt */ | ||
| 419 | if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) | ||
| 420 | { | ||
| 421 | BN_MONT_CTX* bn_mont_ctx; | ||
| 422 | if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) | ||
| 423 | goto err; | ||
| 424 | if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx)) | ||
| 425 | { | ||
| 426 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 427 | goto err; | ||
| 428 | } | ||
| 429 | if (rsa->_method_mod_n == NULL) /* other thread may have finished first */ | ||
| 430 | { | ||
| 431 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
| 432 | if (rsa->_method_mod_n == NULL) | ||
| 433 | { | ||
| 434 | rsa->_method_mod_n = bn_mont_ctx; | ||
| 435 | bn_mont_ctx = NULL; | ||
| 436 | } | ||
| 437 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
| 438 | } | ||
| 439 | if (bn_mont_ctx) | ||
| 440 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 441 | } | ||
| 442 | |||
| 443 | if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, | ||
| 444 | rsa->_method_mod_n)) goto err; | ||
| 445 | |||
| 446 | p=buf; | ||
| 447 | i=BN_bn2bin(&ret,p); | ||
| 448 | |||
| 449 | switch (padding) | ||
| 450 | { | ||
| 451 | case RSA_PKCS1_PADDING: | ||
| 452 | r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); | ||
| 453 | break; | ||
| 454 | case RSA_NO_PADDING: | ||
| 455 | r=RSA_padding_check_none(to,num,buf,i,num); | ||
| 456 | break; | ||
| 457 | default: | ||
| 458 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); | ||
| 459 | goto err; | ||
| 460 | } | ||
| 461 | if (r < 0) | ||
| 462 | RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); | ||
| 218 | 463 | ||
| 219 | err: | 464 | err: |
| 220 | if (ctx != NULL) BN_CTX_free(ctx); | 465 | if (ctx != NULL) BN_CTX_free(ctx); |
| 221 | if (f != NULL) BN_free(f); | 466 | BN_clear_free(&f); |
| 222 | if (ret != NULL) BN_free(ret); | 467 | BN_clear_free(&ret); |
| 223 | if (buf != NULL) | 468 | if (buf != NULL) |
| 224 | { | 469 | { |
| 225 | memset(buf,0,num); | 470 | memset(buf,0,num); |
| 226 | Free(buf); | 471 | OPENSSL_free(buf); |
| 227 | } | 472 | } |
| 228 | return(r); | 473 | return(r); |
| 229 | } | 474 | } |
| 230 | 475 | ||
| 231 | static int RSA_eay_mod_exp(r0, I, rsa) | 476 | static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa) |
| 232 | BIGNUM *r0; | ||
| 233 | BIGNUM *I; | ||
| 234 | RSA *rsa; | ||
| 235 | { | 477 | { |
| 236 | BIGNUM *r1=NULL,*m1=NULL; | 478 | BIGNUM r1,m1,vrfy; |
| 237 | int ret=0; | 479 | int ret=0; |
| 238 | BN_CTX *ctx; | 480 | BN_CTX *ctx; |
| 239 | 481 | ||
| 482 | BN_init(&m1); | ||
| 483 | BN_init(&r1); | ||
| 484 | BN_init(&vrfy); | ||
| 240 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 485 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 241 | m1=BN_new(); | ||
| 242 | r1=BN_new(); | ||
| 243 | if ((m1 == NULL) || (r1 == NULL)) goto err; | ||
| 244 | 486 | ||
| 245 | /* Body of this routine removed for OpenBSD - will return | 487 | if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) |
| 246 | * when the RSA patent expires | 488 | { |
| 247 | */ | 489 | if (rsa->_method_mod_p == NULL) |
| 490 | { | ||
| 491 | BN_MONT_CTX* bn_mont_ctx; | ||
| 492 | if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) | ||
| 493 | goto err; | ||
| 494 | if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx)) | ||
| 495 | { | ||
| 496 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 497 | goto err; | ||
| 498 | } | ||
| 499 | if (rsa->_method_mod_p == NULL) /* other thread may have finished first */ | ||
| 500 | { | ||
| 501 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
| 502 | if (rsa->_method_mod_p == NULL) | ||
| 503 | { | ||
| 504 | rsa->_method_mod_p = bn_mont_ctx; | ||
| 505 | bn_mont_ctx = NULL; | ||
| 506 | } | ||
| 507 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
| 508 | } | ||
| 509 | if (bn_mont_ctx) | ||
| 510 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 511 | } | ||
| 512 | |||
| 513 | if (rsa->_method_mod_q == NULL) | ||
| 514 | { | ||
| 515 | BN_MONT_CTX* bn_mont_ctx; | ||
| 516 | if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL) | ||
| 517 | goto err; | ||
| 518 | if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx)) | ||
| 519 | { | ||
| 520 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 521 | goto err; | ||
| 522 | } | ||
| 523 | if (rsa->_method_mod_q == NULL) /* other thread may have finished first */ | ||
| 524 | { | ||
| 525 | CRYPTO_w_lock(CRYPTO_LOCK_RSA); | ||
| 526 | if (rsa->_method_mod_q == NULL) | ||
| 527 | { | ||
| 528 | rsa->_method_mod_q = bn_mont_ctx; | ||
| 529 | bn_mont_ctx = NULL; | ||
| 530 | } | ||
| 531 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | ||
| 532 | } | ||
| 533 | if (bn_mont_ctx) | ||
| 534 | BN_MONT_CTX_free(bn_mont_ctx); | ||
| 535 | } | ||
| 536 | } | ||
| 537 | |||
| 538 | if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; | ||
| 539 | if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, | ||
| 540 | rsa->_method_mod_q)) goto err; | ||
| 541 | |||
| 542 | if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; | ||
| 543 | if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, | ||
| 544 | rsa->_method_mod_p)) goto err; | ||
| 545 | |||
| 546 | if (!BN_sub(r0,r0,&m1)) goto err; | ||
| 547 | /* This will help stop the size of r0 increasing, which does | ||
| 548 | * affect the multiply if it optimised for a power of 2 size */ | ||
| 549 | if (r0->neg) | ||
| 550 | if (!BN_add(r0,r0,rsa->p)) goto err; | ||
| 551 | |||
| 552 | if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; | ||
| 553 | if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; | ||
| 554 | /* If p < q it is occasionally possible for the correction of | ||
| 555 | * adding 'p' if r0 is negative above to leave the result still | ||
| 556 | * negative. This can break the private key operations: the following | ||
| 557 | * second correction should *always* correct this rare occurrence. | ||
| 558 | * This will *never* happen with OpenSSL generated keys because | ||
| 559 | * they ensure p > q [steve] | ||
| 560 | */ | ||
| 561 | if (r0->neg) | ||
| 562 | if (!BN_add(r0,r0,rsa->p)) goto err; | ||
| 563 | if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; | ||
| 564 | if (!BN_add(r0,&r1,&m1)) goto err; | ||
| 565 | |||
| 566 | if (rsa->e && rsa->n) | ||
| 567 | { | ||
| 568 | if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err; | ||
| 569 | /* If 'I' was greater than (or equal to) rsa->n, the operation | ||
| 570 | * will be equivalent to using 'I mod n'. However, the result of | ||
| 571 | * the verify will *always* be less than 'n' so we don't check | ||
| 572 | * for absolute equality, just congruency. */ | ||
| 573 | if (!BN_sub(&vrfy, &vrfy, I)) goto err; | ||
| 574 | if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err; | ||
| 575 | if (vrfy.neg) | ||
| 576 | if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err; | ||
| 577 | if (!BN_is_zero(&vrfy)) | ||
| 578 | /* 'I' and 'vrfy' aren't congruent mod n. Don't leak | ||
| 579 | * miscalculated CRT output, just do a raw (slower) | ||
| 580 | * mod_exp and return that instead. */ | ||
| 581 | if (!rsa->meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err; | ||
| 582 | } | ||
| 583 | ret=1; | ||
| 248 | err: | 584 | err: |
| 249 | if (m1 != NULL) BN_free(m1); | 585 | BN_clear_free(&m1); |
| 250 | if (r1 != NULL) BN_free(r1); | 586 | BN_clear_free(&r1); |
| 587 | BN_clear_free(&vrfy); | ||
| 251 | BN_CTX_free(ctx); | 588 | BN_CTX_free(ctx); |
| 252 | return(ret); | 589 | return(ret); |
| 253 | } | 590 | } |
| 254 | 591 | ||
| 255 | static int RSA_eay_init(rsa) | 592 | static int RSA_eay_init(RSA *rsa) |
| 256 | RSA *rsa; | ||
| 257 | { | 593 | { |
| 258 | rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; | 594 | rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; |
| 259 | return(1); | 595 | return(1); |
| 260 | } | 596 | } |
| 261 | 597 | ||
| 262 | static int RSA_eay_finish(rsa) | 598 | static int RSA_eay_finish(RSA *rsa) |
| 263 | RSA *rsa; | ||
| 264 | { | 599 | { |
| 265 | if (rsa->method_mod_n != NULL) | 600 | if (rsa->_method_mod_n != NULL) |
| 266 | BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n); | 601 | BN_MONT_CTX_free(rsa->_method_mod_n); |
| 267 | if (rsa->method_mod_p != NULL) | 602 | if (rsa->_method_mod_p != NULL) |
| 268 | BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p); | 603 | BN_MONT_CTX_free(rsa->_method_mod_p); |
| 269 | if (rsa->method_mod_q != NULL) | 604 | if (rsa->_method_mod_q != NULL) |
| 270 | BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q); | 605 | BN_MONT_CTX_free(rsa->_method_mod_q); |
| 271 | return(1); | 606 | return(1); |
| 272 | } | 607 | } |
| 273 | 608 | ||
| 274 | 609 | #endif | |
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c index 796b3afd47..a7766c3b76 100644 --- a/src/lib/libcrypto/rsa/rsa_err.c +++ b/src/lib/libcrypto/rsa/rsa_err.c | |||
| @@ -1,79 +1,87 @@ | |||
| 1 | /* lib/rsa/rsa_err.c */ | 1 | /* crypto/rsa/rsa_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "rsa.h" | 63 | #include <openssl/rsa.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA RSA_str_functs[]= | 67 | static ERR_STRING_DATA RSA_str_functs[]= |
| 65 | { | 68 | { |
| 69 | {ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, | ||
| 70 | {ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, | ||
| 66 | {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, | 71 | {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, |
| 67 | {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, | 72 | {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, |
| 68 | {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, | 73 | {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, |
| 69 | {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, | 74 | {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, |
| 70 | {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, | 75 | {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, |
| 71 | {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, | 76 | {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, |
| 77 | {ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"}, | ||
| 72 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, | 78 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, |
| 79 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, | ||
| 73 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, | 80 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, |
| 74 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, | 81 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, |
| 75 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, | 82 | {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, |
| 76 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, | 83 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, |
| 84 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, | ||
| 77 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, | 85 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, |
| 78 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, | 86 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, |
| 79 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, | 87 | {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, |
| @@ -83,7 +91,7 @@ static ERR_STRING_DATA RSA_str_functs[]= | |||
| 83 | {ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, | 91 | {ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, |
| 84 | {ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, | 92 | {ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, |
| 85 | {ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, | 93 | {ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, |
| 86 | {0,NULL}, | 94 | {0,NULL} |
| 87 | }; | 95 | }; |
| 88 | 96 | ||
| 89 | static ERR_STRING_DATA RSA_str_reasons[]= | 97 | static ERR_STRING_DATA RSA_str_reasons[]= |
| @@ -93,34 +101,46 @@ static ERR_STRING_DATA RSA_str_reasons[]= | |||
| 93 | {RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, | 101 | {RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, |
| 94 | {RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, | 102 | {RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, |
| 95 | {RSA_R_BAD_SIGNATURE ,"bad signature"}, | 103 | {RSA_R_BAD_SIGNATURE ,"bad signature"}, |
| 96 | {RSA_R_BAD_ZERO_BYTE ,"bad zero byte"}, | ||
| 97 | {RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, | 104 | {RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, |
| 98 | {RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, | 105 | {RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, |
| 99 | {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, | 106 | {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, |
| 100 | {RSA_R_DATA_TOO_LARGE ,"data too large"}, | 107 | {RSA_R_DATA_TOO_LARGE ,"data too large"}, |
| 101 | {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, | 108 | {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, |
| 109 | {RSA_R_DATA_TOO_LARGE_FOR_MODULUS ,"data too large for modulus"}, | ||
| 102 | {RSA_R_DATA_TOO_SMALL ,"data too small"}, | 110 | {RSA_R_DATA_TOO_SMALL ,"data too small"}, |
| 111 | {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, | ||
| 103 | {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, | 112 | {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, |
| 113 | {RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, | ||
| 114 | {RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, | ||
| 115 | {RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, | ||
| 116 | {RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"}, | ||
| 117 | {RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, | ||
| 118 | {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, | ||
| 104 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, | 119 | {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, |
| 120 | {RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, | ||
| 121 | {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, | ||
| 105 | {RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, | 122 | {RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, |
| 123 | {RSA_R_P_NOT_PRIME ,"p not prime"}, | ||
| 124 | {RSA_R_Q_NOT_PRIME ,"q not prime"}, | ||
| 125 | {RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"}, | ||
| 106 | {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, | 126 | {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, |
| 107 | {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, | 127 | {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, |
| 108 | {RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, | 128 | {RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, |
| 109 | {RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, | 129 | {RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, |
| 110 | {RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, | 130 | {RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, |
| 111 | {0,NULL}, | 131 | {0,NULL} |
| 112 | }; | 132 | }; |
| 113 | 133 | ||
| 114 | #endif | 134 | #endif |
| 115 | 135 | ||
| 116 | void ERR_load_RSA_strings() | 136 | void ERR_load_RSA_strings(void) |
| 117 | { | 137 | { |
| 118 | static int init=1; | 138 | static int init=1; |
| 119 | 139 | ||
| 120 | if (init); | 140 | if (init) |
| 121 | {; | 141 | { |
| 122 | init=0; | 142 | init=0; |
| 123 | #ifndef NO_ERR | 143 | #ifndef OPENSSL_NO_ERR |
| 124 | ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); | 144 | ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); |
| 125 | ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); | 145 | ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); |
| 126 | #endif | 146 | #endif |
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 4cbd373829..00c25adbc5 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c | |||
| @@ -59,34 +59,130 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "bn.h" | 62 | #include <openssl/bn.h> |
| 63 | #include "rsa.h" | 63 | #include <openssl/rsa.h> |
| 64 | 64 | ||
| 65 | RSA *RSA_generate_key(bits, e_value, callback,cb_arg) | 65 | RSA *RSA_generate_key(int bits, unsigned long e_value, |
| 66 | int bits; | 66 | void (*callback)(int,int,void *), void *cb_arg) |
| 67 | unsigned long e_value; | ||
| 68 | void (*callback)(P_I_I_P); | ||
| 69 | char *cb_arg; | ||
| 70 | { | 67 | { |
| 71 | RSA *rsa=NULL; | 68 | RSA *rsa=NULL; |
| 72 | BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; | 69 | BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; |
| 73 | int bitsp,bitsq,ok= -1,n=0; | 70 | int bitsp,bitsq,ok= -1,n=0,i; |
| 74 | BN_CTX *ctx=NULL,*ctx2=NULL; | 71 | BN_CTX *ctx=NULL,*ctx2=NULL; |
| 75 | 72 | ||
| 76 | ctx=BN_CTX_new(); | 73 | ctx=BN_CTX_new(); |
| 77 | if (ctx == NULL) goto err; | 74 | if (ctx == NULL) goto err; |
| 78 | ctx2=BN_CTX_new(); | 75 | ctx2=BN_CTX_new(); |
| 79 | if (ctx2 == NULL) goto err; | 76 | if (ctx2 == NULL) goto err; |
| 77 | BN_CTX_start(ctx); | ||
| 78 | r0 = BN_CTX_get(ctx); | ||
| 79 | r1 = BN_CTX_get(ctx); | ||
| 80 | r2 = BN_CTX_get(ctx); | ||
| 81 | r3 = BN_CTX_get(ctx); | ||
| 82 | if (r3 == NULL) goto err; | ||
| 83 | |||
| 84 | bitsp=(bits+1)/2; | ||
| 85 | bitsq=bits-bitsp; | ||
| 86 | rsa=RSA_new(); | ||
| 87 | if (rsa == NULL) goto err; | ||
| 88 | |||
| 89 | /* set e */ | ||
| 90 | rsa->e=BN_new(); | ||
| 91 | if (rsa->e == NULL) goto err; | ||
| 92 | |||
| 93 | #if 1 | ||
| 94 | /* The problem is when building with 8, 16, or 32 BN_ULONG, | ||
| 95 | * unsigned long can be larger */ | ||
| 96 | for (i=0; i<sizeof(unsigned long)*8; i++) | ||
| 97 | { | ||
| 98 | if (e_value & (1UL<<i)) | ||
| 99 | BN_set_bit(rsa->e,i); | ||
| 100 | } | ||
| 101 | #else | ||
| 102 | if (!BN_set_word(rsa->e,e_value)) goto err; | ||
| 103 | #endif | ||
| 104 | |||
| 105 | /* generate p and q */ | ||
| 106 | for (;;) | ||
| 107 | { | ||
| 108 | rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); | ||
| 109 | if (rsa->p == NULL) goto err; | ||
| 110 | if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; | ||
| 111 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; | ||
| 112 | if (BN_is_one(r1)) break; | ||
| 113 | if (callback != NULL) callback(2,n++,cb_arg); | ||
| 114 | BN_free(rsa->p); | ||
| 115 | } | ||
| 116 | if (callback != NULL) callback(3,0,cb_arg); | ||
| 117 | for (;;) | ||
| 118 | { | ||
| 119 | rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); | ||
| 120 | if (rsa->q == NULL) goto err; | ||
| 121 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; | ||
| 122 | if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; | ||
| 123 | if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) | ||
| 124 | break; | ||
| 125 | if (callback != NULL) callback(2,n++,cb_arg); | ||
| 126 | BN_free(rsa->q); | ||
| 127 | } | ||
| 128 | if (callback != NULL) callback(3,1,cb_arg); | ||
| 129 | if (BN_cmp(rsa->p,rsa->q) < 0) | ||
| 130 | { | ||
| 131 | tmp=rsa->p; | ||
| 132 | rsa->p=rsa->q; | ||
| 133 | rsa->q=tmp; | ||
| 134 | } | ||
| 135 | |||
| 136 | /* calculate n */ | ||
| 137 | rsa->n=BN_new(); | ||
| 138 | if (rsa->n == NULL) goto err; | ||
| 139 | if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; | ||
| 140 | |||
| 141 | /* calculate d */ | ||
| 142 | if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ | ||
| 143 | if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ | ||
| 144 | if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ | ||
| 145 | |||
| 146 | /* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ | ||
| 147 | /* for (;;) | ||
| 148 | { | ||
| 149 | if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err; | ||
| 150 | if (BN_is_one(r3)) break; | ||
| 151 | |||
| 152 | if (1) | ||
| 153 | { | ||
| 154 | if (!BN_add_word(rsa->e,2L)) goto err; | ||
| 155 | continue; | ||
| 156 | } | ||
| 157 | RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE); | ||
| 158 | goto err; | ||
| 159 | } | ||
| 160 | */ | ||
| 161 | rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ | ||
| 162 | if (rsa->d == NULL) goto err; | ||
| 163 | |||
| 164 | /* calculate d mod (p-1) */ | ||
| 165 | rsa->dmp1=BN_new(); | ||
| 166 | if (rsa->dmp1 == NULL) goto err; | ||
| 167 | if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err; | ||
| 168 | |||
| 169 | /* calculate d mod (q-1) */ | ||
| 170 | rsa->dmq1=BN_new(); | ||
| 171 | if (rsa->dmq1 == NULL) goto err; | ||
| 172 | if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; | ||
| 173 | |||
| 174 | /* calculate inverse of q mod p */ | ||
| 175 | rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); | ||
| 176 | if (rsa->iqmp == NULL) goto err; | ||
| 80 | 177 | ||
| 81 | /* Body of this routine removed for OpenBSD - will return | 178 | ok=1; |
| 82 | * when the RSA patent expires | ||
| 83 | */ | ||
| 84 | err: | 179 | err: |
| 85 | if (ok == -1) | 180 | if (ok == -1) |
| 86 | { | 181 | { |
| 87 | RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); | 182 | RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); |
| 88 | ok=0; | 183 | ok=0; |
| 89 | } | 184 | } |
| 185 | BN_CTX_end(ctx); | ||
| 90 | BN_CTX_free(ctx); | 186 | BN_CTX_free(ctx); |
| 91 | BN_CTX_free(ctx2); | 187 | BN_CTX_free(ctx2); |
| 92 | 188 | ||
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c index 95a56f8a28..93235744f7 100644 --- a/src/lib/libcrypto/rsa/rsa_lib.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c | |||
| @@ -57,53 +57,103 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "crypto.h" | 60 | #include <openssl/crypto.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "lhash.h" | 62 | #include <openssl/lhash.h> |
| 63 | #include "bn.h" | 63 | #include <openssl/bn.h> |
| 64 | #include "rsa.h" | 64 | #include <openssl/rsa.h> |
| 65 | #include <openssl/engine.h> | ||
| 65 | 66 | ||
| 66 | char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998"; | 67 | const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; |
| 67 | 68 | ||
| 68 | static RSA_METHOD *default_RSA_meth=NULL; | 69 | static const RSA_METHOD *default_RSA_meth=NULL; |
| 69 | static int rsa_meth_num=0; | ||
| 70 | static STACK *rsa_meth=NULL; | ||
| 71 | 70 | ||
| 72 | RSA *RSA_new() | 71 | RSA *RSA_new(void) |
| 73 | { | 72 | { |
| 74 | return(RSA_new_method(NULL)); | 73 | return(RSA_new_method(NULL)); |
| 75 | } | 74 | } |
| 76 | 75 | ||
| 77 | void RSA_set_default_method(meth) | 76 | void RSA_set_default_method(const RSA_METHOD *meth) |
| 78 | RSA_METHOD *meth; | ||
| 79 | { | 77 | { |
| 80 | default_RSA_meth=meth; | 78 | default_RSA_meth = meth; |
| 81 | } | 79 | } |
| 82 | 80 | ||
| 83 | RSA *RSA_new_method(meth) | 81 | const RSA_METHOD *RSA_get_default_method(void) |
| 84 | RSA_METHOD *meth; | ||
| 85 | { | 82 | { |
| 86 | RSA *ret; | ||
| 87 | |||
| 88 | if (default_RSA_meth == NULL) | 83 | if (default_RSA_meth == NULL) |
| 89 | { | 84 | { |
| 90 | #ifdef RSAref | 85 | #ifdef RSA_NULL |
| 86 | default_RSA_meth=RSA_null_method(); | ||
| 87 | #else | ||
| 88 | #if 0 /* was: #ifdef RSAref */ | ||
| 91 | default_RSA_meth=RSA_PKCS1_RSAref(); | 89 | default_RSA_meth=RSA_PKCS1_RSAref(); |
| 92 | #else | 90 | #else |
| 93 | default_RSA_meth=RSA_PKCS1_SSLeay(); | 91 | default_RSA_meth=RSA_PKCS1_SSLeay(); |
| 94 | #endif | 92 | #endif |
| 93 | #endif | ||
| 94 | } | ||
| 95 | |||
| 96 | return default_RSA_meth; | ||
| 97 | } | ||
| 98 | |||
| 99 | const RSA_METHOD *RSA_get_method(const RSA *rsa) | ||
| 100 | { | ||
| 101 | return rsa->meth; | ||
| 102 | } | ||
| 103 | |||
| 104 | int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) | ||
| 105 | { | ||
| 106 | /* NB: The caller is specifically setting a method, so it's not up to us | ||
| 107 | * to deal with which ENGINE it comes from. */ | ||
| 108 | const RSA_METHOD *mtmp; | ||
| 109 | mtmp = rsa->meth; | ||
| 110 | if (mtmp->finish) mtmp->finish(rsa); | ||
| 111 | if (rsa->engine) | ||
| 112 | { | ||
| 113 | ENGINE_finish(rsa->engine); | ||
| 114 | rsa->engine = NULL; | ||
| 95 | } | 115 | } |
| 96 | ret=(RSA *)Malloc(sizeof(RSA)); | 116 | rsa->meth = meth; |
| 117 | if (meth->init) meth->init(rsa); | ||
| 118 | return 1; | ||
| 119 | } | ||
| 120 | |||
| 121 | RSA *RSA_new_method(ENGINE *engine) | ||
| 122 | { | ||
| 123 | RSA *ret; | ||
| 124 | |||
| 125 | ret=(RSA *)OPENSSL_malloc(sizeof(RSA)); | ||
| 97 | if (ret == NULL) | 126 | if (ret == NULL) |
| 98 | { | 127 | { |
| 99 | RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); | 128 | RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE); |
| 100 | return(NULL); | 129 | return NULL; |
| 101 | } | 130 | } |
| 102 | 131 | ||
| 103 | if (meth == NULL) | 132 | ret->meth = RSA_get_default_method(); |
| 104 | ret->meth=default_RSA_meth; | 133 | if (engine) |
| 134 | { | ||
| 135 | if (!ENGINE_init(engine)) | ||
| 136 | { | ||
| 137 | RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); | ||
| 138 | OPENSSL_free(ret); | ||
| 139 | return NULL; | ||
| 140 | } | ||
| 141 | ret->engine = engine; | ||
| 142 | } | ||
| 105 | else | 143 | else |
| 106 | ret->meth=meth; | 144 | ret->engine = ENGINE_get_default_RSA(); |
| 145 | if(ret->engine) | ||
| 146 | { | ||
| 147 | ret->meth = ENGINE_get_RSA(ret->engine); | ||
| 148 | if(!ret->meth) | ||
| 149 | { | ||
| 150 | RSAerr(RSA_F_RSA_NEW_METHOD, | ||
| 151 | ERR_R_ENGINE_LIB); | ||
| 152 | ENGINE_finish(ret->engine); | ||
| 153 | OPENSSL_free(ret); | ||
| 154 | return NULL; | ||
| 155 | } | ||
| 156 | } | ||
| 107 | 157 | ||
| 108 | ret->pad=0; | 158 | ret->pad=0; |
| 109 | ret->version=0; | 159 | ret->version=0; |
| @@ -116,22 +166,25 @@ RSA_METHOD *meth; | |||
| 116 | ret->dmq1=NULL; | 166 | ret->dmq1=NULL; |
| 117 | ret->iqmp=NULL; | 167 | ret->iqmp=NULL; |
| 118 | ret->references=1; | 168 | ret->references=1; |
| 119 | ret->method_mod_n=NULL; | 169 | ret->_method_mod_n=NULL; |
| 120 | ret->method_mod_p=NULL; | 170 | ret->_method_mod_p=NULL; |
| 121 | ret->method_mod_q=NULL; | 171 | ret->_method_mod_q=NULL; |
| 122 | ret->blinding=NULL; | 172 | ret->blinding=NULL; |
| 173 | ret->bignum_data=NULL; | ||
| 123 | ret->flags=ret->meth->flags; | 174 | ret->flags=ret->meth->flags; |
| 175 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); | ||
| 124 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) | 176 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) |
| 125 | { | 177 | { |
| 126 | Free(ret); | 178 | if (ret->engine) |
| 179 | ENGINE_finish(ret->engine); | ||
| 180 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); | ||
| 181 | OPENSSL_free(ret); | ||
| 127 | ret=NULL; | 182 | ret=NULL; |
| 128 | } | 183 | } |
| 129 | CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); | ||
| 130 | return(ret); | 184 | return(ret); |
| 131 | } | 185 | } |
| 132 | 186 | ||
| 133 | void RSA_free(r) | 187 | void RSA_free(RSA *r) |
| 134 | RSA *r; | ||
| 135 | { | 188 | { |
| 136 | int i; | 189 | int i; |
| 137 | 190 | ||
| @@ -150,10 +203,12 @@ RSA *r; | |||
| 150 | } | 203 | } |
| 151 | #endif | 204 | #endif |
| 152 | 205 | ||
| 153 | CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data); | 206 | if (r->meth->finish) |
| 154 | |||
| 155 | if (r->meth->finish != NULL) | ||
| 156 | r->meth->finish(r); | 207 | r->meth->finish(r); |
| 208 | if (r->engine) | ||
| 209 | ENGINE_finish(r->engine); | ||
| 210 | |||
| 211 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); | ||
| 157 | 212 | ||
| 158 | if (r->n != NULL) BN_clear_free(r->n); | 213 | if (r->n != NULL) BN_clear_free(r->n); |
| 159 | if (r->e != NULL) BN_clear_free(r->e); | 214 | if (r->e != NULL) BN_clear_free(r->e); |
| @@ -164,90 +219,78 @@ RSA *r; | |||
| 164 | if (r->dmq1 != NULL) BN_clear_free(r->dmq1); | 219 | if (r->dmq1 != NULL) BN_clear_free(r->dmq1); |
| 165 | if (r->iqmp != NULL) BN_clear_free(r->iqmp); | 220 | if (r->iqmp != NULL) BN_clear_free(r->iqmp); |
| 166 | if (r->blinding != NULL) BN_BLINDING_free(r->blinding); | 221 | if (r->blinding != NULL) BN_BLINDING_free(r->blinding); |
| 167 | Free(r); | 222 | if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); |
| 223 | OPENSSL_free(r); | ||
| 168 | } | 224 | } |
| 169 | 225 | ||
| 170 | int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 226 | int RSA_up_ref(RSA *r) |
| 171 | long argl; | 227 | { |
| 172 | char *argp; | 228 | int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); |
| 173 | int (*new_func)(); | 229 | #ifdef REF_PRINT |
| 174 | int (*dup_func)(); | 230 | REF_PRINT("RSA",r); |
| 175 | void (*free_func)(); | 231 | #endif |
| 232 | #ifdef REF_CHECK | ||
| 233 | if (i < 2) | ||
| 234 | { | ||
| 235 | fprintf(stderr, "RSA_up_ref, bad reference count\n"); | ||
| 236 | abort(); | ||
| 237 | } | ||
| 238 | #endif | ||
| 239 | return ((i > 1) ? 1 : 0); | ||
| 240 | } | ||
| 241 | |||
| 242 | int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | ||
| 243 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | ||
| 176 | { | 244 | { |
| 177 | rsa_meth_num++; | 245 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, |
| 178 | return(CRYPTO_get_ex_new_index(rsa_meth_num-1, | 246 | new_func, dup_func, free_func); |
| 179 | &rsa_meth,argl,argp,new_func,dup_func,free_func)); | ||
| 180 | } | 247 | } |
| 181 | 248 | ||
| 182 | int RSA_set_ex_data(r,idx,arg) | 249 | int RSA_set_ex_data(RSA *r, int idx, void *arg) |
| 183 | RSA *r; | ||
| 184 | int idx; | ||
| 185 | char *arg; | ||
| 186 | { | 250 | { |
| 187 | return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); | 251 | return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); |
| 188 | } | 252 | } |
| 189 | 253 | ||
| 190 | char *RSA_get_ex_data(r,idx) | 254 | void *RSA_get_ex_data(const RSA *r, int idx) |
| 191 | RSA *r; | ||
| 192 | int idx; | ||
| 193 | { | 255 | { |
| 194 | return(CRYPTO_get_ex_data(&r->ex_data,idx)); | 256 | return(CRYPTO_get_ex_data(&r->ex_data,idx)); |
| 195 | } | 257 | } |
| 196 | 258 | ||
| 197 | int RSA_size(r) | 259 | int RSA_size(const RSA *r) |
| 198 | RSA *r; | ||
| 199 | { | 260 | { |
| 200 | return(BN_num_bytes(r->n)); | 261 | return(BN_num_bytes(r->n)); |
| 201 | } | 262 | } |
| 202 | 263 | ||
| 203 | int RSA_public_encrypt(flen, from, to, rsa, padding) | 264 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, |
| 204 | int flen; | 265 | RSA *rsa, int padding) |
| 205 | unsigned char *from; | ||
| 206 | unsigned char *to; | ||
| 207 | RSA *rsa; | ||
| 208 | int padding; | ||
| 209 | { | 266 | { |
| 210 | return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); | 267 | return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); |
| 211 | } | 268 | } |
| 212 | 269 | ||
| 213 | int RSA_private_encrypt(flen, from, to, rsa, padding) | 270 | int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, |
| 214 | int flen; | 271 | RSA *rsa, int padding) |
| 215 | unsigned char *from; | ||
| 216 | unsigned char *to; | ||
| 217 | RSA *rsa; | ||
| 218 | int padding; | ||
| 219 | { | 272 | { |
| 220 | return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); | 273 | return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); |
| 221 | } | 274 | } |
| 222 | 275 | ||
| 223 | int RSA_private_decrypt(flen, from, to, rsa, padding) | 276 | int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, |
| 224 | int flen; | 277 | RSA *rsa, int padding) |
| 225 | unsigned char *from; | ||
| 226 | unsigned char *to; | ||
| 227 | RSA *rsa; | ||
| 228 | int padding; | ||
| 229 | { | 278 | { |
| 230 | return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); | 279 | return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); |
| 231 | } | 280 | } |
| 232 | 281 | ||
| 233 | int RSA_public_decrypt(flen, from, to, rsa, padding) | 282 | int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, |
| 234 | int flen; | 283 | RSA *rsa, int padding) |
| 235 | unsigned char *from; | ||
| 236 | unsigned char *to; | ||
| 237 | RSA *rsa; | ||
| 238 | int padding; | ||
| 239 | { | 284 | { |
| 240 | return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); | 285 | return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); |
| 241 | } | 286 | } |
| 242 | 287 | ||
| 243 | int RSA_flags(r) | 288 | int RSA_flags(const RSA *r) |
| 244 | RSA *r; | ||
| 245 | { | 289 | { |
| 246 | return((r == NULL)?0:r->meth->flags); | 290 | return((r == NULL)?0:r->meth->flags); |
| 247 | } | 291 | } |
| 248 | 292 | ||
| 249 | void RSA_blinding_off(rsa) | 293 | void RSA_blinding_off(RSA *rsa) |
| 250 | RSA *rsa; | ||
| 251 | { | 294 | { |
| 252 | if (rsa->blinding != NULL) | 295 | if (rsa->blinding != NULL) |
| 253 | { | 296 | { |
| @@ -257,9 +300,7 @@ RSA *rsa; | |||
| 257 | rsa->flags&= ~RSA_FLAG_BLINDING; | 300 | rsa->flags&= ~RSA_FLAG_BLINDING; |
| 258 | } | 301 | } |
| 259 | 302 | ||
| 260 | int RSA_blinding_on(rsa,p_ctx) | 303 | int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) |
| 261 | RSA *rsa; | ||
| 262 | BN_CTX *p_ctx; | ||
| 263 | { | 304 | { |
| 264 | BIGNUM *A,*Ai; | 305 | BIGNUM *A,*Ai; |
| 265 | BN_CTX *ctx; | 306 | BN_CTX *ctx; |
| @@ -275,20 +316,64 @@ BN_CTX *p_ctx; | |||
| 275 | if (rsa->blinding != NULL) | 316 | if (rsa->blinding != NULL) |
| 276 | BN_BLINDING_free(rsa->blinding); | 317 | BN_BLINDING_free(rsa->blinding); |
| 277 | 318 | ||
| 278 | A=ctx->bn[0]; | 319 | BN_CTX_start(ctx); |
| 279 | ctx->tos++; | 320 | A = BN_CTX_get(ctx); |
| 280 | if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; | 321 | if (!BN_rand_range(A,rsa->n)) goto err; |
| 281 | if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err; | 322 | if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; |
| 282 | 323 | ||
| 283 | if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx, | 324 | if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) |
| 284 | (char *)rsa->method_mod_n)) goto err; | 325 | goto err; |
| 285 | rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); | 326 | rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); |
| 286 | ctx->tos--; | ||
| 287 | rsa->flags|=RSA_FLAG_BLINDING; | 327 | rsa->flags|=RSA_FLAG_BLINDING; |
| 288 | BN_free(Ai); | 328 | BN_free(Ai); |
| 289 | ret=1; | 329 | ret=1; |
| 290 | err: | 330 | err: |
| 331 | BN_CTX_end(ctx); | ||
| 291 | if (ctx != p_ctx) BN_CTX_free(ctx); | 332 | if (ctx != p_ctx) BN_CTX_free(ctx); |
| 292 | return(ret); | 333 | return(ret); |
| 293 | } | 334 | } |
| 294 | 335 | ||
| 336 | int RSA_memory_lock(RSA *r) | ||
| 337 | { | ||
| 338 | int i,j,k,off; | ||
| 339 | char *p; | ||
| 340 | BIGNUM *bn,**t[6],*b; | ||
| 341 | BN_ULONG *ul; | ||
| 342 | |||
| 343 | if (r->d == NULL) return(1); | ||
| 344 | t[0]= &r->d; | ||
| 345 | t[1]= &r->p; | ||
| 346 | t[2]= &r->q; | ||
| 347 | t[3]= &r->dmp1; | ||
| 348 | t[4]= &r->dmq1; | ||
| 349 | t[5]= &r->iqmp; | ||
| 350 | k=sizeof(BIGNUM)*6; | ||
| 351 | off=k/sizeof(BN_ULONG)+1; | ||
| 352 | j=1; | ||
| 353 | for (i=0; i<6; i++) | ||
| 354 | j+= (*t[i])->top; | ||
| 355 | if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) | ||
| 356 | { | ||
| 357 | RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); | ||
| 358 | return(0); | ||
| 359 | } | ||
| 360 | bn=(BIGNUM *)p; | ||
| 361 | ul=(BN_ULONG *)&(p[off]); | ||
| 362 | for (i=0; i<6; i++) | ||
| 363 | { | ||
| 364 | b= *(t[i]); | ||
| 365 | *(t[i])= &(bn[i]); | ||
| 366 | memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); | ||
| 367 | bn[i].flags=BN_FLG_STATIC_DATA; | ||
| 368 | bn[i].d=ul; | ||
| 369 | memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); | ||
| 370 | ul+=b->top; | ||
| 371 | BN_clear_free(b); | ||
| 372 | } | ||
| 373 | |||
| 374 | /* I should fix this so it can still be done */ | ||
| 375 | r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); | ||
| 376 | |||
| 377 | r->bignum_data=p; | ||
| 378 | return(1); | ||
| 379 | } | ||
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c index f0dd943657..e6f3e627ca 100644 --- a/src/lib/libcrypto/rsa/rsa_none.c +++ b/src/lib/libcrypto/rsa/rsa_none.c | |||
| @@ -58,52 +58,41 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 63 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | int RSA_padding_add_none(to,tlen,from,flen) | 65 | int RSA_padding_add_none(unsigned char *to, int tlen, |
| 66 | unsigned char *to; | 66 | const unsigned char *from, int flen) |
| 67 | int tlen; | ||
| 68 | unsigned char *from; | ||
| 69 | int flen; | ||
| 70 | { | 67 | { |
| 71 | if (flen >= tlen) | 68 | if (flen > tlen) |
| 72 | { | 69 | { |
| 73 | RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | 70 | RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); |
| 74 | return(0); | 71 | return(0); |
| 75 | } | 72 | } |
| 73 | |||
| 74 | if (flen < tlen) | ||
| 75 | { | ||
| 76 | RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); | ||
| 77 | return(0); | ||
| 78 | } | ||
| 76 | 79 | ||
| 77 | *(to++)=0; | ||
| 78 | memcpy(to,from,(unsigned int)flen); | 80 | memcpy(to,from,(unsigned int)flen); |
| 79 | return(1); | 81 | return(1); |
| 80 | } | 82 | } |
| 81 | 83 | ||
| 82 | int RSA_padding_check_none(to,tlen,from,flen) | 84 | int RSA_padding_check_none(unsigned char *to, int tlen, |
| 83 | unsigned char *to; | 85 | const unsigned char *from, int flen, int num) |
| 84 | int tlen; | ||
| 85 | unsigned char *from; | ||
| 86 | int flen; | ||
| 87 | { | 86 | { |
| 88 | int j; | ||
| 89 | 87 | ||
| 90 | from++; | 88 | if (flen > tlen) |
| 91 | if (flen+1 > tlen) | ||
| 92 | { | 89 | { |
| 93 | RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); | 90 | RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); |
| 94 | return(-1); | 91 | return(-1); |
| 95 | } | 92 | } |
| 96 | if (*(from++) != 0) | ||
| 97 | { | ||
| 98 | RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE); | ||
| 99 | return(-1); | ||
| 100 | } | ||
| 101 | 93 | ||
| 102 | /* scan over padding data */ | 94 | memset(to,0,tlen-flen); |
| 103 | j=flen-1; /* one for type and one for the prepended 0. */ | 95 | memcpy(to+tlen-flen,from,flen); |
| 104 | memset(to,0,tlen-j); | 96 | return(tlen); |
| 105 | to+=(tlen-j); | ||
| 106 | memcpy(to,from,j); | ||
| 107 | return(j); | ||
| 108 | } | 97 | } |
| 109 | 98 | ||
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c index 843c40c864..e3f7c608ec 100644 --- a/src/lib/libcrypto/rsa/rsa_oaep.c +++ b/src/lib/libcrypto/rsa/rsa_oaep.c | |||
| @@ -2,161 +2,205 @@ | |||
| 2 | /* Written by Ulf Moeller. This software is distributed on an "AS IS" | 2 | /* Written by Ulf Moeller. This software is distributed on an "AS IS" |
| 3 | basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ | 3 | basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ |
| 4 | 4 | ||
| 5 | /* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ | 5 | /* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ |
| 6 | 6 | ||
| 7 | #if !defined(NO_SHA) && !defined(NO_SHA1) | 7 | /* See Victor Shoup, "OAEP reconsidered," Nov. 2000, |
| 8 | * <URL: http://www.shoup.net/papers/oaep.ps.Z> | ||
| 9 | * for problems with the security proof for the | ||
| 10 | * original OAEP scheme, which EME-OAEP is based on. | ||
| 11 | * | ||
| 12 | * A new proof can be found in E. Fujisaki, T. Okamoto, | ||
| 13 | * D. Pointcheval, J. Stern, "RSA-OEAP is Still Alive!", | ||
| 14 | * Dec. 2000, <URL: http://eprint.iacr.org/2000/061/>. | ||
| 15 | * The new proof has stronger requirements for the | ||
| 16 | * underlying permutation: "partial-one-wayness" instead | ||
| 17 | * of one-wayness. For the RSA function, this is | ||
| 18 | * an equivalent notion. | ||
| 19 | */ | ||
| 20 | |||
| 21 | |||
| 22 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1) | ||
| 8 | #include <stdio.h> | 23 | #include <stdio.h> |
| 9 | #include "cryptlib.h" | 24 | #include "cryptlib.h" |
| 10 | #include <openssl/bn.h> | 25 | #include <openssl/bn.h> |
| 11 | #include <openssl/rsa.h> | 26 | #include <openssl/rsa.h> |
| 12 | #include <openssl/sha.h> | 27 | #include <openssl/evp.h> |
| 13 | #include <openssl/rand.h> | 28 | #include <openssl/rand.h> |
| 29 | #include <openssl/sha.h> | ||
| 14 | 30 | ||
| 15 | int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen); | 31 | int MGF1(unsigned char *mask, long len, |
| 32 | const unsigned char *seed, long seedlen); | ||
| 16 | 33 | ||
| 17 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, | 34 | int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, |
| 18 | unsigned char *from, int flen, unsigned char *param, int plen) | 35 | const unsigned char *from, int flen, |
| 19 | { | 36 | const unsigned char *param, int plen) |
| 20 | int i, emlen = tlen - 1; | ||
| 21 | unsigned char *db, *seed; | ||
| 22 | unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; | ||
| 23 | |||
| 24 | if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) | ||
| 25 | { | 37 | { |
| 26 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, | 38 | int i, emlen = tlen - 1; |
| 27 | RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); | 39 | unsigned char *db, *seed; |
| 28 | return (0); | 40 | unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; |
| 29 | } | ||
| 30 | 41 | ||
| 31 | if (emlen < 2 * SHA_DIGEST_LENGTH + 1) | 42 | if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) |
| 32 | { | 43 | { |
| 33 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); | 44 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, |
| 34 | return (0); | 45 | RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); |
| 35 | } | 46 | return 0; |
| 36 | 47 | } | |
| 37 | dbmask = Malloc(emlen - SHA_DIGEST_LENGTH); | 48 | |
| 38 | if (dbmask == NULL) | 49 | if (emlen < 2 * SHA_DIGEST_LENGTH + 1) |
| 39 | { | 50 | { |
| 40 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | 51 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); |
| 41 | return (0); | 52 | return 0; |
| 42 | } | 53 | } |
| 43 | 54 | ||
| 44 | to[0] = 0; | 55 | dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH); |
| 45 | seed = to + 1; | 56 | if (dbmask == NULL) |
| 46 | db = to + SHA_DIGEST_LENGTH + 1; | 57 | { |
| 58 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | ||
| 59 | return 0; | ||
| 60 | } | ||
| 47 | 61 | ||
| 48 | SHA1(param, plen, db); | 62 | to[0] = 0; |
| 49 | memset(db + SHA_DIGEST_LENGTH, 0, | 63 | seed = to + 1; |
| 50 | emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); | 64 | db = to + SHA_DIGEST_LENGTH + 1; |
| 51 | db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; | 65 | |
| 52 | memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); | 66 | EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); |
| 53 | RAND_bytes(seed, SHA_DIGEST_LENGTH); | 67 | memset(db + SHA_DIGEST_LENGTH, 0, |
| 68 | emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); | ||
| 69 | db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; | ||
| 70 | memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); | ||
| 71 | if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0) | ||
| 72 | return 0; | ||
| 54 | #ifdef PKCS_TESTVECT | 73 | #ifdef PKCS_TESTVECT |
| 55 | memcpy(seed, | 74 | memcpy(seed, |
| 56 | "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", | 75 | "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", |
| 57 | 20); | 76 | 20); |
| 58 | #endif | 77 | #endif |
| 59 | 78 | ||
| 60 | MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); | 79 | MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); |
| 61 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) | 80 | for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) |
| 62 | db[i] ^= dbmask[i]; | 81 | db[i] ^= dbmask[i]; |
| 63 | 82 | ||
| 64 | MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); | 83 | MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); |
| 65 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) | 84 | for (i = 0; i < SHA_DIGEST_LENGTH; i++) |
| 66 | seed[i] ^= seedmask[i]; | 85 | seed[i] ^= seedmask[i]; |
| 67 | 86 | ||
| 68 | Free(dbmask); | 87 | OPENSSL_free(dbmask); |
| 69 | return (1); | 88 | return 1; |
| 70 | } | 89 | } |
| 71 | 90 | ||
| 72 | int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, | 91 | int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, |
| 73 | unsigned char *from, int flen, int num, unsigned char *param, | 92 | const unsigned char *from, int flen, int num, |
| 74 | int plen) | 93 | const unsigned char *param, int plen) |
| 75 | { | ||
| 76 | int i, dblen, mlen = -1; | ||
| 77 | unsigned char *maskeddb; | ||
| 78 | int lzero; | ||
| 79 | unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; | ||
| 80 | |||
| 81 | if (--num < 2 * SHA_DIGEST_LENGTH + 1) | ||
| 82 | { | 94 | { |
| 83 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); | 95 | int i, dblen, mlen = -1; |
| 84 | return (-1); | 96 | const unsigned char *maskeddb; |
| 85 | } | 97 | int lzero; |
| 98 | unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; | ||
| 99 | int bad = 0; | ||
| 100 | |||
| 101 | if (--num < 2 * SHA_DIGEST_LENGTH + 1) | ||
| 102 | /* 'num' is the length of the modulus, i.e. does not depend on the | ||
| 103 | * particular ciphertext. */ | ||
| 104 | goto decoding_err; | ||
| 105 | |||
| 106 | lzero = num - flen; | ||
| 107 | if (lzero < 0) | ||
| 108 | { | ||
| 109 | /* lzero == -1 */ | ||
| 110 | |||
| 111 | /* signalling this error immediately after detection might allow | ||
| 112 | * for side-channel attacks (e.g. timing if 'plen' is huge | ||
| 113 | * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal | ||
| 114 | * Asymmetric Encryption Padding (OAEP) [...]", CRYPTO 2001), | ||
| 115 | * so we use a 'bad' flag */ | ||
| 116 | bad = 1; | ||
| 117 | lzero = 0; | ||
| 118 | } | ||
| 119 | maskeddb = from - lzero + SHA_DIGEST_LENGTH; | ||
| 86 | 120 | ||
| 87 | dblen = num - SHA_DIGEST_LENGTH; | 121 | dblen = num - SHA_DIGEST_LENGTH; |
| 88 | db = Malloc(dblen); | 122 | db = OPENSSL_malloc(dblen); |
| 89 | if (db == NULL) | 123 | if (db == NULL) |
| 90 | { | 124 | { |
| 91 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); | 125 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); |
| 92 | return (-1); | 126 | return -1; |
| 93 | } | 127 | } |
| 94 | 128 | ||
| 95 | lzero = num - flen; | 129 | MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); |
| 96 | maskeddb = from - lzero + SHA_DIGEST_LENGTH; | 130 | for (i = lzero; i < SHA_DIGEST_LENGTH; i++) |
| 97 | 131 | seed[i] ^= from[i - lzero]; | |
| 98 | MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); | ||
| 99 | for (i = lzero; i < SHA_DIGEST_LENGTH; i++) | ||
| 100 | seed[i] ^= from[i - lzero]; | ||
| 101 | 132 | ||
| 102 | MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); | 133 | MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); |
| 103 | for (i = 0; i < dblen; i++) | 134 | for (i = 0; i < dblen; i++) |
| 104 | db[i] ^= maskeddb[i]; | 135 | db[i] ^= maskeddb[i]; |
| 105 | 136 | ||
| 106 | SHA1(param, plen, phash); | 137 | EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); |
| 107 | 138 | ||
| 108 | if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) | 139 | if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) |
| 109 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); | 140 | goto decoding_err; |
| 110 | else | ||
| 111 | { | ||
| 112 | for (i = SHA_DIGEST_LENGTH; i < dblen; i++) | ||
| 113 | if (db[i] != 0x00) | ||
| 114 | break; | ||
| 115 | if (db[i] != 0x01 || i++ >= dblen) | ||
| 116 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, | ||
| 117 | RSA_R_OAEP_DECODING_ERROR); | ||
| 118 | else | 141 | else |
| 119 | { | ||
| 120 | mlen = dblen - i; | ||
| 121 | if (tlen < mlen) | ||
| 122 | { | 142 | { |
| 123 | RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); | 143 | for (i = SHA_DIGEST_LENGTH; i < dblen; i++) |
| 124 | mlen = -1; | 144 | if (db[i] != 0x00) |
| 145 | break; | ||
| 146 | if (db[i] != 0x01 || i++ >= dblen) | ||
| 147 | goto decoding_err; | ||
| 148 | else | ||
| 149 | { | ||
| 150 | /* everything looks OK */ | ||
| 151 | |||
| 152 | mlen = dblen - i; | ||
| 153 | if (tlen < mlen) | ||
| 154 | { | ||
| 155 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); | ||
| 156 | mlen = -1; | ||
| 157 | } | ||
| 158 | else | ||
| 159 | memcpy(to, db + i, mlen); | ||
| 160 | } | ||
| 125 | } | 161 | } |
| 126 | else | 162 | OPENSSL_free(db); |
| 127 | memcpy(to, db + i, mlen); | 163 | return mlen; |
| 128 | } | 164 | |
| 165 | decoding_err: | ||
| 166 | /* to avoid chosen ciphertext attacks, the error message should not reveal | ||
| 167 | * which kind of decoding error happened */ | ||
| 168 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); | ||
| 169 | if (db != NULL) OPENSSL_free(db); | ||
| 170 | return -1; | ||
| 129 | } | 171 | } |
| 130 | Free(db); | 172 | |
| 131 | return (mlen); | 173 | int MGF1(unsigned char *mask, long len, |
| 132 | } | 174 | const unsigned char *seed, long seedlen) |
| 133 | |||
| 134 | int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) | ||
| 135 | { | ||
| 136 | long i, outlen = 0; | ||
| 137 | unsigned char cnt[4]; | ||
| 138 | SHA_CTX c; | ||
| 139 | unsigned char md[SHA_DIGEST_LENGTH]; | ||
| 140 | |||
| 141 | for (i = 0; outlen < len; i++) | ||
| 142 | { | 175 | { |
| 143 | cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, | 176 | long i, outlen = 0; |
| 144 | cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; | 177 | unsigned char cnt[4]; |
| 145 | SHA1_Init(&c); | 178 | EVP_MD_CTX c; |
| 146 | SHA1_Update(&c, seed, seedlen); | 179 | unsigned char md[SHA_DIGEST_LENGTH]; |
| 147 | SHA1_Update(&c, cnt, 4); | 180 | |
| 148 | if (outlen + SHA_DIGEST_LENGTH <= len) | 181 | EVP_MD_CTX_init(&c); |
| 149 | { | 182 | for (i = 0; outlen < len; i++) |
| 150 | SHA1_Final(mask + outlen, &c); | 183 | { |
| 151 | outlen += SHA_DIGEST_LENGTH; | 184 | cnt[0] = (unsigned char)((i >> 24) & 255); |
| 152 | } | 185 | cnt[1] = (unsigned char)((i >> 16) & 255); |
| 153 | else | 186 | cnt[2] = (unsigned char)((i >> 8)) & 255; |
| 154 | { | 187 | cnt[3] = (unsigned char)(i & 255); |
| 155 | SHA1_Final(md, &c); | 188 | EVP_DigestInit_ex(&c,EVP_sha1(), NULL); |
| 156 | memcpy(mask + outlen, md, len - outlen); | 189 | EVP_DigestUpdate(&c, seed, seedlen); |
| 157 | outlen = len; | 190 | EVP_DigestUpdate(&c, cnt, 4); |
| 158 | } | 191 | if (outlen + SHA_DIGEST_LENGTH <= len) |
| 192 | { | ||
| 193 | EVP_DigestFinal_ex(&c, mask + outlen, NULL); | ||
| 194 | outlen += SHA_DIGEST_LENGTH; | ||
| 195 | } | ||
| 196 | else | ||
| 197 | { | ||
| 198 | EVP_DigestFinal_ex(&c, md, NULL); | ||
| 199 | memcpy(mask + outlen, md, len - outlen); | ||
| 200 | outlen = len; | ||
| 201 | } | ||
| 202 | } | ||
| 203 | EVP_MD_CTX_cleanup(&c); | ||
| 204 | return 0; | ||
| 159 | } | 205 | } |
| 160 | return (0); | ||
| 161 | } | ||
| 162 | #endif | 206 | #endif |
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c index 2791291b94..c1edd6764f 100644 --- a/src/lib/libcrypto/rsa/rsa_pk1.c +++ b/src/lib/libcrypto/rsa/rsa_pk1.c | |||
| @@ -58,27 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 63 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | |||
| 65 | #ifndef NOPROTO | ||
| 66 | int RSA_padding_add_PKCS1_type_1(); | ||
| 67 | int RSA_padding_check_PKCS1_type_1(); | ||
| 68 | int RSA_padding_add_PKCS1_type_2(); | ||
| 69 | int RSA_padding_check_PKCS1_type_2(); | ||
| 70 | int RSA_padding_add_SSLv23(); | ||
| 71 | int RSA_padding_check_SSLv23(); | ||
| 72 | int RSA_padding_add_none(); | ||
| 73 | int RSA_padding_check_none(); | ||
| 74 | 64 | ||
| 75 | #endif | 65 | int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, |
| 76 | 66 | const unsigned char *from, int flen) | |
| 77 | int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen) | ||
| 78 | unsigned char *to; | ||
| 79 | int tlen; | ||
| 80 | unsigned char *from; | ||
| 81 | int flen; | ||
| 82 | { | 67 | { |
| 83 | int j; | 68 | int j; |
| 84 | unsigned char *p; | 69 | unsigned char *p; |
| @@ -94,7 +79,7 @@ int flen; | |||
| 94 | *(p++)=0; | 79 | *(p++)=0; |
| 95 | *(p++)=1; /* Private Key BT (Block Type) */ | 80 | *(p++)=1; /* Private Key BT (Block Type) */ |
| 96 | 81 | ||
| 97 | /* padd out with 0xff data */ | 82 | /* pad out with 0xff data */ |
| 98 | j=tlen-3-flen; | 83 | j=tlen-3-flen; |
| 99 | memset(p,0xff,j); | 84 | memset(p,0xff,j); |
| 100 | p+=j; | 85 | p+=j; |
| @@ -103,17 +88,14 @@ int flen; | |||
| 103 | return(1); | 88 | return(1); |
| 104 | } | 89 | } |
| 105 | 90 | ||
| 106 | int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen) | 91 | int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, |
| 107 | unsigned char *to; | 92 | const unsigned char *from, int flen, int num) |
| 108 | int tlen; | ||
| 109 | unsigned char *from; | ||
| 110 | int flen; | ||
| 111 | { | 93 | { |
| 112 | int i,j; | 94 | int i,j; |
| 113 | unsigned char *p; | 95 | const unsigned char *p; |
| 114 | 96 | ||
| 115 | p=from; | 97 | p=from; |
| 116 | if (*(p++) != 01) | 98 | if ((num != (flen+1)) || (*(p++) != 01)) |
| 117 | { | 99 | { |
| 118 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); | 100 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); |
| 119 | return(-1); | 101 | return(-1); |
| @@ -148,16 +130,18 @@ int flen; | |||
| 148 | } | 130 | } |
| 149 | i++; /* Skip over the '\0' */ | 131 | i++; /* Skip over the '\0' */ |
| 150 | j-=i; | 132 | j-=i; |
| 133 | if (j > tlen) | ||
| 134 | { | ||
| 135 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE); | ||
| 136 | return(-1); | ||
| 137 | } | ||
| 151 | memcpy(to,p,(unsigned int)j); | 138 | memcpy(to,p,(unsigned int)j); |
| 152 | 139 | ||
| 153 | return(j); | 140 | return(j); |
| 154 | } | 141 | } |
| 155 | 142 | ||
| 156 | int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen) | 143 | int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, |
| 157 | unsigned char *to; | 144 | const unsigned char *from, int flen) |
| 158 | int tlen; | ||
| 159 | unsigned char *from; | ||
| 160 | int flen; | ||
| 161 | { | 145 | { |
| 162 | int i,j; | 146 | int i,j; |
| 163 | unsigned char *p; | 147 | unsigned char *p; |
| @@ -176,12 +160,14 @@ int flen; | |||
| 176 | /* pad out with non-zero random data */ | 160 | /* pad out with non-zero random data */ |
| 177 | j=tlen-3-flen; | 161 | j=tlen-3-flen; |
| 178 | 162 | ||
| 179 | RAND_bytes(p,j); | 163 | if (RAND_bytes(p,j) <= 0) |
| 164 | return(0); | ||
| 180 | for (i=0; i<j; i++) | 165 | for (i=0; i<j; i++) |
| 181 | { | 166 | { |
| 182 | if (*p == '\0') | 167 | if (*p == '\0') |
| 183 | do { | 168 | do { |
| 184 | RAND_bytes(p,1); | 169 | if (RAND_bytes(p,1) <= 0) |
| 170 | return(0); | ||
| 185 | } while (*p == '\0'); | 171 | } while (*p == '\0'); |
| 186 | p++; | 172 | p++; |
| 187 | } | 173 | } |
| @@ -192,21 +178,21 @@ int flen; | |||
| 192 | return(1); | 178 | return(1); |
| 193 | } | 179 | } |
| 194 | 180 | ||
| 195 | int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen) | 181 | int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, |
| 196 | unsigned char *to; | 182 | const unsigned char *from, int flen, int num) |
| 197 | int tlen; | ||
| 198 | unsigned char *from; | ||
| 199 | int flen; | ||
| 200 | { | 183 | { |
| 201 | int i,j; | 184 | int i,j; |
| 202 | unsigned char *p; | 185 | const unsigned char *p; |
| 203 | 186 | ||
| 204 | p=from; | 187 | p=from; |
| 205 | if (*(p++) != 02) | 188 | if ((num != (flen+1)) || (*(p++) != 02)) |
| 206 | { | 189 | { |
| 207 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); | 190 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); |
| 208 | return(-1); | 191 | return(-1); |
| 209 | } | 192 | } |
| 193 | #ifdef PKCS1_CHECK | ||
| 194 | return(num-11); | ||
| 195 | #endif | ||
| 210 | 196 | ||
| 211 | /* scan over padding data */ | 197 | /* scan over padding data */ |
| 212 | j=flen-1; /* one for type. */ | 198 | j=flen-1; /* one for type. */ |
| @@ -226,6 +212,11 @@ int flen; | |||
| 226 | } | 212 | } |
| 227 | i++; /* Skip over the '\0' */ | 213 | i++; /* Skip over the '\0' */ |
| 228 | j-=i; | 214 | j-=i; |
| 215 | if (j > tlen) | ||
| 216 | { | ||
| 217 | RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE); | ||
| 218 | return(-1); | ||
| 219 | } | ||
| 229 | memcpy(to,p,(unsigned int)j); | 220 | memcpy(to,p,(unsigned int)j); |
| 230 | 221 | ||
| 231 | return(j); | 222 | return(j); |
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c index fb0fae5a43..85adacc08f 100644 --- a/src/lib/libcrypto/rsa/rsa_saos.c +++ b/src/lib/libcrypto/rsa/rsa_saos.c | |||
| @@ -58,18 +58,14 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | 65 | ||
| 66 | int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa) | 66 | int RSA_sign_ASN1_OCTET_STRING(int type, |
| 67 | int type; | 67 | const unsigned char *m, unsigned int m_len, |
| 68 | unsigned char *m; | 68 | unsigned char *sigret, unsigned int *siglen, RSA *rsa) |
| 69 | unsigned int m_len; | ||
| 70 | unsigned char *sigret; | ||
| 71 | unsigned int *siglen; | ||
| 72 | RSA *rsa; | ||
| 73 | { | 69 | { |
| 74 | ASN1_OCTET_STRING sig; | 70 | ASN1_OCTET_STRING sig; |
| 75 | int i,j,ret=1; | 71 | int i,j,ret=1; |
| @@ -77,7 +73,7 @@ RSA *rsa; | |||
| 77 | 73 | ||
| 78 | sig.type=V_ASN1_OCTET_STRING; | 74 | sig.type=V_ASN1_OCTET_STRING; |
| 79 | sig.length=m_len; | 75 | sig.length=m_len; |
| 80 | sig.data=m; | 76 | sig.data=(unsigned char *)m; |
| 81 | 77 | ||
| 82 | i=i2d_ASN1_OCTET_STRING(&sig,NULL); | 78 | i=i2d_ASN1_OCTET_STRING(&sig,NULL); |
| 83 | j=RSA_size(rsa); | 79 | j=RSA_size(rsa); |
| @@ -86,7 +82,7 @@ RSA *rsa; | |||
| 86 | RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); | 82 | RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); |
| 87 | return(0); | 83 | return(0); |
| 88 | } | 84 | } |
| 89 | s=(unsigned char *)Malloc((unsigned int)j+1); | 85 | s=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); |
| 90 | if (s == NULL) | 86 | if (s == NULL) |
| 91 | { | 87 | { |
| 92 | RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); | 88 | RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); |
| @@ -101,17 +97,14 @@ RSA *rsa; | |||
| 101 | *siglen=i; | 97 | *siglen=i; |
| 102 | 98 | ||
| 103 | memset(s,0,(unsigned int)j+1); | 99 | memset(s,0,(unsigned int)j+1); |
| 104 | Free(s); | 100 | OPENSSL_free(s); |
| 105 | return(ret); | 101 | return(ret); |
| 106 | } | 102 | } |
| 107 | 103 | ||
| 108 | int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa) | 104 | int RSA_verify_ASN1_OCTET_STRING(int dtype, |
| 109 | int dtype; | 105 | const unsigned char *m, |
| 110 | unsigned char *m; | 106 | unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, |
| 111 | unsigned int m_len; | 107 | RSA *rsa) |
| 112 | unsigned char *sigbuf; | ||
| 113 | unsigned int siglen; | ||
| 114 | RSA *rsa; | ||
| 115 | { | 108 | { |
| 116 | int i,ret=0; | 109 | int i,ret=0; |
| 117 | unsigned char *p,*s; | 110 | unsigned char *p,*s; |
| @@ -123,7 +116,7 @@ RSA *rsa; | |||
| 123 | return(0); | 116 | return(0); |
| 124 | } | 117 | } |
| 125 | 118 | ||
| 126 | s=(unsigned char *)Malloc((unsigned int)siglen); | 119 | s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); |
| 127 | if (s == NULL) | 120 | if (s == NULL) |
| 128 | { | 121 | { |
| 129 | RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); | 122 | RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); |
| @@ -145,9 +138,9 @@ RSA *rsa; | |||
| 145 | else | 138 | else |
| 146 | ret=1; | 139 | ret=1; |
| 147 | err: | 140 | err: |
| 148 | if (sig != NULL) ASN1_OCTET_STRING_free(sig); | 141 | if (sig != NULL) M_ASN1_OCTET_STRING_free(sig); |
| 149 | memset(s,0,(unsigned int)siglen); | 142 | memset(s,0,(unsigned int)siglen); |
| 150 | Free(s); | 143 | OPENSSL_free(s); |
| 151 | return(ret); | 144 | return(ret); |
| 152 | } | 145 | } |
| 153 | 146 | ||
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 28c5571e74..2a440901de 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c | |||
| @@ -58,79 +58,92 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | 65 | #include <openssl/engine.h> | |
| 66 | int RSA_sign(type,m,m_len,sigret,siglen,rsa) | 66 | |
| 67 | int type; | 67 | /* Size of an SSL signature: MD5+SHA1 */ |
| 68 | unsigned char *m; | 68 | #define SSL_SIG_LENGTH 36 |
| 69 | unsigned int m_len; | 69 | |
| 70 | unsigned char *sigret; | 70 | int RSA_sign(int type, const unsigned char *m, unsigned int m_len, |
| 71 | unsigned int *siglen; | 71 | unsigned char *sigret, unsigned int *siglen, RSA *rsa) |
| 72 | RSA *rsa; | ||
| 73 | { | 72 | { |
| 74 | X509_SIG sig; | 73 | X509_SIG sig; |
| 75 | ASN1_TYPE parameter; | 74 | ASN1_TYPE parameter; |
| 76 | int i,j,ret=1; | 75 | int i,j,ret=1; |
| 77 | unsigned char *p,*s; | 76 | unsigned char *p, *tmps = NULL; |
| 77 | const unsigned char *s = NULL; | ||
| 78 | X509_ALGOR algor; | 78 | X509_ALGOR algor; |
| 79 | ASN1_OCTET_STRING digest; | 79 | ASN1_OCTET_STRING digest; |
| 80 | 80 | if((rsa->flags & RSA_FLAG_SIGN_VER) | |
| 81 | sig.algor= &algor; | 81 | && ENGINE_get_RSA(rsa->engine)->rsa_sign) |
| 82 | sig.algor->algorithm=OBJ_nid2obj(type); | 82 | return ENGINE_get_RSA(rsa->engine)->rsa_sign(type, |
| 83 | if (sig.algor->algorithm == NULL) | 83 | m, m_len, sigret, siglen, rsa); |
| 84 | { | 84 | /* Special case: SSL signature, just check the length */ |
| 85 | RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); | 85 | if(type == NID_md5_sha1) { |
| 86 | return(0); | 86 | if(m_len != SSL_SIG_LENGTH) { |
| 87 | } | 87 | RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); |
| 88 | if (sig.algor->algorithm->length == 0) | 88 | return(0); |
| 89 | { | ||
| 90 | RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); | ||
| 91 | return(0); | ||
| 92 | } | 89 | } |
| 93 | parameter.type=V_ASN1_NULL; | 90 | i = SSL_SIG_LENGTH; |
| 94 | parameter.value.ptr=NULL; | 91 | s = m; |
| 95 | sig.algor->parameter= ¶meter; | 92 | } else { |
| 93 | sig.algor= &algor; | ||
| 94 | sig.algor->algorithm=OBJ_nid2obj(type); | ||
| 95 | if (sig.algor->algorithm == NULL) | ||
| 96 | { | ||
| 97 | RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); | ||
| 98 | return(0); | ||
| 99 | } | ||
| 100 | if (sig.algor->algorithm->length == 0) | ||
| 101 | { | ||
| 102 | RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); | ||
| 103 | return(0); | ||
| 104 | } | ||
| 105 | parameter.type=V_ASN1_NULL; | ||
| 106 | parameter.value.ptr=NULL; | ||
| 107 | sig.algor->parameter= ¶meter; | ||
| 96 | 108 | ||
| 97 | sig.digest= &digest; | 109 | sig.digest= &digest; |
| 98 | sig.digest->data=m; | 110 | sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ |
| 99 | sig.digest->length=m_len; | 111 | sig.digest->length=m_len; |
| 100 | 112 | ||
| 101 | i=i2d_X509_SIG(&sig,NULL); | 113 | i=i2d_X509_SIG(&sig,NULL); |
| 114 | } | ||
| 102 | j=RSA_size(rsa); | 115 | j=RSA_size(rsa); |
| 103 | if ((i-RSA_PKCS1_PADDING) > j) | 116 | if ((i-RSA_PKCS1_PADDING) > j) |
| 104 | { | 117 | { |
| 105 | RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); | 118 | RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); |
| 106 | return(0); | 119 | return(0); |
| 107 | } | 120 | } |
| 108 | s=(unsigned char *)Malloc((unsigned int)j+1); | 121 | if(type != NID_md5_sha1) { |
| 109 | if (s == NULL) | 122 | tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); |
| 110 | { | 123 | if (tmps == NULL) |
| 111 | RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); | 124 | { |
| 112 | return(0); | 125 | RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); |
| 113 | } | 126 | return(0); |
| 114 | p=s; | 127 | } |
| 115 | i2d_X509_SIG(&sig,&p); | 128 | p=tmps; |
| 129 | i2d_X509_SIG(&sig,&p); | ||
| 130 | s=tmps; | ||
| 131 | } | ||
| 116 | i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); | 132 | i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); |
| 117 | if (i <= 0) | 133 | if (i <= 0) |
| 118 | ret=0; | 134 | ret=0; |
| 119 | else | 135 | else |
| 120 | *siglen=i; | 136 | *siglen=i; |
| 121 | 137 | ||
| 122 | memset(s,0,(unsigned int)j+1); | 138 | if(type != NID_md5_sha1) { |
| 123 | Free(s); | 139 | memset(tmps,0,(unsigned int)j+1); |
| 140 | OPENSSL_free(tmps); | ||
| 141 | } | ||
| 124 | return(ret); | 142 | return(ret); |
| 125 | } | 143 | } |
| 126 | 144 | ||
| 127 | int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa) | 145 | int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, |
| 128 | int dtype; | 146 | unsigned char *sigbuf, unsigned int siglen, RSA *rsa) |
| 129 | unsigned char *m; | ||
| 130 | unsigned int m_len; | ||
| 131 | unsigned char *sigbuf; | ||
| 132 | unsigned int siglen; | ||
| 133 | RSA *rsa; | ||
| 134 | { | 147 | { |
| 135 | int i,ret=0,sigtype; | 148 | int i,ret=0,sigtype; |
| 136 | unsigned char *p,*s; | 149 | unsigned char *p,*s; |
| @@ -142,55 +155,74 @@ RSA *rsa; | |||
| 142 | return(0); | 155 | return(0); |
| 143 | } | 156 | } |
| 144 | 157 | ||
| 145 | s=(unsigned char *)Malloc((unsigned int)siglen); | 158 | if((rsa->flags & RSA_FLAG_SIGN_VER) |
| 159 | && ENGINE_get_RSA(rsa->engine)->rsa_verify) | ||
| 160 | return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype, | ||
| 161 | m, m_len, sigbuf, siglen, rsa); | ||
| 162 | |||
| 163 | s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); | ||
| 146 | if (s == NULL) | 164 | if (s == NULL) |
| 147 | { | 165 | { |
| 148 | RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); | 166 | RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); |
| 149 | goto err; | 167 | goto err; |
| 150 | } | 168 | } |
| 169 | if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { | ||
| 170 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); | ||
| 171 | return(0); | ||
| 172 | } | ||
| 151 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); | 173 | i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); |
| 152 | 174 | ||
| 153 | if (i <= 0) goto err; | 175 | if (i <= 0) goto err; |
| 154 | 176 | ||
| 155 | p=s; | 177 | /* Special case: SSL signature */ |
| 156 | sig=d2i_X509_SIG(NULL,&p,(long)i); | 178 | if(dtype == NID_md5_sha1) { |
| 157 | if (sig == NULL) goto err; | 179 | if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) |
| 158 | sigtype=OBJ_obj2nid(sig->algor->algorithm); | 180 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 181 | else ret = 1; | ||
| 182 | } else { | ||
| 183 | p=s; | ||
| 184 | sig=d2i_X509_SIG(NULL,&p,(long)i); | ||
| 159 | 185 | ||
| 160 | #ifdef RSA_DEBUG | 186 | if (sig == NULL) goto err; |
| 161 | /* put a backward compatability flag in EAY */ | 187 | sigtype=OBJ_obj2nid(sig->algor->algorithm); |
| 162 | fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), | 188 | |
| 163 | OBJ_nid2ln(dtype)); | 189 | |
| 164 | #endif | 190 | #ifdef RSA_DEBUG |
| 165 | if (sigtype != dtype) | 191 | /* put a backward compatibility flag in EAY */ |
| 166 | { | 192 | fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), |
| 167 | if (((dtype == NID_md5) && | 193 | OBJ_nid2ln(dtype)); |
| 168 | (sigtype == NID_md5WithRSAEncryption)) || | 194 | #endif |
| 169 | ((dtype == NID_md2) && | 195 | if (sigtype != dtype) |
| 170 | (sigtype == NID_md2WithRSAEncryption))) | ||
| 171 | { | 196 | { |
| 172 | /* ok, we will let it through */ | 197 | if (((dtype == NID_md5) && |
| 173 | #if !defined(NO_STDIO) && !defined(WIN16) | 198 | (sigtype == NID_md5WithRSAEncryption)) || |
| 174 | fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); | 199 | ((dtype == NID_md2) && |
| 200 | (sigtype == NID_md2WithRSAEncryption))) | ||
| 201 | { | ||
| 202 | /* ok, we will let it through */ | ||
| 203 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) | ||
| 204 | fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); | ||
| 175 | #endif | 205 | #endif |
| 206 | } | ||
| 207 | else | ||
| 208 | { | ||
| 209 | RSAerr(RSA_F_RSA_VERIFY, | ||
| 210 | RSA_R_ALGORITHM_MISMATCH); | ||
| 211 | goto err; | ||
| 212 | } | ||
| 176 | } | 213 | } |
| 177 | else | 214 | if ( ((unsigned int)sig->digest->length != m_len) || |
| 215 | (memcmp(m,sig->digest->data,m_len) != 0)) | ||
| 178 | { | 216 | { |
| 179 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH); | 217 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); |
| 180 | goto err; | ||
| 181 | } | 218 | } |
| 182 | } | 219 | else |
| 183 | if ( ((unsigned int)sig->digest->length != m_len) || | 220 | ret=1; |
| 184 | (memcmp(m,sig->digest->data,m_len) != 0)) | 221 | } |
| 185 | { | ||
| 186 | RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); | ||
| 187 | } | ||
| 188 | else | ||
| 189 | ret=1; | ||
| 190 | err: | 222 | err: |
| 191 | if (sig != NULL) X509_SIG_free(sig); | 223 | if (sig != NULL) X509_SIG_free(sig); |
| 192 | memset(s,0,(unsigned int)siglen); | 224 | memset(s,0,(unsigned int)siglen); |
| 193 | Free(s); | 225 | OPENSSL_free(s); |
| 194 | return(ret); | 226 | return(ret); |
| 195 | } | 227 | } |
| 196 | 228 | ||
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c index 9bcd4b2c03..ea72629494 100644 --- a/src/lib/libcrypto/rsa/rsa_ssl.c +++ b/src/lib/libcrypto/rsa/rsa_ssl.c | |||
| @@ -58,15 +58,12 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "rsa.h" | 62 | #include <openssl/rsa.h> |
| 63 | #include "rand.h" | 63 | #include <openssl/rand.h> |
| 64 | 64 | ||
| 65 | int RSA_padding_add_SSLv23(to,tlen,from,flen) | 65 | int RSA_padding_add_SSLv23(unsigned char *to, int tlen, |
| 66 | unsigned char *to; | 66 | const unsigned char *from, int flen) |
| 67 | int tlen; | ||
| 68 | unsigned char *from; | ||
| 69 | int flen; | ||
| 70 | { | 67 | { |
| 71 | int i,j; | 68 | int i,j; |
| 72 | unsigned char *p; | 69 | unsigned char *p; |
| @@ -85,12 +82,14 @@ int flen; | |||
| 85 | /* pad out with non-zero random data */ | 82 | /* pad out with non-zero random data */ |
| 86 | j=tlen-3-8-flen; | 83 | j=tlen-3-8-flen; |
| 87 | 84 | ||
| 88 | RAND_bytes(p,j); | 85 | if (RAND_bytes(p,j) <= 0) |
| 86 | return(0); | ||
| 89 | for (i=0; i<j; i++) | 87 | for (i=0; i<j; i++) |
| 90 | { | 88 | { |
| 91 | if (*p == '\0') | 89 | if (*p == '\0') |
| 92 | do { | 90 | do { |
| 93 | RAND_bytes(p,1); | 91 | if (RAND_bytes(p,1) <= 0) |
| 92 | return(0); | ||
| 94 | } while (*p == '\0'); | 93 | } while (*p == '\0'); |
| 95 | p++; | 94 | p++; |
| 96 | } | 95 | } |
| @@ -103,14 +102,11 @@ int flen; | |||
| 103 | return(1); | 102 | return(1); |
| 104 | } | 103 | } |
| 105 | 104 | ||
| 106 | int RSA_padding_check_SSLv23(to,tlen,from,flen) | 105 | int RSA_padding_check_SSLv23(unsigned char *to, int tlen, |
| 107 | unsigned char *to; | 106 | const unsigned char *from, int flen, int num) |
| 108 | int tlen; | ||
| 109 | unsigned char *from; | ||
| 110 | int flen; | ||
| 111 | { | 107 | { |
| 112 | int i,j,k; | 108 | int i,j,k; |
| 113 | unsigned char *p; | 109 | const unsigned char *p; |
| 114 | 110 | ||
| 115 | p=from; | 111 | p=from; |
| 116 | if (flen < 10) | 112 | if (flen < 10) |
| @@ -118,7 +114,7 @@ int flen; | |||
| 118 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); | 114 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); |
| 119 | return(-1); | 115 | return(-1); |
| 120 | } | 116 | } |
| 121 | if (*(p++) != 02) | 117 | if ((num != (flen+1)) || (*(p++) != 02)) |
| 122 | { | 118 | { |
| 123 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); | 119 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); |
| 124 | return(-1); | 120 | return(-1); |
| @@ -138,7 +134,7 @@ int flen; | |||
| 138 | { | 134 | { |
| 139 | if (p[k] != 0x03) break; | 135 | if (p[k] != 0x03) break; |
| 140 | } | 136 | } |
| 141 | if (k == 0) | 137 | if (k == -1) |
| 142 | { | 138 | { |
| 143 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK); | 139 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK); |
| 144 | return(-1); | 140 | return(-1); |
| @@ -146,6 +142,11 @@ int flen; | |||
| 146 | 142 | ||
| 147 | i++; /* Skip over the '\0' */ | 143 | i++; /* Skip over the '\0' */ |
| 148 | j-=i; | 144 | j-=i; |
| 145 | if (j > tlen) | ||
| 146 | { | ||
| 147 | RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE); | ||
| 148 | return(-1); | ||
| 149 | } | ||
| 149 | memcpy(to,p,(unsigned int)j); | 150 | memcpy(to,p,(unsigned int)j); |
| 150 | 151 | ||
| 151 | return(j); | 152 | return(j); |
diff --git a/src/lib/libcrypto/sha/asm/sha1-586.pl b/src/lib/libcrypto/sha/asm/sha1-586.pl index d6d998f8ee..fe51fd0794 100644 --- a/src/lib/libcrypto/sha/asm/sha1-586.pl +++ b/src/lib/libcrypto/sha/asm/sha1-586.pl | |||
| @@ -1,15 +1,15 @@ | |||
| 1 | #!/usr/bin/perl | 1 | #!/usr/local/bin/perl |
| 2 | 2 | ||
| 3 | $normal=0; | 3 | $normal=0; |
| 4 | 4 | ||
| 5 | push(@INC,"perlasm","../../perlasm"); | 5 | push(@INC,"perlasm","../../perlasm"); |
| 6 | require "x86asm.pl"; | 6 | require "x86asm.pl"; |
| 7 | 7 | ||
| 8 | &asm_init($ARGV[0],"sha1-586.pl"); | 8 | &asm_init($ARGV[0],"sha1-586.pl",$ARGV[$#ARGV] eq "386"); |
| 9 | 9 | ||
| 10 | $A="eax"; | 10 | $A="eax"; |
| 11 | $B="ebx"; | 11 | $B="ecx"; |
| 12 | $C="ecx"; | 12 | $C="ebx"; |
| 13 | $D="edx"; | 13 | $D="edx"; |
| 14 | $E="edi"; | 14 | $E="edi"; |
| 15 | $T="esi"; | 15 | $T="esi"; |
| @@ -19,7 +19,7 @@ $off=9*4; | |||
| 19 | 19 | ||
| 20 | @K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); | 20 | @K=(0x5a827999,0x6ed9eba1,0x8f1bbcdc,0xca62c1d6); |
| 21 | 21 | ||
| 22 | &sha1_block("sha1_block_x86"); | 22 | &sha1_block_data("sha1_block_asm_data_order"); |
| 23 | 23 | ||
| 24 | &asm_finish(); | 24 | &asm_finish(); |
| 25 | 25 | ||
| @@ -53,11 +53,14 @@ sub X_expand | |||
| 53 | local($in)=@_; | 53 | local($in)=@_; |
| 54 | 54 | ||
| 55 | &comment("First, load the words onto the stack in network byte order"); | 55 | &comment("First, load the words onto the stack in network byte order"); |
| 56 | for ($i=0; $i<16; $i++) | 56 | for ($i=0; $i<16; $i+=2) |
| 57 | { | 57 | { |
| 58 | &mov("eax",&DWP(($i+0)*4,$in,"",0)) unless $i == 0; | 58 | &mov($A,&DWP(($i+0)*4,$in,"",0));# unless $i == 0; |
| 59 | &bswap("eax"); | 59 | &mov($B,&DWP(($i+1)*4,$in,"",0)); |
| 60 | &mov(&swtmp($i+0),"eax"); | 60 | &bswap($A); |
| 61 | &bswap($B); | ||
| 62 | &mov(&swtmp($i+0),$A); | ||
| 63 | &mov(&swtmp($i+1),$B); | ||
| 61 | } | 64 | } |
| 62 | 65 | ||
| 63 | &comment("We now have the X array on the stack"); | 66 | &comment("We now have the X array on the stack"); |
| @@ -312,9 +315,9 @@ sub BODY_60_79 | |||
| 312 | &BODY_20_39(@_); | 315 | &BODY_20_39(@_); |
| 313 | } | 316 | } |
| 314 | 317 | ||
| 315 | sub sha1_block | 318 | sub sha1_block_host |
| 316 | { | 319 | { |
| 317 | local($name)=@_; | 320 | local($name, $sclabel)=@_; |
| 318 | 321 | ||
| 319 | &function_begin_B($name,""); | 322 | &function_begin_B($name,""); |
| 320 | 323 | ||
| @@ -325,35 +328,77 @@ sub sha1_block | |||
| 325 | # D 12 | 328 | # D 12 |
| 326 | # E 16 | 329 | # E 16 |
| 327 | 330 | ||
| 328 | &push("esi"); | 331 | &mov("ecx", &wparam(2)); |
| 329 | &push("ebp"); | 332 | &push("esi"); |
| 330 | &mov("eax", &wparam(2)); | 333 | &shl("ecx",6); |
| 331 | &mov("esi", &wparam(1)); | 334 | &mov("esi", &wparam(1)); |
| 332 | &add("eax", "esi"); # offset to leave on | 335 | &push("ebp"); |
| 336 | &add("ecx","esi"); # offset to leave on | ||
| 337 | &push("ebx"); | ||
| 333 | &mov("ebp", &wparam(0)); | 338 | &mov("ebp", &wparam(0)); |
| 339 | &push("edi"); | ||
| 340 | &mov($D, &DWP(12,"ebp","",0)); | ||
| 341 | &stack_push(18+9); | ||
| 342 | &mov($E, &DWP(16,"ebp","",0)); | ||
| 343 | &mov($C, &DWP( 8,"ebp","",0)); | ||
| 344 | &mov(&swtmp(17),"ecx"); | ||
| 345 | |||
| 346 | &comment("First we need to setup the X array"); | ||
| 347 | |||
| 348 | for ($i=0; $i<16; $i+=2) | ||
| 349 | { | ||
| 350 | &mov($A,&DWP(($i+0)*4,"esi","",0));# unless $i == 0; | ||
| 351 | &mov($B,&DWP(($i+1)*4,"esi","",0)); | ||
| 352 | &mov(&swtmp($i+0),$A); | ||
| 353 | &mov(&swtmp($i+1),$B); | ||
| 354 | } | ||
| 355 | &jmp($sclabel); | ||
| 356 | &function_end_B($name); | ||
| 357 | } | ||
| 358 | |||
| 359 | |||
| 360 | sub sha1_block_data | ||
| 361 | { | ||
| 362 | local($name)=@_; | ||
| 363 | |||
| 364 | &function_begin_B($name,""); | ||
| 365 | |||
| 366 | # parameter 1 is the MD5_CTX structure. | ||
| 367 | # A 0 | ||
| 368 | # B 4 | ||
| 369 | # C 8 | ||
| 370 | # D 12 | ||
| 371 | # E 16 | ||
| 372 | |||
| 373 | &mov("ecx", &wparam(2)); | ||
| 374 | &push("esi"); | ||
| 375 | &shl("ecx",6); | ||
| 376 | &mov("esi", &wparam(1)); | ||
| 377 | &push("ebp"); | ||
| 378 | &add("ecx","esi"); # offset to leave on | ||
| 334 | &push("ebx"); | 379 | &push("ebx"); |
| 335 | &sub("eax", 64); | 380 | &mov("ebp", &wparam(0)); |
| 336 | &push("edi"); | 381 | &push("edi"); |
| 337 | &mov($B, &DWP( 4,"ebp","",0)); | ||
| 338 | &stack_push(18); | ||
| 339 | &mov($D, &DWP(12,"ebp","",0)); | 382 | &mov($D, &DWP(12,"ebp","",0)); |
| 340 | &mov($E, &DWP(16,"ebp","",0)); | 383 | &stack_push(18+9); |
| 341 | &mov($C, &DWP( 8,"ebp","",0)); | 384 | &mov($E, &DWP(16,"ebp","",0)); |
| 342 | &mov(&swtmp(17),"eax"); | 385 | &mov($C, &DWP( 8,"ebp","",0)); |
| 386 | &mov(&swtmp(17),"ecx"); | ||
| 343 | 387 | ||
| 344 | &comment("First we need to setup the X array"); | 388 | &comment("First we need to setup the X array"); |
| 345 | &mov("eax",&DWP(0,"esi","",0)); # pulled out of X_expand | ||
| 346 | 389 | ||
| 347 | &set_label("start") unless $normal; | 390 | &set_label("start") unless $normal; |
| 348 | 391 | ||
| 349 | &X_expand("esi"); | 392 | &X_expand("esi"); |
| 350 | &mov(&swtmp(16),"esi"); | 393 | &mov(&wparam(1),"esi"); |
| 351 | 394 | ||
| 395 | &set_label("shortcut", 0, 1); | ||
| 352 | &comment(""); | 396 | &comment(""); |
| 353 | &comment("Start processing"); | 397 | &comment("Start processing"); |
| 354 | 398 | ||
| 355 | # odd start | 399 | # odd start |
| 356 | &mov($A, &DWP( 0,"ebp","",0)); | 400 | &mov($A, &DWP( 0,"ebp","",0)); |
| 401 | &mov($B, &DWP( 4,"ebp","",0)); | ||
| 357 | $X="esp"; | 402 | $X="esp"; |
| 358 | &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); | 403 | &BODY_00_15(-2,$K[0],$X, 0,$A,$B,$C,$D,$E,$T); |
| 359 | &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); | 404 | &BODY_00_15( 0,$K[0],$X, 1,$T,$A,$B,$C,$D,$E); |
| @@ -468,24 +513,28 @@ sub sha1_block | |||
| 468 | &add($C,$T); | 513 | &add($C,$T); |
| 469 | 514 | ||
| 470 | &mov(&DWP( 0,$tmp1,"",0),$A); | 515 | &mov(&DWP( 0,$tmp1,"",0),$A); |
| 471 | &mov("esi",&swtmp(16)); | 516 | &mov("esi",&wparam(1)); |
| 472 | &mov(&DWP( 8,$tmp1,"",0),$C); # This is for looping | 517 | &mov(&DWP( 8,$tmp1,"",0),$C); |
| 473 | &add("esi",64); | 518 | &add("esi",64); |
| 474 | &mov("eax",&swtmp(17)); | 519 | &mov("eax",&swtmp(17)); |
| 475 | &mov(&DWP(16,$tmp1,"",0),$E); | 520 | &mov(&DWP(16,$tmp1,"",0),$E); |
| 476 | &cmp("eax","esi"); | 521 | &cmp("esi","eax"); |
| 477 | &mov(&DWP( 4,$tmp1,"",0),$B); # This is for looping | 522 | &mov(&DWP( 4,$tmp1,"",0),$B); |
| 478 | &jl(&label("end")); | 523 | &jl(&label("start")); |
| 479 | &mov("eax",&DWP(0,"esi","",0)); # Pulled down from | 524 | |
| 480 | &jmp(&label("start")); | 525 | &stack_pop(18+9); |
| 481 | |||
| 482 | &set_label("end"); | ||
| 483 | &stack_pop(18); | ||
| 484 | &pop("edi"); | 526 | &pop("edi"); |
| 485 | &pop("ebx"); | 527 | &pop("ebx"); |
| 486 | &pop("ebp"); | 528 | &pop("ebp"); |
| 487 | &pop("esi"); | 529 | &pop("esi"); |
| 488 | &ret(); | 530 | &ret(); |
| 531 | |||
| 532 | # keep a note of shortcut label so it can be used outside | ||
| 533 | # block. | ||
| 534 | my $sclabel = &label("shortcut"); | ||
| 535 | |||
| 489 | &function_end_B($name); | 536 | &function_end_B($name); |
| 537 | # Putting this here avoids problems with MASM in debugging mode | ||
| 538 | &sha1_block_host("sha1_block_asm_host_order", $sclabel); | ||
| 490 | } | 539 | } |
| 491 | 540 | ||
diff --git a/src/lib/libcrypto/sha/sha.h b/src/lib/libcrypto/sha/sha.h index 4cf0ea0225..3fd54a10cc 100644 --- a/src/lib/libcrypto/sha/sha.h +++ b/src/lib/libcrypto/sha/sha.h | |||
| @@ -59,49 +59,61 @@ | |||
| 59 | #ifndef HEADER_SHA_H | 59 | #ifndef HEADER_SHA_H |
| 60 | #define HEADER_SHA_H | 60 | #define HEADER_SHA_H |
| 61 | 61 | ||
| 62 | #include <openssl/e_os2.h> | ||
| 63 | |||
| 62 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 63 | extern "C" { | 65 | extern "C" { |
| 64 | #endif | 66 | #endif |
| 65 | 67 | ||
| 66 | #define SHA_CBLOCK 64 | 68 | #if defined(OPENSSL_NO_SHA) || (defined(OPENSSL_NO_SHA0) && defined(OPENSSL_NO_SHA1)) |
| 69 | #error SHA is disabled. | ||
| 70 | #endif | ||
| 71 | |||
| 72 | /* | ||
| 73 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| 74 | * ! SHA_LONG has to be at least 32 bits wide. If it's wider, then ! | ||
| 75 | * ! SHA_LONG_LOG2 has to be defined along. ! | ||
| 76 | * !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! | ||
| 77 | */ | ||
| 78 | |||
| 79 | #if defined(OPENSSL_SYS_WIN16) || defined(__LP32__) | ||
| 80 | #define SHA_LONG unsigned long | ||
| 81 | #elif defined(OPENSSL_SYS_CRAY) || defined(__ILP64__) | ||
| 82 | #define SHA_LONG unsigned long | ||
| 83 | #define SHA_LONG_LOG2 3 | ||
| 84 | #else | ||
| 85 | #define SHA_LONG unsigned int | ||
| 86 | #endif | ||
| 87 | |||
| 67 | #define SHA_LBLOCK 16 | 88 | #define SHA_LBLOCK 16 |
| 68 | #define SHA_BLOCK 16 | 89 | #define SHA_CBLOCK (SHA_LBLOCK*4) /* SHA treats input data as a |
| 69 | #define SHA_LAST_BLOCK 56 | 90 | * contiguous array of 32 bit |
| 70 | #define SHA_LENGTH_BLOCK 8 | 91 | * wide big-endian values. */ |
| 92 | #define SHA_LAST_BLOCK (SHA_CBLOCK-8) | ||
| 71 | #define SHA_DIGEST_LENGTH 20 | 93 | #define SHA_DIGEST_LENGTH 20 |
| 72 | 94 | ||
| 73 | typedef struct SHAstate_st | 95 | typedef struct SHAstate_st |
| 74 | { | 96 | { |
| 75 | unsigned long h0,h1,h2,h3,h4; | 97 | SHA_LONG h0,h1,h2,h3,h4; |
| 76 | unsigned long Nl,Nh; | 98 | SHA_LONG Nl,Nh; |
| 77 | unsigned long data[SHA_LBLOCK]; | 99 | SHA_LONG data[SHA_LBLOCK]; |
| 78 | int num; | 100 | int num; |
| 79 | } SHA_CTX; | 101 | } SHA_CTX; |
| 80 | 102 | ||
| 81 | #ifndef NOPROTO | 103 | #ifndef OPENSSL_NO_SHA0 |
| 82 | void SHA_Init(SHA_CTX *c); | 104 | int SHA_Init(SHA_CTX *c); |
| 83 | void SHA_Update(SHA_CTX *c, unsigned char *data, unsigned long len); | 105 | int SHA_Update(SHA_CTX *c, const void *data, unsigned long len); |
| 84 | void SHA_Final(unsigned char *md, SHA_CTX *c); | 106 | int SHA_Final(unsigned char *md, SHA_CTX *c); |
| 85 | unsigned char *SHA(unsigned char *d, unsigned long n,unsigned char *md); | 107 | unsigned char *SHA(const unsigned char *d, unsigned long n,unsigned char *md); |
| 86 | void SHA_Transform(SHA_CTX *c, unsigned char *data); | 108 | void SHA_Transform(SHA_CTX *c, const unsigned char *data); |
| 87 | void SHA1_Init(SHA_CTX *c); | 109 | #endif |
| 88 | void SHA1_Update(SHA_CTX *c, unsigned char *data, unsigned long len); | 110 | #ifndef OPENSSL_NO_SHA1 |
| 89 | void SHA1_Final(unsigned char *md, SHA_CTX *c); | 111 | int SHA1_Init(SHA_CTX *c); |
| 90 | unsigned char *SHA1(unsigned char *d, unsigned long n,unsigned char *md); | 112 | int SHA1_Update(SHA_CTX *c, const void *data, unsigned long len); |
| 91 | void SHA1_Transform(SHA_CTX *c, unsigned char *data); | 113 | int SHA1_Final(unsigned char *md, SHA_CTX *c); |
| 92 | #else | 114 | unsigned char *SHA1(const unsigned char *d, unsigned long n,unsigned char *md); |
| 93 | void SHA_Init(); | 115 | void SHA1_Transform(SHA_CTX *c, const unsigned char *data); |
| 94 | void SHA_Update(); | ||
| 95 | void SHA_Final(); | ||
| 96 | unsigned char *SHA(); | ||
| 97 | void SHA_Transform(); | ||
| 98 | void SHA1_Init(); | ||
| 99 | void SHA1_Update(); | ||
| 100 | void SHA1_Final(); | ||
| 101 | unsigned char *SHA1(); | ||
| 102 | void SHA1_Transform(); | ||
| 103 | #endif | 116 | #endif |
| 104 | |||
| 105 | #ifdef __cplusplus | 117 | #ifdef __cplusplus |
| 106 | } | 118 | } |
| 107 | #endif | 119 | #endif |
diff --git a/src/lib/libcrypto/sha/sha1_one.c b/src/lib/libcrypto/sha/sha1_one.c index fe5770d601..e6a24888ed 100644 --- a/src/lib/libcrypto/sha/sha1_one.c +++ b/src/lib/libcrypto/sha/sha1_one.c | |||
| @@ -58,12 +58,10 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | #include "sha.h" | 61 | #include <openssl/sha.h> |
| 62 | 62 | ||
| 63 | unsigned char *SHA1(d, n, md) | 63 | #ifndef OPENSSL_NO_SHA1 |
| 64 | unsigned char *d; | 64 | unsigned char *SHA1(const unsigned char *d, unsigned long n, unsigned char *md) |
| 65 | unsigned long n; | ||
| 66 | unsigned char *md; | ||
| 67 | { | 65 | { |
| 68 | SHA_CTX c; | 66 | SHA_CTX c; |
| 69 | static unsigned char m[SHA_DIGEST_LENGTH]; | 67 | static unsigned char m[SHA_DIGEST_LENGTH]; |
| @@ -75,3 +73,4 @@ unsigned char *md; | |||
| 75 | memset(&c,0,sizeof(c)); | 73 | memset(&c,0,sizeof(c)); |
| 76 | return(md); | 74 | return(md); |
| 77 | } | 75 | } |
| 76 | #endif | ||
diff --git a/src/lib/libcrypto/sha/sha1dgst.c b/src/lib/libcrypto/sha/sha1dgst.c index 2b0ae1f0d4..182f65982a 100644 --- a/src/lib/libcrypto/sha/sha1dgst.c +++ b/src/lib/libcrypto/sha/sha1dgst.c | |||
| @@ -56,413 +56,18 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #if !defined(OPENSSL_NO_SHA1) && !defined(OPENSSL_NO_SHA) |
| 60 | #include <string.h> | 60 | |
| 61 | #undef SHA_0 | 61 | #undef SHA_0 |
| 62 | #define SHA_1 | 62 | #define SHA_1 |
| 63 | #include "sha.h" | ||
| 64 | #include "sha_locl.h" | ||
| 65 | |||
| 66 | char *SHA1_version="SHA1 part of SSLeay 0.9.0b 29-Jun-1998"; | ||
| 67 | |||
| 68 | /* Implemented from SHA-1 document - The Secure Hash Algorithm | ||
| 69 | */ | ||
| 70 | |||
| 71 | #define INIT_DATA_h0 (unsigned long)0x67452301L | ||
| 72 | #define INIT_DATA_h1 (unsigned long)0xefcdab89L | ||
| 73 | #define INIT_DATA_h2 (unsigned long)0x98badcfeL | ||
| 74 | #define INIT_DATA_h3 (unsigned long)0x10325476L | ||
| 75 | #define INIT_DATA_h4 (unsigned long)0xc3d2e1f0L | ||
| 76 | |||
| 77 | #define K_00_19 0x5a827999L | ||
| 78 | #define K_20_39 0x6ed9eba1L | ||
| 79 | #define K_40_59 0x8f1bbcdcL | ||
| 80 | #define K_60_79 0xca62c1d6L | ||
| 81 | |||
| 82 | #ifndef NOPROTO | ||
| 83 | # ifdef SHA1_ASM | ||
| 84 | void sha1_block_x86(SHA_CTX *c, register unsigned long *p, int num); | ||
| 85 | # define sha1_block sha1_block_x86 | ||
| 86 | # else | ||
| 87 | void sha1_block(SHA_CTX *c, register unsigned long *p, int num); | ||
| 88 | # endif | ||
| 89 | #else | ||
| 90 | # ifdef SHA1_ASM | ||
| 91 | void sha1_block_x86(); | ||
| 92 | # define sha1_block sha1_block_x86 | ||
| 93 | # else | ||
| 94 | void sha1_block(); | ||
| 95 | # endif | ||
| 96 | #endif | ||
| 97 | |||
| 98 | 63 | ||
| 99 | #if defined(L_ENDIAN) && defined(SHA1_ASM) | 64 | #include <openssl/opensslv.h> |
| 100 | # define M_c2nl c2l | ||
| 101 | # define M_p_c2nl p_c2l | ||
| 102 | # define M_c2nl_p c2l_p | ||
| 103 | # define M_p_c2nl_p p_c2l_p | ||
| 104 | # define M_nl2c l2c | ||
| 105 | #else | ||
| 106 | # define M_c2nl c2nl | ||
| 107 | # define M_p_c2nl p_c2nl | ||
| 108 | # define M_c2nl_p c2nl_p | ||
| 109 | # define M_p_c2nl_p p_c2nl_p | ||
| 110 | # define M_nl2c nl2c | ||
| 111 | #endif | ||
| 112 | |||
| 113 | void SHA1_Init(c) | ||
| 114 | SHA_CTX *c; | ||
| 115 | { | ||
| 116 | c->h0=INIT_DATA_h0; | ||
| 117 | c->h1=INIT_DATA_h1; | ||
| 118 | c->h2=INIT_DATA_h2; | ||
| 119 | c->h3=INIT_DATA_h3; | ||
| 120 | c->h4=INIT_DATA_h4; | ||
| 121 | c->Nl=0; | ||
| 122 | c->Nh=0; | ||
| 123 | c->num=0; | ||
| 124 | } | ||
| 125 | |||
| 126 | void SHA1_Update(c, data, len) | ||
| 127 | SHA_CTX *c; | ||
| 128 | register unsigned char *data; | ||
| 129 | unsigned long len; | ||
| 130 | { | ||
| 131 | register ULONG *p; | ||
| 132 | int ew,ec,sw,sc; | ||
| 133 | ULONG l; | ||
| 134 | |||
| 135 | if (len == 0) return; | ||
| 136 | |||
| 137 | l=(c->Nl+(len<<3))&0xffffffffL; | ||
| 138 | if (l < c->Nl) /* overflow */ | ||
| 139 | c->Nh++; | ||
| 140 | c->Nh+=(len>>29); | ||
| 141 | c->Nl=l; | ||
| 142 | 65 | ||
| 143 | if (c->num != 0) | 66 | const char *SHA1_version="SHA1" OPENSSL_VERSION_PTEXT; |
| 144 | { | ||
| 145 | p=c->data; | ||
| 146 | sw=c->num>>2; | ||
| 147 | sc=c->num&0x03; | ||
| 148 | |||
| 149 | if ((c->num+len) >= SHA_CBLOCK) | ||
| 150 | { | ||
| 151 | l= p[sw]; | ||
| 152 | M_p_c2nl(data,l,sc); | ||
| 153 | p[sw++]=l; | ||
| 154 | for (; sw<SHA_LBLOCK; sw++) | ||
| 155 | { | ||
| 156 | M_c2nl(data,l); | ||
| 157 | p[sw]=l; | ||
| 158 | } | ||
| 159 | len-=(SHA_CBLOCK-c->num); | ||
| 160 | |||
| 161 | sha1_block(c,p,64); | ||
| 162 | c->num=0; | ||
| 163 | /* drop through and do the rest */ | ||
| 164 | } | ||
| 165 | else | ||
| 166 | { | ||
| 167 | c->num+=(int)len; | ||
| 168 | if ((sc+len) < 4) /* ugly, add char's to a word */ | ||
| 169 | { | ||
| 170 | l= p[sw]; | ||
| 171 | M_p_c2nl_p(data,l,sc,len); | ||
| 172 | p[sw]=l; | ||
| 173 | } | ||
| 174 | else | ||
| 175 | { | ||
| 176 | ew=(c->num>>2); | ||
| 177 | ec=(c->num&0x03); | ||
| 178 | l= p[sw]; | ||
| 179 | M_p_c2nl(data,l,sc); | ||
| 180 | p[sw++]=l; | ||
| 181 | for (; sw < ew; sw++) | ||
| 182 | { M_c2nl(data,l); p[sw]=l; } | ||
| 183 | if (ec) | ||
| 184 | { | ||
| 185 | M_c2nl_p(data,l,ec); | ||
| 186 | p[sw]=l; | ||
| 187 | } | ||
| 188 | } | ||
| 189 | return; | ||
| 190 | } | ||
| 191 | } | ||
| 192 | /* We can only do the following code for assember, the reason | ||
| 193 | * being that the sha1_block 'C' version changes the values | ||
| 194 | * in the 'data' array. The assember code avoids this and | ||
| 195 | * copies it to a local array. I should be able to do this for | ||
| 196 | * the C version as well.... | ||
| 197 | */ | ||
| 198 | #if 1 | ||
| 199 | #if defined(B_ENDIAN) || defined(SHA1_ASM) | ||
| 200 | if ((((unsigned int)data)%sizeof(ULONG)) == 0) | ||
| 201 | { | ||
| 202 | sw=len/SHA_CBLOCK; | ||
| 203 | if (sw) | ||
| 204 | { | ||
| 205 | sw*=SHA_CBLOCK; | ||
| 206 | sha1_block(c,(ULONG *)data,sw); | ||
| 207 | data+=sw; | ||
| 208 | len-=sw; | ||
| 209 | } | ||
| 210 | } | ||
| 211 | #endif | ||
| 212 | #endif | ||
| 213 | /* we now can process the input data in blocks of SHA_CBLOCK | ||
| 214 | * chars and save the leftovers to c->data. */ | ||
| 215 | p=c->data; | ||
| 216 | while (len >= SHA_CBLOCK) | ||
| 217 | { | ||
| 218 | #if defined(B_ENDIAN) || defined(L_ENDIAN) | ||
| 219 | if (p != (unsigned long *)data) | ||
| 220 | memcpy(p,data,SHA_CBLOCK); | ||
| 221 | data+=SHA_CBLOCK; | ||
| 222 | # ifdef L_ENDIAN | ||
| 223 | # ifndef SHA1_ASM /* Will not happen */ | ||
| 224 | for (sw=(SHA_LBLOCK/4); sw; sw--) | ||
| 225 | { | ||
| 226 | Endian_Reverse32(p[0]); | ||
| 227 | Endian_Reverse32(p[1]); | ||
| 228 | Endian_Reverse32(p[2]); | ||
| 229 | Endian_Reverse32(p[3]); | ||
| 230 | p+=4; | ||
| 231 | } | ||
| 232 | p=c->data; | ||
| 233 | # endif | ||
| 234 | # endif | ||
| 235 | #else | ||
| 236 | for (sw=(SHA_BLOCK/4); sw; sw--) | ||
| 237 | { | ||
| 238 | M_c2nl(data,l); *(p++)=l; | ||
| 239 | M_c2nl(data,l); *(p++)=l; | ||
| 240 | M_c2nl(data,l); *(p++)=l; | ||
| 241 | M_c2nl(data,l); *(p++)=l; | ||
| 242 | } | ||
| 243 | p=c->data; | ||
| 244 | #endif | ||
| 245 | sha1_block(c,p,64); | ||
| 246 | len-=SHA_CBLOCK; | ||
| 247 | } | ||
| 248 | ec=(int)len; | ||
| 249 | c->num=ec; | ||
| 250 | ew=(ec>>2); | ||
| 251 | ec&=0x03; | ||
| 252 | 67 | ||
| 253 | for (sw=0; sw < ew; sw++) | 68 | /* The implementation is in ../md32_common.h */ |
| 254 | { M_c2nl(data,l); p[sw]=l; } | ||
| 255 | M_c2nl_p(data,l,ec); | ||
| 256 | p[sw]=l; | ||
| 257 | } | ||
| 258 | 69 | ||
| 259 | void SHA1_Transform(c,b) | 70 | #include "sha_locl.h" |
| 260 | SHA_CTX *c; | ||
| 261 | unsigned char *b; | ||
| 262 | { | ||
| 263 | ULONG p[16]; | ||
| 264 | #ifndef B_ENDIAN | ||
| 265 | ULONG *q; | ||
| 266 | int i; | ||
| 267 | #endif | ||
| 268 | |||
| 269 | #if defined(B_ENDIAN) || defined(L_ENDIAN) | ||
| 270 | memcpy(p,b,64); | ||
| 271 | #ifdef L_ENDIAN | ||
| 272 | q=p; | ||
| 273 | for (i=(SHA_LBLOCK/4); i; i--) | ||
| 274 | { | ||
| 275 | Endian_Reverse32(q[0]); | ||
| 276 | Endian_Reverse32(q[1]); | ||
| 277 | Endian_Reverse32(q[2]); | ||
| 278 | Endian_Reverse32(q[3]); | ||
| 279 | q+=4; | ||
| 280 | } | ||
| 281 | #endif | ||
| 282 | #else | ||
| 283 | q=p; | ||
| 284 | for (i=(SHA_LBLOCK/4); i; i--) | ||
| 285 | { | ||
| 286 | ULONG l; | ||
| 287 | c2nl(b,l); *(q++)=l; | ||
| 288 | c2nl(b,l); *(q++)=l; | ||
| 289 | c2nl(b,l); *(q++)=l; | ||
| 290 | c2nl(b,l); *(q++)=l; | ||
| 291 | } | ||
| 292 | #endif | ||
| 293 | sha1_block(c,p,64); | ||
| 294 | } | ||
| 295 | |||
| 296 | #ifndef SHA1_ASM | ||
| 297 | |||
| 298 | void sha1_block(c, W, num) | ||
| 299 | SHA_CTX *c; | ||
| 300 | register unsigned long *W; | ||
| 301 | int num; | ||
| 302 | { | ||
| 303 | register ULONG A,B,C,D,E,T; | ||
| 304 | ULONG X[16]; | ||
| 305 | |||
| 306 | A=c->h0; | ||
| 307 | B=c->h1; | ||
| 308 | C=c->h2; | ||
| 309 | D=c->h3; | ||
| 310 | E=c->h4; | ||
| 311 | |||
| 312 | for (;;) | ||
| 313 | { | ||
| 314 | BODY_00_15( 0,A,B,C,D,E,T,W); | ||
| 315 | BODY_00_15( 1,T,A,B,C,D,E,W); | ||
| 316 | BODY_00_15( 2,E,T,A,B,C,D,W); | ||
| 317 | BODY_00_15( 3,D,E,T,A,B,C,W); | ||
| 318 | BODY_00_15( 4,C,D,E,T,A,B,W); | ||
| 319 | BODY_00_15( 5,B,C,D,E,T,A,W); | ||
| 320 | BODY_00_15( 6,A,B,C,D,E,T,W); | ||
| 321 | BODY_00_15( 7,T,A,B,C,D,E,W); | ||
| 322 | BODY_00_15( 8,E,T,A,B,C,D,W); | ||
| 323 | BODY_00_15( 9,D,E,T,A,B,C,W); | ||
| 324 | BODY_00_15(10,C,D,E,T,A,B,W); | ||
| 325 | BODY_00_15(11,B,C,D,E,T,A,W); | ||
| 326 | BODY_00_15(12,A,B,C,D,E,T,W); | ||
| 327 | BODY_00_15(13,T,A,B,C,D,E,W); | ||
| 328 | BODY_00_15(14,E,T,A,B,C,D,W); | ||
| 329 | BODY_00_15(15,D,E,T,A,B,C,W); | ||
| 330 | BODY_16_19(16,C,D,E,T,A,B,W,W,W,W); | ||
| 331 | BODY_16_19(17,B,C,D,E,T,A,W,W,W,W); | ||
| 332 | BODY_16_19(18,A,B,C,D,E,T,W,W,W,W); | ||
| 333 | BODY_16_19(19,T,A,B,C,D,E,W,W,W,X); | ||
| 334 | |||
| 335 | BODY_20_31(20,E,T,A,B,C,D,W,W,W,X); | ||
| 336 | BODY_20_31(21,D,E,T,A,B,C,W,W,W,X); | ||
| 337 | BODY_20_31(22,C,D,E,T,A,B,W,W,W,X); | ||
| 338 | BODY_20_31(23,B,C,D,E,T,A,W,W,W,X); | ||
| 339 | BODY_20_31(24,A,B,C,D,E,T,W,W,X,X); | ||
| 340 | BODY_20_31(25,T,A,B,C,D,E,W,W,X,X); | ||
| 341 | BODY_20_31(26,E,T,A,B,C,D,W,W,X,X); | ||
| 342 | BODY_20_31(27,D,E,T,A,B,C,W,W,X,X); | ||
| 343 | BODY_20_31(28,C,D,E,T,A,B,W,W,X,X); | ||
| 344 | BODY_20_31(29,B,C,D,E,T,A,W,W,X,X); | ||
| 345 | BODY_20_31(30,A,B,C,D,E,T,W,X,X,X); | ||
| 346 | BODY_20_31(31,T,A,B,C,D,E,W,X,X,X); | ||
| 347 | BODY_32_39(32,E,T,A,B,C,D,X); | ||
| 348 | BODY_32_39(33,D,E,T,A,B,C,X); | ||
| 349 | BODY_32_39(34,C,D,E,T,A,B,X); | ||
| 350 | BODY_32_39(35,B,C,D,E,T,A,X); | ||
| 351 | BODY_32_39(36,A,B,C,D,E,T,X); | ||
| 352 | BODY_32_39(37,T,A,B,C,D,E,X); | ||
| 353 | BODY_32_39(38,E,T,A,B,C,D,X); | ||
| 354 | BODY_32_39(39,D,E,T,A,B,C,X); | ||
| 355 | |||
| 356 | BODY_40_59(40,C,D,E,T,A,B,X); | ||
| 357 | BODY_40_59(41,B,C,D,E,T,A,X); | ||
| 358 | BODY_40_59(42,A,B,C,D,E,T,X); | ||
| 359 | BODY_40_59(43,T,A,B,C,D,E,X); | ||
| 360 | BODY_40_59(44,E,T,A,B,C,D,X); | ||
| 361 | BODY_40_59(45,D,E,T,A,B,C,X); | ||
| 362 | BODY_40_59(46,C,D,E,T,A,B,X); | ||
| 363 | BODY_40_59(47,B,C,D,E,T,A,X); | ||
| 364 | BODY_40_59(48,A,B,C,D,E,T,X); | ||
| 365 | BODY_40_59(49,T,A,B,C,D,E,X); | ||
| 366 | BODY_40_59(50,E,T,A,B,C,D,X); | ||
| 367 | BODY_40_59(51,D,E,T,A,B,C,X); | ||
| 368 | BODY_40_59(52,C,D,E,T,A,B,X); | ||
| 369 | BODY_40_59(53,B,C,D,E,T,A,X); | ||
| 370 | BODY_40_59(54,A,B,C,D,E,T,X); | ||
| 371 | BODY_40_59(55,T,A,B,C,D,E,X); | ||
| 372 | BODY_40_59(56,E,T,A,B,C,D,X); | ||
| 373 | BODY_40_59(57,D,E,T,A,B,C,X); | ||
| 374 | BODY_40_59(58,C,D,E,T,A,B,X); | ||
| 375 | BODY_40_59(59,B,C,D,E,T,A,X); | ||
| 376 | |||
| 377 | BODY_60_79(60,A,B,C,D,E,T,X); | ||
| 378 | BODY_60_79(61,T,A,B,C,D,E,X); | ||
| 379 | BODY_60_79(62,E,T,A,B,C,D,X); | ||
| 380 | BODY_60_79(63,D,E,T,A,B,C,X); | ||
| 381 | BODY_60_79(64,C,D,E,T,A,B,X); | ||
| 382 | BODY_60_79(65,B,C,D,E,T,A,X); | ||
| 383 | BODY_60_79(66,A,B,C,D,E,T,X); | ||
| 384 | BODY_60_79(67,T,A,B,C,D,E,X); | ||
| 385 | BODY_60_79(68,E,T,A,B,C,D,X); | ||
| 386 | BODY_60_79(69,D,E,T,A,B,C,X); | ||
| 387 | BODY_60_79(70,C,D,E,T,A,B,X); | ||
| 388 | BODY_60_79(71,B,C,D,E,T,A,X); | ||
| 389 | BODY_60_79(72,A,B,C,D,E,T,X); | ||
| 390 | BODY_60_79(73,T,A,B,C,D,E,X); | ||
| 391 | BODY_60_79(74,E,T,A,B,C,D,X); | ||
| 392 | BODY_60_79(75,D,E,T,A,B,C,X); | ||
| 393 | BODY_60_79(76,C,D,E,T,A,B,X); | ||
| 394 | BODY_60_79(77,B,C,D,E,T,A,X); | ||
| 395 | BODY_60_79(78,A,B,C,D,E,T,X); | ||
| 396 | BODY_60_79(79,T,A,B,C,D,E,X); | ||
| 397 | |||
| 398 | c->h0=(c->h0+E)&0xffffffffL; | ||
| 399 | c->h1=(c->h1+T)&0xffffffffL; | ||
| 400 | c->h2=(c->h2+A)&0xffffffffL; | ||
| 401 | c->h3=(c->h3+B)&0xffffffffL; | ||
| 402 | c->h4=(c->h4+C)&0xffffffffL; | ||
| 403 | |||
| 404 | num-=64; | ||
| 405 | if (num <= 0) break; | ||
| 406 | |||
| 407 | A=c->h0; | ||
| 408 | B=c->h1; | ||
| 409 | C=c->h2; | ||
| 410 | D=c->h3; | ||
| 411 | E=c->h4; | ||
| 412 | |||
| 413 | W+=16; | ||
| 414 | } | ||
| 415 | } | ||
| 416 | #endif | ||
| 417 | |||
| 418 | void SHA1_Final(md, c) | ||
| 419 | unsigned char *md; | ||
| 420 | SHA_CTX *c; | ||
| 421 | { | ||
| 422 | register int i,j; | ||
| 423 | register ULONG l; | ||
| 424 | register ULONG *p; | ||
| 425 | static unsigned char end[4]={0x80,0x00,0x00,0x00}; | ||
| 426 | unsigned char *cp=end; | ||
| 427 | 71 | ||
| 428 | /* c->num should definitly have room for at least one more byte. */ | ||
| 429 | p=c->data; | ||
| 430 | j=c->num; | ||
| 431 | i=j>>2; | ||
| 432 | #ifdef PURIFY | ||
| 433 | if ((j&0x03) == 0) p[i]=0; | ||
| 434 | #endif | 72 | #endif |
| 435 | l=p[i]; | ||
| 436 | M_p_c2nl(cp,l,j&0x03); | ||
| 437 | p[i]=l; | ||
| 438 | i++; | ||
| 439 | /* i is the next 'undefined word' */ | ||
| 440 | if (c->num >= SHA_LAST_BLOCK) | ||
| 441 | { | ||
| 442 | for (; i<SHA_LBLOCK; i++) | ||
| 443 | p[i]=0; | ||
| 444 | sha1_block(c,p,64); | ||
| 445 | i=0; | ||
| 446 | } | ||
| 447 | for (; i<(SHA_LBLOCK-2); i++) | ||
| 448 | p[i]=0; | ||
| 449 | p[SHA_LBLOCK-2]=c->Nh; | ||
| 450 | p[SHA_LBLOCK-1]=c->Nl; | ||
| 451 | #if defined(L_ENDIAN) && defined(SHA1_ASM) | ||
| 452 | Endian_Reverse32(p[SHA_LBLOCK-2]); | ||
| 453 | Endian_Reverse32(p[SHA_LBLOCK-1]); | ||
| 454 | #endif | ||
| 455 | sha1_block(c,p,64); | ||
| 456 | cp=md; | ||
| 457 | l=c->h0; nl2c(l,cp); | ||
| 458 | l=c->h1; nl2c(l,cp); | ||
| 459 | l=c->h2; nl2c(l,cp); | ||
| 460 | l=c->h3; nl2c(l,cp); | ||
| 461 | l=c->h4; nl2c(l,cp); | ||
| 462 | |||
| 463 | /* clear stuff, sha1_block may be leaving some stuff on the stack | ||
| 464 | * but I'm not worried :-) */ | ||
| 465 | c->num=0; | ||
| 466 | /* memset((char *)&c,0,sizeof(c));*/ | ||
| 467 | } | ||
| 468 | 73 | ||
diff --git a/src/lib/libcrypto/sha/sha_locl.h b/src/lib/libcrypto/sha/sha_locl.h index 2814ad15fa..471dfb9f8f 100644 --- a/src/lib/libcrypto/sha/sha_locl.h +++ b/src/lib/libcrypto/sha/sha_locl.h | |||
| @@ -59,137 +59,102 @@ | |||
| 59 | #include <stdlib.h> | 59 | #include <stdlib.h> |
| 60 | #include <string.h> | 60 | #include <string.h> |
| 61 | 61 | ||
| 62 | #ifdef undef | 62 | #include <openssl/opensslconf.h> |
| 63 | /* one or the other needs to be defined */ | 63 | #include <openssl/sha.h> |
| 64 | #ifndef SHA_1 /* FIPE 180-1 */ | 64 | |
| 65 | #define SHA_0 /* FIPS 180 */ | 65 | #ifndef SHA_LONG_LOG2 |
| 66 | #endif | 66 | #define SHA_LONG_LOG2 2 /* default to 32 bits */ |
| 67 | #endif | 67 | #endif |
| 68 | 68 | ||
| 69 | #define ULONG unsigned long | 69 | #define DATA_ORDER_IS_BIG_ENDIAN |
| 70 | #define UCHAR unsigned char | ||
| 71 | #define UINT unsigned int | ||
| 72 | 70 | ||
| 73 | #ifdef NOCONST | 71 | #define HASH_LONG SHA_LONG |
| 74 | #define const | 72 | #define HASH_LONG_LOG2 SHA_LONG_LOG2 |
| 75 | #endif | 73 | #define HASH_CTX SHA_CTX |
| 74 | #define HASH_CBLOCK SHA_CBLOCK | ||
| 75 | #define HASH_LBLOCK SHA_LBLOCK | ||
| 76 | #define HASH_MAKE_STRING(c,s) do { \ | ||
| 77 | unsigned long ll; \ | ||
| 78 | ll=(c)->h0; HOST_l2c(ll,(s)); \ | ||
| 79 | ll=(c)->h1; HOST_l2c(ll,(s)); \ | ||
| 80 | ll=(c)->h2; HOST_l2c(ll,(s)); \ | ||
| 81 | ll=(c)->h3; HOST_l2c(ll,(s)); \ | ||
| 82 | ll=(c)->h4; HOST_l2c(ll,(s)); \ | ||
| 83 | } while (0) | ||
| 84 | |||
| 85 | #if defined(SHA_0) | ||
| 86 | |||
| 87 | # define HASH_UPDATE SHA_Update | ||
| 88 | # define HASH_TRANSFORM SHA_Transform | ||
| 89 | # define HASH_FINAL SHA_Final | ||
| 90 | # define HASH_INIT SHA_Init | ||
| 91 | # define HASH_BLOCK_HOST_ORDER sha_block_host_order | ||
| 92 | # define HASH_BLOCK_DATA_ORDER sha_block_data_order | ||
| 93 | # define Xupdate(a,ix,ia,ib,ic,id) (ix=(a)=(ia^ib^ic^id)) | ||
| 94 | |||
| 95 | void sha_block_host_order (SHA_CTX *c, const void *p,int num); | ||
| 96 | void sha_block_data_order (SHA_CTX *c, const void *p,int num); | ||
| 97 | |||
| 98 | #elif defined(SHA_1) | ||
| 99 | |||
| 100 | # define HASH_UPDATE SHA1_Update | ||
| 101 | # define HASH_TRANSFORM SHA1_Transform | ||
| 102 | # define HASH_FINAL SHA1_Final | ||
| 103 | # define HASH_INIT SHA1_Init | ||
| 104 | # define HASH_BLOCK_HOST_ORDER sha1_block_host_order | ||
| 105 | # define HASH_BLOCK_DATA_ORDER sha1_block_data_order | ||
| 106 | # if defined(__MWERKS__) && defined(__MC68K__) | ||
| 107 | /* Metrowerks for Motorola fails otherwise:-( <appro@fy.chalmers.se> */ | ||
| 108 | # define Xupdate(a,ix,ia,ib,ic,id) do { (a)=(ia^ib^ic^id); \ | ||
| 109 | ix=(a)=ROTATE((a),1); \ | ||
| 110 | } while (0) | ||
| 111 | # else | ||
| 112 | # define Xupdate(a,ix,ia,ib,ic,id) ( (a)=(ia^ib^ic^id), \ | ||
| 113 | ix=(a)=ROTATE((a),1) \ | ||
| 114 | ) | ||
| 115 | # endif | ||
| 116 | |||
| 117 | # ifdef SHA1_ASM | ||
| 118 | # if defined(__i386) || defined(__i386__) || defined(_M_IX86) || defined(__INTEL__) | ||
| 119 | # define sha1_block_host_order sha1_block_asm_host_order | ||
| 120 | # define DONT_IMPLEMENT_BLOCK_HOST_ORDER | ||
| 121 | # define sha1_block_data_order sha1_block_asm_data_order | ||
| 122 | # define DONT_IMPLEMENT_BLOCK_DATA_ORDER | ||
| 123 | # define HASH_BLOCK_DATA_ORDER_ALIGNED sha1_block_asm_data_order | ||
| 124 | # endif | ||
| 125 | # endif | ||
| 126 | void sha1_block_host_order (SHA_CTX *c, const void *p,int num); | ||
| 127 | void sha1_block_data_order (SHA_CTX *c, const void *p,int num); | ||
| 76 | 128 | ||
| 77 | #undef c2nl | ||
| 78 | #define c2nl(c,l) (l =(((unsigned long)(*((c)++)))<<24), \ | ||
| 79 | l|=(((unsigned long)(*((c)++)))<<16), \ | ||
| 80 | l|=(((unsigned long)(*((c)++)))<< 8), \ | ||
| 81 | l|=(((unsigned long)(*((c)++))) )) | ||
| 82 | |||
| 83 | #undef p_c2nl | ||
| 84 | #define p_c2nl(c,l,n) { \ | ||
| 85 | switch (n) { \ | ||
| 86 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 87 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 88 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 89 | case 3: l|=((unsigned long)(*((c)++))); \ | ||
| 90 | } \ | ||
| 91 | } | ||
| 92 | |||
| 93 | #undef c2nl_p | ||
| 94 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 95 | #define c2nl_p(c,l,n) { \ | ||
| 96 | l=0; \ | ||
| 97 | (c)+=n; \ | ||
| 98 | switch (n) { \ | ||
| 99 | case 3: l =((unsigned long)(*(--(c))))<< 8; \ | ||
| 100 | case 2: l|=((unsigned long)(*(--(c))))<<16; \ | ||
| 101 | case 1: l|=((unsigned long)(*(--(c))))<<24; \ | ||
| 102 | } \ | ||
| 103 | } | ||
| 104 | |||
| 105 | #undef p_c2nl_p | ||
| 106 | #define p_c2nl_p(c,l,sc,len) { \ | ||
| 107 | switch (sc) \ | ||
| 108 | { \ | ||
| 109 | case 0: l =((unsigned long)(*((c)++)))<<24; \ | ||
| 110 | if (--len == 0) break; \ | ||
| 111 | case 1: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 112 | if (--len == 0) break; \ | ||
| 113 | case 2: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 114 | } \ | ||
| 115 | } | ||
| 116 | |||
| 117 | #undef nl2c | ||
| 118 | #define nl2c(l,c) (*((c)++)=(unsigned char)(((l)>>24)&0xff), \ | ||
| 119 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 120 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 121 | *((c)++)=(unsigned char)(((l) )&0xff)) | ||
| 122 | |||
| 123 | #undef c2l | ||
| 124 | #define c2l(c,l) (l =(((unsigned long)(*((c)++))) ), \ | ||
| 125 | l|=(((unsigned long)(*((c)++)))<< 8), \ | ||
| 126 | l|=(((unsigned long)(*((c)++)))<<16), \ | ||
| 127 | l|=(((unsigned long)(*((c)++)))<<24)) | ||
| 128 | |||
| 129 | #undef p_c2l | ||
| 130 | #define p_c2l(c,l,n) { \ | ||
| 131 | switch (n) { \ | ||
| 132 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 133 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 134 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 135 | case 3: l|=((unsigned long)(*((c)++)))<<24; \ | ||
| 136 | } \ | ||
| 137 | } | ||
| 138 | |||
| 139 | #undef c2l_p | ||
| 140 | /* NOTE the pointer is not incremented at the end of this */ | ||
| 141 | #define c2l_p(c,l,n) { \ | ||
| 142 | l=0; \ | ||
| 143 | (c)+=n; \ | ||
| 144 | switch (n) { \ | ||
| 145 | case 3: l =((unsigned long)(*(--(c))))<<16; \ | ||
| 146 | case 2: l|=((unsigned long)(*(--(c))))<< 8; \ | ||
| 147 | case 1: l|=((unsigned long)(*(--(c)))); \ | ||
| 148 | } \ | ||
| 149 | } | ||
| 150 | |||
| 151 | #undef p_c2l_p | ||
| 152 | #define p_c2l_p(c,l,sc,len) { \ | ||
| 153 | switch (sc) \ | ||
| 154 | { \ | ||
| 155 | case 0: l =((unsigned long)(*((c)++))); \ | ||
| 156 | if (--len == 0) break; \ | ||
| 157 | case 1: l|=((unsigned long)(*((c)++)))<< 8; \ | ||
| 158 | if (--len == 0) break; \ | ||
| 159 | case 2: l|=((unsigned long)(*((c)++)))<<16; \ | ||
| 160 | } \ | ||
| 161 | } | ||
| 162 | |||
| 163 | #undef l2c | ||
| 164 | #define l2c(l,c) (*((c)++)=(unsigned char)(((l) )&0xff), \ | ||
| 165 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | ||
| 166 | *((c)++)=(unsigned char)(((l)>>16)&0xff), \ | ||
| 167 | *((c)++)=(unsigned char)(((l)>>24)&0xff)) | ||
| 168 | |||
| 169 | #undef ROTATE | ||
| 170 | #if defined(WIN32) | ||
| 171 | #define ROTATE(a,n) _lrotl(a,n) | ||
| 172 | #else | 129 | #else |
| 173 | #define ROTATE(a,n) (((a)<<(n))|(((a)&0xffffffff)>>(32-(n)))) | 130 | # error "Either SHA_0 or SHA_1 must be defined." |
| 174 | #endif | 131 | #endif |
| 175 | 132 | ||
| 176 | /* A nice byte order reversal from Wei Dai <weidai@eskimo.com> */ | 133 | #include "md32_common.h" |
| 177 | #if defined(WIN32) | 134 | |
| 178 | /* 5 instructions with rotate instruction, else 9 */ | 135 | #define INIT_DATA_h0 0x67452301UL |
| 179 | #define Endian_Reverse32(a) \ | 136 | #define INIT_DATA_h1 0xefcdab89UL |
| 180 | { \ | 137 | #define INIT_DATA_h2 0x98badcfeUL |
| 181 | unsigned long l=(a); \ | 138 | #define INIT_DATA_h3 0x10325476UL |
| 182 | (a)=((ROTATE(l,8)&0x00FF00FF)|(ROTATE(l,24)&0xFF00FF00)); \ | 139 | #define INIT_DATA_h4 0xc3d2e1f0UL |
| 183 | } | 140 | |
| 184 | #else | 141 | int HASH_INIT (SHA_CTX *c) |
| 185 | /* 6 instructions with rotate instruction, else 8 */ | 142 | { |
| 186 | #define Endian_Reverse32(a) \ | 143 | c->h0=INIT_DATA_h0; |
| 187 | { \ | 144 | c->h1=INIT_DATA_h1; |
| 188 | unsigned long l=(a); \ | 145 | c->h2=INIT_DATA_h2; |
| 189 | l=(((l&0xFF00FF00)>>8L)|((l&0x00FF00FF)<<8L)); \ | 146 | c->h3=INIT_DATA_h3; |
| 190 | (a)=ROTATE(l,16L); \ | 147 | c->h4=INIT_DATA_h4; |
| 148 | c->Nl=0; | ||
| 149 | c->Nh=0; | ||
| 150 | c->num=0; | ||
| 151 | return 1; | ||
| 191 | } | 152 | } |
| 192 | #endif | 153 | |
| 154 | #define K_00_19 0x5a827999UL | ||
| 155 | #define K_20_39 0x6ed9eba1UL | ||
| 156 | #define K_40_59 0x8f1bbcdcUL | ||
| 157 | #define K_60_79 0xca62c1d6UL | ||
| 193 | 158 | ||
| 194 | /* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be | 159 | /* As pointed out by Wei Dai <weidai@eskimo.com>, F() below can be |
| 195 | * simplified to the code in F_00_19. Wei attributes these optimisations | 160 | * simplified to the code in F_00_19. Wei attributes these optimisations |
| @@ -203,44 +168,305 @@ | |||
| 203 | #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) | 168 | #define F_40_59(b,c,d) (((b) & (c)) | (((b)|(c)) & (d))) |
| 204 | #define F_60_79(b,c,d) F_20_39(b,c,d) | 169 | #define F_60_79(b,c,d) F_20_39(b,c,d) |
| 205 | 170 | ||
| 206 | #ifdef SHA_0 | 171 | #define BODY_00_15(i,a,b,c,d,e,f,xi) \ |
| 207 | #undef Xupdate | 172 | (f)=xi+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ |
| 208 | #define Xupdate(a,i,ia,ib,ic,id) X[(i)&0x0f]=(a)=\ | ||
| 209 | (ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]); | ||
| 210 | #endif | ||
| 211 | #ifdef SHA_1 | ||
| 212 | #undef Xupdate | ||
| 213 | #define Xupdate(a,i,ia,ib,ic,id) (a)=\ | ||
| 214 | (ia[(i)&0x0f]^ib[((i)+2)&0x0f]^ic[((i)+8)&0x0f]^id[((i)+13)&0x0f]);\ | ||
| 215 | X[(i)&0x0f]=(a)=ROTATE((a),1); | ||
| 216 | #endif | ||
| 217 | |||
| 218 | #define BODY_00_15(i,a,b,c,d,e,f,xa) \ | ||
| 219 | (f)=xa[i]+(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ | ||
| 220 | (b)=ROTATE((b),30); | 173 | (b)=ROTATE((b),30); |
| 221 | 174 | ||
| 222 | #define BODY_16_19(i,a,b,c,d,e,f,xa,xb,xc,xd) \ | 175 | #define BODY_16_19(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ |
| 223 | Xupdate(f,i,xa,xb,xc,xd); \ | 176 | Xupdate(f,xi,xa,xb,xc,xd); \ |
| 224 | (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ | 177 | (f)+=(e)+K_00_19+ROTATE((a),5)+F_00_19((b),(c),(d)); \ |
| 225 | (b)=ROTATE((b),30); | 178 | (b)=ROTATE((b),30); |
| 226 | 179 | ||
| 227 | #define BODY_20_31(i,a,b,c,d,e,f,xa,xb,xc,xd) \ | 180 | #define BODY_20_31(i,a,b,c,d,e,f,xi,xa,xb,xc,xd) \ |
| 228 | Xupdate(f,i,xa,xb,xc,xd); \ | 181 | Xupdate(f,xi,xa,xb,xc,xd); \ |
| 229 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ | 182 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ |
| 230 | (b)=ROTATE((b),30); | 183 | (b)=ROTATE((b),30); |
| 231 | 184 | ||
| 232 | #define BODY_32_39(i,a,b,c,d,e,f,xa) \ | 185 | #define BODY_32_39(i,a,b,c,d,e,f,xa,xb,xc,xd) \ |
| 233 | Xupdate(f,i,xa,xa,xa,xa); \ | 186 | Xupdate(f,xa,xa,xb,xc,xd); \ |
| 234 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ | 187 | (f)+=(e)+K_20_39+ROTATE((a),5)+F_20_39((b),(c),(d)); \ |
| 235 | (b)=ROTATE((b),30); | 188 | (b)=ROTATE((b),30); |
| 236 | 189 | ||
| 237 | #define BODY_40_59(i,a,b,c,d,e,f,xa) \ | 190 | #define BODY_40_59(i,a,b,c,d,e,f,xa,xb,xc,xd) \ |
| 238 | Xupdate(f,i,xa,xa,xa,xa); \ | 191 | Xupdate(f,xa,xa,xb,xc,xd); \ |
| 239 | (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ | 192 | (f)+=(e)+K_40_59+ROTATE((a),5)+F_40_59((b),(c),(d)); \ |
| 240 | (b)=ROTATE((b),30); | 193 | (b)=ROTATE((b),30); |
| 241 | 194 | ||
| 242 | #define BODY_60_79(i,a,b,c,d,e,f,xa) \ | 195 | #define BODY_60_79(i,a,b,c,d,e,f,xa,xb,xc,xd) \ |
| 243 | Xupdate(f,i,xa,xa,xa,xa); \ | 196 | Xupdate(f,xa,xa,xb,xc,xd); \ |
| 244 | (f)=X[(i)&0x0f]+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ | 197 | (f)=xa+(e)+K_60_79+ROTATE((a),5)+F_60_79((b),(c),(d)); \ |
| 245 | (b)=ROTATE((b),30); | 198 | (b)=ROTATE((b),30); |
| 246 | 199 | ||
| 200 | #ifdef X | ||
| 201 | #undef X | ||
| 202 | #endif | ||
| 203 | #ifndef MD32_XARRAY | ||
| 204 | /* | ||
| 205 | * Originally X was an array. As it's automatic it's natural | ||
| 206 | * to expect RISC compiler to accomodate at least part of it in | ||
| 207 | * the register bank, isn't it? Unfortunately not all compilers | ||
| 208 | * "find" this expectation reasonable:-( On order to make such | ||
| 209 | * compilers generate better code I replace X[] with a bunch of | ||
| 210 | * X0, X1, etc. See the function body below... | ||
| 211 | * <appro@fy.chalmers.se> | ||
| 212 | */ | ||
| 213 | # define X(i) XX##i | ||
| 214 | #else | ||
| 215 | /* | ||
| 216 | * However! Some compilers (most notably HP C) get overwhelmed by | ||
| 217 | * that many local variables so that we have to have the way to | ||
| 218 | * fall down to the original behavior. | ||
| 219 | */ | ||
| 220 | # define X(i) XX[i] | ||
| 221 | #endif | ||
| 222 | |||
| 223 | #ifndef DONT_IMPLEMENT_BLOCK_HOST_ORDER | ||
| 224 | void HASH_BLOCK_HOST_ORDER (SHA_CTX *c, const void *d, int num) | ||
| 225 | { | ||
| 226 | const SHA_LONG *W=d; | ||
| 227 | register unsigned long A,B,C,D,E,T; | ||
| 228 | #ifndef MD32_XARRAY | ||
| 229 | unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | ||
| 230 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | ||
| 231 | #else | ||
| 232 | SHA_LONG XX[16]; | ||
| 233 | #endif | ||
| 234 | |||
| 235 | A=c->h0; | ||
| 236 | B=c->h1; | ||
| 237 | C=c->h2; | ||
| 238 | D=c->h3; | ||
| 239 | E=c->h4; | ||
| 240 | |||
| 241 | for (;;) | ||
| 242 | { | ||
| 243 | BODY_00_15( 0,A,B,C,D,E,T,W[ 0]); | ||
| 244 | BODY_00_15( 1,T,A,B,C,D,E,W[ 1]); | ||
| 245 | BODY_00_15( 2,E,T,A,B,C,D,W[ 2]); | ||
| 246 | BODY_00_15( 3,D,E,T,A,B,C,W[ 3]); | ||
| 247 | BODY_00_15( 4,C,D,E,T,A,B,W[ 4]); | ||
| 248 | BODY_00_15( 5,B,C,D,E,T,A,W[ 5]); | ||
| 249 | BODY_00_15( 6,A,B,C,D,E,T,W[ 6]); | ||
| 250 | BODY_00_15( 7,T,A,B,C,D,E,W[ 7]); | ||
| 251 | BODY_00_15( 8,E,T,A,B,C,D,W[ 8]); | ||
| 252 | BODY_00_15( 9,D,E,T,A,B,C,W[ 9]); | ||
| 253 | BODY_00_15(10,C,D,E,T,A,B,W[10]); | ||
| 254 | BODY_00_15(11,B,C,D,E,T,A,W[11]); | ||
| 255 | BODY_00_15(12,A,B,C,D,E,T,W[12]); | ||
| 256 | BODY_00_15(13,T,A,B,C,D,E,W[13]); | ||
| 257 | BODY_00_15(14,E,T,A,B,C,D,W[14]); | ||
| 258 | BODY_00_15(15,D,E,T,A,B,C,W[15]); | ||
| 259 | |||
| 260 | BODY_16_19(16,C,D,E,T,A,B,X( 0),W[ 0],W[ 2],W[ 8],W[13]); | ||
| 261 | BODY_16_19(17,B,C,D,E,T,A,X( 1),W[ 1],W[ 3],W[ 9],W[14]); | ||
| 262 | BODY_16_19(18,A,B,C,D,E,T,X( 2),W[ 2],W[ 4],W[10],W[15]); | ||
| 263 | BODY_16_19(19,T,A,B,C,D,E,X( 3),W[ 3],W[ 5],W[11],X( 0)); | ||
| 264 | |||
| 265 | BODY_20_31(20,E,T,A,B,C,D,X( 4),W[ 4],W[ 6],W[12],X( 1)); | ||
| 266 | BODY_20_31(21,D,E,T,A,B,C,X( 5),W[ 5],W[ 7],W[13],X( 2)); | ||
| 267 | BODY_20_31(22,C,D,E,T,A,B,X( 6),W[ 6],W[ 8],W[14],X( 3)); | ||
| 268 | BODY_20_31(23,B,C,D,E,T,A,X( 7),W[ 7],W[ 9],W[15],X( 4)); | ||
| 269 | BODY_20_31(24,A,B,C,D,E,T,X( 8),W[ 8],W[10],X( 0),X( 5)); | ||
| 270 | BODY_20_31(25,T,A,B,C,D,E,X( 9),W[ 9],W[11],X( 1),X( 6)); | ||
| 271 | BODY_20_31(26,E,T,A,B,C,D,X(10),W[10],W[12],X( 2),X( 7)); | ||
| 272 | BODY_20_31(27,D,E,T,A,B,C,X(11),W[11],W[13],X( 3),X( 8)); | ||
| 273 | BODY_20_31(28,C,D,E,T,A,B,X(12),W[12],W[14],X( 4),X( 9)); | ||
| 274 | BODY_20_31(29,B,C,D,E,T,A,X(13),W[13],W[15],X( 5),X(10)); | ||
| 275 | BODY_20_31(30,A,B,C,D,E,T,X(14),W[14],X( 0),X( 6),X(11)); | ||
| 276 | BODY_20_31(31,T,A,B,C,D,E,X(15),W[15],X( 1),X( 7),X(12)); | ||
| 277 | |||
| 278 | BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); | ||
| 279 | BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); | ||
| 280 | BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); | ||
| 281 | BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); | ||
| 282 | BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); | ||
| 283 | BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); | ||
| 284 | BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); | ||
| 285 | BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); | ||
| 286 | |||
| 287 | BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); | ||
| 288 | BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); | ||
| 289 | BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); | ||
| 290 | BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); | ||
| 291 | BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); | ||
| 292 | BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); | ||
| 293 | BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); | ||
| 294 | BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); | ||
| 295 | BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); | ||
| 296 | BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); | ||
| 297 | BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); | ||
| 298 | BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); | ||
| 299 | BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); | ||
| 300 | BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); | ||
| 301 | BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); | ||
| 302 | BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); | ||
| 303 | BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); | ||
| 304 | BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); | ||
| 305 | BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); | ||
| 306 | BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); | ||
| 307 | |||
| 308 | BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); | ||
| 309 | BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); | ||
| 310 | BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); | ||
| 311 | BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); | ||
| 312 | BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); | ||
| 313 | BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); | ||
| 314 | BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); | ||
| 315 | BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); | ||
| 316 | BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); | ||
| 317 | BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); | ||
| 318 | BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); | ||
| 319 | BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); | ||
| 320 | BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); | ||
| 321 | BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); | ||
| 322 | BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); | ||
| 323 | BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); | ||
| 324 | BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); | ||
| 325 | BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); | ||
| 326 | BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); | ||
| 327 | BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); | ||
| 328 | |||
| 329 | c->h0=(c->h0+E)&0xffffffffL; | ||
| 330 | c->h1=(c->h1+T)&0xffffffffL; | ||
| 331 | c->h2=(c->h2+A)&0xffffffffL; | ||
| 332 | c->h3=(c->h3+B)&0xffffffffL; | ||
| 333 | c->h4=(c->h4+C)&0xffffffffL; | ||
| 334 | |||
| 335 | if (--num <= 0) break; | ||
| 336 | |||
| 337 | A=c->h0; | ||
| 338 | B=c->h1; | ||
| 339 | C=c->h2; | ||
| 340 | D=c->h3; | ||
| 341 | E=c->h4; | ||
| 342 | |||
| 343 | W+=SHA_LBLOCK; | ||
| 344 | } | ||
| 345 | } | ||
| 346 | #endif | ||
| 347 | |||
| 348 | #ifndef DONT_IMPLEMENT_BLOCK_DATA_ORDER | ||
| 349 | void HASH_BLOCK_DATA_ORDER (SHA_CTX *c, const void *p, int num) | ||
| 350 | { | ||
| 351 | const unsigned char *data=p; | ||
| 352 | register unsigned long A,B,C,D,E,T,l; | ||
| 353 | #ifndef MD32_XARRAY | ||
| 354 | unsigned long XX0, XX1, XX2, XX3, XX4, XX5, XX6, XX7, | ||
| 355 | XX8, XX9,XX10,XX11,XX12,XX13,XX14,XX15; | ||
| 356 | #else | ||
| 357 | SHA_LONG XX[16]; | ||
| 358 | #endif | ||
| 359 | |||
| 360 | A=c->h0; | ||
| 361 | B=c->h1; | ||
| 362 | C=c->h2; | ||
| 363 | D=c->h3; | ||
| 364 | E=c->h4; | ||
| 365 | |||
| 366 | for (;;) | ||
| 367 | { | ||
| 368 | |||
| 369 | HOST_c2l(data,l); X( 0)=l; HOST_c2l(data,l); X( 1)=l; | ||
| 370 | BODY_00_15( 0,A,B,C,D,E,T,X( 0)); HOST_c2l(data,l); X( 2)=l; | ||
| 371 | BODY_00_15( 1,T,A,B,C,D,E,X( 1)); HOST_c2l(data,l); X( 3)=l; | ||
| 372 | BODY_00_15( 2,E,T,A,B,C,D,X( 2)); HOST_c2l(data,l); X( 4)=l; | ||
| 373 | BODY_00_15( 3,D,E,T,A,B,C,X( 3)); HOST_c2l(data,l); X( 5)=l; | ||
| 374 | BODY_00_15( 4,C,D,E,T,A,B,X( 4)); HOST_c2l(data,l); X( 6)=l; | ||
| 375 | BODY_00_15( 5,B,C,D,E,T,A,X( 5)); HOST_c2l(data,l); X( 7)=l; | ||
| 376 | BODY_00_15( 6,A,B,C,D,E,T,X( 6)); HOST_c2l(data,l); X( 8)=l; | ||
| 377 | BODY_00_15( 7,T,A,B,C,D,E,X( 7)); HOST_c2l(data,l); X( 9)=l; | ||
| 378 | BODY_00_15( 8,E,T,A,B,C,D,X( 8)); HOST_c2l(data,l); X(10)=l; | ||
| 379 | BODY_00_15( 9,D,E,T,A,B,C,X( 9)); HOST_c2l(data,l); X(11)=l; | ||
| 380 | BODY_00_15(10,C,D,E,T,A,B,X(10)); HOST_c2l(data,l); X(12)=l; | ||
| 381 | BODY_00_15(11,B,C,D,E,T,A,X(11)); HOST_c2l(data,l); X(13)=l; | ||
| 382 | BODY_00_15(12,A,B,C,D,E,T,X(12)); HOST_c2l(data,l); X(14)=l; | ||
| 383 | BODY_00_15(13,T,A,B,C,D,E,X(13)); HOST_c2l(data,l); X(15)=l; | ||
| 384 | BODY_00_15(14,E,T,A,B,C,D,X(14)); | ||
| 385 | BODY_00_15(15,D,E,T,A,B,C,X(15)); | ||
| 386 | |||
| 387 | BODY_16_19(16,C,D,E,T,A,B,X( 0),X( 0),X( 2),X( 8),X(13)); | ||
| 388 | BODY_16_19(17,B,C,D,E,T,A,X( 1),X( 1),X( 3),X( 9),X(14)); | ||
| 389 | BODY_16_19(18,A,B,C,D,E,T,X( 2),X( 2),X( 4),X(10),X(15)); | ||
| 390 | BODY_16_19(19,T,A,B,C,D,E,X( 3),X( 3),X( 5),X(11),X( 0)); | ||
| 391 | |||
| 392 | BODY_20_31(20,E,T,A,B,C,D,X( 4),X( 4),X( 6),X(12),X( 1)); | ||
| 393 | BODY_20_31(21,D,E,T,A,B,C,X( 5),X( 5),X( 7),X(13),X( 2)); | ||
| 394 | BODY_20_31(22,C,D,E,T,A,B,X( 6),X( 6),X( 8),X(14),X( 3)); | ||
| 395 | BODY_20_31(23,B,C,D,E,T,A,X( 7),X( 7),X( 9),X(15),X( 4)); | ||
| 396 | BODY_20_31(24,A,B,C,D,E,T,X( 8),X( 8),X(10),X( 0),X( 5)); | ||
| 397 | BODY_20_31(25,T,A,B,C,D,E,X( 9),X( 9),X(11),X( 1),X( 6)); | ||
| 398 | BODY_20_31(26,E,T,A,B,C,D,X(10),X(10),X(12),X( 2),X( 7)); | ||
| 399 | BODY_20_31(27,D,E,T,A,B,C,X(11),X(11),X(13),X( 3),X( 8)); | ||
| 400 | BODY_20_31(28,C,D,E,T,A,B,X(12),X(12),X(14),X( 4),X( 9)); | ||
| 401 | BODY_20_31(29,B,C,D,E,T,A,X(13),X(13),X(15),X( 5),X(10)); | ||
| 402 | BODY_20_31(30,A,B,C,D,E,T,X(14),X(14),X( 0),X( 6),X(11)); | ||
| 403 | BODY_20_31(31,T,A,B,C,D,E,X(15),X(15),X( 1),X( 7),X(12)); | ||
| 404 | |||
| 405 | BODY_32_39(32,E,T,A,B,C,D,X( 0),X( 2),X( 8),X(13)); | ||
| 406 | BODY_32_39(33,D,E,T,A,B,C,X( 1),X( 3),X( 9),X(14)); | ||
| 407 | BODY_32_39(34,C,D,E,T,A,B,X( 2),X( 4),X(10),X(15)); | ||
| 408 | BODY_32_39(35,B,C,D,E,T,A,X( 3),X( 5),X(11),X( 0)); | ||
| 409 | BODY_32_39(36,A,B,C,D,E,T,X( 4),X( 6),X(12),X( 1)); | ||
| 410 | BODY_32_39(37,T,A,B,C,D,E,X( 5),X( 7),X(13),X( 2)); | ||
| 411 | BODY_32_39(38,E,T,A,B,C,D,X( 6),X( 8),X(14),X( 3)); | ||
| 412 | BODY_32_39(39,D,E,T,A,B,C,X( 7),X( 9),X(15),X( 4)); | ||
| 413 | |||
| 414 | BODY_40_59(40,C,D,E,T,A,B,X( 8),X(10),X( 0),X( 5)); | ||
| 415 | BODY_40_59(41,B,C,D,E,T,A,X( 9),X(11),X( 1),X( 6)); | ||
| 416 | BODY_40_59(42,A,B,C,D,E,T,X(10),X(12),X( 2),X( 7)); | ||
| 417 | BODY_40_59(43,T,A,B,C,D,E,X(11),X(13),X( 3),X( 8)); | ||
| 418 | BODY_40_59(44,E,T,A,B,C,D,X(12),X(14),X( 4),X( 9)); | ||
| 419 | BODY_40_59(45,D,E,T,A,B,C,X(13),X(15),X( 5),X(10)); | ||
| 420 | BODY_40_59(46,C,D,E,T,A,B,X(14),X( 0),X( 6),X(11)); | ||
| 421 | BODY_40_59(47,B,C,D,E,T,A,X(15),X( 1),X( 7),X(12)); | ||
| 422 | BODY_40_59(48,A,B,C,D,E,T,X( 0),X( 2),X( 8),X(13)); | ||
| 423 | BODY_40_59(49,T,A,B,C,D,E,X( 1),X( 3),X( 9),X(14)); | ||
| 424 | BODY_40_59(50,E,T,A,B,C,D,X( 2),X( 4),X(10),X(15)); | ||
| 425 | BODY_40_59(51,D,E,T,A,B,C,X( 3),X( 5),X(11),X( 0)); | ||
| 426 | BODY_40_59(52,C,D,E,T,A,B,X( 4),X( 6),X(12),X( 1)); | ||
| 427 | BODY_40_59(53,B,C,D,E,T,A,X( 5),X( 7),X(13),X( 2)); | ||
| 428 | BODY_40_59(54,A,B,C,D,E,T,X( 6),X( 8),X(14),X( 3)); | ||
| 429 | BODY_40_59(55,T,A,B,C,D,E,X( 7),X( 9),X(15),X( 4)); | ||
| 430 | BODY_40_59(56,E,T,A,B,C,D,X( 8),X(10),X( 0),X( 5)); | ||
| 431 | BODY_40_59(57,D,E,T,A,B,C,X( 9),X(11),X( 1),X( 6)); | ||
| 432 | BODY_40_59(58,C,D,E,T,A,B,X(10),X(12),X( 2),X( 7)); | ||
| 433 | BODY_40_59(59,B,C,D,E,T,A,X(11),X(13),X( 3),X( 8)); | ||
| 434 | |||
| 435 | BODY_60_79(60,A,B,C,D,E,T,X(12),X(14),X( 4),X( 9)); | ||
| 436 | BODY_60_79(61,T,A,B,C,D,E,X(13),X(15),X( 5),X(10)); | ||
| 437 | BODY_60_79(62,E,T,A,B,C,D,X(14),X( 0),X( 6),X(11)); | ||
| 438 | BODY_60_79(63,D,E,T,A,B,C,X(15),X( 1),X( 7),X(12)); | ||
| 439 | BODY_60_79(64,C,D,E,T,A,B,X( 0),X( 2),X( 8),X(13)); | ||
| 440 | BODY_60_79(65,B,C,D,E,T,A,X( 1),X( 3),X( 9),X(14)); | ||
| 441 | BODY_60_79(66,A,B,C,D,E,T,X( 2),X( 4),X(10),X(15)); | ||
| 442 | BODY_60_79(67,T,A,B,C,D,E,X( 3),X( 5),X(11),X( 0)); | ||
| 443 | BODY_60_79(68,E,T,A,B,C,D,X( 4),X( 6),X(12),X( 1)); | ||
| 444 | BODY_60_79(69,D,E,T,A,B,C,X( 5),X( 7),X(13),X( 2)); | ||
| 445 | BODY_60_79(70,C,D,E,T,A,B,X( 6),X( 8),X(14),X( 3)); | ||
| 446 | BODY_60_79(71,B,C,D,E,T,A,X( 7),X( 9),X(15),X( 4)); | ||
| 447 | BODY_60_79(72,A,B,C,D,E,T,X( 8),X(10),X( 0),X( 5)); | ||
| 448 | BODY_60_79(73,T,A,B,C,D,E,X( 9),X(11),X( 1),X( 6)); | ||
| 449 | BODY_60_79(74,E,T,A,B,C,D,X(10),X(12),X( 2),X( 7)); | ||
| 450 | BODY_60_79(75,D,E,T,A,B,C,X(11),X(13),X( 3),X( 8)); | ||
| 451 | BODY_60_79(76,C,D,E,T,A,B,X(12),X(14),X( 4),X( 9)); | ||
| 452 | BODY_60_79(77,B,C,D,E,T,A,X(13),X(15),X( 5),X(10)); | ||
| 453 | BODY_60_79(78,A,B,C,D,E,T,X(14),X( 0),X( 6),X(11)); | ||
| 454 | BODY_60_79(79,T,A,B,C,D,E,X(15),X( 1),X( 7),X(12)); | ||
| 455 | |||
| 456 | c->h0=(c->h0+E)&0xffffffffL; | ||
| 457 | c->h1=(c->h1+T)&0xffffffffL; | ||
| 458 | c->h2=(c->h2+A)&0xffffffffL; | ||
| 459 | c->h3=(c->h3+B)&0xffffffffL; | ||
| 460 | c->h4=(c->h4+C)&0xffffffffL; | ||
| 461 | |||
| 462 | if (--num <= 0) break; | ||
| 463 | |||
| 464 | A=c->h0; | ||
| 465 | B=c->h1; | ||
| 466 | C=c->h2; | ||
| 467 | D=c->h3; | ||
| 468 | E=c->h4; | ||
| 469 | |||
| 470 | } | ||
| 471 | } | ||
| 472 | #endif | ||
diff --git a/src/lib/libcrypto/stack/safestack.h b/src/lib/libcrypto/stack/safestack.h index 38934981e3..ed9ed2c23a 100644 --- a/src/lib/libcrypto/stack/safestack.h +++ b/src/lib/libcrypto/stack/safestack.h | |||
| @@ -57,73 +57,1456 @@ | |||
| 57 | 57 | ||
| 58 | #include <openssl/stack.h> | 58 | #include <openssl/stack.h> |
| 59 | 59 | ||
| 60 | #define STACK_OF(type) STACK_##type | 60 | #ifdef DEBUG_SAFESTACK |
| 61 | |||
| 62 | #define STACK_OF(type) struct stack_st_##type | ||
| 63 | #define PREDECLARE_STACK_OF(type) STACK_OF(type); | ||
| 61 | 64 | ||
| 62 | #define DECLARE_STACK_OF(type) \ | 65 | #define DECLARE_STACK_OF(type) \ |
| 63 | typedef struct stack_st_##type \ | 66 | STACK_OF(type) \ |
| 64 | { \ | 67 | { \ |
| 65 | STACK stack; \ | 68 | STACK stack; \ |
| 66 | } STACK_OF(type); \ | 69 | }; |
| 67 | STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)); \ | 70 | |
| 68 | STACK_OF(type) *sk_##type##_new_null(void); \ | 71 | #define IMPLEMENT_STACK_OF(type) /* nada (obsolete in new safestack approach)*/ |
| 69 | void sk_##type##_free(STACK_OF(type) *sk); \ | 72 | |
| 70 | int sk_##type##_num(const STACK_OF(type) *sk); \ | 73 | /* SKM_sk_... stack macros are internal to safestack.h: |
| 71 | type *sk_##type##_value(const STACK_OF(type) *sk,int n); \ | 74 | * never use them directly, use sk_<type>_... instead */ |
| 72 | type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v); \ | 75 | #define SKM_sk_new(type, cmp) \ |
| 73 | void sk_##type##_zero(STACK_OF(type) *sk); \ | 76 | ((STACK_OF(type) * (*)(int (*)(const type * const *, const type * const *)))sk_new)(cmp) |
| 74 | int sk_##type##_push(STACK_OF(type) *sk,type *v); \ | 77 | #define SKM_sk_new_null(type) \ |
| 75 | int sk_##type##_unshift(STACK_OF(type) *sk,type *v); \ | 78 | ((STACK_OF(type) * (*)(void))sk_new_null)() |
| 76 | int sk_##type##_find(STACK_OF(type) *sk,type *v); \ | 79 | #define SKM_sk_free(type, st) \ |
| 77 | type *sk_##type##_delete(STACK_OF(type) *sk,int n); \ | 80 | ((void (*)(STACK_OF(type) *))sk_free)(st) |
| 78 | void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v); \ | 81 | #define SKM_sk_num(type, st) \ |
| 79 | int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n); \ | 82 | ((int (*)(const STACK_OF(type) *))sk_num)(st) |
| 80 | int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \ | 83 | #define SKM_sk_value(type, st,i) \ |
| 81 | int (*cmp)(type **,type **)))(type **,type **); \ | 84 | ((type * (*)(const STACK_OF(type) *, int))sk_value)(st, i) |
| 82 | STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk); \ | 85 | #define SKM_sk_set(type, st,i,val) \ |
| 83 | void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)); \ | 86 | ((type * (*)(STACK_OF(type) *, int, type *))sk_set)(st, i, val) |
| 84 | type *sk_##type##_shift(STACK_OF(type) *sk); \ | 87 | #define SKM_sk_zero(type, st) \ |
| 85 | type *sk_##type##_pop(STACK_OF(type) *sk); \ | 88 | ((void (*)(STACK_OF(type) *))sk_zero)(st) |
| 86 | void sk_##type##_sort(STACK_OF(type) *sk); | 89 | #define SKM_sk_push(type, st,val) \ |
| 87 | 90 | ((int (*)(STACK_OF(type) *, type *))sk_push)(st, val) | |
| 88 | #define IMPLEMENT_STACK_OF(type) \ | 91 | #define SKM_sk_unshift(type, st,val) \ |
| 89 | STACK_OF(type) *sk_##type##_new(int (*cmp)(type **,type **)) \ | 92 | ((int (*)(STACK_OF(type) *, type *))sk_unshift)(st, val) |
| 90 | { return (STACK_OF(type) *)sk_new(cmp); } \ | 93 | #define SKM_sk_find(type, st,val) \ |
| 91 | STACK_OF(type) *sk_##type##_new_null() \ | 94 | ((int (*)(STACK_OF(type) *, type *))sk_find)(st, val) |
| 92 | { return (STACK_OF(type) *)sk_new_null(); } \ | 95 | #define SKM_sk_delete(type, st,i) \ |
| 93 | void sk_##type##_free(STACK_OF(type) *sk) \ | 96 | ((type * (*)(STACK_OF(type) *, int))sk_delete)(st, i) |
| 94 | { sk_free((STACK *)sk); } \ | 97 | #define SKM_sk_delete_ptr(type, st,ptr) \ |
| 95 | int sk_##type##_num(const STACK_OF(type) *sk) \ | 98 | ((type * (*)(STACK_OF(type) *, type *))sk_delete_ptr)(st, ptr) |
| 96 | { return M_sk_num((const STACK *)sk); } \ | 99 | #define SKM_sk_insert(type, st,val,i) \ |
| 97 | type *sk_##type##_value(const STACK_OF(type) *sk,int n) \ | 100 | ((int (*)(STACK_OF(type) *, type *, int))sk_insert)(st, val, i) |
| 98 | { return (type *)sk_value((STACK *)sk,n); } \ | 101 | #define SKM_sk_set_cmp_func(type, st,cmp) \ |
| 99 | type *sk_##type##_set(STACK_OF(type) *sk,int n,type *v) \ | 102 | ((int (*(*)(STACK_OF(type) *, int (*)(const type * const *, const type * const *))) \ |
| 100 | { return (type *)(sk_set((STACK *)sk,n,(char *)v)); } \ | 103 | (const type * const *, const type * const *))sk_set_cmp_func)\ |
| 101 | void sk_##type##_zero(STACK_OF(type) *sk) \ | 104 | (st, cmp) |
| 102 | { sk_zero((STACK *)sk); } \ | 105 | #define SKM_sk_dup(type, st) \ |
| 103 | int sk_##type##_push(STACK_OF(type) *sk,type *v) \ | 106 | ((STACK_OF(type) *(*)(STACK_OF(type) *))sk_dup)(st) |
| 104 | { return sk_push((STACK *)sk,(char *)v); } \ | 107 | #define SKM_sk_pop_free(type, st,free_func) \ |
| 105 | int sk_##type##_unshift(STACK_OF(type) *sk,type *v) \ | 108 | ((void (*)(STACK_OF(type) *, void (*)(type *)))sk_pop_free)\ |
| 106 | { return sk_unshift((STACK *)sk,(char *)v); } \ | 109 | (st, free_func) |
| 107 | int sk_##type##_find(STACK_OF(type) *sk,type *v) \ | 110 | #define SKM_sk_shift(type, st) \ |
| 108 | { return sk_find((STACK *)sk,(char *)v); } \ | 111 | ((type * (*)(STACK_OF(type) *))sk_shift)(st) |
| 109 | type *sk_##type##_delete(STACK_OF(type) *sk,int n) \ | 112 | #define SKM_sk_pop(type, st) \ |
| 110 | { return (type *)sk_delete((STACK *)sk,n); } \ | 113 | ((type * (*)(STACK_OF(type) *))sk_pop)(st) |
| 111 | void sk_##type##_delete_ptr(STACK_OF(type) *sk,type *v) \ | 114 | #define SKM_sk_sort(type, st) \ |
| 112 | { sk_delete_ptr((STACK *)sk,(char *)v); } \ | 115 | ((void (*)(STACK_OF(type) *))sk_sort)(st) |
| 113 | int sk_##type##_insert(STACK_OF(type) *sk,type *v,int n) \ | 116 | |
| 114 | { return sk_insert((STACK *)sk,(char *)v,n); } \ | 117 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ |
| 115 | int (*sk_##type##_set_cmp_func(STACK_OF(type) *sk, \ | 118 | ((STACK_OF(type) * (*) (STACK_OF(type) **,unsigned char **, long , \ |
| 116 | int (*cmp)(type **,type **)))(type **,type **) \ | 119 | type *(*)(type **, unsigned char **,long), \ |
| 117 | { return (int (*)(type **,type **))sk_set_cmp_func((STACK *)sk,cmp); } \ | 120 | void (*)(type *), int ,int )) d2i_ASN1_SET) \ |
| 118 | STACK_OF(type) *sk_##type##_dup(STACK_OF(type) *sk) \ | 121 | (st,pp,length, d2i_func, free_func, ex_tag,ex_class) |
| 119 | { return (STACK_OF(type) *)sk_dup((STACK *)sk); } \ | 122 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ |
| 120 | void sk_##type##_pop_free(STACK_OF(type) *sk,void (*func)(type *)) \ | 123 | ((int (*)(STACK_OF(type) *,unsigned char **, \ |
| 121 | { sk_pop_free((STACK *)sk,func); } \ | 124 | int (*)(type *,unsigned char **), int , int , int)) i2d_ASN1_SET) \ |
| 122 | type *sk_##type##_shift(STACK_OF(type) *sk) \ | 125 | (st,pp,i2d_func,ex_tag,ex_class,is_set) |
| 123 | { return (type *)sk_shift((STACK *)sk); } \ | 126 | |
| 124 | type *sk_##type##_pop(STACK_OF(type) *sk) \ | 127 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ |
| 125 | { return (type *)sk_pop((STACK *)sk); } \ | 128 | ((unsigned char *(*)(STACK_OF(type) *, \ |
| 126 | void sk_##type##_sort(STACK_OF(type) *sk) \ | 129 | int (*)(type *,unsigned char **), unsigned char **,int *)) ASN1_seq_pack) \ |
| 127 | { sk_sort((STACK *)sk); } | 130 | (st, i2d_func, buf, len) |
| 128 | 131 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ | |
| 129 | #endif /* ndef HEADER_SAFESTACK_H */ | 132 | ((STACK_OF(type) * (*)(unsigned char *,int, \ |
| 133 | type *(*)(type **,unsigned char **, long), \ | ||
| 134 | void (*)(type *)))ASN1_seq_unpack) \ | ||
| 135 | (buf,len,d2i_func, free_func) | ||
| 136 | |||
| 137 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ | ||
| 138 | ((STACK_OF(type) * (*)(X509_ALGOR *, \ | ||
| 139 | type *(*)(type **, unsigned char **, long), void (*)(type *), \ | ||
| 140 | const char *, int, \ | ||
| 141 | ASN1_STRING *, int))PKCS12_decrypt_d2i) \ | ||
| 142 | (algor,d2i_func,free_func,pass,passlen,oct,seq) | ||
| 143 | |||
| 144 | #else | ||
| 145 | |||
| 146 | #define STACK_OF(type) STACK | ||
| 147 | #define PREDECLARE_STACK_OF(type) /* nada */ | ||
| 148 | #define DECLARE_STACK_OF(type) /* nada */ | ||
| 149 | #define IMPLEMENT_STACK_OF(type) /* nada */ | ||
| 150 | |||
| 151 | #define SKM_sk_new(type, cmp) \ | ||
| 152 | sk_new((int (*)(const char * const *, const char * const *))(cmp)) | ||
| 153 | #define SKM_sk_new_null(type) \ | ||
| 154 | sk_new_null() | ||
| 155 | #define SKM_sk_free(type, st) \ | ||
| 156 | sk_free(st) | ||
| 157 | #define SKM_sk_num(type, st) \ | ||
| 158 | sk_num(st) | ||
| 159 | #define SKM_sk_value(type, st,i) \ | ||
| 160 | ((type *)sk_value(st, i)) | ||
| 161 | #define SKM_sk_set(type, st,i,val) \ | ||
| 162 | ((type *)sk_set(st, i,(char *)val)) | ||
| 163 | #define SKM_sk_zero(type, st) \ | ||
| 164 | sk_zero(st) | ||
| 165 | #define SKM_sk_push(type, st,val) \ | ||
| 166 | sk_push(st, (char *)val) | ||
| 167 | #define SKM_sk_unshift(type, st,val) \ | ||
| 168 | sk_unshift(st, val) | ||
| 169 | #define SKM_sk_find(type, st,val) \ | ||
| 170 | sk_find(st, (char *)val) | ||
| 171 | #define SKM_sk_delete(type, st,i) \ | ||
| 172 | ((type *)sk_delete(st, i)) | ||
| 173 | #define SKM_sk_delete_ptr(type, st,ptr) \ | ||
| 174 | ((type *)sk_delete_ptr(st,(char *)ptr)) | ||
| 175 | #define SKM_sk_insert(type, st,val,i) \ | ||
| 176 | sk_insert(st, (char *)val, i) | ||
| 177 | #define SKM_sk_set_cmp_func(type, st,cmp) \ | ||
| 178 | ((int (*)(const type * const *,const type * const *)) \ | ||
| 179 | sk_set_cmp_func(st, (int (*)(const char * const *, const char * const *))(cmp))) | ||
| 180 | #define SKM_sk_dup(type, st) \ | ||
| 181 | sk_dup(st) | ||
| 182 | #define SKM_sk_pop_free(type, st,free_func) \ | ||
| 183 | sk_pop_free(st, (void (*)(void *))free_func) | ||
| 184 | #define SKM_sk_shift(type, st) \ | ||
| 185 | ((type *)sk_shift(st)) | ||
| 186 | #define SKM_sk_pop(type, st) \ | ||
| 187 | ((type *)sk_pop(st)) | ||
| 188 | #define SKM_sk_sort(type, st) \ | ||
| 189 | sk_sort(st) | ||
| 190 | |||
| 191 | #define SKM_ASN1_SET_OF_d2i(type, st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 192 | d2i_ASN1_SET(st,pp,length, (char *(*)())d2i_func, (void (*)(void *))free_func, ex_tag,ex_class) | ||
| 193 | #define SKM_ASN1_SET_OF_i2d(type, st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 194 | i2d_ASN1_SET(st,pp,i2d_func,ex_tag,ex_class,is_set) | ||
| 195 | |||
| 196 | #define SKM_ASN1_seq_pack(type, st, i2d_func, buf, len) \ | ||
| 197 | ASN1_seq_pack(st, i2d_func, buf, len) | ||
| 198 | #define SKM_ASN1_seq_unpack(type, buf, len, d2i_func, free_func) \ | ||
| 199 | ASN1_seq_unpack(buf,len,(char *(*)())d2i_func, (void(*)(void *))free_func) | ||
| 200 | |||
| 201 | #define SKM_PKCS12_decrypt_d2i(type, algor, d2i_func, free_func, pass, passlen, oct, seq) \ | ||
| 202 | ((STACK *)PKCS12_decrypt_d2i(algor,(char *(*)())d2i_func, (void(*)(void *))free_func,pass,passlen,oct,seq)) | ||
| 203 | |||
| 204 | #endif | ||
| 205 | |||
| 206 | /* This block of defines is updated by util/mkstack.pl, please do not touch! */ | ||
| 207 | #define sk_ACCESS_DESCRIPTION_new(st) SKM_sk_new(ACCESS_DESCRIPTION, (st)) | ||
| 208 | #define sk_ACCESS_DESCRIPTION_new_null() SKM_sk_new_null(ACCESS_DESCRIPTION) | ||
| 209 | #define sk_ACCESS_DESCRIPTION_free(st) SKM_sk_free(ACCESS_DESCRIPTION, (st)) | ||
| 210 | #define sk_ACCESS_DESCRIPTION_num(st) SKM_sk_num(ACCESS_DESCRIPTION, (st)) | ||
| 211 | #define sk_ACCESS_DESCRIPTION_value(st, i) SKM_sk_value(ACCESS_DESCRIPTION, (st), (i)) | ||
| 212 | #define sk_ACCESS_DESCRIPTION_set(st, i, val) SKM_sk_set(ACCESS_DESCRIPTION, (st), (i), (val)) | ||
| 213 | #define sk_ACCESS_DESCRIPTION_zero(st) SKM_sk_zero(ACCESS_DESCRIPTION, (st)) | ||
| 214 | #define sk_ACCESS_DESCRIPTION_push(st, val) SKM_sk_push(ACCESS_DESCRIPTION, (st), (val)) | ||
| 215 | #define sk_ACCESS_DESCRIPTION_unshift(st, val) SKM_sk_unshift(ACCESS_DESCRIPTION, (st), (val)) | ||
| 216 | #define sk_ACCESS_DESCRIPTION_find(st, val) SKM_sk_find(ACCESS_DESCRIPTION, (st), (val)) | ||
| 217 | #define sk_ACCESS_DESCRIPTION_delete(st, i) SKM_sk_delete(ACCESS_DESCRIPTION, (st), (i)) | ||
| 218 | #define sk_ACCESS_DESCRIPTION_delete_ptr(st, ptr) SKM_sk_delete_ptr(ACCESS_DESCRIPTION, (st), (ptr)) | ||
| 219 | #define sk_ACCESS_DESCRIPTION_insert(st, val, i) SKM_sk_insert(ACCESS_DESCRIPTION, (st), (val), (i)) | ||
| 220 | #define sk_ACCESS_DESCRIPTION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ACCESS_DESCRIPTION, (st), (cmp)) | ||
| 221 | #define sk_ACCESS_DESCRIPTION_dup(st) SKM_sk_dup(ACCESS_DESCRIPTION, st) | ||
| 222 | #define sk_ACCESS_DESCRIPTION_pop_free(st, free_func) SKM_sk_pop_free(ACCESS_DESCRIPTION, (st), (free_func)) | ||
| 223 | #define sk_ACCESS_DESCRIPTION_shift(st) SKM_sk_shift(ACCESS_DESCRIPTION, (st)) | ||
| 224 | #define sk_ACCESS_DESCRIPTION_pop(st) SKM_sk_pop(ACCESS_DESCRIPTION, (st)) | ||
| 225 | #define sk_ACCESS_DESCRIPTION_sort(st) SKM_sk_sort(ACCESS_DESCRIPTION, (st)) | ||
| 226 | |||
| 227 | #define sk_ASN1_GENERALSTRING_new(st) SKM_sk_new(ASN1_GENERALSTRING, (st)) | ||
| 228 | #define sk_ASN1_GENERALSTRING_new_null() SKM_sk_new_null(ASN1_GENERALSTRING) | ||
| 229 | #define sk_ASN1_GENERALSTRING_free(st) SKM_sk_free(ASN1_GENERALSTRING, (st)) | ||
| 230 | #define sk_ASN1_GENERALSTRING_num(st) SKM_sk_num(ASN1_GENERALSTRING, (st)) | ||
| 231 | #define sk_ASN1_GENERALSTRING_value(st, i) SKM_sk_value(ASN1_GENERALSTRING, (st), (i)) | ||
| 232 | #define sk_ASN1_GENERALSTRING_set(st, i, val) SKM_sk_set(ASN1_GENERALSTRING, (st), (i), (val)) | ||
| 233 | #define sk_ASN1_GENERALSTRING_zero(st) SKM_sk_zero(ASN1_GENERALSTRING, (st)) | ||
| 234 | #define sk_ASN1_GENERALSTRING_push(st, val) SKM_sk_push(ASN1_GENERALSTRING, (st), (val)) | ||
| 235 | #define sk_ASN1_GENERALSTRING_unshift(st, val) SKM_sk_unshift(ASN1_GENERALSTRING, (st), (val)) | ||
| 236 | #define sk_ASN1_GENERALSTRING_find(st, val) SKM_sk_find(ASN1_GENERALSTRING, (st), (val)) | ||
| 237 | #define sk_ASN1_GENERALSTRING_delete(st, i) SKM_sk_delete(ASN1_GENERALSTRING, (st), (i)) | ||
| 238 | #define sk_ASN1_GENERALSTRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_GENERALSTRING, (st), (ptr)) | ||
| 239 | #define sk_ASN1_GENERALSTRING_insert(st, val, i) SKM_sk_insert(ASN1_GENERALSTRING, (st), (val), (i)) | ||
| 240 | #define sk_ASN1_GENERALSTRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_GENERALSTRING, (st), (cmp)) | ||
| 241 | #define sk_ASN1_GENERALSTRING_dup(st) SKM_sk_dup(ASN1_GENERALSTRING, st) | ||
| 242 | #define sk_ASN1_GENERALSTRING_pop_free(st, free_func) SKM_sk_pop_free(ASN1_GENERALSTRING, (st), (free_func)) | ||
| 243 | #define sk_ASN1_GENERALSTRING_shift(st) SKM_sk_shift(ASN1_GENERALSTRING, (st)) | ||
| 244 | #define sk_ASN1_GENERALSTRING_pop(st) SKM_sk_pop(ASN1_GENERALSTRING, (st)) | ||
| 245 | #define sk_ASN1_GENERALSTRING_sort(st) SKM_sk_sort(ASN1_GENERALSTRING, (st)) | ||
| 246 | |||
| 247 | #define sk_ASN1_INTEGER_new(st) SKM_sk_new(ASN1_INTEGER, (st)) | ||
| 248 | #define sk_ASN1_INTEGER_new_null() SKM_sk_new_null(ASN1_INTEGER) | ||
| 249 | #define sk_ASN1_INTEGER_free(st) SKM_sk_free(ASN1_INTEGER, (st)) | ||
| 250 | #define sk_ASN1_INTEGER_num(st) SKM_sk_num(ASN1_INTEGER, (st)) | ||
| 251 | #define sk_ASN1_INTEGER_value(st, i) SKM_sk_value(ASN1_INTEGER, (st), (i)) | ||
| 252 | #define sk_ASN1_INTEGER_set(st, i, val) SKM_sk_set(ASN1_INTEGER, (st), (i), (val)) | ||
| 253 | #define sk_ASN1_INTEGER_zero(st) SKM_sk_zero(ASN1_INTEGER, (st)) | ||
| 254 | #define sk_ASN1_INTEGER_push(st, val) SKM_sk_push(ASN1_INTEGER, (st), (val)) | ||
| 255 | #define sk_ASN1_INTEGER_unshift(st, val) SKM_sk_unshift(ASN1_INTEGER, (st), (val)) | ||
| 256 | #define sk_ASN1_INTEGER_find(st, val) SKM_sk_find(ASN1_INTEGER, (st), (val)) | ||
| 257 | #define sk_ASN1_INTEGER_delete(st, i) SKM_sk_delete(ASN1_INTEGER, (st), (i)) | ||
| 258 | #define sk_ASN1_INTEGER_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_INTEGER, (st), (ptr)) | ||
| 259 | #define sk_ASN1_INTEGER_insert(st, val, i) SKM_sk_insert(ASN1_INTEGER, (st), (val), (i)) | ||
| 260 | #define sk_ASN1_INTEGER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_INTEGER, (st), (cmp)) | ||
| 261 | #define sk_ASN1_INTEGER_dup(st) SKM_sk_dup(ASN1_INTEGER, st) | ||
| 262 | #define sk_ASN1_INTEGER_pop_free(st, free_func) SKM_sk_pop_free(ASN1_INTEGER, (st), (free_func)) | ||
| 263 | #define sk_ASN1_INTEGER_shift(st) SKM_sk_shift(ASN1_INTEGER, (st)) | ||
| 264 | #define sk_ASN1_INTEGER_pop(st) SKM_sk_pop(ASN1_INTEGER, (st)) | ||
| 265 | #define sk_ASN1_INTEGER_sort(st) SKM_sk_sort(ASN1_INTEGER, (st)) | ||
| 266 | |||
| 267 | #define sk_ASN1_OBJECT_new(st) SKM_sk_new(ASN1_OBJECT, (st)) | ||
| 268 | #define sk_ASN1_OBJECT_new_null() SKM_sk_new_null(ASN1_OBJECT) | ||
| 269 | #define sk_ASN1_OBJECT_free(st) SKM_sk_free(ASN1_OBJECT, (st)) | ||
| 270 | #define sk_ASN1_OBJECT_num(st) SKM_sk_num(ASN1_OBJECT, (st)) | ||
| 271 | #define sk_ASN1_OBJECT_value(st, i) SKM_sk_value(ASN1_OBJECT, (st), (i)) | ||
| 272 | #define sk_ASN1_OBJECT_set(st, i, val) SKM_sk_set(ASN1_OBJECT, (st), (i), (val)) | ||
| 273 | #define sk_ASN1_OBJECT_zero(st) SKM_sk_zero(ASN1_OBJECT, (st)) | ||
| 274 | #define sk_ASN1_OBJECT_push(st, val) SKM_sk_push(ASN1_OBJECT, (st), (val)) | ||
| 275 | #define sk_ASN1_OBJECT_unshift(st, val) SKM_sk_unshift(ASN1_OBJECT, (st), (val)) | ||
| 276 | #define sk_ASN1_OBJECT_find(st, val) SKM_sk_find(ASN1_OBJECT, (st), (val)) | ||
| 277 | #define sk_ASN1_OBJECT_delete(st, i) SKM_sk_delete(ASN1_OBJECT, (st), (i)) | ||
| 278 | #define sk_ASN1_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_OBJECT, (st), (ptr)) | ||
| 279 | #define sk_ASN1_OBJECT_insert(st, val, i) SKM_sk_insert(ASN1_OBJECT, (st), (val), (i)) | ||
| 280 | #define sk_ASN1_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_OBJECT, (st), (cmp)) | ||
| 281 | #define sk_ASN1_OBJECT_dup(st) SKM_sk_dup(ASN1_OBJECT, st) | ||
| 282 | #define sk_ASN1_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(ASN1_OBJECT, (st), (free_func)) | ||
| 283 | #define sk_ASN1_OBJECT_shift(st) SKM_sk_shift(ASN1_OBJECT, (st)) | ||
| 284 | #define sk_ASN1_OBJECT_pop(st) SKM_sk_pop(ASN1_OBJECT, (st)) | ||
| 285 | #define sk_ASN1_OBJECT_sort(st) SKM_sk_sort(ASN1_OBJECT, (st)) | ||
| 286 | |||
| 287 | #define sk_ASN1_STRING_TABLE_new(st) SKM_sk_new(ASN1_STRING_TABLE, (st)) | ||
| 288 | #define sk_ASN1_STRING_TABLE_new_null() SKM_sk_new_null(ASN1_STRING_TABLE) | ||
| 289 | #define sk_ASN1_STRING_TABLE_free(st) SKM_sk_free(ASN1_STRING_TABLE, (st)) | ||
| 290 | #define sk_ASN1_STRING_TABLE_num(st) SKM_sk_num(ASN1_STRING_TABLE, (st)) | ||
| 291 | #define sk_ASN1_STRING_TABLE_value(st, i) SKM_sk_value(ASN1_STRING_TABLE, (st), (i)) | ||
| 292 | #define sk_ASN1_STRING_TABLE_set(st, i, val) SKM_sk_set(ASN1_STRING_TABLE, (st), (i), (val)) | ||
| 293 | #define sk_ASN1_STRING_TABLE_zero(st) SKM_sk_zero(ASN1_STRING_TABLE, (st)) | ||
| 294 | #define sk_ASN1_STRING_TABLE_push(st, val) SKM_sk_push(ASN1_STRING_TABLE, (st), (val)) | ||
| 295 | #define sk_ASN1_STRING_TABLE_unshift(st, val) SKM_sk_unshift(ASN1_STRING_TABLE, (st), (val)) | ||
| 296 | #define sk_ASN1_STRING_TABLE_find(st, val) SKM_sk_find(ASN1_STRING_TABLE, (st), (val)) | ||
| 297 | #define sk_ASN1_STRING_TABLE_delete(st, i) SKM_sk_delete(ASN1_STRING_TABLE, (st), (i)) | ||
| 298 | #define sk_ASN1_STRING_TABLE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_STRING_TABLE, (st), (ptr)) | ||
| 299 | #define sk_ASN1_STRING_TABLE_insert(st, val, i) SKM_sk_insert(ASN1_STRING_TABLE, (st), (val), (i)) | ||
| 300 | #define sk_ASN1_STRING_TABLE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_STRING_TABLE, (st), (cmp)) | ||
| 301 | #define sk_ASN1_STRING_TABLE_dup(st) SKM_sk_dup(ASN1_STRING_TABLE, st) | ||
| 302 | #define sk_ASN1_STRING_TABLE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_STRING_TABLE, (st), (free_func)) | ||
| 303 | #define sk_ASN1_STRING_TABLE_shift(st) SKM_sk_shift(ASN1_STRING_TABLE, (st)) | ||
| 304 | #define sk_ASN1_STRING_TABLE_pop(st) SKM_sk_pop(ASN1_STRING_TABLE, (st)) | ||
| 305 | #define sk_ASN1_STRING_TABLE_sort(st) SKM_sk_sort(ASN1_STRING_TABLE, (st)) | ||
| 306 | |||
| 307 | #define sk_ASN1_TYPE_new(st) SKM_sk_new(ASN1_TYPE, (st)) | ||
| 308 | #define sk_ASN1_TYPE_new_null() SKM_sk_new_null(ASN1_TYPE) | ||
| 309 | #define sk_ASN1_TYPE_free(st) SKM_sk_free(ASN1_TYPE, (st)) | ||
| 310 | #define sk_ASN1_TYPE_num(st) SKM_sk_num(ASN1_TYPE, (st)) | ||
| 311 | #define sk_ASN1_TYPE_value(st, i) SKM_sk_value(ASN1_TYPE, (st), (i)) | ||
| 312 | #define sk_ASN1_TYPE_set(st, i, val) SKM_sk_set(ASN1_TYPE, (st), (i), (val)) | ||
| 313 | #define sk_ASN1_TYPE_zero(st) SKM_sk_zero(ASN1_TYPE, (st)) | ||
| 314 | #define sk_ASN1_TYPE_push(st, val) SKM_sk_push(ASN1_TYPE, (st), (val)) | ||
| 315 | #define sk_ASN1_TYPE_unshift(st, val) SKM_sk_unshift(ASN1_TYPE, (st), (val)) | ||
| 316 | #define sk_ASN1_TYPE_find(st, val) SKM_sk_find(ASN1_TYPE, (st), (val)) | ||
| 317 | #define sk_ASN1_TYPE_delete(st, i) SKM_sk_delete(ASN1_TYPE, (st), (i)) | ||
| 318 | #define sk_ASN1_TYPE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_TYPE, (st), (ptr)) | ||
| 319 | #define sk_ASN1_TYPE_insert(st, val, i) SKM_sk_insert(ASN1_TYPE, (st), (val), (i)) | ||
| 320 | #define sk_ASN1_TYPE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_TYPE, (st), (cmp)) | ||
| 321 | #define sk_ASN1_TYPE_dup(st) SKM_sk_dup(ASN1_TYPE, st) | ||
| 322 | #define sk_ASN1_TYPE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_TYPE, (st), (free_func)) | ||
| 323 | #define sk_ASN1_TYPE_shift(st) SKM_sk_shift(ASN1_TYPE, (st)) | ||
| 324 | #define sk_ASN1_TYPE_pop(st) SKM_sk_pop(ASN1_TYPE, (st)) | ||
| 325 | #define sk_ASN1_TYPE_sort(st) SKM_sk_sort(ASN1_TYPE, (st)) | ||
| 326 | |||
| 327 | #define sk_ASN1_VALUE_new(st) SKM_sk_new(ASN1_VALUE, (st)) | ||
| 328 | #define sk_ASN1_VALUE_new_null() SKM_sk_new_null(ASN1_VALUE) | ||
| 329 | #define sk_ASN1_VALUE_free(st) SKM_sk_free(ASN1_VALUE, (st)) | ||
| 330 | #define sk_ASN1_VALUE_num(st) SKM_sk_num(ASN1_VALUE, (st)) | ||
| 331 | #define sk_ASN1_VALUE_value(st, i) SKM_sk_value(ASN1_VALUE, (st), (i)) | ||
| 332 | #define sk_ASN1_VALUE_set(st, i, val) SKM_sk_set(ASN1_VALUE, (st), (i), (val)) | ||
| 333 | #define sk_ASN1_VALUE_zero(st) SKM_sk_zero(ASN1_VALUE, (st)) | ||
| 334 | #define sk_ASN1_VALUE_push(st, val) SKM_sk_push(ASN1_VALUE, (st), (val)) | ||
| 335 | #define sk_ASN1_VALUE_unshift(st, val) SKM_sk_unshift(ASN1_VALUE, (st), (val)) | ||
| 336 | #define sk_ASN1_VALUE_find(st, val) SKM_sk_find(ASN1_VALUE, (st), (val)) | ||
| 337 | #define sk_ASN1_VALUE_delete(st, i) SKM_sk_delete(ASN1_VALUE, (st), (i)) | ||
| 338 | #define sk_ASN1_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ASN1_VALUE, (st), (ptr)) | ||
| 339 | #define sk_ASN1_VALUE_insert(st, val, i) SKM_sk_insert(ASN1_VALUE, (st), (val), (i)) | ||
| 340 | #define sk_ASN1_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ASN1_VALUE, (st), (cmp)) | ||
| 341 | #define sk_ASN1_VALUE_dup(st) SKM_sk_dup(ASN1_VALUE, st) | ||
| 342 | #define sk_ASN1_VALUE_pop_free(st, free_func) SKM_sk_pop_free(ASN1_VALUE, (st), (free_func)) | ||
| 343 | #define sk_ASN1_VALUE_shift(st) SKM_sk_shift(ASN1_VALUE, (st)) | ||
| 344 | #define sk_ASN1_VALUE_pop(st) SKM_sk_pop(ASN1_VALUE, (st)) | ||
| 345 | #define sk_ASN1_VALUE_sort(st) SKM_sk_sort(ASN1_VALUE, (st)) | ||
| 346 | |||
| 347 | #define sk_BIO_new(st) SKM_sk_new(BIO, (st)) | ||
| 348 | #define sk_BIO_new_null() SKM_sk_new_null(BIO) | ||
| 349 | #define sk_BIO_free(st) SKM_sk_free(BIO, (st)) | ||
| 350 | #define sk_BIO_num(st) SKM_sk_num(BIO, (st)) | ||
| 351 | #define sk_BIO_value(st, i) SKM_sk_value(BIO, (st), (i)) | ||
| 352 | #define sk_BIO_set(st, i, val) SKM_sk_set(BIO, (st), (i), (val)) | ||
| 353 | #define sk_BIO_zero(st) SKM_sk_zero(BIO, (st)) | ||
| 354 | #define sk_BIO_push(st, val) SKM_sk_push(BIO, (st), (val)) | ||
| 355 | #define sk_BIO_unshift(st, val) SKM_sk_unshift(BIO, (st), (val)) | ||
| 356 | #define sk_BIO_find(st, val) SKM_sk_find(BIO, (st), (val)) | ||
| 357 | #define sk_BIO_delete(st, i) SKM_sk_delete(BIO, (st), (i)) | ||
| 358 | #define sk_BIO_delete_ptr(st, ptr) SKM_sk_delete_ptr(BIO, (st), (ptr)) | ||
| 359 | #define sk_BIO_insert(st, val, i) SKM_sk_insert(BIO, (st), (val), (i)) | ||
| 360 | #define sk_BIO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(BIO, (st), (cmp)) | ||
| 361 | #define sk_BIO_dup(st) SKM_sk_dup(BIO, st) | ||
| 362 | #define sk_BIO_pop_free(st, free_func) SKM_sk_pop_free(BIO, (st), (free_func)) | ||
| 363 | #define sk_BIO_shift(st) SKM_sk_shift(BIO, (st)) | ||
| 364 | #define sk_BIO_pop(st) SKM_sk_pop(BIO, (st)) | ||
| 365 | #define sk_BIO_sort(st) SKM_sk_sort(BIO, (st)) | ||
| 366 | |||
| 367 | #define sk_CONF_IMODULE_new(st) SKM_sk_new(CONF_IMODULE, (st)) | ||
| 368 | #define sk_CONF_IMODULE_new_null() SKM_sk_new_null(CONF_IMODULE) | ||
| 369 | #define sk_CONF_IMODULE_free(st) SKM_sk_free(CONF_IMODULE, (st)) | ||
| 370 | #define sk_CONF_IMODULE_num(st) SKM_sk_num(CONF_IMODULE, (st)) | ||
| 371 | #define sk_CONF_IMODULE_value(st, i) SKM_sk_value(CONF_IMODULE, (st), (i)) | ||
| 372 | #define sk_CONF_IMODULE_set(st, i, val) SKM_sk_set(CONF_IMODULE, (st), (i), (val)) | ||
| 373 | #define sk_CONF_IMODULE_zero(st) SKM_sk_zero(CONF_IMODULE, (st)) | ||
| 374 | #define sk_CONF_IMODULE_push(st, val) SKM_sk_push(CONF_IMODULE, (st), (val)) | ||
| 375 | #define sk_CONF_IMODULE_unshift(st, val) SKM_sk_unshift(CONF_IMODULE, (st), (val)) | ||
| 376 | #define sk_CONF_IMODULE_find(st, val) SKM_sk_find(CONF_IMODULE, (st), (val)) | ||
| 377 | #define sk_CONF_IMODULE_delete(st, i) SKM_sk_delete(CONF_IMODULE, (st), (i)) | ||
| 378 | #define sk_CONF_IMODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_IMODULE, (st), (ptr)) | ||
| 379 | #define sk_CONF_IMODULE_insert(st, val, i) SKM_sk_insert(CONF_IMODULE, (st), (val), (i)) | ||
| 380 | #define sk_CONF_IMODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_IMODULE, (st), (cmp)) | ||
| 381 | #define sk_CONF_IMODULE_dup(st) SKM_sk_dup(CONF_IMODULE, st) | ||
| 382 | #define sk_CONF_IMODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_IMODULE, (st), (free_func)) | ||
| 383 | #define sk_CONF_IMODULE_shift(st) SKM_sk_shift(CONF_IMODULE, (st)) | ||
| 384 | #define sk_CONF_IMODULE_pop(st) SKM_sk_pop(CONF_IMODULE, (st)) | ||
| 385 | #define sk_CONF_IMODULE_sort(st) SKM_sk_sort(CONF_IMODULE, (st)) | ||
| 386 | |||
| 387 | #define sk_CONF_MODULE_new(st) SKM_sk_new(CONF_MODULE, (st)) | ||
| 388 | #define sk_CONF_MODULE_new_null() SKM_sk_new_null(CONF_MODULE) | ||
| 389 | #define sk_CONF_MODULE_free(st) SKM_sk_free(CONF_MODULE, (st)) | ||
| 390 | #define sk_CONF_MODULE_num(st) SKM_sk_num(CONF_MODULE, (st)) | ||
| 391 | #define sk_CONF_MODULE_value(st, i) SKM_sk_value(CONF_MODULE, (st), (i)) | ||
| 392 | #define sk_CONF_MODULE_set(st, i, val) SKM_sk_set(CONF_MODULE, (st), (i), (val)) | ||
| 393 | #define sk_CONF_MODULE_zero(st) SKM_sk_zero(CONF_MODULE, (st)) | ||
| 394 | #define sk_CONF_MODULE_push(st, val) SKM_sk_push(CONF_MODULE, (st), (val)) | ||
| 395 | #define sk_CONF_MODULE_unshift(st, val) SKM_sk_unshift(CONF_MODULE, (st), (val)) | ||
| 396 | #define sk_CONF_MODULE_find(st, val) SKM_sk_find(CONF_MODULE, (st), (val)) | ||
| 397 | #define sk_CONF_MODULE_delete(st, i) SKM_sk_delete(CONF_MODULE, (st), (i)) | ||
| 398 | #define sk_CONF_MODULE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_MODULE, (st), (ptr)) | ||
| 399 | #define sk_CONF_MODULE_insert(st, val, i) SKM_sk_insert(CONF_MODULE, (st), (val), (i)) | ||
| 400 | #define sk_CONF_MODULE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_MODULE, (st), (cmp)) | ||
| 401 | #define sk_CONF_MODULE_dup(st) SKM_sk_dup(CONF_MODULE, st) | ||
| 402 | #define sk_CONF_MODULE_pop_free(st, free_func) SKM_sk_pop_free(CONF_MODULE, (st), (free_func)) | ||
| 403 | #define sk_CONF_MODULE_shift(st) SKM_sk_shift(CONF_MODULE, (st)) | ||
| 404 | #define sk_CONF_MODULE_pop(st) SKM_sk_pop(CONF_MODULE, (st)) | ||
| 405 | #define sk_CONF_MODULE_sort(st) SKM_sk_sort(CONF_MODULE, (st)) | ||
| 406 | |||
| 407 | #define sk_CONF_VALUE_new(st) SKM_sk_new(CONF_VALUE, (st)) | ||
| 408 | #define sk_CONF_VALUE_new_null() SKM_sk_new_null(CONF_VALUE) | ||
| 409 | #define sk_CONF_VALUE_free(st) SKM_sk_free(CONF_VALUE, (st)) | ||
| 410 | #define sk_CONF_VALUE_num(st) SKM_sk_num(CONF_VALUE, (st)) | ||
| 411 | #define sk_CONF_VALUE_value(st, i) SKM_sk_value(CONF_VALUE, (st), (i)) | ||
| 412 | #define sk_CONF_VALUE_set(st, i, val) SKM_sk_set(CONF_VALUE, (st), (i), (val)) | ||
| 413 | #define sk_CONF_VALUE_zero(st) SKM_sk_zero(CONF_VALUE, (st)) | ||
| 414 | #define sk_CONF_VALUE_push(st, val) SKM_sk_push(CONF_VALUE, (st), (val)) | ||
| 415 | #define sk_CONF_VALUE_unshift(st, val) SKM_sk_unshift(CONF_VALUE, (st), (val)) | ||
| 416 | #define sk_CONF_VALUE_find(st, val) SKM_sk_find(CONF_VALUE, (st), (val)) | ||
| 417 | #define sk_CONF_VALUE_delete(st, i) SKM_sk_delete(CONF_VALUE, (st), (i)) | ||
| 418 | #define sk_CONF_VALUE_delete_ptr(st, ptr) SKM_sk_delete_ptr(CONF_VALUE, (st), (ptr)) | ||
| 419 | #define sk_CONF_VALUE_insert(st, val, i) SKM_sk_insert(CONF_VALUE, (st), (val), (i)) | ||
| 420 | #define sk_CONF_VALUE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CONF_VALUE, (st), (cmp)) | ||
| 421 | #define sk_CONF_VALUE_dup(st) SKM_sk_dup(CONF_VALUE, st) | ||
| 422 | #define sk_CONF_VALUE_pop_free(st, free_func) SKM_sk_pop_free(CONF_VALUE, (st), (free_func)) | ||
| 423 | #define sk_CONF_VALUE_shift(st) SKM_sk_shift(CONF_VALUE, (st)) | ||
| 424 | #define sk_CONF_VALUE_pop(st) SKM_sk_pop(CONF_VALUE, (st)) | ||
| 425 | #define sk_CONF_VALUE_sort(st) SKM_sk_sort(CONF_VALUE, (st)) | ||
| 426 | |||
| 427 | #define sk_CRYPTO_EX_DATA_FUNCS_new(st) SKM_sk_new(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 428 | #define sk_CRYPTO_EX_DATA_FUNCS_new_null() SKM_sk_new_null(CRYPTO_EX_DATA_FUNCS) | ||
| 429 | #define sk_CRYPTO_EX_DATA_FUNCS_free(st) SKM_sk_free(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 430 | #define sk_CRYPTO_EX_DATA_FUNCS_num(st) SKM_sk_num(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 431 | #define sk_CRYPTO_EX_DATA_FUNCS_value(st, i) SKM_sk_value(CRYPTO_EX_DATA_FUNCS, (st), (i)) | ||
| 432 | #define sk_CRYPTO_EX_DATA_FUNCS_set(st, i, val) SKM_sk_set(CRYPTO_EX_DATA_FUNCS, (st), (i), (val)) | ||
| 433 | #define sk_CRYPTO_EX_DATA_FUNCS_zero(st) SKM_sk_zero(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 434 | #define sk_CRYPTO_EX_DATA_FUNCS_push(st, val) SKM_sk_push(CRYPTO_EX_DATA_FUNCS, (st), (val)) | ||
| 435 | #define sk_CRYPTO_EX_DATA_FUNCS_unshift(st, val) SKM_sk_unshift(CRYPTO_EX_DATA_FUNCS, (st), (val)) | ||
| 436 | #define sk_CRYPTO_EX_DATA_FUNCS_find(st, val) SKM_sk_find(CRYPTO_EX_DATA_FUNCS, (st), (val)) | ||
| 437 | #define sk_CRYPTO_EX_DATA_FUNCS_delete(st, i) SKM_sk_delete(CRYPTO_EX_DATA_FUNCS, (st), (i)) | ||
| 438 | #define sk_CRYPTO_EX_DATA_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_EX_DATA_FUNCS, (st), (ptr)) | ||
| 439 | #define sk_CRYPTO_EX_DATA_FUNCS_insert(st, val, i) SKM_sk_insert(CRYPTO_EX_DATA_FUNCS, (st), (val), (i)) | ||
| 440 | #define sk_CRYPTO_EX_DATA_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_EX_DATA_FUNCS, (st), (cmp)) | ||
| 441 | #define sk_CRYPTO_EX_DATA_FUNCS_dup(st) SKM_sk_dup(CRYPTO_EX_DATA_FUNCS, st) | ||
| 442 | #define sk_CRYPTO_EX_DATA_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_EX_DATA_FUNCS, (st), (free_func)) | ||
| 443 | #define sk_CRYPTO_EX_DATA_FUNCS_shift(st) SKM_sk_shift(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 444 | #define sk_CRYPTO_EX_DATA_FUNCS_pop(st) SKM_sk_pop(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 445 | #define sk_CRYPTO_EX_DATA_FUNCS_sort(st) SKM_sk_sort(CRYPTO_EX_DATA_FUNCS, (st)) | ||
| 446 | |||
| 447 | #define sk_CRYPTO_dynlock_new(st) SKM_sk_new(CRYPTO_dynlock, (st)) | ||
| 448 | #define sk_CRYPTO_dynlock_new_null() SKM_sk_new_null(CRYPTO_dynlock) | ||
| 449 | #define sk_CRYPTO_dynlock_free(st) SKM_sk_free(CRYPTO_dynlock, (st)) | ||
| 450 | #define sk_CRYPTO_dynlock_num(st) SKM_sk_num(CRYPTO_dynlock, (st)) | ||
| 451 | #define sk_CRYPTO_dynlock_value(st, i) SKM_sk_value(CRYPTO_dynlock, (st), (i)) | ||
| 452 | #define sk_CRYPTO_dynlock_set(st, i, val) SKM_sk_set(CRYPTO_dynlock, (st), (i), (val)) | ||
| 453 | #define sk_CRYPTO_dynlock_zero(st) SKM_sk_zero(CRYPTO_dynlock, (st)) | ||
| 454 | #define sk_CRYPTO_dynlock_push(st, val) SKM_sk_push(CRYPTO_dynlock, (st), (val)) | ||
| 455 | #define sk_CRYPTO_dynlock_unshift(st, val) SKM_sk_unshift(CRYPTO_dynlock, (st), (val)) | ||
| 456 | #define sk_CRYPTO_dynlock_find(st, val) SKM_sk_find(CRYPTO_dynlock, (st), (val)) | ||
| 457 | #define sk_CRYPTO_dynlock_delete(st, i) SKM_sk_delete(CRYPTO_dynlock, (st), (i)) | ||
| 458 | #define sk_CRYPTO_dynlock_delete_ptr(st, ptr) SKM_sk_delete_ptr(CRYPTO_dynlock, (st), (ptr)) | ||
| 459 | #define sk_CRYPTO_dynlock_insert(st, val, i) SKM_sk_insert(CRYPTO_dynlock, (st), (val), (i)) | ||
| 460 | #define sk_CRYPTO_dynlock_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(CRYPTO_dynlock, (st), (cmp)) | ||
| 461 | #define sk_CRYPTO_dynlock_dup(st) SKM_sk_dup(CRYPTO_dynlock, st) | ||
| 462 | #define sk_CRYPTO_dynlock_pop_free(st, free_func) SKM_sk_pop_free(CRYPTO_dynlock, (st), (free_func)) | ||
| 463 | #define sk_CRYPTO_dynlock_shift(st) SKM_sk_shift(CRYPTO_dynlock, (st)) | ||
| 464 | #define sk_CRYPTO_dynlock_pop(st) SKM_sk_pop(CRYPTO_dynlock, (st)) | ||
| 465 | #define sk_CRYPTO_dynlock_sort(st) SKM_sk_sort(CRYPTO_dynlock, (st)) | ||
| 466 | |||
| 467 | #define sk_DIST_POINT_new(st) SKM_sk_new(DIST_POINT, (st)) | ||
| 468 | #define sk_DIST_POINT_new_null() SKM_sk_new_null(DIST_POINT) | ||
| 469 | #define sk_DIST_POINT_free(st) SKM_sk_free(DIST_POINT, (st)) | ||
| 470 | #define sk_DIST_POINT_num(st) SKM_sk_num(DIST_POINT, (st)) | ||
| 471 | #define sk_DIST_POINT_value(st, i) SKM_sk_value(DIST_POINT, (st), (i)) | ||
| 472 | #define sk_DIST_POINT_set(st, i, val) SKM_sk_set(DIST_POINT, (st), (i), (val)) | ||
| 473 | #define sk_DIST_POINT_zero(st) SKM_sk_zero(DIST_POINT, (st)) | ||
| 474 | #define sk_DIST_POINT_push(st, val) SKM_sk_push(DIST_POINT, (st), (val)) | ||
| 475 | #define sk_DIST_POINT_unshift(st, val) SKM_sk_unshift(DIST_POINT, (st), (val)) | ||
| 476 | #define sk_DIST_POINT_find(st, val) SKM_sk_find(DIST_POINT, (st), (val)) | ||
| 477 | #define sk_DIST_POINT_delete(st, i) SKM_sk_delete(DIST_POINT, (st), (i)) | ||
| 478 | #define sk_DIST_POINT_delete_ptr(st, ptr) SKM_sk_delete_ptr(DIST_POINT, (st), (ptr)) | ||
| 479 | #define sk_DIST_POINT_insert(st, val, i) SKM_sk_insert(DIST_POINT, (st), (val), (i)) | ||
| 480 | #define sk_DIST_POINT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(DIST_POINT, (st), (cmp)) | ||
| 481 | #define sk_DIST_POINT_dup(st) SKM_sk_dup(DIST_POINT, st) | ||
| 482 | #define sk_DIST_POINT_pop_free(st, free_func) SKM_sk_pop_free(DIST_POINT, (st), (free_func)) | ||
| 483 | #define sk_DIST_POINT_shift(st) SKM_sk_shift(DIST_POINT, (st)) | ||
| 484 | #define sk_DIST_POINT_pop(st) SKM_sk_pop(DIST_POINT, (st)) | ||
| 485 | #define sk_DIST_POINT_sort(st) SKM_sk_sort(DIST_POINT, (st)) | ||
| 486 | |||
| 487 | #define sk_ENGINE_new(st) SKM_sk_new(ENGINE, (st)) | ||
| 488 | #define sk_ENGINE_new_null() SKM_sk_new_null(ENGINE) | ||
| 489 | #define sk_ENGINE_free(st) SKM_sk_free(ENGINE, (st)) | ||
| 490 | #define sk_ENGINE_num(st) SKM_sk_num(ENGINE, (st)) | ||
| 491 | #define sk_ENGINE_value(st, i) SKM_sk_value(ENGINE, (st), (i)) | ||
| 492 | #define sk_ENGINE_set(st, i, val) SKM_sk_set(ENGINE, (st), (i), (val)) | ||
| 493 | #define sk_ENGINE_zero(st) SKM_sk_zero(ENGINE, (st)) | ||
| 494 | #define sk_ENGINE_push(st, val) SKM_sk_push(ENGINE, (st), (val)) | ||
| 495 | #define sk_ENGINE_unshift(st, val) SKM_sk_unshift(ENGINE, (st), (val)) | ||
| 496 | #define sk_ENGINE_find(st, val) SKM_sk_find(ENGINE, (st), (val)) | ||
| 497 | #define sk_ENGINE_delete(st, i) SKM_sk_delete(ENGINE, (st), (i)) | ||
| 498 | #define sk_ENGINE_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE, (st), (ptr)) | ||
| 499 | #define sk_ENGINE_insert(st, val, i) SKM_sk_insert(ENGINE, (st), (val), (i)) | ||
| 500 | #define sk_ENGINE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE, (st), (cmp)) | ||
| 501 | #define sk_ENGINE_dup(st) SKM_sk_dup(ENGINE, st) | ||
| 502 | #define sk_ENGINE_pop_free(st, free_func) SKM_sk_pop_free(ENGINE, (st), (free_func)) | ||
| 503 | #define sk_ENGINE_shift(st) SKM_sk_shift(ENGINE, (st)) | ||
| 504 | #define sk_ENGINE_pop(st) SKM_sk_pop(ENGINE, (st)) | ||
| 505 | #define sk_ENGINE_sort(st) SKM_sk_sort(ENGINE, (st)) | ||
| 506 | |||
| 507 | #define sk_ENGINE_CLEANUP_ITEM_new(st) SKM_sk_new(ENGINE_CLEANUP_ITEM, (st)) | ||
| 508 | #define sk_ENGINE_CLEANUP_ITEM_new_null() SKM_sk_new_null(ENGINE_CLEANUP_ITEM) | ||
| 509 | #define sk_ENGINE_CLEANUP_ITEM_free(st) SKM_sk_free(ENGINE_CLEANUP_ITEM, (st)) | ||
| 510 | #define sk_ENGINE_CLEANUP_ITEM_num(st) SKM_sk_num(ENGINE_CLEANUP_ITEM, (st)) | ||
| 511 | #define sk_ENGINE_CLEANUP_ITEM_value(st, i) SKM_sk_value(ENGINE_CLEANUP_ITEM, (st), (i)) | ||
| 512 | #define sk_ENGINE_CLEANUP_ITEM_set(st, i, val) SKM_sk_set(ENGINE_CLEANUP_ITEM, (st), (i), (val)) | ||
| 513 | #define sk_ENGINE_CLEANUP_ITEM_zero(st) SKM_sk_zero(ENGINE_CLEANUP_ITEM, (st)) | ||
| 514 | #define sk_ENGINE_CLEANUP_ITEM_push(st, val) SKM_sk_push(ENGINE_CLEANUP_ITEM, (st), (val)) | ||
| 515 | #define sk_ENGINE_CLEANUP_ITEM_unshift(st, val) SKM_sk_unshift(ENGINE_CLEANUP_ITEM, (st), (val)) | ||
| 516 | #define sk_ENGINE_CLEANUP_ITEM_find(st, val) SKM_sk_find(ENGINE_CLEANUP_ITEM, (st), (val)) | ||
| 517 | #define sk_ENGINE_CLEANUP_ITEM_delete(st, i) SKM_sk_delete(ENGINE_CLEANUP_ITEM, (st), (i)) | ||
| 518 | #define sk_ENGINE_CLEANUP_ITEM_delete_ptr(st, ptr) SKM_sk_delete_ptr(ENGINE_CLEANUP_ITEM, (st), (ptr)) | ||
| 519 | #define sk_ENGINE_CLEANUP_ITEM_insert(st, val, i) SKM_sk_insert(ENGINE_CLEANUP_ITEM, (st), (val), (i)) | ||
| 520 | #define sk_ENGINE_CLEANUP_ITEM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(ENGINE_CLEANUP_ITEM, (st), (cmp)) | ||
| 521 | #define sk_ENGINE_CLEANUP_ITEM_dup(st) SKM_sk_dup(ENGINE_CLEANUP_ITEM, st) | ||
| 522 | #define sk_ENGINE_CLEANUP_ITEM_pop_free(st, free_func) SKM_sk_pop_free(ENGINE_CLEANUP_ITEM, (st), (free_func)) | ||
| 523 | #define sk_ENGINE_CLEANUP_ITEM_shift(st) SKM_sk_shift(ENGINE_CLEANUP_ITEM, (st)) | ||
| 524 | #define sk_ENGINE_CLEANUP_ITEM_pop(st) SKM_sk_pop(ENGINE_CLEANUP_ITEM, (st)) | ||
| 525 | #define sk_ENGINE_CLEANUP_ITEM_sort(st) SKM_sk_sort(ENGINE_CLEANUP_ITEM, (st)) | ||
| 526 | |||
| 527 | #define sk_GENERAL_NAME_new(st) SKM_sk_new(GENERAL_NAME, (st)) | ||
| 528 | #define sk_GENERAL_NAME_new_null() SKM_sk_new_null(GENERAL_NAME) | ||
| 529 | #define sk_GENERAL_NAME_free(st) SKM_sk_free(GENERAL_NAME, (st)) | ||
| 530 | #define sk_GENERAL_NAME_num(st) SKM_sk_num(GENERAL_NAME, (st)) | ||
| 531 | #define sk_GENERAL_NAME_value(st, i) SKM_sk_value(GENERAL_NAME, (st), (i)) | ||
| 532 | #define sk_GENERAL_NAME_set(st, i, val) SKM_sk_set(GENERAL_NAME, (st), (i), (val)) | ||
| 533 | #define sk_GENERAL_NAME_zero(st) SKM_sk_zero(GENERAL_NAME, (st)) | ||
| 534 | #define sk_GENERAL_NAME_push(st, val) SKM_sk_push(GENERAL_NAME, (st), (val)) | ||
| 535 | #define sk_GENERAL_NAME_unshift(st, val) SKM_sk_unshift(GENERAL_NAME, (st), (val)) | ||
| 536 | #define sk_GENERAL_NAME_find(st, val) SKM_sk_find(GENERAL_NAME, (st), (val)) | ||
| 537 | #define sk_GENERAL_NAME_delete(st, i) SKM_sk_delete(GENERAL_NAME, (st), (i)) | ||
| 538 | #define sk_GENERAL_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(GENERAL_NAME, (st), (ptr)) | ||
| 539 | #define sk_GENERAL_NAME_insert(st, val, i) SKM_sk_insert(GENERAL_NAME, (st), (val), (i)) | ||
| 540 | #define sk_GENERAL_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(GENERAL_NAME, (st), (cmp)) | ||
| 541 | #define sk_GENERAL_NAME_dup(st) SKM_sk_dup(GENERAL_NAME, st) | ||
| 542 | #define sk_GENERAL_NAME_pop_free(st, free_func) SKM_sk_pop_free(GENERAL_NAME, (st), (free_func)) | ||
| 543 | #define sk_GENERAL_NAME_shift(st) SKM_sk_shift(GENERAL_NAME, (st)) | ||
| 544 | #define sk_GENERAL_NAME_pop(st) SKM_sk_pop(GENERAL_NAME, (st)) | ||
| 545 | #define sk_GENERAL_NAME_sort(st) SKM_sk_sort(GENERAL_NAME, (st)) | ||
| 546 | |||
| 547 | #define sk_KRB5_APREQBODY_new(st) SKM_sk_new(KRB5_APREQBODY, (st)) | ||
| 548 | #define sk_KRB5_APREQBODY_new_null() SKM_sk_new_null(KRB5_APREQBODY) | ||
| 549 | #define sk_KRB5_APREQBODY_free(st) SKM_sk_free(KRB5_APREQBODY, (st)) | ||
| 550 | #define sk_KRB5_APREQBODY_num(st) SKM_sk_num(KRB5_APREQBODY, (st)) | ||
| 551 | #define sk_KRB5_APREQBODY_value(st, i) SKM_sk_value(KRB5_APREQBODY, (st), (i)) | ||
| 552 | #define sk_KRB5_APREQBODY_set(st, i, val) SKM_sk_set(KRB5_APREQBODY, (st), (i), (val)) | ||
| 553 | #define sk_KRB5_APREQBODY_zero(st) SKM_sk_zero(KRB5_APREQBODY, (st)) | ||
| 554 | #define sk_KRB5_APREQBODY_push(st, val) SKM_sk_push(KRB5_APREQBODY, (st), (val)) | ||
| 555 | #define sk_KRB5_APREQBODY_unshift(st, val) SKM_sk_unshift(KRB5_APREQBODY, (st), (val)) | ||
| 556 | #define sk_KRB5_APREQBODY_find(st, val) SKM_sk_find(KRB5_APREQBODY, (st), (val)) | ||
| 557 | #define sk_KRB5_APREQBODY_delete(st, i) SKM_sk_delete(KRB5_APREQBODY, (st), (i)) | ||
| 558 | #define sk_KRB5_APREQBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_APREQBODY, (st), (ptr)) | ||
| 559 | #define sk_KRB5_APREQBODY_insert(st, val, i) SKM_sk_insert(KRB5_APREQBODY, (st), (val), (i)) | ||
| 560 | #define sk_KRB5_APREQBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_APREQBODY, (st), (cmp)) | ||
| 561 | #define sk_KRB5_APREQBODY_dup(st) SKM_sk_dup(KRB5_APREQBODY, st) | ||
| 562 | #define sk_KRB5_APREQBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_APREQBODY, (st), (free_func)) | ||
| 563 | #define sk_KRB5_APREQBODY_shift(st) SKM_sk_shift(KRB5_APREQBODY, (st)) | ||
| 564 | #define sk_KRB5_APREQBODY_pop(st) SKM_sk_pop(KRB5_APREQBODY, (st)) | ||
| 565 | #define sk_KRB5_APREQBODY_sort(st) SKM_sk_sort(KRB5_APREQBODY, (st)) | ||
| 566 | |||
| 567 | #define sk_KRB5_AUTHDATA_new(st) SKM_sk_new(KRB5_AUTHDATA, (st)) | ||
| 568 | #define sk_KRB5_AUTHDATA_new_null() SKM_sk_new_null(KRB5_AUTHDATA) | ||
| 569 | #define sk_KRB5_AUTHDATA_free(st) SKM_sk_free(KRB5_AUTHDATA, (st)) | ||
| 570 | #define sk_KRB5_AUTHDATA_num(st) SKM_sk_num(KRB5_AUTHDATA, (st)) | ||
| 571 | #define sk_KRB5_AUTHDATA_value(st, i) SKM_sk_value(KRB5_AUTHDATA, (st), (i)) | ||
| 572 | #define sk_KRB5_AUTHDATA_set(st, i, val) SKM_sk_set(KRB5_AUTHDATA, (st), (i), (val)) | ||
| 573 | #define sk_KRB5_AUTHDATA_zero(st) SKM_sk_zero(KRB5_AUTHDATA, (st)) | ||
| 574 | #define sk_KRB5_AUTHDATA_push(st, val) SKM_sk_push(KRB5_AUTHDATA, (st), (val)) | ||
| 575 | #define sk_KRB5_AUTHDATA_unshift(st, val) SKM_sk_unshift(KRB5_AUTHDATA, (st), (val)) | ||
| 576 | #define sk_KRB5_AUTHDATA_find(st, val) SKM_sk_find(KRB5_AUTHDATA, (st), (val)) | ||
| 577 | #define sk_KRB5_AUTHDATA_delete(st, i) SKM_sk_delete(KRB5_AUTHDATA, (st), (i)) | ||
| 578 | #define sk_KRB5_AUTHDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHDATA, (st), (ptr)) | ||
| 579 | #define sk_KRB5_AUTHDATA_insert(st, val, i) SKM_sk_insert(KRB5_AUTHDATA, (st), (val), (i)) | ||
| 580 | #define sk_KRB5_AUTHDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHDATA, (st), (cmp)) | ||
| 581 | #define sk_KRB5_AUTHDATA_dup(st) SKM_sk_dup(KRB5_AUTHDATA, st) | ||
| 582 | #define sk_KRB5_AUTHDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHDATA, (st), (free_func)) | ||
| 583 | #define sk_KRB5_AUTHDATA_shift(st) SKM_sk_shift(KRB5_AUTHDATA, (st)) | ||
| 584 | #define sk_KRB5_AUTHDATA_pop(st) SKM_sk_pop(KRB5_AUTHDATA, (st)) | ||
| 585 | #define sk_KRB5_AUTHDATA_sort(st) SKM_sk_sort(KRB5_AUTHDATA, (st)) | ||
| 586 | |||
| 587 | #define sk_KRB5_AUTHENTBODY_new(st) SKM_sk_new(KRB5_AUTHENTBODY, (st)) | ||
| 588 | #define sk_KRB5_AUTHENTBODY_new_null() SKM_sk_new_null(KRB5_AUTHENTBODY) | ||
| 589 | #define sk_KRB5_AUTHENTBODY_free(st) SKM_sk_free(KRB5_AUTHENTBODY, (st)) | ||
| 590 | #define sk_KRB5_AUTHENTBODY_num(st) SKM_sk_num(KRB5_AUTHENTBODY, (st)) | ||
| 591 | #define sk_KRB5_AUTHENTBODY_value(st, i) SKM_sk_value(KRB5_AUTHENTBODY, (st), (i)) | ||
| 592 | #define sk_KRB5_AUTHENTBODY_set(st, i, val) SKM_sk_set(KRB5_AUTHENTBODY, (st), (i), (val)) | ||
| 593 | #define sk_KRB5_AUTHENTBODY_zero(st) SKM_sk_zero(KRB5_AUTHENTBODY, (st)) | ||
| 594 | #define sk_KRB5_AUTHENTBODY_push(st, val) SKM_sk_push(KRB5_AUTHENTBODY, (st), (val)) | ||
| 595 | #define sk_KRB5_AUTHENTBODY_unshift(st, val) SKM_sk_unshift(KRB5_AUTHENTBODY, (st), (val)) | ||
| 596 | #define sk_KRB5_AUTHENTBODY_find(st, val) SKM_sk_find(KRB5_AUTHENTBODY, (st), (val)) | ||
| 597 | #define sk_KRB5_AUTHENTBODY_delete(st, i) SKM_sk_delete(KRB5_AUTHENTBODY, (st), (i)) | ||
| 598 | #define sk_KRB5_AUTHENTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_AUTHENTBODY, (st), (ptr)) | ||
| 599 | #define sk_KRB5_AUTHENTBODY_insert(st, val, i) SKM_sk_insert(KRB5_AUTHENTBODY, (st), (val), (i)) | ||
| 600 | #define sk_KRB5_AUTHENTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_AUTHENTBODY, (st), (cmp)) | ||
| 601 | #define sk_KRB5_AUTHENTBODY_dup(st) SKM_sk_dup(KRB5_AUTHENTBODY, st) | ||
| 602 | #define sk_KRB5_AUTHENTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_AUTHENTBODY, (st), (free_func)) | ||
| 603 | #define sk_KRB5_AUTHENTBODY_shift(st) SKM_sk_shift(KRB5_AUTHENTBODY, (st)) | ||
| 604 | #define sk_KRB5_AUTHENTBODY_pop(st) SKM_sk_pop(KRB5_AUTHENTBODY, (st)) | ||
| 605 | #define sk_KRB5_AUTHENTBODY_sort(st) SKM_sk_sort(KRB5_AUTHENTBODY, (st)) | ||
| 606 | |||
| 607 | #define sk_KRB5_CHECKSUM_new(st) SKM_sk_new(KRB5_CHECKSUM, (st)) | ||
| 608 | #define sk_KRB5_CHECKSUM_new_null() SKM_sk_new_null(KRB5_CHECKSUM) | ||
| 609 | #define sk_KRB5_CHECKSUM_free(st) SKM_sk_free(KRB5_CHECKSUM, (st)) | ||
| 610 | #define sk_KRB5_CHECKSUM_num(st) SKM_sk_num(KRB5_CHECKSUM, (st)) | ||
| 611 | #define sk_KRB5_CHECKSUM_value(st, i) SKM_sk_value(KRB5_CHECKSUM, (st), (i)) | ||
| 612 | #define sk_KRB5_CHECKSUM_set(st, i, val) SKM_sk_set(KRB5_CHECKSUM, (st), (i), (val)) | ||
| 613 | #define sk_KRB5_CHECKSUM_zero(st) SKM_sk_zero(KRB5_CHECKSUM, (st)) | ||
| 614 | #define sk_KRB5_CHECKSUM_push(st, val) SKM_sk_push(KRB5_CHECKSUM, (st), (val)) | ||
| 615 | #define sk_KRB5_CHECKSUM_unshift(st, val) SKM_sk_unshift(KRB5_CHECKSUM, (st), (val)) | ||
| 616 | #define sk_KRB5_CHECKSUM_find(st, val) SKM_sk_find(KRB5_CHECKSUM, (st), (val)) | ||
| 617 | #define sk_KRB5_CHECKSUM_delete(st, i) SKM_sk_delete(KRB5_CHECKSUM, (st), (i)) | ||
| 618 | #define sk_KRB5_CHECKSUM_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_CHECKSUM, (st), (ptr)) | ||
| 619 | #define sk_KRB5_CHECKSUM_insert(st, val, i) SKM_sk_insert(KRB5_CHECKSUM, (st), (val), (i)) | ||
| 620 | #define sk_KRB5_CHECKSUM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_CHECKSUM, (st), (cmp)) | ||
| 621 | #define sk_KRB5_CHECKSUM_dup(st) SKM_sk_dup(KRB5_CHECKSUM, st) | ||
| 622 | #define sk_KRB5_CHECKSUM_pop_free(st, free_func) SKM_sk_pop_free(KRB5_CHECKSUM, (st), (free_func)) | ||
| 623 | #define sk_KRB5_CHECKSUM_shift(st) SKM_sk_shift(KRB5_CHECKSUM, (st)) | ||
| 624 | #define sk_KRB5_CHECKSUM_pop(st) SKM_sk_pop(KRB5_CHECKSUM, (st)) | ||
| 625 | #define sk_KRB5_CHECKSUM_sort(st) SKM_sk_sort(KRB5_CHECKSUM, (st)) | ||
| 626 | |||
| 627 | #define sk_KRB5_ENCDATA_new(st) SKM_sk_new(KRB5_ENCDATA, (st)) | ||
| 628 | #define sk_KRB5_ENCDATA_new_null() SKM_sk_new_null(KRB5_ENCDATA) | ||
| 629 | #define sk_KRB5_ENCDATA_free(st) SKM_sk_free(KRB5_ENCDATA, (st)) | ||
| 630 | #define sk_KRB5_ENCDATA_num(st) SKM_sk_num(KRB5_ENCDATA, (st)) | ||
| 631 | #define sk_KRB5_ENCDATA_value(st, i) SKM_sk_value(KRB5_ENCDATA, (st), (i)) | ||
| 632 | #define sk_KRB5_ENCDATA_set(st, i, val) SKM_sk_set(KRB5_ENCDATA, (st), (i), (val)) | ||
| 633 | #define sk_KRB5_ENCDATA_zero(st) SKM_sk_zero(KRB5_ENCDATA, (st)) | ||
| 634 | #define sk_KRB5_ENCDATA_push(st, val) SKM_sk_push(KRB5_ENCDATA, (st), (val)) | ||
| 635 | #define sk_KRB5_ENCDATA_unshift(st, val) SKM_sk_unshift(KRB5_ENCDATA, (st), (val)) | ||
| 636 | #define sk_KRB5_ENCDATA_find(st, val) SKM_sk_find(KRB5_ENCDATA, (st), (val)) | ||
| 637 | #define sk_KRB5_ENCDATA_delete(st, i) SKM_sk_delete(KRB5_ENCDATA, (st), (i)) | ||
| 638 | #define sk_KRB5_ENCDATA_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCDATA, (st), (ptr)) | ||
| 639 | #define sk_KRB5_ENCDATA_insert(st, val, i) SKM_sk_insert(KRB5_ENCDATA, (st), (val), (i)) | ||
| 640 | #define sk_KRB5_ENCDATA_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCDATA, (st), (cmp)) | ||
| 641 | #define sk_KRB5_ENCDATA_dup(st) SKM_sk_dup(KRB5_ENCDATA, st) | ||
| 642 | #define sk_KRB5_ENCDATA_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCDATA, (st), (free_func)) | ||
| 643 | #define sk_KRB5_ENCDATA_shift(st) SKM_sk_shift(KRB5_ENCDATA, (st)) | ||
| 644 | #define sk_KRB5_ENCDATA_pop(st) SKM_sk_pop(KRB5_ENCDATA, (st)) | ||
| 645 | #define sk_KRB5_ENCDATA_sort(st) SKM_sk_sort(KRB5_ENCDATA, (st)) | ||
| 646 | |||
| 647 | #define sk_KRB5_ENCKEY_new(st) SKM_sk_new(KRB5_ENCKEY, (st)) | ||
| 648 | #define sk_KRB5_ENCKEY_new_null() SKM_sk_new_null(KRB5_ENCKEY) | ||
| 649 | #define sk_KRB5_ENCKEY_free(st) SKM_sk_free(KRB5_ENCKEY, (st)) | ||
| 650 | #define sk_KRB5_ENCKEY_num(st) SKM_sk_num(KRB5_ENCKEY, (st)) | ||
| 651 | #define sk_KRB5_ENCKEY_value(st, i) SKM_sk_value(KRB5_ENCKEY, (st), (i)) | ||
| 652 | #define sk_KRB5_ENCKEY_set(st, i, val) SKM_sk_set(KRB5_ENCKEY, (st), (i), (val)) | ||
| 653 | #define sk_KRB5_ENCKEY_zero(st) SKM_sk_zero(KRB5_ENCKEY, (st)) | ||
| 654 | #define sk_KRB5_ENCKEY_push(st, val) SKM_sk_push(KRB5_ENCKEY, (st), (val)) | ||
| 655 | #define sk_KRB5_ENCKEY_unshift(st, val) SKM_sk_unshift(KRB5_ENCKEY, (st), (val)) | ||
| 656 | #define sk_KRB5_ENCKEY_find(st, val) SKM_sk_find(KRB5_ENCKEY, (st), (val)) | ||
| 657 | #define sk_KRB5_ENCKEY_delete(st, i) SKM_sk_delete(KRB5_ENCKEY, (st), (i)) | ||
| 658 | #define sk_KRB5_ENCKEY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_ENCKEY, (st), (ptr)) | ||
| 659 | #define sk_KRB5_ENCKEY_insert(st, val, i) SKM_sk_insert(KRB5_ENCKEY, (st), (val), (i)) | ||
| 660 | #define sk_KRB5_ENCKEY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_ENCKEY, (st), (cmp)) | ||
| 661 | #define sk_KRB5_ENCKEY_dup(st) SKM_sk_dup(KRB5_ENCKEY, st) | ||
| 662 | #define sk_KRB5_ENCKEY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_ENCKEY, (st), (free_func)) | ||
| 663 | #define sk_KRB5_ENCKEY_shift(st) SKM_sk_shift(KRB5_ENCKEY, (st)) | ||
| 664 | #define sk_KRB5_ENCKEY_pop(st) SKM_sk_pop(KRB5_ENCKEY, (st)) | ||
| 665 | #define sk_KRB5_ENCKEY_sort(st) SKM_sk_sort(KRB5_ENCKEY, (st)) | ||
| 666 | |||
| 667 | #define sk_KRB5_PRINCNAME_new(st) SKM_sk_new(KRB5_PRINCNAME, (st)) | ||
| 668 | #define sk_KRB5_PRINCNAME_new_null() SKM_sk_new_null(KRB5_PRINCNAME) | ||
| 669 | #define sk_KRB5_PRINCNAME_free(st) SKM_sk_free(KRB5_PRINCNAME, (st)) | ||
| 670 | #define sk_KRB5_PRINCNAME_num(st) SKM_sk_num(KRB5_PRINCNAME, (st)) | ||
| 671 | #define sk_KRB5_PRINCNAME_value(st, i) SKM_sk_value(KRB5_PRINCNAME, (st), (i)) | ||
| 672 | #define sk_KRB5_PRINCNAME_set(st, i, val) SKM_sk_set(KRB5_PRINCNAME, (st), (i), (val)) | ||
| 673 | #define sk_KRB5_PRINCNAME_zero(st) SKM_sk_zero(KRB5_PRINCNAME, (st)) | ||
| 674 | #define sk_KRB5_PRINCNAME_push(st, val) SKM_sk_push(KRB5_PRINCNAME, (st), (val)) | ||
| 675 | #define sk_KRB5_PRINCNAME_unshift(st, val) SKM_sk_unshift(KRB5_PRINCNAME, (st), (val)) | ||
| 676 | #define sk_KRB5_PRINCNAME_find(st, val) SKM_sk_find(KRB5_PRINCNAME, (st), (val)) | ||
| 677 | #define sk_KRB5_PRINCNAME_delete(st, i) SKM_sk_delete(KRB5_PRINCNAME, (st), (i)) | ||
| 678 | #define sk_KRB5_PRINCNAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_PRINCNAME, (st), (ptr)) | ||
| 679 | #define sk_KRB5_PRINCNAME_insert(st, val, i) SKM_sk_insert(KRB5_PRINCNAME, (st), (val), (i)) | ||
| 680 | #define sk_KRB5_PRINCNAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_PRINCNAME, (st), (cmp)) | ||
| 681 | #define sk_KRB5_PRINCNAME_dup(st) SKM_sk_dup(KRB5_PRINCNAME, st) | ||
| 682 | #define sk_KRB5_PRINCNAME_pop_free(st, free_func) SKM_sk_pop_free(KRB5_PRINCNAME, (st), (free_func)) | ||
| 683 | #define sk_KRB5_PRINCNAME_shift(st) SKM_sk_shift(KRB5_PRINCNAME, (st)) | ||
| 684 | #define sk_KRB5_PRINCNAME_pop(st) SKM_sk_pop(KRB5_PRINCNAME, (st)) | ||
| 685 | #define sk_KRB5_PRINCNAME_sort(st) SKM_sk_sort(KRB5_PRINCNAME, (st)) | ||
| 686 | |||
| 687 | #define sk_KRB5_TKTBODY_new(st) SKM_sk_new(KRB5_TKTBODY, (st)) | ||
| 688 | #define sk_KRB5_TKTBODY_new_null() SKM_sk_new_null(KRB5_TKTBODY) | ||
| 689 | #define sk_KRB5_TKTBODY_free(st) SKM_sk_free(KRB5_TKTBODY, (st)) | ||
| 690 | #define sk_KRB5_TKTBODY_num(st) SKM_sk_num(KRB5_TKTBODY, (st)) | ||
| 691 | #define sk_KRB5_TKTBODY_value(st, i) SKM_sk_value(KRB5_TKTBODY, (st), (i)) | ||
| 692 | #define sk_KRB5_TKTBODY_set(st, i, val) SKM_sk_set(KRB5_TKTBODY, (st), (i), (val)) | ||
| 693 | #define sk_KRB5_TKTBODY_zero(st) SKM_sk_zero(KRB5_TKTBODY, (st)) | ||
| 694 | #define sk_KRB5_TKTBODY_push(st, val) SKM_sk_push(KRB5_TKTBODY, (st), (val)) | ||
| 695 | #define sk_KRB5_TKTBODY_unshift(st, val) SKM_sk_unshift(KRB5_TKTBODY, (st), (val)) | ||
| 696 | #define sk_KRB5_TKTBODY_find(st, val) SKM_sk_find(KRB5_TKTBODY, (st), (val)) | ||
| 697 | #define sk_KRB5_TKTBODY_delete(st, i) SKM_sk_delete(KRB5_TKTBODY, (st), (i)) | ||
| 698 | #define sk_KRB5_TKTBODY_delete_ptr(st, ptr) SKM_sk_delete_ptr(KRB5_TKTBODY, (st), (ptr)) | ||
| 699 | #define sk_KRB5_TKTBODY_insert(st, val, i) SKM_sk_insert(KRB5_TKTBODY, (st), (val), (i)) | ||
| 700 | #define sk_KRB5_TKTBODY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(KRB5_TKTBODY, (st), (cmp)) | ||
| 701 | #define sk_KRB5_TKTBODY_dup(st) SKM_sk_dup(KRB5_TKTBODY, st) | ||
| 702 | #define sk_KRB5_TKTBODY_pop_free(st, free_func) SKM_sk_pop_free(KRB5_TKTBODY, (st), (free_func)) | ||
| 703 | #define sk_KRB5_TKTBODY_shift(st) SKM_sk_shift(KRB5_TKTBODY, (st)) | ||
| 704 | #define sk_KRB5_TKTBODY_pop(st) SKM_sk_pop(KRB5_TKTBODY, (st)) | ||
| 705 | #define sk_KRB5_TKTBODY_sort(st) SKM_sk_sort(KRB5_TKTBODY, (st)) | ||
| 706 | |||
| 707 | #define sk_MIME_HEADER_new(st) SKM_sk_new(MIME_HEADER, (st)) | ||
| 708 | #define sk_MIME_HEADER_new_null() SKM_sk_new_null(MIME_HEADER) | ||
| 709 | #define sk_MIME_HEADER_free(st) SKM_sk_free(MIME_HEADER, (st)) | ||
| 710 | #define sk_MIME_HEADER_num(st) SKM_sk_num(MIME_HEADER, (st)) | ||
| 711 | #define sk_MIME_HEADER_value(st, i) SKM_sk_value(MIME_HEADER, (st), (i)) | ||
| 712 | #define sk_MIME_HEADER_set(st, i, val) SKM_sk_set(MIME_HEADER, (st), (i), (val)) | ||
| 713 | #define sk_MIME_HEADER_zero(st) SKM_sk_zero(MIME_HEADER, (st)) | ||
| 714 | #define sk_MIME_HEADER_push(st, val) SKM_sk_push(MIME_HEADER, (st), (val)) | ||
| 715 | #define sk_MIME_HEADER_unshift(st, val) SKM_sk_unshift(MIME_HEADER, (st), (val)) | ||
| 716 | #define sk_MIME_HEADER_find(st, val) SKM_sk_find(MIME_HEADER, (st), (val)) | ||
| 717 | #define sk_MIME_HEADER_delete(st, i) SKM_sk_delete(MIME_HEADER, (st), (i)) | ||
| 718 | #define sk_MIME_HEADER_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_HEADER, (st), (ptr)) | ||
| 719 | #define sk_MIME_HEADER_insert(st, val, i) SKM_sk_insert(MIME_HEADER, (st), (val), (i)) | ||
| 720 | #define sk_MIME_HEADER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_HEADER, (st), (cmp)) | ||
| 721 | #define sk_MIME_HEADER_dup(st) SKM_sk_dup(MIME_HEADER, st) | ||
| 722 | #define sk_MIME_HEADER_pop_free(st, free_func) SKM_sk_pop_free(MIME_HEADER, (st), (free_func)) | ||
| 723 | #define sk_MIME_HEADER_shift(st) SKM_sk_shift(MIME_HEADER, (st)) | ||
| 724 | #define sk_MIME_HEADER_pop(st) SKM_sk_pop(MIME_HEADER, (st)) | ||
| 725 | #define sk_MIME_HEADER_sort(st) SKM_sk_sort(MIME_HEADER, (st)) | ||
| 726 | |||
| 727 | #define sk_MIME_PARAM_new(st) SKM_sk_new(MIME_PARAM, (st)) | ||
| 728 | #define sk_MIME_PARAM_new_null() SKM_sk_new_null(MIME_PARAM) | ||
| 729 | #define sk_MIME_PARAM_free(st) SKM_sk_free(MIME_PARAM, (st)) | ||
| 730 | #define sk_MIME_PARAM_num(st) SKM_sk_num(MIME_PARAM, (st)) | ||
| 731 | #define sk_MIME_PARAM_value(st, i) SKM_sk_value(MIME_PARAM, (st), (i)) | ||
| 732 | #define sk_MIME_PARAM_set(st, i, val) SKM_sk_set(MIME_PARAM, (st), (i), (val)) | ||
| 733 | #define sk_MIME_PARAM_zero(st) SKM_sk_zero(MIME_PARAM, (st)) | ||
| 734 | #define sk_MIME_PARAM_push(st, val) SKM_sk_push(MIME_PARAM, (st), (val)) | ||
| 735 | #define sk_MIME_PARAM_unshift(st, val) SKM_sk_unshift(MIME_PARAM, (st), (val)) | ||
| 736 | #define sk_MIME_PARAM_find(st, val) SKM_sk_find(MIME_PARAM, (st), (val)) | ||
| 737 | #define sk_MIME_PARAM_delete(st, i) SKM_sk_delete(MIME_PARAM, (st), (i)) | ||
| 738 | #define sk_MIME_PARAM_delete_ptr(st, ptr) SKM_sk_delete_ptr(MIME_PARAM, (st), (ptr)) | ||
| 739 | #define sk_MIME_PARAM_insert(st, val, i) SKM_sk_insert(MIME_PARAM, (st), (val), (i)) | ||
| 740 | #define sk_MIME_PARAM_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(MIME_PARAM, (st), (cmp)) | ||
| 741 | #define sk_MIME_PARAM_dup(st) SKM_sk_dup(MIME_PARAM, st) | ||
| 742 | #define sk_MIME_PARAM_pop_free(st, free_func) SKM_sk_pop_free(MIME_PARAM, (st), (free_func)) | ||
| 743 | #define sk_MIME_PARAM_shift(st) SKM_sk_shift(MIME_PARAM, (st)) | ||
| 744 | #define sk_MIME_PARAM_pop(st) SKM_sk_pop(MIME_PARAM, (st)) | ||
| 745 | #define sk_MIME_PARAM_sort(st) SKM_sk_sort(MIME_PARAM, (st)) | ||
| 746 | |||
| 747 | #define sk_NAME_FUNCS_new(st) SKM_sk_new(NAME_FUNCS, (st)) | ||
| 748 | #define sk_NAME_FUNCS_new_null() SKM_sk_new_null(NAME_FUNCS) | ||
| 749 | #define sk_NAME_FUNCS_free(st) SKM_sk_free(NAME_FUNCS, (st)) | ||
| 750 | #define sk_NAME_FUNCS_num(st) SKM_sk_num(NAME_FUNCS, (st)) | ||
| 751 | #define sk_NAME_FUNCS_value(st, i) SKM_sk_value(NAME_FUNCS, (st), (i)) | ||
| 752 | #define sk_NAME_FUNCS_set(st, i, val) SKM_sk_set(NAME_FUNCS, (st), (i), (val)) | ||
| 753 | #define sk_NAME_FUNCS_zero(st) SKM_sk_zero(NAME_FUNCS, (st)) | ||
| 754 | #define sk_NAME_FUNCS_push(st, val) SKM_sk_push(NAME_FUNCS, (st), (val)) | ||
| 755 | #define sk_NAME_FUNCS_unshift(st, val) SKM_sk_unshift(NAME_FUNCS, (st), (val)) | ||
| 756 | #define sk_NAME_FUNCS_find(st, val) SKM_sk_find(NAME_FUNCS, (st), (val)) | ||
| 757 | #define sk_NAME_FUNCS_delete(st, i) SKM_sk_delete(NAME_FUNCS, (st), (i)) | ||
| 758 | #define sk_NAME_FUNCS_delete_ptr(st, ptr) SKM_sk_delete_ptr(NAME_FUNCS, (st), (ptr)) | ||
| 759 | #define sk_NAME_FUNCS_insert(st, val, i) SKM_sk_insert(NAME_FUNCS, (st), (val), (i)) | ||
| 760 | #define sk_NAME_FUNCS_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(NAME_FUNCS, (st), (cmp)) | ||
| 761 | #define sk_NAME_FUNCS_dup(st) SKM_sk_dup(NAME_FUNCS, st) | ||
| 762 | #define sk_NAME_FUNCS_pop_free(st, free_func) SKM_sk_pop_free(NAME_FUNCS, (st), (free_func)) | ||
| 763 | #define sk_NAME_FUNCS_shift(st) SKM_sk_shift(NAME_FUNCS, (st)) | ||
| 764 | #define sk_NAME_FUNCS_pop(st) SKM_sk_pop(NAME_FUNCS, (st)) | ||
| 765 | #define sk_NAME_FUNCS_sort(st) SKM_sk_sort(NAME_FUNCS, (st)) | ||
| 766 | |||
| 767 | #define sk_OCSP_CERTID_new(st) SKM_sk_new(OCSP_CERTID, (st)) | ||
| 768 | #define sk_OCSP_CERTID_new_null() SKM_sk_new_null(OCSP_CERTID) | ||
| 769 | #define sk_OCSP_CERTID_free(st) SKM_sk_free(OCSP_CERTID, (st)) | ||
| 770 | #define sk_OCSP_CERTID_num(st) SKM_sk_num(OCSP_CERTID, (st)) | ||
| 771 | #define sk_OCSP_CERTID_value(st, i) SKM_sk_value(OCSP_CERTID, (st), (i)) | ||
| 772 | #define sk_OCSP_CERTID_set(st, i, val) SKM_sk_set(OCSP_CERTID, (st), (i), (val)) | ||
| 773 | #define sk_OCSP_CERTID_zero(st) SKM_sk_zero(OCSP_CERTID, (st)) | ||
| 774 | #define sk_OCSP_CERTID_push(st, val) SKM_sk_push(OCSP_CERTID, (st), (val)) | ||
| 775 | #define sk_OCSP_CERTID_unshift(st, val) SKM_sk_unshift(OCSP_CERTID, (st), (val)) | ||
| 776 | #define sk_OCSP_CERTID_find(st, val) SKM_sk_find(OCSP_CERTID, (st), (val)) | ||
| 777 | #define sk_OCSP_CERTID_delete(st, i) SKM_sk_delete(OCSP_CERTID, (st), (i)) | ||
| 778 | #define sk_OCSP_CERTID_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_CERTID, (st), (ptr)) | ||
| 779 | #define sk_OCSP_CERTID_insert(st, val, i) SKM_sk_insert(OCSP_CERTID, (st), (val), (i)) | ||
| 780 | #define sk_OCSP_CERTID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_CERTID, (st), (cmp)) | ||
| 781 | #define sk_OCSP_CERTID_dup(st) SKM_sk_dup(OCSP_CERTID, st) | ||
| 782 | #define sk_OCSP_CERTID_pop_free(st, free_func) SKM_sk_pop_free(OCSP_CERTID, (st), (free_func)) | ||
| 783 | #define sk_OCSP_CERTID_shift(st) SKM_sk_shift(OCSP_CERTID, (st)) | ||
| 784 | #define sk_OCSP_CERTID_pop(st) SKM_sk_pop(OCSP_CERTID, (st)) | ||
| 785 | #define sk_OCSP_CERTID_sort(st) SKM_sk_sort(OCSP_CERTID, (st)) | ||
| 786 | |||
| 787 | #define sk_OCSP_ONEREQ_new(st) SKM_sk_new(OCSP_ONEREQ, (st)) | ||
| 788 | #define sk_OCSP_ONEREQ_new_null() SKM_sk_new_null(OCSP_ONEREQ) | ||
| 789 | #define sk_OCSP_ONEREQ_free(st) SKM_sk_free(OCSP_ONEREQ, (st)) | ||
| 790 | #define sk_OCSP_ONEREQ_num(st) SKM_sk_num(OCSP_ONEREQ, (st)) | ||
| 791 | #define sk_OCSP_ONEREQ_value(st, i) SKM_sk_value(OCSP_ONEREQ, (st), (i)) | ||
| 792 | #define sk_OCSP_ONEREQ_set(st, i, val) SKM_sk_set(OCSP_ONEREQ, (st), (i), (val)) | ||
| 793 | #define sk_OCSP_ONEREQ_zero(st) SKM_sk_zero(OCSP_ONEREQ, (st)) | ||
| 794 | #define sk_OCSP_ONEREQ_push(st, val) SKM_sk_push(OCSP_ONEREQ, (st), (val)) | ||
| 795 | #define sk_OCSP_ONEREQ_unshift(st, val) SKM_sk_unshift(OCSP_ONEREQ, (st), (val)) | ||
| 796 | #define sk_OCSP_ONEREQ_find(st, val) SKM_sk_find(OCSP_ONEREQ, (st), (val)) | ||
| 797 | #define sk_OCSP_ONEREQ_delete(st, i) SKM_sk_delete(OCSP_ONEREQ, (st), (i)) | ||
| 798 | #define sk_OCSP_ONEREQ_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_ONEREQ, (st), (ptr)) | ||
| 799 | #define sk_OCSP_ONEREQ_insert(st, val, i) SKM_sk_insert(OCSP_ONEREQ, (st), (val), (i)) | ||
| 800 | #define sk_OCSP_ONEREQ_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_ONEREQ, (st), (cmp)) | ||
| 801 | #define sk_OCSP_ONEREQ_dup(st) SKM_sk_dup(OCSP_ONEREQ, st) | ||
| 802 | #define sk_OCSP_ONEREQ_pop_free(st, free_func) SKM_sk_pop_free(OCSP_ONEREQ, (st), (free_func)) | ||
| 803 | #define sk_OCSP_ONEREQ_shift(st) SKM_sk_shift(OCSP_ONEREQ, (st)) | ||
| 804 | #define sk_OCSP_ONEREQ_pop(st) SKM_sk_pop(OCSP_ONEREQ, (st)) | ||
| 805 | #define sk_OCSP_ONEREQ_sort(st) SKM_sk_sort(OCSP_ONEREQ, (st)) | ||
| 806 | |||
| 807 | #define sk_OCSP_SINGLERESP_new(st) SKM_sk_new(OCSP_SINGLERESP, (st)) | ||
| 808 | #define sk_OCSP_SINGLERESP_new_null() SKM_sk_new_null(OCSP_SINGLERESP) | ||
| 809 | #define sk_OCSP_SINGLERESP_free(st) SKM_sk_free(OCSP_SINGLERESP, (st)) | ||
| 810 | #define sk_OCSP_SINGLERESP_num(st) SKM_sk_num(OCSP_SINGLERESP, (st)) | ||
| 811 | #define sk_OCSP_SINGLERESP_value(st, i) SKM_sk_value(OCSP_SINGLERESP, (st), (i)) | ||
| 812 | #define sk_OCSP_SINGLERESP_set(st, i, val) SKM_sk_set(OCSP_SINGLERESP, (st), (i), (val)) | ||
| 813 | #define sk_OCSP_SINGLERESP_zero(st) SKM_sk_zero(OCSP_SINGLERESP, (st)) | ||
| 814 | #define sk_OCSP_SINGLERESP_push(st, val) SKM_sk_push(OCSP_SINGLERESP, (st), (val)) | ||
| 815 | #define sk_OCSP_SINGLERESP_unshift(st, val) SKM_sk_unshift(OCSP_SINGLERESP, (st), (val)) | ||
| 816 | #define sk_OCSP_SINGLERESP_find(st, val) SKM_sk_find(OCSP_SINGLERESP, (st), (val)) | ||
| 817 | #define sk_OCSP_SINGLERESP_delete(st, i) SKM_sk_delete(OCSP_SINGLERESP, (st), (i)) | ||
| 818 | #define sk_OCSP_SINGLERESP_delete_ptr(st, ptr) SKM_sk_delete_ptr(OCSP_SINGLERESP, (st), (ptr)) | ||
| 819 | #define sk_OCSP_SINGLERESP_insert(st, val, i) SKM_sk_insert(OCSP_SINGLERESP, (st), (val), (i)) | ||
| 820 | #define sk_OCSP_SINGLERESP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(OCSP_SINGLERESP, (st), (cmp)) | ||
| 821 | #define sk_OCSP_SINGLERESP_dup(st) SKM_sk_dup(OCSP_SINGLERESP, st) | ||
| 822 | #define sk_OCSP_SINGLERESP_pop_free(st, free_func) SKM_sk_pop_free(OCSP_SINGLERESP, (st), (free_func)) | ||
| 823 | #define sk_OCSP_SINGLERESP_shift(st) SKM_sk_shift(OCSP_SINGLERESP, (st)) | ||
| 824 | #define sk_OCSP_SINGLERESP_pop(st) SKM_sk_pop(OCSP_SINGLERESP, (st)) | ||
| 825 | #define sk_OCSP_SINGLERESP_sort(st) SKM_sk_sort(OCSP_SINGLERESP, (st)) | ||
| 826 | |||
| 827 | #define sk_PKCS12_SAFEBAG_new(st) SKM_sk_new(PKCS12_SAFEBAG, (st)) | ||
| 828 | #define sk_PKCS12_SAFEBAG_new_null() SKM_sk_new_null(PKCS12_SAFEBAG) | ||
| 829 | #define sk_PKCS12_SAFEBAG_free(st) SKM_sk_free(PKCS12_SAFEBAG, (st)) | ||
| 830 | #define sk_PKCS12_SAFEBAG_num(st) SKM_sk_num(PKCS12_SAFEBAG, (st)) | ||
| 831 | #define sk_PKCS12_SAFEBAG_value(st, i) SKM_sk_value(PKCS12_SAFEBAG, (st), (i)) | ||
| 832 | #define sk_PKCS12_SAFEBAG_set(st, i, val) SKM_sk_set(PKCS12_SAFEBAG, (st), (i), (val)) | ||
| 833 | #define sk_PKCS12_SAFEBAG_zero(st) SKM_sk_zero(PKCS12_SAFEBAG, (st)) | ||
| 834 | #define sk_PKCS12_SAFEBAG_push(st, val) SKM_sk_push(PKCS12_SAFEBAG, (st), (val)) | ||
| 835 | #define sk_PKCS12_SAFEBAG_unshift(st, val) SKM_sk_unshift(PKCS12_SAFEBAG, (st), (val)) | ||
| 836 | #define sk_PKCS12_SAFEBAG_find(st, val) SKM_sk_find(PKCS12_SAFEBAG, (st), (val)) | ||
| 837 | #define sk_PKCS12_SAFEBAG_delete(st, i) SKM_sk_delete(PKCS12_SAFEBAG, (st), (i)) | ||
| 838 | #define sk_PKCS12_SAFEBAG_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS12_SAFEBAG, (st), (ptr)) | ||
| 839 | #define sk_PKCS12_SAFEBAG_insert(st, val, i) SKM_sk_insert(PKCS12_SAFEBAG, (st), (val), (i)) | ||
| 840 | #define sk_PKCS12_SAFEBAG_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS12_SAFEBAG, (st), (cmp)) | ||
| 841 | #define sk_PKCS12_SAFEBAG_dup(st) SKM_sk_dup(PKCS12_SAFEBAG, st) | ||
| 842 | #define sk_PKCS12_SAFEBAG_pop_free(st, free_func) SKM_sk_pop_free(PKCS12_SAFEBAG, (st), (free_func)) | ||
| 843 | #define sk_PKCS12_SAFEBAG_shift(st) SKM_sk_shift(PKCS12_SAFEBAG, (st)) | ||
| 844 | #define sk_PKCS12_SAFEBAG_pop(st) SKM_sk_pop(PKCS12_SAFEBAG, (st)) | ||
| 845 | #define sk_PKCS12_SAFEBAG_sort(st) SKM_sk_sort(PKCS12_SAFEBAG, (st)) | ||
| 846 | |||
| 847 | #define sk_PKCS7_new(st) SKM_sk_new(PKCS7, (st)) | ||
| 848 | #define sk_PKCS7_new_null() SKM_sk_new_null(PKCS7) | ||
| 849 | #define sk_PKCS7_free(st) SKM_sk_free(PKCS7, (st)) | ||
| 850 | #define sk_PKCS7_num(st) SKM_sk_num(PKCS7, (st)) | ||
| 851 | #define sk_PKCS7_value(st, i) SKM_sk_value(PKCS7, (st), (i)) | ||
| 852 | #define sk_PKCS7_set(st, i, val) SKM_sk_set(PKCS7, (st), (i), (val)) | ||
| 853 | #define sk_PKCS7_zero(st) SKM_sk_zero(PKCS7, (st)) | ||
| 854 | #define sk_PKCS7_push(st, val) SKM_sk_push(PKCS7, (st), (val)) | ||
| 855 | #define sk_PKCS7_unshift(st, val) SKM_sk_unshift(PKCS7, (st), (val)) | ||
| 856 | #define sk_PKCS7_find(st, val) SKM_sk_find(PKCS7, (st), (val)) | ||
| 857 | #define sk_PKCS7_delete(st, i) SKM_sk_delete(PKCS7, (st), (i)) | ||
| 858 | #define sk_PKCS7_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7, (st), (ptr)) | ||
| 859 | #define sk_PKCS7_insert(st, val, i) SKM_sk_insert(PKCS7, (st), (val), (i)) | ||
| 860 | #define sk_PKCS7_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7, (st), (cmp)) | ||
| 861 | #define sk_PKCS7_dup(st) SKM_sk_dup(PKCS7, st) | ||
| 862 | #define sk_PKCS7_pop_free(st, free_func) SKM_sk_pop_free(PKCS7, (st), (free_func)) | ||
| 863 | #define sk_PKCS7_shift(st) SKM_sk_shift(PKCS7, (st)) | ||
| 864 | #define sk_PKCS7_pop(st) SKM_sk_pop(PKCS7, (st)) | ||
| 865 | #define sk_PKCS7_sort(st) SKM_sk_sort(PKCS7, (st)) | ||
| 866 | |||
| 867 | #define sk_PKCS7_RECIP_INFO_new(st) SKM_sk_new(PKCS7_RECIP_INFO, (st)) | ||
| 868 | #define sk_PKCS7_RECIP_INFO_new_null() SKM_sk_new_null(PKCS7_RECIP_INFO) | ||
| 869 | #define sk_PKCS7_RECIP_INFO_free(st) SKM_sk_free(PKCS7_RECIP_INFO, (st)) | ||
| 870 | #define sk_PKCS7_RECIP_INFO_num(st) SKM_sk_num(PKCS7_RECIP_INFO, (st)) | ||
| 871 | #define sk_PKCS7_RECIP_INFO_value(st, i) SKM_sk_value(PKCS7_RECIP_INFO, (st), (i)) | ||
| 872 | #define sk_PKCS7_RECIP_INFO_set(st, i, val) SKM_sk_set(PKCS7_RECIP_INFO, (st), (i), (val)) | ||
| 873 | #define sk_PKCS7_RECIP_INFO_zero(st) SKM_sk_zero(PKCS7_RECIP_INFO, (st)) | ||
| 874 | #define sk_PKCS7_RECIP_INFO_push(st, val) SKM_sk_push(PKCS7_RECIP_INFO, (st), (val)) | ||
| 875 | #define sk_PKCS7_RECIP_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_RECIP_INFO, (st), (val)) | ||
| 876 | #define sk_PKCS7_RECIP_INFO_find(st, val) SKM_sk_find(PKCS7_RECIP_INFO, (st), (val)) | ||
| 877 | #define sk_PKCS7_RECIP_INFO_delete(st, i) SKM_sk_delete(PKCS7_RECIP_INFO, (st), (i)) | ||
| 878 | #define sk_PKCS7_RECIP_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_RECIP_INFO, (st), (ptr)) | ||
| 879 | #define sk_PKCS7_RECIP_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_RECIP_INFO, (st), (val), (i)) | ||
| 880 | #define sk_PKCS7_RECIP_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_RECIP_INFO, (st), (cmp)) | ||
| 881 | #define sk_PKCS7_RECIP_INFO_dup(st) SKM_sk_dup(PKCS7_RECIP_INFO, st) | ||
| 882 | #define sk_PKCS7_RECIP_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_RECIP_INFO, (st), (free_func)) | ||
| 883 | #define sk_PKCS7_RECIP_INFO_shift(st) SKM_sk_shift(PKCS7_RECIP_INFO, (st)) | ||
| 884 | #define sk_PKCS7_RECIP_INFO_pop(st) SKM_sk_pop(PKCS7_RECIP_INFO, (st)) | ||
| 885 | #define sk_PKCS7_RECIP_INFO_sort(st) SKM_sk_sort(PKCS7_RECIP_INFO, (st)) | ||
| 886 | |||
| 887 | #define sk_PKCS7_SIGNER_INFO_new(st) SKM_sk_new(PKCS7_SIGNER_INFO, (st)) | ||
| 888 | #define sk_PKCS7_SIGNER_INFO_new_null() SKM_sk_new_null(PKCS7_SIGNER_INFO) | ||
| 889 | #define sk_PKCS7_SIGNER_INFO_free(st) SKM_sk_free(PKCS7_SIGNER_INFO, (st)) | ||
| 890 | #define sk_PKCS7_SIGNER_INFO_num(st) SKM_sk_num(PKCS7_SIGNER_INFO, (st)) | ||
| 891 | #define sk_PKCS7_SIGNER_INFO_value(st, i) SKM_sk_value(PKCS7_SIGNER_INFO, (st), (i)) | ||
| 892 | #define sk_PKCS7_SIGNER_INFO_set(st, i, val) SKM_sk_set(PKCS7_SIGNER_INFO, (st), (i), (val)) | ||
| 893 | #define sk_PKCS7_SIGNER_INFO_zero(st) SKM_sk_zero(PKCS7_SIGNER_INFO, (st)) | ||
| 894 | #define sk_PKCS7_SIGNER_INFO_push(st, val) SKM_sk_push(PKCS7_SIGNER_INFO, (st), (val)) | ||
| 895 | #define sk_PKCS7_SIGNER_INFO_unshift(st, val) SKM_sk_unshift(PKCS7_SIGNER_INFO, (st), (val)) | ||
| 896 | #define sk_PKCS7_SIGNER_INFO_find(st, val) SKM_sk_find(PKCS7_SIGNER_INFO, (st), (val)) | ||
| 897 | #define sk_PKCS7_SIGNER_INFO_delete(st, i) SKM_sk_delete(PKCS7_SIGNER_INFO, (st), (i)) | ||
| 898 | #define sk_PKCS7_SIGNER_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(PKCS7_SIGNER_INFO, (st), (ptr)) | ||
| 899 | #define sk_PKCS7_SIGNER_INFO_insert(st, val, i) SKM_sk_insert(PKCS7_SIGNER_INFO, (st), (val), (i)) | ||
| 900 | #define sk_PKCS7_SIGNER_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(PKCS7_SIGNER_INFO, (st), (cmp)) | ||
| 901 | #define sk_PKCS7_SIGNER_INFO_dup(st) SKM_sk_dup(PKCS7_SIGNER_INFO, st) | ||
| 902 | #define sk_PKCS7_SIGNER_INFO_pop_free(st, free_func) SKM_sk_pop_free(PKCS7_SIGNER_INFO, (st), (free_func)) | ||
| 903 | #define sk_PKCS7_SIGNER_INFO_shift(st) SKM_sk_shift(PKCS7_SIGNER_INFO, (st)) | ||
| 904 | #define sk_PKCS7_SIGNER_INFO_pop(st) SKM_sk_pop(PKCS7_SIGNER_INFO, (st)) | ||
| 905 | #define sk_PKCS7_SIGNER_INFO_sort(st) SKM_sk_sort(PKCS7_SIGNER_INFO, (st)) | ||
| 906 | |||
| 907 | #define sk_POLICYINFO_new(st) SKM_sk_new(POLICYINFO, (st)) | ||
| 908 | #define sk_POLICYINFO_new_null() SKM_sk_new_null(POLICYINFO) | ||
| 909 | #define sk_POLICYINFO_free(st) SKM_sk_free(POLICYINFO, (st)) | ||
| 910 | #define sk_POLICYINFO_num(st) SKM_sk_num(POLICYINFO, (st)) | ||
| 911 | #define sk_POLICYINFO_value(st, i) SKM_sk_value(POLICYINFO, (st), (i)) | ||
| 912 | #define sk_POLICYINFO_set(st, i, val) SKM_sk_set(POLICYINFO, (st), (i), (val)) | ||
| 913 | #define sk_POLICYINFO_zero(st) SKM_sk_zero(POLICYINFO, (st)) | ||
| 914 | #define sk_POLICYINFO_push(st, val) SKM_sk_push(POLICYINFO, (st), (val)) | ||
| 915 | #define sk_POLICYINFO_unshift(st, val) SKM_sk_unshift(POLICYINFO, (st), (val)) | ||
| 916 | #define sk_POLICYINFO_find(st, val) SKM_sk_find(POLICYINFO, (st), (val)) | ||
| 917 | #define sk_POLICYINFO_delete(st, i) SKM_sk_delete(POLICYINFO, (st), (i)) | ||
| 918 | #define sk_POLICYINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYINFO, (st), (ptr)) | ||
| 919 | #define sk_POLICYINFO_insert(st, val, i) SKM_sk_insert(POLICYINFO, (st), (val), (i)) | ||
| 920 | #define sk_POLICYINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYINFO, (st), (cmp)) | ||
| 921 | #define sk_POLICYINFO_dup(st) SKM_sk_dup(POLICYINFO, st) | ||
| 922 | #define sk_POLICYINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYINFO, (st), (free_func)) | ||
| 923 | #define sk_POLICYINFO_shift(st) SKM_sk_shift(POLICYINFO, (st)) | ||
| 924 | #define sk_POLICYINFO_pop(st) SKM_sk_pop(POLICYINFO, (st)) | ||
| 925 | #define sk_POLICYINFO_sort(st) SKM_sk_sort(POLICYINFO, (st)) | ||
| 926 | |||
| 927 | #define sk_POLICYQUALINFO_new(st) SKM_sk_new(POLICYQUALINFO, (st)) | ||
| 928 | #define sk_POLICYQUALINFO_new_null() SKM_sk_new_null(POLICYQUALINFO) | ||
| 929 | #define sk_POLICYQUALINFO_free(st) SKM_sk_free(POLICYQUALINFO, (st)) | ||
| 930 | #define sk_POLICYQUALINFO_num(st) SKM_sk_num(POLICYQUALINFO, (st)) | ||
| 931 | #define sk_POLICYQUALINFO_value(st, i) SKM_sk_value(POLICYQUALINFO, (st), (i)) | ||
| 932 | #define sk_POLICYQUALINFO_set(st, i, val) SKM_sk_set(POLICYQUALINFO, (st), (i), (val)) | ||
| 933 | #define sk_POLICYQUALINFO_zero(st) SKM_sk_zero(POLICYQUALINFO, (st)) | ||
| 934 | #define sk_POLICYQUALINFO_push(st, val) SKM_sk_push(POLICYQUALINFO, (st), (val)) | ||
| 935 | #define sk_POLICYQUALINFO_unshift(st, val) SKM_sk_unshift(POLICYQUALINFO, (st), (val)) | ||
| 936 | #define sk_POLICYQUALINFO_find(st, val) SKM_sk_find(POLICYQUALINFO, (st), (val)) | ||
| 937 | #define sk_POLICYQUALINFO_delete(st, i) SKM_sk_delete(POLICYQUALINFO, (st), (i)) | ||
| 938 | #define sk_POLICYQUALINFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(POLICYQUALINFO, (st), (ptr)) | ||
| 939 | #define sk_POLICYQUALINFO_insert(st, val, i) SKM_sk_insert(POLICYQUALINFO, (st), (val), (i)) | ||
| 940 | #define sk_POLICYQUALINFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(POLICYQUALINFO, (st), (cmp)) | ||
| 941 | #define sk_POLICYQUALINFO_dup(st) SKM_sk_dup(POLICYQUALINFO, st) | ||
| 942 | #define sk_POLICYQUALINFO_pop_free(st, free_func) SKM_sk_pop_free(POLICYQUALINFO, (st), (free_func)) | ||
| 943 | #define sk_POLICYQUALINFO_shift(st) SKM_sk_shift(POLICYQUALINFO, (st)) | ||
| 944 | #define sk_POLICYQUALINFO_pop(st) SKM_sk_pop(POLICYQUALINFO, (st)) | ||
| 945 | #define sk_POLICYQUALINFO_sort(st) SKM_sk_sort(POLICYQUALINFO, (st)) | ||
| 946 | |||
| 947 | #define sk_SSL_CIPHER_new(st) SKM_sk_new(SSL_CIPHER, (st)) | ||
| 948 | #define sk_SSL_CIPHER_new_null() SKM_sk_new_null(SSL_CIPHER) | ||
| 949 | #define sk_SSL_CIPHER_free(st) SKM_sk_free(SSL_CIPHER, (st)) | ||
| 950 | #define sk_SSL_CIPHER_num(st) SKM_sk_num(SSL_CIPHER, (st)) | ||
| 951 | #define sk_SSL_CIPHER_value(st, i) SKM_sk_value(SSL_CIPHER, (st), (i)) | ||
| 952 | #define sk_SSL_CIPHER_set(st, i, val) SKM_sk_set(SSL_CIPHER, (st), (i), (val)) | ||
| 953 | #define sk_SSL_CIPHER_zero(st) SKM_sk_zero(SSL_CIPHER, (st)) | ||
| 954 | #define sk_SSL_CIPHER_push(st, val) SKM_sk_push(SSL_CIPHER, (st), (val)) | ||
| 955 | #define sk_SSL_CIPHER_unshift(st, val) SKM_sk_unshift(SSL_CIPHER, (st), (val)) | ||
| 956 | #define sk_SSL_CIPHER_find(st, val) SKM_sk_find(SSL_CIPHER, (st), (val)) | ||
| 957 | #define sk_SSL_CIPHER_delete(st, i) SKM_sk_delete(SSL_CIPHER, (st), (i)) | ||
| 958 | #define sk_SSL_CIPHER_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_CIPHER, (st), (ptr)) | ||
| 959 | #define sk_SSL_CIPHER_insert(st, val, i) SKM_sk_insert(SSL_CIPHER, (st), (val), (i)) | ||
| 960 | #define sk_SSL_CIPHER_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_CIPHER, (st), (cmp)) | ||
| 961 | #define sk_SSL_CIPHER_dup(st) SKM_sk_dup(SSL_CIPHER, st) | ||
| 962 | #define sk_SSL_CIPHER_pop_free(st, free_func) SKM_sk_pop_free(SSL_CIPHER, (st), (free_func)) | ||
| 963 | #define sk_SSL_CIPHER_shift(st) SKM_sk_shift(SSL_CIPHER, (st)) | ||
| 964 | #define sk_SSL_CIPHER_pop(st) SKM_sk_pop(SSL_CIPHER, (st)) | ||
| 965 | #define sk_SSL_CIPHER_sort(st) SKM_sk_sort(SSL_CIPHER, (st)) | ||
| 966 | |||
| 967 | #define sk_SSL_COMP_new(st) SKM_sk_new(SSL_COMP, (st)) | ||
| 968 | #define sk_SSL_COMP_new_null() SKM_sk_new_null(SSL_COMP) | ||
| 969 | #define sk_SSL_COMP_free(st) SKM_sk_free(SSL_COMP, (st)) | ||
| 970 | #define sk_SSL_COMP_num(st) SKM_sk_num(SSL_COMP, (st)) | ||
| 971 | #define sk_SSL_COMP_value(st, i) SKM_sk_value(SSL_COMP, (st), (i)) | ||
| 972 | #define sk_SSL_COMP_set(st, i, val) SKM_sk_set(SSL_COMP, (st), (i), (val)) | ||
| 973 | #define sk_SSL_COMP_zero(st) SKM_sk_zero(SSL_COMP, (st)) | ||
| 974 | #define sk_SSL_COMP_push(st, val) SKM_sk_push(SSL_COMP, (st), (val)) | ||
| 975 | #define sk_SSL_COMP_unshift(st, val) SKM_sk_unshift(SSL_COMP, (st), (val)) | ||
| 976 | #define sk_SSL_COMP_find(st, val) SKM_sk_find(SSL_COMP, (st), (val)) | ||
| 977 | #define sk_SSL_COMP_delete(st, i) SKM_sk_delete(SSL_COMP, (st), (i)) | ||
| 978 | #define sk_SSL_COMP_delete_ptr(st, ptr) SKM_sk_delete_ptr(SSL_COMP, (st), (ptr)) | ||
| 979 | #define sk_SSL_COMP_insert(st, val, i) SKM_sk_insert(SSL_COMP, (st), (val), (i)) | ||
| 980 | #define sk_SSL_COMP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SSL_COMP, (st), (cmp)) | ||
| 981 | #define sk_SSL_COMP_dup(st) SKM_sk_dup(SSL_COMP, st) | ||
| 982 | #define sk_SSL_COMP_pop_free(st, free_func) SKM_sk_pop_free(SSL_COMP, (st), (free_func)) | ||
| 983 | #define sk_SSL_COMP_shift(st) SKM_sk_shift(SSL_COMP, (st)) | ||
| 984 | #define sk_SSL_COMP_pop(st) SKM_sk_pop(SSL_COMP, (st)) | ||
| 985 | #define sk_SSL_COMP_sort(st) SKM_sk_sort(SSL_COMP, (st)) | ||
| 986 | |||
| 987 | #define sk_SXNETID_new(st) SKM_sk_new(SXNETID, (st)) | ||
| 988 | #define sk_SXNETID_new_null() SKM_sk_new_null(SXNETID) | ||
| 989 | #define sk_SXNETID_free(st) SKM_sk_free(SXNETID, (st)) | ||
| 990 | #define sk_SXNETID_num(st) SKM_sk_num(SXNETID, (st)) | ||
| 991 | #define sk_SXNETID_value(st, i) SKM_sk_value(SXNETID, (st), (i)) | ||
| 992 | #define sk_SXNETID_set(st, i, val) SKM_sk_set(SXNETID, (st), (i), (val)) | ||
| 993 | #define sk_SXNETID_zero(st) SKM_sk_zero(SXNETID, (st)) | ||
| 994 | #define sk_SXNETID_push(st, val) SKM_sk_push(SXNETID, (st), (val)) | ||
| 995 | #define sk_SXNETID_unshift(st, val) SKM_sk_unshift(SXNETID, (st), (val)) | ||
| 996 | #define sk_SXNETID_find(st, val) SKM_sk_find(SXNETID, (st), (val)) | ||
| 997 | #define sk_SXNETID_delete(st, i) SKM_sk_delete(SXNETID, (st), (i)) | ||
| 998 | #define sk_SXNETID_delete_ptr(st, ptr) SKM_sk_delete_ptr(SXNETID, (st), (ptr)) | ||
| 999 | #define sk_SXNETID_insert(st, val, i) SKM_sk_insert(SXNETID, (st), (val), (i)) | ||
| 1000 | #define sk_SXNETID_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(SXNETID, (st), (cmp)) | ||
| 1001 | #define sk_SXNETID_dup(st) SKM_sk_dup(SXNETID, st) | ||
| 1002 | #define sk_SXNETID_pop_free(st, free_func) SKM_sk_pop_free(SXNETID, (st), (free_func)) | ||
| 1003 | #define sk_SXNETID_shift(st) SKM_sk_shift(SXNETID, (st)) | ||
| 1004 | #define sk_SXNETID_pop(st) SKM_sk_pop(SXNETID, (st)) | ||
| 1005 | #define sk_SXNETID_sort(st) SKM_sk_sort(SXNETID, (st)) | ||
| 1006 | |||
| 1007 | #define sk_UI_STRING_new(st) SKM_sk_new(UI_STRING, (st)) | ||
| 1008 | #define sk_UI_STRING_new_null() SKM_sk_new_null(UI_STRING) | ||
| 1009 | #define sk_UI_STRING_free(st) SKM_sk_free(UI_STRING, (st)) | ||
| 1010 | #define sk_UI_STRING_num(st) SKM_sk_num(UI_STRING, (st)) | ||
| 1011 | #define sk_UI_STRING_value(st, i) SKM_sk_value(UI_STRING, (st), (i)) | ||
| 1012 | #define sk_UI_STRING_set(st, i, val) SKM_sk_set(UI_STRING, (st), (i), (val)) | ||
| 1013 | #define sk_UI_STRING_zero(st) SKM_sk_zero(UI_STRING, (st)) | ||
| 1014 | #define sk_UI_STRING_push(st, val) SKM_sk_push(UI_STRING, (st), (val)) | ||
| 1015 | #define sk_UI_STRING_unshift(st, val) SKM_sk_unshift(UI_STRING, (st), (val)) | ||
| 1016 | #define sk_UI_STRING_find(st, val) SKM_sk_find(UI_STRING, (st), (val)) | ||
| 1017 | #define sk_UI_STRING_delete(st, i) SKM_sk_delete(UI_STRING, (st), (i)) | ||
| 1018 | #define sk_UI_STRING_delete_ptr(st, ptr) SKM_sk_delete_ptr(UI_STRING, (st), (ptr)) | ||
| 1019 | #define sk_UI_STRING_insert(st, val, i) SKM_sk_insert(UI_STRING, (st), (val), (i)) | ||
| 1020 | #define sk_UI_STRING_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(UI_STRING, (st), (cmp)) | ||
| 1021 | #define sk_UI_STRING_dup(st) SKM_sk_dup(UI_STRING, st) | ||
| 1022 | #define sk_UI_STRING_pop_free(st, free_func) SKM_sk_pop_free(UI_STRING, (st), (free_func)) | ||
| 1023 | #define sk_UI_STRING_shift(st) SKM_sk_shift(UI_STRING, (st)) | ||
| 1024 | #define sk_UI_STRING_pop(st) SKM_sk_pop(UI_STRING, (st)) | ||
| 1025 | #define sk_UI_STRING_sort(st) SKM_sk_sort(UI_STRING, (st)) | ||
| 1026 | |||
| 1027 | #define sk_X509_new(st) SKM_sk_new(X509, (st)) | ||
| 1028 | #define sk_X509_new_null() SKM_sk_new_null(X509) | ||
| 1029 | #define sk_X509_free(st) SKM_sk_free(X509, (st)) | ||
| 1030 | #define sk_X509_num(st) SKM_sk_num(X509, (st)) | ||
| 1031 | #define sk_X509_value(st, i) SKM_sk_value(X509, (st), (i)) | ||
| 1032 | #define sk_X509_set(st, i, val) SKM_sk_set(X509, (st), (i), (val)) | ||
| 1033 | #define sk_X509_zero(st) SKM_sk_zero(X509, (st)) | ||
| 1034 | #define sk_X509_push(st, val) SKM_sk_push(X509, (st), (val)) | ||
| 1035 | #define sk_X509_unshift(st, val) SKM_sk_unshift(X509, (st), (val)) | ||
| 1036 | #define sk_X509_find(st, val) SKM_sk_find(X509, (st), (val)) | ||
| 1037 | #define sk_X509_delete(st, i) SKM_sk_delete(X509, (st), (i)) | ||
| 1038 | #define sk_X509_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509, (st), (ptr)) | ||
| 1039 | #define sk_X509_insert(st, val, i) SKM_sk_insert(X509, (st), (val), (i)) | ||
| 1040 | #define sk_X509_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509, (st), (cmp)) | ||
| 1041 | #define sk_X509_dup(st) SKM_sk_dup(X509, st) | ||
| 1042 | #define sk_X509_pop_free(st, free_func) SKM_sk_pop_free(X509, (st), (free_func)) | ||
| 1043 | #define sk_X509_shift(st) SKM_sk_shift(X509, (st)) | ||
| 1044 | #define sk_X509_pop(st) SKM_sk_pop(X509, (st)) | ||
| 1045 | #define sk_X509_sort(st) SKM_sk_sort(X509, (st)) | ||
| 1046 | |||
| 1047 | #define sk_X509V3_EXT_METHOD_new(st) SKM_sk_new(X509V3_EXT_METHOD, (st)) | ||
| 1048 | #define sk_X509V3_EXT_METHOD_new_null() SKM_sk_new_null(X509V3_EXT_METHOD) | ||
| 1049 | #define sk_X509V3_EXT_METHOD_free(st) SKM_sk_free(X509V3_EXT_METHOD, (st)) | ||
| 1050 | #define sk_X509V3_EXT_METHOD_num(st) SKM_sk_num(X509V3_EXT_METHOD, (st)) | ||
| 1051 | #define sk_X509V3_EXT_METHOD_value(st, i) SKM_sk_value(X509V3_EXT_METHOD, (st), (i)) | ||
| 1052 | #define sk_X509V3_EXT_METHOD_set(st, i, val) SKM_sk_set(X509V3_EXT_METHOD, (st), (i), (val)) | ||
| 1053 | #define sk_X509V3_EXT_METHOD_zero(st) SKM_sk_zero(X509V3_EXT_METHOD, (st)) | ||
| 1054 | #define sk_X509V3_EXT_METHOD_push(st, val) SKM_sk_push(X509V3_EXT_METHOD, (st), (val)) | ||
| 1055 | #define sk_X509V3_EXT_METHOD_unshift(st, val) SKM_sk_unshift(X509V3_EXT_METHOD, (st), (val)) | ||
| 1056 | #define sk_X509V3_EXT_METHOD_find(st, val) SKM_sk_find(X509V3_EXT_METHOD, (st), (val)) | ||
| 1057 | #define sk_X509V3_EXT_METHOD_delete(st, i) SKM_sk_delete(X509V3_EXT_METHOD, (st), (i)) | ||
| 1058 | #define sk_X509V3_EXT_METHOD_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509V3_EXT_METHOD, (st), (ptr)) | ||
| 1059 | #define sk_X509V3_EXT_METHOD_insert(st, val, i) SKM_sk_insert(X509V3_EXT_METHOD, (st), (val), (i)) | ||
| 1060 | #define sk_X509V3_EXT_METHOD_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509V3_EXT_METHOD, (st), (cmp)) | ||
| 1061 | #define sk_X509V3_EXT_METHOD_dup(st) SKM_sk_dup(X509V3_EXT_METHOD, st) | ||
| 1062 | #define sk_X509V3_EXT_METHOD_pop_free(st, free_func) SKM_sk_pop_free(X509V3_EXT_METHOD, (st), (free_func)) | ||
| 1063 | #define sk_X509V3_EXT_METHOD_shift(st) SKM_sk_shift(X509V3_EXT_METHOD, (st)) | ||
| 1064 | #define sk_X509V3_EXT_METHOD_pop(st) SKM_sk_pop(X509V3_EXT_METHOD, (st)) | ||
| 1065 | #define sk_X509V3_EXT_METHOD_sort(st) SKM_sk_sort(X509V3_EXT_METHOD, (st)) | ||
| 1066 | |||
| 1067 | #define sk_X509_ALGOR_new(st) SKM_sk_new(X509_ALGOR, (st)) | ||
| 1068 | #define sk_X509_ALGOR_new_null() SKM_sk_new_null(X509_ALGOR) | ||
| 1069 | #define sk_X509_ALGOR_free(st) SKM_sk_free(X509_ALGOR, (st)) | ||
| 1070 | #define sk_X509_ALGOR_num(st) SKM_sk_num(X509_ALGOR, (st)) | ||
| 1071 | #define sk_X509_ALGOR_value(st, i) SKM_sk_value(X509_ALGOR, (st), (i)) | ||
| 1072 | #define sk_X509_ALGOR_set(st, i, val) SKM_sk_set(X509_ALGOR, (st), (i), (val)) | ||
| 1073 | #define sk_X509_ALGOR_zero(st) SKM_sk_zero(X509_ALGOR, (st)) | ||
| 1074 | #define sk_X509_ALGOR_push(st, val) SKM_sk_push(X509_ALGOR, (st), (val)) | ||
| 1075 | #define sk_X509_ALGOR_unshift(st, val) SKM_sk_unshift(X509_ALGOR, (st), (val)) | ||
| 1076 | #define sk_X509_ALGOR_find(st, val) SKM_sk_find(X509_ALGOR, (st), (val)) | ||
| 1077 | #define sk_X509_ALGOR_delete(st, i) SKM_sk_delete(X509_ALGOR, (st), (i)) | ||
| 1078 | #define sk_X509_ALGOR_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ALGOR, (st), (ptr)) | ||
| 1079 | #define sk_X509_ALGOR_insert(st, val, i) SKM_sk_insert(X509_ALGOR, (st), (val), (i)) | ||
| 1080 | #define sk_X509_ALGOR_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ALGOR, (st), (cmp)) | ||
| 1081 | #define sk_X509_ALGOR_dup(st) SKM_sk_dup(X509_ALGOR, st) | ||
| 1082 | #define sk_X509_ALGOR_pop_free(st, free_func) SKM_sk_pop_free(X509_ALGOR, (st), (free_func)) | ||
| 1083 | #define sk_X509_ALGOR_shift(st) SKM_sk_shift(X509_ALGOR, (st)) | ||
| 1084 | #define sk_X509_ALGOR_pop(st) SKM_sk_pop(X509_ALGOR, (st)) | ||
| 1085 | #define sk_X509_ALGOR_sort(st) SKM_sk_sort(X509_ALGOR, (st)) | ||
| 1086 | |||
| 1087 | #define sk_X509_ATTRIBUTE_new(st) SKM_sk_new(X509_ATTRIBUTE, (st)) | ||
| 1088 | #define sk_X509_ATTRIBUTE_new_null() SKM_sk_new_null(X509_ATTRIBUTE) | ||
| 1089 | #define sk_X509_ATTRIBUTE_free(st) SKM_sk_free(X509_ATTRIBUTE, (st)) | ||
| 1090 | #define sk_X509_ATTRIBUTE_num(st) SKM_sk_num(X509_ATTRIBUTE, (st)) | ||
| 1091 | #define sk_X509_ATTRIBUTE_value(st, i) SKM_sk_value(X509_ATTRIBUTE, (st), (i)) | ||
| 1092 | #define sk_X509_ATTRIBUTE_set(st, i, val) SKM_sk_set(X509_ATTRIBUTE, (st), (i), (val)) | ||
| 1093 | #define sk_X509_ATTRIBUTE_zero(st) SKM_sk_zero(X509_ATTRIBUTE, (st)) | ||
| 1094 | #define sk_X509_ATTRIBUTE_push(st, val) SKM_sk_push(X509_ATTRIBUTE, (st), (val)) | ||
| 1095 | #define sk_X509_ATTRIBUTE_unshift(st, val) SKM_sk_unshift(X509_ATTRIBUTE, (st), (val)) | ||
| 1096 | #define sk_X509_ATTRIBUTE_find(st, val) SKM_sk_find(X509_ATTRIBUTE, (st), (val)) | ||
| 1097 | #define sk_X509_ATTRIBUTE_delete(st, i) SKM_sk_delete(X509_ATTRIBUTE, (st), (i)) | ||
| 1098 | #define sk_X509_ATTRIBUTE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_ATTRIBUTE, (st), (ptr)) | ||
| 1099 | #define sk_X509_ATTRIBUTE_insert(st, val, i) SKM_sk_insert(X509_ATTRIBUTE, (st), (val), (i)) | ||
| 1100 | #define sk_X509_ATTRIBUTE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_ATTRIBUTE, (st), (cmp)) | ||
| 1101 | #define sk_X509_ATTRIBUTE_dup(st) SKM_sk_dup(X509_ATTRIBUTE, st) | ||
| 1102 | #define sk_X509_ATTRIBUTE_pop_free(st, free_func) SKM_sk_pop_free(X509_ATTRIBUTE, (st), (free_func)) | ||
| 1103 | #define sk_X509_ATTRIBUTE_shift(st) SKM_sk_shift(X509_ATTRIBUTE, (st)) | ||
| 1104 | #define sk_X509_ATTRIBUTE_pop(st) SKM_sk_pop(X509_ATTRIBUTE, (st)) | ||
| 1105 | #define sk_X509_ATTRIBUTE_sort(st) SKM_sk_sort(X509_ATTRIBUTE, (st)) | ||
| 1106 | |||
| 1107 | #define sk_X509_CRL_new(st) SKM_sk_new(X509_CRL, (st)) | ||
| 1108 | #define sk_X509_CRL_new_null() SKM_sk_new_null(X509_CRL) | ||
| 1109 | #define sk_X509_CRL_free(st) SKM_sk_free(X509_CRL, (st)) | ||
| 1110 | #define sk_X509_CRL_num(st) SKM_sk_num(X509_CRL, (st)) | ||
| 1111 | #define sk_X509_CRL_value(st, i) SKM_sk_value(X509_CRL, (st), (i)) | ||
| 1112 | #define sk_X509_CRL_set(st, i, val) SKM_sk_set(X509_CRL, (st), (i), (val)) | ||
| 1113 | #define sk_X509_CRL_zero(st) SKM_sk_zero(X509_CRL, (st)) | ||
| 1114 | #define sk_X509_CRL_push(st, val) SKM_sk_push(X509_CRL, (st), (val)) | ||
| 1115 | #define sk_X509_CRL_unshift(st, val) SKM_sk_unshift(X509_CRL, (st), (val)) | ||
| 1116 | #define sk_X509_CRL_find(st, val) SKM_sk_find(X509_CRL, (st), (val)) | ||
| 1117 | #define sk_X509_CRL_delete(st, i) SKM_sk_delete(X509_CRL, (st), (i)) | ||
| 1118 | #define sk_X509_CRL_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_CRL, (st), (ptr)) | ||
| 1119 | #define sk_X509_CRL_insert(st, val, i) SKM_sk_insert(X509_CRL, (st), (val), (i)) | ||
| 1120 | #define sk_X509_CRL_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_CRL, (st), (cmp)) | ||
| 1121 | #define sk_X509_CRL_dup(st) SKM_sk_dup(X509_CRL, st) | ||
| 1122 | #define sk_X509_CRL_pop_free(st, free_func) SKM_sk_pop_free(X509_CRL, (st), (free_func)) | ||
| 1123 | #define sk_X509_CRL_shift(st) SKM_sk_shift(X509_CRL, (st)) | ||
| 1124 | #define sk_X509_CRL_pop(st) SKM_sk_pop(X509_CRL, (st)) | ||
| 1125 | #define sk_X509_CRL_sort(st) SKM_sk_sort(X509_CRL, (st)) | ||
| 1126 | |||
| 1127 | #define sk_X509_EXTENSION_new(st) SKM_sk_new(X509_EXTENSION, (st)) | ||
| 1128 | #define sk_X509_EXTENSION_new_null() SKM_sk_new_null(X509_EXTENSION) | ||
| 1129 | #define sk_X509_EXTENSION_free(st) SKM_sk_free(X509_EXTENSION, (st)) | ||
| 1130 | #define sk_X509_EXTENSION_num(st) SKM_sk_num(X509_EXTENSION, (st)) | ||
| 1131 | #define sk_X509_EXTENSION_value(st, i) SKM_sk_value(X509_EXTENSION, (st), (i)) | ||
| 1132 | #define sk_X509_EXTENSION_set(st, i, val) SKM_sk_set(X509_EXTENSION, (st), (i), (val)) | ||
| 1133 | #define sk_X509_EXTENSION_zero(st) SKM_sk_zero(X509_EXTENSION, (st)) | ||
| 1134 | #define sk_X509_EXTENSION_push(st, val) SKM_sk_push(X509_EXTENSION, (st), (val)) | ||
| 1135 | #define sk_X509_EXTENSION_unshift(st, val) SKM_sk_unshift(X509_EXTENSION, (st), (val)) | ||
| 1136 | #define sk_X509_EXTENSION_find(st, val) SKM_sk_find(X509_EXTENSION, (st), (val)) | ||
| 1137 | #define sk_X509_EXTENSION_delete(st, i) SKM_sk_delete(X509_EXTENSION, (st), (i)) | ||
| 1138 | #define sk_X509_EXTENSION_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_EXTENSION, (st), (ptr)) | ||
| 1139 | #define sk_X509_EXTENSION_insert(st, val, i) SKM_sk_insert(X509_EXTENSION, (st), (val), (i)) | ||
| 1140 | #define sk_X509_EXTENSION_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_EXTENSION, (st), (cmp)) | ||
| 1141 | #define sk_X509_EXTENSION_dup(st) SKM_sk_dup(X509_EXTENSION, st) | ||
| 1142 | #define sk_X509_EXTENSION_pop_free(st, free_func) SKM_sk_pop_free(X509_EXTENSION, (st), (free_func)) | ||
| 1143 | #define sk_X509_EXTENSION_shift(st) SKM_sk_shift(X509_EXTENSION, (st)) | ||
| 1144 | #define sk_X509_EXTENSION_pop(st) SKM_sk_pop(X509_EXTENSION, (st)) | ||
| 1145 | #define sk_X509_EXTENSION_sort(st) SKM_sk_sort(X509_EXTENSION, (st)) | ||
| 1146 | |||
| 1147 | #define sk_X509_INFO_new(st) SKM_sk_new(X509_INFO, (st)) | ||
| 1148 | #define sk_X509_INFO_new_null() SKM_sk_new_null(X509_INFO) | ||
| 1149 | #define sk_X509_INFO_free(st) SKM_sk_free(X509_INFO, (st)) | ||
| 1150 | #define sk_X509_INFO_num(st) SKM_sk_num(X509_INFO, (st)) | ||
| 1151 | #define sk_X509_INFO_value(st, i) SKM_sk_value(X509_INFO, (st), (i)) | ||
| 1152 | #define sk_X509_INFO_set(st, i, val) SKM_sk_set(X509_INFO, (st), (i), (val)) | ||
| 1153 | #define sk_X509_INFO_zero(st) SKM_sk_zero(X509_INFO, (st)) | ||
| 1154 | #define sk_X509_INFO_push(st, val) SKM_sk_push(X509_INFO, (st), (val)) | ||
| 1155 | #define sk_X509_INFO_unshift(st, val) SKM_sk_unshift(X509_INFO, (st), (val)) | ||
| 1156 | #define sk_X509_INFO_find(st, val) SKM_sk_find(X509_INFO, (st), (val)) | ||
| 1157 | #define sk_X509_INFO_delete(st, i) SKM_sk_delete(X509_INFO, (st), (i)) | ||
| 1158 | #define sk_X509_INFO_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_INFO, (st), (ptr)) | ||
| 1159 | #define sk_X509_INFO_insert(st, val, i) SKM_sk_insert(X509_INFO, (st), (val), (i)) | ||
| 1160 | #define sk_X509_INFO_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_INFO, (st), (cmp)) | ||
| 1161 | #define sk_X509_INFO_dup(st) SKM_sk_dup(X509_INFO, st) | ||
| 1162 | #define sk_X509_INFO_pop_free(st, free_func) SKM_sk_pop_free(X509_INFO, (st), (free_func)) | ||
| 1163 | #define sk_X509_INFO_shift(st) SKM_sk_shift(X509_INFO, (st)) | ||
| 1164 | #define sk_X509_INFO_pop(st) SKM_sk_pop(X509_INFO, (st)) | ||
| 1165 | #define sk_X509_INFO_sort(st) SKM_sk_sort(X509_INFO, (st)) | ||
| 1166 | |||
| 1167 | #define sk_X509_LOOKUP_new(st) SKM_sk_new(X509_LOOKUP, (st)) | ||
| 1168 | #define sk_X509_LOOKUP_new_null() SKM_sk_new_null(X509_LOOKUP) | ||
| 1169 | #define sk_X509_LOOKUP_free(st) SKM_sk_free(X509_LOOKUP, (st)) | ||
| 1170 | #define sk_X509_LOOKUP_num(st) SKM_sk_num(X509_LOOKUP, (st)) | ||
| 1171 | #define sk_X509_LOOKUP_value(st, i) SKM_sk_value(X509_LOOKUP, (st), (i)) | ||
| 1172 | #define sk_X509_LOOKUP_set(st, i, val) SKM_sk_set(X509_LOOKUP, (st), (i), (val)) | ||
| 1173 | #define sk_X509_LOOKUP_zero(st) SKM_sk_zero(X509_LOOKUP, (st)) | ||
| 1174 | #define sk_X509_LOOKUP_push(st, val) SKM_sk_push(X509_LOOKUP, (st), (val)) | ||
| 1175 | #define sk_X509_LOOKUP_unshift(st, val) SKM_sk_unshift(X509_LOOKUP, (st), (val)) | ||
| 1176 | #define sk_X509_LOOKUP_find(st, val) SKM_sk_find(X509_LOOKUP, (st), (val)) | ||
| 1177 | #define sk_X509_LOOKUP_delete(st, i) SKM_sk_delete(X509_LOOKUP, (st), (i)) | ||
| 1178 | #define sk_X509_LOOKUP_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_LOOKUP, (st), (ptr)) | ||
| 1179 | #define sk_X509_LOOKUP_insert(st, val, i) SKM_sk_insert(X509_LOOKUP, (st), (val), (i)) | ||
| 1180 | #define sk_X509_LOOKUP_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_LOOKUP, (st), (cmp)) | ||
| 1181 | #define sk_X509_LOOKUP_dup(st) SKM_sk_dup(X509_LOOKUP, st) | ||
| 1182 | #define sk_X509_LOOKUP_pop_free(st, free_func) SKM_sk_pop_free(X509_LOOKUP, (st), (free_func)) | ||
| 1183 | #define sk_X509_LOOKUP_shift(st) SKM_sk_shift(X509_LOOKUP, (st)) | ||
| 1184 | #define sk_X509_LOOKUP_pop(st) SKM_sk_pop(X509_LOOKUP, (st)) | ||
| 1185 | #define sk_X509_LOOKUP_sort(st) SKM_sk_sort(X509_LOOKUP, (st)) | ||
| 1186 | |||
| 1187 | #define sk_X509_NAME_new(st) SKM_sk_new(X509_NAME, (st)) | ||
| 1188 | #define sk_X509_NAME_new_null() SKM_sk_new_null(X509_NAME) | ||
| 1189 | #define sk_X509_NAME_free(st) SKM_sk_free(X509_NAME, (st)) | ||
| 1190 | #define sk_X509_NAME_num(st) SKM_sk_num(X509_NAME, (st)) | ||
| 1191 | #define sk_X509_NAME_value(st, i) SKM_sk_value(X509_NAME, (st), (i)) | ||
| 1192 | #define sk_X509_NAME_set(st, i, val) SKM_sk_set(X509_NAME, (st), (i), (val)) | ||
| 1193 | #define sk_X509_NAME_zero(st) SKM_sk_zero(X509_NAME, (st)) | ||
| 1194 | #define sk_X509_NAME_push(st, val) SKM_sk_push(X509_NAME, (st), (val)) | ||
| 1195 | #define sk_X509_NAME_unshift(st, val) SKM_sk_unshift(X509_NAME, (st), (val)) | ||
| 1196 | #define sk_X509_NAME_find(st, val) SKM_sk_find(X509_NAME, (st), (val)) | ||
| 1197 | #define sk_X509_NAME_delete(st, i) SKM_sk_delete(X509_NAME, (st), (i)) | ||
| 1198 | #define sk_X509_NAME_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME, (st), (ptr)) | ||
| 1199 | #define sk_X509_NAME_insert(st, val, i) SKM_sk_insert(X509_NAME, (st), (val), (i)) | ||
| 1200 | #define sk_X509_NAME_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME, (st), (cmp)) | ||
| 1201 | #define sk_X509_NAME_dup(st) SKM_sk_dup(X509_NAME, st) | ||
| 1202 | #define sk_X509_NAME_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME, (st), (free_func)) | ||
| 1203 | #define sk_X509_NAME_shift(st) SKM_sk_shift(X509_NAME, (st)) | ||
| 1204 | #define sk_X509_NAME_pop(st) SKM_sk_pop(X509_NAME, (st)) | ||
| 1205 | #define sk_X509_NAME_sort(st) SKM_sk_sort(X509_NAME, (st)) | ||
| 1206 | |||
| 1207 | #define sk_X509_NAME_ENTRY_new(st) SKM_sk_new(X509_NAME_ENTRY, (st)) | ||
| 1208 | #define sk_X509_NAME_ENTRY_new_null() SKM_sk_new_null(X509_NAME_ENTRY) | ||
| 1209 | #define sk_X509_NAME_ENTRY_free(st) SKM_sk_free(X509_NAME_ENTRY, (st)) | ||
| 1210 | #define sk_X509_NAME_ENTRY_num(st) SKM_sk_num(X509_NAME_ENTRY, (st)) | ||
| 1211 | #define sk_X509_NAME_ENTRY_value(st, i) SKM_sk_value(X509_NAME_ENTRY, (st), (i)) | ||
| 1212 | #define sk_X509_NAME_ENTRY_set(st, i, val) SKM_sk_set(X509_NAME_ENTRY, (st), (i), (val)) | ||
| 1213 | #define sk_X509_NAME_ENTRY_zero(st) SKM_sk_zero(X509_NAME_ENTRY, (st)) | ||
| 1214 | #define sk_X509_NAME_ENTRY_push(st, val) SKM_sk_push(X509_NAME_ENTRY, (st), (val)) | ||
| 1215 | #define sk_X509_NAME_ENTRY_unshift(st, val) SKM_sk_unshift(X509_NAME_ENTRY, (st), (val)) | ||
| 1216 | #define sk_X509_NAME_ENTRY_find(st, val) SKM_sk_find(X509_NAME_ENTRY, (st), (val)) | ||
| 1217 | #define sk_X509_NAME_ENTRY_delete(st, i) SKM_sk_delete(X509_NAME_ENTRY, (st), (i)) | ||
| 1218 | #define sk_X509_NAME_ENTRY_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_NAME_ENTRY, (st), (ptr)) | ||
| 1219 | #define sk_X509_NAME_ENTRY_insert(st, val, i) SKM_sk_insert(X509_NAME_ENTRY, (st), (val), (i)) | ||
| 1220 | #define sk_X509_NAME_ENTRY_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_NAME_ENTRY, (st), (cmp)) | ||
| 1221 | #define sk_X509_NAME_ENTRY_dup(st) SKM_sk_dup(X509_NAME_ENTRY, st) | ||
| 1222 | #define sk_X509_NAME_ENTRY_pop_free(st, free_func) SKM_sk_pop_free(X509_NAME_ENTRY, (st), (free_func)) | ||
| 1223 | #define sk_X509_NAME_ENTRY_shift(st) SKM_sk_shift(X509_NAME_ENTRY, (st)) | ||
| 1224 | #define sk_X509_NAME_ENTRY_pop(st) SKM_sk_pop(X509_NAME_ENTRY, (st)) | ||
| 1225 | #define sk_X509_NAME_ENTRY_sort(st) SKM_sk_sort(X509_NAME_ENTRY, (st)) | ||
| 1226 | |||
| 1227 | #define sk_X509_OBJECT_new(st) SKM_sk_new(X509_OBJECT, (st)) | ||
| 1228 | #define sk_X509_OBJECT_new_null() SKM_sk_new_null(X509_OBJECT) | ||
| 1229 | #define sk_X509_OBJECT_free(st) SKM_sk_free(X509_OBJECT, (st)) | ||
| 1230 | #define sk_X509_OBJECT_num(st) SKM_sk_num(X509_OBJECT, (st)) | ||
| 1231 | #define sk_X509_OBJECT_value(st, i) SKM_sk_value(X509_OBJECT, (st), (i)) | ||
| 1232 | #define sk_X509_OBJECT_set(st, i, val) SKM_sk_set(X509_OBJECT, (st), (i), (val)) | ||
| 1233 | #define sk_X509_OBJECT_zero(st) SKM_sk_zero(X509_OBJECT, (st)) | ||
| 1234 | #define sk_X509_OBJECT_push(st, val) SKM_sk_push(X509_OBJECT, (st), (val)) | ||
| 1235 | #define sk_X509_OBJECT_unshift(st, val) SKM_sk_unshift(X509_OBJECT, (st), (val)) | ||
| 1236 | #define sk_X509_OBJECT_find(st, val) SKM_sk_find(X509_OBJECT, (st), (val)) | ||
| 1237 | #define sk_X509_OBJECT_delete(st, i) SKM_sk_delete(X509_OBJECT, (st), (i)) | ||
| 1238 | #define sk_X509_OBJECT_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_OBJECT, (st), (ptr)) | ||
| 1239 | #define sk_X509_OBJECT_insert(st, val, i) SKM_sk_insert(X509_OBJECT, (st), (val), (i)) | ||
| 1240 | #define sk_X509_OBJECT_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_OBJECT, (st), (cmp)) | ||
| 1241 | #define sk_X509_OBJECT_dup(st) SKM_sk_dup(X509_OBJECT, st) | ||
| 1242 | #define sk_X509_OBJECT_pop_free(st, free_func) SKM_sk_pop_free(X509_OBJECT, (st), (free_func)) | ||
| 1243 | #define sk_X509_OBJECT_shift(st) SKM_sk_shift(X509_OBJECT, (st)) | ||
| 1244 | #define sk_X509_OBJECT_pop(st) SKM_sk_pop(X509_OBJECT, (st)) | ||
| 1245 | #define sk_X509_OBJECT_sort(st) SKM_sk_sort(X509_OBJECT, (st)) | ||
| 1246 | |||
| 1247 | #define sk_X509_PURPOSE_new(st) SKM_sk_new(X509_PURPOSE, (st)) | ||
| 1248 | #define sk_X509_PURPOSE_new_null() SKM_sk_new_null(X509_PURPOSE) | ||
| 1249 | #define sk_X509_PURPOSE_free(st) SKM_sk_free(X509_PURPOSE, (st)) | ||
| 1250 | #define sk_X509_PURPOSE_num(st) SKM_sk_num(X509_PURPOSE, (st)) | ||
| 1251 | #define sk_X509_PURPOSE_value(st, i) SKM_sk_value(X509_PURPOSE, (st), (i)) | ||
| 1252 | #define sk_X509_PURPOSE_set(st, i, val) SKM_sk_set(X509_PURPOSE, (st), (i), (val)) | ||
| 1253 | #define sk_X509_PURPOSE_zero(st) SKM_sk_zero(X509_PURPOSE, (st)) | ||
| 1254 | #define sk_X509_PURPOSE_push(st, val) SKM_sk_push(X509_PURPOSE, (st), (val)) | ||
| 1255 | #define sk_X509_PURPOSE_unshift(st, val) SKM_sk_unshift(X509_PURPOSE, (st), (val)) | ||
| 1256 | #define sk_X509_PURPOSE_find(st, val) SKM_sk_find(X509_PURPOSE, (st), (val)) | ||
| 1257 | #define sk_X509_PURPOSE_delete(st, i) SKM_sk_delete(X509_PURPOSE, (st), (i)) | ||
| 1258 | #define sk_X509_PURPOSE_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_PURPOSE, (st), (ptr)) | ||
| 1259 | #define sk_X509_PURPOSE_insert(st, val, i) SKM_sk_insert(X509_PURPOSE, (st), (val), (i)) | ||
| 1260 | #define sk_X509_PURPOSE_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_PURPOSE, (st), (cmp)) | ||
| 1261 | #define sk_X509_PURPOSE_dup(st) SKM_sk_dup(X509_PURPOSE, st) | ||
| 1262 | #define sk_X509_PURPOSE_pop_free(st, free_func) SKM_sk_pop_free(X509_PURPOSE, (st), (free_func)) | ||
| 1263 | #define sk_X509_PURPOSE_shift(st) SKM_sk_shift(X509_PURPOSE, (st)) | ||
| 1264 | #define sk_X509_PURPOSE_pop(st) SKM_sk_pop(X509_PURPOSE, (st)) | ||
| 1265 | #define sk_X509_PURPOSE_sort(st) SKM_sk_sort(X509_PURPOSE, (st)) | ||
| 1266 | |||
| 1267 | #define sk_X509_REVOKED_new(st) SKM_sk_new(X509_REVOKED, (st)) | ||
| 1268 | #define sk_X509_REVOKED_new_null() SKM_sk_new_null(X509_REVOKED) | ||
| 1269 | #define sk_X509_REVOKED_free(st) SKM_sk_free(X509_REVOKED, (st)) | ||
| 1270 | #define sk_X509_REVOKED_num(st) SKM_sk_num(X509_REVOKED, (st)) | ||
| 1271 | #define sk_X509_REVOKED_value(st, i) SKM_sk_value(X509_REVOKED, (st), (i)) | ||
| 1272 | #define sk_X509_REVOKED_set(st, i, val) SKM_sk_set(X509_REVOKED, (st), (i), (val)) | ||
| 1273 | #define sk_X509_REVOKED_zero(st) SKM_sk_zero(X509_REVOKED, (st)) | ||
| 1274 | #define sk_X509_REVOKED_push(st, val) SKM_sk_push(X509_REVOKED, (st), (val)) | ||
| 1275 | #define sk_X509_REVOKED_unshift(st, val) SKM_sk_unshift(X509_REVOKED, (st), (val)) | ||
| 1276 | #define sk_X509_REVOKED_find(st, val) SKM_sk_find(X509_REVOKED, (st), (val)) | ||
| 1277 | #define sk_X509_REVOKED_delete(st, i) SKM_sk_delete(X509_REVOKED, (st), (i)) | ||
| 1278 | #define sk_X509_REVOKED_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_REVOKED, (st), (ptr)) | ||
| 1279 | #define sk_X509_REVOKED_insert(st, val, i) SKM_sk_insert(X509_REVOKED, (st), (val), (i)) | ||
| 1280 | #define sk_X509_REVOKED_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_REVOKED, (st), (cmp)) | ||
| 1281 | #define sk_X509_REVOKED_dup(st) SKM_sk_dup(X509_REVOKED, st) | ||
| 1282 | #define sk_X509_REVOKED_pop_free(st, free_func) SKM_sk_pop_free(X509_REVOKED, (st), (free_func)) | ||
| 1283 | #define sk_X509_REVOKED_shift(st) SKM_sk_shift(X509_REVOKED, (st)) | ||
| 1284 | #define sk_X509_REVOKED_pop(st) SKM_sk_pop(X509_REVOKED, (st)) | ||
| 1285 | #define sk_X509_REVOKED_sort(st) SKM_sk_sort(X509_REVOKED, (st)) | ||
| 1286 | |||
| 1287 | #define sk_X509_TRUST_new(st) SKM_sk_new(X509_TRUST, (st)) | ||
| 1288 | #define sk_X509_TRUST_new_null() SKM_sk_new_null(X509_TRUST) | ||
| 1289 | #define sk_X509_TRUST_free(st) SKM_sk_free(X509_TRUST, (st)) | ||
| 1290 | #define sk_X509_TRUST_num(st) SKM_sk_num(X509_TRUST, (st)) | ||
| 1291 | #define sk_X509_TRUST_value(st, i) SKM_sk_value(X509_TRUST, (st), (i)) | ||
| 1292 | #define sk_X509_TRUST_set(st, i, val) SKM_sk_set(X509_TRUST, (st), (i), (val)) | ||
| 1293 | #define sk_X509_TRUST_zero(st) SKM_sk_zero(X509_TRUST, (st)) | ||
| 1294 | #define sk_X509_TRUST_push(st, val) SKM_sk_push(X509_TRUST, (st), (val)) | ||
| 1295 | #define sk_X509_TRUST_unshift(st, val) SKM_sk_unshift(X509_TRUST, (st), (val)) | ||
| 1296 | #define sk_X509_TRUST_find(st, val) SKM_sk_find(X509_TRUST, (st), (val)) | ||
| 1297 | #define sk_X509_TRUST_delete(st, i) SKM_sk_delete(X509_TRUST, (st), (i)) | ||
| 1298 | #define sk_X509_TRUST_delete_ptr(st, ptr) SKM_sk_delete_ptr(X509_TRUST, (st), (ptr)) | ||
| 1299 | #define sk_X509_TRUST_insert(st, val, i) SKM_sk_insert(X509_TRUST, (st), (val), (i)) | ||
| 1300 | #define sk_X509_TRUST_set_cmp_func(st, cmp) SKM_sk_set_cmp_func(X509_TRUST, (st), (cmp)) | ||
| 1301 | #define sk_X509_TRUST_dup(st) SKM_sk_dup(X509_TRUST, st) | ||
| 1302 | #define sk_X509_TRUST_pop_free(st, free_func) SKM_sk_pop_free(X509_TRUST, (st), (free_func)) | ||
| 1303 | #define sk_X509_TRUST_shift(st) SKM_sk_shift(X509_TRUST, (st)) | ||
| 1304 | #define sk_X509_TRUST_pop(st) SKM_sk_pop(X509_TRUST, (st)) | ||
| 1305 | #define sk_X509_TRUST_sort(st) SKM_sk_sort(X509_TRUST, (st)) | ||
| 1306 | |||
| 1307 | #define d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1308 | SKM_ASN1_SET_OF_d2i(ACCESS_DESCRIPTION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1309 | #define i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1310 | SKM_ASN1_SET_OF_i2d(ACCESS_DESCRIPTION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1311 | #define ASN1_seq_pack_ACCESS_DESCRIPTION(st, i2d_func, buf, len) \ | ||
| 1312 | SKM_ASN1_seq_pack(ACCESS_DESCRIPTION, (st), (i2d_func), (buf), (len)) | ||
| 1313 | #define ASN1_seq_unpack_ACCESS_DESCRIPTION(buf, len, d2i_func, free_func) \ | ||
| 1314 | SKM_ASN1_seq_unpack(ACCESS_DESCRIPTION, (buf), (len), (d2i_func), (free_func)) | ||
| 1315 | |||
| 1316 | #define d2i_ASN1_SET_OF_ASN1_INTEGER(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1317 | SKM_ASN1_SET_OF_d2i(ASN1_INTEGER, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1318 | #define i2d_ASN1_SET_OF_ASN1_INTEGER(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1319 | SKM_ASN1_SET_OF_i2d(ASN1_INTEGER, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1320 | #define ASN1_seq_pack_ASN1_INTEGER(st, i2d_func, buf, len) \ | ||
| 1321 | SKM_ASN1_seq_pack(ASN1_INTEGER, (st), (i2d_func), (buf), (len)) | ||
| 1322 | #define ASN1_seq_unpack_ASN1_INTEGER(buf, len, d2i_func, free_func) \ | ||
| 1323 | SKM_ASN1_seq_unpack(ASN1_INTEGER, (buf), (len), (d2i_func), (free_func)) | ||
| 1324 | |||
| 1325 | #define d2i_ASN1_SET_OF_ASN1_OBJECT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1326 | SKM_ASN1_SET_OF_d2i(ASN1_OBJECT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1327 | #define i2d_ASN1_SET_OF_ASN1_OBJECT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1328 | SKM_ASN1_SET_OF_i2d(ASN1_OBJECT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1329 | #define ASN1_seq_pack_ASN1_OBJECT(st, i2d_func, buf, len) \ | ||
| 1330 | SKM_ASN1_seq_pack(ASN1_OBJECT, (st), (i2d_func), (buf), (len)) | ||
| 1331 | #define ASN1_seq_unpack_ASN1_OBJECT(buf, len, d2i_func, free_func) \ | ||
| 1332 | SKM_ASN1_seq_unpack(ASN1_OBJECT, (buf), (len), (d2i_func), (free_func)) | ||
| 1333 | |||
| 1334 | #define d2i_ASN1_SET_OF_ASN1_TYPE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1335 | SKM_ASN1_SET_OF_d2i(ASN1_TYPE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1336 | #define i2d_ASN1_SET_OF_ASN1_TYPE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1337 | SKM_ASN1_SET_OF_i2d(ASN1_TYPE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1338 | #define ASN1_seq_pack_ASN1_TYPE(st, i2d_func, buf, len) \ | ||
| 1339 | SKM_ASN1_seq_pack(ASN1_TYPE, (st), (i2d_func), (buf), (len)) | ||
| 1340 | #define ASN1_seq_unpack_ASN1_TYPE(buf, len, d2i_func, free_func) \ | ||
| 1341 | SKM_ASN1_seq_unpack(ASN1_TYPE, (buf), (len), (d2i_func), (free_func)) | ||
| 1342 | |||
| 1343 | #define d2i_ASN1_SET_OF_DIST_POINT(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1344 | SKM_ASN1_SET_OF_d2i(DIST_POINT, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1345 | #define i2d_ASN1_SET_OF_DIST_POINT(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1346 | SKM_ASN1_SET_OF_i2d(DIST_POINT, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1347 | #define ASN1_seq_pack_DIST_POINT(st, i2d_func, buf, len) \ | ||
| 1348 | SKM_ASN1_seq_pack(DIST_POINT, (st), (i2d_func), (buf), (len)) | ||
| 1349 | #define ASN1_seq_unpack_DIST_POINT(buf, len, d2i_func, free_func) \ | ||
| 1350 | SKM_ASN1_seq_unpack(DIST_POINT, (buf), (len), (d2i_func), (free_func)) | ||
| 1351 | |||
| 1352 | #define d2i_ASN1_SET_OF_GENERAL_NAME(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1353 | SKM_ASN1_SET_OF_d2i(GENERAL_NAME, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1354 | #define i2d_ASN1_SET_OF_GENERAL_NAME(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1355 | SKM_ASN1_SET_OF_i2d(GENERAL_NAME, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1356 | #define ASN1_seq_pack_GENERAL_NAME(st, i2d_func, buf, len) \ | ||
| 1357 | SKM_ASN1_seq_pack(GENERAL_NAME, (st), (i2d_func), (buf), (len)) | ||
| 1358 | #define ASN1_seq_unpack_GENERAL_NAME(buf, len, d2i_func, free_func) \ | ||
| 1359 | SKM_ASN1_seq_unpack(GENERAL_NAME, (buf), (len), (d2i_func), (free_func)) | ||
| 1360 | |||
| 1361 | #define d2i_ASN1_SET_OF_OCSP_ONEREQ(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1362 | SKM_ASN1_SET_OF_d2i(OCSP_ONEREQ, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1363 | #define i2d_ASN1_SET_OF_OCSP_ONEREQ(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1364 | SKM_ASN1_SET_OF_i2d(OCSP_ONEREQ, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1365 | #define ASN1_seq_pack_OCSP_ONEREQ(st, i2d_func, buf, len) \ | ||
| 1366 | SKM_ASN1_seq_pack(OCSP_ONEREQ, (st), (i2d_func), (buf), (len)) | ||
| 1367 | #define ASN1_seq_unpack_OCSP_ONEREQ(buf, len, d2i_func, free_func) \ | ||
| 1368 | SKM_ASN1_seq_unpack(OCSP_ONEREQ, (buf), (len), (d2i_func), (free_func)) | ||
| 1369 | |||
| 1370 | #define d2i_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1371 | SKM_ASN1_SET_OF_d2i(OCSP_SINGLERESP, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1372 | #define i2d_ASN1_SET_OF_OCSP_SINGLERESP(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1373 | SKM_ASN1_SET_OF_i2d(OCSP_SINGLERESP, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1374 | #define ASN1_seq_pack_OCSP_SINGLERESP(st, i2d_func, buf, len) \ | ||
| 1375 | SKM_ASN1_seq_pack(OCSP_SINGLERESP, (st), (i2d_func), (buf), (len)) | ||
| 1376 | #define ASN1_seq_unpack_OCSP_SINGLERESP(buf, len, d2i_func, free_func) \ | ||
| 1377 | SKM_ASN1_seq_unpack(OCSP_SINGLERESP, (buf), (len), (d2i_func), (free_func)) | ||
| 1378 | |||
| 1379 | #define d2i_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1380 | SKM_ASN1_SET_OF_d2i(PKCS12_SAFEBAG, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1381 | #define i2d_ASN1_SET_OF_PKCS12_SAFEBAG(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1382 | SKM_ASN1_SET_OF_i2d(PKCS12_SAFEBAG, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1383 | #define ASN1_seq_pack_PKCS12_SAFEBAG(st, i2d_func, buf, len) \ | ||
| 1384 | SKM_ASN1_seq_pack(PKCS12_SAFEBAG, (st), (i2d_func), (buf), (len)) | ||
| 1385 | #define ASN1_seq_unpack_PKCS12_SAFEBAG(buf, len, d2i_func, free_func) \ | ||
| 1386 | SKM_ASN1_seq_unpack(PKCS12_SAFEBAG, (buf), (len), (d2i_func), (free_func)) | ||
| 1387 | |||
| 1388 | #define d2i_ASN1_SET_OF_PKCS7(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1389 | SKM_ASN1_SET_OF_d2i(PKCS7, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1390 | #define i2d_ASN1_SET_OF_PKCS7(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1391 | SKM_ASN1_SET_OF_i2d(PKCS7, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1392 | #define ASN1_seq_pack_PKCS7(st, i2d_func, buf, len) \ | ||
| 1393 | SKM_ASN1_seq_pack(PKCS7, (st), (i2d_func), (buf), (len)) | ||
| 1394 | #define ASN1_seq_unpack_PKCS7(buf, len, d2i_func, free_func) \ | ||
| 1395 | SKM_ASN1_seq_unpack(PKCS7, (buf), (len), (d2i_func), (free_func)) | ||
| 1396 | |||
| 1397 | #define d2i_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1398 | SKM_ASN1_SET_OF_d2i(PKCS7_RECIP_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1399 | #define i2d_ASN1_SET_OF_PKCS7_RECIP_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1400 | SKM_ASN1_SET_OF_i2d(PKCS7_RECIP_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1401 | #define ASN1_seq_pack_PKCS7_RECIP_INFO(st, i2d_func, buf, len) \ | ||
| 1402 | SKM_ASN1_seq_pack(PKCS7_RECIP_INFO, (st), (i2d_func), (buf), (len)) | ||
| 1403 | #define ASN1_seq_unpack_PKCS7_RECIP_INFO(buf, len, d2i_func, free_func) \ | ||
| 1404 | SKM_ASN1_seq_unpack(PKCS7_RECIP_INFO, (buf), (len), (d2i_func), (free_func)) | ||
| 1405 | |||
| 1406 | #define d2i_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1407 | SKM_ASN1_SET_OF_d2i(PKCS7_SIGNER_INFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1408 | #define i2d_ASN1_SET_OF_PKCS7_SIGNER_INFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1409 | SKM_ASN1_SET_OF_i2d(PKCS7_SIGNER_INFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1410 | #define ASN1_seq_pack_PKCS7_SIGNER_INFO(st, i2d_func, buf, len) \ | ||
| 1411 | SKM_ASN1_seq_pack(PKCS7_SIGNER_INFO, (st), (i2d_func), (buf), (len)) | ||
| 1412 | #define ASN1_seq_unpack_PKCS7_SIGNER_INFO(buf, len, d2i_func, free_func) \ | ||
| 1413 | SKM_ASN1_seq_unpack(PKCS7_SIGNER_INFO, (buf), (len), (d2i_func), (free_func)) | ||
| 1414 | |||
| 1415 | #define d2i_ASN1_SET_OF_POLICYINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1416 | SKM_ASN1_SET_OF_d2i(POLICYINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1417 | #define i2d_ASN1_SET_OF_POLICYINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1418 | SKM_ASN1_SET_OF_i2d(POLICYINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1419 | #define ASN1_seq_pack_POLICYINFO(st, i2d_func, buf, len) \ | ||
| 1420 | SKM_ASN1_seq_pack(POLICYINFO, (st), (i2d_func), (buf), (len)) | ||
| 1421 | #define ASN1_seq_unpack_POLICYINFO(buf, len, d2i_func, free_func) \ | ||
| 1422 | SKM_ASN1_seq_unpack(POLICYINFO, (buf), (len), (d2i_func), (free_func)) | ||
| 1423 | |||
| 1424 | #define d2i_ASN1_SET_OF_POLICYQUALINFO(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1425 | SKM_ASN1_SET_OF_d2i(POLICYQUALINFO, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1426 | #define i2d_ASN1_SET_OF_POLICYQUALINFO(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1427 | SKM_ASN1_SET_OF_i2d(POLICYQUALINFO, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1428 | #define ASN1_seq_pack_POLICYQUALINFO(st, i2d_func, buf, len) \ | ||
| 1429 | SKM_ASN1_seq_pack(POLICYQUALINFO, (st), (i2d_func), (buf), (len)) | ||
| 1430 | #define ASN1_seq_unpack_POLICYQUALINFO(buf, len, d2i_func, free_func) \ | ||
| 1431 | SKM_ASN1_seq_unpack(POLICYQUALINFO, (buf), (len), (d2i_func), (free_func)) | ||
| 1432 | |||
| 1433 | #define d2i_ASN1_SET_OF_SXNETID(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1434 | SKM_ASN1_SET_OF_d2i(SXNETID, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1435 | #define i2d_ASN1_SET_OF_SXNETID(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1436 | SKM_ASN1_SET_OF_i2d(SXNETID, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1437 | #define ASN1_seq_pack_SXNETID(st, i2d_func, buf, len) \ | ||
| 1438 | SKM_ASN1_seq_pack(SXNETID, (st), (i2d_func), (buf), (len)) | ||
| 1439 | #define ASN1_seq_unpack_SXNETID(buf, len, d2i_func, free_func) \ | ||
| 1440 | SKM_ASN1_seq_unpack(SXNETID, (buf), (len), (d2i_func), (free_func)) | ||
| 1441 | |||
| 1442 | #define d2i_ASN1_SET_OF_X509(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1443 | SKM_ASN1_SET_OF_d2i(X509, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1444 | #define i2d_ASN1_SET_OF_X509(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1445 | SKM_ASN1_SET_OF_i2d(X509, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1446 | #define ASN1_seq_pack_X509(st, i2d_func, buf, len) \ | ||
| 1447 | SKM_ASN1_seq_pack(X509, (st), (i2d_func), (buf), (len)) | ||
| 1448 | #define ASN1_seq_unpack_X509(buf, len, d2i_func, free_func) \ | ||
| 1449 | SKM_ASN1_seq_unpack(X509, (buf), (len), (d2i_func), (free_func)) | ||
| 1450 | |||
| 1451 | #define d2i_ASN1_SET_OF_X509_ALGOR(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1452 | SKM_ASN1_SET_OF_d2i(X509_ALGOR, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1453 | #define i2d_ASN1_SET_OF_X509_ALGOR(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1454 | SKM_ASN1_SET_OF_i2d(X509_ALGOR, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1455 | #define ASN1_seq_pack_X509_ALGOR(st, i2d_func, buf, len) \ | ||
| 1456 | SKM_ASN1_seq_pack(X509_ALGOR, (st), (i2d_func), (buf), (len)) | ||
| 1457 | #define ASN1_seq_unpack_X509_ALGOR(buf, len, d2i_func, free_func) \ | ||
| 1458 | SKM_ASN1_seq_unpack(X509_ALGOR, (buf), (len), (d2i_func), (free_func)) | ||
| 1459 | |||
| 1460 | #define d2i_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1461 | SKM_ASN1_SET_OF_d2i(X509_ATTRIBUTE, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1462 | #define i2d_ASN1_SET_OF_X509_ATTRIBUTE(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1463 | SKM_ASN1_SET_OF_i2d(X509_ATTRIBUTE, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1464 | #define ASN1_seq_pack_X509_ATTRIBUTE(st, i2d_func, buf, len) \ | ||
| 1465 | SKM_ASN1_seq_pack(X509_ATTRIBUTE, (st), (i2d_func), (buf), (len)) | ||
| 1466 | #define ASN1_seq_unpack_X509_ATTRIBUTE(buf, len, d2i_func, free_func) \ | ||
| 1467 | SKM_ASN1_seq_unpack(X509_ATTRIBUTE, (buf), (len), (d2i_func), (free_func)) | ||
| 1468 | |||
| 1469 | #define d2i_ASN1_SET_OF_X509_CRL(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1470 | SKM_ASN1_SET_OF_d2i(X509_CRL, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1471 | #define i2d_ASN1_SET_OF_X509_CRL(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1472 | SKM_ASN1_SET_OF_i2d(X509_CRL, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1473 | #define ASN1_seq_pack_X509_CRL(st, i2d_func, buf, len) \ | ||
| 1474 | SKM_ASN1_seq_pack(X509_CRL, (st), (i2d_func), (buf), (len)) | ||
| 1475 | #define ASN1_seq_unpack_X509_CRL(buf, len, d2i_func, free_func) \ | ||
| 1476 | SKM_ASN1_seq_unpack(X509_CRL, (buf), (len), (d2i_func), (free_func)) | ||
| 1477 | |||
| 1478 | #define d2i_ASN1_SET_OF_X509_EXTENSION(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1479 | SKM_ASN1_SET_OF_d2i(X509_EXTENSION, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1480 | #define i2d_ASN1_SET_OF_X509_EXTENSION(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1481 | SKM_ASN1_SET_OF_i2d(X509_EXTENSION, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1482 | #define ASN1_seq_pack_X509_EXTENSION(st, i2d_func, buf, len) \ | ||
| 1483 | SKM_ASN1_seq_pack(X509_EXTENSION, (st), (i2d_func), (buf), (len)) | ||
| 1484 | #define ASN1_seq_unpack_X509_EXTENSION(buf, len, d2i_func, free_func) \ | ||
| 1485 | SKM_ASN1_seq_unpack(X509_EXTENSION, (buf), (len), (d2i_func), (free_func)) | ||
| 1486 | |||
| 1487 | #define d2i_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1488 | SKM_ASN1_SET_OF_d2i(X509_NAME_ENTRY, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1489 | #define i2d_ASN1_SET_OF_X509_NAME_ENTRY(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1490 | SKM_ASN1_SET_OF_i2d(X509_NAME_ENTRY, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1491 | #define ASN1_seq_pack_X509_NAME_ENTRY(st, i2d_func, buf, len) \ | ||
| 1492 | SKM_ASN1_seq_pack(X509_NAME_ENTRY, (st), (i2d_func), (buf), (len)) | ||
| 1493 | #define ASN1_seq_unpack_X509_NAME_ENTRY(buf, len, d2i_func, free_func) \ | ||
| 1494 | SKM_ASN1_seq_unpack(X509_NAME_ENTRY, (buf), (len), (d2i_func), (free_func)) | ||
| 1495 | |||
| 1496 | #define d2i_ASN1_SET_OF_X509_REVOKED(st, pp, length, d2i_func, free_func, ex_tag, ex_class) \ | ||
| 1497 | SKM_ASN1_SET_OF_d2i(X509_REVOKED, (st), (pp), (length), (d2i_func), (free_func), (ex_tag), (ex_class)) | ||
| 1498 | #define i2d_ASN1_SET_OF_X509_REVOKED(st, pp, i2d_func, ex_tag, ex_class, is_set) \ | ||
| 1499 | SKM_ASN1_SET_OF_i2d(X509_REVOKED, (st), (pp), (i2d_func), (ex_tag), (ex_class), (is_set)) | ||
| 1500 | #define ASN1_seq_pack_X509_REVOKED(st, i2d_func, buf, len) \ | ||
| 1501 | SKM_ASN1_seq_pack(X509_REVOKED, (st), (i2d_func), (buf), (len)) | ||
| 1502 | #define ASN1_seq_unpack_X509_REVOKED(buf, len, d2i_func, free_func) \ | ||
| 1503 | SKM_ASN1_seq_unpack(X509_REVOKED, (buf), (len), (d2i_func), (free_func)) | ||
| 1504 | |||
| 1505 | #define PKCS12_decrypt_d2i_PKCS12_SAFEBAG(algor, d2i_func, free_func, pass, passlen, oct, seq) \ | ||
| 1506 | SKM_PKCS12_decrypt_d2i(PKCS12_SAFEBAG, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) | ||
| 1507 | |||
| 1508 | #define PKCS12_decrypt_d2i_PKCS7(algor, d2i_func, free_func, pass, passlen, oct, seq) \ | ||
| 1509 | SKM_PKCS12_decrypt_d2i(PKCS7, (algor), (d2i_func), (free_func), (pass), (passlen), (oct), (seq)) | ||
| 1510 | /* End of util/mkstack.pl block, you may now edit :-) */ | ||
| 1511 | |||
| 1512 | #endif /* !defined HEADER_SAFESTACK_H */ | ||
diff --git a/src/lib/libcrypto/stack/stack.c b/src/lib/libcrypto/stack/stack.c index 610ccbb756..2496f28a8c 100644 --- a/src/lib/libcrypto/stack/stack.c +++ b/src/lib/libcrypto/stack/stack.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | /* Code for stacks | 59 | /* Code for stacks |
| 60 | * Author - Eric Young v 1.0 | 60 | * Author - Eric Young v 1.0 |
| 61 | * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the | 61 | * 1.2 eay 12-Mar-97 - Modified sk_find so that it _DOES_ return the |
| 62 | * lowest index for the seached item. | 62 | * lowest index for the searched item. |
| 63 | * | 63 | * |
| 64 | * 1.1 eay - Take from netdb and added to SSLeay | 64 | * 1.1 eay - Take from netdb and added to SSLeay |
| 65 | * | 65 | * |
| @@ -67,38 +67,34 @@ | |||
| 67 | */ | 67 | */ |
| 68 | #include <stdio.h> | 68 | #include <stdio.h> |
| 69 | #include "cryptlib.h" | 69 | #include "cryptlib.h" |
| 70 | #include "stack.h" | 70 | #include <openssl/stack.h> |
| 71 | 71 | ||
| 72 | #undef MIN_NODES | 72 | #undef MIN_NODES |
| 73 | #define MIN_NODES 4 | 73 | #define MIN_NODES 4 |
| 74 | 74 | ||
| 75 | char *STACK_version="STACK part of SSLeay 0.9.0b 29-Jun-1998"; | 75 | const char *STACK_version="Stack" OPENSSL_VERSION_PTEXT; |
| 76 | |||
| 77 | #ifndef NOPROTO | ||
| 78 | #define FP_ICC (int (*)(const void *,const void *)) | ||
| 79 | #else | ||
| 80 | #define FP_ICC | ||
| 81 | #endif | ||
| 82 | 76 | ||
| 83 | #include <errno.h> | 77 | #include <errno.h> |
| 84 | 78 | ||
| 85 | void sk_set_cmp_func(sk,c) | 79 | int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *,const char * const *))) |
| 86 | STACK *sk; | 80 | (const char * const *, const char * const *) |
| 87 | int (*c)(); | ||
| 88 | { | 81 | { |
| 82 | int (*old)(const char * const *,const char * const *)=sk->comp; | ||
| 83 | |||
| 89 | if (sk->comp != c) | 84 | if (sk->comp != c) |
| 90 | sk->sorted=0; | 85 | sk->sorted=0; |
| 91 | sk->comp=c; | 86 | sk->comp=c; |
| 87 | |||
| 88 | return old; | ||
| 92 | } | 89 | } |
| 93 | 90 | ||
| 94 | STACK *sk_dup(sk) | 91 | STACK *sk_dup(STACK *sk) |
| 95 | STACK *sk; | ||
| 96 | { | 92 | { |
| 97 | STACK *ret; | 93 | STACK *ret; |
| 98 | char **s; | 94 | char **s; |
| 99 | 95 | ||
| 100 | if ((ret=sk_new(sk->comp)) == NULL) goto err; | 96 | if ((ret=sk_new(sk->comp)) == NULL) goto err; |
| 101 | s=(char **)Realloc((char *)ret->data, | 97 | s=(char **)OPENSSL_realloc((char *)ret->data, |
| 102 | (unsigned int)sizeof(char *)*sk->num_alloc); | 98 | (unsigned int)sizeof(char *)*sk->num_alloc); |
| 103 | if (s == NULL) goto err; | 99 | if (s == NULL) goto err; |
| 104 | ret->data=s; | 100 | ret->data=s; |
| @@ -110,19 +106,25 @@ STACK *sk; | |||
| 110 | ret->comp=sk->comp; | 106 | ret->comp=sk->comp; |
| 111 | return(ret); | 107 | return(ret); |
| 112 | err: | 108 | err: |
| 109 | if(ret) | ||
| 110 | sk_free(ret); | ||
| 113 | return(NULL); | 111 | return(NULL); |
| 114 | } | 112 | } |
| 115 | 113 | ||
| 116 | STACK *sk_new(c) | 114 | STACK *sk_new_null(void) |
| 117 | int (*c)(); | 115 | { |
| 116 | return sk_new((int (*)(const char * const *, const char * const *))0); | ||
| 117 | } | ||
| 118 | |||
| 119 | STACK *sk_new(int (*c)(const char * const *, const char * const *)) | ||
| 118 | { | 120 | { |
| 119 | STACK *ret; | 121 | STACK *ret; |
| 120 | int i; | 122 | int i; |
| 121 | 123 | ||
| 122 | if ((ret=(STACK *)Malloc(sizeof(STACK))) == NULL) | 124 | if ((ret=(STACK *)OPENSSL_malloc(sizeof(STACK))) == NULL) |
| 123 | goto err0; | 125 | goto err; |
| 124 | if ((ret->data=(char **)Malloc(sizeof(char *)*MIN_NODES)) == NULL) | 126 | if ((ret->data=(char **)OPENSSL_malloc(sizeof(char *)*MIN_NODES)) == NULL) |
| 125 | goto err1; | 127 | goto err; |
| 126 | for (i=0; i<MIN_NODES; i++) | 128 | for (i=0; i<MIN_NODES; i++) |
| 127 | ret->data[i]=NULL; | 129 | ret->data[i]=NULL; |
| 128 | ret->comp=c; | 130 | ret->comp=c; |
| @@ -130,22 +132,20 @@ int (*c)(); | |||
| 130 | ret->num=0; | 132 | ret->num=0; |
| 131 | ret->sorted=0; | 133 | ret->sorted=0; |
| 132 | return(ret); | 134 | return(ret); |
| 133 | err1: | 135 | err: |
| 134 | Free((char *)ret); | 136 | if(ret) |
| 135 | err0: | 137 | OPENSSL_free(ret); |
| 136 | return(NULL); | 138 | return(NULL); |
| 137 | } | 139 | } |
| 138 | 140 | ||
| 139 | int sk_insert(st,data,loc) | 141 | int sk_insert(STACK *st, char *data, int loc) |
| 140 | STACK *st; | ||
| 141 | char *data; | ||
| 142 | int loc; | ||
| 143 | { | 142 | { |
| 144 | char **s; | 143 | char **s; |
| 145 | 144 | ||
| 145 | if(st == NULL) return 0; | ||
| 146 | if (st->num_alloc <= st->num+1) | 146 | if (st->num_alloc <= st->num+1) |
| 147 | { | 147 | { |
| 148 | s=(char **)Realloc((char *)st->data, | 148 | s=(char **)OPENSSL_realloc((char *)st->data, |
| 149 | (unsigned int)sizeof(char *)*st->num_alloc*2); | 149 | (unsigned int)sizeof(char *)*st->num_alloc*2); |
| 150 | if (s == NULL) | 150 | if (s == NULL) |
| 151 | return(0); | 151 | return(0); |
| @@ -161,7 +161,7 @@ int loc; | |||
| 161 | 161 | ||
| 162 | f=(char **)st->data; | 162 | f=(char **)st->data; |
| 163 | t=(char **)&(st->data[1]); | 163 | t=(char **)&(st->data[1]); |
| 164 | for (i=st->num; i>loc; i--) | 164 | for (i=st->num; i>=loc; i--) |
| 165 | t[i]=f[i]; | 165 | t[i]=f[i]; |
| 166 | 166 | ||
| 167 | #ifdef undef /* no memmove on sunos :-( */ | 167 | #ifdef undef /* no memmove on sunos :-( */ |
| @@ -176,9 +176,7 @@ int loc; | |||
| 176 | return(st->num); | 176 | return(st->num); |
| 177 | } | 177 | } |
| 178 | 178 | ||
| 179 | char *sk_delete_ptr(st,p) | 179 | char *sk_delete_ptr(STACK *st, char *p) |
| 180 | STACK *st; | ||
| 181 | char *p; | ||
| 182 | { | 180 | { |
| 183 | int i; | 181 | int i; |
| 184 | 182 | ||
| @@ -188,14 +186,13 @@ char *p; | |||
| 188 | return(NULL); | 186 | return(NULL); |
| 189 | } | 187 | } |
| 190 | 188 | ||
| 191 | char *sk_delete(st,loc) | 189 | char *sk_delete(STACK *st, int loc) |
| 192 | STACK *st; | ||
| 193 | int loc; | ||
| 194 | { | 190 | { |
| 195 | char *ret; | 191 | char *ret; |
| 196 | int i,j; | 192 | int i,j; |
| 197 | 193 | ||
| 198 | if ((st->num == 0) || (loc < 0) || (loc >= st->num)) return(NULL); | 194 | if ((st == NULL) || (st->num == 0) || (loc < 0) |
| 195 | || (loc >= st->num)) return(NULL); | ||
| 199 | 196 | ||
| 200 | ret=st->data[loc]; | 197 | ret=st->data[loc]; |
| 201 | if (loc != st->num-1) | 198 | if (loc != st->num-1) |
| @@ -213,13 +210,12 @@ int loc; | |||
| 213 | return(ret); | 210 | return(ret); |
| 214 | } | 211 | } |
| 215 | 212 | ||
| 216 | int sk_find(st,data) | 213 | int sk_find(STACK *st, char *data) |
| 217 | STACK *st; | ||
| 218 | char *data; | ||
| 219 | { | 214 | { |
| 220 | char **r; | 215 | char **r; |
| 221 | int i; | 216 | int i; |
| 222 | int (*comp_func)(); | 217 | int (*comp_func)(const void *,const void *); |
| 218 | if(st == NULL) return -1; | ||
| 223 | 219 | ||
| 224 | if (st->comp == NULL) | 220 | if (st->comp == NULL) |
| 225 | { | 221 | { |
| @@ -228,55 +224,55 @@ char *data; | |||
| 228 | return(i); | 224 | return(i); |
| 229 | return(-1); | 225 | return(-1); |
| 230 | } | 226 | } |
| 231 | comp_func=(int (*)())st->comp; | 227 | sk_sort(st); |
| 232 | if (!st->sorted) | ||
| 233 | { | ||
| 234 | qsort((char *)st->data,st->num,sizeof(char *),FP_ICC comp_func); | ||
| 235 | st->sorted=1; | ||
| 236 | } | ||
| 237 | if (data == NULL) return(-1); | 228 | if (data == NULL) return(-1); |
| 229 | /* This (and the "qsort" below) are the two places in OpenSSL | ||
| 230 | * where we need to convert from our standard (type **,type **) | ||
| 231 | * compare callback type to the (void *,void *) type required by | ||
| 232 | * bsearch. However, the "data" it is being called(back) with are | ||
| 233 | * not (type *) pointers, but the *pointers* to (type *) pointers, | ||
| 234 | * so we get our extra level of pointer dereferencing that way. */ | ||
| 235 | comp_func=(int (*)(const void *,const void *))(st->comp); | ||
| 238 | r=(char **)bsearch(&data,(char *)st->data, | 236 | r=(char **)bsearch(&data,(char *)st->data, |
| 239 | st->num,sizeof(char *),FP_ICC comp_func); | 237 | st->num,sizeof(char *), comp_func); |
| 240 | if (r == NULL) return(-1); | 238 | if (r == NULL) return(-1); |
| 241 | i=(int)(r-st->data); | 239 | i=(int)(r-st->data); |
| 242 | for ( ; i>0; i--) | 240 | for ( ; i>0; i--) |
| 243 | if ((*st->comp)(&(st->data[i-1]),&data) < 0) | 241 | /* This needs a cast because the type being pointed to from |
| 242 | * the "&" expressions are (char *) rather than (const char *). | ||
| 243 | * For an explanation, read: | ||
| 244 | * http://www.eskimo.com/~scs/C-faq/q11.10.html :-) */ | ||
| 245 | if ((*st->comp)((const char * const *)&(st->data[i-1]), | ||
| 246 | (const char * const *)&data) < 0) | ||
| 244 | break; | 247 | break; |
| 245 | return(i); | 248 | return(i); |
| 246 | } | 249 | } |
| 247 | 250 | ||
| 248 | int sk_push(st,data) | 251 | int sk_push(STACK *st, char *data) |
| 249 | STACK *st; | ||
| 250 | char *data; | ||
| 251 | { | 252 | { |
| 252 | return(sk_insert(st,data,st->num)); | 253 | return(sk_insert(st,data,st->num)); |
| 253 | } | 254 | } |
| 254 | 255 | ||
| 255 | int sk_unshift(st,data) | 256 | int sk_unshift(STACK *st, char *data) |
| 256 | STACK *st; | ||
| 257 | char *data; | ||
| 258 | { | 257 | { |
| 259 | return(sk_insert(st,data,0)); | 258 | return(sk_insert(st,data,0)); |
| 260 | } | 259 | } |
| 261 | 260 | ||
| 262 | char *sk_shift(st) | 261 | char *sk_shift(STACK *st) |
| 263 | STACK *st; | ||
| 264 | { | 262 | { |
| 265 | if (st == NULL) return(NULL); | 263 | if (st == NULL) return(NULL); |
| 266 | if (st->num <= 0) return(NULL); | 264 | if (st->num <= 0) return(NULL); |
| 267 | return(sk_delete(st,0)); | 265 | return(sk_delete(st,0)); |
| 268 | } | 266 | } |
| 269 | 267 | ||
| 270 | char *sk_pop(st) | 268 | char *sk_pop(STACK *st) |
| 271 | STACK *st; | ||
| 272 | { | 269 | { |
| 273 | if (st == NULL) return(NULL); | 270 | if (st == NULL) return(NULL); |
| 274 | if (st->num <= 0) return(NULL); | 271 | if (st->num <= 0) return(NULL); |
| 275 | return(sk_delete(st,st->num-1)); | 272 | return(sk_delete(st,st->num-1)); |
| 276 | } | 273 | } |
| 277 | 274 | ||
| 278 | void sk_zero(st) | 275 | void sk_zero(STACK *st) |
| 279 | STACK *st; | ||
| 280 | { | 276 | { |
| 281 | if (st == NULL) return; | 277 | if (st == NULL) return; |
| 282 | if (st->num <= 0) return; | 278 | if (st->num <= 0) return; |
| @@ -284,9 +280,7 @@ STACK *st; | |||
| 284 | st->num=0; | 280 | st->num=0; |
| 285 | } | 281 | } |
| 286 | 282 | ||
| 287 | void sk_pop_free(st,func) | 283 | void sk_pop_free(STACK *st, void (*func)(void *)) |
| 288 | STACK *st; | ||
| 289 | void (*func)(); | ||
| 290 | { | 284 | { |
| 291 | int i; | 285 | int i; |
| 292 | 286 | ||
| @@ -297,11 +291,44 @@ void (*func)(); | |||
| 297 | sk_free(st); | 291 | sk_free(st); |
| 298 | } | 292 | } |
| 299 | 293 | ||
| 300 | void sk_free(st) | 294 | void sk_free(STACK *st) |
| 301 | STACK *st; | ||
| 302 | { | 295 | { |
| 303 | if (st == NULL) return; | 296 | if (st == NULL) return; |
| 304 | if (st->data != NULL) Free((char *)st->data); | 297 | if (st->data != NULL) OPENSSL_free(st->data); |
| 305 | Free((char *)st); | 298 | OPENSSL_free(st); |
| 306 | } | 299 | } |
| 307 | 300 | ||
| 301 | int sk_num(const STACK *st) | ||
| 302 | { | ||
| 303 | if(st == NULL) return -1; | ||
| 304 | return st->num; | ||
| 305 | } | ||
| 306 | |||
| 307 | char *sk_value(const STACK *st, int i) | ||
| 308 | { | ||
| 309 | if(st == NULL) return NULL; | ||
| 310 | return st->data[i]; | ||
| 311 | } | ||
| 312 | |||
| 313 | char *sk_set(STACK *st, int i, char *value) | ||
| 314 | { | ||
| 315 | if(st == NULL) return NULL; | ||
| 316 | return (st->data[i] = value); | ||
| 317 | } | ||
| 318 | |||
| 319 | void sk_sort(STACK *st) | ||
| 320 | { | ||
| 321 | if (st && !st->sorted) | ||
| 322 | { | ||
| 323 | int (*comp_func)(const void *,const void *); | ||
| 324 | |||
| 325 | /* same comment as in sk_find ... previously st->comp was declared | ||
| 326 | * as a (void*,void*) callback type, but this made the population | ||
| 327 | * of the callback pointer illogical - our callbacks compare | ||
| 328 | * type** with type**, so we leave the casting until absolutely | ||
| 329 | * necessary (ie. "now"). */ | ||
| 330 | comp_func=(int (*)(const void *,const void *))(st->comp); | ||
| 331 | qsort(st->data,st->num,sizeof(char *), comp_func); | ||
| 332 | st->sorted=1; | ||
| 333 | } | ||
| 334 | } | ||
diff --git a/src/lib/libcrypto/stack/stack.h b/src/lib/libcrypto/stack/stack.h index 615eb6ff94..8b436ca4b9 100644 --- a/src/lib/libcrypto/stack/stack.h +++ b/src/lib/libcrypto/stack/stack.h | |||
| @@ -70,18 +70,21 @@ typedef struct stack_st | |||
| 70 | int sorted; | 70 | int sorted; |
| 71 | 71 | ||
| 72 | int num_alloc; | 72 | int num_alloc; |
| 73 | int (*comp)(); | 73 | int (*comp)(const char * const *, const char * const *); |
| 74 | } STACK; | 74 | } STACK; |
| 75 | 75 | ||
| 76 | #define sk_num(sk) ((sk)->num) | 76 | #define M_sk_num(sk) ((sk) ? (sk)->num:-1) |
| 77 | #define sk_value(sk,n) ((sk)->data[n]) | 77 | #define M_sk_value(sk,n) ((sk) ? (sk)->data[n] : NULL) |
| 78 | 78 | ||
| 79 | #define sk_new_null() sk_new(NULL) | 79 | int sk_num(const STACK *); |
| 80 | #ifndef NOPROTO | 80 | char *sk_value(const STACK *, int); |
| 81 | 81 | ||
| 82 | STACK *sk_new(int (*cmp)()); | 82 | char *sk_set(STACK *, int, char *); |
| 83 | |||
| 84 | STACK *sk_new(int (*cmp)(const char * const *, const char * const *)); | ||
| 85 | STACK *sk_new_null(void); | ||
| 83 | void sk_free(STACK *); | 86 | void sk_free(STACK *); |
| 84 | void sk_pop_free(STACK *st, void (*func)()); | 87 | void sk_pop_free(STACK *st, void (*func)(void *)); |
| 85 | int sk_insert(STACK *sk,char *data,int where); | 88 | int sk_insert(STACK *sk,char *data,int where); |
| 86 | char *sk_delete(STACK *st,int loc); | 89 | char *sk_delete(STACK *st,int loc); |
| 87 | char *sk_delete_ptr(STACK *st, char *p); | 90 | char *sk_delete_ptr(STACK *st, char *p); |
| @@ -91,27 +94,11 @@ int sk_unshift(STACK *st,char *data); | |||
| 91 | char *sk_shift(STACK *st); | 94 | char *sk_shift(STACK *st); |
| 92 | char *sk_pop(STACK *st); | 95 | char *sk_pop(STACK *st); |
| 93 | void sk_zero(STACK *st); | 96 | void sk_zero(STACK *st); |
| 94 | void sk_set_cmp_func(STACK *sk, int (*c)()); | 97 | int (*sk_set_cmp_func(STACK *sk, int (*c)(const char * const *, |
| 98 | const char * const *))) | ||
| 99 | (const char * const *, const char * const *); | ||
| 95 | STACK *sk_dup(STACK *st); | 100 | STACK *sk_dup(STACK *st); |
| 96 | 101 | void sk_sort(STACK *st); | |
| 97 | #else | ||
| 98 | |||
| 99 | STACK *sk_new(); | ||
| 100 | void sk_free(); | ||
| 101 | void sk_pop_free(); | ||
| 102 | int sk_insert(); | ||
| 103 | char *sk_delete(); | ||
| 104 | char *sk_delete_ptr(); | ||
| 105 | int sk_find(); | ||
| 106 | int sk_push(); | ||
| 107 | int sk_unshift(); | ||
| 108 | char *sk_shift(); | ||
| 109 | char *sk_pop(); | ||
| 110 | void sk_zero(); | ||
| 111 | void sk_set_cmp_func(); | ||
| 112 | STACK *sk_dup(); | ||
| 113 | |||
| 114 | #endif | ||
| 115 | 102 | ||
| 116 | #ifdef __cplusplus | 103 | #ifdef __cplusplus |
| 117 | } | 104 | } |
diff --git a/src/lib/libcrypto/txt_db/txt_db.c b/src/lib/libcrypto/txt_db/txt_db.c index e34ce4efa9..9b186f2da5 100644 --- a/src/lib/libcrypto/txt_db/txt_db.c +++ b/src/lib/libcrypto/txt_db/txt_db.c | |||
| @@ -60,17 +60,15 @@ | |||
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | #include "txt_db.h" | 64 | #include <openssl/txt_db.h> |
| 65 | 65 | ||
| 66 | #undef BUFSIZE | 66 | #undef BUFSIZE |
| 67 | #define BUFSIZE 512 | 67 | #define BUFSIZE 512 |
| 68 | 68 | ||
| 69 | char *TXT_DB_version="TXT_DB part of SSLeay 0.9.0b 29-Jun-1998"; | 69 | const char *TXT_DB_version="TXT_DB" OPENSSL_VERSION_PTEXT; |
| 70 | 70 | ||
| 71 | TXT_DB *TXT_DB_read(in,num) | 71 | TXT_DB *TXT_DB_read(BIO *in, int num) |
| 72 | BIO *in; | ||
| 73 | int num; | ||
| 74 | { | 72 | { |
| 75 | TXT_DB *ret=NULL; | 73 | TXT_DB *ret=NULL; |
| 76 | int er=1; | 74 | int er=1; |
| @@ -85,16 +83,16 @@ int num; | |||
| 85 | if ((buf=BUF_MEM_new()) == NULL) goto err; | 83 | if ((buf=BUF_MEM_new()) == NULL) goto err; |
| 86 | if (!BUF_MEM_grow(buf,size)) goto err; | 84 | if (!BUF_MEM_grow(buf,size)) goto err; |
| 87 | 85 | ||
| 88 | if ((ret=(TXT_DB *)Malloc(sizeof(TXT_DB))) == NULL) | 86 | if ((ret=(TXT_DB *)OPENSSL_malloc(sizeof(TXT_DB))) == NULL) |
| 89 | goto err; | 87 | goto err; |
| 90 | ret->num_fields=num; | 88 | ret->num_fields=num; |
| 91 | ret->index=NULL; | 89 | ret->index=NULL; |
| 92 | ret->qual=NULL; | 90 | ret->qual=NULL; |
| 93 | if ((ret->data=sk_new_null()) == NULL) | 91 | if ((ret->data=sk_new_null()) == NULL) |
| 94 | goto err; | 92 | goto err; |
| 95 | if ((ret->index=(LHASH **)Malloc(sizeof(LHASH *)*num)) == NULL) | 93 | if ((ret->index=(LHASH **)OPENSSL_malloc(sizeof(LHASH *)*num)) == NULL) |
| 96 | goto err; | 94 | goto err; |
| 97 | if ((ret->qual=(int (**)())Malloc(sizeof(int (**)())*num)) == NULL) | 95 | if ((ret->qual=(int (**)())OPENSSL_malloc(sizeof(int (**)())*num)) == NULL) |
| 98 | goto err; | 96 | goto err; |
| 99 | for (i=0; i<num; i++) | 97 | for (i=0; i<num; i++) |
| 100 | { | 98 | { |
| @@ -124,7 +122,7 @@ int num; | |||
| 124 | else | 122 | else |
| 125 | { | 123 | { |
| 126 | buf->data[offset-1]='\0'; /* blat the '\n' */ | 124 | buf->data[offset-1]='\0'; /* blat the '\n' */ |
| 127 | p=(char *)Malloc(add+offset); | 125 | if (!(p=(char *)OPENSSL_malloc(add+offset))) goto err; |
| 128 | offset=0; | 126 | offset=0; |
| 129 | } | 127 | } |
| 130 | pp=(char **)p; | 128 | pp=(char **)p; |
| @@ -157,8 +155,8 @@ int num; | |||
| 157 | *(p++)='\0'; | 155 | *(p++)='\0'; |
| 158 | if ((n != num) || (*f != '\0')) | 156 | if ((n != num) || (*f != '\0')) |
| 159 | { | 157 | { |
| 160 | #if !defined(NO_STDIO) && !defined(WIN16) /* temporaty fix :-( */ | 158 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ |
| 161 | fprintf(stderr,"wrong number of fields on line %ld\n",ln); | 159 | fprintf(stderr,"wrong number of fields on line %ld (looking for field %d, got %d, '%s' left)\n",ln,num,n,f); |
| 162 | #endif | 160 | #endif |
| 163 | er=2; | 161 | er=2; |
| 164 | goto err; | 162 | goto err; |
| @@ -166,7 +164,7 @@ int num; | |||
| 166 | pp[n]=p; | 164 | pp[n]=p; |
| 167 | if (!sk_push(ret->data,(char *)pp)) | 165 | if (!sk_push(ret->data,(char *)pp)) |
| 168 | { | 166 | { |
| 169 | #if !defined(NO_STDIO) && !defined(WIN16) /* temporaty fix :-( */ | 167 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) /* temporaty fix :-( */ |
| 170 | fprintf(stderr,"failure in sk_push\n"); | 168 | fprintf(stderr,"failure in sk_push\n"); |
| 171 | #endif | 169 | #endif |
| 172 | er=2; | 170 | er=2; |
| @@ -178,23 +176,20 @@ err: | |||
| 178 | BUF_MEM_free(buf); | 176 | BUF_MEM_free(buf); |
| 179 | if (er) | 177 | if (er) |
| 180 | { | 178 | { |
| 181 | #if !defined(NO_STDIO) && !defined(WIN16) | 179 | #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) |
| 182 | if (er == 1) fprintf(stderr,"Malloc failure\n"); | 180 | if (er == 1) fprintf(stderr,"OPENSSL_malloc failure\n"); |
| 183 | #endif | 181 | #endif |
| 184 | if (ret->data != NULL) sk_free(ret->data); | 182 | if (ret->data != NULL) sk_free(ret->data); |
| 185 | if (ret->index != NULL) Free(ret->index); | 183 | if (ret->index != NULL) OPENSSL_free(ret->index); |
| 186 | if (ret->qual != NULL) Free((char *)ret->qual); | 184 | if (ret->qual != NULL) OPENSSL_free(ret->qual); |
| 187 | if (ret != NULL) Free(ret); | 185 | if (ret != NULL) OPENSSL_free(ret); |
| 188 | return(NULL); | 186 | return(NULL); |
| 189 | } | 187 | } |
| 190 | else | 188 | else |
| 191 | return(ret); | 189 | return(ret); |
| 192 | } | 190 | } |
| 193 | 191 | ||
| 194 | char **TXT_DB_get_by_index(db,idx,value) | 192 | char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value) |
| 195 | TXT_DB *db; | ||
| 196 | int idx; | ||
| 197 | char **value; | ||
| 198 | { | 193 | { |
| 199 | char **ret; | 194 | char **ret; |
| 200 | LHASH *lh; | 195 | LHASH *lh; |
| @@ -210,17 +205,13 @@ char **value; | |||
| 210 | db->error=DB_ERROR_NO_INDEX; | 205 | db->error=DB_ERROR_NO_INDEX; |
| 211 | return(NULL); | 206 | return(NULL); |
| 212 | } | 207 | } |
| 213 | ret=(char **)lh_retrieve(lh,(char *)value); | 208 | ret=(char **)lh_retrieve(lh,value); |
| 214 | db->error=DB_ERROR_OK; | 209 | db->error=DB_ERROR_OK; |
| 215 | return(ret); | 210 | return(ret); |
| 216 | } | 211 | } |
| 217 | 212 | ||
| 218 | int TXT_DB_create_index(db,field,qual,hash,cmp) | 213 | int TXT_DB_create_index(TXT_DB *db, int field, int (*qual)(), |
| 219 | TXT_DB *db; | 214 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp) |
| 220 | int field; | ||
| 221 | int (*qual)(); | ||
| 222 | unsigned long (*hash)(); | ||
| 223 | int (*cmp)(); | ||
| 224 | { | 215 | { |
| 225 | LHASH *idx; | 216 | LHASH *idx; |
| 226 | char *r; | 217 | char *r; |
| @@ -256,9 +247,7 @@ int (*cmp)(); | |||
| 256 | return(1); | 247 | return(1); |
| 257 | } | 248 | } |
| 258 | 249 | ||
| 259 | long TXT_DB_write(out,db) | 250 | long TXT_DB_write(BIO *out, TXT_DB *db) |
| 260 | BIO *out; | ||
| 261 | TXT_DB *db; | ||
| 262 | { | 251 | { |
| 263 | long i,j,n,nn,l,tot=0; | 252 | long i,j,n,nn,l,tot=0; |
| 264 | char *p,**pp,*f; | 253 | char *p,**pp,*f; |
| @@ -306,9 +295,7 @@ err: | |||
| 306 | return(ret); | 295 | return(ret); |
| 307 | } | 296 | } |
| 308 | 297 | ||
| 309 | int TXT_DB_insert(db,row) | 298 | int TXT_DB_insert(TXT_DB *db, char **row) |
| 310 | TXT_DB *db; | ||
| 311 | char **row; | ||
| 312 | { | 299 | { |
| 313 | int i; | 300 | int i; |
| 314 | char **r; | 301 | char **r; |
| @@ -319,7 +306,7 @@ char **row; | |||
| 319 | { | 306 | { |
| 320 | if ((db->qual[i] != NULL) && | 307 | if ((db->qual[i] != NULL) && |
| 321 | (db->qual[i](row) == 0)) continue; | 308 | (db->qual[i](row) == 0)) continue; |
| 322 | r=(char **)lh_retrieve(db->index[i],(char *)row); | 309 | r=(char **)lh_retrieve(db->index[i],row); |
| 323 | if (r != NULL) | 310 | if (r != NULL) |
| 324 | { | 311 | { |
| 325 | db->error=DB_ERROR_INDEX_CLASH; | 312 | db->error=DB_ERROR_INDEX_CLASH; |
| @@ -342,7 +329,7 @@ char **row; | |||
| 342 | { | 329 | { |
| 343 | if ((db->qual[i] != NULL) && | 330 | if ((db->qual[i] != NULL) && |
| 344 | (db->qual[i](row) == 0)) continue; | 331 | (db->qual[i](row) == 0)) continue; |
| 345 | lh_insert(db->index[i],(char *)row); | 332 | lh_insert(db->index[i],row); |
| 346 | } | 333 | } |
| 347 | } | 334 | } |
| 348 | return(1); | 335 | return(1); |
| @@ -350,20 +337,22 @@ err: | |||
| 350 | return(0); | 337 | return(0); |
| 351 | } | 338 | } |
| 352 | 339 | ||
| 353 | void TXT_DB_free(db) | 340 | void TXT_DB_free(TXT_DB *db) |
| 354 | TXT_DB *db; | ||
| 355 | { | 341 | { |
| 356 | int i,n; | 342 | int i,n; |
| 357 | char **p,*max; | 343 | char **p,*max; |
| 358 | 344 | ||
| 345 | if(db == NULL) | ||
| 346 | return; | ||
| 347 | |||
| 359 | if (db->index != NULL) | 348 | if (db->index != NULL) |
| 360 | { | 349 | { |
| 361 | for (i=db->num_fields-1; i>=0; i--) | 350 | for (i=db->num_fields-1; i>=0; i--) |
| 362 | if (db->index[i] != NULL) lh_free(db->index[i]); | 351 | if (db->index[i] != NULL) lh_free(db->index[i]); |
| 363 | Free(db->index); | 352 | OPENSSL_free(db->index); |
| 364 | } | 353 | } |
| 365 | if (db->qual != NULL) | 354 | if (db->qual != NULL) |
| 366 | Free(db->qual); | 355 | OPENSSL_free(db->qual); |
| 367 | if (db->data != NULL) | 356 | if (db->data != NULL) |
| 368 | { | 357 | { |
| 369 | for (i=sk_num(db->data)-1; i>=0; i--) | 358 | for (i=sk_num(db->data)-1; i>=0; i--) |
| @@ -375,7 +364,7 @@ TXT_DB *db; | |||
| 375 | if (max == NULL) /* new row */ | 364 | if (max == NULL) /* new row */ |
| 376 | { | 365 | { |
| 377 | for (n=0; n<db->num_fields; n++) | 366 | for (n=0; n<db->num_fields; n++) |
| 378 | if (p[n] != NULL) Free(p[n]); | 367 | if (p[n] != NULL) OPENSSL_free(p[n]); |
| 379 | } | 368 | } |
| 380 | else | 369 | else |
| 381 | { | 370 | { |
| @@ -383,12 +372,12 @@ TXT_DB *db; | |||
| 383 | { | 372 | { |
| 384 | if (((p[n] < (char *)p) || (p[n] > max)) | 373 | if (((p[n] < (char *)p) || (p[n] > max)) |
| 385 | && (p[n] != NULL)) | 374 | && (p[n] != NULL)) |
| 386 | Free(p[n]); | 375 | OPENSSL_free(p[n]); |
| 387 | } | 376 | } |
| 388 | } | 377 | } |
| 389 | Free(sk_value(db->data,i)); | 378 | OPENSSL_free(sk_value(db->data,i)); |
| 390 | } | 379 | } |
| 391 | sk_free(db->data); | 380 | sk_free(db->data); |
| 392 | } | 381 | } |
| 393 | Free(db); | 382 | OPENSSL_free(db); |
| 394 | } | 383 | } |
diff --git a/src/lib/libcrypto/txt_db/txt_db.h b/src/lib/libcrypto/txt_db/txt_db.h index aca6dae393..563392aeff 100644 --- a/src/lib/libcrypto/txt_db/txt_db.h +++ b/src/lib/libcrypto/txt_db/txt_db.h | |||
| @@ -59,12 +59,11 @@ | |||
| 59 | #ifndef HEADER_TXT_DB_H | 59 | #ifndef HEADER_TXT_DB_H |
| 60 | #define HEADER_TXT_DB_H | 60 | #define HEADER_TXT_DB_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #ifndef OPENSSL_NO_BIO |
| 63 | extern "C" { | 63 | #include <openssl/bio.h> |
| 64 | #endif | 64 | #endif |
| 65 | 65 | #include <openssl/stack.h> | |
| 66 | #include "stack.h" | 66 | #include <openssl/lhash.h> |
| 67 | #include "lhash.h" | ||
| 68 | 67 | ||
| 69 | #define DB_ERROR_OK 0 | 68 | #define DB_ERROR_OK 0 |
| 70 | #define DB_ERROR_MALLOC 1 | 69 | #define DB_ERROR_MALLOC 1 |
| @@ -73,6 +72,10 @@ extern "C" { | |||
| 73 | #define DB_ERROR_NO_INDEX 4 | 72 | #define DB_ERROR_NO_INDEX 4 |
| 74 | #define DB_ERROR_INSERT_INDEX_CLASH 5 | 73 | #define DB_ERROR_INSERT_INDEX_CLASH 5 |
| 75 | 74 | ||
| 75 | #ifdef __cplusplus | ||
| 76 | extern "C" { | ||
| 77 | #endif | ||
| 78 | |||
| 76 | typedef struct txt_db_st | 79 | typedef struct txt_db_st |
| 77 | { | 80 | { |
| 78 | int num_fields; | 81 | int num_fields; |
| @@ -85,8 +88,7 @@ typedef struct txt_db_st | |||
| 85 | char **arg_row; | 88 | char **arg_row; |
| 86 | } TXT_DB; | 89 | } TXT_DB; |
| 87 | 90 | ||
| 88 | #ifndef NOPROTO | 91 | #ifndef OPENSSL_NO_BIO |
| 89 | #ifdef HEADER_BIO_H | ||
| 90 | TXT_DB *TXT_DB_read(BIO *in, int num); | 92 | TXT_DB *TXT_DB_read(BIO *in, int num); |
| 91 | long TXT_DB_write(BIO *out, TXT_DB *db); | 93 | long TXT_DB_write(BIO *out, TXT_DB *db); |
| 92 | #else | 94 | #else |
| @@ -94,22 +96,11 @@ TXT_DB *TXT_DB_read(char *in, int num); | |||
| 94 | long TXT_DB_write(char *out, TXT_DB *db); | 96 | long TXT_DB_write(char *out, TXT_DB *db); |
| 95 | #endif | 97 | #endif |
| 96 | int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), | 98 | int TXT_DB_create_index(TXT_DB *db,int field,int (*qual)(), |
| 97 | unsigned long (*hash)(),int (*cmp)()); | 99 | LHASH_HASH_FN_TYPE hash, LHASH_COMP_FN_TYPE cmp); |
| 98 | void TXT_DB_free(TXT_DB *db); | 100 | void TXT_DB_free(TXT_DB *db); |
| 99 | char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); | 101 | char **TXT_DB_get_by_index(TXT_DB *db, int idx, char **value); |
| 100 | int TXT_DB_insert(TXT_DB *db,char **value); | 102 | int TXT_DB_insert(TXT_DB *db,char **value); |
| 101 | 103 | ||
| 102 | #else | ||
| 103 | |||
| 104 | TXT_DB *TXT_DB_read(); | ||
| 105 | long TXT_DB_write(); | ||
| 106 | int TXT_DB_create_index(); | ||
| 107 | void TXT_DB_free(); | ||
| 108 | char **TXT_DB_get_by_index(); | ||
| 109 | int TXT_DB_insert(); | ||
| 110 | |||
| 111 | #endif | ||
| 112 | |||
| 113 | #ifdef __cplusplus | 104 | #ifdef __cplusplus |
| 114 | } | 105 | } |
| 115 | #endif | 106 | #endif |
diff --git a/src/lib/libcrypto/ui/ui_openssl.c b/src/lib/libcrypto/ui/ui_openssl.c index 3aa03f74aa..4e12165410 100644 --- a/src/lib/libcrypto/ui/ui_openssl.c +++ b/src/lib/libcrypto/ui/ui_openssl.c | |||
| @@ -465,7 +465,7 @@ static int open_console(UI *ui) | |||
| 465 | tty_out=stderr; | 465 | tty_out=stderr; |
| 466 | #endif | 466 | #endif |
| 467 | 467 | ||
| 468 | #if defined(TTY_get) && !defined(VMS) | 468 | #if defined(TTY_get) && !defined(OPENSSL_SYS_VMS) |
| 469 | if (TTY_get(fileno(tty_in),&tty_orig) == -1) | 469 | if (TTY_get(fileno(tty_in),&tty_orig) == -1) |
| 470 | { | 470 | { |
| 471 | #ifdef ENOTTY | 471 | #ifdef ENOTTY |
diff --git a/src/lib/libcrypto/util/mkerr.pl b/src/lib/libcrypto/util/mkerr.pl index 4b3bccb13e..4105047b21 100644 --- a/src/lib/libcrypto/util/mkerr.pl +++ b/src/lib/libcrypto/util/mkerr.pl | |||
| @@ -7,7 +7,7 @@ my $static = 1; | |||
| 7 | my $recurse = 0; | 7 | my $recurse = 0; |
| 8 | my $reindex = 0; | 8 | my $reindex = 0; |
| 9 | my $dowrite = 0; | 9 | my $dowrite = 0; |
| 10 | 10 | my $staticloader = ""; | |
| 11 | 11 | ||
| 12 | while (@ARGV) { | 12 | while (@ARGV) { |
| 13 | my $arg = $ARGV[0]; | 13 | my $arg = $ARGV[0]; |
| @@ -29,6 +29,9 @@ while (@ARGV) { | |||
| 29 | } elsif($arg eq "-nostatic") { | 29 | } elsif($arg eq "-nostatic") { |
| 30 | $static = 0; | 30 | $static = 0; |
| 31 | shift @ARGV; | 31 | shift @ARGV; |
| 32 | } elsif($arg eq "-staticloader") { | ||
| 33 | $staticloader = "static "; | ||
| 34 | shift @ARGV; | ||
| 32 | } elsif($arg eq "-write") { | 35 | } elsif($arg eq "-write") { |
| 33 | $dowrite = 1; | 36 | $dowrite = 1; |
| 34 | shift @ARGV; | 37 | shift @ARGV; |
| @@ -38,7 +41,7 @@ while (@ARGV) { | |||
| 38 | } | 41 | } |
| 39 | 42 | ||
| 40 | if($recurse) { | 43 | if($recurse) { |
| 41 | @source = (<crypto/*.c>, <crypto/*/*.c>, ,<rsaref/*.c>, <ssl/*.c>); | 44 | @source = (<crypto/*.c>, <crypto/*/*.c>, <ssl/*.c>); |
| 42 | } else { | 45 | } else { |
| 43 | @source = @ARGV; | 46 | @source = @ARGV; |
| 44 | } | 47 | } |
| @@ -53,6 +56,7 @@ while(<IN>) | |||
| 53 | { | 56 | { |
| 54 | if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) { | 57 | if(/^L\s+(\S+)\s+(\S+)\s+(\S+)/) { |
| 55 | $hinc{$1} = $2; | 58 | $hinc{$1} = $2; |
| 59 | $libinc{$2} = $1; | ||
| 56 | $cskip{$3} = $1; | 60 | $cskip{$3} = $1; |
| 57 | if($3 ne "NONE") { | 61 | if($3 ne "NONE") { |
| 58 | $csrc{$1} = $3; | 62 | $csrc{$1} = $3; |
| @@ -74,43 +78,53 @@ close IN; | |||
| 74 | # Scan each header file in turn and make a list of error codes | 78 | # Scan each header file in turn and make a list of error codes |
| 75 | # and function names | 79 | # and function names |
| 76 | 80 | ||
| 77 | while (($lib, $hdr) = each %hinc) | 81 | while (($hdr, $lib) = each %libinc) |
| 78 | { | 82 | { |
| 79 | next if($hdr eq "NONE"); | 83 | next if($hdr eq "NONE"); |
| 80 | print STDERR "Scanning header file $hdr\n" if $debug; | 84 | print STDERR "Scanning header file $hdr\n" if $debug; |
| 81 | open(IN, "<$hdr") || die "Can't open Header file $hdr\n"; | 85 | my $line = "", $def= "", $linenr = 0, $gotfile = 0; |
| 82 | my $line = "", $def= ""; | 86 | if (open(IN, "<$hdr")) { |
| 83 | while(<IN>) { | 87 | $gotfile = 1; |
| 84 | last if(/BEGIN\s+ERROR\s+CODES/); | 88 | while(<IN>) { |
| 85 | if ($line ne '') { | 89 | $linenr++; |
| 86 | $_ = $line . $_; | 90 | print STDERR "line: $linenr\r" if $debug; |
| 87 | $line = ''; | 91 | |
| 88 | } | 92 | last if(/BEGIN\s+ERROR\s+CODES/); |
| 93 | if ($line ne '') { | ||
| 94 | $_ = $line . $_; | ||
| 95 | $line = ''; | ||
| 96 | } | ||
| 89 | 97 | ||
| 90 | if (/\\$/) { | 98 | if (/\\$/) { |
| 91 | $line = $_; | 99 | $line = $_; |
| 92 | next; | 100 | next; |
| 93 | } | 101 | } |
| 94 | 102 | ||
| 95 | $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration | 103 | $cpp = 1 if /^#.*ifdef.*cplusplus/; # skip "C" declaration |
| 96 | if ($cpp) { | 104 | if ($cpp) { |
| 97 | $cpp = 0 if /^#.*endif/; | 105 | $cpp = 0 if /^#.*endif/; |
| 98 | next; | 106 | next; |
| 99 | } | 107 | } |
| 100 | 108 | ||
| 101 | next if (/^#/); # skip preprocessor directives | 109 | next if (/^\#/); # skip preprocessor directives |
| 102 | 110 | ||
| 103 | s/\/\*.*?\*\///gs; # ignore comments | 111 | s/\/\*.*?\*\///gs; # ignore comments |
| 104 | s/{[^{}]*}//gs; # ignore {} blocks | 112 | s/{[^{}]*}//gs; # ignore {} blocks |
| 105 | 113 | ||
| 106 | if (/{|\/\*/) { # Add a } so editor works... | 114 | if (/\{|\/\*/) { # Add a } so editor works... |
| 107 | $line = $_; | 115 | $line = $_; |
| 108 | } else { | 116 | } else { |
| 109 | $def .= $_; | 117 | $def .= $_; |
| 118 | } | ||
| 110 | } | 119 | } |
| 111 | } | 120 | } |
| 112 | 121 | ||
| 122 | print STDERR " \r" if $debug; | ||
| 123 | $defnr = 0; | ||
| 113 | foreach (split /;/, $def) { | 124 | foreach (split /;/, $def) { |
| 125 | $defnr++; | ||
| 126 | print STDERR "def: $defnr\r" if $debug; | ||
| 127 | |||
| 114 | s/^[\n\s]*//g; | 128 | s/^[\n\s]*//g; |
| 115 | s/[\n\s]*$//g; | 129 | s/[\n\s]*$//g; |
| 116 | next if(/typedef\W/); | 130 | next if(/typedef\W/); |
| @@ -136,15 +150,19 @@ while (($lib, $hdr) = each %hinc) | |||
| 136 | } | 150 | } |
| 137 | } | 151 | } |
| 138 | 152 | ||
| 153 | print STDERR " \r" if $debug; | ||
| 154 | |||
| 139 | next if $reindex; | 155 | next if $reindex; |
| 140 | 156 | ||
| 141 | # Scan function and reason codes and store them: keep a note of the | 157 | # Scan function and reason codes and store them: keep a note of the |
| 142 | # maximum code used. | 158 | # maximum code used. |
| 143 | 159 | ||
| 144 | while(<IN>) { | 160 | if ($gotfile) { |
| 145 | if(/^#define\s+(\S+)\s+(\S+)/) { | 161 | while(<IN>) { |
| 162 | if(/^\#define\s+(\S+)\s+(\S+)/) { | ||
| 146 | $name = $1; | 163 | $name = $1; |
| 147 | $code = $2; | 164 | $code = $2; |
| 165 | next if $name =~ /^${lib}err/; | ||
| 148 | unless($name =~ /^${lib}_([RF])_(\w+)$/) { | 166 | unless($name =~ /^${lib}_([RF])_(\w+)$/) { |
| 149 | print STDERR "Invalid error code $name\n"; | 167 | print STDERR "Invalid error code $name\n"; |
| 150 | next; | 168 | next; |
| @@ -162,6 +180,7 @@ while (($lib, $hdr) = each %hinc) | |||
| 162 | $fcodes{$name} = $code; | 180 | $fcodes{$name} = $code; |
| 163 | } | 181 | } |
| 164 | } | 182 | } |
| 183 | } | ||
| 165 | } | 184 | } |
| 166 | close IN; | 185 | close IN; |
| 167 | } | 186 | } |
| @@ -178,9 +197,11 @@ while (($lib, $hdr) = each %hinc) | |||
| 178 | # so all those unreferenced can be printed out. | 197 | # so all those unreferenced can be printed out. |
| 179 | 198 | ||
| 180 | 199 | ||
| 200 | print STDERR "Files loaded: " if $debug; | ||
| 181 | foreach $file (@source) { | 201 | foreach $file (@source) { |
| 182 | # Don't parse the error source file. | 202 | # Don't parse the error source file. |
| 183 | next if exists $cskip{$file}; | 203 | next if exists $cskip{$file}; |
| 204 | print STDERR $file if $debug; | ||
| 184 | open(IN, "<$file") || die "Can't open source file $file\n"; | 205 | open(IN, "<$file") || die "Can't open source file $file\n"; |
| 185 | while(<IN>) { | 206 | while(<IN>) { |
| 186 | if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { | 207 | if(/(([A-Z0-9]+)_F_([A-Z0-9_]+))/) { |
| @@ -204,6 +225,7 @@ foreach $file (@source) { | |||
| 204 | } | 225 | } |
| 205 | close IN; | 226 | close IN; |
| 206 | } | 227 | } |
| 228 | print STDERR "\n" if $debug; | ||
| 207 | 229 | ||
| 208 | # Now process each library in turn. | 230 | # Now process each library in turn. |
| 209 | 231 | ||
| @@ -230,15 +252,74 @@ foreach $lib (keys %csrc) | |||
| 230 | 252 | ||
| 231 | # Rewrite the header file | 253 | # Rewrite the header file |
| 232 | 254 | ||
| 233 | open(IN, "<$hfile") || die "Can't Open Header File $hfile\n"; | 255 | if (open(IN, "<$hfile")) { |
| 234 | 256 | # Copy across the old file | |
| 235 | # Copy across the old file | 257 | while(<IN>) { |
| 236 | while(<IN>) { | ||
| 237 | push @out, $_; | 258 | push @out, $_; |
| 238 | last if (/BEGIN ERROR CODES/); | 259 | last if (/BEGIN ERROR CODES/); |
| 260 | } | ||
| 261 | close IN; | ||
| 262 | } else { | ||
| 263 | push @out, | ||
| 264 | "/* ====================================================================\n", | ||
| 265 | " * Copyright (c) 2001-2002 The OpenSSL Project. All rights reserved.\n", | ||
| 266 | " *\n", | ||
| 267 | " * Redistribution and use in source and binary forms, with or without\n", | ||
| 268 | " * modification, are permitted provided that the following conditions\n", | ||
| 269 | " * are met:\n", | ||
| 270 | " *\n", | ||
| 271 | " * 1. Redistributions of source code must retain the above copyright\n", | ||
| 272 | " * notice, this list of conditions and the following disclaimer. \n", | ||
| 273 | " *\n", | ||
| 274 | " * 2. Redistributions in binary form must reproduce the above copyright\n", | ||
| 275 | " * notice, this list of conditions and the following disclaimer in\n", | ||
| 276 | " * the documentation and/or other materials provided with the\n", | ||
| 277 | " * distribution.\n", | ||
| 278 | " *\n", | ||
| 279 | " * 3. All advertising materials mentioning features or use of this\n", | ||
| 280 | " * software must display the following acknowledgment:\n", | ||
| 281 | " * \"This product includes software developed by the OpenSSL Project\n", | ||
| 282 | " * for use in the OpenSSL Toolkit. (http://www.openssl.org/)\"\n", | ||
| 283 | " *\n", | ||
| 284 | " * 4. The names \"OpenSSL Toolkit\" and \"OpenSSL Project\" must not be used to\n", | ||
| 285 | " * endorse or promote products derived from this software without\n", | ||
| 286 | " * prior written permission. For written permission, please contact\n", | ||
| 287 | " * openssl-core\@openssl.org.\n", | ||
| 288 | " *\n", | ||
| 289 | " * 5. Products derived from this software may not be called \"OpenSSL\"\n", | ||
| 290 | " * nor may \"OpenSSL\" appear in their names without prior written\n", | ||
| 291 | " * permission of the OpenSSL Project.\n", | ||
| 292 | " *\n", | ||
| 293 | " * 6. Redistributions of any form whatsoever must retain the following\n", | ||
| 294 | " * acknowledgment:\n", | ||
| 295 | " * \"This product includes software developed by the OpenSSL Project\n", | ||
| 296 | " * for use in the OpenSSL Toolkit (http://www.openssl.org/)\"\n", | ||
| 297 | " *\n", | ||
| 298 | " * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY\n", | ||
| 299 | " * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n", | ||
| 300 | " * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n", | ||
| 301 | " * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR\n", | ||
| 302 | " * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n", | ||
| 303 | " * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n", | ||
| 304 | " * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\n", | ||
| 305 | " * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n", | ||
| 306 | " * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n", | ||
| 307 | " * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)\n", | ||
| 308 | " * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED\n", | ||
| 309 | " * OF THE POSSIBILITY OF SUCH DAMAGE.\n", | ||
| 310 | " * ====================================================================\n", | ||
| 311 | " *\n", | ||
| 312 | " * This product includes cryptographic software written by Eric Young\n", | ||
| 313 | " * (eay\@cryptsoft.com). This product includes software written by Tim\n", | ||
| 314 | " * Hudson (tjh\@cryptsoft.com).\n", | ||
| 315 | " *\n", | ||
| 316 | " */\n", | ||
| 317 | "\n", | ||
| 318 | "#ifndef HEADER_${lib}_ERR_H\n", | ||
| 319 | "#define HEADER_${lib}_ERR_H\n", | ||
| 320 | "\n", | ||
| 321 | "/* BEGIN ERROR CODES */\n"; | ||
| 239 | } | 322 | } |
| 240 | close IN; | ||
| 241 | |||
| 242 | open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n"; | 323 | open (OUT, ">$hfile") || die "Can't Open File $hfile for writing\n"; |
| 243 | 324 | ||
| 244 | print OUT @out; | 325 | print OUT @out; |
| @@ -247,7 +328,22 @@ foreach $lib (keys %csrc) | |||
| 247 | /* The following lines are auto generated by the script mkerr.pl. Any changes | 328 | /* The following lines are auto generated by the script mkerr.pl. Any changes |
| 248 | * made after this point may be overwritten when the script is next run. | 329 | * made after this point may be overwritten when the script is next run. |
| 249 | */ | 330 | */ |
| 331 | EOF | ||
| 332 | if($static) { | ||
| 333 | print OUT <<"EOF"; | ||
| 334 | ${staticloader}void ERR_load_${lib}_strings(void); | ||
| 335 | |||
| 336 | EOF | ||
| 337 | } else { | ||
| 338 | print OUT <<"EOF"; | ||
| 339 | ${staticloader}void ERR_load_${lib}_strings(void); | ||
| 340 | ${staticloader}void ERR_unload_${lib}_strings(void); | ||
| 341 | ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line); | ||
| 342 | #define ${lib}err(f,r) ERR_${lib}_error((f),(r),__FILE__,__LINE__) | ||
| 250 | 343 | ||
| 344 | EOF | ||
| 345 | } | ||
| 346 | print OUT <<"EOF"; | ||
| 251 | /* Error codes for the $lib functions. */ | 347 | /* Error codes for the $lib functions. */ |
| 252 | 348 | ||
| 253 | /* Function codes. */ | 349 | /* Function codes. */ |
| @@ -278,12 +374,22 @@ EOF | |||
| 278 | } | 374 | } |
| 279 | #endif | 375 | #endif |
| 280 | #endif | 376 | #endif |
| 281 | |||
| 282 | EOF | 377 | EOF |
| 283 | close OUT; | 378 | close OUT; |
| 284 | 379 | ||
| 285 | # Rewrite the C source file containing the error details. | 380 | # Rewrite the C source file containing the error details. |
| 286 | 381 | ||
| 382 | # First, read any existing reason string definitions: | ||
| 383 | my %err_reason_strings; | ||
| 384 | if (open(IN,"<$cfile")) { | ||
| 385 | while (<IN>) { | ||
| 386 | if (/\b(${lib}_R_\w*)\b.*\"(.*)\"/) { | ||
| 387 | $err_reason_strings{$1} = $2; | ||
| 388 | } | ||
| 389 | } | ||
| 390 | close(IN); | ||
| 391 | } | ||
| 392 | |||
| 287 | my $hincf; | 393 | my $hincf; |
| 288 | if($static) { | 394 | if($static) { |
| 289 | $hfile =~ /([^\/]+)$/; | 395 | $hfile =~ /([^\/]+)$/; |
| @@ -298,7 +404,7 @@ EOF | |||
| 298 | print OUT <<"EOF"; | 404 | print OUT <<"EOF"; |
| 299 | /* $cfile */ | 405 | /* $cfile */ |
| 300 | /* ==================================================================== | 406 | /* ==================================================================== |
| 301 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 407 | * Copyright (c) 1999-2002 The OpenSSL Project. All rights reserved. |
| 302 | * | 408 | * |
| 303 | * Redistribution and use in source and binary forms, with or without | 409 | * Redistribution and use in source and binary forms, with or without |
| 304 | * modification, are permitted provided that the following conditions | 410 | * modification, are permitted provided that the following conditions |
| @@ -352,7 +458,8 @@ EOF | |||
| 352 | */ | 458 | */ |
| 353 | 459 | ||
| 354 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | 460 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes |
| 355 | * made to it will be overwritten when the script next updates this file. | 461 | * made to it will be overwritten when the script next updates this file, |
| 462 | * only reason strings will be preserved. | ||
| 356 | */ | 463 | */ |
| 357 | 464 | ||
| 358 | #include <stdio.h> | 465 | #include <stdio.h> |
| @@ -360,7 +467,7 @@ EOF | |||
| 360 | #include $hincf | 467 | #include $hincf |
| 361 | 468 | ||
| 362 | /* BEGIN ERROR CODES */ | 469 | /* BEGIN ERROR CODES */ |
| 363 | #ifndef NO_ERR | 470 | #ifndef OPENSSL_NO_ERR |
| 364 | static ERR_STRING_DATA ${lib}_str_functs[]= | 471 | static ERR_STRING_DATA ${lib}_str_functs[]= |
| 365 | { | 472 | { |
| 366 | EOF | 473 | EOF |
| @@ -385,9 +492,13 @@ EOF | |||
| 385 | foreach $i (@reasons) { | 492 | foreach $i (@reasons) { |
| 386 | my $rn; | 493 | my $rn; |
| 387 | my $nspc = 0; | 494 | my $nspc = 0; |
| 388 | $i =~ /^${lib}_R_(\S+)$/; | 495 | if (exists $err_reason_strings{$i}) { |
| 389 | $rn = $1; | 496 | $rn = $err_reason_strings{$i}; |
| 390 | $rn =~ tr/_[A-Z]/ [a-z]/; | 497 | } else { |
| 498 | $i =~ /^${lib}_R_(\S+)$/; | ||
| 499 | $rn = $1; | ||
| 500 | $rn =~ tr/_[A-Z]/ [a-z]/; | ||
| 501 | } | ||
| 391 | $nspc = 40 - length($i) unless length($i) > 40; | 502 | $nspc = 40 - length($i) unless length($i) > 40; |
| 392 | $nspc = " " x $nspc; | 503 | $nspc = " " x $nspc; |
| 393 | print OUT "{${i}${nspc},\"$rn\"},\n"; | 504 | print OUT "{${i}${nspc},\"$rn\"},\n"; |
| @@ -399,14 +510,14 @@ if($static) { | |||
| 399 | 510 | ||
| 400 | #endif | 511 | #endif |
| 401 | 512 | ||
| 402 | void ERR_load_${lib}_strings(void) | 513 | ${staticloader}void ERR_load_${lib}_strings(void) |
| 403 | { | 514 | { |
| 404 | static int init=1; | 515 | static int init=1; |
| 405 | 516 | ||
| 406 | if (init) | 517 | if (init) |
| 407 | { | 518 | { |
| 408 | init=0; | 519 | init=0; |
| 409 | #ifndef NO_ERR | 520 | #ifndef OPENSSL_NO_ERR |
| 410 | ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs); | 521 | ERR_load_strings(ERR_LIB_${lib},${lib}_str_functs); |
| 411 | ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons); | 522 | ERR_load_strings(ERR_LIB_${lib},${lib}_str_reasons); |
| 412 | #endif | 523 | #endif |
| @@ -430,19 +541,18 @@ static ERR_STRING_DATA ${lib}_lib_name[]= | |||
| 430 | #endif | 541 | #endif |
| 431 | 542 | ||
| 432 | 543 | ||
| 433 | int ${lib}_lib_error_code=0; | 544 | static int ${lib}_lib_error_code=0; |
| 545 | static int ${lib}_error_init=1; | ||
| 434 | 546 | ||
| 435 | void ERR_load_${lib}_strings(void) | 547 | ${staticloader}void ERR_load_${lib}_strings(void) |
| 436 | { | 548 | { |
| 437 | static int init=1; | ||
| 438 | |||
| 439 | if (${lib}_lib_error_code == 0) | 549 | if (${lib}_lib_error_code == 0) |
| 440 | ${lib}_lib_error_code=ERR_get_next_error_library(); | 550 | ${lib}_lib_error_code=ERR_get_next_error_library(); |
| 441 | 551 | ||
| 442 | if (init) | 552 | if (${lib}_error_init) |
| 443 | { | 553 | { |
| 444 | init=0; | 554 | ${lib}_error_init=0; |
| 445 | #ifndef NO_ERR | 555 | #ifndef OPENSSL_NO_ERR |
| 446 | ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); | 556 | ERR_load_strings(${lib}_lib_error_code,${lib}_str_functs); |
| 447 | ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); | 557 | ERR_load_strings(${lib}_lib_error_code,${lib}_str_reasons); |
| 448 | #endif | 558 | #endif |
| @@ -450,11 +560,27 @@ void ERR_load_${lib}_strings(void) | |||
| 450 | #ifdef ${lib}_LIB_NAME | 560 | #ifdef ${lib}_LIB_NAME |
| 451 | ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); | 561 | ${lib}_lib_name->error = ERR_PACK(${lib}_lib_error_code,0,0); |
| 452 | ERR_load_strings(0,${lib}_lib_name); | 562 | ERR_load_strings(0,${lib}_lib_name); |
| 453 | #endif; | 563 | #endif |
| 564 | } | ||
| 565 | } | ||
| 566 | |||
| 567 | ${staticloader}void ERR_unload_${lib}_strings(void) | ||
| 568 | { | ||
| 569 | if (${lib}_error_init == 0) | ||
| 570 | { | ||
| 571 | #ifndef OPENSSL_NO_ERR | ||
| 572 | ERR_unload_strings(${lib}_lib_error_code,${lib}_str_functs); | ||
| 573 | ERR_unload_strings(${lib}_lib_error_code,${lib}_str_reasons); | ||
| 574 | #endif | ||
| 575 | |||
| 576 | #ifdef ${lib}_LIB_NAME | ||
| 577 | ERR_unload_strings(0,${lib}_lib_name); | ||
| 578 | #endif | ||
| 579 | ${lib}_error_init=1; | ||
| 454 | } | 580 | } |
| 455 | } | 581 | } |
| 456 | 582 | ||
| 457 | void ERR_${lib}_error(int function, int reason, char *file, int line) | 583 | ${staticloader}void ERR_${lib}_error(int function, int reason, char *file, int line) |
| 458 | { | 584 | { |
| 459 | if (${lib}_lib_error_code == 0) | 585 | if (${lib}_lib_error_code == 0) |
| 460 | ${lib}_lib_error_code=ERR_get_next_error_library(); | 586 | ${lib}_lib_error_code=ERR_get_next_error_library(); |
| @@ -465,7 +591,7 @@ EOF | |||
| 465 | } | 591 | } |
| 466 | 592 | ||
| 467 | close OUT; | 593 | close OUT; |
| 468 | 594 | undef %err_reason_strings; | |
| 469 | } | 595 | } |
| 470 | 596 | ||
| 471 | if($debug && defined(%notrans)) { | 597 | if($debug && defined(%notrans)) { |
diff --git a/src/lib/libcrypto/util/mkstack.pl b/src/lib/libcrypto/util/mkstack.pl index 3ee13fe7c9..085c50f790 100644 --- a/src/lib/libcrypto/util/mkstack.pl +++ b/src/lib/libcrypto/util/mkstack.pl | |||
| @@ -21,7 +21,7 @@ while (@ARGV) { | |||
| 21 | } | 21 | } |
| 22 | 22 | ||
| 23 | 23 | ||
| 24 | @source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <rsaref/*.[ch]>, <ssl/*.[ch]>); | 24 | @source = (<crypto/*.[ch]>, <crypto/*/*.[ch]>, <ssl/*.[ch]>); |
| 25 | foreach $file (@source) { | 25 | foreach $file (@source) { |
| 26 | next if -l $file; | 26 | next if -l $file; |
| 27 | 27 | ||
diff --git a/src/lib/libcrypto/x509/by_dir.c b/src/lib/libcrypto/x509/by_dir.c index 11725ec94c..448bd7e69c 100644 --- a/src/lib/libcrypto/x509/by_dir.c +++ b/src/lib/libcrypto/x509/by_dir.c | |||
| @@ -59,13 +59,20 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <errno.h> | 61 | #include <errno.h> |
| 62 | #include <sys/types.h> | ||
| 63 | #include <sys/stat.h> | ||
| 64 | 62 | ||
| 65 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 66 | #include "lhash.h" | 64 | |
| 67 | #include "x509.h" | 65 | #ifndef NO_SYS_TYPES_H |
| 68 | #include "pem.h" | 66 | # include <sys/types.h> |
| 67 | #endif | ||
| 68 | #ifdef MAC_OS_pre_X | ||
| 69 | # include <stat.h> | ||
| 70 | #else | ||
| 71 | # include <sys/stat.h> | ||
| 72 | #endif | ||
| 73 | |||
| 74 | #include <openssl/lhash.h> | ||
| 75 | #include <openssl/x509.h> | ||
| 69 | 76 | ||
| 70 | typedef struct lookup_dir_st | 77 | typedef struct lookup_dir_st |
| 71 | { | 78 | { |
| @@ -76,21 +83,13 @@ typedef struct lookup_dir_st | |||
| 76 | int num_dirs_alloced; | 83 | int num_dirs_alloced; |
| 77 | } BY_DIR; | 84 | } BY_DIR; |
| 78 | 85 | ||
| 79 | #ifndef NOPROTO | 86 | static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, |
| 80 | static int dir_ctrl(X509_LOOKUP *ctx,int cmd,char *argp,long argl,char **ret); | 87 | char **ret); |
| 81 | static int new_dir(X509_LOOKUP *lu); | 88 | static int new_dir(X509_LOOKUP *lu); |
| 82 | static void free_dir(X509_LOOKUP *lu); | 89 | static void free_dir(X509_LOOKUP *lu); |
| 83 | static int add_cert_dir(BY_DIR *ctx,char *dir,int type); | 90 | static int add_cert_dir(BY_DIR *ctx,const char *dir,int type); |
| 84 | static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, | 91 | static int get_cert_by_subject(X509_LOOKUP *xl,int type,X509_NAME *name, |
| 85 | X509_OBJECT *ret); | 92 | X509_OBJECT *ret); |
| 86 | #else | ||
| 87 | static int dir_ctrl(); | ||
| 88 | static int new_dir(); | ||
| 89 | static void free_dir(); | ||
| 90 | static int add_cert_dir(); | ||
| 91 | static int get_cert_by_subject(); | ||
| 92 | #endif | ||
| 93 | |||
| 94 | X509_LOOKUP_METHOD x509_dir_lookup= | 93 | X509_LOOKUP_METHOD x509_dir_lookup= |
| 95 | { | 94 | { |
| 96 | "Load certs from files in a directory", | 95 | "Load certs from files in a directory", |
| @@ -105,17 +104,13 @@ X509_LOOKUP_METHOD x509_dir_lookup= | |||
| 105 | NULL, /* get_by_alias */ | 104 | NULL, /* get_by_alias */ |
| 106 | }; | 105 | }; |
| 107 | 106 | ||
| 108 | X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir() | 107 | X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(void) |
| 109 | { | 108 | { |
| 110 | return(&x509_dir_lookup); | 109 | return(&x509_dir_lookup); |
| 111 | } | 110 | } |
| 112 | 111 | ||
| 113 | static int dir_ctrl(ctx,cmd,argp,argl,retp) | 112 | static int dir_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, |
| 114 | X509_LOOKUP *ctx; | 113 | char **retp) |
| 115 | int cmd; | ||
| 116 | long argl; | ||
| 117 | char *argp; | ||
| 118 | char **retp; | ||
| 119 | { | 114 | { |
| 120 | int ret=0; | 115 | int ret=0; |
| 121 | BY_DIR *ld; | 116 | BY_DIR *ld; |
| @@ -147,16 +142,15 @@ char **retp; | |||
| 147 | return(ret); | 142 | return(ret); |
| 148 | } | 143 | } |
| 149 | 144 | ||
| 150 | static int new_dir(lu) | 145 | static int new_dir(X509_LOOKUP *lu) |
| 151 | X509_LOOKUP *lu; | ||
| 152 | { | 146 | { |
| 153 | BY_DIR *a; | 147 | BY_DIR *a; |
| 154 | 148 | ||
| 155 | if ((a=(BY_DIR *)Malloc(sizeof(BY_DIR))) == NULL) | 149 | if ((a=(BY_DIR *)OPENSSL_malloc(sizeof(BY_DIR))) == NULL) |
| 156 | return(0); | 150 | return(0); |
| 157 | if ((a->buffer=BUF_MEM_new()) == NULL) | 151 | if ((a->buffer=BUF_MEM_new()) == NULL) |
| 158 | { | 152 | { |
| 159 | Free(a); | 153 | OPENSSL_free(a); |
| 160 | return(0); | 154 | return(0); |
| 161 | } | 155 | } |
| 162 | a->num_dirs=0; | 156 | a->num_dirs=0; |
| @@ -167,32 +161,32 @@ X509_LOOKUP *lu; | |||
| 167 | return(1); | 161 | return(1); |
| 168 | } | 162 | } |
| 169 | 163 | ||
| 170 | static void free_dir(lu) | 164 | static void free_dir(X509_LOOKUP *lu) |
| 171 | X509_LOOKUP *lu; | ||
| 172 | { | 165 | { |
| 173 | BY_DIR *a; | 166 | BY_DIR *a; |
| 174 | int i; | 167 | int i; |
| 175 | 168 | ||
| 176 | a=(BY_DIR *)lu->method_data; | 169 | a=(BY_DIR *)lu->method_data; |
| 177 | for (i=0; i<a->num_dirs; i++) | 170 | for (i=0; i<a->num_dirs; i++) |
| 178 | if (a->dirs[i] != NULL) Free(a->dirs[i]); | 171 | if (a->dirs[i] != NULL) OPENSSL_free(a->dirs[i]); |
| 179 | if (a->dirs != NULL) Free(a->dirs); | 172 | if (a->dirs != NULL) OPENSSL_free(a->dirs); |
| 180 | if (a->dirs_type != NULL) Free(a->dirs_type); | 173 | if (a->dirs_type != NULL) OPENSSL_free(a->dirs_type); |
| 181 | if (a->buffer != NULL) BUF_MEM_free(a->buffer); | 174 | if (a->buffer != NULL) BUF_MEM_free(a->buffer); |
| 182 | Free(a); | 175 | OPENSSL_free(a); |
| 183 | } | 176 | } |
| 184 | 177 | ||
| 185 | static int add_cert_dir(ctx,dir, type) | 178 | static int add_cert_dir(BY_DIR *ctx, const char *dir, int type) |
| 186 | BY_DIR *ctx; | ||
| 187 | char *dir; | ||
| 188 | int type; | ||
| 189 | { | 179 | { |
| 190 | int j,len; | 180 | int j,len; |
| 191 | int *ip; | 181 | int *ip; |
| 192 | char *s,*ss,*p; | 182 | const char *s,*ss,*p; |
| 193 | char **pp; | 183 | char **pp; |
| 194 | 184 | ||
| 195 | if (dir == NULL) return(0); | 185 | if (dir == NULL || !*dir) |
| 186 | { | ||
| 187 | X509err(X509_F_ADD_CERT_DIR,X509_R_INVALID_DIRECTORY); | ||
| 188 | return 0; | ||
| 189 | } | ||
| 196 | 190 | ||
| 197 | s=dir; | 191 | s=dir; |
| 198 | p=s; | 192 | p=s; |
| @@ -210,9 +204,9 @@ int type; | |||
| 210 | if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) | 204 | if (ctx->num_dirs_alloced < (ctx->num_dirs+1)) |
| 211 | { | 205 | { |
| 212 | ctx->num_dirs_alloced+=10; | 206 | ctx->num_dirs_alloced+=10; |
| 213 | pp=(char **)Malloc(ctx->num_dirs_alloced* | 207 | pp=(char **)OPENSSL_malloc(ctx->num_dirs_alloced* |
| 214 | sizeof(char *)); | 208 | sizeof(char *)); |
| 215 | ip=(int *)Malloc(ctx->num_dirs_alloced* | 209 | ip=(int *)OPENSSL_malloc(ctx->num_dirs_alloced* |
| 216 | sizeof(int)); | 210 | sizeof(int)); |
| 217 | if ((pp == NULL) || (ip == NULL)) | 211 | if ((pp == NULL) || (ip == NULL)) |
| 218 | { | 212 | { |
| @@ -224,14 +218,14 @@ int type; | |||
| 224 | memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* | 218 | memcpy(ip,ctx->dirs_type,(ctx->num_dirs_alloced-10)* |
| 225 | sizeof(int)); | 219 | sizeof(int)); |
| 226 | if (ctx->dirs != NULL) | 220 | if (ctx->dirs != NULL) |
| 227 | Free((char *)ctx->dirs); | 221 | OPENSSL_free(ctx->dirs); |
| 228 | if (ctx->dirs_type != NULL) | 222 | if (ctx->dirs_type != NULL) |
| 229 | Free((char *)ctx->dirs_type); | 223 | OPENSSL_free(ctx->dirs_type); |
| 230 | ctx->dirs=pp; | 224 | ctx->dirs=pp; |
| 231 | ctx->dirs_type=ip; | 225 | ctx->dirs_type=ip; |
| 232 | } | 226 | } |
| 233 | ctx->dirs_type[ctx->num_dirs]=type; | 227 | ctx->dirs_type[ctx->num_dirs]=type; |
| 234 | ctx->dirs[ctx->num_dirs]=(char *)Malloc((unsigned int)len+1); | 228 | ctx->dirs[ctx->num_dirs]=(char *)OPENSSL_malloc((unsigned int)len+1); |
| 235 | if (ctx->dirs[ctx->num_dirs] == NULL) return(0); | 229 | if (ctx->dirs[ctx->num_dirs] == NULL) return(0); |
| 236 | strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); | 230 | strncpy(ctx->dirs[ctx->num_dirs],ss,(unsigned int)len); |
| 237 | ctx->dirs[ctx->num_dirs][len]='\0'; | 231 | ctx->dirs[ctx->num_dirs][len]='\0'; |
| @@ -243,11 +237,8 @@ int type; | |||
| 243 | return(1); | 237 | return(1); |
| 244 | } | 238 | } |
| 245 | 239 | ||
| 246 | static int get_cert_by_subject(xl,type,name,ret) | 240 | static int get_cert_by_subject(X509_LOOKUP *xl, int type, X509_NAME *name, |
| 247 | X509_LOOKUP *xl; | 241 | X509_OBJECT *ret) |
| 248 | int type; | ||
| 249 | X509_NAME *name; | ||
| 250 | X509_OBJECT *ret; | ||
| 251 | { | 242 | { |
| 252 | BY_DIR *ctx; | 243 | BY_DIR *ctx; |
| 253 | union { | 244 | union { |
| @@ -266,7 +257,7 @@ X509_OBJECT *ret; | |||
| 266 | BUF_MEM *b=NULL; | 257 | BUF_MEM *b=NULL; |
| 267 | struct stat st; | 258 | struct stat st; |
| 268 | X509_OBJECT stmp,*tmp; | 259 | X509_OBJECT stmp,*tmp; |
| 269 | char *postfix=""; | 260 | const char *postfix=""; |
| 270 | 261 | ||
| 271 | if (name == NULL) return(0); | 262 | if (name == NULL) return(0); |
| 272 | 263 | ||
| @@ -335,8 +326,9 @@ X509_OBJECT *ret; | |||
| 335 | /* we have added it to the cache so now pull | 326 | /* we have added it to the cache so now pull |
| 336 | * it out again */ | 327 | * it out again */ |
| 337 | CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); | 328 | CRYPTO_r_lock(CRYPTO_LOCK_X509_STORE); |
| 338 | tmp=(X509_OBJECT *)lh_retrieve(xl->store_ctx->certs, | 329 | j = sk_X509_OBJECT_find(xl->store_ctx->objs,&stmp); |
| 339 | (char *)&stmp); | 330 | if(j != -1) tmp=sk_X509_OBJECT_value(xl->store_ctx->objs,j); |
| 331 | else tmp = NULL; | ||
| 340 | CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); | 332 | CRYPTO_r_unlock(CRYPTO_LOCK_X509_STORE); |
| 341 | 333 | ||
| 342 | if (tmp != NULL) | 334 | if (tmp != NULL) |
diff --git a/src/lib/libcrypto/x509/by_file.c b/src/lib/libcrypto/x509/by_file.c index 09ebb9bf08..92e00d2d73 100644 --- a/src/lib/libcrypto/x509/by_file.c +++ b/src/lib/libcrypto/x509/by_file.c | |||
| @@ -59,24 +59,17 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <errno.h> | 61 | #include <errno.h> |
| 62 | #include <sys/types.h> | ||
| 63 | #include <sys/stat.h> | ||
| 64 | 62 | ||
| 65 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 66 | #include "lhash.h" | 64 | #include <openssl/lhash.h> |
| 67 | #include "buffer.h" | 65 | #include <openssl/buffer.h> |
| 68 | #include "x509.h" | 66 | #include <openssl/x509.h> |
| 69 | #include "pem.h" | 67 | #include <openssl/pem.h> |
| 70 | 68 | ||
| 71 | #ifndef NO_STDIO | 69 | #ifndef OPENSSL_NO_STDIO |
| 72 | |||
| 73 | #ifndef NOPROTO | ||
| 74 | static int by_file_ctrl(X509_LOOKUP *ctx,int cmd,char *argc, | ||
| 75 | long argl,char **ret); | ||
| 76 | #else | ||
| 77 | static int by_file_ctrl(); | ||
| 78 | #endif | ||
| 79 | 70 | ||
| 71 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, | ||
| 72 | long argl, char **ret); | ||
| 80 | X509_LOOKUP_METHOD x509_file_lookup= | 73 | X509_LOOKUP_METHOD x509_file_lookup= |
| 81 | { | 74 | { |
| 82 | "Load file into cache", | 75 | "Load file into cache", |
| @@ -91,19 +84,15 @@ X509_LOOKUP_METHOD x509_file_lookup= | |||
| 91 | NULL, /* get_by_alias */ | 84 | NULL, /* get_by_alias */ |
| 92 | }; | 85 | }; |
| 93 | 86 | ||
| 94 | X509_LOOKUP_METHOD *X509_LOOKUP_file() | 87 | X509_LOOKUP_METHOD *X509_LOOKUP_file(void) |
| 95 | { | 88 | { |
| 96 | return(&x509_file_lookup); | 89 | return(&x509_file_lookup); |
| 97 | } | 90 | } |
| 98 | 91 | ||
| 99 | static int by_file_ctrl(ctx,cmd,argp,argl,ret) | 92 | static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp, long argl, |
| 100 | X509_LOOKUP *ctx; | 93 | char **ret) |
| 101 | int cmd; | ||
| 102 | char *argp; | ||
| 103 | long argl; | ||
| 104 | char **ret; | ||
| 105 | { | 94 | { |
| 106 | int ok=0,ok2=0; | 95 | int ok=0; |
| 107 | char *file; | 96 | char *file; |
| 108 | 97 | ||
| 109 | switch (cmd) | 98 | switch (cmd) |
| @@ -111,37 +100,33 @@ char **ret; | |||
| 111 | case X509_L_FILE_LOAD: | 100 | case X509_L_FILE_LOAD: |
| 112 | if (argl == X509_FILETYPE_DEFAULT) | 101 | if (argl == X509_FILETYPE_DEFAULT) |
| 113 | { | 102 | { |
| 114 | ok=X509_load_cert_file(ctx,X509_get_default_cert_file(), | 103 | ok = (X509_load_cert_crl_file(ctx,X509_get_default_cert_file(), |
| 115 | X509_FILETYPE_PEM); | 104 | X509_FILETYPE_PEM) != 0); |
| 116 | ok2=X509_load_crl_file(ctx,X509_get_default_cert_file(), | 105 | if (!ok) |
| 117 | X509_FILETYPE_PEM); | ||
| 118 | if (!ok || !ok2) | ||
| 119 | { | 106 | { |
| 120 | X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); | 107 | X509err(X509_F_BY_FILE_CTRL,X509_R_LOADING_DEFAULTS); |
| 121 | } | 108 | } |
| 122 | else | 109 | else |
| 123 | { | 110 | { |
| 124 | file=(char *)Getenv(X509_get_default_cert_file_env()); | 111 | file=(char *)Getenv(X509_get_default_cert_file_env()); |
| 125 | ok=X509_load_cert_file(ctx,file, | 112 | ok = (X509_load_cert_crl_file(ctx,file, |
| 126 | X509_FILETYPE_PEM); | 113 | X509_FILETYPE_PEM) != 0); |
| 127 | ok2=X509_load_crl_file(ctx,file, | ||
| 128 | X509_FILETYPE_PEM); | ||
| 129 | } | 114 | } |
| 130 | } | 115 | } |
| 131 | else | 116 | else |
| 132 | { | 117 | { |
| 133 | ok=X509_load_cert_file(ctx,argp,(int)argl); | 118 | if(argl == X509_FILETYPE_PEM) |
| 134 | ok2=X509_load_crl_file(ctx,argp,(int)argl); | 119 | ok = (X509_load_cert_crl_file(ctx,argp, |
| 120 | X509_FILETYPE_PEM) != 0); | ||
| 121 | else | ||
| 122 | ok = (X509_load_cert_file(ctx,argp,(int)argl) != 0); | ||
| 135 | } | 123 | } |
| 136 | break; | 124 | break; |
| 137 | } | 125 | } |
| 138 | return((ok && ok2)?ok:0); | 126 | return(ok); |
| 139 | } | 127 | } |
| 140 | 128 | ||
| 141 | int X509_load_cert_file(ctx,file,type) | 129 | int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type) |
| 142 | X509_LOOKUP *ctx; | ||
| 143 | char *file; | ||
| 144 | int type; | ||
| 145 | { | 130 | { |
| 146 | int ret=0; | 131 | int ret=0; |
| 147 | BIO *in=NULL; | 132 | BIO *in=NULL; |
| @@ -161,7 +146,7 @@ int type; | |||
| 161 | { | 146 | { |
| 162 | for (;;) | 147 | for (;;) |
| 163 | { | 148 | { |
| 164 | x=PEM_read_bio_X509(in,NULL,NULL); | 149 | x=PEM_read_bio_X509_AUX(in,NULL,NULL,NULL); |
| 165 | if (x == NULL) | 150 | if (x == NULL) |
| 166 | { | 151 | { |
| 167 | if ((ERR_GET_REASON(ERR_peek_error()) == | 152 | if ((ERR_GET_REASON(ERR_peek_error()) == |
| @@ -208,10 +193,7 @@ err: | |||
| 208 | return(ret); | 193 | return(ret); |
| 209 | } | 194 | } |
| 210 | 195 | ||
| 211 | int X509_load_crl_file(ctx,file,type) | 196 | int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type) |
| 212 | X509_LOOKUP *ctx; | ||
| 213 | char *file; | ||
| 214 | int type; | ||
| 215 | { | 197 | { |
| 216 | int ret=0; | 198 | int ret=0; |
| 217 | BIO *in=NULL; | 199 | BIO *in=NULL; |
| @@ -231,7 +213,7 @@ int type; | |||
| 231 | { | 213 | { |
| 232 | for (;;) | 214 | for (;;) |
| 233 | { | 215 | { |
| 234 | x=PEM_read_bio_X509_CRL(in,NULL,NULL); | 216 | x=PEM_read_bio_X509_CRL(in,NULL,NULL,NULL); |
| 235 | if (x == NULL) | 217 | if (x == NULL) |
| 236 | { | 218 | { |
| 237 | if ((ERR_GET_REASON(ERR_peek_error()) == | 219 | if ((ERR_GET_REASON(ERR_peek_error()) == |
| @@ -278,5 +260,39 @@ err: | |||
| 278 | return(ret); | 260 | return(ret); |
| 279 | } | 261 | } |
| 280 | 262 | ||
| 281 | #endif /* NO_STDIO */ | 263 | int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type) |
| 264 | { | ||
| 265 | STACK_OF(X509_INFO) *inf; | ||
| 266 | X509_INFO *itmp; | ||
| 267 | BIO *in; | ||
| 268 | int i, count = 0; | ||
| 269 | if(type != X509_FILETYPE_PEM) | ||
| 270 | return X509_load_cert_file(ctx, file, type); | ||
| 271 | in = BIO_new_file(file, "r"); | ||
| 272 | if(!in) { | ||
| 273 | X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_SYS_LIB); | ||
| 274 | return 0; | ||
| 275 | } | ||
| 276 | inf = PEM_X509_INFO_read_bio(in, NULL, NULL, NULL); | ||
| 277 | BIO_free(in); | ||
| 278 | if(!inf) { | ||
| 279 | X509err(X509_F_X509_LOAD_CERT_CRL_FILE,ERR_R_PEM_LIB); | ||
| 280 | return 0; | ||
| 281 | } | ||
| 282 | for(i = 0; i < sk_X509_INFO_num(inf); i++) { | ||
| 283 | itmp = sk_X509_INFO_value(inf, i); | ||
| 284 | if(itmp->x509) { | ||
| 285 | X509_STORE_add_cert(ctx->store_ctx, itmp->x509); | ||
| 286 | count++; | ||
| 287 | } else if(itmp->crl) { | ||
| 288 | X509_STORE_add_crl(ctx->store_ctx, itmp->crl); | ||
| 289 | count++; | ||
| 290 | } | ||
| 291 | } | ||
| 292 | sk_X509_INFO_pop_free(inf, X509_INFO_free); | ||
| 293 | return count; | ||
| 294 | } | ||
| 295 | |||
| 296 | |||
| 297 | #endif /* OPENSSL_NO_STDIO */ | ||
| 282 | 298 | ||
diff --git a/src/lib/libcrypto/x509/x509.h b/src/lib/libcrypto/x509/x509.h index 95114f7c43..c75aa0c717 100644 --- a/src/lib/libcrypto/x509/x509.h +++ b/src/lib/libcrypto/x509/x509.h | |||
| @@ -59,32 +59,46 @@ | |||
| 59 | #ifndef HEADER_X509_H | 59 | #ifndef HEADER_X509_H |
| 60 | #define HEADER_X509_H | 60 | #define HEADER_X509_H |
| 61 | 61 | ||
| 62 | #ifdef __cplusplus | 62 | #include <openssl/symhacks.h> |
| 63 | extern "C" { | 63 | #ifndef OPENSSL_NO_BUFFER |
| 64 | #include <openssl/buffer.h> | ||
| 65 | #endif | ||
| 66 | #ifndef OPENSSL_NO_EVP | ||
| 67 | #include <openssl/evp.h> | ||
| 64 | #endif | 68 | #endif |
| 69 | #ifndef OPENSSL_NO_BIO | ||
| 70 | #include <openssl/bio.h> | ||
| 71 | #endif | ||
| 72 | #include <openssl/stack.h> | ||
| 73 | #include <openssl/asn1.h> | ||
| 74 | #include <openssl/safestack.h> | ||
| 65 | 75 | ||
| 66 | #include "stack.h" | 76 | #ifndef OPENSSL_NO_RSA |
| 67 | #include "asn1.h" | 77 | #include <openssl/rsa.h> |
| 78 | #endif | ||
| 68 | 79 | ||
| 69 | #ifndef NO_RSA | 80 | #ifndef OPENSSL_NO_DSA |
| 70 | #include "rsa.h" | 81 | #include <openssl/dsa.h> |
| 71 | #else | ||
| 72 | #define RSA long | ||
| 73 | #endif | 82 | #endif |
| 74 | 83 | ||
| 75 | #ifndef NO_DSA | 84 | #ifndef OPENSSL_NO_DH |
| 76 | #include "dsa.h" | 85 | #include <openssl/dh.h> |
| 77 | #else | 86 | #endif |
| 78 | #define DSA long | 87 | #ifndef OPENSSL_NO_SHA |
| 88 | #include <openssl/sha.h> | ||
| 79 | #endif | 89 | #endif |
| 90 | #include <openssl/evp.h> | ||
| 91 | #include <openssl/e_os2.h> | ||
| 92 | #include <openssl/ossl_typ.h> | ||
| 80 | 93 | ||
| 81 | #ifndef NO_DH | 94 | #ifdef __cplusplus |
| 82 | #include "dh.h" | 95 | extern "C" { |
| 83 | #else | ||
| 84 | #define DH long | ||
| 85 | #endif | 96 | #endif |
| 86 | 97 | ||
| 87 | #include "evp.h" | 98 | #ifdef OPENSSL_SYS_WIN32 |
| 99 | /* Under Win32 this is defined in wincrypt.h */ | ||
| 100 | #undef X509_NAME | ||
| 101 | #endif | ||
| 88 | 102 | ||
| 89 | #define X509_FILETYPE_PEM 1 | 103 | #define X509_FILETYPE_PEM 1 |
| 90 | #define X509_FILETYPE_ASN1 2 | 104 | #define X509_FILETYPE_ASN1 2 |
| @@ -108,23 +122,26 @@ typedef struct X509_objects_st | |||
| 108 | int (*i2a)(); | 122 | int (*i2a)(); |
| 109 | } X509_OBJECTS; | 123 | } X509_OBJECTS; |
| 110 | 124 | ||
| 111 | typedef struct X509_algor_st | 125 | struct X509_algor_st |
| 112 | { | 126 | { |
| 113 | ASN1_OBJECT *algorithm; | 127 | ASN1_OBJECT *algorithm; |
| 114 | ASN1_TYPE *parameter; | 128 | ASN1_TYPE *parameter; |
| 115 | } X509_ALGOR; | 129 | } /* X509_ALGOR */; |
| 130 | |||
| 131 | DECLARE_STACK_OF(X509_ALGOR) | ||
| 132 | DECLARE_ASN1_SET_OF(X509_ALGOR) | ||
| 116 | 133 | ||
| 117 | typedef struct X509_val_st | 134 | typedef struct X509_val_st |
| 118 | { | 135 | { |
| 119 | ASN1_UTCTIME *notBefore; | 136 | ASN1_TIME *notBefore; |
| 120 | ASN1_UTCTIME *notAfter; | 137 | ASN1_TIME *notAfter; |
| 121 | } X509_VAL; | 138 | } X509_VAL; |
| 122 | 139 | ||
| 123 | typedef struct X509_pubkey_st | 140 | typedef struct X509_pubkey_st |
| 124 | { | 141 | { |
| 125 | X509_ALGOR *algor; | 142 | X509_ALGOR *algor; |
| 126 | ASN1_BIT_STRING *public_key; | 143 | ASN1_BIT_STRING *public_key; |
| 127 | struct evp_pkey_st /* EVP_PKEY*/ *pkey; | 144 | EVP_PKEY *pkey; |
| 128 | } X509_PUBKEY; | 145 | } X509_PUBKEY; |
| 129 | 146 | ||
| 130 | typedef struct X509_sig_st | 147 | typedef struct X509_sig_st |
| @@ -141,58 +158,60 @@ typedef struct X509_name_entry_st | |||
| 141 | int size; /* temp variable */ | 158 | int size; /* temp variable */ |
| 142 | } X509_NAME_ENTRY; | 159 | } X509_NAME_ENTRY; |
| 143 | 160 | ||
| 161 | DECLARE_STACK_OF(X509_NAME_ENTRY) | ||
| 162 | DECLARE_ASN1_SET_OF(X509_NAME_ENTRY) | ||
| 163 | |||
| 144 | /* we always keep X509_NAMEs in 2 forms. */ | 164 | /* we always keep X509_NAMEs in 2 forms. */ |
| 145 | typedef struct X509_name_st | 165 | struct X509_name_st |
| 146 | { | 166 | { |
| 147 | STACK *entries; /* of X509_NAME_ENTRY */ | 167 | STACK_OF(X509_NAME_ENTRY) *entries; |
| 148 | int modified; /* true if 'bytes' needs to be built */ | 168 | int modified; /* true if 'bytes' needs to be built */ |
| 149 | #ifdef HEADER_BUFFER_H | 169 | #ifndef OPENSSL_NO_BUFFER |
| 150 | BUF_MEM *bytes; | 170 | BUF_MEM *bytes; |
| 151 | #else | 171 | #else |
| 152 | char *bytes; | 172 | char *bytes; |
| 153 | #endif | 173 | #endif |
| 154 | unsigned long hash; /* Keep the hash around for lookups */ | 174 | unsigned long hash; /* Keep the hash around for lookups */ |
| 155 | } X509_NAME; | 175 | } /* X509_NAME */; |
| 176 | |||
| 177 | DECLARE_STACK_OF(X509_NAME) | ||
| 156 | 178 | ||
| 157 | #define X509_EX_V_NETSCAPE_HACK 0x8000 | 179 | #define X509_EX_V_NETSCAPE_HACK 0x8000 |
| 158 | #define X509_EX_V_INIT 0x0001 | 180 | #define X509_EX_V_INIT 0x0001 |
| 159 | typedef struct X509_extension_st | 181 | typedef struct X509_extension_st |
| 160 | { | 182 | { |
| 161 | ASN1_OBJECT *object; | 183 | ASN1_OBJECT *object; |
| 162 | short critical; | 184 | ASN1_BOOLEAN critical; |
| 163 | short netscape_hack; | ||
| 164 | ASN1_OCTET_STRING *value; | 185 | ASN1_OCTET_STRING *value; |
| 165 | long argl; /* used when decoding */ | ||
| 166 | char *argp; /* used when decoding */ | ||
| 167 | void (*ex_free)(); /* clear argp stuff */ | ||
| 168 | } X509_EXTENSION; | 186 | } X509_EXTENSION; |
| 169 | 187 | ||
| 170 | /* #if 1 */ | 188 | DECLARE_STACK_OF(X509_EXTENSION) |
| 171 | typedef struct x509_extension_method_st | 189 | DECLARE_ASN1_SET_OF(X509_EXTENSION) |
| 190 | |||
| 191 | /* a sequence of these are used */ | ||
| 192 | typedef struct x509_attributes_st | ||
| 172 | { | 193 | { |
| 173 | int nid; | 194 | ASN1_OBJECT *object; |
| 174 | int data_type; | 195 | int single; /* 0 for a set, 1 for a single item (which is wrong) */ |
| 175 | int pack_type; | 196 | union { |
| 176 | void (*ex_clear)(); | 197 | char *ptr; |
| 177 | int (*ex_get_bool)(); | 198 | /* 0 */ STACK_OF(ASN1_TYPE) *set; |
| 178 | int (*ex_set_bool)(); | 199 | /* 1 */ ASN1_TYPE *single; |
| 179 | int (*ex_get_str)(); | 200 | } value; |
| 180 | int (*ex_set_str)(); | 201 | } X509_ATTRIBUTE; |
| 181 | char *(*ex_get_struct)(); | 202 | |
| 182 | int (*ex_set_struct)(); | 203 | DECLARE_STACK_OF(X509_ATTRIBUTE) |
| 183 | int (*a2i)(); | 204 | DECLARE_ASN1_SET_OF(X509_ATTRIBUTE) |
| 184 | int (*i2a)(); | 205 | |
| 185 | } X509_EXTENSION_METHOD; | ||
| 186 | /* #endif */ | ||
| 187 | 206 | ||
| 188 | typedef struct X509_req_info_st | 207 | typedef struct X509_req_info_st |
| 189 | { | 208 | { |
| 209 | ASN1_ENCODING enc; | ||
| 190 | ASN1_INTEGER *version; | 210 | ASN1_INTEGER *version; |
| 191 | X509_NAME *subject; | 211 | X509_NAME *subject; |
| 192 | X509_PUBKEY *pubkey; | 212 | X509_PUBKEY *pubkey; |
| 193 | /* d=2 hl=2 l= 0 cons: cont: 00 */ | 213 | /* d=2 hl=2 l= 0 cons: cont: 00 */ |
| 194 | STACK /* X509_ATTRIBUTE */ *attributes; /* [ 0 ] */ | 214 | STACK_OF(X509_ATTRIBUTE) *attributes; /* [ 0 ] */ |
| 195 | int req_kludge; | ||
| 196 | } X509_REQ_INFO; | 215 | } X509_REQ_INFO; |
| 197 | 216 | ||
| 198 | typedef struct X509_req_st | 217 | typedef struct X509_req_st |
| @@ -214,10 +233,25 @@ typedef struct x509_cinf_st | |||
| 214 | X509_PUBKEY *key; | 233 | X509_PUBKEY *key; |
| 215 | ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ | 234 | ASN1_BIT_STRING *issuerUID; /* [ 1 ] optional in v2 */ |
| 216 | ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ | 235 | ASN1_BIT_STRING *subjectUID; /* [ 2 ] optional in v2 */ |
| 217 | STACK /* X509_EXTENSION */ *extensions; /* [ 3 ] optional in v3 */ | 236 | STACK_OF(X509_EXTENSION) *extensions; /* [ 3 ] optional in v3 */ |
| 218 | } X509_CINF; | 237 | } X509_CINF; |
| 219 | 238 | ||
| 220 | typedef struct x509_st | 239 | /* This stuff is certificate "auxiliary info" |
| 240 | * it contains details which are useful in certificate | ||
| 241 | * stores and databases. When used this is tagged onto | ||
| 242 | * the end of the certificate itself | ||
| 243 | */ | ||
| 244 | |||
| 245 | typedef struct x509_cert_aux_st | ||
| 246 | { | ||
| 247 | STACK_OF(ASN1_OBJECT) *trust; /* trusted uses */ | ||
| 248 | STACK_OF(ASN1_OBJECT) *reject; /* rejected uses */ | ||
| 249 | ASN1_UTF8STRING *alias; /* "friendly name" */ | ||
| 250 | ASN1_OCTET_STRING *keyid; /* key id of private key */ | ||
| 251 | STACK_OF(X509_ALGOR) *other; /* other unspecified info */ | ||
| 252 | } X509_CERT_AUX; | ||
| 253 | |||
| 254 | struct x509_st | ||
| 221 | { | 255 | { |
| 222 | X509_CINF *cert_info; | 256 | X509_CINF *cert_info; |
| 223 | X509_ALGOR *sig_alg; | 257 | X509_ALGOR *sig_alg; |
| @@ -225,47 +259,170 @@ typedef struct x509_st | |||
| 225 | int valid; | 259 | int valid; |
| 226 | int references; | 260 | int references; |
| 227 | char *name; | 261 | char *name; |
| 228 | } X509; | 262 | CRYPTO_EX_DATA ex_data; |
| 263 | /* These contain copies of various extension values */ | ||
| 264 | long ex_pathlen; | ||
| 265 | unsigned long ex_flags; | ||
| 266 | unsigned long ex_kusage; | ||
| 267 | unsigned long ex_xkusage; | ||
| 268 | unsigned long ex_nscert; | ||
| 269 | ASN1_OCTET_STRING *skid; | ||
| 270 | struct AUTHORITY_KEYID_st *akid; | ||
| 271 | #ifndef OPENSSL_NO_SHA | ||
| 272 | unsigned char sha1_hash[SHA_DIGEST_LENGTH]; | ||
| 273 | #endif | ||
| 274 | X509_CERT_AUX *aux; | ||
| 275 | } /* X509 */; | ||
| 276 | |||
| 277 | DECLARE_STACK_OF(X509) | ||
| 278 | DECLARE_ASN1_SET_OF(X509) | ||
| 279 | |||
| 280 | /* This is used for a table of trust checking functions */ | ||
| 281 | |||
| 282 | typedef struct x509_trust_st { | ||
| 283 | int trust; | ||
| 284 | int flags; | ||
| 285 | int (*check_trust)(struct x509_trust_st *, X509 *, int); | ||
| 286 | char *name; | ||
| 287 | int arg1; | ||
| 288 | void *arg2; | ||
| 289 | } X509_TRUST; | ||
| 290 | |||
| 291 | DECLARE_STACK_OF(X509_TRUST) | ||
| 292 | |||
| 293 | /* standard trust ids */ | ||
| 294 | |||
| 295 | #define X509_TRUST_DEFAULT -1 /* Only valid in purpose settings */ | ||
| 296 | |||
| 297 | #define X509_TRUST_COMPAT 1 | ||
| 298 | #define X509_TRUST_SSL_CLIENT 2 | ||
| 299 | #define X509_TRUST_SSL_SERVER 3 | ||
| 300 | #define X509_TRUST_EMAIL 4 | ||
| 301 | #define X509_TRUST_OBJECT_SIGN 5 | ||
| 302 | #define X509_TRUST_OCSP_SIGN 6 | ||
| 303 | #define X509_TRUST_OCSP_REQUEST 7 | ||
| 304 | |||
| 305 | /* Keep these up to date! */ | ||
| 306 | #define X509_TRUST_MIN 1 | ||
| 307 | #define X509_TRUST_MAX 7 | ||
| 308 | |||
| 309 | |||
| 310 | /* trust_flags values */ | ||
| 311 | #define X509_TRUST_DYNAMIC 1 | ||
| 312 | #define X509_TRUST_DYNAMIC_NAME 2 | ||
| 313 | |||
| 314 | /* check_trust return codes */ | ||
| 315 | |||
| 316 | #define X509_TRUST_TRUSTED 1 | ||
| 317 | #define X509_TRUST_REJECTED 2 | ||
| 318 | #define X509_TRUST_UNTRUSTED 3 | ||
| 319 | |||
| 320 | /* Flags for X509_print_ex() */ | ||
| 321 | |||
| 322 | #define X509_FLAG_COMPAT 0 | ||
| 323 | #define X509_FLAG_NO_HEADER 1L | ||
| 324 | #define X509_FLAG_NO_VERSION (1L << 1) | ||
| 325 | #define X509_FLAG_NO_SERIAL (1L << 2) | ||
| 326 | #define X509_FLAG_NO_SIGNAME (1L << 3) | ||
| 327 | #define X509_FLAG_NO_ISSUER (1L << 4) | ||
| 328 | #define X509_FLAG_NO_VALIDITY (1L << 5) | ||
| 329 | #define X509_FLAG_NO_SUBJECT (1L << 6) | ||
| 330 | #define X509_FLAG_NO_PUBKEY (1L << 7) | ||
| 331 | #define X509_FLAG_NO_EXTENSIONS (1L << 8) | ||
| 332 | #define X509_FLAG_NO_SIGDUMP (1L << 9) | ||
| 333 | #define X509_FLAG_NO_AUX (1L << 10) | ||
| 334 | |||
| 335 | /* Flags specific to X509_NAME_print_ex() */ | ||
| 336 | |||
| 337 | /* The field separator information */ | ||
| 338 | |||
| 339 | #define XN_FLAG_SEP_MASK (0xf << 16) | ||
| 340 | |||
| 341 | #define XN_FLAG_COMPAT 0 /* Traditional SSLeay: use old X509_NAME_print */ | ||
| 342 | #define XN_FLAG_SEP_COMMA_PLUS (1 << 16) /* RFC2253 ,+ */ | ||
| 343 | #define XN_FLAG_SEP_CPLUS_SPC (2 << 16) /* ,+ spaced: more readable */ | ||
| 344 | #define XN_FLAG_SEP_SPLUS_SPC (3 << 16) /* ;+ spaced */ | ||
| 345 | #define XN_FLAG_SEP_MULTILINE (4 << 16) /* One line per field */ | ||
| 346 | |||
| 347 | #define XN_FLAG_DN_REV (1 << 20) /* Reverse DN order */ | ||
| 348 | |||
| 349 | /* How the field name is shown */ | ||
| 350 | |||
| 351 | #define XN_FLAG_FN_MASK (0x3 << 21) | ||
| 352 | |||
| 353 | #define XN_FLAG_FN_SN 0 /* Object short name */ | ||
| 354 | #define XN_FLAG_FN_LN (1 << 21) /* Object long name */ | ||
| 355 | #define XN_FLAG_FN_OID (2 << 21) /* Always use OIDs */ | ||
| 356 | #define XN_FLAG_FN_NONE (3 << 21) /* No field names */ | ||
| 357 | |||
| 358 | #define XN_FLAG_SPC_EQ (1 << 23) /* Put spaces round '=' */ | ||
| 359 | |||
| 360 | /* This determines if we dump fields we don't recognise: | ||
| 361 | * RFC2253 requires this. | ||
| 362 | */ | ||
| 363 | |||
| 364 | #define XN_FLAG_DUMP_UNKNOWN_FIELDS (1 << 24) | ||
| 365 | |||
| 366 | #define XN_FLAG_FN_ALIGN (1 << 25) /* Align field names to 20 characters */ | ||
| 367 | |||
| 368 | /* Complete set of RFC2253 flags */ | ||
| 369 | |||
| 370 | #define XN_FLAG_RFC2253 (ASN1_STRFLGS_RFC2253 | \ | ||
| 371 | XN_FLAG_SEP_COMMA_PLUS | \ | ||
| 372 | XN_FLAG_DN_REV | \ | ||
| 373 | XN_FLAG_FN_SN | \ | ||
| 374 | XN_FLAG_DUMP_UNKNOWN_FIELDS) | ||
| 375 | |||
| 376 | /* readable oneline form */ | ||
| 377 | |||
| 378 | #define XN_FLAG_ONELINE (ASN1_STRFLGS_RFC2253 | \ | ||
| 379 | ASN1_STRFLGS_ESC_QUOTE | \ | ||
| 380 | XN_FLAG_SEP_CPLUS_SPC | \ | ||
| 381 | XN_FLAG_SPC_EQ | \ | ||
| 382 | XN_FLAG_FN_SN) | ||
| 383 | |||
| 384 | /* readable multiline form */ | ||
| 385 | |||
| 386 | #define XN_FLAG_MULTILINE (ASN1_STRFLGS_ESC_CTRL | \ | ||
| 387 | ASN1_STRFLGS_ESC_MSB | \ | ||
| 388 | XN_FLAG_SEP_MULTILINE | \ | ||
| 389 | XN_FLAG_SPC_EQ | \ | ||
| 390 | XN_FLAG_FN_LN | \ | ||
| 391 | XN_FLAG_FN_ALIGN) | ||
| 229 | 392 | ||
| 230 | typedef struct X509_revoked_st | 393 | typedef struct X509_revoked_st |
| 231 | { | 394 | { |
| 232 | ASN1_INTEGER *serialNumber; | 395 | ASN1_INTEGER *serialNumber; |
| 233 | ASN1_UTCTIME *revocationDate; | 396 | ASN1_TIME *revocationDate; |
| 234 | STACK /* optional X509_EXTENSION */ *extensions; | 397 | STACK_OF(X509_EXTENSION) /* optional */ *extensions; |
| 235 | int sequence; /* load sequence */ | 398 | int sequence; /* load sequence */ |
| 236 | } X509_REVOKED; | 399 | } X509_REVOKED; |
| 237 | 400 | ||
| 401 | DECLARE_STACK_OF(X509_REVOKED) | ||
| 402 | DECLARE_ASN1_SET_OF(X509_REVOKED) | ||
| 403 | |||
| 238 | typedef struct X509_crl_info_st | 404 | typedef struct X509_crl_info_st |
| 239 | { | 405 | { |
| 240 | ASN1_INTEGER *version; | 406 | ASN1_INTEGER *version; |
| 241 | X509_ALGOR *sig_alg; | 407 | X509_ALGOR *sig_alg; |
| 242 | X509_NAME *issuer; | 408 | X509_NAME *issuer; |
| 243 | ASN1_UTCTIME *lastUpdate; | 409 | ASN1_TIME *lastUpdate; |
| 244 | ASN1_UTCTIME *nextUpdate; | 410 | ASN1_TIME *nextUpdate; |
| 245 | STACK /* X509_REVOKED */ *revoked; | 411 | STACK_OF(X509_REVOKED) *revoked; |
| 246 | STACK /* [0] X509_EXTENSION */ *extensions; | 412 | STACK_OF(X509_EXTENSION) /* [0] */ *extensions; |
| 247 | } X509_CRL_INFO; | 413 | } X509_CRL_INFO; |
| 248 | 414 | ||
| 249 | typedef struct X509_crl_st | 415 | struct X509_crl_st |
| 250 | { | 416 | { |
| 251 | /* actual signature */ | 417 | /* actual signature */ |
| 252 | X509_CRL_INFO *crl; | 418 | X509_CRL_INFO *crl; |
| 253 | X509_ALGOR *sig_alg; | 419 | X509_ALGOR *sig_alg; |
| 254 | ASN1_BIT_STRING *signature; | 420 | ASN1_BIT_STRING *signature; |
| 255 | int references; | 421 | int references; |
| 256 | } X509_CRL; | 422 | } /* X509_CRL */; |
| 257 | 423 | ||
| 258 | /* a sequence of these are used */ | 424 | DECLARE_STACK_OF(X509_CRL) |
| 259 | typedef struct x509_attributes_st | 425 | DECLARE_ASN1_SET_OF(X509_CRL) |
| 260 | { | ||
| 261 | ASN1_OBJECT *object; | ||
| 262 | int set; /* 1 for a set, 0 for a single item (which is wrong) */ | ||
| 263 | union { | ||
| 264 | char *ptr; | ||
| 265 | /* 1 */ STACK /* ASN1_TYPE */ *set; | ||
| 266 | /* 0 */ ASN1_TYPE *single; | ||
| 267 | } value; | ||
| 268 | } X509_ATTRIBUTE; | ||
| 269 | 426 | ||
| 270 | typedef struct private_key_st | 427 | typedef struct private_key_st |
| 271 | { | 428 | { |
| @@ -288,7 +445,7 @@ typedef struct private_key_st | |||
| 288 | int references; | 445 | int references; |
| 289 | } X509_PKEY; | 446 | } X509_PKEY; |
| 290 | 447 | ||
| 291 | #ifdef HEADER_ENVELOPE_H | 448 | #ifndef OPENSSL_NO_EVP |
| 292 | typedef struct X509_info_st | 449 | typedef struct X509_info_st |
| 293 | { | 450 | { |
| 294 | X509 *x509; | 451 | X509 *x509; |
| @@ -301,11 +458,13 @@ typedef struct X509_info_st | |||
| 301 | 458 | ||
| 302 | int references; | 459 | int references; |
| 303 | } X509_INFO; | 460 | } X509_INFO; |
| 461 | |||
| 462 | DECLARE_STACK_OF(X509_INFO) | ||
| 304 | #endif | 463 | #endif |
| 305 | 464 | ||
| 306 | /* The next 2 structures and their 8 routines were sent to me by | 465 | /* The next 2 structures and their 8 routines were sent to me by |
| 307 | * Pat Richard <patr@x509.com> and are used to manipulate | 466 | * Pat Richard <patr@x509.com> and are used to manipulate |
| 308 | * Netscapes spki strucutres - usefull if you are writing a CA web page | 467 | * Netscapes spki structures - useful if you are writing a CA web page |
| 309 | */ | 468 | */ |
| 310 | typedef struct Netscape_spkac_st | 469 | typedef struct Netscape_spkac_st |
| 311 | { | 470 | { |
| @@ -320,17 +479,65 @@ typedef struct Netscape_spki_st | |||
| 320 | ASN1_BIT_STRING *signature; | 479 | ASN1_BIT_STRING *signature; |
| 321 | } NETSCAPE_SPKI; | 480 | } NETSCAPE_SPKI; |
| 322 | 481 | ||
| 323 | #ifndef HEADER_BN_H | 482 | /* Netscape certificate sequence structure */ |
| 324 | #define BIGNUM char | 483 | typedef struct Netscape_certificate_sequence |
| 325 | #endif | 484 | { |
| 485 | ASN1_OBJECT *type; | ||
| 486 | STACK_OF(X509) *certs; | ||
| 487 | } NETSCAPE_CERT_SEQUENCE; | ||
| 326 | 488 | ||
| 327 | typedef struct CBCParameter_st | 489 | typedef struct CBCParameter_st |
| 328 | { | 490 | { |
| 329 | unsigned char iv[8]; | 491 | unsigned char iv[8]; |
| 330 | } CBC_PARAM; | 492 | } CBC_PARAM; |
| 331 | 493 | ||
| 332 | #include "x509_vfy.h" | 494 | /* Password based encryption structure */ |
| 333 | #include "pkcs7.h" | 495 | |
| 496 | typedef struct PBEPARAM_st { | ||
| 497 | ASN1_OCTET_STRING *salt; | ||
| 498 | ASN1_INTEGER *iter; | ||
| 499 | } PBEPARAM; | ||
| 500 | |||
| 501 | /* Password based encryption V2 structures */ | ||
| 502 | |||
| 503 | typedef struct PBE2PARAM_st { | ||
| 504 | X509_ALGOR *keyfunc; | ||
| 505 | X509_ALGOR *encryption; | ||
| 506 | } PBE2PARAM; | ||
| 507 | |||
| 508 | typedef struct PBKDF2PARAM_st { | ||
| 509 | ASN1_TYPE *salt; /* Usually OCTET STRING but could be anything */ | ||
| 510 | ASN1_INTEGER *iter; | ||
| 511 | ASN1_INTEGER *keylength; | ||
| 512 | X509_ALGOR *prf; | ||
| 513 | } PBKDF2PARAM; | ||
| 514 | |||
| 515 | |||
| 516 | /* PKCS#8 private key info structure */ | ||
| 517 | |||
| 518 | typedef struct pkcs8_priv_key_info_st | ||
| 519 | { | ||
| 520 | int broken; /* Flag for various broken formats */ | ||
| 521 | #define PKCS8_OK 0 | ||
| 522 | #define PKCS8_NO_OCTET 1 | ||
| 523 | #define PKCS8_EMBEDDED_PARAM 2 | ||
| 524 | #define PKCS8_NS_DB 3 | ||
| 525 | ASN1_INTEGER *version; | ||
| 526 | X509_ALGOR *pkeyalg; | ||
| 527 | ASN1_TYPE *pkey; /* Should be OCTET STRING but some are broken */ | ||
| 528 | STACK_OF(X509_ATTRIBUTE) *attributes; | ||
| 529 | } PKCS8_PRIV_KEY_INFO; | ||
| 530 | |||
| 531 | #ifdef __cplusplus | ||
| 532 | } | ||
| 533 | #endif | ||
| 534 | |||
| 535 | #include <openssl/x509_vfy.h> | ||
| 536 | #include <openssl/pkcs7.h> | ||
| 537 | |||
| 538 | #ifdef __cplusplus | ||
| 539 | extern "C" { | ||
| 540 | #endif | ||
| 334 | 541 | ||
| 335 | #ifdef SSLEAY_MACROS | 542 | #ifdef SSLEAY_MACROS |
| 336 | #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ | 543 | #define X509_verify(a,r) ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg,\ |
| @@ -355,6 +562,9 @@ typedef struct CBCParameter_st | |||
| 355 | 562 | ||
| 356 | #define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ | 563 | #define X509_dup(x509) (X509 *)ASN1_dup((int (*)())i2d_X509, \ |
| 357 | (char *(*)())d2i_X509,(char *)x509) | 564 | (char *(*)())d2i_X509,(char *)x509) |
| 565 | #define X509_ATTRIBUTE_dup(xa) (X509_ATTRIBUTE *)ASN1_dup(\ | ||
| 566 | (int (*)())i2d_X509_ATTRIBUTE, \ | ||
| 567 | (char *(*)())d2i_X509_ATTRIBUTE,(char *)xa) | ||
| 358 | #define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ | 568 | #define X509_EXTENSION_dup(ex) (X509_EXTENSION *)ASN1_dup( \ |
| 359 | (int (*)())i2d_X509_EXTENSION, \ | 569 | (int (*)())i2d_X509_EXTENSION, \ |
| 360 | (char *(*)())d2i_X509_EXTENSION,(char *)ex) | 570 | (char *(*)())d2i_X509_EXTENSION,(char *)ex) |
| @@ -442,6 +652,9 @@ typedef struct CBCParameter_st | |||
| 442 | #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ | 652 | #define i2d_DSAPrivateKey_bio(bp,dsa) ASN1_i2d_bio(i2d_DSAPrivateKey,bp, \ |
| 443 | (unsigned char *)dsa) | 653 | (unsigned char *)dsa) |
| 444 | 654 | ||
| 655 | #define X509_ALGOR_dup(xn) (X509_ALGOR *)ASN1_dup((int (*)())i2d_X509_ALGOR,\ | ||
| 656 | (char *(*)())d2i_X509_ALGOR,(char *)xn) | ||
| 657 | |||
| 445 | #define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ | 658 | #define X509_NAME_dup(xn) (X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, \ |
| 446 | (char *(*)())d2i_X509_NAME,(char *)xn) | 659 | (char *(*)())d2i_X509_NAME,(char *)xn) |
| 447 | #define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ | 660 | #define X509_NAME_ENTRY_dup(ne) (X509_NAME_ENTRY *)ASN1_dup( \ |
| @@ -453,10 +666,12 @@ typedef struct CBCParameter_st | |||
| 453 | ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) | 666 | ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len) |
| 454 | #define X509_NAME_digest(data,type,md,len) \ | 667 | #define X509_NAME_digest(data,type,md,len) \ |
| 455 | ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) | 668 | ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len) |
| 669 | #ifndef PKCS7_ISSUER_AND_SERIAL_digest | ||
| 456 | #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ | 670 | #define PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) \ |
| 457 | ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ | 671 | ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type,\ |
| 458 | (char *)data,md,len) | 672 | (char *)data,md,len) |
| 459 | #endif | 673 | #endif |
| 674 | #endif | ||
| 460 | 675 | ||
| 461 | #define X509_EXT_PACK_UNKNOWN 1 | 676 | #define X509_EXT_PACK_UNKNOWN 1 |
| 462 | #define X509_EXT_PACK_STRING 2 | 677 | #define X509_EXT_PACK_STRING 2 |
| @@ -472,193 +687,225 @@ typedef struct CBCParameter_st | |||
| 472 | #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) | 687 | #define X509_name_cmp(a,b) X509_NAME_cmp((a),(b)) |
| 473 | #define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) | 688 | #define X509_get_signature_type(x) EVP_PKEY_type(OBJ_obj2nid((x)->sig_alg->algorithm)) |
| 474 | 689 | ||
| 690 | #define X509_CRL_get_version(x) ASN1_INTEGER_get((x)->crl->version) | ||
| 691 | #define X509_CRL_get_lastUpdate(x) ((x)->crl->lastUpdate) | ||
| 692 | #define X509_CRL_get_nextUpdate(x) ((x)->crl->nextUpdate) | ||
| 693 | #define X509_CRL_get_issuer(x) ((x)->crl->issuer) | ||
| 694 | #define X509_CRL_get_REVOKED(x) ((x)->crl->revoked) | ||
| 695 | |||
| 475 | /* This one is only used so that a binary form can output, as in | 696 | /* This one is only used so that a binary form can output, as in |
| 476 | * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ | 697 | * i2d_X509_NAME(X509_get_X509_PUBKEY(x),&buf) */ |
| 477 | #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) | 698 | #define X509_get_X509_PUBKEY(x) ((x)->cert_info->key) |
| 478 | 699 | ||
| 479 | #ifndef NOPROTO | 700 | |
| 701 | const char *X509_verify_cert_error_string(long n); | ||
| 480 | 702 | ||
| 481 | #ifndef SSLEAY_MACROS | 703 | #ifndef SSLEAY_MACROS |
| 482 | #ifdef HEADER_ENVELOPE_H | 704 | #ifndef OPENSSL_NO_EVP |
| 483 | int X509_verify(X509 *a, EVP_PKEY *r); | 705 | int X509_verify(X509 *a, EVP_PKEY *r); |
| 484 | char *X509_verify_cert_error_string(long n); | ||
| 485 | 706 | ||
| 486 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); | 707 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r); |
| 487 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); | 708 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r); |
| 488 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); | 709 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r); |
| 489 | 710 | ||
| 490 | int X509_sign(X509 *x, EVP_PKEY *pkey, EVP_MD *md); | 711 | NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len); |
| 491 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, EVP_MD *md); | 712 | char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *x); |
| 492 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, EVP_MD *md); | 713 | EVP_PKEY *NETSCAPE_SPKI_get_pubkey(NETSCAPE_SPKI *x); |
| 493 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, EVP_MD *md); | 714 | int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey); |
| 494 | 715 | ||
| 495 | int X509_digest(X509 *data,EVP_MD *type,unsigned char *md,unsigned int *len); | 716 | int NETSCAPE_SPKI_print(BIO *out, NETSCAPE_SPKI *spki); |
| 496 | int X509_NAME_digest(X509_NAME *data,EVP_MD *type, | 717 | |
| 497 | unsigned char *md,unsigned int *len); | 718 | int X509_signature_print(BIO *bp,X509_ALGOR *alg, ASN1_STRING *sig); |
| 719 | |||
| 720 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 721 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 722 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 723 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md); | ||
| 724 | |||
| 725 | int X509_pubkey_digest(const X509 *data,const EVP_MD *type, | ||
| 726 | unsigned char *md, unsigned int *len); | ||
| 727 | int X509_digest(const X509 *data,const EVP_MD *type, | ||
| 728 | unsigned char *md, unsigned int *len); | ||
| 729 | int X509_CRL_digest(const X509_CRL *data,const EVP_MD *type, | ||
| 730 | unsigned char *md, unsigned int *len); | ||
| 731 | int X509_REQ_digest(const X509_REQ *data,const EVP_MD *type, | ||
| 732 | unsigned char *md, unsigned int *len); | ||
| 733 | int X509_NAME_digest(const X509_NAME *data,const EVP_MD *type, | ||
| 734 | unsigned char *md, unsigned int *len); | ||
| 498 | #endif | 735 | #endif |
| 499 | 736 | ||
| 500 | #ifndef NO_FP_API | 737 | #ifndef OPENSSL_NO_FP_API |
| 501 | X509 *d2i_X509_fp(FILE *fp, X509 *x509); | 738 | X509 *d2i_X509_fp(FILE *fp, X509 **x509); |
| 502 | int i2d_X509_fp(FILE *fp,X509 *x509); | 739 | int i2d_X509_fp(FILE *fp,X509 *x509); |
| 503 | X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL *crl); | 740 | X509_CRL *d2i_X509_CRL_fp(FILE *fp,X509_CRL **crl); |
| 504 | int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); | 741 | int i2d_X509_CRL_fp(FILE *fp,X509_CRL *crl); |
| 505 | X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ *req); | 742 | X509_REQ *d2i_X509_REQ_fp(FILE *fp,X509_REQ **req); |
| 506 | int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); | 743 | int i2d_X509_REQ_fp(FILE *fp,X509_REQ *req); |
| 507 | RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA *rsa); | 744 | #ifndef OPENSSL_NO_RSA |
| 745 | RSA *d2i_RSAPrivateKey_fp(FILE *fp,RSA **rsa); | ||
| 508 | int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); | 746 | int i2d_RSAPrivateKey_fp(FILE *fp,RSA *rsa); |
| 509 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA *dsa); | 747 | RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA **rsa); |
| 510 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); | ||
| 511 | RSA *d2i_RSAPublicKey_fp(FILE *fp,RSA *rsa); | ||
| 512 | int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); | 748 | int i2d_RSAPublicKey_fp(FILE *fp,RSA *rsa); |
| 749 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp,RSA **rsa); | ||
| 750 | int i2d_RSA_PUBKEY_fp(FILE *fp,RSA *rsa); | ||
| 751 | #endif | ||
| 752 | #ifndef OPENSSL_NO_DSA | ||
| 753 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa); | ||
| 754 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa); | ||
| 755 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa); | ||
| 756 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa); | ||
| 757 | #endif | ||
| 758 | X509_SIG *d2i_PKCS8_fp(FILE *fp,X509_SIG **p8); | ||
| 759 | int i2d_PKCS8_fp(FILE *fp,X509_SIG *p8); | ||
| 760 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | ||
| 761 | PKCS8_PRIV_KEY_INFO **p8inf); | ||
| 762 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp,PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 763 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key); | ||
| 764 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey); | ||
| 765 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a); | ||
| 766 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey); | ||
| 767 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a); | ||
| 513 | #endif | 768 | #endif |
| 514 | 769 | ||
| 515 | #ifdef HEADER_BIO_H | 770 | #ifndef OPENSSL_NO_BIO |
| 516 | X509 *d2i_X509_bio(BIO *bp,X509 *x509); | 771 | X509 *d2i_X509_bio(BIO *bp,X509 **x509); |
| 517 | int i2d_X509_bio(BIO *bp,X509 *x509); | 772 | int i2d_X509_bio(BIO *bp,X509 *x509); |
| 518 | X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL *crl); | 773 | X509_CRL *d2i_X509_CRL_bio(BIO *bp,X509_CRL **crl); |
| 519 | int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); | 774 | int i2d_X509_CRL_bio(BIO *bp,X509_CRL *crl); |
| 520 | X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ *req); | 775 | X509_REQ *d2i_X509_REQ_bio(BIO *bp,X509_REQ **req); |
| 521 | int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); | 776 | int i2d_X509_REQ_bio(BIO *bp,X509_REQ *req); |
| 522 | RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA *rsa); | 777 | #ifndef OPENSSL_NO_RSA |
| 778 | RSA *d2i_RSAPrivateKey_bio(BIO *bp,RSA **rsa); | ||
| 523 | int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); | 779 | int i2d_RSAPrivateKey_bio(BIO *bp,RSA *rsa); |
| 524 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA *dsa); | 780 | RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA **rsa); |
| 525 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); | ||
| 526 | RSA *d2i_RSAPublicKey_bio(BIO *bp,RSA *rsa); | ||
| 527 | int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); | 781 | int i2d_RSAPublicKey_bio(BIO *bp,RSA *rsa); |
| 782 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp,RSA **rsa); | ||
| 783 | int i2d_RSA_PUBKEY_bio(BIO *bp,RSA *rsa); | ||
| 784 | #endif | ||
| 785 | #ifndef OPENSSL_NO_DSA | ||
| 786 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa); | ||
| 787 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa); | ||
| 788 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa); | ||
| 789 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa); | ||
| 790 | #endif | ||
| 791 | X509_SIG *d2i_PKCS8_bio(BIO *bp,X509_SIG **p8); | ||
| 792 | int i2d_PKCS8_bio(BIO *bp,X509_SIG *p8); | ||
| 793 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | ||
| 794 | PKCS8_PRIV_KEY_INFO **p8inf); | ||
| 795 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp,PKCS8_PRIV_KEY_INFO *p8inf); | ||
| 796 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key); | ||
| 797 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey); | ||
| 798 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a); | ||
| 799 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey); | ||
| 800 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a); | ||
| 528 | #endif | 801 | #endif |
| 529 | 802 | ||
| 530 | X509 *X509_dup(X509 *x509); | 803 | X509 *X509_dup(X509 *x509); |
| 804 | X509_ATTRIBUTE *X509_ATTRIBUTE_dup(X509_ATTRIBUTE *xa); | ||
| 531 | X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); | 805 | X509_EXTENSION *X509_EXTENSION_dup(X509_EXTENSION *ex); |
| 532 | X509_CRL *X509_CRL_dup(X509_CRL *crl); | 806 | X509_CRL *X509_CRL_dup(X509_CRL *crl); |
| 533 | X509_REQ *X509_REQ_dup(X509_REQ *req); | 807 | X509_REQ *X509_REQ_dup(X509_REQ *req); |
| 808 | X509_ALGOR *X509_ALGOR_dup(X509_ALGOR *xn); | ||
| 534 | X509_NAME *X509_NAME_dup(X509_NAME *xn); | 809 | X509_NAME *X509_NAME_dup(X509_NAME *xn); |
| 535 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); | 810 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(X509_NAME_ENTRY *ne); |
| 811 | #ifndef OPENSSL_NO_RSA | ||
| 536 | RSA *RSAPublicKey_dup(RSA *rsa); | 812 | RSA *RSAPublicKey_dup(RSA *rsa); |
| 537 | RSA *RSAPrivateKey_dup(RSA *rsa); | 813 | RSA *RSAPrivateKey_dup(RSA *rsa); |
| 814 | #endif | ||
| 538 | 815 | ||
| 539 | #endif /* !SSLEAY_MACROS */ | 816 | #endif /* !SSLEAY_MACROS */ |
| 540 | 817 | ||
| 541 | int X509_cmp_current_time(ASN1_UTCTIME *s); | 818 | int X509_cmp_time(ASN1_TIME *s, time_t *t); |
| 542 | ASN1_UTCTIME * X509_gmtime_adj(ASN1_UTCTIME *s, long adj); | 819 | int X509_cmp_current_time(ASN1_TIME *s); |
| 820 | ASN1_TIME * X509_time_adj(ASN1_TIME *s, long adj, time_t *t); | ||
| 821 | ASN1_TIME * X509_gmtime_adj(ASN1_TIME *s, long adj); | ||
| 543 | 822 | ||
| 544 | char * X509_get_default_cert_area(void ); | 823 | const char * X509_get_default_cert_area(void ); |
| 545 | char * X509_get_default_cert_dir(void ); | 824 | const char * X509_get_default_cert_dir(void ); |
| 546 | char * X509_get_default_cert_file(void ); | 825 | const char * X509_get_default_cert_file(void ); |
| 547 | char * X509_get_default_cert_dir_env(void ); | 826 | const char * X509_get_default_cert_dir_env(void ); |
| 548 | char * X509_get_default_cert_file_env(void ); | 827 | const char * X509_get_default_cert_file_env(void ); |
| 549 | char * X509_get_default_private_dir(void ); | 828 | const char * X509_get_default_private_dir(void ); |
| 550 | 829 | ||
| 551 | X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, EVP_MD *md); | 830 | X509_REQ * X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md); |
| 552 | X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); | 831 | X509 * X509_REQ_to_X509(X509_REQ *r, int days,EVP_PKEY *pkey); |
| 553 | void ERR_load_X509_strings(void ); | ||
| 554 | 832 | ||
| 555 | X509_ALGOR * X509_ALGOR_new(void ); | 833 | DECLARE_ASN1_FUNCTIONS(X509_ALGOR) |
| 556 | void X509_ALGOR_free(X509_ALGOR *a); | 834 | DECLARE_ASN1_FUNCTIONS(X509_VAL) |
| 557 | int i2d_X509_ALGOR(X509_ALGOR *a,unsigned char **pp); | ||
| 558 | X509_ALGOR * d2i_X509_ALGOR(X509_ALGOR **a,unsigned char **pp, | ||
| 559 | long length); | ||
| 560 | 835 | ||
| 561 | X509_VAL * X509_VAL_new(void ); | 836 | DECLARE_ASN1_FUNCTIONS(X509_PUBKEY) |
| 562 | void X509_VAL_free(X509_VAL *a); | ||
| 563 | int i2d_X509_VAL(X509_VAL *a,unsigned char **pp); | ||
| 564 | X509_VAL * d2i_X509_VAL(X509_VAL **a,unsigned char **pp, | ||
| 565 | long length); | ||
| 566 | 837 | ||
| 567 | X509_PUBKEY * X509_PUBKEY_new(void ); | ||
| 568 | void X509_PUBKEY_free(X509_PUBKEY *a); | ||
| 569 | int i2d_X509_PUBKEY(X509_PUBKEY *a,unsigned char **pp); | ||
| 570 | X509_PUBKEY * d2i_X509_PUBKEY(X509_PUBKEY **a,unsigned char **pp, | ||
| 571 | long length); | ||
| 572 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); | 838 | int X509_PUBKEY_set(X509_PUBKEY **x, EVP_PKEY *pkey); |
| 573 | EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); | 839 | EVP_PKEY * X509_PUBKEY_get(X509_PUBKEY *key); |
| 574 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK *chain); | 840 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, |
| 575 | 841 | STACK_OF(X509) *chain); | |
| 576 | 842 | int i2d_PUBKEY(EVP_PKEY *a,unsigned char **pp); | |
| 577 | X509_SIG * X509_SIG_new(void ); | 843 | EVP_PKEY * d2i_PUBKEY(EVP_PKEY **a,unsigned char **pp, |
| 578 | void X509_SIG_free(X509_SIG *a); | ||
| 579 | int i2d_X509_SIG(X509_SIG *a,unsigned char **pp); | ||
| 580 | X509_SIG * d2i_X509_SIG(X509_SIG **a,unsigned char **pp,long length); | ||
| 581 | |||
| 582 | X509_REQ_INFO *X509_REQ_INFO_new(void); | ||
| 583 | void X509_REQ_INFO_free(X509_REQ_INFO *a); | ||
| 584 | int i2d_X509_REQ_INFO(X509_REQ_INFO *a,unsigned char **pp); | ||
| 585 | X509_REQ_INFO *d2i_X509_REQ_INFO(X509_REQ_INFO **a,unsigned char **pp, | ||
| 586 | long length); | 844 | long length); |
| 845 | #ifndef OPENSSL_NO_RSA | ||
| 846 | int i2d_RSA_PUBKEY(RSA *a,unsigned char **pp); | ||
| 847 | RSA * d2i_RSA_PUBKEY(RSA **a,unsigned char **pp, | ||
| 848 | long length); | ||
| 849 | #endif | ||
| 850 | #ifndef OPENSSL_NO_DSA | ||
| 851 | int i2d_DSA_PUBKEY(DSA *a,unsigned char **pp); | ||
| 852 | DSA * d2i_DSA_PUBKEY(DSA **a,unsigned char **pp, | ||
| 853 | long length); | ||
| 854 | #endif | ||
| 587 | 855 | ||
| 588 | X509_REQ * X509_REQ_new(void); | 856 | DECLARE_ASN1_FUNCTIONS(X509_SIG) |
| 589 | void X509_REQ_free(X509_REQ *a); | 857 | DECLARE_ASN1_FUNCTIONS(X509_REQ_INFO) |
| 590 | int i2d_X509_REQ(X509_REQ *a,unsigned char **pp); | 858 | DECLARE_ASN1_FUNCTIONS(X509_REQ) |
| 591 | X509_REQ * d2i_X509_REQ(X509_REQ **a,unsigned char **pp,long length); | ||
| 592 | 859 | ||
| 593 | X509_ATTRIBUTE *X509_ATTRIBUTE_new(void ); | 860 | DECLARE_ASN1_FUNCTIONS(X509_ATTRIBUTE) |
| 594 | void X509_ATTRIBUTE_free(X509_ATTRIBUTE *a); | 861 | X509_ATTRIBUTE *X509_ATTRIBUTE_create(int nid, int atrtype, void *value); |
| 595 | int i2d_X509_ATTRIBUTE(X509_ATTRIBUTE *a,unsigned char **pp); | ||
| 596 | X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(X509_ATTRIBUTE **a,unsigned char **pp, | ||
| 597 | long length); | ||
| 598 | 862 | ||
| 599 | X509_EXTENSION *X509_EXTENSION_new(void ); | 863 | DECLARE_ASN1_FUNCTIONS(X509_EXTENSION) |
| 600 | void X509_EXTENSION_free(X509_EXTENSION *a); | ||
| 601 | int i2d_X509_EXTENSION(X509_EXTENSION *a,unsigned char **pp); | ||
| 602 | X509_EXTENSION *d2i_X509_EXTENSION(X509_EXTENSION **a,unsigned char **pp, | ||
| 603 | long length); | ||
| 604 | 864 | ||
| 605 | X509_NAME_ENTRY *X509_NAME_ENTRY_new(void); | 865 | DECLARE_ASN1_FUNCTIONS(X509_NAME_ENTRY) |
| 606 | void X509_NAME_ENTRY_free(X509_NAME_ENTRY *a); | 866 | |
| 607 | int i2d_X509_NAME_ENTRY(X509_NAME_ENTRY *a,unsigned char **pp); | 867 | DECLARE_ASN1_FUNCTIONS(X509_NAME) |
| 608 | X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(X509_NAME_ENTRY **a,unsigned char **pp, | ||
| 609 | long length); | ||
| 610 | 868 | ||
| 611 | X509_NAME * X509_NAME_new(void); | ||
| 612 | void X509_NAME_free(X509_NAME *a); | ||
| 613 | int i2d_X509_NAME(X509_NAME *a,unsigned char **pp); | ||
| 614 | X509_NAME * d2i_X509_NAME(X509_NAME **a,unsigned char **pp,long length); | ||
| 615 | int X509_NAME_set(X509_NAME **xn, X509_NAME *name); | 869 | int X509_NAME_set(X509_NAME **xn, X509_NAME *name); |
| 616 | 870 | ||
| 871 | DECLARE_ASN1_FUNCTIONS(X509_CINF) | ||
| 617 | 872 | ||
| 618 | X509_CINF * X509_CINF_new(void); | 873 | DECLARE_ASN1_FUNCTIONS(X509) |
| 619 | void X509_CINF_free(X509_CINF *a); | 874 | DECLARE_ASN1_FUNCTIONS(X509_CERT_AUX) |
| 620 | int i2d_X509_CINF(X509_CINF *a,unsigned char **pp); | ||
| 621 | X509_CINF * d2i_X509_CINF(X509_CINF **a,unsigned char **pp,long length); | ||
| 622 | 875 | ||
| 623 | X509 * X509_new(void); | 876 | int X509_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 624 | void X509_free(X509 *a); | 877 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 625 | int i2d_X509(X509 *a,unsigned char **pp); | 878 | int X509_set_ex_data(X509 *r, int idx, void *arg); |
| 626 | X509 * d2i_X509(X509 **a,unsigned char **pp,long length); | 879 | void *X509_get_ex_data(X509 *r, int idx); |
| 880 | int i2d_X509_AUX(X509 *a,unsigned char **pp); | ||
| 881 | X509 * d2i_X509_AUX(X509 **a,unsigned char **pp,long length); | ||
| 627 | 882 | ||
| 628 | X509_REVOKED * X509_REVOKED_new(void); | 883 | int X509_alias_set1(X509 *x, unsigned char *name, int len); |
| 629 | void X509_REVOKED_free(X509_REVOKED *a); | 884 | int X509_keyid_set1(X509 *x, unsigned char *id, int len); |
| 630 | int i2d_X509_REVOKED(X509_REVOKED *a,unsigned char **pp); | 885 | unsigned char * X509_alias_get0(X509 *x, int *len); |
| 631 | X509_REVOKED * d2i_X509_REVOKED(X509_REVOKED **a,unsigned char **pp,long length); | 886 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int); |
| 887 | int X509_TRUST_set(int *t, int trust); | ||
| 888 | int X509_add1_trust_object(X509 *x, ASN1_OBJECT *obj); | ||
| 889 | int X509_add1_reject_object(X509 *x, ASN1_OBJECT *obj); | ||
| 890 | void X509_trust_clear(X509 *x); | ||
| 891 | void X509_reject_clear(X509 *x); | ||
| 632 | 892 | ||
| 633 | X509_CRL_INFO *X509_CRL_INFO_new(void); | 893 | DECLARE_ASN1_FUNCTIONS(X509_REVOKED) |
| 634 | void X509_CRL_INFO_free(X509_CRL_INFO *a); | 894 | DECLARE_ASN1_FUNCTIONS(X509_CRL_INFO) |
| 635 | int i2d_X509_CRL_INFO(X509_CRL_INFO *a,unsigned char **pp); | 895 | DECLARE_ASN1_FUNCTIONS(X509_CRL) |
| 636 | X509_CRL_INFO *d2i_X509_CRL_INFO(X509_CRL_INFO **a,unsigned char **pp, | ||
| 637 | long length); | ||
| 638 | 896 | ||
| 639 | X509_CRL * X509_CRL_new(void); | 897 | int X509_CRL_add0_revoked(X509_CRL *crl, X509_REVOKED *rev); |
| 640 | void X509_CRL_free(X509_CRL *a); | ||
| 641 | int i2d_X509_CRL(X509_CRL *a,unsigned char **pp); | ||
| 642 | X509_CRL * d2i_X509_CRL(X509_CRL **a,unsigned char **pp,long length); | ||
| 643 | 898 | ||
| 644 | X509_PKEY * X509_PKEY_new(void ); | 899 | X509_PKEY * X509_PKEY_new(void ); |
| 645 | void X509_PKEY_free(X509_PKEY *a); | 900 | void X509_PKEY_free(X509_PKEY *a); |
| 646 | int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); | 901 | int i2d_X509_PKEY(X509_PKEY *a,unsigned char **pp); |
| 647 | X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); | 902 | X509_PKEY * d2i_X509_PKEY(X509_PKEY **a,unsigned char **pp,long length); |
| 648 | 903 | ||
| 649 | NETSCAPE_SPKI * NETSCAPE_SPKI_new(void ); | 904 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKI) |
| 650 | void NETSCAPE_SPKI_free(NETSCAPE_SPKI *a); | 905 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_SPKAC) |
| 651 | int i2d_NETSCAPE_SPKI(NETSCAPE_SPKI *a,unsigned char **pp); | 906 | DECLARE_ASN1_FUNCTIONS(NETSCAPE_CERT_SEQUENCE) |
| 652 | NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(NETSCAPE_SPKI **a,unsigned char **pp, | ||
| 653 | long length); | ||
| 654 | 907 | ||
| 655 | NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(void ); | 908 | #ifndef OPENSSL_NO_EVP |
| 656 | void NETSCAPE_SPKAC_free(NETSCAPE_SPKAC *a); | ||
| 657 | int i2d_NETSCAPE_SPKAC(NETSCAPE_SPKAC *a,unsigned char **pp); | ||
| 658 | NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(NETSCAPE_SPKAC **a,unsigned char **pp, | ||
| 659 | long length); | ||
| 660 | |||
| 661 | #ifdef HEADER_ENVELOPE_H | ||
| 662 | X509_INFO * X509_INFO_new(void); | 909 | X509_INFO * X509_INFO_new(void); |
| 663 | void X509_INFO_free(X509_INFO *a); | 910 | void X509_INFO_free(X509_INFO *a); |
| 664 | char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); | 911 | char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); |
| @@ -666,12 +913,22 @@ char * X509_NAME_oneline(X509_NAME *a,char *buf,int size); | |||
| 666 | int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, | 913 | int ASN1_verify(int (*i2d)(), X509_ALGOR *algor1, |
| 667 | ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); | 914 | ASN1_BIT_STRING *signature,char *data,EVP_PKEY *pkey); |
| 668 | 915 | ||
| 669 | int ASN1_digest(int (*i2d)(),EVP_MD *type,char *data, | 916 | int ASN1_digest(int (*i2d)(),const EVP_MD *type,char *data, |
| 670 | unsigned char *md,unsigned int *len); | 917 | unsigned char *md,unsigned int *len); |
| 671 | 918 | ||
| 672 | int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, | 919 | int ASN1_sign(int (*i2d)(), X509_ALGOR *algor1, X509_ALGOR *algor2, |
| 673 | ASN1_BIT_STRING *signature, | 920 | ASN1_BIT_STRING *signature, |
| 674 | char *data,EVP_PKEY *pkey, EVP_MD *type); | 921 | char *data,EVP_PKEY *pkey, const EVP_MD *type); |
| 922 | |||
| 923 | int ASN1_item_digest(const ASN1_ITEM *it,const EVP_MD *type,void *data, | ||
| 924 | unsigned char *md,unsigned int *len); | ||
| 925 | |||
| 926 | int ASN1_item_verify(const ASN1_ITEM *it, X509_ALGOR *algor1, | ||
| 927 | ASN1_BIT_STRING *signature,void *data,EVP_PKEY *pkey); | ||
| 928 | |||
| 929 | int ASN1_item_sign(const ASN1_ITEM *it, X509_ALGOR *algor1, X509_ALGOR *algor2, | ||
| 930 | ASN1_BIT_STRING *signature, | ||
| 931 | void *data, EVP_PKEY *pkey, const EVP_MD *type); | ||
| 675 | #endif | 932 | #endif |
| 676 | 933 | ||
| 677 | int X509_set_version(X509 *x,long version); | 934 | int X509_set_version(X509 *x,long version); |
| @@ -681,40 +938,83 @@ int X509_set_issuer_name(X509 *x, X509_NAME *name); | |||
| 681 | X509_NAME * X509_get_issuer_name(X509 *a); | 938 | X509_NAME * X509_get_issuer_name(X509 *a); |
| 682 | int X509_set_subject_name(X509 *x, X509_NAME *name); | 939 | int X509_set_subject_name(X509 *x, X509_NAME *name); |
| 683 | X509_NAME * X509_get_subject_name(X509 *a); | 940 | X509_NAME * X509_get_subject_name(X509 *a); |
| 684 | int X509_set_notBefore(X509 *x, ASN1_UTCTIME *tm); | 941 | int X509_set_notBefore(X509 *x, ASN1_TIME *tm); |
| 685 | int X509_set_notAfter(X509 *x, ASN1_UTCTIME *tm); | 942 | int X509_set_notAfter(X509 *x, ASN1_TIME *tm); |
| 686 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); | 943 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey); |
| 687 | EVP_PKEY * X509_get_pubkey(X509 *x); | 944 | EVP_PKEY * X509_get_pubkey(X509 *x); |
| 945 | ASN1_BIT_STRING * X509_get0_pubkey_bitstr(const X509 *x); | ||
| 688 | int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); | 946 | int X509_certificate_type(X509 *x,EVP_PKEY *pubkey /* optional */); |
| 689 | 947 | ||
| 690 | int X509_REQ_set_version(X509_REQ *x,long version); | 948 | int X509_REQ_set_version(X509_REQ *x,long version); |
| 691 | int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); | 949 | int X509_REQ_set_subject_name(X509_REQ *req,X509_NAME *name); |
| 692 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); | 950 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey); |
| 693 | EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); | 951 | EVP_PKEY * X509_REQ_get_pubkey(X509_REQ *req); |
| 952 | int X509_REQ_extension_nid(int nid); | ||
| 953 | int * X509_REQ_get_extension_nids(void); | ||
| 954 | void X509_REQ_set_extension_nids(int *nids); | ||
| 955 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req); | ||
| 956 | int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | ||
| 957 | int nid); | ||
| 958 | int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts); | ||
| 959 | int X509_REQ_get_attr_count(const X509_REQ *req); | ||
| 960 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, | ||
| 961 | int lastpos); | ||
| 962 | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, | ||
| 963 | int lastpos); | ||
| 964 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc); | ||
| 965 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc); | ||
| 966 | int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr); | ||
| 967 | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, | ||
| 968 | const ASN1_OBJECT *obj, int type, | ||
| 969 | const unsigned char *bytes, int len); | ||
| 970 | int X509_REQ_add1_attr_by_NID(X509_REQ *req, | ||
| 971 | int nid, int type, | ||
| 972 | const unsigned char *bytes, int len); | ||
| 973 | int X509_REQ_add1_attr_by_txt(X509_REQ *req, | ||
| 974 | const char *attrname, int type, | ||
| 975 | const unsigned char *bytes, int len); | ||
| 976 | |||
| 977 | int X509_CRL_set_version(X509_CRL *x, long version); | ||
| 978 | int X509_CRL_set_issuer_name(X509_CRL *x, X509_NAME *name); | ||
| 979 | int X509_CRL_set_lastUpdate(X509_CRL *x, ASN1_TIME *tm); | ||
| 980 | int X509_CRL_set_nextUpdate(X509_CRL *x, ASN1_TIME *tm); | ||
| 981 | int X509_CRL_sort(X509_CRL *crl); | ||
| 982 | |||
| 983 | int X509_REVOKED_set_serialNumber(X509_REVOKED *x, ASN1_INTEGER *serial); | ||
| 984 | int X509_REVOKED_set_revocationDate(X509_REVOKED *r, ASN1_TIME *tm); | ||
| 694 | 985 | ||
| 695 | int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); | 986 | int X509_check_private_key(X509 *x509,EVP_PKEY *pkey); |
| 696 | 987 | ||
| 697 | int X509_issuer_and_serial_cmp(X509 *a, X509 *b); | 988 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b); |
| 698 | unsigned long X509_issuer_and_serial_hash(X509 *a); | 989 | unsigned long X509_issuer_and_serial_hash(X509 *a); |
| 699 | 990 | ||
| 700 | int X509_issuer_name_cmp(X509 *a, X509 *b); | 991 | int X509_issuer_name_cmp(const X509 *a, const X509 *b); |
| 701 | unsigned long X509_issuer_name_hash(X509 *a); | 992 | unsigned long X509_issuer_name_hash(X509 *a); |
| 702 | 993 | ||
| 703 | int X509_subject_name_cmp(X509 *a,X509 *b); | 994 | int X509_subject_name_cmp(const X509 *a, const X509 *b); |
| 704 | unsigned long X509_subject_name_hash(X509 *x); | 995 | unsigned long X509_subject_name_hash(X509 *x); |
| 705 | 996 | ||
| 706 | int X509_NAME_cmp (X509_NAME *a, X509_NAME *b); | 997 | int X509_cmp(const X509 *a, const X509 *b); |
| 998 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b); | ||
| 707 | unsigned long X509_NAME_hash(X509_NAME *x); | 999 | unsigned long X509_NAME_hash(X509_NAME *x); |
| 708 | 1000 | ||
| 709 | int X509_CRL_cmp(X509_CRL *a,X509_CRL *b); | 1001 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b); |
| 710 | #ifndef NO_FP_API | 1002 | #ifndef OPENSSL_NO_FP_API |
| 1003 | int X509_print_ex_fp(FILE *bp,X509 *x, unsigned long nmflag, unsigned long cflag); | ||
| 711 | int X509_print_fp(FILE *bp,X509 *x); | 1004 | int X509_print_fp(FILE *bp,X509 *x); |
| 1005 | int X509_CRL_print_fp(FILE *bp,X509_CRL *x); | ||
| 712 | int X509_REQ_print_fp(FILE *bp,X509_REQ *req); | 1006 | int X509_REQ_print_fp(FILE *bp,X509_REQ *req); |
| 1007 | int X509_NAME_print_ex_fp(FILE *fp, X509_NAME *nm, int indent, unsigned long flags); | ||
| 713 | #endif | 1008 | #endif |
| 714 | 1009 | ||
| 715 | #ifdef HEADER_BIO_H | 1010 | #ifndef OPENSSL_NO_BIO |
| 716 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); | 1011 | int X509_NAME_print(BIO *bp, X509_NAME *name, int obase); |
| 1012 | int X509_NAME_print_ex(BIO *out, X509_NAME *nm, int indent, unsigned long flags); | ||
| 1013 | int X509_print_ex(BIO *bp,X509 *x, unsigned long nmflag, unsigned long cflag); | ||
| 717 | int X509_print(BIO *bp,X509 *x); | 1014 | int X509_print(BIO *bp,X509 *x); |
| 1015 | int X509_ocspid_print(BIO *bp,X509 *x); | ||
| 1016 | int X509_CERT_AUX_print(BIO *bp,X509_CERT_AUX *x, int indent); | ||
| 1017 | int X509_CRL_print(BIO *bp,X509_CRL *x); | ||
| 718 | int X509_REQ_print(BIO *bp,X509_REQ *req); | 1018 | int X509_REQ_print(BIO *bp,X509_REQ *req); |
| 719 | #endif | 1019 | #endif |
| 720 | 1020 | ||
| @@ -725,7 +1025,7 @@ int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, | |||
| 725 | char *buf,int len); | 1025 | char *buf,int len); |
| 726 | 1026 | ||
| 727 | /* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use | 1027 | /* NOTE: you should be passsing -1, not 0 as lastpos. The functions that use |
| 728 | * lastpos, seach after that position on. */ | 1028 | * lastpos, search after that position on. */ |
| 729 | int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); | 1029 | int X509_NAME_get_index_by_NID(X509_NAME *name,int nid,int lastpos); |
| 730 | int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, | 1030 | int X509_NAME_get_index_by_OBJ(X509_NAME *name,ASN1_OBJECT *obj, |
| 731 | int lastpos); | 1031 | int lastpos); |
| @@ -733,8 +1033,16 @@ X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc); | |||
| 733 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); | 1033 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc); |
| 734 | int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, | 1034 | int X509_NAME_add_entry(X509_NAME *name,X509_NAME_ENTRY *ne, |
| 735 | int loc, int set); | 1035 | int loc, int set); |
| 1036 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, | ||
| 1037 | unsigned char *bytes, int len, int loc, int set); | ||
| 1038 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | ||
| 1039 | unsigned char *bytes, int len, int loc, int set); | ||
| 1040 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, | ||
| 1041 | char *field, int type, unsigned char *bytes, int len); | ||
| 736 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | 1042 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, |
| 737 | int type,unsigned char *bytes, int len); | 1043 | int type,unsigned char *bytes, int len); |
| 1044 | int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, | ||
| 1045 | unsigned char *bytes, int len, int loc, int set); | ||
| 738 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, | 1046 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, |
| 739 | ASN1_OBJECT *obj, int type,unsigned char *bytes, | 1047 | ASN1_OBJECT *obj, int type,unsigned char *bytes, |
| 740 | int len); | 1048 | int len); |
| @@ -745,18 +1053,17 @@ int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, | |||
| 745 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); | 1053 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne); |
| 746 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); | 1054 | ASN1_STRING * X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne); |
| 747 | 1055 | ||
| 748 | int X509v3_get_ext_count(STACK *x); | 1056 | int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x); |
| 749 | int X509v3_get_ext_by_NID(STACK *x, int nid, int lastpos); | 1057 | int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, |
| 750 | int X509v3_get_ext_by_OBJ(STACK *x,ASN1_OBJECT *obj,int lastpos); | 1058 | int nid, int lastpos); |
| 751 | int X509v3_get_ext_by_critical(STACK *x, int crit, int lastpos); | 1059 | int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *x, |
| 752 | X509_EXTENSION *X509v3_get_ext(STACK *x, int loc); | 1060 | ASN1_OBJECT *obj,int lastpos); |
| 753 | X509_EXTENSION *X509v3_delete_ext(STACK *x, int loc); | 1061 | int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *x, |
| 754 | STACK * X509v3_add_ext(STACK **x, X509_EXTENSION *ex, int loc); | 1062 | int crit, int lastpos); |
| 755 | 1063 | X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc); | |
| 756 | int X509v3_data_type_by_OBJ(ASN1_OBJECT *obj); | 1064 | X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc); |
| 757 | int X509v3_data_type_by_NID(int nid); | 1065 | STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, |
| 758 | int X509v3_pack_type_by_OBJ(ASN1_OBJECT *obj); | 1066 | X509_EXTENSION *ex, int loc); |
| 759 | int X509v3_pack_type_by_NID(int nid); | ||
| 760 | 1067 | ||
| 761 | int X509_get_ext_count(X509 *x); | 1068 | int X509_get_ext_count(X509 *x); |
| 762 | int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); | 1069 | int X509_get_ext_by_NID(X509 *x, int nid, int lastpos); |
| @@ -765,6 +1072,9 @@ int X509_get_ext_by_critical(X509 *x, int crit, int lastpos); | |||
| 765 | X509_EXTENSION *X509_get_ext(X509 *x, int loc); | 1072 | X509_EXTENSION *X509_get_ext(X509 *x, int loc); |
| 766 | X509_EXTENSION *X509_delete_ext(X509 *x, int loc); | 1073 | X509_EXTENSION *X509_delete_ext(X509 *x, int loc); |
| 767 | int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); | 1074 | int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc); |
| 1075 | void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); | ||
| 1076 | int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, | ||
| 1077 | unsigned long flags); | ||
| 768 | 1078 | ||
| 769 | int X509_CRL_get_ext_count(X509_CRL *x); | 1079 | int X509_CRL_get_ext_count(X509_CRL *x); |
| 770 | int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); | 1080 | int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos); |
| @@ -773,6 +1083,9 @@ int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos); | |||
| 773 | X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); | 1083 | X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc); |
| 774 | X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); | 1084 | X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc); |
| 775 | int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); | 1085 | int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc); |
| 1086 | void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); | ||
| 1087 | int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, | ||
| 1088 | unsigned long flags); | ||
| 776 | 1089 | ||
| 777 | int X509_REVOKED_get_ext_count(X509_REVOKED *x); | 1090 | int X509_REVOKED_get_ext_count(X509_REVOKED *x); |
| 778 | int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); | 1091 | int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos); |
| @@ -781,6 +1094,9 @@ int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos); | |||
| 781 | X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); | 1094 | X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc); |
| 782 | X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); | 1095 | X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc); |
| 783 | int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); | 1096 | int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc); |
| 1097 | void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); | ||
| 1098 | int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, | ||
| 1099 | unsigned long flags); | ||
| 784 | 1100 | ||
| 785 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, | 1101 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, |
| 786 | int nid, int crit, ASN1_OCTET_STRING *data); | 1102 | int nid, int crit, ASN1_OCTET_STRING *data); |
| @@ -793,311 +1109,80 @@ int X509_EXTENSION_set_data(X509_EXTENSION *ex, | |||
| 793 | ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); | 1109 | ASN1_OBJECT * X509_EXTENSION_get_object(X509_EXTENSION *ex); |
| 794 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); | 1110 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ne); |
| 795 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex); | 1111 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex); |
| 796 | ASN1_OCTET_STRING *X509v3_pack_string(ASN1_OCTET_STRING **ex,int type, | ||
| 797 | unsigned char *bytes, int len); | ||
| 798 | ASN1_STRING * X509v3_unpack_string(ASN1_STRING **ex,int type, | ||
| 799 | ASN1_OCTET_STRING *os); | ||
| 800 | 1112 | ||
| 801 | int X509_verify_cert(X509_STORE_CTX *ctx); | 1113 | int X509at_get_attr_count(const STACK_OF(X509_ATTRIBUTE) *x); |
| 802 | 1114 | int X509at_get_attr_by_NID(const STACK_OF(X509_ATTRIBUTE) *x, int nid, | |
| 803 | /* lookup a cert from a X509 STACK */ | 1115 | int lastpos); |
| 804 | X509 *X509_find_by_issuer_and_serial(STACK *sk,X509_NAME *name, | 1116 | int X509at_get_attr_by_OBJ(const STACK_OF(X509_ATTRIBUTE) *sk, ASN1_OBJECT *obj, |
| 805 | ASN1_INTEGER *serial); | 1117 | int lastpos); |
| 806 | X509 *X509_find_by_subject(STACK *sk,X509_NAME *name); | 1118 | X509_ATTRIBUTE *X509at_get_attr(const STACK_OF(X509_ATTRIBUTE) *x, int loc); |
| 807 | 1119 | X509_ATTRIBUTE *X509at_delete_attr(STACK_OF(X509_ATTRIBUTE) *x, int loc); | |
| 808 | #else | 1120 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr(STACK_OF(X509_ATTRIBUTE) **x, |
| 809 | 1121 | X509_ATTRIBUTE *attr); | |
| 810 | #ifndef SSLEAY_MACROS | 1122 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, |
| 811 | #ifdef HEADER_ENVELOPE_H | 1123 | const ASN1_OBJECT *obj, int type, |
| 812 | int X509_verify(); | 1124 | const unsigned char *bytes, int len); |
| 813 | int X509_REQ_verify(); | 1125 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, |
| 814 | int X509_CRL_verify(); | 1126 | int nid, int type, |
| 815 | int NETSCAPE_SPKI_verify(); | 1127 | const unsigned char *bytes, int len); |
| 816 | 1128 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | |
| 817 | int X509_sign(); | 1129 | const char *attrname, int type, |
| 818 | int X509_REQ_sign(); | 1130 | const unsigned char *bytes, int len); |
| 819 | int X509_CRL_sign(); | 1131 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, |
| 820 | int NETSCAPE_SPKI_sign(); | 1132 | int atrtype, const void *data, int len); |
| 821 | 1133 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, | |
| 822 | int X509_digest(); | 1134 | const ASN1_OBJECT *obj, int atrtype, const void *data, int len); |
| 823 | int X509_NAME_digest(); | 1135 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, |
| 824 | #endif | 1136 | const char *atrname, int type, const unsigned char *bytes, int len); |
| 825 | 1137 | int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj); | |
| 826 | #ifndef NO_FP_API | 1138 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len); |
| 827 | X509 *d2i_X509_fp(); | 1139 | void *X509_ATTRIBUTE_get0_data(X509_ATTRIBUTE *attr, int idx, |
| 828 | int i2d_X509_fp(); | 1140 | int atrtype, void *data); |
| 829 | X509_CRL *d2i_X509_CRL_fp(); | 1141 | int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr); |
| 830 | int i2d_X509_CRL_fp(); | 1142 | ASN1_OBJECT *X509_ATTRIBUTE_get0_object(X509_ATTRIBUTE *attr); |
| 831 | X509_REQ *d2i_X509_REQ_fp(); | 1143 | ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx); |
| 832 | int i2d_X509_REQ_fp(); | ||
| 833 | RSA *d2i_RSAPrivateKey_fp(); | ||
| 834 | int i2d_RSAPrivateKey_fp(); | ||
| 835 | DSA *d2i_DSAPrivateKey_fp(); | ||
| 836 | int i2d_DSAPrivateKey_fp(); | ||
| 837 | RSA *d2i_RSAPublicKey_fp(); | ||
| 838 | int i2d_RSAPublicKey_fp(); | ||
| 839 | #endif | ||
| 840 | |||
| 841 | X509 *d2i_X509_bio(); | ||
| 842 | int i2d_X509_bio(); | ||
| 843 | X509_CRL *d2i_X509_CRL_bio(); | ||
| 844 | int i2d_X509_CRL_bio(); | ||
| 845 | X509_REQ *d2i_X509_REQ_bio(); | ||
| 846 | int i2d_X509_REQ_bio(); | ||
| 847 | RSA *d2i_RSAPrivateKey_bio(); | ||
| 848 | int i2d_RSAPrivateKey_bio(); | ||
| 849 | DSA *d2i_DSAPrivateKey_bio(); | ||
| 850 | int i2d_DSAPrivateKey_bio(); | ||
| 851 | RSA *d2i_RSAPublicKey_bio(); | ||
| 852 | int i2d_RSAPublicKey_bio(); | ||
| 853 | |||
| 854 | X509 *X509_dup(); | ||
| 855 | X509_EXTENSION *X509_EXTENSION_dup(); | ||
| 856 | X509_CRL *X509_CRL_dup(); | ||
| 857 | X509_REQ *X509_REQ_dup(); | ||
| 858 | X509_NAME *X509_NAME_dup(); | ||
| 859 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(); | ||
| 860 | RSA *RSAPublicKey_dup(); | ||
| 861 | RSA *RSAPrivateKey_dup(); | ||
| 862 | |||
| 863 | #endif /* !SSLEAY_MACROS */ | ||
| 864 | 1144 | ||
| 865 | int X509_cmp_current_time(); | 1145 | int X509_verify_cert(X509_STORE_CTX *ctx); |
| 866 | ASN1_UTCTIME * X509_gmtime_adj(); | ||
| 867 | |||
| 868 | char * X509_get_default_cert_area(); | ||
| 869 | char * X509_get_default_cert_dir(); | ||
| 870 | char * X509_get_default_cert_file(); | ||
| 871 | char * X509_get_default_cert_dir_env(); | ||
| 872 | char * X509_get_default_cert_file_env(); | ||
| 873 | char * X509_get_default_private_dir(); | ||
| 874 | |||
| 875 | X509_REQ * X509_to_X509_REQ(); | ||
| 876 | X509 * X509_REQ_to_X509(); | ||
| 877 | void ERR_load_X509_strings(); | ||
| 878 | |||
| 879 | X509_ALGOR * X509_ALGOR_new(); | ||
| 880 | void X509_ALGOR_free(); | ||
| 881 | int i2d_X509_ALGOR(); | ||
| 882 | X509_ALGOR * d2i_X509_ALGOR(); | ||
| 883 | |||
| 884 | X509_VAL * X509_VAL_new(); | ||
| 885 | void X509_VAL_free(); | ||
| 886 | int i2d_X509_VAL(); | ||
| 887 | X509_VAL * d2i_X509_VAL(); | ||
| 888 | |||
| 889 | X509_PUBKEY * X509_PUBKEY_new(); | ||
| 890 | void X509_PUBKEY_free(); | ||
| 891 | int i2d_X509_PUBKEY(); | ||
| 892 | X509_PUBKEY * d2i_X509_PUBKEY(); | ||
| 893 | int X509_PUBKEY_set(); | ||
| 894 | EVP_PKEY * X509_PUBKEY_get(); | ||
| 895 | int X509_get_pubkey_parameters(); | ||
| 896 | |||
| 897 | X509_SIG * X509_SIG_new(); | ||
| 898 | void X509_SIG_free(); | ||
| 899 | int i2d_X509_SIG(); | ||
| 900 | X509_SIG * d2i_X509_SIG(); | ||
| 901 | |||
| 902 | X509_REQ_INFO *X509_REQ_INFO_new(); | ||
| 903 | void X509_REQ_INFO_free(); | ||
| 904 | int i2d_X509_REQ_INFO(); | ||
| 905 | X509_REQ_INFO *d2i_X509_REQ_INFO(); | ||
| 906 | |||
| 907 | X509_REQ * X509_REQ_new(); | ||
| 908 | void X509_REQ_free(); | ||
| 909 | int i2d_X509_REQ(); | ||
| 910 | X509_REQ * d2i_X509_REQ(); | ||
| 911 | |||
| 912 | X509_ATTRIBUTE *X509_ATTRIBUTE_new(); | ||
| 913 | void X509_ATTRIBUTE_free(); | ||
| 914 | int i2d_X509_ATTRIBUTE(); | ||
| 915 | X509_ATTRIBUTE *d2i_X509_ATTRIBUTE(); | ||
| 916 | |||
| 917 | X509_EXTENSION *X509_EXTENSION_new(); | ||
| 918 | void X509_EXTENSION_free(); | ||
| 919 | int i2d_X509_EXTENSION(); | ||
| 920 | X509_EXTENSION *d2i_X509_EXTENSION(); | ||
| 921 | |||
| 922 | X509_NAME_ENTRY *X509_NAME_ENTRY_new(); | ||
| 923 | void X509_NAME_ENTRY_free(); | ||
| 924 | int i2d_X509_NAME_ENTRY(); | ||
| 925 | X509_NAME_ENTRY *d2i_X509_NAME_ENTRY(); | ||
| 926 | |||
| 927 | X509_NAME * X509_NAME_new(); | ||
| 928 | void X509_NAME_free(); | ||
| 929 | int i2d_X509_NAME(); | ||
| 930 | X509_NAME * d2i_X509_NAME(); | ||
| 931 | int X509_NAME_set(); | ||
| 932 | |||
| 933 | |||
| 934 | X509_CINF * X509_CINF_new(); | ||
| 935 | void X509_CINF_free(); | ||
| 936 | int i2d_X509_CINF(); | ||
| 937 | X509_CINF * d2i_X509_CINF(); | ||
| 938 | |||
| 939 | X509 * X509_new(); | ||
| 940 | void X509_free(); | ||
| 941 | int i2d_X509(); | ||
| 942 | X509 * d2i_X509(); | ||
| 943 | |||
| 944 | X509_REVOKED * X509_REVOKED_new(); | ||
| 945 | void X509_REVOKED_free(); | ||
| 946 | int i2d_X509_REVOKED(); | ||
| 947 | X509_REVOKED * d2i_X509_REVOKED(); | ||
| 948 | |||
| 949 | X509_CRL_INFO *X509_CRL_INFO_new(); | ||
| 950 | void X509_CRL_INFO_free(); | ||
| 951 | int i2d_X509_CRL_INFO(); | ||
| 952 | X509_CRL_INFO *d2i_X509_CRL_INFO(); | ||
| 953 | |||
| 954 | X509_CRL * X509_CRL_new(); | ||
| 955 | void X509_CRL_free(); | ||
| 956 | int i2d_X509_CRL(); | ||
| 957 | X509_CRL * d2i_X509_CRL(); | ||
| 958 | |||
| 959 | X509_PKEY * X509_PKEY_new(); | ||
| 960 | void X509_PKEY_free(); | ||
| 961 | int i2d_X509_PKEY(); | ||
| 962 | X509_PKEY * d2i_X509_PKEY(); | ||
| 963 | |||
| 964 | NETSCAPE_SPKI * NETSCAPE_SPKI_new(); | ||
| 965 | void NETSCAPE_SPKI_free(); | ||
| 966 | int i2d_NETSCAPE_SPKI(); | ||
| 967 | NETSCAPE_SPKI * d2i_NETSCAPE_SPKI(); | ||
| 968 | |||
| 969 | NETSCAPE_SPKAC *NETSCAPE_SPKAC_new(); | ||
| 970 | void NETSCAPE_SPKAC_free(); | ||
| 971 | int i2d_NETSCAPE_SPKAC(); | ||
| 972 | NETSCAPE_SPKAC *d2i_NETSCAPE_SPKAC(); | ||
| 973 | |||
| 974 | #ifdef HEADER_ENVELOPE_H | ||
| 975 | X509_INFO * X509_INFO_new(); | ||
| 976 | void X509_INFO_free(); | ||
| 977 | #endif | ||
| 978 | |||
| 979 | char * X509_NAME_oneline(); | ||
| 980 | |||
| 981 | int ASN1_verify(); | ||
| 982 | int ASN1_digest(); | ||
| 983 | int ASN1_sign(); | ||
| 984 | |||
| 985 | int X509_set_version(); | ||
| 986 | int X509_set_serialNumber(); | ||
| 987 | ASN1_INTEGER * X509_get_serialNumber(); | ||
| 988 | int X509_set_issuer_name(); | ||
| 989 | X509_NAME * X509_get_issuer_name(); | ||
| 990 | int X509_set_subject_name(); | ||
| 991 | X509_NAME * X509_get_subject_name(); | ||
| 992 | int X509_set_notBefore(); | ||
| 993 | int X509_set_notAfter(); | ||
| 994 | int X509_set_pubkey(); | ||
| 995 | EVP_PKEY * X509_get_pubkey(); | ||
| 996 | int X509_certificate_type(); | ||
| 997 | |||
| 998 | int X509_REQ_set_version(); | ||
| 999 | int X509_REQ_set_subject_name(); | ||
| 1000 | int X509_REQ_set_pubkey(); | ||
| 1001 | EVP_PKEY * X509_REQ_get_pubkey(); | ||
| 1002 | |||
| 1003 | int X509_check_private_key(); | ||
| 1004 | |||
| 1005 | int X509_issuer_and_serial_cmp(); | ||
| 1006 | unsigned long X509_issuer_and_serial_hash(); | ||
| 1007 | |||
| 1008 | int X509_issuer_name_cmp(); | ||
| 1009 | unsigned long X509_issuer_name_hash(); | ||
| 1010 | |||
| 1011 | int X509_subject_name_cmp(); | ||
| 1012 | unsigned long X509_subject_name_hash(); | ||
| 1013 | |||
| 1014 | int X509_NAME_cmp (); | ||
| 1015 | unsigned long X509_NAME_hash(); | ||
| 1016 | |||
| 1017 | int X509_CRL_cmp(); | ||
| 1018 | #ifndef NO_FP_API | ||
| 1019 | int X509_print_fp(); | ||
| 1020 | int X509_REQ_print_fp(); | ||
| 1021 | #endif | ||
| 1022 | |||
| 1023 | int X509_NAME_print(); | ||
| 1024 | int X509_print(); | ||
| 1025 | int X509_REQ_print(); | ||
| 1026 | |||
| 1027 | int X509_NAME_entry_count(); | ||
| 1028 | int X509_NAME_get_text_by_NID(); | ||
| 1029 | int X509_NAME_get_text_by_OBJ(); | ||
| 1030 | |||
| 1031 | int X509_NAME_get_index_by_NID(); | ||
| 1032 | int X509_NAME_get_index_by_OBJ(); | ||
| 1033 | X509_NAME_ENTRY *X509_NAME_get_entry(); | ||
| 1034 | X509_NAME_ENTRY *X509_NAME_delete_entry(); | ||
| 1035 | int X509_NAME_add_entry(); | ||
| 1036 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(); | ||
| 1037 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(); | ||
| 1038 | int X509_NAME_ENTRY_set_object(); | ||
| 1039 | int X509_NAME_ENTRY_set_data(); | ||
| 1040 | ASN1_OBJECT * X509_NAME_ENTRY_get_object(); | ||
| 1041 | ASN1_STRING * X509_NAME_ENTRY_get_data(); | ||
| 1042 | |||
| 1043 | int X509v3_get_ext_count(); | ||
| 1044 | int X509v3_get_ext_by_NID(); | ||
| 1045 | int X509v3_get_ext_by_OBJ(); | ||
| 1046 | int X509v3_get_ext_by_critical(); | ||
| 1047 | X509_EXTENSION *X509v3_get_ext(); | ||
| 1048 | X509_EXTENSION *X509v3_delete_ext(); | ||
| 1049 | STACK * X509v3_add_ext(); | ||
| 1050 | |||
| 1051 | int X509v3_data_type_by_OBJ(); | ||
| 1052 | int X509v3_data_type_by_NID(); | ||
| 1053 | int X509v3_pack_type_by_OBJ(); | ||
| 1054 | int X509v3_pack_type_by_NID(); | ||
| 1055 | |||
| 1056 | int X509_get_ext_count(); | ||
| 1057 | int X509_get_ext_by_NID(); | ||
| 1058 | int X509_get_ext_by_OBJ(); | ||
| 1059 | int X509_get_ext_by_critical(); | ||
| 1060 | X509_EXTENSION *X509_get_ext(); | ||
| 1061 | X509_EXTENSION *X509_delete_ext(); | ||
| 1062 | int X509_add_ext(); | ||
| 1063 | |||
| 1064 | int X509_CRL_get_ext_count(); | ||
| 1065 | int X509_CRL_get_ext_by_NID(); | ||
| 1066 | int X509_CRL_get_ext_by_OBJ(); | ||
| 1067 | int X509_CRL_get_ext_by_critical(); | ||
| 1068 | X509_EXTENSION *X509_CRL_get_ext(); | ||
| 1069 | X509_EXTENSION *X509_CRL_delete_ext(); | ||
| 1070 | int X509_CRL_add_ext(); | ||
| 1071 | |||
| 1072 | int X509_REVOKED_get_ext_count(); | ||
| 1073 | int X509_REVOKED_get_ext_by_NID(); | ||
| 1074 | int X509_REVOKED_get_ext_by_OBJ(); | ||
| 1075 | int X509_REVOKED_get_ext_by_critical(); | ||
| 1076 | X509_EXTENSION *X509_REVOKED_get_ext(); | ||
| 1077 | X509_EXTENSION *X509_REVOKED_delete_ext(); | ||
| 1078 | int X509_REVOKED_add_ext(); | ||
| 1079 | |||
| 1080 | X509_EXTENSION *X509_EXTENSION_create_by_NID(); | ||
| 1081 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(); | ||
| 1082 | int X509_EXTENSION_set_object(); | ||
| 1083 | int X509_EXTENSION_set_critical(); | ||
| 1084 | int X509_EXTENSION_set_data(); | ||
| 1085 | ASN1_OBJECT * X509_EXTENSION_get_object(); | ||
| 1086 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(); | ||
| 1087 | int X509_EXTENSION_get_critical(); | ||
| 1088 | ASN1_OCTET_STRING *X509v3_pack_string(); | ||
| 1089 | ASN1_STRING * X509v3_unpack_string(); | ||
| 1090 | |||
| 1091 | int X509_verify_cert(); | ||
| 1092 | char * X509_verify_cert_error_string(); | ||
| 1093 | 1146 | ||
| 1094 | /* lookup a cert from a X509 STACK */ | 1147 | /* lookup a cert from a X509 STACK */ |
| 1095 | X509 *X509_find_by_issuer_and_serial(); | 1148 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk,X509_NAME *name, |
| 1096 | X509 *X509_find_by_subject(); | 1149 | ASN1_INTEGER *serial); |
| 1097 | 1150 | X509 *X509_find_by_subject(STACK_OF(X509) *sk,X509_NAME *name); | |
| 1098 | #endif | 1151 | |
| 1152 | DECLARE_ASN1_FUNCTIONS(PBEPARAM) | ||
| 1153 | DECLARE_ASN1_FUNCTIONS(PBE2PARAM) | ||
| 1154 | DECLARE_ASN1_FUNCTIONS(PBKDF2PARAM) | ||
| 1155 | |||
| 1156 | X509_ALGOR *PKCS5_pbe_set(int alg, int iter, unsigned char *salt, int saltlen); | ||
| 1157 | X509_ALGOR *PKCS5_pbe2_set(const EVP_CIPHER *cipher, int iter, | ||
| 1158 | unsigned char *salt, int saltlen); | ||
| 1159 | |||
| 1160 | /* PKCS#8 utilities */ | ||
| 1161 | |||
| 1162 | DECLARE_ASN1_FUNCTIONS(PKCS8_PRIV_KEY_INFO) | ||
| 1163 | |||
| 1164 | EVP_PKEY *EVP_PKCS82PKEY(PKCS8_PRIV_KEY_INFO *p8); | ||
| 1165 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8(EVP_PKEY *pkey); | ||
| 1166 | PKCS8_PRIV_KEY_INFO *EVP_PKEY2PKCS8_broken(EVP_PKEY *pkey, int broken); | ||
| 1167 | PKCS8_PRIV_KEY_INFO *PKCS8_set_broken(PKCS8_PRIV_KEY_INFO *p8, int broken); | ||
| 1168 | |||
| 1169 | int X509_check_trust(X509 *x, int id, int flags); | ||
| 1170 | int X509_TRUST_get_count(void); | ||
| 1171 | X509_TRUST * X509_TRUST_get0(int idx); | ||
| 1172 | int X509_TRUST_get_by_id(int id); | ||
| 1173 | int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | ||
| 1174 | char *name, int arg1, void *arg2); | ||
| 1175 | void X509_TRUST_cleanup(void); | ||
| 1176 | int X509_TRUST_get_flags(X509_TRUST *xp); | ||
| 1177 | char *X509_TRUST_get0_name(X509_TRUST *xp); | ||
| 1178 | int X509_TRUST_get_trust(X509_TRUST *xp); | ||
| 1099 | 1179 | ||
| 1100 | /* BEGIN ERROR CODES */ | 1180 | /* BEGIN ERROR CODES */ |
| 1181 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 1182 | * made after this point may be overwritten when the script is next run. | ||
| 1183 | */ | ||
| 1184 | void ERR_load_X509_strings(void); | ||
| 1185 | |||
| 1101 | /* Error codes for the X509 functions. */ | 1186 | /* Error codes for the X509 functions. */ |
| 1102 | 1187 | ||
| 1103 | /* Function codes. */ | 1188 | /* Function codes. */ |
| @@ -1105,17 +1190,25 @@ X509 *X509_find_by_subject(); | |||
| 1105 | #define X509_F_BY_FILE_CTRL 101 | 1190 | #define X509_F_BY_FILE_CTRL 101 |
| 1106 | #define X509_F_DIR_CTRL 102 | 1191 | #define X509_F_DIR_CTRL 102 |
| 1107 | #define X509_F_GET_CERT_BY_SUBJECT 103 | 1192 | #define X509_F_GET_CERT_BY_SUBJECT 103 |
| 1193 | #define X509_F_NETSCAPE_SPKI_B64_DECODE 129 | ||
| 1194 | #define X509_F_NETSCAPE_SPKI_B64_ENCODE 130 | ||
| 1108 | #define X509_F_X509V3_ADD_EXT 104 | 1195 | #define X509_F_X509V3_ADD_EXT 104 |
| 1109 | #define X509_F_X509V3_ADD_EXTENSION 105 | 1196 | #define X509_F_X509_ADD_ATTR 135 |
| 1110 | #define X509_F_X509V3_PACK_STRING 106 | 1197 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_NID 136 |
| 1111 | #define X509_F_X509V3_UNPACK_STRING 107 | 1198 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ 137 |
| 1199 | #define X509_F_X509_ATTRIBUTE_CREATE_BY_TXT 140 | ||
| 1200 | #define X509_F_X509_ATTRIBUTE_GET0_DATA 139 | ||
| 1201 | #define X509_F_X509_ATTRIBUTE_SET1_DATA 138 | ||
| 1202 | #define X509_F_X509_CHECK_PRIVATE_KEY 128 | ||
| 1112 | #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 | 1203 | #define X509_F_X509_EXTENSION_CREATE_BY_NID 108 |
| 1113 | #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 | 1204 | #define X509_F_X509_EXTENSION_CREATE_BY_OBJ 109 |
| 1114 | #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 | 1205 | #define X509_F_X509_GET_PUBKEY_PARAMETERS 110 |
| 1206 | #define X509_F_X509_LOAD_CERT_CRL_FILE 132 | ||
| 1115 | #define X509_F_X509_LOAD_CERT_FILE 111 | 1207 | #define X509_F_X509_LOAD_CERT_FILE 111 |
| 1116 | #define X509_F_X509_LOAD_CRL_FILE 112 | 1208 | #define X509_F_X509_LOAD_CRL_FILE 112 |
| 1117 | #define X509_F_X509_NAME_ADD_ENTRY 113 | 1209 | #define X509_F_X509_NAME_ADD_ENTRY 113 |
| 1118 | #define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 | 1210 | #define X509_F_X509_NAME_ENTRY_CREATE_BY_NID 114 |
| 1211 | #define X509_F_X509_NAME_ENTRY_CREATE_BY_TXT 131 | ||
| 1119 | #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 | 1212 | #define X509_F_X509_NAME_ENTRY_SET_OBJECT 115 |
| 1120 | #define X509_F_X509_NAME_ONELINE 116 | 1213 | #define X509_F_X509_NAME_ONELINE 116 |
| 1121 | #define X509_F_X509_NAME_PRINT 117 | 1214 | #define X509_F_X509_NAME_PRINT 117 |
| @@ -1127,26 +1220,40 @@ X509 *X509_find_by_subject(); | |||
| 1127 | #define X509_F_X509_REQ_TO_X509 123 | 1220 | #define X509_F_X509_REQ_TO_X509 123 |
| 1128 | #define X509_F_X509_STORE_ADD_CERT 124 | 1221 | #define X509_F_X509_STORE_ADD_CERT 124 |
| 1129 | #define X509_F_X509_STORE_ADD_CRL 125 | 1222 | #define X509_F_X509_STORE_ADD_CRL 125 |
| 1223 | #define X509_F_X509_STORE_CTX_INIT 143 | ||
| 1224 | #define X509_F_X509_STORE_CTX_NEW 142 | ||
| 1225 | #define X509_F_X509_STORE_CTX_PURPOSE_INHERIT 134 | ||
| 1130 | #define X509_F_X509_TO_X509_REQ 126 | 1226 | #define X509_F_X509_TO_X509_REQ 126 |
| 1227 | #define X509_F_X509_TRUST_ADD 133 | ||
| 1228 | #define X509_F_X509_TRUST_SET 141 | ||
| 1131 | #define X509_F_X509_VERIFY_CERT 127 | 1229 | #define X509_F_X509_VERIFY_CERT 127 |
| 1132 | 1230 | ||
| 1133 | /* Reason codes. */ | 1231 | /* Reason codes. */ |
| 1134 | #define X509_R_BAD_X509_FILETYPE 100 | 1232 | #define X509_R_BAD_X509_FILETYPE 100 |
| 1233 | #define X509_R_BASE64_DECODE_ERROR 118 | ||
| 1234 | #define X509_R_CANT_CHECK_DH_KEY 114 | ||
| 1135 | #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 | 1235 | #define X509_R_CERT_ALREADY_IN_HASH_TABLE 101 |
| 1136 | #define X509_R_ERR_ASN1_LIB 102 | 1236 | #define X509_R_ERR_ASN1_LIB 102 |
| 1237 | #define X509_R_INVALID_DIRECTORY 113 | ||
| 1238 | #define X509_R_INVALID_FIELD_NAME 119 | ||
| 1239 | #define X509_R_INVALID_TRUST 123 | ||
| 1240 | #define X509_R_KEY_TYPE_MISMATCH 115 | ||
| 1241 | #define X509_R_KEY_VALUES_MISMATCH 116 | ||
| 1137 | #define X509_R_LOADING_CERT_DIR 103 | 1242 | #define X509_R_LOADING_CERT_DIR 103 |
| 1138 | #define X509_R_LOADING_DEFAULTS 104 | 1243 | #define X509_R_LOADING_DEFAULTS 104 |
| 1139 | #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 | 1244 | #define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 105 |
| 1140 | #define X509_R_SHOULD_RETRY 106 | 1245 | #define X509_R_SHOULD_RETRY 106 |
| 1141 | #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 | 1246 | #define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 107 |
| 1142 | #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 | 1247 | #define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 108 |
| 1248 | #define X509_R_UNKNOWN_KEY_TYPE 117 | ||
| 1143 | #define X509_R_UNKNOWN_NID 109 | 1249 | #define X509_R_UNKNOWN_NID 109 |
| 1144 | #define X509_R_UNKNOWN_STRING_TYPE 110 | 1250 | #define X509_R_UNKNOWN_PURPOSE_ID 121 |
| 1251 | #define X509_R_UNKNOWN_TRUST_ID 120 | ||
| 1145 | #define X509_R_UNSUPPORTED_ALGORITHM 111 | 1252 | #define X509_R_UNSUPPORTED_ALGORITHM 111 |
| 1146 | #define X509_R_WRONG_LOOKUP_TYPE 112 | 1253 | #define X509_R_WRONG_LOOKUP_TYPE 112 |
| 1147 | 1254 | #define X509_R_WRONG_TYPE 122 | |
| 1255 | |||
| 1148 | #ifdef __cplusplus | 1256 | #ifdef __cplusplus |
| 1149 | } | 1257 | } |
| 1150 | #endif | 1258 | #endif |
| 1151 | #endif | 1259 | #endif |
| 1152 | |||
diff --git a/src/lib/libcrypto/x509/x509_att.c b/src/lib/libcrypto/x509/x509_att.c index caafde658f..0bae3d32a1 100644 --- a/src/lib/libcrypto/x509/x509_att.c +++ b/src/lib/libcrypto/x509/x509_att.c | |||
| @@ -149,8 +149,8 @@ err2: | |||
| 149 | } | 149 | } |
| 150 | 150 | ||
| 151 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, | 151 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, |
| 152 | ASN1_OBJECT *obj, int type, | 152 | const ASN1_OBJECT *obj, int type, |
| 153 | unsigned char *bytes, int len) | 153 | const unsigned char *bytes, int len) |
| 154 | { | 154 | { |
| 155 | X509_ATTRIBUTE *attr; | 155 | X509_ATTRIBUTE *attr; |
| 156 | STACK_OF(X509_ATTRIBUTE) *ret; | 156 | STACK_OF(X509_ATTRIBUTE) *ret; |
| @@ -163,7 +163,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_OBJ(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 163 | 163 | ||
| 164 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, | 164 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, |
| 165 | int nid, int type, | 165 | int nid, int type, |
| 166 | unsigned char *bytes, int len) | 166 | const unsigned char *bytes, int len) |
| 167 | { | 167 | { |
| 168 | X509_ATTRIBUTE *attr; | 168 | X509_ATTRIBUTE *attr; |
| 169 | STACK_OF(X509_ATTRIBUTE) *ret; | 169 | STACK_OF(X509_ATTRIBUTE) *ret; |
| @@ -175,8 +175,8 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_NID(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 175 | } | 175 | } |
| 176 | 176 | ||
| 177 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | 177 | STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, |
| 178 | char *attrname, int type, | 178 | const char *attrname, int type, |
| 179 | unsigned char *bytes, int len) | 179 | const unsigned char *bytes, int len) |
| 180 | { | 180 | { |
| 181 | X509_ATTRIBUTE *attr; | 181 | X509_ATTRIBUTE *attr; |
| 182 | STACK_OF(X509_ATTRIBUTE) *ret; | 182 | STACK_OF(X509_ATTRIBUTE) *ret; |
| @@ -188,7 +188,7 @@ STACK_OF(X509_ATTRIBUTE) *X509at_add1_attr_by_txt(STACK_OF(X509_ATTRIBUTE) **x, | |||
| 188 | } | 188 | } |
| 189 | 189 | ||
| 190 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | 190 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, |
| 191 | int atrtype, void *data, int len) | 191 | int atrtype, const void *data, int len) |
| 192 | { | 192 | { |
| 193 | ASN1_OBJECT *obj; | 193 | ASN1_OBJECT *obj; |
| 194 | X509_ATTRIBUTE *ret; | 194 | X509_ATTRIBUTE *ret; |
| @@ -205,7 +205,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_NID(X509_ATTRIBUTE **attr, int nid, | |||
| 205 | } | 205 | } |
| 206 | 206 | ||
| 207 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, | 207 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_OBJ(X509_ATTRIBUTE **attr, |
| 208 | ASN1_OBJECT *obj, int atrtype, void *data, int len) | 208 | const ASN1_OBJECT *obj, int atrtype, const void *data, int len) |
| 209 | { | 209 | { |
| 210 | X509_ATTRIBUTE *ret; | 210 | X509_ATTRIBUTE *ret; |
| 211 | 211 | ||
| @@ -234,7 +234,7 @@ err: | |||
| 234 | } | 234 | } |
| 235 | 235 | ||
| 236 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, | 236 | X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, |
| 237 | char *atrname, int type, unsigned char *bytes, int len) | 237 | const char *atrname, int type, const unsigned char *bytes, int len) |
| 238 | { | 238 | { |
| 239 | ASN1_OBJECT *obj; | 239 | ASN1_OBJECT *obj; |
| 240 | X509_ATTRIBUTE *nattr; | 240 | X509_ATTRIBUTE *nattr; |
| @@ -252,7 +252,7 @@ X509_ATTRIBUTE *X509_ATTRIBUTE_create_by_txt(X509_ATTRIBUTE **attr, | |||
| 252 | return nattr; | 252 | return nattr; |
| 253 | } | 253 | } |
| 254 | 254 | ||
| 255 | int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj) | 255 | int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, const ASN1_OBJECT *obj) |
| 256 | { | 256 | { |
| 257 | if ((attr == NULL) || (obj == NULL)) | 257 | if ((attr == NULL) || (obj == NULL)) |
| 258 | return(0); | 258 | return(0); |
| @@ -261,7 +261,7 @@ int X509_ATTRIBUTE_set1_object(X509_ATTRIBUTE *attr, ASN1_OBJECT *obj) | |||
| 261 | return(1); | 261 | return(1); |
| 262 | } | 262 | } |
| 263 | 263 | ||
| 264 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int len) | 264 | int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, const void *data, int len) |
| 265 | { | 265 | { |
| 266 | ASN1_TYPE *ttmp; | 266 | ASN1_TYPE *ttmp; |
| 267 | ASN1_STRING *stmp; | 267 | ASN1_STRING *stmp; |
| @@ -283,7 +283,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int | |||
| 283 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | 283 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; |
| 284 | if(!(ttmp = ASN1_TYPE_new())) goto err; | 284 | if(!(ttmp = ASN1_TYPE_new())) goto err; |
| 285 | if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; | 285 | if(!sk_ASN1_TYPE_push(attr->value.set, ttmp)) goto err; |
| 286 | attr->set = 1; | 286 | attr->single = 0; |
| 287 | ASN1_TYPE_set(ttmp, atype, stmp); | 287 | ASN1_TYPE_set(ttmp, atype, stmp); |
| 288 | return 1; | 288 | return 1; |
| 289 | err: | 289 | err: |
| @@ -293,7 +293,7 @@ int X509_ATTRIBUTE_set1_data(X509_ATTRIBUTE *attr, int attrtype, void *data, int | |||
| 293 | 293 | ||
| 294 | int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) | 294 | int X509_ATTRIBUTE_count(X509_ATTRIBUTE *attr) |
| 295 | { | 295 | { |
| 296 | if(attr->set) return sk_ASN1_TYPE_num(attr->value.set); | 296 | if(!attr->single) return sk_ASN1_TYPE_num(attr->value.set); |
| 297 | if(attr->value.single) return 1; | 297 | if(attr->value.single) return 1; |
| 298 | return 0; | 298 | return 0; |
| 299 | } | 299 | } |
| @@ -321,6 +321,6 @@ ASN1_TYPE *X509_ATTRIBUTE_get0_type(X509_ATTRIBUTE *attr, int idx) | |||
| 321 | { | 321 | { |
| 322 | if (attr == NULL) return(NULL); | 322 | if (attr == NULL) return(NULL); |
| 323 | if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; | 323 | if(idx >= X509_ATTRIBUTE_count(attr)) return NULL; |
| 324 | if(attr->set) return sk_ASN1_TYPE_value(attr->value.set, idx); | 324 | if(!attr->single) return sk_ASN1_TYPE_value(attr->value.set, idx); |
| 325 | else return attr->value.single; | 325 | else return attr->value.single; |
| 326 | } | 326 | } |
diff --git a/src/lib/libcrypto/x509/x509_cmp.c b/src/lib/libcrypto/x509/x509_cmp.c index f9d9510ac5..cd20b6d66f 100644 --- a/src/lib/libcrypto/x509/x509_cmp.c +++ b/src/lib/libcrypto/x509/x509_cmp.c | |||
| @@ -57,114 +57,121 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <sys/types.h> | ||
| 61 | #include <sys/stat.h> | ||
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 63 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 64 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 65 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | #include <openssl/x509v3.h> | ||
| 66 | 65 | ||
| 67 | int X509_issuer_and_serial_cmp(a,b) | 66 | int X509_issuer_and_serial_cmp(const X509 *a, const X509 *b) |
| 68 | X509 *a; | ||
| 69 | X509 *b; | ||
| 70 | { | 67 | { |
| 71 | int i; | 68 | int i; |
| 72 | X509_CINF *ai,*bi; | 69 | X509_CINF *ai,*bi; |
| 73 | 70 | ||
| 74 | ai=a->cert_info; | 71 | ai=a->cert_info; |
| 75 | bi=b->cert_info; | 72 | bi=b->cert_info; |
| 76 | i=ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); | 73 | i=M_ASN1_INTEGER_cmp(ai->serialNumber,bi->serialNumber); |
| 77 | if (i) return(i); | 74 | if (i) return(i); |
| 78 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); | 75 | return(X509_NAME_cmp(ai->issuer,bi->issuer)); |
| 79 | } | 76 | } |
| 80 | 77 | ||
| 81 | #ifndef NO_MD5 | 78 | #ifndef OPENSSL_NO_MD5 |
| 82 | unsigned long X509_issuer_and_serial_hash(a) | 79 | unsigned long X509_issuer_and_serial_hash(X509 *a) |
| 83 | X509 *a; | ||
| 84 | { | 80 | { |
| 85 | unsigned long ret=0; | 81 | unsigned long ret=0; |
| 86 | MD5_CTX ctx; | 82 | EVP_MD_CTX ctx; |
| 87 | unsigned char md[16]; | 83 | unsigned char md[16]; |
| 88 | char str[256]; | 84 | char str[256]; |
| 89 | 85 | ||
| 86 | EVP_MD_CTX_init(&ctx); | ||
| 90 | X509_NAME_oneline(a->cert_info->issuer,str,256); | 87 | X509_NAME_oneline(a->cert_info->issuer,str,256); |
| 91 | ret=strlen(str); | 88 | ret=strlen(str); |
| 92 | MD5_Init(&ctx); | 89 | EVP_DigestInit_ex(&ctx, EVP_md5(), NULL); |
| 93 | MD5_Update(&ctx,(unsigned char *)str,ret); | 90 | EVP_DigestUpdate(&ctx,(unsigned char *)str,ret); |
| 94 | MD5_Update(&ctx,(unsigned char *)a->cert_info->serialNumber->data, | 91 | EVP_DigestUpdate(&ctx,(unsigned char *)a->cert_info->serialNumber->data, |
| 95 | (unsigned long)a->cert_info->serialNumber->length); | 92 | (unsigned long)a->cert_info->serialNumber->length); |
| 96 | MD5_Final(&(md[0]),&ctx); | 93 | EVP_DigestFinal_ex(&ctx,&(md[0]),NULL); |
| 97 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 94 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 98 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 95 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| 99 | )&0xffffffffL; | 96 | )&0xffffffffL; |
| 97 | EVP_MD_CTX_cleanup(&ctx); | ||
| 100 | return(ret); | 98 | return(ret); |
| 101 | } | 99 | } |
| 102 | #endif | 100 | #endif |
| 103 | 101 | ||
| 104 | int X509_issuer_name_cmp(a, b) | 102 | int X509_issuer_name_cmp(const X509 *a, const X509 *b) |
| 105 | X509 *a; | ||
| 106 | X509 *b; | ||
| 107 | { | 103 | { |
| 108 | return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); | 104 | return(X509_NAME_cmp(a->cert_info->issuer,b->cert_info->issuer)); |
| 109 | } | 105 | } |
| 110 | 106 | ||
| 111 | int X509_subject_name_cmp(a, b) | 107 | int X509_subject_name_cmp(const X509 *a, const X509 *b) |
| 112 | X509 *a; | ||
| 113 | X509 *b; | ||
| 114 | { | 108 | { |
| 115 | return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); | 109 | return(X509_NAME_cmp(a->cert_info->subject,b->cert_info->subject)); |
| 116 | } | 110 | } |
| 117 | 111 | ||
| 118 | int X509_CRL_cmp(a, b) | 112 | int X509_CRL_cmp(const X509_CRL *a, const X509_CRL *b) |
| 119 | X509_CRL *a; | ||
| 120 | X509_CRL *b; | ||
| 121 | { | 113 | { |
| 122 | return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); | 114 | return(X509_NAME_cmp(a->crl->issuer,b->crl->issuer)); |
| 123 | } | 115 | } |
| 124 | 116 | ||
| 125 | X509_NAME *X509_get_issuer_name(a) | 117 | X509_NAME *X509_get_issuer_name(X509 *a) |
| 126 | X509 *a; | ||
| 127 | { | 118 | { |
| 128 | return(a->cert_info->issuer); | 119 | return(a->cert_info->issuer); |
| 129 | } | 120 | } |
| 130 | 121 | ||
| 131 | unsigned long X509_issuer_name_hash(x) | 122 | unsigned long X509_issuer_name_hash(X509 *x) |
| 132 | X509 *x; | ||
| 133 | { | 123 | { |
| 134 | return(X509_NAME_hash(x->cert_info->issuer)); | 124 | return(X509_NAME_hash(x->cert_info->issuer)); |
| 135 | } | 125 | } |
| 136 | 126 | ||
| 137 | X509_NAME *X509_get_subject_name(a) | 127 | X509_NAME *X509_get_subject_name(X509 *a) |
| 138 | X509 *a; | ||
| 139 | { | 128 | { |
| 140 | return(a->cert_info->subject); | 129 | return(a->cert_info->subject); |
| 141 | } | 130 | } |
| 142 | 131 | ||
| 143 | ASN1_INTEGER *X509_get_serialNumber(a) | 132 | ASN1_INTEGER *X509_get_serialNumber(X509 *a) |
| 144 | X509 *a; | ||
| 145 | { | 133 | { |
| 146 | return(a->cert_info->serialNumber); | 134 | return(a->cert_info->serialNumber); |
| 147 | } | 135 | } |
| 148 | 136 | ||
| 149 | unsigned long X509_subject_name_hash(x) | 137 | unsigned long X509_subject_name_hash(X509 *x) |
| 150 | X509 *x; | ||
| 151 | { | 138 | { |
| 152 | return(X509_NAME_hash(x->cert_info->subject)); | 139 | return(X509_NAME_hash(x->cert_info->subject)); |
| 153 | } | 140 | } |
| 154 | 141 | ||
| 155 | int X509_NAME_cmp(a, b) | 142 | #ifndef OPENSSL_NO_SHA |
| 156 | X509_NAME *a; | 143 | /* Compare two certificates: they must be identical for |
| 157 | X509_NAME *b; | 144 | * this to work. NB: Although "cmp" operations are generally |
| 145 | * prototyped to take "const" arguments (eg. for use in | ||
| 146 | * STACKs), the way X509 handling is - these operations may | ||
| 147 | * involve ensuring the hashes are up-to-date and ensuring | ||
| 148 | * certain cert information is cached. So this is the point | ||
| 149 | * where the "depth-first" constification tree has to halt | ||
| 150 | * with an evil cast. | ||
| 151 | */ | ||
| 152 | int X509_cmp(const X509 *a, const X509 *b) | ||
| 153 | { | ||
| 154 | /* ensure hash is valid */ | ||
| 155 | X509_check_purpose((X509 *)a, -1, 0); | ||
| 156 | X509_check_purpose((X509 *)b, -1, 0); | ||
| 157 | |||
| 158 | return memcmp(a->sha1_hash, b->sha1_hash, SHA_DIGEST_LENGTH); | ||
| 159 | } | ||
| 160 | #endif | ||
| 161 | |||
| 162 | int X509_NAME_cmp(const X509_NAME *a, const X509_NAME *b) | ||
| 158 | { | 163 | { |
| 159 | int i,j; | 164 | int i,j; |
| 160 | X509_NAME_ENTRY *na,*nb; | 165 | X509_NAME_ENTRY *na,*nb; |
| 161 | 166 | ||
| 162 | if (sk_num(a->entries) != sk_num(b->entries)) | 167 | if (sk_X509_NAME_ENTRY_num(a->entries) |
| 163 | return(sk_num(a->entries)-sk_num(b->entries)); | 168 | != sk_X509_NAME_ENTRY_num(b->entries)) |
| 164 | for (i=sk_num(a->entries)-1; i>=0; i--) | 169 | return sk_X509_NAME_ENTRY_num(a->entries) |
| 170 | -sk_X509_NAME_ENTRY_num(b->entries); | ||
| 171 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) | ||
| 165 | { | 172 | { |
| 166 | na=(X509_NAME_ENTRY *)sk_value(a->entries,i); | 173 | na=sk_X509_NAME_ENTRY_value(a->entries,i); |
| 167 | nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); | 174 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); |
| 168 | j=na->value->length-nb->value->length; | 175 | j=na->value->length-nb->value->length; |
| 169 | if (j) return(j); | 176 | if (j) return(j); |
| 170 | j=memcmp(na->value->data,nb->value->data, | 177 | j=memcmp(na->value->data,nb->value->data, |
| @@ -177,37 +184,27 @@ X509_NAME *b; | |||
| 177 | /* We will check the object types after checking the values | 184 | /* We will check the object types after checking the values |
| 178 | * since the values will more often be different than the object | 185 | * since the values will more often be different than the object |
| 179 | * types. */ | 186 | * types. */ |
| 180 | for (i=sk_num(a->entries)-1; i>=0; i--) | 187 | for (i=sk_X509_NAME_ENTRY_num(a->entries)-1; i>=0; i--) |
| 181 | { | 188 | { |
| 182 | na=(X509_NAME_ENTRY *)sk_value(a->entries,i); | 189 | na=sk_X509_NAME_ENTRY_value(a->entries,i); |
| 183 | nb=(X509_NAME_ENTRY *)sk_value(b->entries,i); | 190 | nb=sk_X509_NAME_ENTRY_value(b->entries,i); |
| 184 | j=OBJ_cmp(na->object,nb->object); | 191 | j=OBJ_cmp(na->object,nb->object); |
| 185 | if (j) return(j); | 192 | if (j) return(j); |
| 186 | } | 193 | } |
| 187 | return(0); | 194 | return(0); |
| 188 | } | 195 | } |
| 189 | 196 | ||
| 190 | #ifndef NO_MD5 | 197 | #ifndef OPENSSL_NO_MD5 |
| 191 | /* I now DER encode the name and hash it. Since I cache the DER encoding, | 198 | /* I now DER encode the name and hash it. Since I cache the DER encoding, |
| 192 | * this is reasonably effiecent. */ | 199 | * this is reasonably efficient. */ |
| 193 | unsigned long X509_NAME_hash(x) | 200 | unsigned long X509_NAME_hash(X509_NAME *x) |
| 194 | X509_NAME *x; | ||
| 195 | { | 201 | { |
| 196 | unsigned long ret=0; | 202 | unsigned long ret=0; |
| 197 | unsigned char md[16]; | 203 | unsigned char md[16]; |
| 198 | unsigned char str[256],*p,*pp; | ||
| 199 | int i; | ||
| 200 | |||
| 201 | i=i2d_X509_NAME(x,NULL); | ||
| 202 | if (i > sizeof(str)) | ||
| 203 | p=Malloc(i); | ||
| 204 | else | ||
| 205 | p=str; | ||
| 206 | 204 | ||
| 207 | pp=p; | 205 | /* Make sure X509_NAME structure contains valid cached encoding */ |
| 208 | i2d_X509_NAME(x,&pp); | 206 | i2d_X509_NAME(x,NULL); |
| 209 | MD5((unsigned char *)p,i,&(md[0])); | 207 | EVP_Digest(x->bytes->data, x->bytes->length, md, NULL, EVP_md5(), NULL); |
| 210 | if (p != str) Free(p); | ||
| 211 | 208 | ||
| 212 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| | 209 | ret=( ((unsigned long)md[0] )|((unsigned long)md[1]<<8L)| |
| 213 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) | 210 | ((unsigned long)md[2]<<16L)|((unsigned long)md[3]<<24L) |
| @@ -217,41 +214,100 @@ X509_NAME *x; | |||
| 217 | #endif | 214 | #endif |
| 218 | 215 | ||
| 219 | /* Search a stack of X509 for a match */ | 216 | /* Search a stack of X509 for a match */ |
| 220 | X509 *X509_find_by_issuer_and_serial(sk,name,serial) | 217 | X509 *X509_find_by_issuer_and_serial(STACK_OF(X509) *sk, X509_NAME *name, |
| 221 | STACK *sk; | 218 | ASN1_INTEGER *serial) |
| 222 | X509_NAME *name; | ||
| 223 | ASN1_INTEGER *serial; | ||
| 224 | { | 219 | { |
| 225 | int i; | 220 | int i; |
| 226 | X509_CINF cinf; | 221 | X509_CINF cinf; |
| 227 | X509 x,*x509=NULL; | 222 | X509 x,*x509=NULL; |
| 228 | 223 | ||
| 224 | if(!sk) return NULL; | ||
| 225 | |||
| 229 | x.cert_info= &cinf; | 226 | x.cert_info= &cinf; |
| 230 | cinf.serialNumber=serial; | 227 | cinf.serialNumber=serial; |
| 231 | cinf.issuer=name; | 228 | cinf.issuer=name; |
| 232 | 229 | ||
| 233 | for (i=0; i<sk_num(sk); i++) | 230 | for (i=0; i<sk_X509_num(sk); i++) |
| 234 | { | 231 | { |
| 235 | x509=(X509 *)sk_value(sk,i); | 232 | x509=sk_X509_value(sk,i); |
| 236 | if (X509_issuer_and_serial_cmp(x509,&x) == 0) | 233 | if (X509_issuer_and_serial_cmp(x509,&x) == 0) |
| 237 | return(x509); | 234 | return(x509); |
| 238 | } | 235 | } |
| 239 | return(NULL); | 236 | return(NULL); |
| 240 | } | 237 | } |
| 241 | 238 | ||
| 242 | X509 *X509_find_by_subject(sk,name) | 239 | X509 *X509_find_by_subject(STACK_OF(X509) *sk, X509_NAME *name) |
| 243 | STACK *sk; | ||
| 244 | X509_NAME *name; | ||
| 245 | { | 240 | { |
| 246 | X509 *x509; | 241 | X509 *x509; |
| 247 | int i; | 242 | int i; |
| 248 | 243 | ||
| 249 | for (i=0; i<sk_num(sk); i++) | 244 | for (i=0; i<sk_X509_num(sk); i++) |
| 250 | { | 245 | { |
| 251 | x509=(X509 *)sk_value(sk,i); | 246 | x509=sk_X509_value(sk,i); |
| 252 | if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) | 247 | if (X509_NAME_cmp(X509_get_subject_name(x509),name) == 0) |
| 253 | return(x509); | 248 | return(x509); |
| 254 | } | 249 | } |
| 255 | return(NULL); | 250 | return(NULL); |
| 256 | } | 251 | } |
| 257 | 252 | ||
| 253 | EVP_PKEY *X509_get_pubkey(X509 *x) | ||
| 254 | { | ||
| 255 | if ((x == NULL) || (x->cert_info == NULL)) | ||
| 256 | return(NULL); | ||
| 257 | return(X509_PUBKEY_get(x->cert_info->key)); | ||
| 258 | } | ||
| 259 | |||
| 260 | ASN1_BIT_STRING *X509_get0_pubkey_bitstr(const X509 *x) | ||
| 261 | { | ||
| 262 | if(!x) return NULL; | ||
| 263 | return x->cert_info->key->public_key; | ||
| 264 | } | ||
| 265 | |||
| 266 | int X509_check_private_key(X509 *x, EVP_PKEY *k) | ||
| 267 | { | ||
| 268 | EVP_PKEY *xk=NULL; | ||
| 269 | int ok=0; | ||
| 270 | |||
| 271 | xk=X509_get_pubkey(x); | ||
| 272 | if (xk->type != k->type) | ||
| 273 | { | ||
| 274 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_TYPE_MISMATCH); | ||
| 275 | goto err; | ||
| 276 | } | ||
| 277 | switch (k->type) | ||
| 278 | { | ||
| 279 | #ifndef OPENSSL_NO_RSA | ||
| 280 | case EVP_PKEY_RSA: | ||
| 281 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0 | ||
| 282 | || BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) | ||
| 283 | { | ||
| 284 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 285 | goto err; | ||
| 286 | } | ||
| 287 | break; | ||
| 288 | #endif | ||
| 289 | #ifndef OPENSSL_NO_DSA | ||
| 290 | case EVP_PKEY_DSA: | ||
| 291 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) | ||
| 292 | { | ||
| 293 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_KEY_VALUES_MISMATCH); | ||
| 294 | goto err; | ||
| 295 | } | ||
| 296 | break; | ||
| 297 | #endif | ||
| 298 | #ifndef OPENSSL_NO_DH | ||
| 299 | case EVP_PKEY_DH: | ||
| 300 | /* No idea */ | ||
| 301 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_CANT_CHECK_DH_KEY); | ||
| 302 | goto err; | ||
| 303 | #endif | ||
| 304 | default: | ||
| 305 | X509err(X509_F_X509_CHECK_PRIVATE_KEY,X509_R_UNKNOWN_KEY_TYPE); | ||
| 306 | goto err; | ||
| 307 | } | ||
| 308 | |||
| 309 | ok=1; | ||
| 310 | err: | ||
| 311 | EVP_PKEY_free(xk); | ||
| 312 | return(ok); | ||
| 313 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_d2.c b/src/lib/libcrypto/x509/x509_d2.c index 01e22f4cb4..51410cfd1a 100644 --- a/src/lib/libcrypto/x509/x509_d2.c +++ b/src/lib/libcrypto/x509/x509_d2.c | |||
| @@ -57,15 +57,12 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <sys/types.h> | ||
| 61 | #include <sys/stat.h> | ||
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 63 | #include "crypto.h" | 61 | #include <openssl/crypto.h> |
| 64 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 65 | 63 | ||
| 66 | #ifndef NO_STDIO | 64 | #ifndef OPENSSL_NO_STDIO |
| 67 | int X509_STORE_set_default_paths(ctx) | 65 | int X509_STORE_set_default_paths(X509_STORE *ctx) |
| 68 | X509_STORE *ctx; | ||
| 69 | { | 66 | { |
| 70 | X509_LOOKUP *lookup; | 67 | X509_LOOKUP *lookup; |
| 71 | 68 | ||
| @@ -83,10 +80,8 @@ X509_STORE *ctx; | |||
| 83 | return(1); | 80 | return(1); |
| 84 | } | 81 | } |
| 85 | 82 | ||
| 86 | int X509_STORE_load_locations(ctx,file,path) | 83 | int X509_STORE_load_locations(X509_STORE *ctx, const char *file, |
| 87 | X509_STORE *ctx; | 84 | const char *path) |
| 88 | char *file; | ||
| 89 | char *path; | ||
| 90 | { | 85 | { |
| 91 | X509_LOOKUP *lookup; | 86 | X509_LOOKUP *lookup; |
| 92 | 87 | ||
| @@ -94,13 +89,15 @@ char *path; | |||
| 94 | { | 89 | { |
| 95 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); | 90 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_file()); |
| 96 | if (lookup == NULL) return(0); | 91 | if (lookup == NULL) return(0); |
| 97 | X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM); | 92 | if (X509_LOOKUP_load_file(lookup,file,X509_FILETYPE_PEM) != 1) |
| 93 | return(0); | ||
| 98 | } | 94 | } |
| 99 | if (path != NULL) | 95 | if (path != NULL) |
| 100 | { | 96 | { |
| 101 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); | 97 | lookup=X509_STORE_add_lookup(ctx,X509_LOOKUP_hash_dir()); |
| 102 | if (lookup == NULL) return(0); | 98 | if (lookup == NULL) return(0); |
| 103 | X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM); | 99 | if (X509_LOOKUP_add_dir(lookup,path,X509_FILETYPE_PEM) != 1) |
| 100 | return(0); | ||
| 104 | } | 101 | } |
| 105 | if ((path == NULL) && (file == NULL)) | 102 | if ((path == NULL) && (file == NULL)) |
| 106 | return(0); | 103 | return(0); |
diff --git a/src/lib/libcrypto/x509/x509_def.c b/src/lib/libcrypto/x509/x509_def.c index d9ab39b15a..e0ac151a76 100644 --- a/src/lib/libcrypto/x509/x509_def.c +++ b/src/lib/libcrypto/x509/x509_def.c | |||
| @@ -57,27 +57,25 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <sys/types.h> | ||
| 61 | #include <sys/stat.h> | ||
| 62 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 63 | #include "crypto.h" | 61 | #include <openssl/crypto.h> |
| 64 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 65 | 63 | ||
| 66 | char *X509_get_default_private_dir() | 64 | const char *X509_get_default_private_dir(void) |
| 67 | { return(X509_PRIVATE_DIR); } | 65 | { return(X509_PRIVATE_DIR); } |
| 68 | 66 | ||
| 69 | char *X509_get_default_cert_area() | 67 | const char *X509_get_default_cert_area(void) |
| 70 | { return(X509_CERT_AREA); } | 68 | { return(X509_CERT_AREA); } |
| 71 | 69 | ||
| 72 | char *X509_get_default_cert_dir() | 70 | const char *X509_get_default_cert_dir(void) |
| 73 | { return(X509_CERT_DIR); } | 71 | { return(X509_CERT_DIR); } |
| 74 | 72 | ||
| 75 | char *X509_get_default_cert_file() | 73 | const char *X509_get_default_cert_file(void) |
| 76 | { return(X509_CERT_FILE); } | 74 | { return(X509_CERT_FILE); } |
| 77 | 75 | ||
| 78 | char *X509_get_default_cert_dir_env() | 76 | const char *X509_get_default_cert_dir_env(void) |
| 79 | { return(X509_CERT_DIR_EVP); } | 77 | { return(X509_CERT_DIR_EVP); } |
| 80 | 78 | ||
| 81 | char *X509_get_default_cert_file_env() | 79 | const char *X509_get_default_cert_file_env(void) |
| 82 | { return(X509_CERT_FILE_EVP); } | 80 | { return(X509_CERT_FILE_EVP); } |
| 83 | 81 | ||
diff --git a/src/lib/libcrypto/x509/x509_err.c b/src/lib/libcrypto/x509/x509_err.c index 9304721612..5bbf4acf76 100644 --- a/src/lib/libcrypto/x509/x509_err.c +++ b/src/lib/libcrypto/x509/x509_err.c | |||
| @@ -1,83 +1,94 @@ | |||
| 1 | /* lib/x509/x509_err.c */ | 1 | /* crypto/x509/x509_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA X509_str_functs[]= | 67 | static ERR_STRING_DATA X509_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, | 69 | {ERR_PACK(0,X509_F_ADD_CERT_DIR,0), "ADD_CERT_DIR"}, |
| 67 | {ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, | 70 | {ERR_PACK(0,X509_F_BY_FILE_CTRL,0), "BY_FILE_CTRL"}, |
| 68 | {ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, | 71 | {ERR_PACK(0,X509_F_DIR_CTRL,0), "DIR_CTRL"}, |
| 69 | {ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, | 72 | {ERR_PACK(0,X509_F_GET_CERT_BY_SUBJECT,0), "GET_CERT_BY_SUBJECT"}, |
| 73 | {ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_DECODE,0), "NETSCAPE_SPKI_b64_decode"}, | ||
| 74 | {ERR_PACK(0,X509_F_NETSCAPE_SPKI_B64_ENCODE,0), "NETSCAPE_SPKI_b64_encode"}, | ||
| 70 | {ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, | 75 | {ERR_PACK(0,X509_F_X509V3_ADD_EXT,0), "X509v3_add_ext"}, |
| 71 | {ERR_PACK(0,X509_F_X509V3_ADD_EXTENSION,0), "X509V3_ADD_EXTENSION"}, | 76 | {ERR_PACK(0,X509_F_X509_ADD_ATTR,0), "X509_ADD_ATTR"}, |
| 72 | {ERR_PACK(0,X509_F_X509V3_PACK_STRING,0), "X509v3_pack_string"}, | 77 | {ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_NID,0), "X509_ATTRIBUTE_create_by_NID"}, |
| 73 | {ERR_PACK(0,X509_F_X509V3_UNPACK_STRING,0), "X509v3_unpack_string"}, | 78 | {ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_OBJ,0), "X509_ATTRIBUTE_create_by_OBJ"}, |
| 79 | {ERR_PACK(0,X509_F_X509_ATTRIBUTE_CREATE_BY_TXT,0), "X509_ATTRIBUTE_create_by_txt"}, | ||
| 80 | {ERR_PACK(0,X509_F_X509_ATTRIBUTE_GET0_DATA,0), "X509_ATTRIBUTE_get0_data"}, | ||
| 81 | {ERR_PACK(0,X509_F_X509_ATTRIBUTE_SET1_DATA,0), "X509_ATTRIBUTE_set1_data"}, | ||
| 82 | {ERR_PACK(0,X509_F_X509_CHECK_PRIVATE_KEY,0), "X509_check_private_key"}, | ||
| 74 | {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, | 83 | {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_NID,0), "X509_EXTENSION_create_by_NID"}, |
| 75 | {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, | 84 | {ERR_PACK(0,X509_F_X509_EXTENSION_CREATE_BY_OBJ,0), "X509_EXTENSION_create_by_OBJ"}, |
| 76 | {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, | 85 | {ERR_PACK(0,X509_F_X509_GET_PUBKEY_PARAMETERS,0), "X509_get_pubkey_parameters"}, |
| 77 | {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_LOAD_CERT_FILE"}, | 86 | {ERR_PACK(0,X509_F_X509_LOAD_CERT_CRL_FILE,0), "X509_load_cert_crl_file"}, |
| 78 | {ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_LOAD_CRL_FILE"}, | 87 | {ERR_PACK(0,X509_F_X509_LOAD_CERT_FILE,0), "X509_load_cert_file"}, |
| 88 | {ERR_PACK(0,X509_F_X509_LOAD_CRL_FILE,0), "X509_load_crl_file"}, | ||
| 79 | {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, | 89 | {ERR_PACK(0,X509_F_X509_NAME_ADD_ENTRY,0), "X509_NAME_add_entry"}, |
| 80 | {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, | 90 | {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_NID,0), "X509_NAME_ENTRY_create_by_NID"}, |
| 91 | {ERR_PACK(0,X509_F_X509_NAME_ENTRY_CREATE_BY_TXT,0), "X509_NAME_ENTRY_create_by_txt"}, | ||
| 81 | {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, | 92 | {ERR_PACK(0,X509_F_X509_NAME_ENTRY_SET_OBJECT,0), "X509_NAME_ENTRY_set_object"}, |
| 82 | {ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, | 93 | {ERR_PACK(0,X509_F_X509_NAME_ONELINE,0), "X509_NAME_oneline"}, |
| 83 | {ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, | 94 | {ERR_PACK(0,X509_F_X509_NAME_PRINT,0), "X509_NAME_print"}, |
| @@ -87,41 +98,56 @@ static ERR_STRING_DATA X509_str_functs[]= | |||
| 87 | {ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, | 98 | {ERR_PACK(0,X509_F_X509_REQ_PRINT,0), "X509_REQ_print"}, |
| 88 | {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, | 99 | {ERR_PACK(0,X509_F_X509_REQ_PRINT_FP,0), "X509_REQ_print_fp"}, |
| 89 | {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, | 100 | {ERR_PACK(0,X509_F_X509_REQ_TO_X509,0), "X509_REQ_to_X509"}, |
| 90 | {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_ADD_CERT"}, | 101 | {ERR_PACK(0,X509_F_X509_STORE_ADD_CERT,0), "X509_STORE_add_cert"}, |
| 91 | {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_ADD_CRL"}, | 102 | {ERR_PACK(0,X509_F_X509_STORE_ADD_CRL,0), "X509_STORE_add_crl"}, |
| 103 | {ERR_PACK(0,X509_F_X509_STORE_CTX_INIT,0), "X509_STORE_CTX_init"}, | ||
| 104 | {ERR_PACK(0,X509_F_X509_STORE_CTX_NEW,0), "X509_STORE_CTX_new"}, | ||
| 105 | {ERR_PACK(0,X509_F_X509_STORE_CTX_PURPOSE_INHERIT,0), "X509_STORE_CTX_purpose_inherit"}, | ||
| 92 | {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, | 106 | {ERR_PACK(0,X509_F_X509_TO_X509_REQ,0), "X509_to_X509_REQ"}, |
| 107 | {ERR_PACK(0,X509_F_X509_TRUST_ADD,0), "X509_TRUST_add"}, | ||
| 108 | {ERR_PACK(0,X509_F_X509_TRUST_SET,0), "X509_TRUST_set"}, | ||
| 93 | {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, | 109 | {ERR_PACK(0,X509_F_X509_VERIFY_CERT,0), "X509_verify_cert"}, |
| 94 | {0,NULL}, | 110 | {0,NULL} |
| 95 | }; | 111 | }; |
| 96 | 112 | ||
| 97 | static ERR_STRING_DATA X509_str_reasons[]= | 113 | static ERR_STRING_DATA X509_str_reasons[]= |
| 98 | { | 114 | { |
| 99 | {X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, | 115 | {X509_R_BAD_X509_FILETYPE ,"bad x509 filetype"}, |
| 116 | {X509_R_BASE64_DECODE_ERROR ,"base64 decode error"}, | ||
| 117 | {X509_R_CANT_CHECK_DH_KEY ,"cant check dh key"}, | ||
| 100 | {X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, | 118 | {X509_R_CERT_ALREADY_IN_HASH_TABLE ,"cert already in hash table"}, |
| 101 | {X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, | 119 | {X509_R_ERR_ASN1_LIB ,"err asn1 lib"}, |
| 120 | {X509_R_INVALID_DIRECTORY ,"invalid directory"}, | ||
| 121 | {X509_R_INVALID_FIELD_NAME ,"invalid field name"}, | ||
| 122 | {X509_R_INVALID_TRUST ,"invalid trust"}, | ||
| 123 | {X509_R_KEY_TYPE_MISMATCH ,"key type mismatch"}, | ||
| 124 | {X509_R_KEY_VALUES_MISMATCH ,"key values mismatch"}, | ||
| 102 | {X509_R_LOADING_CERT_DIR ,"loading cert dir"}, | 125 | {X509_R_LOADING_CERT_DIR ,"loading cert dir"}, |
| 103 | {X509_R_LOADING_DEFAULTS ,"loading defaults"}, | 126 | {X509_R_LOADING_DEFAULTS ,"loading defaults"}, |
| 104 | {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, | 127 | {X509_R_NO_CERT_SET_FOR_US_TO_VERIFY ,"no cert set for us to verify"}, |
| 105 | {X509_R_SHOULD_RETRY ,"should retry"}, | 128 | {X509_R_SHOULD_RETRY ,"should retry"}, |
| 106 | {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, | 129 | {X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN,"unable to find parameters in chain"}, |
| 107 | {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, | 130 | {X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY ,"unable to get certs public key"}, |
| 131 | {X509_R_UNKNOWN_KEY_TYPE ,"unknown key type"}, | ||
| 108 | {X509_R_UNKNOWN_NID ,"unknown nid"}, | 132 | {X509_R_UNKNOWN_NID ,"unknown nid"}, |
| 109 | {X509_R_UNKNOWN_STRING_TYPE ,"unknown string type"}, | 133 | {X509_R_UNKNOWN_PURPOSE_ID ,"unknown purpose id"}, |
| 134 | {X509_R_UNKNOWN_TRUST_ID ,"unknown trust id"}, | ||
| 110 | {X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, | 135 | {X509_R_UNSUPPORTED_ALGORITHM ,"unsupported algorithm"}, |
| 111 | {X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, | 136 | {X509_R_WRONG_LOOKUP_TYPE ,"wrong lookup type"}, |
| 112 | {0,NULL}, | 137 | {X509_R_WRONG_TYPE ,"wrong type"}, |
| 138 | {0,NULL} | ||
| 113 | }; | 139 | }; |
| 114 | 140 | ||
| 115 | #endif | 141 | #endif |
| 116 | 142 | ||
| 117 | void ERR_load_X509_strings() | 143 | void ERR_load_X509_strings(void) |
| 118 | { | 144 | { |
| 119 | static int init=1; | 145 | static int init=1; |
| 120 | 146 | ||
| 121 | if (init); | 147 | if (init) |
| 122 | {; | 148 | { |
| 123 | init=0; | 149 | init=0; |
| 124 | #ifndef NO_ERR | 150 | #ifndef OPENSSL_NO_ERR |
| 125 | ERR_load_strings(ERR_LIB_X509,X509_str_functs); | 151 | ERR_load_strings(ERR_LIB_X509,X509_str_functs); |
| 126 | ERR_load_strings(ERR_LIB_X509,X509_str_reasons); | 152 | ERR_load_strings(ERR_LIB_X509,X509_str_reasons); |
| 127 | #endif | 153 | #endif |
diff --git a/src/lib/libcrypto/x509/x509_ext.c b/src/lib/libcrypto/x509/x509_ext.c index 1d76ecfcfd..e7fdacb5e4 100644 --- a/src/lib/libcrypto/x509/x509_ext.c +++ b/src/lib/libcrypto/x509/x509_ext.c | |||
| @@ -57,166 +57,154 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "stack.h" | 60 | #include <openssl/stack.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "asn1.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "evp.h" | 64 | #include <openssl/evp.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include <openssl/x509v3.h> | ||
| 66 | 67 | ||
| 67 | int X509_CRL_get_ext_count(x) | 68 | |
| 68 | X509_CRL *x; | 69 | int X509_CRL_get_ext_count(X509_CRL *x) |
| 69 | { | 70 | { |
| 70 | return(X509v3_get_ext_count(x->crl->extensions)); | 71 | return(X509v3_get_ext_count(x->crl->extensions)); |
| 71 | } | 72 | } |
| 72 | 73 | ||
| 73 | int X509_CRL_get_ext_by_NID(x,nid,lastpos) | 74 | int X509_CRL_get_ext_by_NID(X509_CRL *x, int nid, int lastpos) |
| 74 | X509_CRL *x; | ||
| 75 | int nid; | ||
| 76 | int lastpos; | ||
| 77 | { | 75 | { |
| 78 | return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); | 76 | return(X509v3_get_ext_by_NID(x->crl->extensions,nid,lastpos)); |
| 79 | } | 77 | } |
| 80 | 78 | ||
| 81 | int X509_CRL_get_ext_by_OBJ(x,obj,lastpos) | 79 | int X509_CRL_get_ext_by_OBJ(X509_CRL *x, ASN1_OBJECT *obj, int lastpos) |
| 82 | X509_CRL *x; | ||
| 83 | ASN1_OBJECT *obj; | ||
| 84 | int lastpos; | ||
| 85 | { | 80 | { |
| 86 | return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); | 81 | return(X509v3_get_ext_by_OBJ(x->crl->extensions,obj,lastpos)); |
| 87 | } | 82 | } |
| 88 | 83 | ||
| 89 | int X509_CRL_get_ext_by_critical(x,crit,lastpos) | 84 | int X509_CRL_get_ext_by_critical(X509_CRL *x, int crit, int lastpos) |
| 90 | X509_CRL *x; | ||
| 91 | int crit; | ||
| 92 | int lastpos; | ||
| 93 | { | 85 | { |
| 94 | return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); | 86 | return(X509v3_get_ext_by_critical(x->crl->extensions,crit,lastpos)); |
| 95 | } | 87 | } |
| 96 | 88 | ||
| 97 | X509_EXTENSION *X509_CRL_get_ext(x,loc) | 89 | X509_EXTENSION *X509_CRL_get_ext(X509_CRL *x, int loc) |
| 98 | X509_CRL *x; | ||
| 99 | int loc; | ||
| 100 | { | 90 | { |
| 101 | return(X509v3_get_ext(x->crl->extensions,loc)); | 91 | return(X509v3_get_ext(x->crl->extensions,loc)); |
| 102 | } | 92 | } |
| 103 | 93 | ||
| 104 | X509_EXTENSION *X509_CRL_delete_ext(x,loc) | 94 | X509_EXTENSION *X509_CRL_delete_ext(X509_CRL *x, int loc) |
| 105 | X509_CRL *x; | ||
| 106 | int loc; | ||
| 107 | { | 95 | { |
| 108 | return(X509v3_delete_ext(x->crl->extensions,loc)); | 96 | return(X509v3_delete_ext(x->crl->extensions,loc)); |
| 109 | } | 97 | } |
| 110 | 98 | ||
| 111 | int X509_CRL_add_ext(x,ex,loc) | 99 | void *X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx) |
| 112 | X509_CRL *x; | 100 | { |
| 113 | X509_EXTENSION *ex; | 101 | return X509V3_get_d2i(x->crl->extensions, nid, crit, idx); |
| 114 | int loc; | 102 | } |
| 103 | |||
| 104 | int X509_CRL_add1_ext_i2d(X509_CRL *x, int nid, void *value, int crit, | ||
| 105 | unsigned long flags) | ||
| 106 | { | ||
| 107 | return X509V3_add1_i2d(&x->crl->extensions, nid, value, crit, flags); | ||
| 108 | } | ||
| 109 | |||
| 110 | int X509_CRL_add_ext(X509_CRL *x, X509_EXTENSION *ex, int loc) | ||
| 115 | { | 111 | { |
| 116 | return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); | 112 | return(X509v3_add_ext(&(x->crl->extensions),ex,loc) != NULL); |
| 117 | } | 113 | } |
| 118 | 114 | ||
| 119 | int X509_get_ext_count(x) | 115 | int X509_get_ext_count(X509 *x) |
| 120 | X509 *x; | ||
| 121 | { | 116 | { |
| 122 | return(X509v3_get_ext_count(x->cert_info->extensions)); | 117 | return(X509v3_get_ext_count(x->cert_info->extensions)); |
| 123 | } | 118 | } |
| 124 | 119 | ||
| 125 | int X509_get_ext_by_NID(x,nid,lastpos) | 120 | int X509_get_ext_by_NID(X509 *x, int nid, int lastpos) |
| 126 | X509 *x; | ||
| 127 | int nid; | ||
| 128 | int lastpos; | ||
| 129 | { | 121 | { |
| 130 | return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); | 122 | return(X509v3_get_ext_by_NID(x->cert_info->extensions,nid,lastpos)); |
| 131 | } | 123 | } |
| 132 | 124 | ||
| 133 | int X509_get_ext_by_OBJ(x,obj,lastpos) | 125 | int X509_get_ext_by_OBJ(X509 *x, ASN1_OBJECT *obj, int lastpos) |
| 134 | X509 *x; | ||
| 135 | ASN1_OBJECT *obj; | ||
| 136 | int lastpos; | ||
| 137 | { | 126 | { |
| 138 | return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); | 127 | return(X509v3_get_ext_by_OBJ(x->cert_info->extensions,obj,lastpos)); |
| 139 | } | 128 | } |
| 140 | 129 | ||
| 141 | int X509_get_ext_by_critical(x,crit,lastpos) | 130 | int X509_get_ext_by_critical(X509 *x, int crit, int lastpos) |
| 142 | X509 *x; | ||
| 143 | int crit; | ||
| 144 | int lastpos; | ||
| 145 | { | 131 | { |
| 146 | return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); | 132 | return(X509v3_get_ext_by_critical(x->cert_info->extensions,crit,lastpos)); |
| 147 | } | 133 | } |
| 148 | 134 | ||
| 149 | X509_EXTENSION *X509_get_ext(x,loc) | 135 | X509_EXTENSION *X509_get_ext(X509 *x, int loc) |
| 150 | X509 *x; | ||
| 151 | int loc; | ||
| 152 | { | 136 | { |
| 153 | return(X509v3_get_ext(x->cert_info->extensions,loc)); | 137 | return(X509v3_get_ext(x->cert_info->extensions,loc)); |
| 154 | } | 138 | } |
| 155 | 139 | ||
| 156 | X509_EXTENSION *X509_delete_ext(x,loc) | 140 | X509_EXTENSION *X509_delete_ext(X509 *x, int loc) |
| 157 | X509 *x; | ||
| 158 | int loc; | ||
| 159 | { | 141 | { |
| 160 | return(X509v3_delete_ext(x->cert_info->extensions,loc)); | 142 | return(X509v3_delete_ext(x->cert_info->extensions,loc)); |
| 161 | } | 143 | } |
| 162 | 144 | ||
| 163 | int X509_add_ext(x,ex,loc) | 145 | int X509_add_ext(X509 *x, X509_EXTENSION *ex, int loc) |
| 164 | X509 *x; | ||
| 165 | X509_EXTENSION *ex; | ||
| 166 | int loc; | ||
| 167 | { | 146 | { |
| 168 | return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); | 147 | return(X509v3_add_ext(&(x->cert_info->extensions),ex,loc) != NULL); |
| 169 | } | 148 | } |
| 170 | 149 | ||
| 171 | int X509_REVOKED_get_ext_count(x) | 150 | void *X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx) |
| 172 | X509_REVOKED *x; | 151 | { |
| 152 | return X509V3_get_d2i(x->cert_info->extensions, nid, crit, idx); | ||
| 153 | } | ||
| 154 | |||
| 155 | int X509_add1_ext_i2d(X509 *x, int nid, void *value, int crit, | ||
| 156 | unsigned long flags) | ||
| 157 | { | ||
| 158 | return X509V3_add1_i2d(&x->cert_info->extensions, nid, value, crit, | ||
| 159 | flags); | ||
| 160 | } | ||
| 161 | |||
| 162 | int X509_REVOKED_get_ext_count(X509_REVOKED *x) | ||
| 173 | { | 163 | { |
| 174 | return(X509v3_get_ext_count(x->extensions)); | 164 | return(X509v3_get_ext_count(x->extensions)); |
| 175 | } | 165 | } |
| 176 | 166 | ||
| 177 | int X509_REVOKED_get_ext_by_NID(x,nid,lastpos) | 167 | int X509_REVOKED_get_ext_by_NID(X509_REVOKED *x, int nid, int lastpos) |
| 178 | X509_REVOKED *x; | ||
| 179 | int nid; | ||
| 180 | int lastpos; | ||
| 181 | { | 168 | { |
| 182 | return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); | 169 | return(X509v3_get_ext_by_NID(x->extensions,nid,lastpos)); |
| 183 | } | 170 | } |
| 184 | 171 | ||
| 185 | int X509_REVOKED_get_ext_by_OBJ(x,obj,lastpos) | 172 | int X509_REVOKED_get_ext_by_OBJ(X509_REVOKED *x, ASN1_OBJECT *obj, |
| 186 | X509_REVOKED *x; | 173 | int lastpos) |
| 187 | ASN1_OBJECT *obj; | ||
| 188 | int lastpos; | ||
| 189 | { | 174 | { |
| 190 | return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); | 175 | return(X509v3_get_ext_by_OBJ(x->extensions,obj,lastpos)); |
| 191 | } | 176 | } |
| 192 | 177 | ||
| 193 | int X509_REVOKED_get_ext_by_critical(x,crit,lastpos) | 178 | int X509_REVOKED_get_ext_by_critical(X509_REVOKED *x, int crit, int lastpos) |
| 194 | X509_REVOKED *x; | ||
| 195 | int crit; | ||
| 196 | int lastpos; | ||
| 197 | { | 179 | { |
| 198 | return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); | 180 | return(X509v3_get_ext_by_critical(x->extensions,crit,lastpos)); |
| 199 | } | 181 | } |
| 200 | 182 | ||
| 201 | X509_EXTENSION *X509_REVOKED_get_ext(x,loc) | 183 | X509_EXTENSION *X509_REVOKED_get_ext(X509_REVOKED *x, int loc) |
| 202 | X509_REVOKED *x; | ||
| 203 | int loc; | ||
| 204 | { | 184 | { |
| 205 | return(X509v3_get_ext(x->extensions,loc)); | 185 | return(X509v3_get_ext(x->extensions,loc)); |
| 206 | } | 186 | } |
| 207 | 187 | ||
| 208 | X509_EXTENSION *X509_REVOKED_delete_ext(x,loc) | 188 | X509_EXTENSION *X509_REVOKED_delete_ext(X509_REVOKED *x, int loc) |
| 209 | X509_REVOKED *x; | ||
| 210 | int loc; | ||
| 211 | { | 189 | { |
| 212 | return(X509v3_delete_ext(x->extensions,loc)); | 190 | return(X509v3_delete_ext(x->extensions,loc)); |
| 213 | } | 191 | } |
| 214 | 192 | ||
| 215 | int X509_REVOKED_add_ext(x,ex,loc) | 193 | int X509_REVOKED_add_ext(X509_REVOKED *x, X509_EXTENSION *ex, int loc) |
| 216 | X509_REVOKED *x; | ||
| 217 | X509_EXTENSION *ex; | ||
| 218 | int loc; | ||
| 219 | { | 194 | { |
| 220 | return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); | 195 | return(X509v3_add_ext(&(x->extensions),ex,loc) != NULL); |
| 221 | } | 196 | } |
| 222 | 197 | ||
| 198 | void *X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx) | ||
| 199 | { | ||
| 200 | return X509V3_get_d2i(x->extensions, nid, crit, idx); | ||
| 201 | } | ||
| 202 | |||
| 203 | int X509_REVOKED_add1_ext_i2d(X509_REVOKED *x, int nid, void *value, int crit, | ||
| 204 | unsigned long flags) | ||
| 205 | { | ||
| 206 | return X509V3_add1_i2d(&x->extensions, nid, value, crit, flags); | ||
| 207 | } | ||
| 208 | |||
| 209 | IMPLEMENT_STACK_OF(X509_EXTENSION) | ||
| 210 | IMPLEMENT_ASN1_SET_OF(X509_EXTENSION) | ||
diff --git a/src/lib/libcrypto/x509/x509_lu.c b/src/lib/libcrypto/x509/x509_lu.c index 2c7e10a46e..b780dae5e2 100644 --- a/src/lib/libcrypto/x509/x509_lu.c +++ b/src/lib/libcrypto/x509/x509_lu.c | |||
| @@ -58,19 +58,16 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "lhash.h" | 61 | #include <openssl/lhash.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 63 | #include <openssl/x509v3.h> | ||
| 63 | 64 | ||
| 64 | static STACK *x509_store_meth=NULL; | 65 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method) |
| 65 | static STACK *x509_store_ctx_meth=NULL; | ||
| 66 | |||
| 67 | X509_LOOKUP *X509_LOOKUP_new(method) | ||
| 68 | X509_LOOKUP_METHOD *method; | ||
| 69 | { | 66 | { |
| 70 | X509_LOOKUP *ret; | 67 | X509_LOOKUP *ret; |
| 71 | 68 | ||
| 72 | ret=(X509_LOOKUP *)Malloc(sizeof(X509_LOOKUP)); | 69 | ret=(X509_LOOKUP *)OPENSSL_malloc(sizeof(X509_LOOKUP)); |
| 73 | if (ret == NULL) return(NULL); | 70 | if (ret == NULL) return NULL; |
| 74 | 71 | ||
| 75 | ret->init=0; | 72 | ret->init=0; |
| 76 | ret->skip=0; | 73 | ret->skip=0; |
| @@ -79,163 +76,137 @@ X509_LOOKUP_METHOD *method; | |||
| 79 | ret->store_ctx=NULL; | 76 | ret->store_ctx=NULL; |
| 80 | if ((method->new_item != NULL) && !method->new_item(ret)) | 77 | if ((method->new_item != NULL) && !method->new_item(ret)) |
| 81 | { | 78 | { |
| 82 | Free(ret); | 79 | OPENSSL_free(ret); |
| 83 | return(NULL); | 80 | return NULL; |
| 84 | } | 81 | } |
| 85 | return(ret); | 82 | return ret; |
| 86 | } | 83 | } |
| 87 | 84 | ||
| 88 | void X509_LOOKUP_free(ctx) | 85 | void X509_LOOKUP_free(X509_LOOKUP *ctx) |
| 89 | X509_LOOKUP *ctx; | ||
| 90 | { | 86 | { |
| 91 | if (ctx == NULL) return; | 87 | if (ctx == NULL) return; |
| 92 | if ( (ctx->method != NULL) && | 88 | if ( (ctx->method != NULL) && |
| 93 | (ctx->method->free != NULL)) | 89 | (ctx->method->free != NULL)) |
| 94 | ctx->method->free(ctx); | 90 | ctx->method->free(ctx); |
| 95 | Free(ctx); | 91 | OPENSSL_free(ctx); |
| 96 | } | 92 | } |
| 97 | 93 | ||
| 98 | int X509_LOOKUP_init(ctx) | 94 | int X509_LOOKUP_init(X509_LOOKUP *ctx) |
| 99 | X509_LOOKUP *ctx; | ||
| 100 | { | 95 | { |
| 101 | if (ctx->method == NULL) return(0); | 96 | if (ctx->method == NULL) return 0; |
| 102 | if (ctx->method->init != NULL) | 97 | if (ctx->method->init != NULL) |
| 103 | return(ctx->method->init(ctx)); | 98 | return ctx->method->init(ctx); |
| 104 | else | 99 | else |
| 105 | return(1); | 100 | return 1; |
| 106 | } | 101 | } |
| 107 | 102 | ||
| 108 | int X509_LOOKUP_shutdown(ctx) | 103 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx) |
| 109 | X509_LOOKUP *ctx; | ||
| 110 | { | 104 | { |
| 111 | if (ctx->method == NULL) return(0); | 105 | if (ctx->method == NULL) return 0; |
| 112 | if (ctx->method->init != NULL) | 106 | if (ctx->method->shutdown != NULL) |
| 113 | return(ctx->method->shutdown(ctx)); | 107 | return ctx->method->shutdown(ctx); |
| 114 | else | 108 | else |
| 115 | return(1); | 109 | return 1; |
| 116 | } | 110 | } |
| 117 | 111 | ||
| 118 | int X509_LOOKUP_ctrl(ctx,cmd,argc,argl,ret) | 112 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, long argl, |
| 119 | X509_LOOKUP *ctx; | 113 | char **ret) |
| 120 | int cmd; | ||
| 121 | char *argc; | ||
| 122 | long argl; | ||
| 123 | char **ret; | ||
| 124 | { | 114 | { |
| 125 | if (ctx->method == NULL) return(-1); | 115 | if (ctx->method == NULL) return -1; |
| 126 | if (ctx->method->ctrl != NULL) | 116 | if (ctx->method->ctrl != NULL) |
| 127 | return(ctx->method->ctrl(ctx,cmd,argc,argl,ret)); | 117 | return ctx->method->ctrl(ctx,cmd,argc,argl,ret); |
| 128 | else | 118 | else |
| 129 | return(1); | 119 | return 1; |
| 130 | } | 120 | } |
| 131 | 121 | ||
| 132 | int X509_LOOKUP_by_subject(ctx,type,name,ret) | 122 | int X509_LOOKUP_by_subject(X509_LOOKUP *ctx, int type, X509_NAME *name, |
| 133 | X509_LOOKUP *ctx; | 123 | X509_OBJECT *ret) |
| 134 | int type; | ||
| 135 | X509_NAME *name; | ||
| 136 | X509_OBJECT *ret; | ||
| 137 | { | 124 | { |
| 138 | if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) | 125 | if ((ctx->method == NULL) || (ctx->method->get_by_subject == NULL)) |
| 139 | return(X509_LU_FAIL); | 126 | return X509_LU_FAIL; |
| 140 | if (ctx->skip) return(0); | 127 | if (ctx->skip) return 0; |
| 141 | return(ctx->method->get_by_subject(ctx,type,name,ret)); | 128 | return ctx->method->get_by_subject(ctx,type,name,ret); |
| 142 | } | 129 | } |
| 143 | 130 | ||
| 144 | int X509_LOOKUP_by_issuer_serial(ctx,type,name,serial,ret) | 131 | int X509_LOOKUP_by_issuer_serial(X509_LOOKUP *ctx, int type, X509_NAME *name, |
| 145 | X509_LOOKUP *ctx; | 132 | ASN1_INTEGER *serial, X509_OBJECT *ret) |
| 146 | int type; | ||
| 147 | X509_NAME *name; | ||
| 148 | ASN1_INTEGER *serial; | ||
| 149 | X509_OBJECT *ret; | ||
| 150 | { | 133 | { |
| 151 | if ((ctx->method == NULL) || | 134 | if ((ctx->method == NULL) || |
| 152 | (ctx->method->get_by_issuer_serial == NULL)) | 135 | (ctx->method->get_by_issuer_serial == NULL)) |
| 153 | return(X509_LU_FAIL); | 136 | return X509_LU_FAIL; |
| 154 | return(ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret)); | 137 | return ctx->method->get_by_issuer_serial(ctx,type,name,serial,ret); |
| 155 | } | 138 | } |
| 156 | 139 | ||
| 157 | int X509_LOOKUP_by_fingerprint(ctx,type,bytes,len,ret) | 140 | int X509_LOOKUP_by_fingerprint(X509_LOOKUP *ctx, int type, |
| 158 | X509_LOOKUP *ctx; | 141 | unsigned char *bytes, int len, X509_OBJECT *ret) |
| 159 | int type; | ||
| 160 | unsigned char *bytes; | ||
| 161 | int len; | ||
| 162 | X509_OBJECT *ret; | ||
| 163 | { | 142 | { |
| 164 | if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) | 143 | if ((ctx->method == NULL) || (ctx->method->get_by_fingerprint == NULL)) |
| 165 | return(X509_LU_FAIL); | 144 | return X509_LU_FAIL; |
| 166 | return(ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret)); | 145 | return ctx->method->get_by_fingerprint(ctx,type,bytes,len,ret); |
| 167 | } | 146 | } |
| 168 | 147 | ||
| 169 | int X509_LOOKUP_by_alias(ctx,type,str,len,ret) | 148 | int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, int len, |
| 170 | X509_LOOKUP *ctx; | 149 | X509_OBJECT *ret) |
| 171 | int type; | ||
| 172 | char *str; | ||
| 173 | int len; | ||
| 174 | X509_OBJECT *ret; | ||
| 175 | { | 150 | { |
| 176 | if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) | 151 | if ((ctx->method == NULL) || (ctx->method->get_by_alias == NULL)) |
| 177 | return(X509_LU_FAIL); | 152 | return X509_LU_FAIL; |
| 178 | return(ctx->method->get_by_alias(ctx,str,len,ret)); | 153 | return ctx->method->get_by_alias(ctx,type,str,len,ret); |
| 179 | } | 154 | } |
| 180 | 155 | ||
| 181 | static unsigned long x509_object_hash(a) | 156 | |
| 182 | X509_OBJECT *a; | 157 | static int x509_object_cmp(const X509_OBJECT * const *a, const X509_OBJECT * const *b) |
| 183 | { | 158 | { |
| 184 | unsigned long h; | 159 | int ret; |
| 185 | 160 | ||
| 186 | switch (a->type) | 161 | ret=((*a)->type - (*b)->type); |
| 187 | { | 162 | if (ret) return ret; |
| 188 | case X509_LU_X509: | 163 | switch ((*a)->type) |
| 189 | h=X509_NAME_hash(a->data.x509->cert_info->subject); | 164 | { |
| 190 | break; | 165 | case X509_LU_X509: |
| 191 | case X509_LU_CRL: | 166 | ret=X509_subject_name_cmp((*a)->data.x509,(*b)->data.x509); |
| 192 | h=X509_NAME_hash(a->data.crl->crl->issuer); | 167 | break; |
| 193 | break; | 168 | case X509_LU_CRL: |
| 169 | ret=X509_CRL_cmp((*a)->data.crl,(*b)->data.crl); | ||
| 170 | break; | ||
| 194 | default: | 171 | default: |
| 195 | abort(); | 172 | /* abort(); */ |
| 173 | return 0; | ||
| 196 | } | 174 | } |
| 197 | return(h); | 175 | return ret; |
| 198 | } | 176 | } |
| 199 | 177 | ||
| 200 | static int x509_object_cmp(a,b) | 178 | X509_STORE *X509_STORE_new(void) |
| 201 | X509_OBJECT *a,*b; | ||
| 202 | { | ||
| 203 | int ret; | ||
| 204 | |||
| 205 | ret=(a->type - b->type); | ||
| 206 | if (ret) return(ret); | ||
| 207 | switch (a->type) | ||
| 208 | { | ||
| 209 | case X509_LU_X509: | ||
| 210 | ret=X509_subject_name_cmp(a->data.x509,b->data.x509); | ||
| 211 | break; | ||
| 212 | case X509_LU_CRL: | ||
| 213 | ret=X509_CRL_cmp(a->data.crl,b->data.crl); | ||
| 214 | break; | ||
| 215 | default: | ||
| 216 | abort(); | ||
| 217 | } | ||
| 218 | return(ret); | ||
| 219 | } | ||
| 220 | |||
| 221 | X509_STORE *X509_STORE_new() | ||
| 222 | { | 179 | { |
| 223 | X509_STORE *ret; | 180 | X509_STORE *ret; |
| 224 | 181 | ||
| 225 | if ((ret=(X509_STORE *)Malloc(sizeof(X509_STORE))) == NULL) | 182 | if ((ret=(X509_STORE *)OPENSSL_malloc(sizeof(X509_STORE))) == NULL) |
| 226 | return(NULL); | 183 | return NULL; |
| 227 | ret->certs=lh_new(x509_object_hash,x509_object_cmp); | 184 | ret->objs = sk_X509_OBJECT_new(x509_object_cmp); |
| 228 | ret->cache=1; | 185 | ret->cache=1; |
| 229 | ret->get_cert_methods=sk_new_null(); | 186 | ret->get_cert_methods=sk_X509_LOOKUP_new_null(); |
| 230 | ret->verify=NULL; | 187 | ret->verify=0; |
| 231 | ret->verify_cb=NULL; | 188 | ret->verify_cb=0; |
| 232 | memset(&ret->ex_data,0,sizeof(CRYPTO_EX_DATA)); | 189 | |
| 190 | ret->purpose = 0; | ||
| 191 | ret->trust = 0; | ||
| 192 | |||
| 193 | ret->flags = 0; | ||
| 194 | |||
| 195 | ret->get_issuer = 0; | ||
| 196 | ret->check_issued = 0; | ||
| 197 | ret->check_revocation = 0; | ||
| 198 | ret->get_crl = 0; | ||
| 199 | ret->check_crl = 0; | ||
| 200 | ret->cert_crl = 0; | ||
| 201 | ret->cleanup = 0; | ||
| 202 | |||
| 203 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE, ret, &ret->ex_data); | ||
| 233 | ret->references=1; | 204 | ret->references=1; |
| 234 | return(ret); | 205 | ret->depth=0; |
| 206 | return ret; | ||
| 235 | } | 207 | } |
| 236 | 208 | ||
| 237 | static void cleanup(a) | 209 | static void cleanup(X509_OBJECT *a) |
| 238 | X509_OBJECT *a; | ||
| 239 | { | 210 | { |
| 240 | if (a->type == X509_LU_X509) | 211 | if (a->type == X509_LU_X509) |
| 241 | { | 212 | { |
| @@ -246,90 +217,88 @@ X509_OBJECT *a; | |||
| 246 | X509_CRL_free(a->data.crl); | 217 | X509_CRL_free(a->data.crl); |
| 247 | } | 218 | } |
| 248 | else | 219 | else |
| 249 | abort(); | 220 | { |
| 221 | /* abort(); */ | ||
| 222 | } | ||
| 250 | 223 | ||
| 251 | Free(a); | 224 | OPENSSL_free(a); |
| 252 | } | 225 | } |
| 253 | 226 | ||
| 254 | void X509_STORE_free(vfy) | 227 | void X509_STORE_free(X509_STORE *vfy) |
| 255 | X509_STORE *vfy; | ||
| 256 | { | 228 | { |
| 257 | int i; | 229 | int i; |
| 258 | STACK *sk; | 230 | STACK_OF(X509_LOOKUP) *sk; |
| 259 | X509_LOOKUP *lu; | 231 | X509_LOOKUP *lu; |
| 260 | 232 | ||
| 233 | if (vfy == NULL) | ||
| 234 | return; | ||
| 235 | |||
| 261 | sk=vfy->get_cert_methods; | 236 | sk=vfy->get_cert_methods; |
| 262 | for (i=0; i<sk_num(sk); i++) | 237 | for (i=0; i<sk_X509_LOOKUP_num(sk); i++) |
| 263 | { | 238 | { |
| 264 | lu=(X509_LOOKUP *)sk_value(sk,i); | 239 | lu=sk_X509_LOOKUP_value(sk,i); |
| 265 | X509_LOOKUP_shutdown(lu); | 240 | X509_LOOKUP_shutdown(lu); |
| 266 | X509_LOOKUP_free(lu); | 241 | X509_LOOKUP_free(lu); |
| 267 | } | 242 | } |
| 268 | sk_free(sk); | 243 | sk_X509_LOOKUP_free(sk); |
| 244 | sk_X509_OBJECT_pop_free(vfy->objs, cleanup); | ||
| 269 | 245 | ||
| 270 | CRYPTO_free_ex_data(x509_store_meth,(char *)vfy,&vfy->ex_data); | 246 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE, vfy, &vfy->ex_data); |
| 271 | lh_doall(vfy->certs,cleanup); | 247 | OPENSSL_free(vfy); |
| 272 | lh_free(vfy->certs); | ||
| 273 | Free(vfy); | ||
| 274 | } | 248 | } |
| 275 | 249 | ||
| 276 | X509_LOOKUP *X509_STORE_add_lookup(v,m) | 250 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m) |
| 277 | X509_STORE *v; | ||
| 278 | X509_LOOKUP_METHOD *m; | ||
| 279 | { | 251 | { |
| 280 | int i; | 252 | int i; |
| 281 | STACK *sk; | 253 | STACK_OF(X509_LOOKUP) *sk; |
| 282 | X509_LOOKUP *lu; | 254 | X509_LOOKUP *lu; |
| 283 | 255 | ||
| 284 | sk=v->get_cert_methods; | 256 | sk=v->get_cert_methods; |
| 285 | for (i=0; i<sk_num(sk); i++) | 257 | for (i=0; i<sk_X509_LOOKUP_num(sk); i++) |
| 286 | { | 258 | { |
| 287 | lu=(X509_LOOKUP *)sk_value(sk,i); | 259 | lu=sk_X509_LOOKUP_value(sk,i); |
| 288 | if (m == lu->method) | 260 | if (m == lu->method) |
| 289 | { | 261 | { |
| 290 | return(lu); | 262 | return lu; |
| 291 | } | 263 | } |
| 292 | } | 264 | } |
| 293 | /* a new one */ | 265 | /* a new one */ |
| 294 | lu=X509_LOOKUP_new(m); | 266 | lu=X509_LOOKUP_new(m); |
| 295 | if (lu == NULL) | 267 | if (lu == NULL) |
| 296 | return(NULL); | 268 | return NULL; |
| 297 | else | 269 | else |
| 298 | { | 270 | { |
| 299 | lu->store_ctx=v; | 271 | lu->store_ctx=v; |
| 300 | if (sk_push(v->get_cert_methods,(char *)lu)) | 272 | if (sk_X509_LOOKUP_push(v->get_cert_methods,lu)) |
| 301 | return(lu); | 273 | return lu; |
| 302 | else | 274 | else |
| 303 | { | 275 | { |
| 304 | X509_LOOKUP_free(lu); | 276 | X509_LOOKUP_free(lu); |
| 305 | return(NULL); | 277 | return NULL; |
| 306 | } | 278 | } |
| 307 | } | 279 | } |
| 308 | } | 280 | } |
| 309 | 281 | ||
| 310 | int X509_STORE_get_by_subject(vs,type,name,ret) | 282 | int X509_STORE_get_by_subject(X509_STORE_CTX *vs, int type, X509_NAME *name, |
| 311 | X509_STORE_CTX *vs; | 283 | X509_OBJECT *ret) |
| 312 | int type; | ||
| 313 | X509_NAME *name; | ||
| 314 | X509_OBJECT *ret; | ||
| 315 | { | 284 | { |
| 316 | X509_STORE *ctx=vs->ctx; | 285 | X509_STORE *ctx=vs->ctx; |
| 317 | X509_LOOKUP *lu; | 286 | X509_LOOKUP *lu; |
| 318 | X509_OBJECT stmp,*tmp; | 287 | X509_OBJECT stmp,*tmp; |
| 319 | int i,j; | 288 | int i,j; |
| 320 | 289 | ||
| 321 | tmp=X509_OBJECT_retrive_by_subject(ctx->certs,type,name); | 290 | tmp=X509_OBJECT_retrieve_by_subject(ctx->objs,type,name); |
| 322 | 291 | ||
| 323 | if (tmp == NULL) | 292 | if (tmp == NULL) |
| 324 | { | 293 | { |
| 325 | for (i=vs->current_method; i<sk_num(ctx->get_cert_methods); i++) | 294 | for (i=vs->current_method; i<sk_X509_LOOKUP_num(ctx->get_cert_methods); i++) |
| 326 | { | 295 | { |
| 327 | lu=(X509_LOOKUP *)sk_value(ctx->get_cert_methods,i); | 296 | lu=sk_X509_LOOKUP_value(ctx->get_cert_methods,i); |
| 328 | j=X509_LOOKUP_by_subject(lu,type,name,&stmp); | 297 | j=X509_LOOKUP_by_subject(lu,type,name,&stmp); |
| 329 | if (j < 0) | 298 | if (j < 0) |
| 330 | { | 299 | { |
| 331 | vs->current_method=j; | 300 | vs->current_method=j; |
| 332 | return(j); | 301 | return j; |
| 333 | } | 302 | } |
| 334 | else if (j) | 303 | else if (j) |
| 335 | { | 304 | { |
| @@ -339,7 +308,7 @@ X509_OBJECT *ret; | |||
| 339 | } | 308 | } |
| 340 | vs->current_method=0; | 309 | vs->current_method=0; |
| 341 | if (tmp == NULL) | 310 | if (tmp == NULL) |
| 342 | return(0); | 311 | return 0; |
| 343 | } | 312 | } |
| 344 | 313 | ||
| 345 | /* if (ret->data.ptr != NULL) | 314 | /* if (ret->data.ptr != NULL) |
| @@ -350,11 +319,77 @@ X509_OBJECT *ret; | |||
| 350 | 319 | ||
| 351 | X509_OBJECT_up_ref_count(ret); | 320 | X509_OBJECT_up_ref_count(ret); |
| 352 | 321 | ||
| 353 | return(1); | 322 | return 1; |
| 323 | } | ||
| 324 | |||
| 325 | int X509_STORE_add_cert(X509_STORE *ctx, X509 *x) | ||
| 326 | { | ||
| 327 | X509_OBJECT *obj; | ||
| 328 | int ret=1; | ||
| 329 | |||
| 330 | if (x == NULL) return 0; | ||
| 331 | obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); | ||
| 332 | if (obj == NULL) | ||
| 333 | { | ||
| 334 | X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); | ||
| 335 | return 0; | ||
| 336 | } | ||
| 337 | obj->type=X509_LU_X509; | ||
| 338 | obj->data.x509=x; | ||
| 339 | |||
| 340 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 341 | |||
| 342 | X509_OBJECT_up_ref_count(obj); | ||
| 343 | |||
| 344 | |||
| 345 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) | ||
| 346 | { | ||
| 347 | X509_OBJECT_free_contents(obj); | ||
| 348 | OPENSSL_free(obj); | ||
| 349 | X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 350 | ret=0; | ||
| 351 | } | ||
| 352 | else sk_X509_OBJECT_push(ctx->objs, obj); | ||
| 353 | |||
| 354 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 355 | |||
| 356 | return ret; | ||
| 354 | } | 357 | } |
| 355 | 358 | ||
| 356 | void X509_OBJECT_up_ref_count(a) | 359 | int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x) |
| 357 | X509_OBJECT *a; | 360 | { |
| 361 | X509_OBJECT *obj; | ||
| 362 | int ret=1; | ||
| 363 | |||
| 364 | if (x == NULL) return 0; | ||
| 365 | obj=(X509_OBJECT *)OPENSSL_malloc(sizeof(X509_OBJECT)); | ||
| 366 | if (obj == NULL) | ||
| 367 | { | ||
| 368 | X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); | ||
| 369 | return 0; | ||
| 370 | } | ||
| 371 | obj->type=X509_LU_CRL; | ||
| 372 | obj->data.crl=x; | ||
| 373 | |||
| 374 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 375 | |||
| 376 | X509_OBJECT_up_ref_count(obj); | ||
| 377 | |||
| 378 | if (X509_OBJECT_retrieve_match(ctx->objs, obj)) | ||
| 379 | { | ||
| 380 | X509_OBJECT_free_contents(obj); | ||
| 381 | OPENSSL_free(obj); | ||
| 382 | X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 383 | ret=0; | ||
| 384 | } | ||
| 385 | else sk_X509_OBJECT_push(ctx->objs, obj); | ||
| 386 | |||
| 387 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 388 | |||
| 389 | return ret; | ||
| 390 | } | ||
| 391 | |||
| 392 | void X509_OBJECT_up_ref_count(X509_OBJECT *a) | ||
| 358 | { | 393 | { |
| 359 | switch (a->type) | 394 | switch (a->type) |
| 360 | { | 395 | { |
| @@ -367,8 +402,7 @@ X509_OBJECT *a; | |||
| 367 | } | 402 | } |
| 368 | } | 403 | } |
| 369 | 404 | ||
| 370 | void X509_OBJECT_free_contents(a) | 405 | void X509_OBJECT_free_contents(X509_OBJECT *a) |
| 371 | X509_OBJECT *a; | ||
| 372 | { | 406 | { |
| 373 | switch (a->type) | 407 | switch (a->type) |
| 374 | { | 408 | { |
| @@ -381,12 +415,10 @@ X509_OBJECT *a; | |||
| 381 | } | 415 | } |
| 382 | } | 416 | } |
| 383 | 417 | ||
| 384 | X509_OBJECT *X509_OBJECT_retrive_by_subject(h,type,name) | 418 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, |
| 385 | LHASH *h; | 419 | X509_NAME *name) |
| 386 | int type; | ||
| 387 | X509_NAME *name; | ||
| 388 | { | 420 | { |
| 389 | X509_OBJECT stmp,*tmp; | 421 | X509_OBJECT stmp; |
| 390 | X509 x509_s; | 422 | X509 x509_s; |
| 391 | X509_CINF cinf_s; | 423 | X509_CINF cinf_s; |
| 392 | X509_CRL crl_s; | 424 | X509_CRL crl_s; |
| @@ -406,41 +438,120 @@ X509_NAME *name; | |||
| 406 | crl_info_s.issuer=name; | 438 | crl_info_s.issuer=name; |
| 407 | break; | 439 | break; |
| 408 | default: | 440 | default: |
| 409 | abort(); | 441 | /* abort(); */ |
| 442 | return -1; | ||
| 410 | } | 443 | } |
| 411 | 444 | ||
| 412 | tmp=(X509_OBJECT *)lh_retrieve(h,(char *)&stmp); | 445 | return sk_X509_OBJECT_find(h,&stmp); |
| 413 | return(tmp); | ||
| 414 | } | 446 | } |
| 415 | 447 | ||
| 416 | void X509_STORE_CTX_init(ctx,store,x509,chain) | 448 | X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h, int type, |
| 417 | X509_STORE_CTX *ctx; | 449 | X509_NAME *name) |
| 418 | X509_STORE *store; | 450 | { |
| 419 | X509 *x509; | 451 | int idx; |
| 420 | STACK *chain; | 452 | idx = X509_OBJECT_idx_by_subject(h, type, name); |
| 453 | if (idx==-1) return NULL; | ||
| 454 | return sk_X509_OBJECT_value(h, idx); | ||
| 455 | } | ||
| 456 | |||
| 457 | X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x) | ||
| 458 | { | ||
| 459 | int idx, i; | ||
| 460 | X509_OBJECT *obj; | ||
| 461 | idx = sk_X509_OBJECT_find(h, x); | ||
| 462 | if (idx == -1) return NULL; | ||
| 463 | if (x->type != X509_LU_X509) return sk_X509_OBJECT_value(h, idx); | ||
| 464 | for (i = idx; i < sk_X509_OBJECT_num(h); i++) | ||
| 465 | { | ||
| 466 | obj = sk_X509_OBJECT_value(h, i); | ||
| 467 | if (x509_object_cmp((const X509_OBJECT **)&obj, (const X509_OBJECT **)&x)) | ||
| 468 | return NULL; | ||
| 469 | if ((x->type != X509_LU_X509) || !X509_cmp(obj->data.x509, x->data.x509)) | ||
| 470 | return obj; | ||
| 471 | } | ||
| 472 | return NULL; | ||
| 473 | } | ||
| 474 | |||
| 475 | |||
| 476 | /* Try to get issuer certificate from store. Due to limitations | ||
| 477 | * of the API this can only retrieve a single certificate matching | ||
| 478 | * a given subject name. However it will fill the cache with all | ||
| 479 | * matching certificates, so we can examine the cache for all | ||
| 480 | * matches. | ||
| 481 | * | ||
| 482 | * Return values are: | ||
| 483 | * 1 lookup successful. | ||
| 484 | * 0 certificate not found. | ||
| 485 | * -1 some other error. | ||
| 486 | */ | ||
| 487 | |||
| 488 | |||
| 489 | int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | ||
| 490 | { | ||
| 491 | X509_NAME *xn; | ||
| 492 | X509_OBJECT obj, *pobj; | ||
| 493 | int i, ok, idx; | ||
| 494 | xn=X509_get_issuer_name(x); | ||
| 495 | ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); | ||
| 496 | if (ok != X509_LU_X509) | ||
| 497 | { | ||
| 498 | if (ok == X509_LU_RETRY) | ||
| 499 | { | ||
| 500 | X509_OBJECT_free_contents(&obj); | ||
| 501 | X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); | ||
| 502 | return -1; | ||
| 503 | } | ||
| 504 | else if (ok != X509_LU_FAIL) | ||
| 505 | { | ||
| 506 | X509_OBJECT_free_contents(&obj); | ||
| 507 | /* not good :-(, break anyway */ | ||
| 508 | return -1; | ||
| 509 | } | ||
| 510 | return 0; | ||
| 511 | } | ||
| 512 | /* If certificate matches all OK */ | ||
| 513 | if (ctx->check_issued(ctx, x, obj.data.x509)) | ||
| 514 | { | ||
| 515 | *issuer = obj.data.x509; | ||
| 516 | return 1; | ||
| 517 | } | ||
| 518 | X509_OBJECT_free_contents(&obj); | ||
| 519 | /* Else find index of first matching cert */ | ||
| 520 | idx = X509_OBJECT_idx_by_subject(ctx->ctx->objs, X509_LU_X509, xn); | ||
| 521 | /* This shouldn't normally happen since we already have one match */ | ||
| 522 | if (idx == -1) return 0; | ||
| 523 | |||
| 524 | /* Look through all matching certificates for a suitable issuer */ | ||
| 525 | for (i = idx; i < sk_X509_OBJECT_num(ctx->ctx->objs); i++) | ||
| 526 | { | ||
| 527 | pobj = sk_X509_OBJECT_value(ctx->ctx->objs, i); | ||
| 528 | /* See if we've ran out of matches */ | ||
| 529 | if (pobj->type != X509_LU_X509) return 0; | ||
| 530 | if (X509_NAME_cmp(xn, X509_get_subject_name(pobj->data.x509))) return 0; | ||
| 531 | if (ctx->check_issued(ctx, x, pobj->data.x509)) | ||
| 532 | { | ||
| 533 | *issuer = pobj->data.x509; | ||
| 534 | X509_OBJECT_up_ref_count(pobj); | ||
| 535 | return 1; | ||
| 536 | } | ||
| 537 | } | ||
| 538 | return 0; | ||
| 539 | } | ||
| 540 | |||
| 541 | void X509_STORE_set_flags(X509_STORE *ctx, long flags) | ||
| 421 | { | 542 | { |
| 422 | ctx->ctx=store; | 543 | ctx->flags |= flags; |
| 423 | ctx->current_method=0; | ||
| 424 | ctx->cert=x509; | ||
| 425 | ctx->untrusted=chain; | ||
| 426 | ctx->last_untrusted=0; | ||
| 427 | ctx->valid=0; | ||
| 428 | ctx->chain=NULL; | ||
| 429 | ctx->depth=10; | ||
| 430 | ctx->error=0; | ||
| 431 | ctx->current_cert=NULL; | ||
| 432 | memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); | ||
| 433 | } | 544 | } |
| 434 | 545 | ||
| 435 | void X509_STORE_CTX_cleanup(ctx) | 546 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose) |
| 436 | X509_STORE_CTX *ctx; | ||
| 437 | { | 547 | { |
| 438 | if (ctx->chain != NULL) | 548 | return X509_PURPOSE_set(&ctx->purpose, purpose); |
| 439 | { | 549 | } |
| 440 | sk_pop_free(ctx->chain,X509_free); | 550 | |
| 441 | ctx->chain=NULL; | 551 | int X509_STORE_set_trust(X509_STORE *ctx, int trust) |
| 442 | } | 552 | { |
| 443 | CRYPTO_free_ex_data(x509_store_ctx_meth,(char *)ctx,&(ctx->ex_data)); | 553 | return X509_TRUST_set(&ctx->trust, trust); |
| 444 | memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); | ||
| 445 | } | 554 | } |
| 446 | 555 | ||
| 556 | IMPLEMENT_STACK_OF(X509_LOOKUP) | ||
| 557 | IMPLEMENT_STACK_OF(X509_OBJECT) | ||
diff --git a/src/lib/libcrypto/x509/x509_obj.c b/src/lib/libcrypto/x509/x509_obj.c index c0576fd6f6..1e718f76eb 100644 --- a/src/lib/libcrypto/x509/x509_obj.c +++ b/src/lib/libcrypto/x509/x509_obj.c | |||
| @@ -58,27 +58,27 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "lhash.h" | 61 | #include <openssl/lhash.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | #include "buffer.h" | 64 | #include <openssl/buffer.h> |
| 65 | 65 | ||
| 66 | char *X509_NAME_oneline(a,buf,len) | 66 | char *X509_NAME_oneline(X509_NAME *a, char *buf, int len) |
| 67 | X509_NAME *a; | ||
| 68 | char *buf; | ||
| 69 | int len; | ||
| 70 | { | 67 | { |
| 71 | X509_NAME_ENTRY *ne; | 68 | X509_NAME_ENTRY *ne; |
| 72 | unsigned int i; | 69 | int i; |
| 73 | int n,lold,l,l1,l2,num,j,type; | 70 | int n,lold,l,l1,l2,num,j,type; |
| 74 | char *s,*p; | 71 | const char *s; |
| 72 | char *p; | ||
| 75 | unsigned char *q; | 73 | unsigned char *q; |
| 76 | BUF_MEM *b=NULL; | 74 | BUF_MEM *b=NULL; |
| 77 | static char hex[17]="0123456789ABCDEF"; | 75 | static char hex[17]="0123456789ABCDEF"; |
| 78 | int gs_doit[4]; | 76 | int gs_doit[4]; |
| 79 | char tmp_buf[80]; | 77 | char tmp_buf[80]; |
| 78 | #ifdef CHARSET_EBCDIC | ||
| 79 | char ebcdic_buf[1024]; | ||
| 80 | #endif | ||
| 80 | 81 | ||
| 81 | if (a == NULL) return("NO X509_NAME"); | ||
| 82 | if (buf == NULL) | 82 | if (buf == NULL) |
| 83 | { | 83 | { |
| 84 | if ((b=BUF_MEM_new()) == NULL) goto err; | 84 | if ((b=BUF_MEM_new()) == NULL) goto err; |
| @@ -86,12 +86,23 @@ int len; | |||
| 86 | b->data[0]='\0'; | 86 | b->data[0]='\0'; |
| 87 | len=200; | 87 | len=200; |
| 88 | } | 88 | } |
| 89 | if (a == NULL) | ||
| 90 | { | ||
| 91 | if(b) | ||
| 92 | { | ||
| 93 | buf=b->data; | ||
| 94 | OPENSSL_free(b); | ||
| 95 | } | ||
| 96 | strncpy(buf,"NO X509_NAME",len); | ||
| 97 | buf[len-1]='\0'; | ||
| 98 | return buf; | ||
| 99 | } | ||
| 89 | 100 | ||
| 90 | len--; /* space for '\0' */ | 101 | len--; /* space for '\0' */ |
| 91 | l=0; | 102 | l=0; |
| 92 | for (i=0; (int)i<sk_num(a->entries); i++) | 103 | for (i=0; i<sk_X509_NAME_ENTRY_num(a->entries); i++) |
| 93 | { | 104 | { |
| 94 | ne=(X509_NAME_ENTRY *)sk_value(a->entries,i); | 105 | ne=sk_X509_NAME_ENTRY_value(a->entries,i); |
| 95 | n=OBJ_obj2nid(ne->object); | 106 | n=OBJ_obj2nid(ne->object); |
| 96 | if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) | 107 | if ((n == NID_undef) || ((s=OBJ_nid2sn(n)) == NULL)) |
| 97 | { | 108 | { |
| @@ -103,6 +114,19 @@ int len; | |||
| 103 | type=ne->value->type; | 114 | type=ne->value->type; |
| 104 | num=ne->value->length; | 115 | num=ne->value->length; |
| 105 | q=ne->value->data; | 116 | q=ne->value->data; |
| 117 | #ifdef CHARSET_EBCDIC | ||
| 118 | if (type == V_ASN1_GENERALSTRING || | ||
| 119 | type == V_ASN1_VISIBLESTRING || | ||
| 120 | type == V_ASN1_PRINTABLESTRING || | ||
| 121 | type == V_ASN1_TELETEXSTRING || | ||
| 122 | type == V_ASN1_VISIBLESTRING || | ||
| 123 | type == V_ASN1_IA5STRING) { | ||
| 124 | ascii2ebcdic(ebcdic_buf, q, | ||
| 125 | (num > sizeof ebcdic_buf) | ||
| 126 | ? sizeof ebcdic_buf : num); | ||
| 127 | q=ebcdic_buf; | ||
| 128 | } | ||
| 129 | #endif | ||
| 106 | 130 | ||
| 107 | if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) | 131 | if ((type == V_ASN1_GENERALSTRING) && ((num%4) == 0)) |
| 108 | { | 132 | { |
| @@ -125,7 +149,12 @@ int len; | |||
| 125 | { | 149 | { |
| 126 | if (!gs_doit[j&3]) continue; | 150 | if (!gs_doit[j&3]) continue; |
| 127 | l2++; | 151 | l2++; |
| 152 | #ifndef CHARSET_EBCDIC | ||
| 128 | if ((q[j] < ' ') || (q[j] > '~')) l2+=3; | 153 | if ((q[j] < ' ') || (q[j] > '~')) l2+=3; |
| 154 | #else | ||
| 155 | if ((os_toascii[q[j]] < os_toascii[' ']) || | ||
| 156 | (os_toascii[q[j]] > os_toascii['~'])) l2+=3; | ||
| 157 | #endif | ||
| 129 | } | 158 | } |
| 130 | 159 | ||
| 131 | lold=l; | 160 | lold=l; |
| @@ -145,11 +174,14 @@ int len; | |||
| 145 | memcpy(p,s,(unsigned int)l1); p+=l1; | 174 | memcpy(p,s,(unsigned int)l1); p+=l1; |
| 146 | *(p++)='='; | 175 | *(p++)='='; |
| 147 | 176 | ||
| 177 | #ifndef CHARSET_EBCDIC /* q was assigned above already. */ | ||
| 148 | q=ne->value->data; | 178 | q=ne->value->data; |
| 179 | #endif | ||
| 149 | 180 | ||
| 150 | for (j=0; j<num; j++) | 181 | for (j=0; j<num; j++) |
| 151 | { | 182 | { |
| 152 | if (!gs_doit[j&3]) continue; | 183 | if (!gs_doit[j&3]) continue; |
| 184 | #ifndef CHARSET_EBCDIC | ||
| 153 | n=q[j]; | 185 | n=q[j]; |
| 154 | if ((n < ' ') || (n > '~')) | 186 | if ((n < ' ') || (n > '~')) |
| 155 | { | 187 | { |
| @@ -160,16 +192,31 @@ int len; | |||
| 160 | } | 192 | } |
| 161 | else | 193 | else |
| 162 | *(p++)=n; | 194 | *(p++)=n; |
| 195 | #else | ||
| 196 | n=os_toascii[q[j]]; | ||
| 197 | if ((n < os_toascii[' ']) || | ||
| 198 | (n > os_toascii['~'])) | ||
| 199 | { | ||
| 200 | *(p++)='\\'; | ||
| 201 | *(p++)='x'; | ||
| 202 | *(p++)=hex[(n>>4)&0x0f]; | ||
| 203 | *(p++)=hex[n&0x0f]; | ||
| 204 | } | ||
| 205 | else | ||
| 206 | *(p++)=q[j]; | ||
| 207 | #endif | ||
| 163 | } | 208 | } |
| 164 | *p='\0'; | 209 | *p='\0'; |
| 165 | } | 210 | } |
| 166 | if (b != NULL) | 211 | if (b != NULL) |
| 167 | { | 212 | { |
| 168 | p=b->data; | 213 | p=b->data; |
| 169 | Free((char *)b); | 214 | OPENSSL_free(b); |
| 170 | } | 215 | } |
| 171 | else | 216 | else |
| 172 | p=buf; | 217 | p=buf; |
| 218 | if (i == 0) | ||
| 219 | *p = '\0'; | ||
| 173 | return(p); | 220 | return(p); |
| 174 | err: | 221 | err: |
| 175 | X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); | 222 | X509err(X509_F_X509_NAME_ONELINE,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/x509/x509_r2x.c b/src/lib/libcrypto/x509/x509_r2x.c index 6aec2427f7..db051033d9 100644 --- a/src/lib/libcrypto/x509/x509_r2x.c +++ b/src/lib/libcrypto/x509/x509_r2x.c | |||
| @@ -58,22 +58,16 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "asn1.h" | 63 | #include <openssl/asn1.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "objects.h" | 65 | #include <openssl/objects.h> |
| 66 | #include "buffer.h" | 66 | #include <openssl/buffer.h> |
| 67 | #include "pem.h" | ||
| 68 | 67 | ||
| 69 | X509 *X509_REQ_to_X509(r,days,pkey) | 68 | X509 *X509_REQ_to_X509(X509_REQ *r, int days, EVP_PKEY *pkey) |
| 70 | X509_REQ *r; | ||
| 71 | int days; | ||
| 72 | EVP_PKEY *pkey; | ||
| 73 | { | 69 | { |
| 74 | X509 *ret=NULL; | 70 | X509 *ret=NULL; |
| 75 | int er=1; | ||
| 76 | X509_REQ_INFO *ri=NULL; | ||
| 77 | X509_CINF *xi=NULL; | 71 | X509_CINF *xi=NULL; |
| 78 | X509_NAME *xn; | 72 | X509_NAME *xn; |
| 79 | 73 | ||
| @@ -84,15 +78,11 @@ EVP_PKEY *pkey; | |||
| 84 | } | 78 | } |
| 85 | 79 | ||
| 86 | /* duplicate the request */ | 80 | /* duplicate the request */ |
| 87 | ri=(X509_REQ_INFO *)ASN1_dup(i2d_X509_REQ_INFO, | ||
| 88 | (char *(*)())d2i_X509_REQ_INFO,(char *)r->req_info); | ||
| 89 | if (ri == NULL) goto err; | ||
| 90 | |||
| 91 | xi=ret->cert_info; | 81 | xi=ret->cert_info; |
| 92 | 82 | ||
| 93 | if (sk_num(ri->attributes) != 0) | 83 | if (sk_X509_ATTRIBUTE_num(r->req_info->attributes) != 0) |
| 94 | { | 84 | { |
| 95 | if ((xi->version=ASN1_INTEGER_new()) == NULL) goto err; | 85 | if ((xi->version=M_ASN1_INTEGER_new()) == NULL) goto err; |
| 96 | if (!ASN1_INTEGER_set(xi->version,2)) goto err; | 86 | if (!ASN1_INTEGER_set(xi->version,2)) goto err; |
| 97 | /* xi->extensions=ri->attributes; <- bad, should not ever be done | 87 | /* xi->extensions=ri->attributes; <- bad, should not ever be done |
| 98 | ri->attributes=NULL; */ | 88 | ri->attributes=NULL; */ |
| @@ -109,13 +99,11 @@ EVP_PKEY *pkey; | |||
| 109 | 99 | ||
| 110 | if (!X509_sign(ret,pkey,EVP_md5())) | 100 | if (!X509_sign(ret,pkey,EVP_md5())) |
| 111 | goto err; | 101 | goto err; |
| 112 | er=0; | 102 | if (0) |
| 113 | err: | ||
| 114 | if (er) | ||
| 115 | { | 103 | { |
| 104 | err: | ||
| 116 | X509_free(ret); | 105 | X509_free(ret); |
| 117 | X509_REQ_INFO_free(ri); | 106 | ret=NULL; |
| 118 | return(NULL); | ||
| 119 | } | 107 | } |
| 120 | return(ret); | 108 | return(ret); |
| 121 | } | 109 | } |
diff --git a/src/lib/libcrypto/x509/x509_req.c b/src/lib/libcrypto/x509/x509_req.c index 5004365bad..0affa3bf30 100644 --- a/src/lib/libcrypto/x509/x509_req.c +++ b/src/lib/libcrypto/x509/x509_req.c | |||
| @@ -58,22 +58,20 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "bn.h" | 61 | #include <openssl/bn.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "asn1.h" | 63 | #include <openssl/asn1.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "objects.h" | 65 | #include <openssl/objects.h> |
| 66 | #include "buffer.h" | 66 | #include <openssl/buffer.h> |
| 67 | #include "pem.h" | 67 | #include <openssl/pem.h> |
| 68 | 68 | ||
| 69 | X509_REQ *X509_to_X509_REQ(x,pkey,md) | 69 | X509_REQ *X509_to_X509_REQ(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 70 | X509 *x; | ||
| 71 | EVP_PKEY *pkey; | ||
| 72 | EVP_MD *md; | ||
| 73 | { | 70 | { |
| 74 | X509_REQ *ret; | 71 | X509_REQ *ret; |
| 75 | X509_REQ_INFO *ri; | 72 | X509_REQ_INFO *ri; |
| 76 | int i; | 73 | int i; |
| 74 | EVP_PKEY *pktmp; | ||
| 77 | 75 | ||
| 78 | ret=X509_REQ_new(); | 76 | ret=X509_REQ_new(); |
| 79 | if (ret == NULL) | 77 | if (ret == NULL) |
| @@ -85,14 +83,16 @@ EVP_MD *md; | |||
| 85 | ri=ret->req_info; | 83 | ri=ret->req_info; |
| 86 | 84 | ||
| 87 | ri->version->length=1; | 85 | ri->version->length=1; |
| 88 | ri->version->data=(unsigned char *)Malloc(1); | 86 | ri->version->data=(unsigned char *)OPENSSL_malloc(1); |
| 89 | if (ri->version->data == NULL) goto err; | 87 | if (ri->version->data == NULL) goto err; |
| 90 | ri->version->data[0]=0; /* version == 0 */ | 88 | ri->version->data[0]=0; /* version == 0 */ |
| 91 | 89 | ||
| 92 | if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) | 90 | if (!X509_REQ_set_subject_name(ret,X509_get_subject_name(x))) |
| 93 | goto err; | 91 | goto err; |
| 94 | 92 | ||
| 95 | i=X509_REQ_set_pubkey(ret,X509_get_pubkey(x)); | 93 | pktmp = X509_get_pubkey(x); |
| 94 | i=X509_REQ_set_pubkey(ret,pktmp); | ||
| 95 | EVP_PKEY_free(pktmp); | ||
| 96 | if (!i) goto err; | 96 | if (!i) goto err; |
| 97 | 97 | ||
| 98 | if (pkey != NULL) | 98 | if (pkey != NULL) |
| @@ -106,11 +106,173 @@ err: | |||
| 106 | return(NULL); | 106 | return(NULL); |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | EVP_PKEY *X509_REQ_get_pubkey(req) | 109 | EVP_PKEY *X509_REQ_get_pubkey(X509_REQ *req) |
| 110 | X509_REQ *req; | ||
| 111 | { | 110 | { |
| 112 | if ((req == NULL) || (req->req_info == NULL)) | 111 | if ((req == NULL) || (req->req_info == NULL)) |
| 113 | return(NULL); | 112 | return(NULL); |
| 114 | return(X509_PUBKEY_get(req->req_info->pubkey)); | 113 | return(X509_PUBKEY_get(req->req_info->pubkey)); |
| 115 | } | 114 | } |
| 116 | 115 | ||
| 116 | /* It seems several organisations had the same idea of including a list of | ||
| 117 | * extensions in a certificate request. There are at least two OIDs that are | ||
| 118 | * used and there may be more: so the list is configurable. | ||
| 119 | */ | ||
| 120 | |||
| 121 | static int ext_nid_list[] = { NID_ms_ext_req, NID_ext_req, NID_undef}; | ||
| 122 | |||
| 123 | static int *ext_nids = ext_nid_list; | ||
| 124 | |||
| 125 | int X509_REQ_extension_nid(int req_nid) | ||
| 126 | { | ||
| 127 | int i, nid; | ||
| 128 | for(i = 0; ; i++) { | ||
| 129 | nid = ext_nids[i]; | ||
| 130 | if(nid == NID_undef) return 0; | ||
| 131 | else if (req_nid == nid) return 1; | ||
| 132 | } | ||
| 133 | } | ||
| 134 | |||
| 135 | int *X509_REQ_get_extension_nids(void) | ||
| 136 | { | ||
| 137 | return ext_nids; | ||
| 138 | } | ||
| 139 | |||
| 140 | void X509_REQ_set_extension_nids(int *nids) | ||
| 141 | { | ||
| 142 | ext_nids = nids; | ||
| 143 | } | ||
| 144 | |||
| 145 | STACK_OF(X509_EXTENSION) *X509_REQ_get_extensions(X509_REQ *req) | ||
| 146 | { | ||
| 147 | X509_ATTRIBUTE *attr; | ||
| 148 | STACK_OF(X509_ATTRIBUTE) *sk; | ||
| 149 | ASN1_TYPE *ext = NULL; | ||
| 150 | int i; | ||
| 151 | unsigned char *p; | ||
| 152 | if ((req == NULL) || (req->req_info == NULL)) | ||
| 153 | return(NULL); | ||
| 154 | sk=req->req_info->attributes; | ||
| 155 | if (!sk) return NULL; | ||
| 156 | for(i = 0; i < sk_X509_ATTRIBUTE_num(sk); i++) { | ||
| 157 | attr = sk_X509_ATTRIBUTE_value(sk, i); | ||
| 158 | if(X509_REQ_extension_nid(OBJ_obj2nid(attr->object))) { | ||
| 159 | if(attr->single) ext = attr->value.single; | ||
| 160 | else if(sk_ASN1_TYPE_num(attr->value.set)) | ||
| 161 | ext = sk_ASN1_TYPE_value(attr->value.set, 0); | ||
| 162 | break; | ||
| 163 | } | ||
| 164 | } | ||
| 165 | if(!ext || (ext->type != V_ASN1_SEQUENCE)) return NULL; | ||
| 166 | p = ext->value.sequence->data; | ||
| 167 | return d2i_ASN1_SET_OF_X509_EXTENSION(NULL, &p, | ||
| 168 | ext->value.sequence->length, | ||
| 169 | d2i_X509_EXTENSION, X509_EXTENSION_free, | ||
| 170 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 171 | } | ||
| 172 | |||
| 173 | /* Add a STACK_OF extensions to a certificate request: allow alternative OIDs | ||
| 174 | * in case we want to create a non standard one. | ||
| 175 | */ | ||
| 176 | |||
| 177 | int X509_REQ_add_extensions_nid(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts, | ||
| 178 | int nid) | ||
| 179 | { | ||
| 180 | unsigned char *p = NULL, *q; | ||
| 181 | long len; | ||
| 182 | ASN1_TYPE *at = NULL; | ||
| 183 | X509_ATTRIBUTE *attr = NULL; | ||
| 184 | if(!(at = ASN1_TYPE_new()) || | ||
| 185 | !(at->value.sequence = ASN1_STRING_new())) goto err; | ||
| 186 | |||
| 187 | at->type = V_ASN1_SEQUENCE; | ||
| 188 | /* Generate encoding of extensions */ | ||
| 189 | len = i2d_ASN1_SET_OF_X509_EXTENSION(exts, NULL, i2d_X509_EXTENSION, | ||
| 190 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 191 | if(!(p = OPENSSL_malloc(len))) goto err; | ||
| 192 | q = p; | ||
| 193 | i2d_ASN1_SET_OF_X509_EXTENSION(exts, &q, i2d_X509_EXTENSION, | ||
| 194 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 195 | at->value.sequence->data = p; | ||
| 196 | p = NULL; | ||
| 197 | at->value.sequence->length = len; | ||
| 198 | if(!(attr = X509_ATTRIBUTE_new())) goto err; | ||
| 199 | if(!(attr->value.set = sk_ASN1_TYPE_new_null())) goto err; | ||
| 200 | if(!sk_ASN1_TYPE_push(attr->value.set, at)) goto err; | ||
| 201 | at = NULL; | ||
| 202 | attr->single = 0; | ||
| 203 | attr->object = OBJ_nid2obj(nid); | ||
| 204 | if(!sk_X509_ATTRIBUTE_push(req->req_info->attributes, attr)) goto err; | ||
| 205 | return 1; | ||
| 206 | err: | ||
| 207 | if(p) OPENSSL_free(p); | ||
| 208 | X509_ATTRIBUTE_free(attr); | ||
| 209 | ASN1_TYPE_free(at); | ||
| 210 | return 0; | ||
| 211 | } | ||
| 212 | /* This is the normal usage: use the "official" OID */ | ||
| 213 | int X509_REQ_add_extensions(X509_REQ *req, STACK_OF(X509_EXTENSION) *exts) | ||
| 214 | { | ||
| 215 | return X509_REQ_add_extensions_nid(req, exts, NID_ext_req); | ||
| 216 | } | ||
| 217 | |||
| 218 | /* Request attribute functions */ | ||
| 219 | |||
| 220 | int X509_REQ_get_attr_count(const X509_REQ *req) | ||
| 221 | { | ||
| 222 | return X509at_get_attr_count(req->req_info->attributes); | ||
| 223 | } | ||
| 224 | |||
| 225 | int X509_REQ_get_attr_by_NID(const X509_REQ *req, int nid, | ||
| 226 | int lastpos) | ||
| 227 | { | ||
| 228 | return X509at_get_attr_by_NID(req->req_info->attributes, nid, lastpos); | ||
| 229 | } | ||
| 230 | |||
| 231 | int X509_REQ_get_attr_by_OBJ(const X509_REQ *req, ASN1_OBJECT *obj, | ||
| 232 | int lastpos) | ||
| 233 | { | ||
| 234 | return X509at_get_attr_by_OBJ(req->req_info->attributes, obj, lastpos); | ||
| 235 | } | ||
| 236 | |||
| 237 | X509_ATTRIBUTE *X509_REQ_get_attr(const X509_REQ *req, int loc) | ||
| 238 | { | ||
| 239 | return X509at_get_attr(req->req_info->attributes, loc); | ||
| 240 | } | ||
| 241 | |||
| 242 | X509_ATTRIBUTE *X509_REQ_delete_attr(X509_REQ *req, int loc) | ||
| 243 | { | ||
| 244 | return X509at_delete_attr(req->req_info->attributes, loc); | ||
| 245 | } | ||
| 246 | |||
| 247 | int X509_REQ_add1_attr(X509_REQ *req, X509_ATTRIBUTE *attr) | ||
| 248 | { | ||
| 249 | if(X509at_add1_attr(&req->req_info->attributes, attr)) return 1; | ||
| 250 | return 0; | ||
| 251 | } | ||
| 252 | |||
| 253 | int X509_REQ_add1_attr_by_OBJ(X509_REQ *req, | ||
| 254 | const ASN1_OBJECT *obj, int type, | ||
| 255 | const unsigned char *bytes, int len) | ||
| 256 | { | ||
| 257 | if(X509at_add1_attr_by_OBJ(&req->req_info->attributes, obj, | ||
| 258 | type, bytes, len)) return 1; | ||
| 259 | return 0; | ||
| 260 | } | ||
| 261 | |||
| 262 | int X509_REQ_add1_attr_by_NID(X509_REQ *req, | ||
| 263 | int nid, int type, | ||
| 264 | const unsigned char *bytes, int len) | ||
| 265 | { | ||
| 266 | if(X509at_add1_attr_by_NID(&req->req_info->attributes, nid, | ||
| 267 | type, bytes, len)) return 1; | ||
| 268 | return 0; | ||
| 269 | } | ||
| 270 | |||
| 271 | int X509_REQ_add1_attr_by_txt(X509_REQ *req, | ||
| 272 | const char *attrname, int type, | ||
| 273 | const unsigned char *bytes, int len) | ||
| 274 | { | ||
| 275 | if(X509at_add1_attr_by_txt(&req->req_info->attributes, attrname, | ||
| 276 | type, bytes, len)) return 1; | ||
| 277 | return 0; | ||
| 278 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_set.c b/src/lib/libcrypto/x509/x509_set.c index 5d0a3a0c0e..aaf61ca062 100644 --- a/src/lib/libcrypto/x509/x509_set.c +++ b/src/lib/libcrypto/x509/x509_set.c | |||
| @@ -58,27 +58,23 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | 65 | ||
| 66 | int X509_set_version(x,version) | 66 | int X509_set_version(X509 *x, long version) |
| 67 | X509 *x; | ||
| 68 | long version; | ||
| 69 | { | 67 | { |
| 70 | if (x == NULL) return(0); | 68 | if (x == NULL) return(0); |
| 71 | if (x->cert_info->version == NULL) | 69 | if (x->cert_info->version == NULL) |
| 72 | { | 70 | { |
| 73 | if ((x->cert_info->version=ASN1_INTEGER_new()) == NULL) | 71 | if ((x->cert_info->version=M_ASN1_INTEGER_new()) == NULL) |
| 74 | return(0); | 72 | return(0); |
| 75 | } | 73 | } |
| 76 | return(ASN1_INTEGER_set(x->cert_info->version,version)); | 74 | return(ASN1_INTEGER_set(x->cert_info->version,version)); |
| 77 | } | 75 | } |
| 78 | 76 | ||
| 79 | int X509_set_serialNumber(x,serial) | 77 | int X509_set_serialNumber(X509 *x, ASN1_INTEGER *serial) |
| 80 | X509 *x; | ||
| 81 | ASN1_INTEGER *serial; | ||
| 82 | { | 78 | { |
| 83 | ASN1_INTEGER *in; | 79 | ASN1_INTEGER *in; |
| 84 | 80 | ||
| @@ -86,75 +82,65 @@ ASN1_INTEGER *serial; | |||
| 86 | in=x->cert_info->serialNumber; | 82 | in=x->cert_info->serialNumber; |
| 87 | if (in != serial) | 83 | if (in != serial) |
| 88 | { | 84 | { |
| 89 | in=ASN1_INTEGER_dup(serial); | 85 | in=M_ASN1_INTEGER_dup(serial); |
| 90 | if (in != NULL) | 86 | if (in != NULL) |
| 91 | { | 87 | { |
| 92 | ASN1_INTEGER_free(x->cert_info->serialNumber); | 88 | M_ASN1_INTEGER_free(x->cert_info->serialNumber); |
| 93 | x->cert_info->serialNumber=in; | 89 | x->cert_info->serialNumber=in; |
| 94 | } | 90 | } |
| 95 | } | 91 | } |
| 96 | return(in != NULL); | 92 | return(in != NULL); |
| 97 | } | 93 | } |
| 98 | 94 | ||
| 99 | int X509_set_issuer_name(x,name) | 95 | int X509_set_issuer_name(X509 *x, X509_NAME *name) |
| 100 | X509 *x; | ||
| 101 | X509_NAME *name; | ||
| 102 | { | 96 | { |
| 103 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | 97 | if ((x == NULL) || (x->cert_info == NULL)) return(0); |
| 104 | return(X509_NAME_set(&x->cert_info->issuer,name)); | 98 | return(X509_NAME_set(&x->cert_info->issuer,name)); |
| 105 | } | 99 | } |
| 106 | 100 | ||
| 107 | int X509_set_subject_name(x,name) | 101 | int X509_set_subject_name(X509 *x, X509_NAME *name) |
| 108 | X509 *x; | ||
| 109 | X509_NAME *name; | ||
| 110 | { | 102 | { |
| 111 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | 103 | if ((x == NULL) || (x->cert_info == NULL)) return(0); |
| 112 | return(X509_NAME_set(&x->cert_info->subject,name)); | 104 | return(X509_NAME_set(&x->cert_info->subject,name)); |
| 113 | } | 105 | } |
| 114 | 106 | ||
| 115 | int X509_set_notBefore(x,tm) | 107 | int X509_set_notBefore(X509 *x, ASN1_TIME *tm) |
| 116 | X509 *x; | ||
| 117 | ASN1_UTCTIME *tm; | ||
| 118 | { | 108 | { |
| 119 | ASN1_UTCTIME *in; | 109 | ASN1_TIME *in; |
| 120 | 110 | ||
| 121 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); | 111 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); |
| 122 | in=x->cert_info->validity->notBefore; | 112 | in=x->cert_info->validity->notBefore; |
| 123 | if (in != tm) | 113 | if (in != tm) |
| 124 | { | 114 | { |
| 125 | in=ASN1_UTCTIME_dup(tm); | 115 | in=M_ASN1_TIME_dup(tm); |
| 126 | if (in != NULL) | 116 | if (in != NULL) |
| 127 | { | 117 | { |
| 128 | ASN1_UTCTIME_free(x->cert_info->validity->notBefore); | 118 | M_ASN1_TIME_free(x->cert_info->validity->notBefore); |
| 129 | x->cert_info->validity->notBefore=in; | 119 | x->cert_info->validity->notBefore=in; |
| 130 | } | 120 | } |
| 131 | } | 121 | } |
| 132 | return(in != NULL); | 122 | return(in != NULL); |
| 133 | } | 123 | } |
| 134 | 124 | ||
| 135 | int X509_set_notAfter(x,tm) | 125 | int X509_set_notAfter(X509 *x, ASN1_TIME *tm) |
| 136 | X509 *x; | ||
| 137 | ASN1_UTCTIME *tm; | ||
| 138 | { | 126 | { |
| 139 | ASN1_UTCTIME *in; | 127 | ASN1_TIME *in; |
| 140 | 128 | ||
| 141 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); | 129 | if ((x == NULL) || (x->cert_info->validity == NULL)) return(0); |
| 142 | in=x->cert_info->validity->notAfter; | 130 | in=x->cert_info->validity->notAfter; |
| 143 | if (in != tm) | 131 | if (in != tm) |
| 144 | { | 132 | { |
| 145 | in=ASN1_UTCTIME_dup(tm); | 133 | in=M_ASN1_TIME_dup(tm); |
| 146 | if (in != NULL) | 134 | if (in != NULL) |
| 147 | { | 135 | { |
| 148 | ASN1_UTCTIME_free(x->cert_info->validity->notAfter); | 136 | M_ASN1_TIME_free(x->cert_info->validity->notAfter); |
| 149 | x->cert_info->validity->notAfter=in; | 137 | x->cert_info->validity->notAfter=in; |
| 150 | } | 138 | } |
| 151 | } | 139 | } |
| 152 | return(in != NULL); | 140 | return(in != NULL); |
| 153 | } | 141 | } |
| 154 | 142 | ||
| 155 | int X509_set_pubkey(x,pkey) | 143 | int X509_set_pubkey(X509 *x, EVP_PKEY *pkey) |
| 156 | X509 *x; | ||
| 157 | EVP_PKEY *pkey; | ||
| 158 | { | 144 | { |
| 159 | if ((x == NULL) || (x->cert_info == NULL)) return(0); | 145 | if ((x == NULL) || (x->cert_info == NULL)) return(0); |
| 160 | return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); | 146 | return(X509_PUBKEY_set(&(x->cert_info->key),pkey)); |
diff --git a/src/lib/libcrypto/x509/x509_trs.c b/src/lib/libcrypto/x509/x509_trs.c index 9f7d67952d..17d69ac005 100644 --- a/src/lib/libcrypto/x509/x509_trs.c +++ b/src/lib/libcrypto/x509/x509_trs.c | |||
| @@ -61,11 +61,13 @@ | |||
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
| 62 | 62 | ||
| 63 | 63 | ||
| 64 | static int tr_cmp(X509_TRUST **a, X509_TRUST **b); | 64 | static int tr_cmp(const X509_TRUST * const *a, |
| 65 | const X509_TRUST * const *b); | ||
| 65 | static void trtable_free(X509_TRUST *p); | 66 | static void trtable_free(X509_TRUST *p); |
| 66 | 67 | ||
| 67 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); | 68 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags); |
| 68 | static int trust_any(X509_TRUST *trust, X509 *x, int flags); | 69 | static int trust_1oid(X509_TRUST *trust, X509 *x, int flags); |
| 70 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags); | ||
| 69 | 71 | ||
| 70 | static int obj_trust(int id, X509 *x, int flags); | 72 | static int obj_trust(int id, X509 *x, int flags); |
| 71 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | 73 | static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; |
| @@ -76,10 +78,12 @@ static int (*default_trust)(int id, X509 *x, int flags) = obj_trust; | |||
| 76 | */ | 78 | */ |
| 77 | 79 | ||
| 78 | static X509_TRUST trstandard[] = { | 80 | static X509_TRUST trstandard[] = { |
| 79 | {X509_TRUST_ANY, 0, trust_any, "Any", 0, NULL}, | 81 | {X509_TRUST_COMPAT, 0, trust_compat, "compatible", 0, NULL}, |
| 80 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, | 82 | {X509_TRUST_SSL_CLIENT, 0, trust_1oidany, "SSL Client", NID_client_auth, NULL}, |
| 81 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Client", NID_server_auth, NULL}, | 83 | {X509_TRUST_SSL_SERVER, 0, trust_1oidany, "SSL Server", NID_server_auth, NULL}, |
| 82 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, | 84 | {X509_TRUST_EMAIL, 0, trust_1oidany, "S/MIME email", NID_email_protect, NULL}, |
| 85 | {X509_TRUST_OCSP_SIGN, 0, trust_1oid, "OCSP responder", NID_OCSP_sign, NULL}, | ||
| 86 | {X509_TRUST_OCSP_REQUEST, 0, trust_1oid, "OCSP request", NID_ad_OCSP, NULL} | ||
| 83 | }; | 87 | }; |
| 84 | 88 | ||
| 85 | #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) | 89 | #define X509_TRUST_COUNT (sizeof(trstandard)/sizeof(X509_TRUST)) |
| @@ -88,17 +92,18 @@ IMPLEMENT_STACK_OF(X509_TRUST) | |||
| 88 | 92 | ||
| 89 | static STACK_OF(X509_TRUST) *trtable = NULL; | 93 | static STACK_OF(X509_TRUST) *trtable = NULL; |
| 90 | 94 | ||
| 91 | static int tr_cmp(X509_TRUST **a, X509_TRUST **b) | 95 | static int tr_cmp(const X509_TRUST * const *a, |
| 96 | const X509_TRUST * const *b) | ||
| 92 | { | 97 | { |
| 93 | return (*a)->trust - (*b)->trust; | 98 | return (*a)->trust - (*b)->trust; |
| 94 | } | 99 | } |
| 95 | 100 | ||
| 96 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) | 101 | int (*X509_TRUST_set_default(int (*trust)(int , X509 *, int)))(int, X509 *, int) |
| 97 | { | 102 | { |
| 98 | int (*oldtrust)(int , X509 *, int); | 103 | int (*oldtrust)(int , X509 *, int); |
| 99 | oldtrust = default_trust; | 104 | oldtrust = default_trust; |
| 100 | default_trust = trust; | 105 | default_trust = trust; |
| 101 | return oldtrust; | 106 | return oldtrust; |
| 102 | } | 107 | } |
| 103 | 108 | ||
| 104 | 109 | ||
| @@ -107,8 +112,8 @@ int X509_check_trust(X509 *x, int id, int flags) | |||
| 107 | X509_TRUST *pt; | 112 | X509_TRUST *pt; |
| 108 | int idx; | 113 | int idx; |
| 109 | if(id == -1) return 1; | 114 | if(id == -1) return 1; |
| 110 | if(!(idx = X509_TRUST_get_by_id(id))) | 115 | idx = X509_TRUST_get_by_id(id); |
| 111 | return default_trust(id, x, flags); | 116 | if(idx == -1) return default_trust(id, x, flags); |
| 112 | pt = X509_TRUST_get0(idx); | 117 | pt = X509_TRUST_get0(idx); |
| 113 | return pt->check_trust(pt, x, flags); | 118 | return pt->check_trust(pt, x, flags); |
| 114 | } | 119 | } |
| @@ -139,6 +144,16 @@ int X509_TRUST_get_by_id(int id) | |||
| 139 | return idx + X509_TRUST_COUNT; | 144 | return idx + X509_TRUST_COUNT; |
| 140 | } | 145 | } |
| 141 | 146 | ||
| 147 | int X509_TRUST_set(int *t, int trust) | ||
| 148 | { | ||
| 149 | if(X509_TRUST_get_by_id(trust) == -1) { | ||
| 150 | X509err(X509_F_X509_TRUST_SET, X509_R_INVALID_TRUST); | ||
| 151 | return 0; | ||
| 152 | } | ||
| 153 | *t = trust; | ||
| 154 | return 1; | ||
| 155 | } | ||
| 156 | |||
| 142 | int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | 157 | int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), |
| 143 | char *name, int arg1, void *arg2) | 158 | char *name, int arg1, void *arg2) |
| 144 | { | 159 | { |
| @@ -152,15 +167,15 @@ int X509_TRUST_add(int id, int flags, int (*ck)(X509_TRUST *, X509 *, int), | |||
| 152 | idx = X509_TRUST_get_by_id(id); | 167 | idx = X509_TRUST_get_by_id(id); |
| 153 | /* Need a new entry */ | 168 | /* Need a new entry */ |
| 154 | if(idx == -1) { | 169 | if(idx == -1) { |
| 155 | if(!(trtmp = Malloc(sizeof(X509_TRUST)))) { | 170 | if(!(trtmp = OPENSSL_malloc(sizeof(X509_TRUST)))) { |
| 156 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | 171 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); |
| 157 | return 0; | 172 | return 0; |
| 158 | } | 173 | } |
| 159 | trtmp->flags = X509_TRUST_DYNAMIC; | 174 | trtmp->flags = X509_TRUST_DYNAMIC; |
| 160 | } else trtmp = X509_TRUST_get0(idx); | 175 | } else trtmp = X509_TRUST_get0(idx); |
| 161 | 176 | ||
| 162 | /* Free existing name if dynamic */ | 177 | /* OPENSSL_free existing name if dynamic */ |
| 163 | if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) Free(trtmp->name); | 178 | if(trtmp->flags & X509_TRUST_DYNAMIC_NAME) OPENSSL_free(trtmp->name); |
| 164 | /* dup supplied name */ | 179 | /* dup supplied name */ |
| 165 | if(!(trtmp->name = BUF_strdup(name))) { | 180 | if(!(trtmp->name = BUF_strdup(name))) { |
| 166 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); | 181 | X509err(X509_F_X509_TRUST_ADD,ERR_R_MALLOC_FAILURE); |
| @@ -196,8 +211,8 @@ static void trtable_free(X509_TRUST *p) | |||
| 196 | if (p->flags & X509_TRUST_DYNAMIC) | 211 | if (p->flags & X509_TRUST_DYNAMIC) |
| 197 | { | 212 | { |
| 198 | if (p->flags & X509_TRUST_DYNAMIC_NAME) | 213 | if (p->flags & X509_TRUST_DYNAMIC_NAME) |
| 199 | Free(p->name); | 214 | OPENSSL_free(p->name); |
| 200 | Free(p); | 215 | OPENSSL_free(p); |
| 201 | } | 216 | } |
| 202 | } | 217 | } |
| 203 | 218 | ||
| @@ -226,10 +241,22 @@ int X509_TRUST_get_trust(X509_TRUST *xp) | |||
| 226 | 241 | ||
| 227 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) | 242 | static int trust_1oidany(X509_TRUST *trust, X509 *x, int flags) |
| 228 | { | 243 | { |
| 229 | if(x->aux) return obj_trust(trust->arg1, x, flags); | 244 | if(x->aux && (x->aux->trust || x->aux->reject)) |
| 245 | return obj_trust(trust->arg1, x, flags); | ||
| 230 | /* we don't have any trust settings: for compatibility | 246 | /* we don't have any trust settings: for compatibility |
| 231 | * we return trusted if it is self signed | 247 | * we return trusted if it is self signed |
| 232 | */ | 248 | */ |
| 249 | return trust_compat(trust, x, flags); | ||
| 250 | } | ||
| 251 | |||
| 252 | static int trust_1oid(X509_TRUST *trust, X509 *x, int flags) | ||
| 253 | { | ||
| 254 | if(x->aux) return obj_trust(trust->arg1, x, flags); | ||
| 255 | return X509_TRUST_UNTRUSTED; | ||
| 256 | } | ||
| 257 | |||
| 258 | static int trust_compat(X509_TRUST *trust, X509 *x, int flags) | ||
| 259 | { | ||
| 233 | X509_check_purpose(x, -1, 0); | 260 | X509_check_purpose(x, -1, 0); |
| 234 | if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; | 261 | if(x->ex_flags & EXFLAG_SS) return X509_TRUST_TRUSTED; |
| 235 | else return X509_TRUST_UNTRUSTED; | 262 | else return X509_TRUST_UNTRUSTED; |
| @@ -257,7 +284,3 @@ static int obj_trust(int id, X509 *x, int flags) | |||
| 257 | return X509_TRUST_UNTRUSTED; | 284 | return X509_TRUST_UNTRUSTED; |
| 258 | } | 285 | } |
| 259 | 286 | ||
| 260 | static int trust_any(X509_TRUST *trust, X509 *x, int flags) | ||
| 261 | { | ||
| 262 | return X509_TRUST_TRUSTED; | ||
| 263 | } | ||
diff --git a/src/lib/libcrypto/x509/x509_txt.c b/src/lib/libcrypto/x509/x509_txt.c index 408d1c277c..4f83db8ba2 100644 --- a/src/lib/libcrypto/x509/x509_txt.c +++ b/src/lib/libcrypto/x509/x509_txt.c | |||
| @@ -59,19 +59,16 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <errno.h> | 61 | #include <errno.h> |
| 62 | #include <sys/types.h> | ||
| 63 | 62 | ||
| 64 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 65 | #include "lhash.h" | 64 | #include <openssl/lhash.h> |
| 66 | #include "buffer.h" | 65 | #include <openssl/buffer.h> |
| 67 | #include "evp.h" | 66 | #include <openssl/evp.h> |
| 68 | #include "asn1.h" | 67 | #include <openssl/asn1.h> |
| 69 | #include "x509.h" | 68 | #include <openssl/x509.h> |
| 70 | #include "objects.h" | 69 | #include <openssl/objects.h> |
| 71 | #include "pem.h" | ||
| 72 | 70 | ||
| 73 | char *X509_verify_cert_error_string(n) | 71 | const char *X509_verify_cert_error_string(long n) |
| 74 | long n; | ||
| 75 | { | 72 | { |
| 76 | static char buf[100]; | 73 | static char buf[100]; |
| 77 | 74 | ||
| @@ -86,7 +83,7 @@ long n; | |||
| 86 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | 83 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: |
| 87 | return("unable to decrypt certificate's signature"); | 84 | return("unable to decrypt certificate's signature"); |
| 88 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: | 85 | case X509_V_ERR_UNABLE_TO_DECRYPT_CRL_SIGNATURE: |
| 89 | return("unable to decrypt CRL's's signature"); | 86 | return("unable to decrypt CRL's signature"); |
| 90 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: | 87 | case X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY: |
| 91 | return("unable to decode issuer public key"); | 88 | return("unable to decode issuer public key"); |
| 92 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: | 89 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: |
| @@ -98,7 +95,7 @@ long n; | |||
| 98 | case X509_V_ERR_CRL_NOT_YET_VALID: | 95 | case X509_V_ERR_CRL_NOT_YET_VALID: |
| 99 | return("CRL is not yet valid"); | 96 | return("CRL is not yet valid"); |
| 100 | case X509_V_ERR_CERT_HAS_EXPIRED: | 97 | case X509_V_ERR_CERT_HAS_EXPIRED: |
| 101 | return("Certificate has expired"); | 98 | return("certificate has expired"); |
| 102 | case X509_V_ERR_CRL_HAS_EXPIRED: | 99 | case X509_V_ERR_CRL_HAS_EXPIRED: |
| 103 | return("CRL has expired"); | 100 | return("CRL has expired"); |
| 104 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: | 101 | case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: |
| @@ -121,8 +118,35 @@ long n; | |||
| 121 | return("unable to verify the first certificate"); | 118 | return("unable to verify the first certificate"); |
| 122 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | 119 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: |
| 123 | return("certificate chain too long"); | 120 | return("certificate chain too long"); |
| 121 | case X509_V_ERR_CERT_REVOKED: | ||
| 122 | return("certificate revoked"); | ||
| 123 | case X509_V_ERR_INVALID_CA: | ||
| 124 | return ("invalid CA certificate"); | ||
| 125 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | ||
| 126 | return ("path length constraint exceeded"); | ||
| 127 | case X509_V_ERR_INVALID_PURPOSE: | ||
| 128 | return ("unsupported certificate purpose"); | ||
| 129 | case X509_V_ERR_CERT_UNTRUSTED: | ||
| 130 | return ("certificate not trusted"); | ||
| 131 | case X509_V_ERR_CERT_REJECTED: | ||
| 132 | return ("certificate rejected"); | ||
| 124 | case X509_V_ERR_APPLICATION_VERIFICATION: | 133 | case X509_V_ERR_APPLICATION_VERIFICATION: |
| 125 | return("application verification failure"); | 134 | return("application verification failure"); |
| 135 | case X509_V_ERR_SUBJECT_ISSUER_MISMATCH: | ||
| 136 | return("subject issuer mismatch"); | ||
| 137 | case X509_V_ERR_AKID_SKID_MISMATCH: | ||
| 138 | return("authority and subject key identifier mismatch"); | ||
| 139 | case X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH: | ||
| 140 | return("authority and issuer serial number mismatch"); | ||
| 141 | case X509_V_ERR_KEYUSAGE_NO_CERTSIGN: | ||
| 142 | return("key usage does not include certificate signing"); | ||
| 143 | |||
| 144 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | ||
| 145 | return("unable to get CRL issuer certificate"); | ||
| 146 | |||
| 147 | case X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION: | ||
| 148 | return("unhandled critical extension"); | ||
| 149 | |||
| 126 | default: | 150 | default: |
| 127 | sprintf(buf,"error number %ld",n); | 151 | sprintf(buf,"error number %ld",n); |
| 128 | return(buf); | 152 | return(buf); |
diff --git a/src/lib/libcrypto/x509/x509_v3.c b/src/lib/libcrypto/x509/x509_v3.c index 1c03602f0b..b5f7daa2e5 100644 --- a/src/lib/libcrypto/x509/x509_v3.c +++ b/src/lib/libcrypto/x509/x509_v3.c | |||
| @@ -57,34 +57,22 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "stack.h" | 60 | #include <openssl/stack.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "asn1.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "evp.h" | 64 | #include <openssl/evp.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | #include <openssl/x509v3.h> | ||
| 66 | 67 | ||
| 67 | #ifndef NOPROTO | 68 | int X509v3_get_ext_count(const STACK_OF(X509_EXTENSION) *x) |
| 68 | static X509_EXTENSION_METHOD *find_by_nid(int nid); | ||
| 69 | static int xem_cmp(X509_EXTENSION_METHOD **a, X509_EXTENSION_METHOD **b); | ||
| 70 | #else | ||
| 71 | static X509_EXTENSION_METHOD *find_by_nid(); | ||
| 72 | static int xem_cmp(); | ||
| 73 | #endif | ||
| 74 | |||
| 75 | static STACK *extensions=NULL; | ||
| 76 | |||
| 77 | int X509v3_get_ext_count(x) | ||
| 78 | STACK *x; | ||
| 79 | { | 69 | { |
| 80 | if (x == NULL) return(0); | 70 | if (x == NULL) return(0); |
| 81 | return(sk_num(x)); | 71 | return(sk_X509_EXTENSION_num(x)); |
| 82 | } | 72 | } |
| 83 | 73 | ||
| 84 | int X509v3_get_ext_by_NID(x,nid,lastpos) | 74 | int X509v3_get_ext_by_NID(const STACK_OF(X509_EXTENSION) *x, int nid, |
| 85 | STACK *x; | 75 | int lastpos) |
| 86 | int nid; | ||
| 87 | int lastpos; | ||
| 88 | { | 76 | { |
| 89 | ASN1_OBJECT *obj; | 77 | ASN1_OBJECT *obj; |
| 90 | 78 | ||
| @@ -93,10 +81,8 @@ int lastpos; | |||
| 93 | return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); | 81 | return(X509v3_get_ext_by_OBJ(x,obj,lastpos)); |
| 94 | } | 82 | } |
| 95 | 83 | ||
| 96 | int X509v3_get_ext_by_OBJ(sk,obj,lastpos) | 84 | int X509v3_get_ext_by_OBJ(const STACK_OF(X509_EXTENSION) *sk, ASN1_OBJECT *obj, |
| 97 | STACK *sk; | 85 | int lastpos) |
| 98 | ASN1_OBJECT *obj; | ||
| 99 | int lastpos; | ||
| 100 | { | 86 | { |
| 101 | int n; | 87 | int n; |
| 102 | X509_EXTENSION *ex; | 88 | X509_EXTENSION *ex; |
| @@ -105,20 +91,18 @@ int lastpos; | |||
| 105 | lastpos++; | 91 | lastpos++; |
| 106 | if (lastpos < 0) | 92 | if (lastpos < 0) |
| 107 | lastpos=0; | 93 | lastpos=0; |
| 108 | n=sk_num(sk); | 94 | n=sk_X509_EXTENSION_num(sk); |
| 109 | for ( ; lastpos < n; lastpos++) | 95 | for ( ; lastpos < n; lastpos++) |
| 110 | { | 96 | { |
| 111 | ex=(X509_EXTENSION *)sk_value(sk,lastpos); | 97 | ex=sk_X509_EXTENSION_value(sk,lastpos); |
| 112 | if (OBJ_cmp(ex->object,obj) == 0) | 98 | if (OBJ_cmp(ex->object,obj) == 0) |
| 113 | return(lastpos); | 99 | return(lastpos); |
| 114 | } | 100 | } |
| 115 | return(-1); | 101 | return(-1); |
| 116 | } | 102 | } |
| 117 | 103 | ||
| 118 | int X509v3_get_ext_by_critical(sk,crit,lastpos) | 104 | int X509v3_get_ext_by_critical(const STACK_OF(X509_EXTENSION) *sk, int crit, |
| 119 | STACK *sk; | 105 | int lastpos) |
| 120 | int crit; | ||
| 121 | int lastpos; | ||
| 122 | { | 106 | { |
| 123 | int n; | 107 | int n; |
| 124 | X509_EXTENSION *ex; | 108 | X509_EXTENSION *ex; |
| @@ -127,63 +111,57 @@ int lastpos; | |||
| 127 | lastpos++; | 111 | lastpos++; |
| 128 | if (lastpos < 0) | 112 | if (lastpos < 0) |
| 129 | lastpos=0; | 113 | lastpos=0; |
| 130 | n=sk_num(sk); | 114 | n=sk_X509_EXTENSION_num(sk); |
| 131 | for ( ; lastpos < n; lastpos++) | 115 | for ( ; lastpos < n; lastpos++) |
| 132 | { | 116 | { |
| 133 | ex=(X509_EXTENSION *)sk_value(sk,lastpos); | 117 | ex=sk_X509_EXTENSION_value(sk,lastpos); |
| 134 | if ( (ex->critical && crit) || | 118 | if ( ((ex->critical > 0) && crit) || |
| 135 | (!ex->critical && !crit)) | 119 | (!(ex->critical <= 0) && !crit)) |
| 136 | return(lastpos); | 120 | return(lastpos); |
| 137 | } | 121 | } |
| 138 | return(-1); | 122 | return(-1); |
| 139 | } | 123 | } |
| 140 | 124 | ||
| 141 | X509_EXTENSION *X509v3_get_ext(x,loc) | 125 | X509_EXTENSION *X509v3_get_ext(const STACK_OF(X509_EXTENSION) *x, int loc) |
| 142 | STACK *x; | ||
| 143 | int loc; | ||
| 144 | { | 126 | { |
| 145 | if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) | 127 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) |
| 146 | return(NULL); | 128 | return NULL; |
| 147 | else | 129 | else |
| 148 | return((X509_EXTENSION *)sk_value(x,loc)); | 130 | return sk_X509_EXTENSION_value(x,loc); |
| 149 | } | 131 | } |
| 150 | 132 | ||
| 151 | X509_EXTENSION *X509v3_delete_ext(x,loc) | 133 | X509_EXTENSION *X509v3_delete_ext(STACK_OF(X509_EXTENSION) *x, int loc) |
| 152 | STACK *x; | ||
| 153 | int loc; | ||
| 154 | { | 134 | { |
| 155 | X509_EXTENSION *ret; | 135 | X509_EXTENSION *ret; |
| 156 | 136 | ||
| 157 | if ((x == NULL) || (sk_num(x) <= loc) || (loc < 0)) | 137 | if (x == NULL || sk_X509_EXTENSION_num(x) <= loc || loc < 0) |
| 158 | return(NULL); | 138 | return(NULL); |
| 159 | ret=(X509_EXTENSION *)sk_delete(x,loc); | 139 | ret=sk_X509_EXTENSION_delete(x,loc); |
| 160 | return(ret); | 140 | return(ret); |
| 161 | } | 141 | } |
| 162 | 142 | ||
| 163 | STACK *X509v3_add_ext(x,ex,loc) | 143 | STACK_OF(X509_EXTENSION) *X509v3_add_ext(STACK_OF(X509_EXTENSION) **x, |
| 164 | STACK **x; | 144 | X509_EXTENSION *ex, int loc) |
| 165 | X509_EXTENSION *ex; | ||
| 166 | int loc; | ||
| 167 | { | 145 | { |
| 168 | X509_EXTENSION *new_ex=NULL; | 146 | X509_EXTENSION *new_ex=NULL; |
| 169 | int n; | 147 | int n; |
| 170 | STACK *sk=NULL; | 148 | STACK_OF(X509_EXTENSION) *sk=NULL; |
| 171 | 149 | ||
| 172 | if ((x != NULL) && (*x == NULL)) | 150 | if ((x != NULL) && (*x == NULL)) |
| 173 | { | 151 | { |
| 174 | if ((sk=sk_new_null()) == NULL) | 152 | if ((sk=sk_X509_EXTENSION_new_null()) == NULL) |
| 175 | goto err; | 153 | goto err; |
| 176 | } | 154 | } |
| 177 | else | 155 | else |
| 178 | sk= *x; | 156 | sk= *x; |
| 179 | 157 | ||
| 180 | n=sk_num(sk); | 158 | n=sk_X509_EXTENSION_num(sk); |
| 181 | if (loc > n) loc=n; | 159 | if (loc > n) loc=n; |
| 182 | else if (loc < 0) loc=n; | 160 | else if (loc < 0) loc=n; |
| 183 | 161 | ||
| 184 | if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) | 162 | if ((new_ex=X509_EXTENSION_dup(ex)) == NULL) |
| 185 | goto err2; | 163 | goto err2; |
| 186 | if (!sk_insert(sk,(char *)new_ex,loc)) | 164 | if (!sk_X509_EXTENSION_insert(sk,new_ex,loc)) |
| 187 | goto err; | 165 | goto err; |
| 188 | if ((x != NULL) && (*x == NULL)) | 166 | if ((x != NULL) && (*x == NULL)) |
| 189 | *x=sk; | 167 | *x=sk; |
| @@ -192,15 +170,12 @@ err: | |||
| 192 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); | 170 | X509err(X509_F_X509V3_ADD_EXT,ERR_R_MALLOC_FAILURE); |
| 193 | err2: | 171 | err2: |
| 194 | if (new_ex != NULL) X509_EXTENSION_free(new_ex); | 172 | if (new_ex != NULL) X509_EXTENSION_free(new_ex); |
| 195 | if (sk != NULL) sk_free(sk); | 173 | if (sk != NULL) sk_X509_EXTENSION_free(sk); |
| 196 | return(NULL); | 174 | return(NULL); |
| 197 | } | 175 | } |
| 198 | 176 | ||
| 199 | X509_EXTENSION *X509_EXTENSION_create_by_NID(ex,nid,crit,data) | 177 | X509_EXTENSION *X509_EXTENSION_create_by_NID(X509_EXTENSION **ex, int nid, |
| 200 | X509_EXTENSION **ex; | 178 | int crit, ASN1_OCTET_STRING *data) |
| 201 | int nid; | ||
| 202 | int crit; | ||
| 203 | ASN1_OCTET_STRING *data; | ||
| 204 | { | 179 | { |
| 205 | ASN1_OBJECT *obj; | 180 | ASN1_OBJECT *obj; |
| 206 | X509_EXTENSION *ret; | 181 | X509_EXTENSION *ret; |
| @@ -216,11 +191,8 @@ ASN1_OCTET_STRING *data; | |||
| 216 | return(ret); | 191 | return(ret); |
| 217 | } | 192 | } |
| 218 | 193 | ||
| 219 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(ex,obj,crit,data) | 194 | X509_EXTENSION *X509_EXTENSION_create_by_OBJ(X509_EXTENSION **ex, |
| 220 | X509_EXTENSION **ex; | 195 | ASN1_OBJECT *obj, int crit, ASN1_OCTET_STRING *data) |
| 221 | ASN1_OBJECT *obj; | ||
| 222 | int crit; | ||
| 223 | ASN1_OCTET_STRING *data; | ||
| 224 | { | 196 | { |
| 225 | X509_EXTENSION *ret; | 197 | X509_EXTENSION *ret; |
| 226 | 198 | ||
| @@ -250,9 +222,7 @@ err: | |||
| 250 | return(NULL); | 222 | return(NULL); |
| 251 | } | 223 | } |
| 252 | 224 | ||
| 253 | int X509_EXTENSION_set_object(ex,obj) | 225 | int X509_EXTENSION_set_object(X509_EXTENSION *ex, ASN1_OBJECT *obj) |
| 254 | X509_EXTENSION *ex; | ||
| 255 | ASN1_OBJECT *obj; | ||
| 256 | { | 226 | { |
| 257 | if ((ex == NULL) || (obj == NULL)) | 227 | if ((ex == NULL) || (obj == NULL)) |
| 258 | return(0); | 228 | return(0); |
| @@ -261,149 +231,38 @@ ASN1_OBJECT *obj; | |||
| 261 | return(1); | 231 | return(1); |
| 262 | } | 232 | } |
| 263 | 233 | ||
| 264 | int X509_EXTENSION_set_critical(ex,crit) | 234 | int X509_EXTENSION_set_critical(X509_EXTENSION *ex, int crit) |
| 265 | X509_EXTENSION *ex; | ||
| 266 | int crit; | ||
| 267 | { | 235 | { |
| 268 | if (ex == NULL) return(0); | 236 | if (ex == NULL) return(0); |
| 269 | ex->critical=(crit)?0xFF:0; | 237 | ex->critical=(crit)?0xFF:-1; |
| 270 | return(1); | 238 | return(1); |
| 271 | } | 239 | } |
| 272 | 240 | ||
| 273 | int X509_EXTENSION_set_data(ex,data) | 241 | int X509_EXTENSION_set_data(X509_EXTENSION *ex, ASN1_OCTET_STRING *data) |
| 274 | X509_EXTENSION *ex; | ||
| 275 | ASN1_OCTET_STRING *data; | ||
| 276 | { | 242 | { |
| 277 | int i; | 243 | int i; |
| 278 | 244 | ||
| 279 | if (ex == NULL) return(0); | 245 | if (ex == NULL) return(0); |
| 280 | i=ASN1_OCTET_STRING_set(ex->value,data->data,data->length); | 246 | i=M_ASN1_OCTET_STRING_set(ex->value,data->data,data->length); |
| 281 | if (!i) return(0); | 247 | if (!i) return(0); |
| 282 | return(1); | 248 | return(1); |
| 283 | } | 249 | } |
| 284 | 250 | ||
| 285 | ASN1_OBJECT *X509_EXTENSION_get_object(ex) | 251 | ASN1_OBJECT *X509_EXTENSION_get_object(X509_EXTENSION *ex) |
| 286 | X509_EXTENSION *ex; | ||
| 287 | { | 252 | { |
| 288 | if (ex == NULL) return(NULL); | 253 | if (ex == NULL) return(NULL); |
| 289 | return(ex->object); | 254 | return(ex->object); |
| 290 | } | 255 | } |
| 291 | 256 | ||
| 292 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(ex) | 257 | ASN1_OCTET_STRING *X509_EXTENSION_get_data(X509_EXTENSION *ex) |
| 293 | X509_EXTENSION *ex; | ||
| 294 | { | 258 | { |
| 295 | if (ex == NULL) return(NULL); | 259 | if (ex == NULL) return(NULL); |
| 296 | return(ex->value); | 260 | return(ex->value); |
| 297 | } | 261 | } |
| 298 | 262 | ||
| 299 | int X509_EXTENSION_get_critical(ex) | 263 | int X509_EXTENSION_get_critical(X509_EXTENSION *ex) |
| 300 | X509_EXTENSION *ex; | ||
| 301 | { | 264 | { |
| 302 | if (ex == NULL) return(0); | 265 | if (ex == NULL) return(0); |
| 303 | return(ex->critical); | 266 | if(ex->critical > 0) return 1; |
| 304 | } | 267 | return 0; |
| 305 | |||
| 306 | int X509v3_data_type_by_OBJ(obj) | ||
| 307 | ASN1_OBJECT *obj; | ||
| 308 | { | ||
| 309 | int nid; | ||
| 310 | |||
| 311 | nid=OBJ_obj2nid(obj); | ||
| 312 | if (nid == V_ASN1_UNDEF) return(V_ASN1_UNDEF); | ||
| 313 | return(X509v3_data_type_by_NID(nid)); | ||
| 314 | } | ||
| 315 | |||
| 316 | int X509v3_data_type_by_NID(nid) | ||
| 317 | int nid; | ||
| 318 | { | ||
| 319 | X509_EXTENSION_METHOD *x; | ||
| 320 | |||
| 321 | x=find_by_nid(nid); | ||
| 322 | if (x == NULL) | ||
| 323 | return(V_ASN1_UNDEF); | ||
| 324 | else | ||
| 325 | return(x->data_type); | ||
| 326 | } | ||
| 327 | |||
| 328 | int X509v3_pack_type_by_OBJ(obj) | ||
| 329 | ASN1_OBJECT *obj; | ||
| 330 | { | ||
| 331 | int nid; | ||
| 332 | |||
| 333 | nid=OBJ_obj2nid(obj); | ||
| 334 | if (nid == NID_undef) return(X509_EXT_PACK_UNKNOWN); | ||
| 335 | return(X509v3_pack_type_by_NID(nid)); | ||
| 336 | } | ||
| 337 | |||
| 338 | int X509v3_pack_type_by_NID(nid) | ||
| 339 | int nid; | ||
| 340 | { | ||
| 341 | X509_EXTENSION_METHOD *x; | ||
| 342 | |||
| 343 | x=find_by_nid(nid); | ||
| 344 | if (x == NULL) | ||
| 345 | return(X509_EXT_PACK_UNKNOWN); | ||
| 346 | else | ||
| 347 | return(x->pack_type); | ||
| 348 | } | ||
| 349 | |||
| 350 | static X509_EXTENSION_METHOD *find_by_nid(nid) | ||
| 351 | int nid; | ||
| 352 | { | ||
| 353 | X509_EXTENSION_METHOD x; | ||
| 354 | int i; | ||
| 355 | |||
| 356 | x.nid=nid; | ||
| 357 | if (extensions == NULL) return(NULL); | ||
| 358 | i=sk_find(extensions,(char *)&x); | ||
| 359 | if (i < 0) | ||
| 360 | return(NULL); | ||
| 361 | else | ||
| 362 | return((X509_EXTENSION_METHOD *)sk_value(extensions,i)); | ||
| 363 | } | ||
| 364 | |||
| 365 | static int xem_cmp(a,b) | ||
| 366 | X509_EXTENSION_METHOD **a,**b; | ||
| 367 | { | ||
| 368 | return((*a)->nid-(*b)->nid); | ||
| 369 | } | ||
| 370 | |||
| 371 | void X509v3_cleanup_extensions() | ||
| 372 | { | ||
| 373 | int i; | ||
| 374 | |||
| 375 | if (extensions != NULL) | ||
| 376 | { | ||
| 377 | for (i=0; i<sk_num(extensions); i++) | ||
| 378 | Free(sk_value(extensions,i)); | ||
| 379 | sk_free(extensions); | ||
| 380 | extensions=NULL; | ||
| 381 | } | ||
| 382 | } | 268 | } |
| 383 | |||
| 384 | int X509v3_add_extension(x) | ||
| 385 | X509_EXTENSION_METHOD *x; | ||
| 386 | { | ||
| 387 | X509_EXTENSION_METHOD *newx; | ||
| 388 | |||
| 389 | if (extensions == NULL) | ||
| 390 | { | ||
| 391 | extensions=sk_new(xem_cmp); | ||
| 392 | if (extensions == NULL) goto err; | ||
| 393 | } | ||
| 394 | newx=(X509_EXTENSION_METHOD *)Malloc(sizeof(X509_EXTENSION_METHOD)); | ||
| 395 | if (newx == NULL) goto err; | ||
| 396 | newx->nid=x->nid; | ||
| 397 | newx->data_type=x->data_type; | ||
| 398 | newx->pack_type=x->pack_type; | ||
| 399 | if (!sk_push(extensions,(char *)newx)) | ||
| 400 | { | ||
| 401 | Free(newx); | ||
| 402 | goto err; | ||
| 403 | } | ||
| 404 | return(1); | ||
| 405 | err: | ||
| 406 | X509err(X509_F_X509V3_ADD_EXTENSION,ERR_R_MALLOC_FAILURE); | ||
| 407 | return(0); | ||
| 408 | } | ||
| 409 | |||
diff --git a/src/lib/libcrypto/x509/x509_vfy.c b/src/lib/libcrypto/x509/x509_vfy.c index c1be91edba..db12f7bd35 100644 --- a/src/lib/libcrypto/x509/x509_vfy.c +++ b/src/lib/libcrypto/x509/x509_vfy.c | |||
| @@ -59,76 +59,63 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <time.h> | 60 | #include <time.h> |
| 61 | #include <errno.h> | 61 | #include <errno.h> |
| 62 | #include <sys/types.h> | ||
| 63 | #include <sys/stat.h> | ||
| 64 | 62 | ||
| 65 | #include "crypto.h" | ||
| 66 | #include "cryptlib.h" | 63 | #include "cryptlib.h" |
| 67 | #include "lhash.h" | 64 | #include <openssl/crypto.h> |
| 68 | #include "buffer.h" | 65 | #include <openssl/lhash.h> |
| 69 | #include "evp.h" | 66 | #include <openssl/buffer.h> |
| 70 | #include "asn1.h" | 67 | #include <openssl/evp.h> |
| 71 | #include "x509.h" | 68 | #include <openssl/asn1.h> |
| 72 | #include "objects.h" | 69 | #include <openssl/x509.h> |
| 73 | #include "pem.h" | 70 | #include <openssl/x509v3.h> |
| 74 | 71 | #include <openssl/objects.h> | |
| 75 | #ifndef NOPROTO | 72 | |
| 76 | static int null_callback(int ok,X509_STORE_CTX *e); | 73 | static int null_callback(int ok,X509_STORE_CTX *e); |
| 74 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); | ||
| 75 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x); | ||
| 76 | static int check_chain_purpose(X509_STORE_CTX *ctx); | ||
| 77 | static int check_trust(X509_STORE_CTX *ctx); | ||
| 78 | static int check_revocation(X509_STORE_CTX *ctx); | ||
| 79 | static int check_cert(X509_STORE_CTX *ctx); | ||
| 77 | static int internal_verify(X509_STORE_CTX *ctx); | 80 | static int internal_verify(X509_STORE_CTX *ctx); |
| 78 | #else | 81 | const char *X509_version="X.509" OPENSSL_VERSION_PTEXT; |
| 79 | static int null_callback(); | ||
| 80 | static int internal_verify(); | ||
| 81 | #endif | ||
| 82 | 82 | ||
| 83 | char *X509_version="X509 part of SSLeay 0.9.0b 29-Jun-1998"; | ||
| 84 | static STACK *x509_store_ctx_method=NULL; | ||
| 85 | static int x509_store_ctx_num=0; | ||
| 86 | #if 0 | ||
| 87 | static int x509_store_num=1; | ||
| 88 | static STACK *x509_store_method=NULL; | ||
| 89 | #endif | ||
| 90 | 83 | ||
| 91 | static int null_callback(ok,e) | 84 | static int null_callback(int ok, X509_STORE_CTX *e) |
| 92 | int ok; | ||
| 93 | X509_STORE_CTX *e; | ||
| 94 | { | 85 | { |
| 95 | return(ok); | 86 | return ok; |
| 96 | } | 87 | } |
| 97 | 88 | ||
| 98 | #if 0 | 89 | #if 0 |
| 99 | static int x509_subject_cmp(a,b) | 90 | static int x509_subject_cmp(X509 **a, X509 **b) |
| 100 | X509 **a,**b; | ||
| 101 | { | 91 | { |
| 102 | return(X509_subject_name_cmp(*a,*b)); | 92 | return X509_subject_name_cmp(*a,*b); |
| 103 | } | 93 | } |
| 104 | #endif | 94 | #endif |
| 105 | 95 | ||
| 106 | int X509_verify_cert(ctx) | 96 | int X509_verify_cert(X509_STORE_CTX *ctx) |
| 107 | X509_STORE_CTX *ctx; | ||
| 108 | { | 97 | { |
| 109 | X509 *x,*xtmp,*chain_ss=NULL; | 98 | X509 *x,*xtmp,*chain_ss=NULL; |
| 110 | X509_NAME *xn; | 99 | X509_NAME *xn; |
| 111 | X509_OBJECT obj; | ||
| 112 | int depth,i,ok=0; | 100 | int depth,i,ok=0; |
| 113 | int num; | 101 | int num; |
| 114 | int (*cb)(); | 102 | int (*cb)(); |
| 115 | STACK *sktmp=NULL; | 103 | STACK_OF(X509) *sktmp=NULL; |
| 116 | 104 | ||
| 117 | if (ctx->cert == NULL) | 105 | if (ctx->cert == NULL) |
| 118 | { | 106 | { |
| 119 | X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); | 107 | X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY); |
| 120 | return(-1); | 108 | return -1; |
| 121 | } | 109 | } |
| 122 | 110 | ||
| 123 | cb=ctx->ctx->verify_cb; | 111 | cb=ctx->verify_cb; |
| 124 | if (cb == NULL) cb=null_callback; | ||
| 125 | 112 | ||
| 126 | /* first we make sure the chain we are going to build is | 113 | /* first we make sure the chain we are going to build is |
| 127 | * present and that the first entry is in place */ | 114 | * present and that the first entry is in place */ |
| 128 | if (ctx->chain == NULL) | 115 | if (ctx->chain == NULL) |
| 129 | { | 116 | { |
| 130 | if ( ((ctx->chain=sk_new_null()) == NULL) || | 117 | if ( ((ctx->chain=sk_X509_new_null()) == NULL) || |
| 131 | (!sk_push(ctx->chain,(char *)ctx->cert))) | 118 | (!sk_X509_push(ctx->chain,ctx->cert))) |
| 132 | { | 119 | { |
| 133 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | 120 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); |
| 134 | goto end; | 121 | goto end; |
| @@ -137,41 +124,45 @@ X509_STORE_CTX *ctx; | |||
| 137 | ctx->last_untrusted=1; | 124 | ctx->last_untrusted=1; |
| 138 | } | 125 | } |
| 139 | 126 | ||
| 140 | /* We use a temporary so we can chop and hack at it */ | 127 | /* We use a temporary STACK so we can chop and hack at it */ |
| 141 | if ((ctx->untrusted != NULL) && (sktmp=sk_dup(ctx->untrusted)) == NULL) | 128 | if (ctx->untrusted != NULL |
| 129 | && (sktmp=sk_X509_dup(ctx->untrusted)) == NULL) | ||
| 142 | { | 130 | { |
| 143 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | 131 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); |
| 144 | goto end; | 132 | goto end; |
| 145 | } | 133 | } |
| 146 | 134 | ||
| 147 | num=sk_num(ctx->chain); | 135 | num=sk_X509_num(ctx->chain); |
| 148 | x=(X509 *)sk_value(ctx->chain,num-1); | 136 | x=sk_X509_value(ctx->chain,num-1); |
| 149 | depth=ctx->depth; | 137 | depth=ctx->depth; |
| 150 | 138 | ||
| 151 | 139 | ||
| 152 | for (;;) | 140 | for (;;) |
| 153 | { | 141 | { |
| 154 | /* If we have enough, we break */ | 142 | /* If we have enough, we break */ |
| 155 | if (depth <= num) break; | 143 | if (depth < num) break; /* FIXME: If this happens, we should take |
| 144 | * note of it and, if appropriate, use the | ||
| 145 | * X509_V_ERR_CERT_CHAIN_TOO_LONG error | ||
| 146 | * code later. | ||
| 147 | */ | ||
| 156 | 148 | ||
| 157 | /* If we are self signed, we break */ | 149 | /* If we are self signed, we break */ |
| 158 | xn=X509_get_issuer_name(x); | 150 | xn=X509_get_issuer_name(x); |
| 159 | if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) | 151 | if (ctx->check_issued(ctx, x,x)) break; |
| 160 | break; | ||
| 161 | 152 | ||
| 162 | /* If we were passed a cert chain, use it first */ | 153 | /* If we were passed a cert chain, use it first */ |
| 163 | if (ctx->untrusted != NULL) | 154 | if (ctx->untrusted != NULL) |
| 164 | { | 155 | { |
| 165 | xtmp=X509_find_by_subject(sktmp,xn); | 156 | xtmp=find_issuer(ctx, sktmp,x); |
| 166 | if (xtmp != NULL) | 157 | if (xtmp != NULL) |
| 167 | { | 158 | { |
| 168 | if (!sk_push(ctx->chain,(char *)xtmp)) | 159 | if (!sk_X509_push(ctx->chain,xtmp)) |
| 169 | { | 160 | { |
| 170 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | 161 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); |
| 171 | goto end; | 162 | goto end; |
| 172 | } | 163 | } |
| 173 | CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); | 164 | CRYPTO_add(&xtmp->references,1,CRYPTO_LOCK_X509); |
| 174 | sk_delete_ptr(sktmp,(char *)xtmp); | 165 | sk_X509_delete_ptr(sktmp,xtmp); |
| 175 | ctx->last_untrusted++; | 166 | ctx->last_untrusted++; |
| 176 | x=xtmp; | 167 | x=xtmp; |
| 177 | num++; | 168 | num++; |
| @@ -187,27 +178,50 @@ X509_STORE_CTX *ctx; | |||
| 187 | * certificates. We now need to add at least one trusted one, | 178 | * certificates. We now need to add at least one trusted one, |
| 188 | * if possible, otherwise we complain. */ | 179 | * if possible, otherwise we complain. */ |
| 189 | 180 | ||
| 190 | i=sk_num(ctx->chain); | 181 | /* Examine last certificate in chain and see if it |
| 191 | x=(X509 *)sk_value(ctx->chain,i-1); | 182 | * is self signed. |
| 192 | if (X509_NAME_cmp(X509_get_subject_name(x),X509_get_issuer_name(x)) | 183 | */ |
| 193 | == 0) | 184 | |
| 185 | i=sk_X509_num(ctx->chain); | ||
| 186 | x=sk_X509_value(ctx->chain,i-1); | ||
| 187 | xn = X509_get_subject_name(x); | ||
| 188 | if (ctx->check_issued(ctx, x, x)) | ||
| 194 | { | 189 | { |
| 195 | /* we have a self signed certificate */ | 190 | /* we have a self signed certificate */ |
| 196 | if (sk_num(ctx->chain) == 1) | 191 | if (sk_X509_num(ctx->chain) == 1) |
| 197 | { | 192 | { |
| 198 | ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; | 193 | /* We have a single self signed certificate: see if |
| 199 | ctx->current_cert=x; | 194 | * we can find it in the store. We must have an exact |
| 200 | ctx->error_depth=i-1; | 195 | * match to avoid possible impersonation. |
| 201 | ok=cb(0,ctx); | 196 | */ |
| 202 | if (!ok) goto end; | 197 | ok = ctx->get_issuer(&xtmp, ctx, x); |
| 198 | if ((ok <= 0) || X509_cmp(x, xtmp)) | ||
| 199 | { | ||
| 200 | ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT; | ||
| 201 | ctx->current_cert=x; | ||
| 202 | ctx->error_depth=i-1; | ||
| 203 | if (ok == 1) X509_free(xtmp); | ||
| 204 | ok=cb(0,ctx); | ||
| 205 | if (!ok) goto end; | ||
| 206 | } | ||
| 207 | else | ||
| 208 | { | ||
| 209 | /* We have a match: replace certificate with store version | ||
| 210 | * so we get any trust settings. | ||
| 211 | */ | ||
| 212 | X509_free(x); | ||
| 213 | x = xtmp; | ||
| 214 | sk_X509_set(ctx->chain, i - 1, x); | ||
| 215 | ctx->last_untrusted=0; | ||
| 216 | } | ||
| 203 | } | 217 | } |
| 204 | else | 218 | else |
| 205 | { | 219 | { |
| 206 | /* worry more about this one elsewhere */ | 220 | /* extract and save self signed certificate for later use */ |
| 207 | chain_ss=(X509 *)sk_pop(ctx->chain); | 221 | chain_ss=sk_X509_pop(ctx->chain); |
| 208 | ctx->last_untrusted--; | 222 | ctx->last_untrusted--; |
| 209 | num--; | 223 | num--; |
| 210 | x=(X509 *)sk_value(ctx->chain,num-1); | 224 | x=sk_X509_value(ctx->chain,num-1); |
| 211 | } | 225 | } |
| 212 | } | 226 | } |
| 213 | 227 | ||
| @@ -215,45 +229,34 @@ X509_STORE_CTX *ctx; | |||
| 215 | for (;;) | 229 | for (;;) |
| 216 | { | 230 | { |
| 217 | /* If we have enough, we break */ | 231 | /* If we have enough, we break */ |
| 218 | if (depth <= num) break; | 232 | if (depth < num) break; |
| 219 | 233 | ||
| 220 | /* If we are self signed, we break */ | 234 | /* If we are self signed, we break */ |
| 221 | xn=X509_get_issuer_name(x); | 235 | xn=X509_get_issuer_name(x); |
| 222 | if (X509_NAME_cmp(X509_get_subject_name(x),xn) == 0) | 236 | if (ctx->check_issued(ctx,x,x)) break; |
| 223 | break; | ||
| 224 | 237 | ||
| 225 | ok=X509_STORE_get_by_subject(ctx,X509_LU_X509,xn,&obj); | 238 | ok = ctx->get_issuer(&xtmp, ctx, x); |
| 226 | if (ok != X509_LU_X509) | 239 | |
| 227 | { | 240 | if (ok < 0) return ok; |
| 228 | if (ok == X509_LU_RETRY) | 241 | if (ok == 0) break; |
| 229 | { | 242 | |
| 230 | X509_OBJECT_free_contents(&obj); | 243 | x = xtmp; |
| 231 | X509err(X509_F_X509_VERIFY_CERT,X509_R_SHOULD_RETRY); | 244 | if (!sk_X509_push(ctx->chain,x)) |
| 232 | return(ok); | ||
| 233 | } | ||
| 234 | else if (ok != X509_LU_FAIL) | ||
| 235 | { | ||
| 236 | X509_OBJECT_free_contents(&obj); | ||
| 237 | /* not good :-(, break anyway */ | ||
| 238 | return(ok); | ||
| 239 | } | ||
| 240 | break; | ||
| 241 | } | ||
| 242 | x=obj.data.x509; | ||
| 243 | if (!sk_push(ctx->chain,(char *)obj.data.x509)) | ||
| 244 | { | 245 | { |
| 245 | X509_OBJECT_free_contents(&obj); | 246 | X509_free(xtmp); |
| 246 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); | 247 | X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE); |
| 247 | return(0); | 248 | return 0; |
| 248 | } | 249 | } |
| 249 | num++; | 250 | num++; |
| 250 | } | 251 | } |
| 251 | 252 | ||
| 252 | /* we now have our chain, lets check it... */ | 253 | /* we now have our chain, lets check it... */ |
| 253 | xn=X509_get_issuer_name(x); | 254 | xn=X509_get_issuer_name(x); |
| 254 | if (X509_NAME_cmp(X509_get_subject_name(x),xn) != 0) | 255 | |
| 256 | /* Is last certificate looked up self signed? */ | ||
| 257 | if (!ctx->check_issued(ctx,x,x)) | ||
| 255 | { | 258 | { |
| 256 | if ((chain_ss == NULL) || (X509_NAME_cmp(X509_get_subject_name(chain_ss),xn) != 0)) | 259 | if ((chain_ss == NULL) || !ctx->check_issued(ctx, x, chain_ss)) |
| 257 | { | 260 | { |
| 258 | if (ctx->last_untrusted >= num) | 261 | if (ctx->last_untrusted >= num) |
| 259 | ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; | 262 | ctx->error=X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY; |
| @@ -264,7 +267,7 @@ X509_STORE_CTX *ctx; | |||
| 264 | else | 267 | else |
| 265 | { | 268 | { |
| 266 | 269 | ||
| 267 | sk_push(ctx->chain,(char *)chain_ss); | 270 | sk_X509_push(ctx->chain,chain_ss); |
| 268 | num++; | 271 | num++; |
| 269 | ctx->last_untrusted=num; | 272 | ctx->last_untrusted=num; |
| 270 | ctx->current_cert=chain_ss; | 273 | ctx->current_cert=chain_ss; |
| @@ -277,37 +280,369 @@ X509_STORE_CTX *ctx; | |||
| 277 | if (!ok) goto end; | 280 | if (!ok) goto end; |
| 278 | } | 281 | } |
| 279 | 282 | ||
| 283 | /* We have the chain complete: now we need to check its purpose */ | ||
| 284 | if (ctx->purpose > 0) ok = check_chain_purpose(ctx); | ||
| 285 | |||
| 286 | if (!ok) goto end; | ||
| 287 | |||
| 288 | /* The chain extensions are OK: check trust */ | ||
| 289 | |||
| 290 | if (ctx->trust > 0) ok = check_trust(ctx); | ||
| 291 | |||
| 292 | if (!ok) goto end; | ||
| 293 | |||
| 280 | /* We may as well copy down any DSA parameters that are required */ | 294 | /* We may as well copy down any DSA parameters that are required */ |
| 281 | X509_get_pubkey_parameters(NULL,ctx->chain); | 295 | X509_get_pubkey_parameters(NULL,ctx->chain); |
| 282 | 296 | ||
| 297 | /* Check revocation status: we do this after copying parameters | ||
| 298 | * because they may be needed for CRL signature verification. | ||
| 299 | */ | ||
| 300 | |||
| 301 | ok = ctx->check_revocation(ctx); | ||
| 302 | if(!ok) goto end; | ||
| 303 | |||
| 283 | /* At this point, we have a chain and just need to verify it */ | 304 | /* At this point, we have a chain and just need to verify it */ |
| 284 | if (ctx->ctx->verify != NULL) | 305 | if (ctx->verify != NULL) |
| 285 | ok=ctx->ctx->verify(ctx); | 306 | ok=ctx->verify(ctx); |
| 286 | else | 307 | else |
| 287 | ok=internal_verify(ctx); | 308 | ok=internal_verify(ctx); |
| 309 | if (0) | ||
| 310 | { | ||
| 288 | end: | 311 | end: |
| 289 | if (sktmp != NULL) sk_free(sktmp); | 312 | X509_get_pubkey_parameters(NULL,ctx->chain); |
| 313 | } | ||
| 314 | if (sktmp != NULL) sk_X509_free(sktmp); | ||
| 290 | if (chain_ss != NULL) X509_free(chain_ss); | 315 | if (chain_ss != NULL) X509_free(chain_ss); |
| 291 | return(ok); | 316 | return ok; |
| 317 | } | ||
| 318 | |||
| 319 | |||
| 320 | /* Given a STACK_OF(X509) find the issuer of cert (if any) | ||
| 321 | */ | ||
| 322 | |||
| 323 | static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x) | ||
| 324 | { | ||
| 325 | int i; | ||
| 326 | X509 *issuer; | ||
| 327 | for (i = 0; i < sk_X509_num(sk); i++) | ||
| 328 | { | ||
| 329 | issuer = sk_X509_value(sk, i); | ||
| 330 | if (ctx->check_issued(ctx, x, issuer)) | ||
| 331 | return issuer; | ||
| 332 | } | ||
| 333 | return NULL; | ||
| 334 | } | ||
| 335 | |||
| 336 | /* Given a possible certificate and issuer check them */ | ||
| 337 | |||
| 338 | static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer) | ||
| 339 | { | ||
| 340 | int ret; | ||
| 341 | ret = X509_check_issued(issuer, x); | ||
| 342 | if (ret == X509_V_OK) | ||
| 343 | return 1; | ||
| 344 | /* If we haven't asked for issuer errors don't set ctx */ | ||
| 345 | if (!(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)) | ||
| 346 | return 0; | ||
| 347 | |||
| 348 | ctx->error = ret; | ||
| 349 | ctx->current_cert = x; | ||
| 350 | ctx->current_issuer = issuer; | ||
| 351 | return ctx->verify_cb(0, ctx); | ||
| 352 | return 0; | ||
| 353 | } | ||
| 354 | |||
| 355 | /* Alternative lookup method: look from a STACK stored in other_ctx */ | ||
| 356 | |||
| 357 | static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x) | ||
| 358 | { | ||
| 359 | *issuer = find_issuer(ctx, ctx->other_ctx, x); | ||
| 360 | if (*issuer) | ||
| 361 | { | ||
| 362 | CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509); | ||
| 363 | return 1; | ||
| 364 | } | ||
| 365 | else | ||
| 366 | return 0; | ||
| 367 | } | ||
| 368 | |||
| 369 | |||
| 370 | /* Check a certificate chains extensions for consistency | ||
| 371 | * with the supplied purpose | ||
| 372 | */ | ||
| 373 | |||
| 374 | static int check_chain_purpose(X509_STORE_CTX *ctx) | ||
| 375 | { | ||
| 376 | #ifdef OPENSSL_NO_CHAIN_VERIFY | ||
| 377 | return 1; | ||
| 378 | #else | ||
| 379 | int i, ok=0; | ||
| 380 | X509 *x; | ||
| 381 | int (*cb)(); | ||
| 382 | cb=ctx->verify_cb; | ||
| 383 | /* Check all untrusted certificates */ | ||
| 384 | for (i = 0; i < ctx->last_untrusted; i++) | ||
| 385 | { | ||
| 386 | x = sk_X509_value(ctx->chain, i); | ||
| 387 | if (!(ctx->flags & X509_V_FLAG_IGNORE_CRITICAL) | ||
| 388 | && (x->ex_flags & EXFLAG_CRITICAL)) | ||
| 389 | { | ||
| 390 | ctx->error = X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION; | ||
| 391 | ctx->error_depth = i; | ||
| 392 | ctx->current_cert = x; | ||
| 393 | ok=cb(0,ctx); | ||
| 394 | if (!ok) goto end; | ||
| 395 | } | ||
| 396 | if (!X509_check_purpose(x, ctx->purpose, i)) | ||
| 397 | { | ||
| 398 | if (i) | ||
| 399 | ctx->error = X509_V_ERR_INVALID_CA; | ||
| 400 | else | ||
| 401 | ctx->error = X509_V_ERR_INVALID_PURPOSE; | ||
| 402 | ctx->error_depth = i; | ||
| 403 | ctx->current_cert = x; | ||
| 404 | ok=cb(0,ctx); | ||
| 405 | if (!ok) goto end; | ||
| 406 | } | ||
| 407 | /* Check pathlen */ | ||
| 408 | if ((i > 1) && (x->ex_pathlen != -1) | ||
| 409 | && (i > (x->ex_pathlen + 1))) | ||
| 410 | { | ||
| 411 | ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED; | ||
| 412 | ctx->error_depth = i; | ||
| 413 | ctx->current_cert = x; | ||
| 414 | ok=cb(0,ctx); | ||
| 415 | if (!ok) goto end; | ||
| 416 | } | ||
| 417 | } | ||
| 418 | ok = 1; | ||
| 419 | end: | ||
| 420 | return ok; | ||
| 421 | #endif | ||
| 422 | } | ||
| 423 | |||
| 424 | static int check_trust(X509_STORE_CTX *ctx) | ||
| 425 | { | ||
| 426 | #ifdef OPENSSL_NO_CHAIN_VERIFY | ||
| 427 | return 1; | ||
| 428 | #else | ||
| 429 | int i, ok; | ||
| 430 | X509 *x; | ||
| 431 | int (*cb)(); | ||
| 432 | cb=ctx->verify_cb; | ||
| 433 | /* For now just check the last certificate in the chain */ | ||
| 434 | i = sk_X509_num(ctx->chain) - 1; | ||
| 435 | x = sk_X509_value(ctx->chain, i); | ||
| 436 | ok = X509_check_trust(x, ctx->trust, 0); | ||
| 437 | if (ok == X509_TRUST_TRUSTED) | ||
| 438 | return 1; | ||
| 439 | ctx->error_depth = i; | ||
| 440 | ctx->current_cert = x; | ||
| 441 | if (ok == X509_TRUST_REJECTED) | ||
| 442 | ctx->error = X509_V_ERR_CERT_REJECTED; | ||
| 443 | else | ||
| 444 | ctx->error = X509_V_ERR_CERT_UNTRUSTED; | ||
| 445 | ok = cb(0, ctx); | ||
| 446 | return ok; | ||
| 447 | #endif | ||
| 448 | } | ||
| 449 | |||
| 450 | static int check_revocation(X509_STORE_CTX *ctx) | ||
| 451 | { | ||
| 452 | int i, last, ok; | ||
| 453 | if (!(ctx->flags & X509_V_FLAG_CRL_CHECK)) | ||
| 454 | return 1; | ||
| 455 | if (ctx->flags & X509_V_FLAG_CRL_CHECK_ALL) | ||
| 456 | last = 0; | ||
| 457 | else | ||
| 458 | last = sk_X509_num(ctx->chain) - 1; | ||
| 459 | for(i = 0; i <= last; i++) | ||
| 460 | { | ||
| 461 | ctx->error_depth = i; | ||
| 462 | ok = check_cert(ctx); | ||
| 463 | if (!ok) return ok; | ||
| 464 | } | ||
| 465 | return 1; | ||
| 466 | } | ||
| 467 | |||
| 468 | static int check_cert(X509_STORE_CTX *ctx) | ||
| 469 | { | ||
| 470 | X509_CRL *crl = NULL; | ||
| 471 | X509 *x; | ||
| 472 | int ok, cnum; | ||
| 473 | cnum = ctx->error_depth; | ||
| 474 | x = sk_X509_value(ctx->chain, cnum); | ||
| 475 | ctx->current_cert = x; | ||
| 476 | /* Try to retrieve relevant CRL */ | ||
| 477 | ok = ctx->get_crl(ctx, &crl, x); | ||
| 478 | /* If error looking up CRL, nothing we can do except | ||
| 479 | * notify callback | ||
| 480 | */ | ||
| 481 | if(!ok) | ||
| 482 | { | ||
| 483 | ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL; | ||
| 484 | ok = ctx->verify_cb(0, ctx); | ||
| 485 | goto err; | ||
| 486 | } | ||
| 487 | ctx->current_crl = crl; | ||
| 488 | ok = ctx->check_crl(ctx, crl); | ||
| 489 | if (!ok) goto err; | ||
| 490 | ok = ctx->cert_crl(ctx, crl, x); | ||
| 491 | err: | ||
| 492 | ctx->current_crl = NULL; | ||
| 493 | X509_CRL_free(crl); | ||
| 494 | return ok; | ||
| 495 | |||
| 496 | } | ||
| 497 | |||
| 498 | /* Retrieve CRL corresponding to certificate: currently just a | ||
| 499 | * subject lookup: maybe use AKID later... | ||
| 500 | * Also might look up any included CRLs too (e.g PKCS#7 signedData). | ||
| 501 | */ | ||
| 502 | static int get_crl(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x) | ||
| 503 | { | ||
| 504 | int ok; | ||
| 505 | X509_OBJECT xobj; | ||
| 506 | ok = X509_STORE_get_by_subject(ctx, X509_LU_CRL, X509_get_issuer_name(x), &xobj); | ||
| 507 | if (!ok) return 0; | ||
| 508 | *crl = xobj.data.crl; | ||
| 509 | return 1; | ||
| 510 | } | ||
| 511 | |||
| 512 | /* Check CRL validity */ | ||
| 513 | static int check_crl(X509_STORE_CTX *ctx, X509_CRL *crl) | ||
| 514 | { | ||
| 515 | X509 *issuer = NULL; | ||
| 516 | EVP_PKEY *ikey = NULL; | ||
| 517 | int ok = 0, chnum, cnum, i; | ||
| 518 | time_t *ptime; | ||
| 519 | cnum = ctx->error_depth; | ||
| 520 | chnum = sk_X509_num(ctx->chain) - 1; | ||
| 521 | /* Find CRL issuer: if not last certificate then issuer | ||
| 522 | * is next certificate in chain. | ||
| 523 | */ | ||
| 524 | if(cnum < chnum) | ||
| 525 | issuer = sk_X509_value(ctx->chain, cnum + 1); | ||
| 526 | else | ||
| 527 | { | ||
| 528 | issuer = sk_X509_value(ctx->chain, chnum); | ||
| 529 | /* If not self signed, can't check signature */ | ||
| 530 | if(!ctx->check_issued(ctx, issuer, issuer)) | ||
| 531 | { | ||
| 532 | ctx->error = X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER; | ||
| 533 | ok = ctx->verify_cb(0, ctx); | ||
| 534 | if(!ok) goto err; | ||
| 535 | } | ||
| 536 | } | ||
| 537 | |||
| 538 | if(issuer) | ||
| 539 | { | ||
| 540 | |||
| 541 | /* Attempt to get issuer certificate public key */ | ||
| 542 | ikey = X509_get_pubkey(issuer); | ||
| 543 | |||
| 544 | if(!ikey) | ||
| 545 | { | ||
| 546 | ctx->error=X509_V_ERR_UNABLE_TO_DECODE_ISSUER_PUBLIC_KEY; | ||
| 547 | ok = ctx->verify_cb(0, ctx); | ||
| 548 | if (!ok) goto err; | ||
| 549 | } | ||
| 550 | else | ||
| 551 | { | ||
| 552 | /* Verify CRL signature */ | ||
| 553 | if(X509_CRL_verify(crl, ikey) <= 0) | ||
| 554 | { | ||
| 555 | ctx->error=X509_V_ERR_CRL_SIGNATURE_FAILURE; | ||
| 556 | ok = ctx->verify_cb(0, ctx); | ||
| 557 | if (!ok) goto err; | ||
| 558 | } | ||
| 559 | } | ||
| 560 | } | ||
| 561 | |||
| 562 | /* OK, CRL signature valid check times */ | ||
| 563 | if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) | ||
| 564 | ptime = &ctx->check_time; | ||
| 565 | else | ||
| 566 | ptime = NULL; | ||
| 567 | |||
| 568 | i=X509_cmp_time(X509_CRL_get_lastUpdate(crl), ptime); | ||
| 569 | if (i == 0) | ||
| 570 | { | ||
| 571 | ctx->error=X509_V_ERR_ERROR_IN_CRL_LAST_UPDATE_FIELD; | ||
| 572 | ok = ctx->verify_cb(0, ctx); | ||
| 573 | if (!ok) goto err; | ||
| 574 | } | ||
| 575 | |||
| 576 | if (i > 0) | ||
| 577 | { | ||
| 578 | ctx->error=X509_V_ERR_CRL_NOT_YET_VALID; | ||
| 579 | ok = ctx->verify_cb(0, ctx); | ||
| 580 | if (!ok) goto err; | ||
| 581 | } | ||
| 582 | |||
| 583 | if(X509_CRL_get_nextUpdate(crl)) | ||
| 584 | { | ||
| 585 | i=X509_cmp_time(X509_CRL_get_nextUpdate(crl), ptime); | ||
| 586 | |||
| 587 | if (i == 0) | ||
| 588 | { | ||
| 589 | ctx->error=X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD; | ||
| 590 | ok = ctx->verify_cb(0, ctx); | ||
| 591 | if (!ok) goto err; | ||
| 592 | } | ||
| 593 | |||
| 594 | if (i < 0) | ||
| 595 | { | ||
| 596 | ctx->error=X509_V_ERR_CRL_HAS_EXPIRED; | ||
| 597 | ok = ctx->verify_cb(0, ctx); | ||
| 598 | if (!ok) goto err; | ||
| 599 | } | ||
| 600 | } | ||
| 601 | |||
| 602 | ok = 1; | ||
| 603 | |||
| 604 | err: | ||
| 605 | EVP_PKEY_free(ikey); | ||
| 606 | return ok; | ||
| 607 | } | ||
| 608 | |||
| 609 | /* Check certificate against CRL */ | ||
| 610 | static int cert_crl(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x) | ||
| 611 | { | ||
| 612 | int idx, ok; | ||
| 613 | X509_REVOKED rtmp; | ||
| 614 | /* Look for serial number of certificate in CRL */ | ||
| 615 | rtmp.serialNumber = X509_get_serialNumber(x); | ||
| 616 | idx = sk_X509_REVOKED_find(crl->crl->revoked, &rtmp); | ||
| 617 | /* Not found: OK */ | ||
| 618 | if(idx == -1) return 1; | ||
| 619 | /* Otherwise revoked: want something cleverer than | ||
| 620 | * this to handle entry extensions in V2 CRLs. | ||
| 621 | */ | ||
| 622 | ctx->error = X509_V_ERR_CERT_REVOKED; | ||
| 623 | ok = ctx->verify_cb(0, ctx); | ||
| 624 | return ok; | ||
| 292 | } | 625 | } |
| 293 | 626 | ||
| 294 | static int internal_verify(ctx) | 627 | static int internal_verify(X509_STORE_CTX *ctx) |
| 295 | X509_STORE_CTX *ctx; | ||
| 296 | { | 628 | { |
| 297 | int i,ok=0,n; | 629 | int i,ok=0,n; |
| 298 | X509 *xs,*xi; | 630 | X509 *xs,*xi; |
| 299 | EVP_PKEY *pkey=NULL; | 631 | EVP_PKEY *pkey=NULL; |
| 632 | time_t *ptime; | ||
| 300 | int (*cb)(); | 633 | int (*cb)(); |
| 301 | 634 | ||
| 302 | cb=ctx->ctx->verify_cb; | 635 | cb=ctx->verify_cb; |
| 303 | if (cb == NULL) cb=null_callback; | ||
| 304 | 636 | ||
| 305 | n=sk_num(ctx->chain); | 637 | n=sk_X509_num(ctx->chain); |
| 306 | ctx->error_depth=n-1; | 638 | ctx->error_depth=n-1; |
| 307 | n--; | 639 | n--; |
| 308 | xi=(X509 *)sk_value(ctx->chain,n); | 640 | xi=sk_X509_value(ctx->chain,n); |
| 309 | if (X509_NAME_cmp(X509_get_subject_name(xi), | 641 | if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME) |
| 310 | X509_get_issuer_name(xi)) == 0) | 642 | ptime = &ctx->check_time; |
| 643 | else | ||
| 644 | ptime = NULL; | ||
| 645 | if (ctx->check_issued(ctx, xi, xi)) | ||
| 311 | xs=xi; | 646 | xs=xi; |
| 312 | else | 647 | else |
| 313 | { | 648 | { |
| @@ -322,7 +657,7 @@ X509_STORE_CTX *ctx; | |||
| 322 | { | 657 | { |
| 323 | n--; | 658 | n--; |
| 324 | ctx->error_depth=n; | 659 | ctx->error_depth=n; |
| 325 | xs=(X509 *)sk_value(ctx->chain,n); | 660 | xs=sk_X509_value(ctx->chain,n); |
| 326 | } | 661 | } |
| 327 | } | 662 | } |
| 328 | 663 | ||
| @@ -340,15 +675,27 @@ X509_STORE_CTX *ctx; | |||
| 340 | if (!ok) goto end; | 675 | if (!ok) goto end; |
| 341 | } | 676 | } |
| 342 | if (X509_verify(xs,pkey) <= 0) | 677 | if (X509_verify(xs,pkey) <= 0) |
| 678 | /* XXX For the final trusted self-signed cert, | ||
| 679 | * this is a waste of time. That check should | ||
| 680 | * optional so that e.g. 'openssl x509' can be | ||
| 681 | * used to detect invalid self-signatures, but | ||
| 682 | * we don't verify again and again in SSL | ||
| 683 | * handshakes and the like once the cert has | ||
| 684 | * been declared trusted. */ | ||
| 343 | { | 685 | { |
| 344 | ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; | 686 | ctx->error=X509_V_ERR_CERT_SIGNATURE_FAILURE; |
| 345 | ctx->current_cert=xs; | 687 | ctx->current_cert=xs; |
| 346 | ok=(*cb)(0,ctx); | 688 | ok=(*cb)(0,ctx); |
| 347 | if (!ok) goto end; | 689 | if (!ok) |
| 690 | { | ||
| 691 | EVP_PKEY_free(pkey); | ||
| 692 | goto end; | ||
| 693 | } | ||
| 348 | } | 694 | } |
| 695 | EVP_PKEY_free(pkey); | ||
| 349 | pkey=NULL; | 696 | pkey=NULL; |
| 350 | 697 | ||
| 351 | i=X509_cmp_current_time(X509_get_notBefore(xs)); | 698 | i=X509_cmp_time(X509_get_notBefore(xs), ptime); |
| 352 | if (i == 0) | 699 | if (i == 0) |
| 353 | { | 700 | { |
| 354 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; | 701 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD; |
| @@ -366,7 +713,7 @@ X509_STORE_CTX *ctx; | |||
| 366 | xs->valid=1; | 713 | xs->valid=1; |
| 367 | } | 714 | } |
| 368 | 715 | ||
| 369 | i=X509_cmp_current_time(X509_get_notAfter(xs)); | 716 | i=X509_cmp_time(X509_get_notAfter(xs), ptime); |
| 370 | if (i == 0) | 717 | if (i == 0) |
| 371 | { | 718 | { |
| 372 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; | 719 | ctx->error=X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD; |
| @@ -383,8 +730,6 @@ X509_STORE_CTX *ctx; | |||
| 383 | if (!ok) goto end; | 730 | if (!ok) goto end; |
| 384 | } | 731 | } |
| 385 | 732 | ||
| 386 | /* CRL CHECK */ | ||
| 387 | |||
| 388 | /* The last error (if any) is still in the error value */ | 733 | /* The last error (if any) is still in the error value */ |
| 389 | ctx->current_cert=xs; | 734 | ctx->current_cert=xs; |
| 390 | ok=(*cb)(1,ctx); | 735 | ok=(*cb)(1,ctx); |
| @@ -394,19 +739,23 @@ X509_STORE_CTX *ctx; | |||
| 394 | if (n >= 0) | 739 | if (n >= 0) |
| 395 | { | 740 | { |
| 396 | xi=xs; | 741 | xi=xs; |
| 397 | xs=(X509 *)sk_value(ctx->chain,n); | 742 | xs=sk_X509_value(ctx->chain,n); |
| 398 | } | 743 | } |
| 399 | } | 744 | } |
| 400 | ok=1; | 745 | ok=1; |
| 401 | end: | 746 | end: |
| 402 | return(ok); | 747 | return ok; |
| 403 | } | 748 | } |
| 404 | 749 | ||
| 405 | int X509_cmp_current_time(ctm) | 750 | int X509_cmp_current_time(ASN1_TIME *ctm) |
| 406 | ASN1_UTCTIME *ctm; | 751 | { |
| 752 | return X509_cmp_time(ctm, NULL); | ||
| 753 | } | ||
| 754 | |||
| 755 | int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time) | ||
| 407 | { | 756 | { |
| 408 | char *str; | 757 | char *str; |
| 409 | ASN1_UTCTIME atm; | 758 | ASN1_TIME atm; |
| 410 | time_t offset; | 759 | time_t offset; |
| 411 | char buff1[24],buff2[24],*p; | 760 | char buff1[24],buff2[24],*p; |
| 412 | int i,j; | 761 | int i,j; |
| @@ -414,14 +763,35 @@ ASN1_UTCTIME *ctm; | |||
| 414 | p=buff1; | 763 | p=buff1; |
| 415 | i=ctm->length; | 764 | i=ctm->length; |
| 416 | str=(char *)ctm->data; | 765 | str=(char *)ctm->data; |
| 417 | if ((i < 11) || (i > 17)) return(0); | 766 | if (ctm->type == V_ASN1_UTCTIME) |
| 418 | memcpy(p,str,10); | 767 | { |
| 419 | p+=10; | 768 | if ((i < 11) || (i > 17)) return 0; |
| 420 | str+=10; | 769 | memcpy(p,str,10); |
| 770 | p+=10; | ||
| 771 | str+=10; | ||
| 772 | } | ||
| 773 | else | ||
| 774 | { | ||
| 775 | if (i < 13) return 0; | ||
| 776 | memcpy(p,str,12); | ||
| 777 | p+=12; | ||
| 778 | str+=12; | ||
| 779 | } | ||
| 421 | 780 | ||
| 422 | if ((*str == 'Z') || (*str == '-') || (*str == '+')) | 781 | if ((*str == 'Z') || (*str == '-') || (*str == '+')) |
| 423 | { *(p++)='0'; *(p++)='0'; } | 782 | { *(p++)='0'; *(p++)='0'; } |
| 424 | else { *(p++)= *(str++); *(p++)= *(str++); } | 783 | else |
| 784 | { | ||
| 785 | *(p++)= *(str++); | ||
| 786 | *(p++)= *(str++); | ||
| 787 | /* Skip any fractional seconds... */ | ||
| 788 | if (*str == '.') | ||
| 789 | { | ||
| 790 | str++; | ||
| 791 | while ((*str >= '0') && (*str <= '9')) str++; | ||
| 792 | } | ||
| 793 | |||
| 794 | } | ||
| 425 | *(p++)='Z'; | 795 | *(p++)='Z'; |
| 426 | *(p++)='\0'; | 796 | *(p++)='\0'; |
| 427 | 797 | ||
| @@ -430,275 +800,388 @@ ASN1_UTCTIME *ctm; | |||
| 430 | else | 800 | else |
| 431 | { | 801 | { |
| 432 | if ((*str != '+') && (str[5] != '-')) | 802 | if ((*str != '+') && (str[5] != '-')) |
| 433 | return(0); | 803 | return 0; |
| 434 | offset=((str[1]-'0')*10+(str[2]-'0'))*60; | 804 | offset=((str[1]-'0')*10+(str[2]-'0'))*60; |
| 435 | offset+=(str[3]-'0')*10+(str[4]-'0'); | 805 | offset+=(str[3]-'0')*10+(str[4]-'0'); |
| 436 | if (*str == '-') | 806 | if (*str == '-') |
| 437 | offset=-offset; | 807 | offset= -offset; |
| 438 | } | 808 | } |
| 439 | atm.type=V_ASN1_UTCTIME; | 809 | atm.type=ctm->type; |
| 440 | atm.length=sizeof(buff2); | 810 | atm.length=sizeof(buff2); |
| 441 | atm.data=(unsigned char *)buff2; | 811 | atm.data=(unsigned char *)buff2; |
| 442 | 812 | ||
| 443 | X509_gmtime_adj(&atm,-offset); | 813 | X509_time_adj(&atm,-offset*60, cmp_time); |
| 444 | 814 | ||
| 445 | i=(buff1[0]-'0')*10+(buff1[1]-'0'); | 815 | if (ctm->type == V_ASN1_UTCTIME) |
| 446 | if (i < 70) i+=100; | 816 | { |
| 447 | j=(buff2[0]-'0')*10+(buff2[1]-'0'); | 817 | i=(buff1[0]-'0')*10+(buff1[1]-'0'); |
| 448 | if (j < 70) j+=100; | 818 | if (i < 50) i+=100; /* cf. RFC 2459 */ |
| 819 | j=(buff2[0]-'0')*10+(buff2[1]-'0'); | ||
| 820 | if (j < 50) j+=100; | ||
| 449 | 821 | ||
| 450 | if (i < j) return (-1); | 822 | if (i < j) return -1; |
| 451 | if (i > j) return (1); | 823 | if (i > j) return 1; |
| 824 | } | ||
| 452 | i=strcmp(buff1,buff2); | 825 | i=strcmp(buff1,buff2); |
| 453 | if (i == 0) /* wait a second then return younger :-) */ | 826 | if (i == 0) /* wait a second then return younger :-) */ |
| 454 | return(-1); | 827 | return -1; |
| 455 | else | 828 | else |
| 456 | return(i); | 829 | return i; |
| 457 | } | 830 | } |
| 458 | 831 | ||
| 459 | ASN1_UTCTIME *X509_gmtime_adj(s, adj) | 832 | ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj) |
| 460 | ASN1_UTCTIME *s; | 833 | { |
| 461 | long adj; | 834 | return X509_time_adj(s, adj, NULL); |
| 835 | } | ||
| 836 | |||
| 837 | ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm) | ||
| 462 | { | 838 | { |
| 463 | time_t t; | 839 | time_t t; |
| 840 | int type = -1; | ||
| 841 | |||
| 842 | if (in_tm) t = *in_tm; | ||
| 843 | else time(&t); | ||
| 464 | 844 | ||
| 465 | time(&t); | ||
| 466 | t+=adj; | 845 | t+=adj; |
| 467 | return(ASN1_UTCTIME_set(s,t)); | 846 | if (s) type = s->type; |
| 847 | if (type == V_ASN1_UTCTIME) return ASN1_UTCTIME_set(s,t); | ||
| 848 | if (type == V_ASN1_GENERALIZEDTIME) return ASN1_GENERALIZEDTIME_set(s, t); | ||
| 849 | return ASN1_TIME_set(s, t); | ||
| 468 | } | 850 | } |
| 469 | 851 | ||
| 470 | int X509_get_pubkey_parameters(pkey,chain) | 852 | int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain) |
| 471 | EVP_PKEY *pkey; | ||
| 472 | STACK *chain; | ||
| 473 | { | 853 | { |
| 474 | EVP_PKEY *ktmp=NULL,*ktmp2; | 854 | EVP_PKEY *ktmp=NULL,*ktmp2; |
| 475 | int i,j; | 855 | int i,j; |
| 476 | 856 | ||
| 477 | if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1); | 857 | if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return 1; |
| 478 | 858 | ||
| 479 | for (i=0; i<sk_num(chain); i++) | 859 | for (i=0; i<sk_X509_num(chain); i++) |
| 480 | { | 860 | { |
| 481 | ktmp=X509_get_pubkey((X509 *)sk_value(chain,i)); | 861 | ktmp=X509_get_pubkey(sk_X509_value(chain,i)); |
| 482 | if (ktmp == NULL) | 862 | if (ktmp == NULL) |
| 483 | { | 863 | { |
| 484 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); | 864 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY); |
| 485 | return(0); | 865 | return 0; |
| 486 | } | 866 | } |
| 487 | if (!EVP_PKEY_missing_parameters(ktmp)) | 867 | if (!EVP_PKEY_missing_parameters(ktmp)) |
| 488 | break; | 868 | break; |
| 489 | else | 869 | else |
| 490 | { | 870 | { |
| 871 | EVP_PKEY_free(ktmp); | ||
| 491 | ktmp=NULL; | 872 | ktmp=NULL; |
| 492 | } | 873 | } |
| 493 | } | 874 | } |
| 494 | if (ktmp == NULL) | 875 | if (ktmp == NULL) |
| 495 | { | 876 | { |
| 496 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); | 877 | X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN); |
| 497 | return(0); | 878 | return 0; |
| 498 | } | 879 | } |
| 499 | 880 | ||
| 500 | /* first, populate the other certs */ | 881 | /* first, populate the other certs */ |
| 501 | for (j=i-1; j >= 0; j--) | 882 | for (j=i-1; j >= 0; j--) |
| 502 | { | 883 | { |
| 503 | ktmp2=X509_get_pubkey((X509 *)sk_value(chain,j)); | 884 | ktmp2=X509_get_pubkey(sk_X509_value(chain,j)); |
| 504 | EVP_PKEY_copy_parameters(ktmp2,ktmp); | 885 | EVP_PKEY_copy_parameters(ktmp2,ktmp); |
| 886 | EVP_PKEY_free(ktmp2); | ||
| 505 | } | 887 | } |
| 506 | 888 | ||
| 507 | if (pkey != NULL) | 889 | if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp); |
| 508 | EVP_PKEY_copy_parameters(pkey,ktmp); | 890 | EVP_PKEY_free(ktmp); |
| 509 | return(1); | 891 | return 1; |
| 510 | } | 892 | } |
| 511 | 893 | ||
| 512 | EVP_PKEY *X509_get_pubkey(x) | 894 | int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 513 | X509 *x; | 895 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 514 | { | 896 | { |
| 515 | if ((x == NULL) || (x->cert_info == NULL)) | 897 | /* This function is (usually) called only once, by |
| 516 | return(NULL); | 898 | * SSL_get_ex_data_X509_STORE_CTX_idx (ssl/ssl_cert.c). */ |
| 517 | return(X509_PUBKEY_get(x->cert_info->key)); | 899 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_X509_STORE_CTX, argl, argp, |
| 900 | new_func, dup_func, free_func); | ||
| 518 | } | 901 | } |
| 519 | 902 | ||
| 520 | int X509_check_private_key(x,k) | 903 | int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data) |
| 521 | X509 *x; | ||
| 522 | EVP_PKEY *k; | ||
| 523 | { | 904 | { |
| 524 | EVP_PKEY *xk=NULL; | 905 | return CRYPTO_set_ex_data(&ctx->ex_data,idx,data); |
| 525 | int ok=0; | ||
| 526 | |||
| 527 | xk=X509_get_pubkey(x); | ||
| 528 | if (xk->type != k->type) goto err; | ||
| 529 | switch (k->type) | ||
| 530 | { | ||
| 531 | #ifndef NO_RSA | ||
| 532 | case EVP_PKEY_RSA: | ||
| 533 | if (BN_cmp(xk->pkey.rsa->n,k->pkey.rsa->n) != 0) goto err; | ||
| 534 | if (BN_cmp(xk->pkey.rsa->e,k->pkey.rsa->e) != 0) goto err; | ||
| 535 | break; | ||
| 536 | #endif | ||
| 537 | #ifndef NO_DSA | ||
| 538 | case EVP_PKEY_DSA: | ||
| 539 | if (BN_cmp(xk->pkey.dsa->pub_key,k->pkey.dsa->pub_key) != 0) | ||
| 540 | goto err; | ||
| 541 | break; | ||
| 542 | #endif | ||
| 543 | #ifndef NO_DH | ||
| 544 | case EVP_PKEY_DH: | ||
| 545 | /* No idea */ | ||
| 546 | goto err; | ||
| 547 | #endif | ||
| 548 | default: | ||
| 549 | goto err; | ||
| 550 | } | ||
| 551 | |||
| 552 | ok=1; | ||
| 553 | err: | ||
| 554 | return(ok); | ||
| 555 | } | 906 | } |
| 556 | 907 | ||
| 557 | int X509_STORE_add_cert(ctx,x) | 908 | void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx) |
| 558 | X509_STORE *ctx; | ||
| 559 | X509 *x; | ||
| 560 | { | 909 | { |
| 561 | X509_OBJECT *obj,*r; | 910 | return CRYPTO_get_ex_data(&ctx->ex_data,idx); |
| 562 | int ret=1; | 911 | } |
| 563 | |||
| 564 | if (x == NULL) return(0); | ||
| 565 | obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); | ||
| 566 | if (obj == NULL) | ||
| 567 | { | ||
| 568 | X509err(X509_F_X509_STORE_ADD_CERT,ERR_R_MALLOC_FAILURE); | ||
| 569 | return(0); | ||
| 570 | } | ||
| 571 | obj->type=X509_LU_X509; | ||
| 572 | obj->data.x509=x; | ||
| 573 | |||
| 574 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 575 | 912 | ||
| 576 | X509_OBJECT_up_ref_count(obj); | 913 | int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx) |
| 914 | { | ||
| 915 | return ctx->error; | ||
| 916 | } | ||
| 577 | 917 | ||
| 578 | r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); | 918 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err) |
| 579 | if (r != NULL) | 919 | { |
| 580 | { /* oops, put it back */ | 920 | ctx->error=err; |
| 581 | lh_delete(ctx->certs,(char *)obj); | 921 | } |
| 582 | X509_OBJECT_free_contents(obj); | ||
| 583 | Free(obj); | ||
| 584 | lh_insert(ctx->certs,(char *)r); | ||
| 585 | X509err(X509_F_X509_STORE_ADD_CERT,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 586 | ret=0; | ||
| 587 | } | ||
| 588 | 922 | ||
| 589 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | 923 | int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx) |
| 924 | { | ||
| 925 | return ctx->error_depth; | ||
| 926 | } | ||
| 590 | 927 | ||
| 591 | return(ret); | 928 | X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx) |
| 929 | { | ||
| 930 | return ctx->current_cert; | ||
| 592 | } | 931 | } |
| 593 | 932 | ||
| 594 | int X509_STORE_add_crl(ctx,x) | 933 | STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx) |
| 595 | X509_STORE *ctx; | ||
| 596 | X509_CRL *x; | ||
| 597 | { | 934 | { |
| 598 | X509_OBJECT *obj,*r; | 935 | return ctx->chain; |
| 599 | int ret=1; | 936 | } |
| 600 | 937 | ||
| 601 | if (x == NULL) return(0); | 938 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx) |
| 602 | obj=(X509_OBJECT *)Malloc(sizeof(X509_OBJECT)); | 939 | { |
| 603 | if (obj == NULL) | 940 | int i; |
| 941 | X509 *x; | ||
| 942 | STACK_OF(X509) *chain; | ||
| 943 | if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL; | ||
| 944 | for (i = 0; i < sk_X509_num(chain); i++) | ||
| 604 | { | 945 | { |
| 605 | X509err(X509_F_X509_STORE_ADD_CRL,ERR_R_MALLOC_FAILURE); | 946 | x = sk_X509_value(chain, i); |
| 606 | return(0); | 947 | CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509); |
| 607 | } | 948 | } |
| 608 | obj->type=X509_LU_CRL; | 949 | return chain; |
| 609 | obj->data.crl=x; | ||
| 610 | |||
| 611 | CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); | ||
| 612 | |||
| 613 | X509_OBJECT_up_ref_count(obj); | ||
| 614 | |||
| 615 | r=(X509_OBJECT *)lh_insert(ctx->certs,(char *)obj); | ||
| 616 | if (r != NULL) | ||
| 617 | { /* oops, put it back */ | ||
| 618 | lh_delete(ctx->certs,(char *)obj); | ||
| 619 | X509_OBJECT_free_contents(obj); | ||
| 620 | Free(obj); | ||
| 621 | lh_insert(ctx->certs,(char *)r); | ||
| 622 | X509err(X509_F_X509_STORE_ADD_CRL,X509_R_CERT_ALREADY_IN_HASH_TABLE); | ||
| 623 | ret=0; | ||
| 624 | } | ||
| 625 | |||
| 626 | CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); | ||
| 627 | |||
| 628 | return(ret); | ||
| 629 | } | 950 | } |
| 630 | 951 | ||
| 631 | int X509_STORE_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 952 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x) |
| 632 | long argl; | ||
| 633 | char *argp; | ||
| 634 | int (*new_func)(); | ||
| 635 | int (*dup_func)(); | ||
| 636 | void (*free_func)(); | ||
| 637 | { | ||
| 638 | x509_store_ctx_num++; | ||
| 639 | return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1, | ||
| 640 | &x509_store_ctx_method, | ||
| 641 | argl,argp,new_func,dup_func,free_func)); | ||
| 642 | } | ||
| 643 | |||
| 644 | int X509_STORE_CTX_set_ex_data(ctx,idx,data) | ||
| 645 | X509_STORE_CTX *ctx; | ||
| 646 | int idx; | ||
| 647 | char *data; | ||
| 648 | { | 953 | { |
| 649 | return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data)); | 954 | ctx->cert=x; |
| 650 | } | 955 | } |
| 651 | 956 | ||
| 652 | char *X509_STORE_CTX_get_ex_data(ctx,idx) | 957 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) |
| 653 | X509_STORE_CTX *ctx; | ||
| 654 | int idx; | ||
| 655 | { | 958 | { |
| 656 | return(CRYPTO_get_ex_data(&ctx->ex_data,idx)); | 959 | ctx->untrusted=sk; |
| 657 | } | 960 | } |
| 658 | 961 | ||
| 659 | int X509_STORE_CTX_get_error(ctx) | 962 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose) |
| 660 | X509_STORE_CTX *ctx; | ||
| 661 | { | 963 | { |
| 662 | return(ctx->error); | 964 | return X509_STORE_CTX_purpose_inherit(ctx, 0, purpose, 0); |
| 663 | } | 965 | } |
| 664 | 966 | ||
| 665 | void X509_STORE_CTX_set_error(ctx,err) | 967 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust) |
| 666 | X509_STORE_CTX *ctx; | ||
| 667 | int err; | ||
| 668 | { | 968 | { |
| 669 | ctx->error=err; | 969 | return X509_STORE_CTX_purpose_inherit(ctx, 0, 0, trust); |
| 670 | } | 970 | } |
| 671 | 971 | ||
| 672 | int X509_STORE_CTX_get_error_depth(ctx) | 972 | /* This function is used to set the X509_STORE_CTX purpose and trust |
| 673 | X509_STORE_CTX *ctx; | 973 | * values. This is intended to be used when another structure has its |
| 974 | * own trust and purpose values which (if set) will be inherited by | ||
| 975 | * the ctx. If they aren't set then we will usually have a default | ||
| 976 | * purpose in mind which should then be used to set the trust value. | ||
| 977 | * An example of this is SSL use: an SSL structure will have its own | ||
| 978 | * purpose and trust settings which the application can set: if they | ||
| 979 | * aren't set then we use the default of SSL client/server. | ||
| 980 | */ | ||
| 981 | |||
| 982 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | ||
| 983 | int purpose, int trust) | ||
| 984 | { | ||
| 985 | int idx; | ||
| 986 | /* If purpose not set use default */ | ||
| 987 | if (!purpose) purpose = def_purpose; | ||
| 988 | /* If we have a purpose then check it is valid */ | ||
| 989 | if (purpose) | ||
| 990 | { | ||
| 991 | X509_PURPOSE *ptmp; | ||
| 992 | idx = X509_PURPOSE_get_by_id(purpose); | ||
| 993 | if (idx == -1) | ||
| 994 | { | ||
| 995 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 996 | X509_R_UNKNOWN_PURPOSE_ID); | ||
| 997 | return 0; | ||
| 998 | } | ||
| 999 | ptmp = X509_PURPOSE_get0(idx); | ||
| 1000 | if (ptmp->trust == X509_TRUST_DEFAULT) | ||
| 1001 | { | ||
| 1002 | idx = X509_PURPOSE_get_by_id(def_purpose); | ||
| 1003 | if (idx == -1) | ||
| 1004 | { | ||
| 1005 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 1006 | X509_R_UNKNOWN_PURPOSE_ID); | ||
| 1007 | return 0; | ||
| 1008 | } | ||
| 1009 | ptmp = X509_PURPOSE_get0(idx); | ||
| 1010 | } | ||
| 1011 | /* If trust not set then get from purpose default */ | ||
| 1012 | if (!trust) trust = ptmp->trust; | ||
| 1013 | } | ||
| 1014 | if (trust) | ||
| 1015 | { | ||
| 1016 | idx = X509_TRUST_get_by_id(trust); | ||
| 1017 | if (idx == -1) | ||
| 1018 | { | ||
| 1019 | X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT, | ||
| 1020 | X509_R_UNKNOWN_TRUST_ID); | ||
| 1021 | return 0; | ||
| 1022 | } | ||
| 1023 | } | ||
| 1024 | |||
| 1025 | if (purpose && !ctx->purpose) ctx->purpose = purpose; | ||
| 1026 | if (trust && !ctx->trust) ctx->trust = trust; | ||
| 1027 | return 1; | ||
| 1028 | } | ||
| 1029 | |||
| 1030 | X509_STORE_CTX *X509_STORE_CTX_new(void) | ||
| 1031 | { | ||
| 1032 | X509_STORE_CTX *ctx; | ||
| 1033 | ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX)); | ||
| 1034 | if (!ctx) | ||
| 1035 | { | ||
| 1036 | X509err(X509_F_X509_STORE_CTX_NEW,ERR_R_MALLOC_FAILURE); | ||
| 1037 | return NULL; | ||
| 1038 | } | ||
| 1039 | memset(ctx, 0, sizeof(X509_STORE_CTX)); | ||
| 1040 | return ctx; | ||
| 1041 | } | ||
| 1042 | |||
| 1043 | void X509_STORE_CTX_free(X509_STORE_CTX *ctx) | ||
| 1044 | { | ||
| 1045 | X509_STORE_CTX_cleanup(ctx); | ||
| 1046 | OPENSSL_free(ctx); | ||
| 1047 | } | ||
| 1048 | |||
| 1049 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509, | ||
| 1050 | STACK_OF(X509) *chain) | ||
| 674 | { | 1051 | { |
| 675 | return(ctx->error_depth); | 1052 | ctx->ctx=store; |
| 1053 | ctx->current_method=0; | ||
| 1054 | ctx->cert=x509; | ||
| 1055 | ctx->untrusted=chain; | ||
| 1056 | ctx->last_untrusted=0; | ||
| 1057 | ctx->check_time=0; | ||
| 1058 | ctx->other_ctx=NULL; | ||
| 1059 | ctx->valid=0; | ||
| 1060 | ctx->chain=NULL; | ||
| 1061 | ctx->depth=9; | ||
| 1062 | ctx->error=0; | ||
| 1063 | ctx->error_depth=0; | ||
| 1064 | ctx->current_cert=NULL; | ||
| 1065 | ctx->current_issuer=NULL; | ||
| 1066 | |||
| 1067 | /* Inherit callbacks and flags from X509_STORE if not set | ||
| 1068 | * use defaults. | ||
| 1069 | */ | ||
| 1070 | |||
| 1071 | |||
| 1072 | if (store) | ||
| 1073 | { | ||
| 1074 | ctx->purpose=store->purpose; | ||
| 1075 | ctx->trust=store->trust; | ||
| 1076 | ctx->flags = store->flags; | ||
| 1077 | ctx->cleanup = store->cleanup; | ||
| 1078 | } | ||
| 1079 | else | ||
| 1080 | { | ||
| 1081 | ctx->purpose = 0; | ||
| 1082 | ctx->trust = 0; | ||
| 1083 | ctx->flags = 0; | ||
| 1084 | ctx->cleanup = 0; | ||
| 1085 | } | ||
| 1086 | |||
| 1087 | if (store && store->check_issued) | ||
| 1088 | ctx->check_issued = store->check_issued; | ||
| 1089 | else | ||
| 1090 | ctx->check_issued = check_issued; | ||
| 1091 | |||
| 1092 | if (store && store->get_issuer) | ||
| 1093 | ctx->get_issuer = store->get_issuer; | ||
| 1094 | else | ||
| 1095 | ctx->get_issuer = X509_STORE_CTX_get1_issuer; | ||
| 1096 | |||
| 1097 | if (store && store->verify_cb) | ||
| 1098 | ctx->verify_cb = store->verify_cb; | ||
| 1099 | else | ||
| 1100 | ctx->verify_cb = null_callback; | ||
| 1101 | |||
| 1102 | if (store && store->verify) | ||
| 1103 | ctx->verify = store->verify; | ||
| 1104 | else | ||
| 1105 | ctx->verify = internal_verify; | ||
| 1106 | |||
| 1107 | if (store && store->check_revocation) | ||
| 1108 | ctx->check_revocation = store->check_revocation; | ||
| 1109 | else | ||
| 1110 | ctx->check_revocation = check_revocation; | ||
| 1111 | |||
| 1112 | if (store && store->get_crl) | ||
| 1113 | ctx->get_crl = store->get_crl; | ||
| 1114 | else | ||
| 1115 | ctx->get_crl = get_crl; | ||
| 1116 | |||
| 1117 | if (store && store->check_crl) | ||
| 1118 | ctx->check_crl = store->check_crl; | ||
| 1119 | else | ||
| 1120 | ctx->check_crl = check_crl; | ||
| 1121 | |||
| 1122 | if (store && store->cert_crl) | ||
| 1123 | ctx->cert_crl = store->cert_crl; | ||
| 1124 | else | ||
| 1125 | ctx->cert_crl = cert_crl; | ||
| 1126 | |||
| 1127 | |||
| 1128 | /* This memset() can't make any sense anyway, so it's removed. As | ||
| 1129 | * X509_STORE_CTX_cleanup does a proper "free" on the ex_data, we put a | ||
| 1130 | * corresponding "new" here and remove this bogus initialisation. */ | ||
| 1131 | /* memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA)); */ | ||
| 1132 | if(!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, | ||
| 1133 | &(ctx->ex_data))) | ||
| 1134 | { | ||
| 1135 | OPENSSL_free(ctx); | ||
| 1136 | X509err(X509_F_X509_STORE_CTX_INIT,ERR_R_MALLOC_FAILURE); | ||
| 1137 | return 0; | ||
| 1138 | } | ||
| 1139 | return 1; | ||
| 676 | } | 1140 | } |
| 677 | 1141 | ||
| 678 | X509 *X509_STORE_CTX_get_current_cert(ctx) | 1142 | /* Set alternative lookup method: just a STACK of trusted certificates. |
| 679 | X509_STORE_CTX *ctx; | 1143 | * This avoids X509_STORE nastiness where it isn't needed. |
| 1144 | */ | ||
| 1145 | |||
| 1146 | void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk) | ||
| 1147 | { | ||
| 1148 | ctx->other_ctx = sk; | ||
| 1149 | ctx->get_issuer = get_issuer_sk; | ||
| 1150 | } | ||
| 1151 | |||
| 1152 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx) | ||
| 680 | { | 1153 | { |
| 681 | return(ctx->current_cert); | 1154 | if (ctx->cleanup) ctx->cleanup(ctx); |
| 1155 | if (ctx->chain != NULL) | ||
| 1156 | { | ||
| 1157 | sk_X509_pop_free(ctx->chain,X509_free); | ||
| 1158 | ctx->chain=NULL; | ||
| 1159 | } | ||
| 1160 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_X509_STORE_CTX, ctx, &(ctx->ex_data)); | ||
| 1161 | memset(&ctx->ex_data,0,sizeof(CRYPTO_EX_DATA)); | ||
| 682 | } | 1162 | } |
| 683 | 1163 | ||
| 684 | STACK *X509_STORE_CTX_get_chain(ctx) | 1164 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags) |
| 685 | X509_STORE_CTX *ctx; | ||
| 686 | { | 1165 | { |
| 687 | return(ctx->chain); | 1166 | ctx->flags |= flags; |
| 688 | } | 1167 | } |
| 689 | 1168 | ||
| 690 | void X509_STORE_CTX_set_cert(ctx,x) | 1169 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t) |
| 691 | X509_STORE_CTX *ctx; | ||
| 692 | X509 *x; | ||
| 693 | { | 1170 | { |
| 694 | ctx->cert=x; | 1171 | ctx->check_time = t; |
| 1172 | ctx->flags |= X509_V_FLAG_USE_CHECK_TIME; | ||
| 695 | } | 1173 | } |
| 696 | 1174 | ||
| 697 | void X509_STORE_CTX_set_chain(ctx,sk) | 1175 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
| 698 | X509_STORE_CTX *ctx; | 1176 | int (*verify_cb)(int, X509_STORE_CTX *)) |
| 699 | STACK *sk; | ||
| 700 | { | 1177 | { |
| 701 | ctx->untrusted=sk; | 1178 | ctx->verify_cb=verify_cb; |
| 702 | } | 1179 | } |
| 703 | 1180 | ||
| 1181 | IMPLEMENT_STACK_OF(X509) | ||
| 1182 | IMPLEMENT_ASN1_SET_OF(X509) | ||
| 1183 | |||
| 1184 | IMPLEMENT_STACK_OF(X509_NAME) | ||
| 704 | 1185 | ||
| 1186 | IMPLEMENT_STACK_OF(X509_ATTRIBUTE) | ||
| 1187 | IMPLEMENT_ASN1_SET_OF(X509_ATTRIBUTE) | ||
diff --git a/src/lib/libcrypto/x509/x509_vfy.h b/src/lib/libcrypto/x509/x509_vfy.h index dfc060f899..f0be21f452 100644 --- a/src/lib/libcrypto/x509/x509_vfy.h +++ b/src/lib/libcrypto/x509/x509_vfy.h | |||
| @@ -56,16 +56,26 @@ | |||
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #ifndef HEADER_X509_H | ||
| 60 | #include <openssl/x509.h> | ||
| 61 | /* openssl/x509.h ends up #include-ing this file at about the only | ||
| 62 | * appropriate moment. */ | ||
| 63 | #endif | ||
| 64 | |||
| 59 | #ifndef HEADER_X509_VFY_H | 65 | #ifndef HEADER_X509_VFY_H |
| 60 | #define HEADER_X509_VFY_H | 66 | #define HEADER_X509_VFY_H |
| 61 | 67 | ||
| 68 | #ifndef OPENSSL_NO_LHASH | ||
| 69 | #include <openssl/lhash.h> | ||
| 70 | #endif | ||
| 71 | #include <openssl/bio.h> | ||
| 72 | #include <openssl/crypto.h> | ||
| 73 | #include <openssl/symhacks.h> | ||
| 74 | |||
| 62 | #ifdef __cplusplus | 75 | #ifdef __cplusplus |
| 63 | extern "C" { | 76 | extern "C" { |
| 64 | #endif | 77 | #endif |
| 65 | 78 | ||
| 66 | #include "bio.h" | ||
| 67 | #include "crypto.h" | ||
| 68 | |||
| 69 | /* Outer object */ | 79 | /* Outer object */ |
| 70 | typedef struct x509_hash_dir_st | 80 | typedef struct x509_hash_dir_st |
| 71 | { | 81 | { |
| @@ -119,43 +129,66 @@ typedef struct x509_object_st | |||
| 119 | } data; | 129 | } data; |
| 120 | } X509_OBJECT; | 130 | } X509_OBJECT; |
| 121 | 131 | ||
| 132 | typedef struct x509_lookup_st X509_LOOKUP; | ||
| 133 | |||
| 134 | DECLARE_STACK_OF(X509_LOOKUP) | ||
| 135 | DECLARE_STACK_OF(X509_OBJECT) | ||
| 136 | |||
| 122 | /* This is a static that defines the function interface */ | 137 | /* This is a static that defines the function interface */ |
| 123 | typedef struct x509_lookup_method_st | 138 | typedef struct x509_lookup_method_st |
| 124 | { | 139 | { |
| 125 | char *name; | 140 | const char *name; |
| 126 | int (*new_item)(); | 141 | int (*new_item)(X509_LOOKUP *ctx); |
| 127 | void (*free)(); | 142 | void (*free)(X509_LOOKUP *ctx); |
| 128 | int (*init)(/* meth, char ** */); | 143 | int (*init)(X509_LOOKUP *ctx); |
| 129 | int (*shutdown)( /* meth, char ** */); | 144 | int (*shutdown)(X509_LOOKUP *ctx); |
| 130 | int (*ctrl)( /* meth, char **, int cmd, char *argp, int argi */); | 145 | int (*ctrl)(X509_LOOKUP *ctx,int cmd,const char *argc,long argl, |
| 131 | int (*get_by_subject)(/* meth, char **, XNAME *, X509 **ret */); | 146 | char **ret); |
| 132 | int (*get_by_issuer_serial)(); | 147 | int (*get_by_subject)(X509_LOOKUP *ctx,int type,X509_NAME *name, |
| 133 | int (*get_by_fingerprint)(); | 148 | X509_OBJECT *ret); |
| 134 | int (*get_by_alias)(); | 149 | int (*get_by_issuer_serial)(X509_LOOKUP *ctx,int type,X509_NAME *name, |
| 150 | ASN1_INTEGER *serial,X509_OBJECT *ret); | ||
| 151 | int (*get_by_fingerprint)(X509_LOOKUP *ctx,int type, | ||
| 152 | unsigned char *bytes,int len, | ||
| 153 | X509_OBJECT *ret); | ||
| 154 | int (*get_by_alias)(X509_LOOKUP *ctx,int type,char *str,int len, | ||
| 155 | X509_OBJECT *ret); | ||
| 135 | } X509_LOOKUP_METHOD; | 156 | } X509_LOOKUP_METHOD; |
| 136 | 157 | ||
| 137 | /* This is used to hold everything. It is used for all certificate | 158 | /* This is used to hold everything. It is used for all certificate |
| 138 | * validation. Once we have a certificate chain, the 'verify' | 159 | * validation. Once we have a certificate chain, the 'verify' |
| 139 | * function is then called to actually check the cert chain. */ | 160 | * function is then called to actually check the cert chain. */ |
| 140 | typedef struct x509_store_st | 161 | struct x509_store_st |
| 141 | { | 162 | { |
| 142 | /* The following is a cache of trusted certs */ | 163 | /* The following is a cache of trusted certs */ |
| 143 | int cache; /* if true, stash any hits */ | 164 | int cache; /* if true, stash any hits */ |
| 144 | #ifdef HEADER_LHASH_H | 165 | STACK_OF(X509_OBJECT) *objs; /* Cache of all objects */ |
| 145 | LHASH *certs; /* cached certs; */ | ||
| 146 | #else | ||
| 147 | char *certs; | ||
| 148 | #endif | ||
| 149 | 166 | ||
| 150 | /* These are external lookup methods */ | 167 | /* These are external lookup methods */ |
| 151 | STACK *get_cert_methods;/* X509_LOOKUP */ | 168 | STACK_OF(X509_LOOKUP) *get_cert_methods; |
| 152 | int (*verify)(); /* called to verify a certificate */ | 169 | |
| 153 | int (*verify_cb)(); /* error callback */ | 170 | /* The following fields are not used by X509_STORE but are |
| 171 | * inherited by X509_STORE_CTX when it is initialised. | ||
| 172 | */ | ||
| 173 | |||
| 174 | unsigned long flags; /* Various verify flags */ | ||
| 175 | int purpose; | ||
| 176 | int trust; | ||
| 177 | /* Callbacks for various operations */ | ||
| 178 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | ||
| 179 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | ||
| 180 | int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ | ||
| 181 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ | ||
| 182 | int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ | ||
| 183 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | ||
| 184 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | ||
| 185 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | ||
| 186 | int (*cleanup)(X509_STORE_CTX *ctx); | ||
| 154 | 187 | ||
| 155 | CRYPTO_EX_DATA ex_data; | 188 | CRYPTO_EX_DATA ex_data; |
| 156 | int references; | 189 | int references; |
| 157 | int depth; /* how deep to look */ | 190 | int depth; /* how deep to look (still unused -- X509_STORE_CTX's depth is used) */ |
| 158 | } X509_STORE; | 191 | } /* X509_STORE */; |
| 159 | 192 | ||
| 160 | #define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) | 193 | #define X509_STORE_set_depth(ctx,d) ((ctx)->depth=(d)) |
| 161 | 194 | ||
| @@ -163,7 +196,7 @@ typedef struct x509_store_st | |||
| 163 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) | 196 | #define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func)) |
| 164 | 197 | ||
| 165 | /* This is the functions plus an instance of the local variables. */ | 198 | /* This is the functions plus an instance of the local variables. */ |
| 166 | typedef struct x509_lookup_st | 199 | struct x509_lookup_st |
| 167 | { | 200 | { |
| 168 | int init; /* have we been started */ | 201 | int init; /* have we been started */ |
| 169 | int skip; /* don't use us. */ | 202 | int skip; /* don't use us. */ |
| @@ -171,33 +204,53 @@ typedef struct x509_lookup_st | |||
| 171 | char *method_data; /* method data */ | 204 | char *method_data; /* method data */ |
| 172 | 205 | ||
| 173 | X509_STORE *store_ctx; /* who owns us */ | 206 | X509_STORE *store_ctx; /* who owns us */ |
| 174 | } X509_LOOKUP; | 207 | } /* X509_LOOKUP */; |
| 175 | 208 | ||
| 176 | /* This is a temporary used when processing cert chains. Since the | 209 | /* This is a used when verifying cert chains. Since the |
| 177 | * gathering of the cert chain can take some time (and have to be | 210 | * gathering of the cert chain can take some time (and have to be |
| 178 | * 'retried', this needs to be kept and passed around. */ | 211 | * 'retried', this needs to be kept and passed around. */ |
| 179 | typedef struct x509_store_state_st | 212 | struct x509_store_ctx_st /* X509_STORE_CTX */ |
| 180 | { | 213 | { |
| 181 | X509_STORE *ctx; | 214 | X509_STORE *ctx; |
| 182 | int current_method; /* used when looking up certs */ | 215 | int current_method; /* used when looking up certs */ |
| 183 | 216 | ||
| 184 | /* The following are set by the caller */ | 217 | /* The following are set by the caller */ |
| 185 | X509 *cert; /* The cert to check */ | 218 | X509 *cert; /* The cert to check */ |
| 186 | STACK *untrusted; /* chain of X509s - untrusted - passed in */ | 219 | STACK_OF(X509) *untrusted; /* chain of X509s - untrusted - passed in */ |
| 220 | int purpose; /* purpose to check untrusted certificates */ | ||
| 221 | int trust; /* trust setting to check */ | ||
| 222 | time_t check_time; /* time to make verify at */ | ||
| 223 | unsigned long flags; /* Various verify flags */ | ||
| 224 | void *other_ctx; /* Other info for use with get_issuer() */ | ||
| 225 | |||
| 226 | /* Callbacks for various operations */ | ||
| 227 | int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */ | ||
| 228 | int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */ | ||
| 229 | int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */ | ||
| 230 | int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */ | ||
| 231 | int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */ | ||
| 232 | int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */ | ||
| 233 | int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */ | ||
| 234 | int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */ | ||
| 235 | int (*cleanup)(X509_STORE_CTX *ctx); | ||
| 187 | 236 | ||
| 188 | /* The following is built up */ | 237 | /* The following is built up */ |
| 189 | int depth; /* how far to go looking up certs */ | 238 | int depth; /* how far to go looking up certs */ |
| 190 | int valid; /* if 0, rebuild chain */ | 239 | int valid; /* if 0, rebuild chain */ |
| 191 | int last_untrusted; /* index of last untrusted cert */ | 240 | int last_untrusted; /* index of last untrusted cert */ |
| 192 | STACK *chain; /* chain of X509s - built up and trusted */ | 241 | STACK_OF(X509) *chain; /* chain of X509s - built up and trusted */ |
| 193 | 242 | ||
| 194 | /* When something goes wrong, this is why */ | 243 | /* When something goes wrong, this is why */ |
| 195 | int error_depth; | 244 | int error_depth; |
| 196 | int error; | 245 | int error; |
| 197 | X509 *current_cert; | 246 | X509 *current_cert; |
| 247 | X509 *current_issuer; /* cert currently being tested as valid issuer */ | ||
| 248 | X509_CRL *current_crl; /* current CRL */ | ||
| 198 | 249 | ||
| 199 | CRYPTO_EX_DATA ex_data; | 250 | CRYPTO_EX_DATA ex_data; |
| 200 | } X509_STORE_CTX; | 251 | } /* X509_STORE_CTX */; |
| 252 | |||
| 253 | #define X509_STORE_CTX_set_depth(ctx,d) ((ctx)->depth=(d)) | ||
| 201 | 254 | ||
| 202 | #define X509_STORE_CTX_set_app_data(ctx,data) \ | 255 | #define X509_STORE_CTX_set_app_data(ctx,data) \ |
| 203 | X509_STORE_CTX_set_ex_data(ctx,0,data) | 256 | X509_STORE_CTX_set_ex_data(ctx,0,data) |
| @@ -207,15 +260,14 @@ typedef struct x509_store_state_st | |||
| 207 | #define X509_L_FILE_LOAD 1 | 260 | #define X509_L_FILE_LOAD 1 |
| 208 | #define X509_L_ADD_DIR 2 | 261 | #define X509_L_ADD_DIR 2 |
| 209 | 262 | ||
| 210 | X509_LOOKUP_METHOD *X509_LOOKUP_file(); | ||
| 211 | #define X509_LOOKUP_load_file(x,name,type) \ | 263 | #define X509_LOOKUP_load_file(x,name,type) \ |
| 212 | X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) | 264 | X509_LOOKUP_ctrl((x),X509_L_FILE_LOAD,(name),(long)(type),NULL) |
| 213 | 265 | ||
| 214 | X509_LOOKUP_METHOD *X509_LOOKUP_dir(); | ||
| 215 | #define X509_LOOKUP_add_dir(x,name,type) \ | 266 | #define X509_LOOKUP_add_dir(x,name,type) \ |
| 216 | X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) | 267 | X509_LOOKUP_ctrl((x),X509_L_ADD_DIR,(name),(long)(type),NULL) |
| 217 | 268 | ||
| 218 | #define X509_V_OK 0 | 269 | #define X509_V_OK 0 |
| 270 | /* illegal error (for uninitialized values, to avoid X509_V_OK): 1 */ | ||
| 219 | 271 | ||
| 220 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 | 272 | #define X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT 2 |
| 221 | #define X509_V_ERR_UNABLE_TO_GET_CRL 3 | 273 | #define X509_V_ERR_UNABLE_TO_GET_CRL 3 |
| @@ -239,21 +291,52 @@ X509_LOOKUP_METHOD *X509_LOOKUP_dir(); | |||
| 239 | #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 | 291 | #define X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE 21 |
| 240 | #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 | 292 | #define X509_V_ERR_CERT_CHAIN_TOO_LONG 22 |
| 241 | #define X509_V_ERR_CERT_REVOKED 23 | 293 | #define X509_V_ERR_CERT_REVOKED 23 |
| 294 | #define X509_V_ERR_INVALID_CA 24 | ||
| 295 | #define X509_V_ERR_PATH_LENGTH_EXCEEDED 25 | ||
| 296 | #define X509_V_ERR_INVALID_PURPOSE 26 | ||
| 297 | #define X509_V_ERR_CERT_UNTRUSTED 27 | ||
| 298 | #define X509_V_ERR_CERT_REJECTED 28 | ||
| 299 | /* These are 'informational' when looking for issuer cert */ | ||
| 300 | #define X509_V_ERR_SUBJECT_ISSUER_MISMATCH 29 | ||
| 301 | #define X509_V_ERR_AKID_SKID_MISMATCH 30 | ||
| 302 | #define X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH 31 | ||
| 303 | #define X509_V_ERR_KEYUSAGE_NO_CERTSIGN 32 | ||
| 304 | |||
| 305 | #define X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER 33 | ||
| 306 | #define X509_V_ERR_UNHANDLED_CRITICAL_EXTENSION 34 | ||
| 242 | 307 | ||
| 243 | /* The application is not happy */ | 308 | /* The application is not happy */ |
| 244 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 | 309 | #define X509_V_ERR_APPLICATION_VERIFICATION 50 |
| 245 | 310 | ||
| 246 | #ifndef NOPROTO | 311 | /* Certificate verify flags */ |
| 247 | #ifdef HEADER_LHASH_H | 312 | |
| 248 | X509_OBJECT *X509_OBJECT_retrive_by_subject(LHASH *h,int type,X509_NAME *name); | 313 | #define X509_V_FLAG_CB_ISSUER_CHECK 0x1 /* Send issuer+subject checks to verify_cb */ |
| 249 | #endif | 314 | #define X509_V_FLAG_USE_CHECK_TIME 0x2 /* Use check time instead of current time */ |
| 315 | #define X509_V_FLAG_CRL_CHECK 0x4 /* Lookup CRLs */ | ||
| 316 | #define X509_V_FLAG_CRL_CHECK_ALL 0x8 /* Lookup CRLs for whole chain */ | ||
| 317 | #define X509_V_FLAG_IGNORE_CRITICAL 0x10 /* Ignore unhandled critical extensions */ | ||
| 318 | |||
| 319 | int X509_OBJECT_idx_by_subject(STACK_OF(X509_OBJECT) *h, int type, | ||
| 320 | X509_NAME *name); | ||
| 321 | X509_OBJECT *X509_OBJECT_retrieve_by_subject(STACK_OF(X509_OBJECT) *h,int type,X509_NAME *name); | ||
| 322 | X509_OBJECT *X509_OBJECT_retrieve_match(STACK_OF(X509_OBJECT) *h, X509_OBJECT *x); | ||
| 250 | void X509_OBJECT_up_ref_count(X509_OBJECT *a); | 323 | void X509_OBJECT_up_ref_count(X509_OBJECT *a); |
| 251 | void X509_OBJECT_free_contents(X509_OBJECT *a); | 324 | void X509_OBJECT_free_contents(X509_OBJECT *a); |
| 252 | X509_STORE *X509_STORE_new(void ); | 325 | X509_STORE *X509_STORE_new(void ); |
| 253 | void X509_STORE_free(X509_STORE *v); | 326 | void X509_STORE_free(X509_STORE *v); |
| 254 | 327 | ||
| 255 | void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, | 328 | void X509_STORE_set_flags(X509_STORE *ctx, long flags); |
| 256 | X509 *x509, STACK *chain); | 329 | int X509_STORE_set_purpose(X509_STORE *ctx, int purpose); |
| 330 | int X509_STORE_set_trust(X509_STORE *ctx, int trust); | ||
| 331 | |||
| 332 | X509_STORE_CTX *X509_STORE_CTX_new(void); | ||
| 333 | |||
| 334 | int X509_STORE_CTX_get1_issuer(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); | ||
| 335 | |||
| 336 | void X509_STORE_CTX_free(X509_STORE_CTX *ctx); | ||
| 337 | int X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, | ||
| 338 | X509 *x509, STACK_OF(X509) *chain); | ||
| 339 | void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk); | ||
| 257 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); | 340 | void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx); |
| 258 | 341 | ||
| 259 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); | 342 | X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m); |
| @@ -267,17 +350,15 @@ int X509_STORE_add_crl(X509_STORE *ctx, X509_CRL *x); | |||
| 267 | int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, | 350 | int X509_STORE_get_by_subject(X509_STORE_CTX *vs,int type,X509_NAME *name, |
| 268 | X509_OBJECT *ret); | 351 | X509_OBJECT *ret); |
| 269 | 352 | ||
| 270 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx,int cmd,char *argc,long argl,char **ret); | 353 | int X509_LOOKUP_ctrl(X509_LOOKUP *ctx, int cmd, const char *argc, |
| 354 | long argl, char **ret); | ||
| 271 | 355 | ||
| 272 | #ifndef NO_STDIO | 356 | #ifndef OPENSSL_NO_STDIO |
| 273 | int X509_load_cert_file(X509_LOOKUP *ctx, char *file, int type); | 357 | int X509_load_cert_file(X509_LOOKUP *ctx, const char *file, int type); |
| 274 | int X509_load_crl_file(X509_LOOKUP *ctx, char *file, int type); | 358 | int X509_load_crl_file(X509_LOOKUP *ctx, const char *file, int type); |
| 359 | int X509_load_cert_crl_file(X509_LOOKUP *ctx, const char *file, int type); | ||
| 275 | #endif | 360 | #endif |
| 276 | 361 | ||
| 277 | void X509v3_cleanup_extensions(void ); | ||
| 278 | int X509v3_add_extension(X509_EXTENSION_METHOD *x); | ||
| 279 | int X509v3_add_netscape_extensions(void ); | ||
| 280 | int X509v3_add_standard_extensions(void ); | ||
| 281 | 362 | ||
| 282 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); | 363 | X509_LOOKUP *X509_LOOKUP_new(X509_LOOKUP_METHOD *method); |
| 283 | void X509_LOOKUP_free(X509_LOOKUP *ctx); | 364 | void X509_LOOKUP_free(X509_LOOKUP *ctx); |
| @@ -292,84 +373,32 @@ int X509_LOOKUP_by_alias(X509_LOOKUP *ctx, int type, char *str, | |||
| 292 | int len, X509_OBJECT *ret); | 373 | int len, X509_OBJECT *ret); |
| 293 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); | 374 | int X509_LOOKUP_shutdown(X509_LOOKUP *ctx); |
| 294 | 375 | ||
| 295 | #ifndef NO_STDIO | 376 | #ifndef OPENSSL_NO_STDIO |
| 296 | int X509_STORE_load_locations (X509_STORE *ctx, | 377 | int X509_STORE_load_locations (X509_STORE *ctx, |
| 297 | char *file, char *dir); | 378 | const char *file, const char *dir); |
| 298 | int X509_STORE_set_default_paths(X509_STORE *ctx); | 379 | int X509_STORE_set_default_paths(X509_STORE *ctx); |
| 299 | #endif | 380 | #endif |
| 300 | 381 | ||
| 301 | int X509_STORE_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 382 | int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 302 | int (*dup_func)(), void (*free_func)()); | 383 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 303 | int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,char *data); | 384 | int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx,int idx,void *data); |
| 304 | char * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); | 385 | void * X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx,int idx); |
| 305 | int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); | 386 | int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx); |
| 306 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); | 387 | void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx,int s); |
| 307 | int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); | 388 | int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx); |
| 308 | X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); | 389 | X509 * X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx); |
| 309 | STACK * X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); | 390 | STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx); |
| 391 | STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx); | ||
| 310 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); | 392 | void X509_STORE_CTX_set_cert(X509_STORE_CTX *c,X509 *x); |
| 311 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK /* X509 */ *sk); | 393 | void X509_STORE_CTX_set_chain(X509_STORE_CTX *c,STACK_OF(X509) *sk); |
| 312 | 394 | int X509_STORE_CTX_set_purpose(X509_STORE_CTX *ctx, int purpose); | |
| 313 | #else | 395 | int X509_STORE_CTX_set_trust(X509_STORE_CTX *ctx, int trust); |
| 314 | 396 | int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose, | |
| 315 | #ifdef HEADER_LHASH_H | 397 | int purpose, int trust); |
| 316 | X509_OBJECT *X509_OBJECT_retrive_by_subject(); | 398 | void X509_STORE_CTX_set_flags(X509_STORE_CTX *ctx, long flags); |
| 317 | #endif | 399 | void X509_STORE_CTX_set_time(X509_STORE_CTX *ctx, long flags, time_t t); |
| 318 | void X509_OBJECT_up_ref_count(); | 400 | void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx, |
| 319 | void X509_OBJECT_free_contents(); | 401 | int (*verify_cb)(int, X509_STORE_CTX *)); |
| 320 | X509_STORE *X509_STORE_new(); | ||
| 321 | void X509_STORE_free(); | ||
| 322 | |||
| 323 | void X509_STORE_CTX_init(); | ||
| 324 | void X509_STORE_CTX_cleanup(); | ||
| 325 | |||
| 326 | X509_LOOKUP *X509_STORE_add_lookup(); | ||
| 327 | |||
| 328 | X509_LOOKUP_METHOD *X509_LOOKUP_hash_dir(); | ||
| 329 | X509_LOOKUP_METHOD *X509_LOOKUP_file(); | ||
| 330 | |||
| 331 | int X509_STORE_add_cert(); | ||
| 332 | int X509_STORE_add_crl(); | ||
| 333 | |||
| 334 | int X509_STORE_get_by_subject(); | ||
| 335 | |||
| 336 | int X509_LOOKUP_ctrl(); | ||
| 337 | |||
| 338 | #ifndef NO_STDIO | ||
| 339 | int X509_load_cert_file(); | ||
| 340 | int X509_load_crl_file(); | ||
| 341 | #endif | ||
| 342 | |||
| 343 | void X509v3_cleanup_extensions(); | ||
| 344 | int X509v3_add_extension(); | ||
| 345 | int X509v3_add_netscape_extensions(); | ||
| 346 | int X509v3_add_standard_extensions(); | ||
| 347 | |||
| 348 | X509_LOOKUP *X509_LOOKUP_new(); | ||
| 349 | void X509_LOOKUP_free(); | ||
| 350 | int X509_LOOKUP_init(); | ||
| 351 | int X509_LOOKUP_by_subject(); | ||
| 352 | int X509_LOOKUP_by_issuer_serial(); | ||
| 353 | int X509_LOOKUP_by_fingerprint(); | ||
| 354 | int X509_LOOKUP_by_alias(); | ||
| 355 | int X509_LOOKUP_shutdown(); | ||
| 356 | |||
| 357 | #ifndef NO_STDIO | ||
| 358 | int X509_STORE_load_locations (); | ||
| 359 | int X509_STORE_set_default_paths(); | ||
| 360 | #endif | ||
| 361 | |||
| 362 | int X509_STORE_CTX_set_ex_data(); | ||
| 363 | char * X509_STORE_CTX_get_ex_data(); | ||
| 364 | int X509_STORE_CTX_get_error(); | ||
| 365 | void X509_STORE_CTX_set_error(); | ||
| 366 | int X509_STORE_CTX_get_error_depth(); | ||
| 367 | X509 * X509_STORE_CTX_get_current_cert(); | ||
| 368 | STACK * X509_STORE_CTX_get_chain(); | ||
| 369 | void X509_STORE_CTX_set_cert(); | ||
| 370 | void X509_STORE_CTX_set_chain(); | ||
| 371 | |||
| 372 | #endif | ||
| 373 | 402 | ||
| 374 | #ifdef __cplusplus | 403 | #ifdef __cplusplus |
| 375 | } | 404 | } |
diff --git a/src/lib/libcrypto/x509/x509name.c b/src/lib/libcrypto/x509/x509name.c index 650e71b1b5..4c20e03ece 100644 --- a/src/lib/libcrypto/x509/x509name.c +++ b/src/lib/libcrypto/x509/x509name.c | |||
| @@ -57,18 +57,14 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "stack.h" | 60 | #include <openssl/stack.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include "asn1.h" | 62 | #include <openssl/asn1.h> |
| 63 | #include "objects.h" | 63 | #include <openssl/objects.h> |
| 64 | #include "evp.h" | 64 | #include <openssl/evp.h> |
| 65 | #include "x509.h" | 65 | #include <openssl/x509.h> |
| 66 | 66 | ||
| 67 | int X509_NAME_get_text_by_NID(name,nid,buf,len) | 67 | int X509_NAME_get_text_by_NID(X509_NAME *name, int nid, char *buf, int len) |
| 68 | X509_NAME *name; | ||
| 69 | int nid; | ||
| 70 | char *buf; | ||
| 71 | int len; | ||
| 72 | { | 68 | { |
| 73 | ASN1_OBJECT *obj; | 69 | ASN1_OBJECT *obj; |
| 74 | 70 | ||
| @@ -77,11 +73,8 @@ int len; | |||
| 77 | return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); | 73 | return(X509_NAME_get_text_by_OBJ(name,obj,buf,len)); |
| 78 | } | 74 | } |
| 79 | 75 | ||
| 80 | int X509_NAME_get_text_by_OBJ(name,obj,buf,len) | 76 | int X509_NAME_get_text_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, char *buf, |
| 81 | X509_NAME *name; | 77 | int len) |
| 82 | ASN1_OBJECT *obj; | ||
| 83 | char *buf; | ||
| 84 | int len; | ||
| 85 | { | 78 | { |
| 86 | int i; | 79 | int i; |
| 87 | ASN1_STRING *data; | 80 | ASN1_STRING *data; |
| @@ -96,17 +89,13 @@ int len; | |||
| 96 | return(i); | 89 | return(i); |
| 97 | } | 90 | } |
| 98 | 91 | ||
| 99 | int X509_NAME_entry_count(name) | 92 | int X509_NAME_entry_count(X509_NAME *name) |
| 100 | X509_NAME *name; | ||
| 101 | { | 93 | { |
| 102 | if (name == NULL) return(0); | 94 | if (name == NULL) return(0); |
| 103 | return(sk_num(name->entries)); | 95 | return(sk_X509_NAME_ENTRY_num(name->entries)); |
| 104 | } | 96 | } |
| 105 | 97 | ||
| 106 | int X509_NAME_get_index_by_NID(name,nid,lastpos) | 98 | int X509_NAME_get_index_by_NID(X509_NAME *name, int nid, int lastpos) |
| 107 | X509_NAME *name; | ||
| 108 | int nid; | ||
| 109 | int lastpos; | ||
| 110 | { | 99 | { |
| 111 | ASN1_OBJECT *obj; | 100 | ASN1_OBJECT *obj; |
| 112 | 101 | ||
| @@ -116,61 +105,57 @@ int lastpos; | |||
| 116 | } | 105 | } |
| 117 | 106 | ||
| 118 | /* NOTE: you should be passsing -1, not 0 as lastpos */ | 107 | /* NOTE: you should be passsing -1, not 0 as lastpos */ |
| 119 | int X509_NAME_get_index_by_OBJ(name,obj,lastpos) | 108 | int X509_NAME_get_index_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, |
| 120 | X509_NAME *name; | 109 | int lastpos) |
| 121 | ASN1_OBJECT *obj; | ||
| 122 | int lastpos; | ||
| 123 | { | 110 | { |
| 124 | int n; | 111 | int n; |
| 125 | X509_NAME_ENTRY *ne; | 112 | X509_NAME_ENTRY *ne; |
| 126 | STACK *sk; | 113 | STACK_OF(X509_NAME_ENTRY) *sk; |
| 127 | 114 | ||
| 128 | if (name == NULL) return(-1); | 115 | if (name == NULL) return(-1); |
| 129 | if (lastpos < 0) | 116 | if (lastpos < 0) |
| 130 | lastpos= -1; | 117 | lastpos= -1; |
| 131 | sk=name->entries; | 118 | sk=name->entries; |
| 132 | n=sk_num(sk); | 119 | n=sk_X509_NAME_ENTRY_num(sk); |
| 133 | for (lastpos++; lastpos < n; lastpos++) | 120 | for (lastpos++; lastpos < n; lastpos++) |
| 134 | { | 121 | { |
| 135 | ne=(X509_NAME_ENTRY *)sk_value(sk,lastpos); | 122 | ne=sk_X509_NAME_ENTRY_value(sk,lastpos); |
| 136 | if (OBJ_cmp(ne->object,obj) == 0) | 123 | if (OBJ_cmp(ne->object,obj) == 0) |
| 137 | return(lastpos); | 124 | return(lastpos); |
| 138 | } | 125 | } |
| 139 | return(-1); | 126 | return(-1); |
| 140 | } | 127 | } |
| 141 | 128 | ||
| 142 | X509_NAME_ENTRY *X509_NAME_get_entry(name,loc) | 129 | X509_NAME_ENTRY *X509_NAME_get_entry(X509_NAME *name, int loc) |
| 143 | X509_NAME *name; | ||
| 144 | int loc; | ||
| 145 | { | 130 | { |
| 146 | if ( (name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) | 131 | if(name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc |
| 132 | || loc < 0) | ||
| 147 | return(NULL); | 133 | return(NULL); |
| 148 | else | 134 | else |
| 149 | return((X509_NAME_ENTRY *)sk_value(name->entries,loc)); | 135 | return(sk_X509_NAME_ENTRY_value(name->entries,loc)); |
| 150 | } | 136 | } |
| 151 | 137 | ||
| 152 | X509_NAME_ENTRY *X509_NAME_delete_entry(name,loc) | 138 | X509_NAME_ENTRY *X509_NAME_delete_entry(X509_NAME *name, int loc) |
| 153 | X509_NAME *name; | ||
| 154 | int loc; | ||
| 155 | { | 139 | { |
| 156 | X509_NAME_ENTRY *ret; | 140 | X509_NAME_ENTRY *ret; |
| 157 | int i,j,n,set_prev,set_next; | 141 | int i,n,set_prev,set_next; |
| 158 | STACK *sk; | 142 | STACK_OF(X509_NAME_ENTRY) *sk; |
| 159 | 143 | ||
| 160 | if ((name == NULL) || (sk_num(name->entries) <= loc) || (loc < 0)) | 144 | if (name == NULL || sk_X509_NAME_ENTRY_num(name->entries) <= loc |
| 145 | || loc < 0) | ||
| 161 | return(NULL); | 146 | return(NULL); |
| 162 | sk=name->entries; | 147 | sk=name->entries; |
| 163 | ret=(X509_NAME_ENTRY *)sk_delete(sk,loc); | 148 | ret=sk_X509_NAME_ENTRY_delete(sk,loc); |
| 164 | n=sk_num(sk); | 149 | n=sk_X509_NAME_ENTRY_num(sk); |
| 165 | name->modified=1; | 150 | name->modified=1; |
| 166 | if (loc == n) return(ret); | 151 | if (loc == n) return(ret); |
| 167 | 152 | ||
| 168 | /* else we need to fixup the set field */ | 153 | /* else we need to fixup the set field */ |
| 169 | if (loc != 0) | 154 | if (loc != 0) |
| 170 | set_prev=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; | 155 | set_prev=(sk_X509_NAME_ENTRY_value(sk,loc-1))->set; |
| 171 | else | 156 | else |
| 172 | set_prev=ret->set-1; | 157 | set_prev=ret->set-1; |
| 173 | set_next=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; | 158 | set_next=sk_X509_NAME_ENTRY_value(sk,loc)->set; |
| 174 | 159 | ||
| 175 | /* set_prev is the previous set | 160 | /* set_prev is the previous set |
| 176 | * set is the current set | 161 | * set is the current set |
| @@ -181,29 +166,59 @@ int loc; | |||
| 181 | * so basically only if prev and next differ by 2, then | 166 | * so basically only if prev and next differ by 2, then |
| 182 | * re-number down by 1 */ | 167 | * re-number down by 1 */ |
| 183 | if (set_prev+1 < set_next) | 168 | if (set_prev+1 < set_next) |
| 184 | { | ||
| 185 | j=set_next-set_prev-1; | ||
| 186 | for (i=loc; i<n; i++) | 169 | for (i=loc; i<n; i++) |
| 187 | ((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set-=j; | 170 | sk_X509_NAME_ENTRY_value(sk,i)->set--; |
| 188 | } | ||
| 189 | return(ret); | 171 | return(ret); |
| 190 | } | 172 | } |
| 191 | 173 | ||
| 174 | int X509_NAME_add_entry_by_OBJ(X509_NAME *name, ASN1_OBJECT *obj, int type, | ||
| 175 | unsigned char *bytes, int len, int loc, int set) | ||
| 176 | { | ||
| 177 | X509_NAME_ENTRY *ne; | ||
| 178 | int ret; | ||
| 179 | ne = X509_NAME_ENTRY_create_by_OBJ(NULL, obj, type, bytes, len); | ||
| 180 | if(!ne) return 0; | ||
| 181 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 182 | X509_NAME_ENTRY_free(ne); | ||
| 183 | return ret; | ||
| 184 | } | ||
| 185 | |||
| 186 | int X509_NAME_add_entry_by_NID(X509_NAME *name, int nid, int type, | ||
| 187 | unsigned char *bytes, int len, int loc, int set) | ||
| 188 | { | ||
| 189 | X509_NAME_ENTRY *ne; | ||
| 190 | int ret; | ||
| 191 | ne = X509_NAME_ENTRY_create_by_NID(NULL, nid, type, bytes, len); | ||
| 192 | if(!ne) return 0; | ||
| 193 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 194 | X509_NAME_ENTRY_free(ne); | ||
| 195 | return ret; | ||
| 196 | } | ||
| 197 | |||
| 198 | int X509_NAME_add_entry_by_txt(X509_NAME *name, char *field, int type, | ||
| 199 | unsigned char *bytes, int len, int loc, int set) | ||
| 200 | { | ||
| 201 | X509_NAME_ENTRY *ne; | ||
| 202 | int ret; | ||
| 203 | ne = X509_NAME_ENTRY_create_by_txt(NULL, field, type, bytes, len); | ||
| 204 | if(!ne) return 0; | ||
| 205 | ret = X509_NAME_add_entry(name, ne, loc, set); | ||
| 206 | X509_NAME_ENTRY_free(ne); | ||
| 207 | return ret; | ||
| 208 | } | ||
| 209 | |||
| 192 | /* if set is -1, append to previous set, 0 'a new one', and 1, | 210 | /* if set is -1, append to previous set, 0 'a new one', and 1, |
| 193 | * prepend to the guy we are about to stomp on. */ | 211 | * prepend to the guy we are about to stomp on. */ |
| 194 | int X509_NAME_add_entry(name,ne,loc,set) | 212 | int X509_NAME_add_entry(X509_NAME *name, X509_NAME_ENTRY *ne, int loc, |
| 195 | X509_NAME *name; | 213 | int set) |
| 196 | X509_NAME_ENTRY *ne; | ||
| 197 | int loc; | ||
| 198 | int set; | ||
| 199 | { | 214 | { |
| 200 | X509_NAME_ENTRY *new_name=NULL; | 215 | X509_NAME_ENTRY *new_name=NULL; |
| 201 | int n,i,inc; | 216 | int n,i,inc; |
| 202 | STACK *sk; | 217 | STACK_OF(X509_NAME_ENTRY) *sk; |
| 203 | 218 | ||
| 204 | if (name == NULL) return(0); | 219 | if (name == NULL) return(0); |
| 205 | sk=name->entries; | 220 | sk=name->entries; |
| 206 | n=sk_num(sk); | 221 | n=sk_X509_NAME_ENTRY_num(sk); |
| 207 | if (loc > n) loc=n; | 222 | if (loc > n) loc=n; |
| 208 | else if (loc < 0) loc=n; | 223 | else if (loc < 0) loc=n; |
| 209 | 224 | ||
| @@ -218,7 +233,7 @@ int set; | |||
| 218 | } | 233 | } |
| 219 | else | 234 | else |
| 220 | { | 235 | { |
| 221 | set=((X509_NAME_ENTRY *)sk_value(sk,loc-1))->set; | 236 | set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set; |
| 222 | inc=0; | 237 | inc=0; |
| 223 | } | 238 | } |
| 224 | } | 239 | } |
| @@ -227,45 +242,60 @@ int set; | |||
| 227 | if (loc >= n) | 242 | if (loc >= n) |
| 228 | { | 243 | { |
| 229 | if (loc != 0) | 244 | if (loc != 0) |
| 230 | set=((X509_NAME_ENTRY *) | 245 | set=sk_X509_NAME_ENTRY_value(sk,loc-1)->set+1; |
| 231 | sk_value(sk,loc-1))->set+1; | ||
| 232 | else | 246 | else |
| 233 | set=0; | 247 | set=0; |
| 234 | } | 248 | } |
| 235 | else | 249 | else |
| 236 | set=((X509_NAME_ENTRY *)sk_value(sk,loc))->set; | 250 | set=sk_X509_NAME_ENTRY_value(sk,loc)->set; |
| 237 | inc=(set == 0)?1:0; | 251 | inc=(set == 0)?1:0; |
| 238 | } | 252 | } |
| 239 | 253 | ||
| 240 | if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) | 254 | if ((new_name=X509_NAME_ENTRY_dup(ne)) == NULL) |
| 241 | goto err; | 255 | goto err; |
| 242 | new_name->set=set; | 256 | new_name->set=set; |
| 243 | if (!sk_insert(sk,(char *)new_name,loc)) | 257 | if (!sk_X509_NAME_ENTRY_insert(sk,new_name,loc)) |
| 244 | { | 258 | { |
| 245 | X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); | 259 | X509err(X509_F_X509_NAME_ADD_ENTRY,ERR_R_MALLOC_FAILURE); |
| 246 | goto err; | 260 | goto err; |
| 247 | } | 261 | } |
| 248 | if (inc) | 262 | if (inc) |
| 249 | { | 263 | { |
| 250 | n=sk_num(sk); | 264 | n=sk_X509_NAME_ENTRY_num(sk); |
| 251 | for (i=loc+1; i<n; i++) | 265 | for (i=loc+1; i<n; i++) |
| 252 | ((X509_NAME_ENTRY *)sk_value(sk,i-1))->set+=1; | 266 | sk_X509_NAME_ENTRY_value(sk,i-1)->set+=1; |
| 253 | } | 267 | } |
| 254 | return(1); | 268 | return(1); |
| 255 | err: | 269 | err: |
| 256 | if (new_name != NULL) | 270 | if (new_name != NULL) |
| 257 | X509_NAME_ENTRY_free(ne); | 271 | X509_NAME_ENTRY_free(new_name); |
| 258 | return(0); | 272 | return(0); |
| 259 | } | 273 | } |
| 260 | 274 | ||
| 261 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(ne,nid,type,bytes,len) | 275 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_txt(X509_NAME_ENTRY **ne, |
| 262 | X509_NAME_ENTRY **ne; | 276 | char *field, int type, unsigned char *bytes, int len) |
| 263 | int nid; | ||
| 264 | int type; | ||
| 265 | unsigned char *bytes; | ||
| 266 | int len; | ||
| 267 | { | 277 | { |
| 268 | ASN1_OBJECT *obj; | 278 | ASN1_OBJECT *obj; |
| 279 | X509_NAME_ENTRY *nentry; | ||
| 280 | |||
| 281 | obj=OBJ_txt2obj(field, 0); | ||
| 282 | if (obj == NULL) | ||
| 283 | { | ||
| 284 | X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_TXT, | ||
| 285 | X509_R_INVALID_FIELD_NAME); | ||
| 286 | ERR_add_error_data(2, "name=", field); | ||
| 287 | return(NULL); | ||
| 288 | } | ||
| 289 | nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); | ||
| 290 | ASN1_OBJECT_free(obj); | ||
| 291 | return nentry; | ||
| 292 | } | ||
| 293 | |||
| 294 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_NID(X509_NAME_ENTRY **ne, int nid, | ||
| 295 | int type, unsigned char *bytes, int len) | ||
| 296 | { | ||
| 297 | ASN1_OBJECT *obj; | ||
| 298 | X509_NAME_ENTRY *nentry; | ||
| 269 | 299 | ||
| 270 | obj=OBJ_nid2obj(nid); | 300 | obj=OBJ_nid2obj(nid); |
| 271 | if (obj == NULL) | 301 | if (obj == NULL) |
| @@ -273,15 +303,13 @@ int len; | |||
| 273 | X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); | 303 | X509err(X509_F_X509_NAME_ENTRY_CREATE_BY_NID,X509_R_UNKNOWN_NID); |
| 274 | return(NULL); | 304 | return(NULL); |
| 275 | } | 305 | } |
| 276 | return(X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len)); | 306 | nentry = X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len); |
| 307 | ASN1_OBJECT_free(obj); | ||
| 308 | return nentry; | ||
| 277 | } | 309 | } |
| 278 | 310 | ||
| 279 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(ne,obj,type,bytes,len) | 311 | X509_NAME_ENTRY *X509_NAME_ENTRY_create_by_OBJ(X509_NAME_ENTRY **ne, |
| 280 | X509_NAME_ENTRY **ne; | 312 | ASN1_OBJECT *obj, int type, unsigned char *bytes, int len) |
| 281 | ASN1_OBJECT *obj; | ||
| 282 | int type; | ||
| 283 | unsigned char *bytes; | ||
| 284 | int len; | ||
| 285 | { | 313 | { |
| 286 | X509_NAME_ENTRY *ret; | 314 | X509_NAME_ENTRY *ret; |
| 287 | 315 | ||
| @@ -297,7 +325,7 @@ int len; | |||
| 297 | goto err; | 325 | goto err; |
| 298 | if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) | 326 | if (!X509_NAME_ENTRY_set_data(ret,type,bytes,len)) |
| 299 | goto err; | 327 | goto err; |
| 300 | 328 | ||
| 301 | if ((ne != NULL) && (*ne == NULL)) *ne=ret; | 329 | if ((ne != NULL) && (*ne == NULL)) *ne=ret; |
| 302 | return(ret); | 330 | return(ret); |
| 303 | err: | 331 | err: |
| @@ -306,9 +334,7 @@ err: | |||
| 306 | return(NULL); | 334 | return(NULL); |
| 307 | } | 335 | } |
| 308 | 336 | ||
| 309 | int X509_NAME_ENTRY_set_object(ne,obj) | 337 | int X509_NAME_ENTRY_set_object(X509_NAME_ENTRY *ne, ASN1_OBJECT *obj) |
| 310 | X509_NAME_ENTRY *ne; | ||
| 311 | ASN1_OBJECT *obj; | ||
| 312 | { | 338 | { |
| 313 | if ((ne == NULL) || (obj == NULL)) | 339 | if ((ne == NULL) || (obj == NULL)) |
| 314 | { | 340 | { |
| @@ -320,15 +346,16 @@ ASN1_OBJECT *obj; | |||
| 320 | return((ne->object == NULL)?0:1); | 346 | return((ne->object == NULL)?0:1); |
| 321 | } | 347 | } |
| 322 | 348 | ||
| 323 | int X509_NAME_ENTRY_set_data(ne,type,bytes,len) | 349 | int X509_NAME_ENTRY_set_data(X509_NAME_ENTRY *ne, int type, |
| 324 | X509_NAME_ENTRY *ne; | 350 | unsigned char *bytes, int len) |
| 325 | int type; | ||
| 326 | unsigned char *bytes; | ||
| 327 | int len; | ||
| 328 | { | 351 | { |
| 329 | int i; | 352 | int i; |
| 330 | 353 | ||
| 331 | if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); | 354 | if ((ne == NULL) || ((bytes == NULL) && (len != 0))) return(0); |
| 355 | if((type > 0) && (type & MBSTRING_FLAG)) | ||
| 356 | return ASN1_STRING_set_by_NID(&ne->value, bytes, | ||
| 357 | len, type, | ||
| 358 | OBJ_obj2nid(ne->object)) ? 1 : 0; | ||
| 332 | if (len < 0) len=strlen((char *)bytes); | 359 | if (len < 0) len=strlen((char *)bytes); |
| 333 | i=ASN1_STRING_set(ne->value,bytes,len); | 360 | i=ASN1_STRING_set(ne->value,bytes,len); |
| 334 | if (!i) return(0); | 361 | if (!i) return(0); |
| @@ -342,15 +369,13 @@ int len; | |||
| 342 | return(1); | 369 | return(1); |
| 343 | } | 370 | } |
| 344 | 371 | ||
| 345 | ASN1_OBJECT *X509_NAME_ENTRY_get_object(ne) | 372 | ASN1_OBJECT *X509_NAME_ENTRY_get_object(X509_NAME_ENTRY *ne) |
| 346 | X509_NAME_ENTRY *ne; | ||
| 347 | { | 373 | { |
| 348 | if (ne == NULL) return(NULL); | 374 | if (ne == NULL) return(NULL); |
| 349 | return(ne->object); | 375 | return(ne->object); |
| 350 | } | 376 | } |
| 351 | 377 | ||
| 352 | ASN1_STRING *X509_NAME_ENTRY_get_data(ne) | 378 | ASN1_STRING *X509_NAME_ENTRY_get_data(X509_NAME_ENTRY *ne) |
| 353 | X509_NAME_ENTRY *ne; | ||
| 354 | { | 379 | { |
| 355 | if (ne == NULL) return(NULL); | 380 | if (ne == NULL) return(NULL); |
| 356 | return(ne->value); | 381 | return(ne->value); |
diff --git a/src/lib/libcrypto/x509/x509rset.c b/src/lib/libcrypto/x509/x509rset.c index 323b25470a..d9f6b57372 100644 --- a/src/lib/libcrypto/x509/x509rset.c +++ b/src/lib/libcrypto/x509/x509rset.c | |||
| @@ -58,30 +58,24 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "asn1.h" | 61 | #include <openssl/asn1.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | 65 | ||
| 66 | int X509_REQ_set_version(x,version) | 66 | int X509_REQ_set_version(X509_REQ *x, long version) |
| 67 | X509_REQ *x; | ||
| 68 | long version; | ||
| 69 | { | 67 | { |
| 70 | if (x == NULL) return(0); | 68 | if (x == NULL) return(0); |
| 71 | return(ASN1_INTEGER_set(x->req_info->version,version)); | 69 | return(ASN1_INTEGER_set(x->req_info->version,version)); |
| 72 | } | 70 | } |
| 73 | 71 | ||
| 74 | int X509_REQ_set_subject_name(x,name) | 72 | int X509_REQ_set_subject_name(X509_REQ *x, X509_NAME *name) |
| 75 | X509_REQ *x; | ||
| 76 | X509_NAME *name; | ||
| 77 | { | 73 | { |
| 78 | if ((x == NULL) || (x->req_info == NULL)) return(0); | 74 | if ((x == NULL) || (x->req_info == NULL)) return(0); |
| 79 | return(X509_NAME_set(&x->req_info->subject,name)); | 75 | return(X509_NAME_set(&x->req_info->subject,name)); |
| 80 | } | 76 | } |
| 81 | 77 | ||
| 82 | int X509_REQ_set_pubkey(x,pkey) | 78 | int X509_REQ_set_pubkey(X509_REQ *x, EVP_PKEY *pkey) |
| 83 | X509_REQ *x; | ||
| 84 | EVP_PKEY *pkey; | ||
| 85 | { | 79 | { |
| 86 | if ((x == NULL) || (x->req_info == NULL)) return(0); | 80 | if ((x == NULL) || (x->req_info == NULL)) return(0); |
| 87 | return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); | 81 | return(X509_PUBKEY_set(&x->req_info->pubkey,pkey)); |
diff --git a/src/lib/libcrypto/x509/x509spki.c b/src/lib/libcrypto/x509/x509spki.c index b35c3f92e7..4c3af946ec 100644 --- a/src/lib/libcrypto/x509/x509spki.c +++ b/src/lib/libcrypto/x509/x509spki.c | |||
| @@ -59,7 +59,6 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509.h> | 61 | #include <openssl/x509.h> |
| 62 | #include <openssl/asn1_mac.h> | ||
| 63 | 62 | ||
| 64 | int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) | 63 | int NETSCAPE_SPKI_set_pubkey(NETSCAPE_SPKI *x, EVP_PKEY *pkey) |
| 65 | { | 64 | { |
| @@ -82,7 +81,7 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) | |||
| 82 | int spki_len; | 81 | int spki_len; |
| 83 | NETSCAPE_SPKI *spki; | 82 | NETSCAPE_SPKI *spki; |
| 84 | if(len <= 0) len = strlen(str); | 83 | if(len <= 0) len = strlen(str); |
| 85 | if (!(spki_der = Malloc(len + 1))) { | 84 | if (!(spki_der = OPENSSL_malloc(len + 1))) { |
| 86 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); | 85 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, ERR_R_MALLOC_FAILURE); |
| 87 | return NULL; | 86 | return NULL; |
| 88 | } | 87 | } |
| @@ -90,12 +89,12 @@ NETSCAPE_SPKI * NETSCAPE_SPKI_b64_decode(const char *str, int len) | |||
| 90 | if(spki_len < 0) { | 89 | if(spki_len < 0) { |
| 91 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, | 90 | X509err(X509_F_NETSCAPE_SPKI_B64_DECODE, |
| 92 | X509_R_BASE64_DECODE_ERROR); | 91 | X509_R_BASE64_DECODE_ERROR); |
| 93 | Free(spki_der); | 92 | OPENSSL_free(spki_der); |
| 94 | return NULL; | 93 | return NULL; |
| 95 | } | 94 | } |
| 96 | p = spki_der; | 95 | p = spki_der; |
| 97 | spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); | 96 | spki = d2i_NETSCAPE_SPKI(NULL, &p, spki_len); |
| 98 | Free(spki_der); | 97 | OPENSSL_free(spki_der); |
| 99 | return spki; | 98 | return spki; |
| 100 | } | 99 | } |
| 101 | 100 | ||
| @@ -107,8 +106,8 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) | |||
| 107 | char *b64_str; | 106 | char *b64_str; |
| 108 | int der_len; | 107 | int der_len; |
| 109 | der_len = i2d_NETSCAPE_SPKI(spki, NULL); | 108 | der_len = i2d_NETSCAPE_SPKI(spki, NULL); |
| 110 | der_spki = Malloc(der_len); | 109 | der_spki = OPENSSL_malloc(der_len); |
| 111 | b64_str = Malloc(der_len * 2); | 110 | b64_str = OPENSSL_malloc(der_len * 2); |
| 112 | if(!der_spki || !b64_str) { | 111 | if(!der_spki || !b64_str) { |
| 113 | X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); | 112 | X509err(X509_F_NETSCAPE_SPKI_B64_ENCODE, ERR_R_MALLOC_FAILURE); |
| 114 | return NULL; | 113 | return NULL; |
| @@ -116,6 +115,6 @@ char * NETSCAPE_SPKI_b64_encode(NETSCAPE_SPKI *spki) | |||
| 116 | p = der_spki; | 115 | p = der_spki; |
| 117 | i2d_NETSCAPE_SPKI(spki, &p); | 116 | i2d_NETSCAPE_SPKI(spki, &p); |
| 118 | EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); | 117 | EVP_EncodeBlock((unsigned char *)b64_str, der_spki, der_len); |
| 119 | Free(der_spki); | 118 | OPENSSL_free(der_spki); |
| 120 | return b64_str; | 119 | return b64_str; |
| 121 | } | 120 | } |
diff --git a/src/lib/libcrypto/x509/x509type.c b/src/lib/libcrypto/x509/x509type.c index 42c23bcfca..8e78b34458 100644 --- a/src/lib/libcrypto/x509/x509type.c +++ b/src/lib/libcrypto/x509/x509type.c | |||
| @@ -58,13 +58,11 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include "evp.h" | 61 | #include <openssl/evp.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | 64 | ||
| 65 | int X509_certificate_type(x,pkey) | 65 | int X509_certificate_type(X509 *x, EVP_PKEY *pkey) |
| 66 | X509 *x; | ||
| 67 | EVP_PKEY *pkey; | ||
| 68 | { | 66 | { |
| 69 | EVP_PKEY *pk; | 67 | EVP_PKEY *pk; |
| 70 | int ret=0,i; | 68 | int ret=0,i; |
| @@ -108,8 +106,9 @@ EVP_PKEY *pkey; | |||
| 108 | break; | 106 | break; |
| 109 | } | 107 | } |
| 110 | 108 | ||
| 111 | if (EVP_PKEY_size(pkey) <= 512) | 109 | if (EVP_PKEY_size(pk) <= 512) |
| 112 | ret|=EVP_PKT_EXP; | 110 | ret|=EVP_PKT_EXP; |
| 111 | if(pkey==NULL) EVP_PKEY_free(pk); | ||
| 113 | return(ret); | 112 | return(ret); |
| 114 | } | 113 | } |
| 115 | 114 | ||
diff --git a/src/lib/libcrypto/x509/x_all.c b/src/lib/libcrypto/x509/x_all.c index b7dde23e9a..fb5015cd4d 100644 --- a/src/lib/libcrypto/x509/x_all.c +++ b/src/lib/libcrypto/x509/x_all.c | |||
| @@ -58,408 +58,431 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #undef SSLEAY_MACROS | 60 | #undef SSLEAY_MACROS |
| 61 | #include "stack.h" | 61 | #include <openssl/stack.h> |
| 62 | #include "cryptlib.h" | 62 | #include "cryptlib.h" |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | #include "asn1.h" | 64 | #include <openssl/asn1.h> |
| 65 | #include "evp.h" | 65 | #include <openssl/evp.h> |
| 66 | #include "x509.h" | 66 | #include <openssl/x509.h> |
| 67 | 67 | ||
| 68 | int X509_verify(a,r) | 68 | int X509_verify(X509 *a, EVP_PKEY *r) |
| 69 | X509 *a; | ||
| 70 | EVP_PKEY *r; | ||
| 71 | { | 69 | { |
| 72 | return(ASN1_verify((int (*)())i2d_X509_CINF,a->sig_alg, | 70 | return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CINF),a->sig_alg, |
| 73 | a->signature,(char *)a->cert_info,r)); | 71 | a->signature,a->cert_info,r)); |
| 74 | } | 72 | } |
| 75 | 73 | ||
| 76 | int X509_REQ_verify(a,r) | 74 | int X509_REQ_verify(X509_REQ *a, EVP_PKEY *r) |
| 77 | X509_REQ *a; | ||
| 78 | EVP_PKEY *r; | ||
| 79 | { | 75 | { |
| 80 | return( ASN1_verify((int (*)())i2d_X509_REQ_INFO, | 76 | return( ASN1_item_verify(ASN1_ITEM_rptr(X509_REQ_INFO), |
| 81 | a->sig_alg,a->signature,(char *)a->req_info,r)); | 77 | a->sig_alg,a->signature,a->req_info,r)); |
| 82 | } | 78 | } |
| 83 | 79 | ||
| 84 | int X509_CRL_verify(a,r) | 80 | int X509_CRL_verify(X509_CRL *a, EVP_PKEY *r) |
| 85 | X509_CRL *a; | ||
| 86 | EVP_PKEY *r; | ||
| 87 | { | 81 | { |
| 88 | return(ASN1_verify((int (*)())i2d_X509_CRL_INFO, | 82 | return(ASN1_item_verify(ASN1_ITEM_rptr(X509_CRL_INFO), |
| 89 | a->sig_alg, a->signature,(char *)a->crl,r)); | 83 | a->sig_alg, a->signature,a->crl,r)); |
| 90 | } | 84 | } |
| 91 | 85 | ||
| 92 | int NETSCAPE_SPKI_verify(a,r) | 86 | int NETSCAPE_SPKI_verify(NETSCAPE_SPKI *a, EVP_PKEY *r) |
| 93 | NETSCAPE_SPKI *a; | ||
| 94 | EVP_PKEY *r; | ||
| 95 | { | 87 | { |
| 96 | return(ASN1_verify((int (*)())i2d_NETSCAPE_SPKAC, | 88 | return(ASN1_item_verify(ASN1_ITEM_rptr(NETSCAPE_SPKAC), |
| 97 | a->sig_algor,a->signature, (char *)a->spkac,r)); | 89 | a->sig_algor,a->signature,a->spkac,r)); |
| 98 | } | 90 | } |
| 99 | 91 | ||
| 100 | int X509_sign(x,pkey,md) | 92 | int X509_sign(X509 *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 101 | X509 *x; | ||
| 102 | EVP_PKEY *pkey; | ||
| 103 | EVP_MD *md; | ||
| 104 | { | 93 | { |
| 105 | return(ASN1_sign((int (*)())i2d_X509_CINF, x->cert_info->signature, | 94 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CINF), x->cert_info->signature, |
| 106 | x->sig_alg, x->signature, (char *)x->cert_info,pkey,md)); | 95 | x->sig_alg, x->signature, x->cert_info,pkey,md)); |
| 107 | } | 96 | } |
| 108 | 97 | ||
| 109 | int X509_REQ_sign(x,pkey,md) | 98 | int X509_REQ_sign(X509_REQ *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 110 | X509_REQ *x; | ||
| 111 | EVP_PKEY *pkey; | ||
| 112 | EVP_MD *md; | ||
| 113 | { | 99 | { |
| 114 | return(ASN1_sign((int (*)())i2d_X509_REQ_INFO,x->sig_alg, NULL, | 100 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_REQ_INFO),x->sig_alg, NULL, |
| 115 | x->signature, (char *)x->req_info,pkey,md)); | 101 | x->signature, x->req_info,pkey,md)); |
| 116 | } | 102 | } |
| 117 | 103 | ||
| 118 | int X509_CRL_sign(x,pkey,md) | 104 | int X509_CRL_sign(X509_CRL *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 119 | X509_CRL *x; | ||
| 120 | EVP_PKEY *pkey; | ||
| 121 | EVP_MD *md; | ||
| 122 | { | 105 | { |
| 123 | return(ASN1_sign((int (*)())i2d_X509_CRL_INFO,x->crl->sig_alg, | 106 | return(ASN1_item_sign(ASN1_ITEM_rptr(X509_CRL_INFO),x->crl->sig_alg, |
| 124 | x->sig_alg, x->signature, (char *)x->crl,pkey,md)); | 107 | x->sig_alg, x->signature, x->crl,pkey,md)); |
| 125 | } | 108 | } |
| 126 | 109 | ||
| 127 | int NETSCAPE_SPKI_sign(x,pkey,md) | 110 | int NETSCAPE_SPKI_sign(NETSCAPE_SPKI *x, EVP_PKEY *pkey, const EVP_MD *md) |
| 128 | NETSCAPE_SPKI *x; | ||
| 129 | EVP_PKEY *pkey; | ||
| 130 | EVP_MD *md; | ||
| 131 | { | 111 | { |
| 132 | return(ASN1_sign((int (*)())i2d_NETSCAPE_SPKAC, x->sig_algor,NULL, | 112 | return(ASN1_item_sign(ASN1_ITEM_rptr(NETSCAPE_SPKAC), x->sig_algor,NULL, |
| 133 | x->signature, (char *)x->spkac,pkey,md)); | 113 | x->signature, x->spkac,pkey,md)); |
| 134 | } | 114 | } |
| 135 | 115 | ||
| 136 | X509 *X509_dup(x509) | 116 | #ifndef OPENSSL_NO_FP_API |
| 137 | X509 *x509; | 117 | X509 *d2i_X509_fp(FILE *fp, X509 **x509) |
| 138 | { | 118 | { |
| 139 | return((X509 *)ASN1_dup((int (*)())i2d_X509, | 119 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509), fp, x509); |
| 140 | (char *(*)())d2i_X509,(char *)x509)); | ||
| 141 | } | 120 | } |
| 142 | 121 | ||
| 143 | X509_EXTENSION *X509_EXTENSION_dup(ex) | 122 | int i2d_X509_fp(FILE *fp, X509 *x509) |
| 144 | X509_EXTENSION *ex; | ||
| 145 | { | 123 | { |
| 146 | return((X509_EXTENSION *)ASN1_dup( | 124 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509), fp, x509); |
| 147 | (int (*)())i2d_X509_EXTENSION, | ||
| 148 | (char *(*)())d2i_X509_EXTENSION,(char *)ex)); | ||
| 149 | } | 125 | } |
| 126 | #endif | ||
| 150 | 127 | ||
| 151 | #ifndef NO_FP_API | 128 | X509 *d2i_X509_bio(BIO *bp, X509 **x509) |
| 152 | X509 *d2i_X509_fp(fp,x509) | ||
| 153 | FILE *fp; | ||
| 154 | X509 *x509; | ||
| 155 | { | 129 | { |
| 156 | return((X509 *)ASN1_d2i_fp((char *(*)())X509_new, | 130 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509), bp, x509); |
| 157 | (char *(*)())d2i_X509, (fp),(unsigned char **)(x509))); | ||
| 158 | } | 131 | } |
| 159 | 132 | ||
| 160 | int i2d_X509_fp(fp,x509) | 133 | int i2d_X509_bio(BIO *bp, X509 *x509) |
| 161 | FILE *fp; | ||
| 162 | X509 *x509; | ||
| 163 | { | 134 | { |
| 164 | return(ASN1_i2d_fp(i2d_X509,fp,(unsigned char *)x509)); | 135 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509), bp, x509); |
| 165 | } | 136 | } |
| 166 | #endif | ||
| 167 | 137 | ||
| 168 | X509 *d2i_X509_bio(bp,x509) | 138 | #ifndef OPENSSL_NO_FP_API |
| 169 | BIO *bp; | 139 | X509_CRL *d2i_X509_CRL_fp(FILE *fp, X509_CRL **crl) |
| 170 | X509 *x509; | ||
| 171 | { | 140 | { |
| 172 | return((X509 *)ASN1_d2i_bio((char *(*)())X509_new, | 141 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); |
| 173 | (char *(*)())d2i_X509, (bp),(unsigned char **)(x509))); | ||
| 174 | } | 142 | } |
| 175 | 143 | ||
| 176 | int i2d_X509_bio(bp,x509) | 144 | int i2d_X509_CRL_fp(FILE *fp, X509_CRL *crl) |
| 177 | BIO *bp; | ||
| 178 | X509 *x509; | ||
| 179 | { | 145 | { |
| 180 | return(ASN1_i2d_bio(i2d_X509,bp,(unsigned char *)x509)); | 146 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_CRL), fp, crl); |
| 181 | } | 147 | } |
| 148 | #endif | ||
| 182 | 149 | ||
| 183 | X509_CRL *X509_CRL_dup(crl) | 150 | X509_CRL *d2i_X509_CRL_bio(BIO *bp, X509_CRL **crl) |
| 184 | X509_CRL *crl; | ||
| 185 | { | 151 | { |
| 186 | return((X509_CRL *)ASN1_dup((int (*)())i2d_X509_CRL, | 152 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); |
| 187 | (char *(*)())d2i_X509_CRL,(char *)crl)); | ||
| 188 | } | 153 | } |
| 189 | 154 | ||
| 190 | #ifndef NO_FP_API | 155 | int i2d_X509_CRL_bio(BIO *bp, X509_CRL *crl) |
| 191 | X509_CRL *d2i_X509_CRL_fp(fp,crl) | ||
| 192 | FILE *fp; | ||
| 193 | X509_CRL *crl; | ||
| 194 | { | 156 | { |
| 195 | return((X509_CRL *)ASN1_d2i_fp((char *(*)()) | 157 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_CRL), bp, crl); |
| 196 | X509_CRL_new,(char *(*)())d2i_X509_CRL, (fp), | ||
| 197 | (unsigned char **)(crl))); | ||
| 198 | } | 158 | } |
| 199 | 159 | ||
| 200 | int i2d_X509_CRL_fp(fp,crl) | 160 | #ifndef OPENSSL_NO_FP_API |
| 201 | FILE *fp; | 161 | PKCS7 *d2i_PKCS7_fp(FILE *fp, PKCS7 **p7) |
| 202 | X509_CRL *crl; | ||
| 203 | { | 162 | { |
| 204 | return(ASN1_i2d_fp(i2d_X509_CRL,fp,(unsigned char *)crl)); | 163 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); |
| 205 | } | 164 | } |
| 206 | #endif | ||
| 207 | 165 | ||
| 208 | X509_CRL *d2i_X509_CRL_bio(bp,crl) | 166 | int i2d_PKCS7_fp(FILE *fp, PKCS7 *p7) |
| 209 | BIO *bp; | ||
| 210 | X509_CRL *crl; | ||
| 211 | { | 167 | { |
| 212 | return((X509_CRL *)ASN1_d2i_bio((char *(*)()) | 168 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(PKCS7), fp, p7); |
| 213 | X509_CRL_new,(char *(*)())d2i_X509_CRL, (bp), | ||
| 214 | (unsigned char **)(crl))); | ||
| 215 | } | 169 | } |
| 170 | #endif | ||
| 216 | 171 | ||
| 217 | int i2d_X509_CRL_bio(bp,crl) | 172 | PKCS7 *d2i_PKCS7_bio(BIO *bp, PKCS7 **p7) |
| 218 | BIO *bp; | ||
| 219 | X509_CRL *crl; | ||
| 220 | { | 173 | { |
| 221 | return(ASN1_i2d_bio(i2d_X509_CRL,bp,(unsigned char *)crl)); | 174 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); |
| 222 | } | 175 | } |
| 223 | 176 | ||
| 224 | PKCS7 *PKCS7_dup(p7) | 177 | int i2d_PKCS7_bio(BIO *bp, PKCS7 *p7) |
| 225 | PKCS7 *p7; | ||
| 226 | { | 178 | { |
| 227 | return((PKCS7 *)ASN1_dup((int (*)())i2d_PKCS7, | 179 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(PKCS7), bp, p7); |
| 228 | (char *(*)())d2i_PKCS7,(char *)p7)); | ||
| 229 | } | 180 | } |
| 230 | 181 | ||
| 231 | #ifndef NO_FP_API | 182 | #ifndef OPENSSL_NO_FP_API |
| 232 | PKCS7 *d2i_PKCS7_fp(fp,p7) | 183 | X509_REQ *d2i_X509_REQ_fp(FILE *fp, X509_REQ **req) |
| 233 | FILE *fp; | ||
| 234 | PKCS7 *p7; | ||
| 235 | { | 184 | { |
| 236 | return((PKCS7 *)ASN1_d2i_fp((char *(*)()) | 185 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); |
| 237 | PKCS7_new,(char *(*)())d2i_PKCS7, (fp), | ||
| 238 | (unsigned char **)(p7))); | ||
| 239 | } | 186 | } |
| 240 | 187 | ||
| 241 | int i2d_PKCS7_fp(fp,p7) | 188 | int i2d_X509_REQ_fp(FILE *fp, X509_REQ *req) |
| 242 | FILE *fp; | ||
| 243 | PKCS7 *p7; | ||
| 244 | { | 189 | { |
| 245 | return(ASN1_i2d_fp(i2d_PKCS7,fp,(unsigned char *)p7)); | 190 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(X509_REQ), fp, req); |
| 246 | } | 191 | } |
| 247 | #endif | 192 | #endif |
| 248 | 193 | ||
| 249 | PKCS7 *d2i_PKCS7_bio(bp,p7) | 194 | X509_REQ *d2i_X509_REQ_bio(BIO *bp, X509_REQ **req) |
| 250 | BIO *bp; | ||
| 251 | PKCS7 *p7; | ||
| 252 | { | 195 | { |
| 253 | return((PKCS7 *)ASN1_d2i_bio((char *(*)()) | 196 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); |
| 254 | PKCS7_new,(char *(*)())d2i_PKCS7, (bp), | ||
| 255 | (unsigned char **)(p7))); | ||
| 256 | } | 197 | } |
| 257 | 198 | ||
| 258 | int i2d_PKCS7_bio(bp,p7) | 199 | int i2d_X509_REQ_bio(BIO *bp, X509_REQ *req) |
| 259 | BIO *bp; | ||
| 260 | PKCS7 *p7; | ||
| 261 | { | 200 | { |
| 262 | return(ASN1_i2d_bio(i2d_PKCS7,bp,(unsigned char *)p7)); | 201 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(X509_REQ), bp, req); |
| 263 | } | 202 | } |
| 264 | 203 | ||
| 265 | X509_REQ *X509_REQ_dup(req) | 204 | #ifndef OPENSSL_NO_RSA |
| 266 | X509_REQ *req; | 205 | |
| 206 | #ifndef OPENSSL_NO_FP_API | ||
| 207 | RSA *d2i_RSAPrivateKey_fp(FILE *fp, RSA **rsa) | ||
| 267 | { | 208 | { |
| 268 | return((X509_REQ *)ASN1_dup((int (*)())i2d_X509_REQ, | 209 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); |
| 269 | (char *(*)())d2i_X509_REQ,(char *)req)); | ||
| 270 | } | 210 | } |
| 271 | 211 | ||
| 272 | #ifndef NO_FP_API | 212 | int i2d_RSAPrivateKey_fp(FILE *fp, RSA *rsa) |
| 273 | X509_REQ *d2i_X509_REQ_fp(fp,req) | ||
| 274 | FILE *fp; | ||
| 275 | X509_REQ *req; | ||
| 276 | { | 213 | { |
| 277 | return((X509_REQ *)ASN1_d2i_fp((char *(*)()) | 214 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPrivateKey), fp, rsa); |
| 278 | X509_REQ_new, (char *(*)())d2i_X509_REQ, (fp), | ||
| 279 | (unsigned char **)(req))); | ||
| 280 | } | 215 | } |
| 281 | 216 | ||
| 282 | int i2d_X509_REQ_fp(fp,req) | 217 | RSA *d2i_RSAPublicKey_fp(FILE *fp, RSA **rsa) |
| 283 | FILE *fp; | ||
| 284 | X509_REQ *req; | ||
| 285 | { | 218 | { |
| 286 | return(ASN1_i2d_fp(i2d_X509_REQ,fp,(unsigned char *)req)); | 219 | return ASN1_item_d2i_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); |
| 287 | } | 220 | } |
| 288 | #endif | ||
| 289 | 221 | ||
| 290 | X509_REQ *d2i_X509_REQ_bio(bp,req) | 222 | |
| 291 | BIO *bp; | 223 | RSA *d2i_RSA_PUBKEY_fp(FILE *fp, RSA **rsa) |
| 292 | X509_REQ *req; | ||
| 293 | { | 224 | { |
| 294 | return((X509_REQ *)ASN1_d2i_bio((char *(*)()) | 225 | return((RSA *)ASN1_d2i_fp((char *(*)()) |
| 295 | X509_REQ_new, (char *(*)())d2i_X509_REQ, (bp), | 226 | RSA_new,(char *(*)())d2i_RSA_PUBKEY, (fp), |
| 296 | (unsigned char **)(req))); | 227 | (unsigned char **)(rsa))); |
| 297 | } | 228 | } |
| 298 | 229 | ||
| 299 | int i2d_X509_REQ_bio(bp,req) | 230 | int i2d_RSAPublicKey_fp(FILE *fp, RSA *rsa) |
| 300 | BIO *bp; | ||
| 301 | X509_REQ *req; | ||
| 302 | { | 231 | { |
| 303 | return(ASN1_i2d_bio(i2d_X509_REQ,bp,(unsigned char *)req)); | 232 | return ASN1_item_i2d_fp(ASN1_ITEM_rptr(RSAPublicKey), fp, rsa); |
| 304 | } | 233 | } |
| 305 | 234 | ||
| 306 | #ifndef NO_RSA | 235 | int i2d_RSA_PUBKEY_fp(FILE *fp, RSA *rsa) |
| 307 | RSA *RSAPublicKey_dup(rsa) | ||
| 308 | RSA *rsa; | ||
| 309 | { | 236 | { |
| 310 | return((RSA *)ASN1_dup((int (*)())i2d_RSAPublicKey, | 237 | return(ASN1_i2d_fp(i2d_RSA_PUBKEY,fp,(unsigned char *)rsa)); |
| 311 | (char *(*)())d2i_RSAPublicKey,(char *)rsa)); | ||
| 312 | } | 238 | } |
| 239 | #endif | ||
| 313 | 240 | ||
| 314 | RSA *RSAPrivateKey_dup(rsa) | 241 | RSA *d2i_RSAPrivateKey_bio(BIO *bp, RSA **rsa) |
| 315 | RSA *rsa; | ||
| 316 | { | 242 | { |
| 317 | return((RSA *)ASN1_dup((int (*)())i2d_RSAPrivateKey, | 243 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); |
| 318 | (char *(*)())d2i_RSAPrivateKey,(char *)rsa)); | ||
| 319 | } | 244 | } |
| 320 | 245 | ||
| 321 | #ifndef NO_FP_API | 246 | int i2d_RSAPrivateKey_bio(BIO *bp, RSA *rsa) |
| 322 | RSA *d2i_RSAPrivateKey_fp(fp,rsa) | ||
| 323 | FILE *fp; | ||
| 324 | RSA *rsa; | ||
| 325 | { | 247 | { |
| 326 | return((RSA *)ASN1_d2i_fp((char *(*)()) | 248 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPrivateKey), bp, rsa); |
| 327 | RSA_new,(char *(*)())d2i_RSAPrivateKey, (fp), | ||
| 328 | (unsigned char **)(rsa))); | ||
| 329 | } | 249 | } |
| 330 | 250 | ||
| 331 | int i2d_RSAPrivateKey_fp(fp,rsa) | 251 | RSA *d2i_RSAPublicKey_bio(BIO *bp, RSA **rsa) |
| 332 | FILE *fp; | ||
| 333 | RSA *rsa; | ||
| 334 | { | 252 | { |
| 335 | return(ASN1_i2d_fp(i2d_RSAPrivateKey,fp,(unsigned char *)rsa)); | 253 | return ASN1_item_d2i_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); |
| 336 | } | 254 | } |
| 337 | 255 | ||
| 338 | RSA *d2i_RSAPublicKey_fp(fp,rsa) | 256 | |
| 339 | FILE *fp; | 257 | RSA *d2i_RSA_PUBKEY_bio(BIO *bp, RSA **rsa) |
| 340 | RSA *rsa; | ||
| 341 | { | 258 | { |
| 342 | return((RSA *)ASN1_d2i_fp((char *(*)()) | 259 | return((RSA *)ASN1_d2i_bio((char *(*)()) |
| 343 | RSA_new,(char *(*)())d2i_RSAPublicKey, (fp), | 260 | RSA_new,(char *(*)())d2i_RSA_PUBKEY, (bp), |
| 344 | (unsigned char **)(rsa))); | 261 | (unsigned char **)(rsa))); |
| 345 | } | 262 | } |
| 346 | 263 | ||
| 347 | int i2d_RSAPublicKey_fp(fp,rsa) | 264 | int i2d_RSAPublicKey_bio(BIO *bp, RSA *rsa) |
| 348 | FILE *fp; | 265 | { |
| 349 | RSA *rsa; | 266 | return ASN1_item_i2d_bio(ASN1_ITEM_rptr(RSAPublicKey), bp, rsa); |
| 267 | } | ||
| 268 | |||
| 269 | int i2d_RSA_PUBKEY_bio(BIO *bp, RSA *rsa) | ||
| 350 | { | 270 | { |
| 351 | return(ASN1_i2d_fp(i2d_RSAPublicKey,fp,(unsigned char *)rsa)); | 271 | return(ASN1_i2d_bio(i2d_RSA_PUBKEY,bp,(unsigned char *)rsa)); |
| 352 | } | 272 | } |
| 353 | #endif | 273 | #endif |
| 354 | 274 | ||
| 355 | RSA *d2i_RSAPrivateKey_bio(bp,rsa) | 275 | #ifndef OPENSSL_NO_DSA |
| 356 | BIO *bp; | 276 | #ifndef OPENSSL_NO_FP_API |
| 357 | RSA *rsa; | 277 | DSA *d2i_DSAPrivateKey_fp(FILE *fp, DSA **dsa) |
| 358 | { | 278 | { |
| 359 | return((RSA *)ASN1_d2i_bio((char *(*)()) | 279 | return((DSA *)ASN1_d2i_fp((char *(*)()) |
| 360 | RSA_new,(char *(*)())d2i_RSAPrivateKey, (bp), | 280 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), |
| 361 | (unsigned char **)(rsa))); | 281 | (unsigned char **)(dsa))); |
| 362 | } | 282 | } |
| 363 | 283 | ||
| 364 | int i2d_RSAPrivateKey_bio(bp,rsa) | 284 | int i2d_DSAPrivateKey_fp(FILE *fp, DSA *dsa) |
| 365 | BIO *bp; | ||
| 366 | RSA *rsa; | ||
| 367 | { | 285 | { |
| 368 | return(ASN1_i2d_bio(i2d_RSAPrivateKey,bp,(unsigned char *)rsa)); | 286 | return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); |
| 369 | } | 287 | } |
| 370 | 288 | ||
| 371 | RSA *d2i_RSAPublicKey_bio(bp,rsa) | 289 | DSA *d2i_DSA_PUBKEY_fp(FILE *fp, DSA **dsa) |
| 372 | BIO *bp; | ||
| 373 | RSA *rsa; | ||
| 374 | { | 290 | { |
| 375 | return((RSA *)ASN1_d2i_bio((char *(*)()) | 291 | return((DSA *)ASN1_d2i_fp((char *(*)()) |
| 376 | RSA_new,(char *(*)())d2i_RSAPublicKey, (bp), | 292 | DSA_new,(char *(*)())d2i_DSA_PUBKEY, (fp), |
| 377 | (unsigned char **)(rsa))); | 293 | (unsigned char **)(dsa))); |
| 378 | } | 294 | } |
| 379 | 295 | ||
| 380 | int i2d_RSAPublicKey_bio(bp,rsa) | 296 | int i2d_DSA_PUBKEY_fp(FILE *fp, DSA *dsa) |
| 381 | BIO *bp; | ||
| 382 | RSA *rsa; | ||
| 383 | { | 297 | { |
| 384 | return(ASN1_i2d_bio(i2d_RSAPublicKey,bp,(unsigned char *)rsa)); | 298 | return(ASN1_i2d_fp(i2d_DSA_PUBKEY,fp,(unsigned char *)dsa)); |
| 385 | } | 299 | } |
| 386 | #endif | 300 | #endif |
| 387 | 301 | ||
| 388 | #ifndef NO_DSA | 302 | DSA *d2i_DSAPrivateKey_bio(BIO *bp, DSA **dsa) |
| 389 | #ifndef NO_FP_API | ||
| 390 | DSA *d2i_DSAPrivateKey_fp(fp,dsa) | ||
| 391 | FILE *fp; | ||
| 392 | DSA *dsa; | ||
| 393 | { | 303 | { |
| 394 | return((DSA *)ASN1_d2i_fp((char *(*)()) | 304 | return((DSA *)ASN1_d2i_bio((char *(*)()) |
| 395 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (fp), | 305 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), |
| 396 | (unsigned char **)(dsa))); | 306 | (unsigned char **)(dsa))); |
| 397 | } | 307 | } |
| 398 | 308 | ||
| 399 | int i2d_DSAPrivateKey_fp(fp,dsa) | 309 | int i2d_DSAPrivateKey_bio(BIO *bp, DSA *dsa) |
| 400 | FILE *fp; | ||
| 401 | DSA *dsa; | ||
| 402 | { | 310 | { |
| 403 | return(ASN1_i2d_fp(i2d_DSAPrivateKey,fp,(unsigned char *)dsa)); | 311 | return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); |
| 404 | } | 312 | } |
| 405 | #endif | ||
| 406 | 313 | ||
| 407 | DSA *d2i_DSAPrivateKey_bio(bp,dsa) | 314 | DSA *d2i_DSA_PUBKEY_bio(BIO *bp, DSA **dsa) |
| 408 | BIO *bp; | ||
| 409 | DSA *dsa; | ||
| 410 | { | 315 | { |
| 411 | return((DSA *)ASN1_d2i_bio((char *(*)()) | 316 | return((DSA *)ASN1_d2i_bio((char *(*)()) |
| 412 | DSA_new,(char *(*)())d2i_DSAPrivateKey, (bp), | 317 | DSA_new,(char *(*)())d2i_DSA_PUBKEY, (bp), |
| 413 | (unsigned char **)(dsa))); | 318 | (unsigned char **)(dsa))); |
| 414 | } | 319 | } |
| 415 | 320 | ||
| 416 | int i2d_DSAPrivateKey_bio(bp,dsa) | 321 | int i2d_DSA_PUBKEY_bio(BIO *bp, DSA *dsa) |
| 417 | BIO *bp; | ||
| 418 | DSA *dsa; | ||
| 419 | { | 322 | { |
| 420 | return(ASN1_i2d_bio(i2d_DSAPrivateKey,bp,(unsigned char *)dsa)); | 323 | return(ASN1_i2d_bio(i2d_DSA_PUBKEY,bp,(unsigned char *)dsa)); |
| 421 | } | 324 | } |
| 325 | |||
| 422 | #endif | 326 | #endif |
| 423 | 327 | ||
| 424 | X509_NAME *X509_NAME_dup(xn) | 328 | int X509_pubkey_digest(const X509 *data, const EVP_MD *type, unsigned char *md, |
| 425 | X509_NAME *xn; | 329 | unsigned int *len) |
| 330 | { | ||
| 331 | ASN1_BIT_STRING *key; | ||
| 332 | key = X509_get0_pubkey_bitstr(data); | ||
| 333 | if(!key) return 0; | ||
| 334 | return EVP_Digest(key->data, key->length, md, len, type, NULL); | ||
| 335 | } | ||
| 336 | |||
| 337 | int X509_digest(const X509 *data, const EVP_MD *type, unsigned char *md, | ||
| 338 | unsigned int *len) | ||
| 426 | { | 339 | { |
| 427 | return((X509_NAME *)ASN1_dup((int (*)())i2d_X509_NAME, | 340 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509),type,(char *)data,md,len)); |
| 428 | (char *(*)())d2i_X509_NAME,(char *)xn)); | ||
| 429 | } | 341 | } |
| 430 | 342 | ||
| 431 | X509_NAME_ENTRY *X509_NAME_ENTRY_dup(ne) | 343 | int X509_CRL_digest(const X509_CRL *data, const EVP_MD *type, unsigned char *md, |
| 432 | X509_NAME_ENTRY *ne; | 344 | unsigned int *len) |
| 433 | { | 345 | { |
| 434 | return((X509_NAME_ENTRY *)ASN1_dup((int (*)())i2d_X509_NAME_ENTRY, | 346 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_CRL),type,(char *)data,md,len)); |
| 435 | (char *(*)())d2i_X509_NAME_ENTRY,(char *)ne)); | ||
| 436 | } | 347 | } |
| 437 | 348 | ||
| 438 | int X509_digest(data,type,md,len) | 349 | int X509_REQ_digest(const X509_REQ *data, const EVP_MD *type, unsigned char *md, |
| 439 | X509 *data; | 350 | unsigned int *len) |
| 440 | EVP_MD *type; | ||
| 441 | unsigned char *md; | ||
| 442 | unsigned int *len; | ||
| 443 | { | 351 | { |
| 444 | return(ASN1_digest((int (*)())i2d_X509,type,(char *)data,md,len)); | 352 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_REQ),type,(char *)data,md,len)); |
| 445 | } | 353 | } |
| 446 | 354 | ||
| 447 | int X509_NAME_digest(data,type,md,len) | 355 | int X509_NAME_digest(const X509_NAME *data, const EVP_MD *type, unsigned char *md, |
| 448 | X509_NAME *data; | 356 | unsigned int *len) |
| 449 | EVP_MD *type; | ||
| 450 | unsigned char *md; | ||
| 451 | unsigned int *len; | ||
| 452 | { | 357 | { |
| 453 | return(ASN1_digest((int (*)())i2d_X509_NAME,type,(char *)data,md,len)); | 358 | return(ASN1_item_digest(ASN1_ITEM_rptr(X509_NAME),type,(char *)data,md,len)); |
| 454 | } | 359 | } |
| 455 | 360 | ||
| 456 | int PKCS7_ISSUER_AND_SERIAL_digest(data,type,md,len) | 361 | int PKCS7_ISSUER_AND_SERIAL_digest(PKCS7_ISSUER_AND_SERIAL *data, const EVP_MD *type, |
| 457 | PKCS7_ISSUER_AND_SERIAL *data; | 362 | unsigned char *md, unsigned int *len) |
| 458 | EVP_MD *type; | ||
| 459 | unsigned char *md; | ||
| 460 | unsigned int *len; | ||
| 461 | { | 363 | { |
| 462 | return(ASN1_digest((int (*)())i2d_PKCS7_ISSUER_AND_SERIAL,type, | 364 | return(ASN1_item_digest(ASN1_ITEM_rptr(PKCS7_ISSUER_AND_SERIAL),type, |
| 463 | (char *)data,md,len)); | 365 | (char *)data,md,len)); |
| 464 | } | 366 | } |
| 465 | 367 | ||
| 368 | |||
| 369 | #ifndef OPENSSL_NO_FP_API | ||
| 370 | X509_SIG *d2i_PKCS8_fp(FILE *fp, X509_SIG **p8) | ||
| 371 | { | ||
| 372 | return((X509_SIG *)ASN1_d2i_fp((char *(*)())X509_SIG_new, | ||
| 373 | (char *(*)())d2i_X509_SIG, (fp),(unsigned char **)(p8))); | ||
| 374 | } | ||
| 375 | |||
| 376 | int i2d_PKCS8_fp(FILE *fp, X509_SIG *p8) | ||
| 377 | { | ||
| 378 | return(ASN1_i2d_fp(i2d_X509_SIG,fp,(unsigned char *)p8)); | ||
| 379 | } | ||
| 380 | #endif | ||
| 381 | |||
| 382 | X509_SIG *d2i_PKCS8_bio(BIO *bp, X509_SIG **p8) | ||
| 383 | { | ||
| 384 | return((X509_SIG *)ASN1_d2i_bio((char *(*)())X509_SIG_new, | ||
| 385 | (char *(*)())d2i_X509_SIG, (bp),(unsigned char **)(p8))); | ||
| 386 | } | ||
| 387 | |||
| 388 | int i2d_PKCS8_bio(BIO *bp, X509_SIG *p8) | ||
| 389 | { | ||
| 390 | return(ASN1_i2d_bio(i2d_X509_SIG,bp,(unsigned char *)p8)); | ||
| 391 | } | ||
| 392 | |||
| 393 | #ifndef OPENSSL_NO_FP_API | ||
| 394 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, | ||
| 395 | PKCS8_PRIV_KEY_INFO **p8inf) | ||
| 396 | { | ||
| 397 | return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_fp( | ||
| 398 | (char *(*)())PKCS8_PRIV_KEY_INFO_new, | ||
| 399 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (fp), | ||
| 400 | (unsigned char **)(p8inf))); | ||
| 401 | } | ||
| 402 | |||
| 403 | int i2d_PKCS8_PRIV_KEY_INFO_fp(FILE *fp, PKCS8_PRIV_KEY_INFO *p8inf) | ||
| 404 | { | ||
| 405 | return(ASN1_i2d_fp(i2d_PKCS8_PRIV_KEY_INFO,fp,(unsigned char *)p8inf)); | ||
| 406 | } | ||
| 407 | |||
| 408 | int i2d_PKCS8PrivateKeyInfo_fp(FILE *fp, EVP_PKEY *key) | ||
| 409 | { | ||
| 410 | PKCS8_PRIV_KEY_INFO *p8inf; | ||
| 411 | int ret; | ||
| 412 | p8inf = EVP_PKEY2PKCS8(key); | ||
| 413 | if(!p8inf) return 0; | ||
| 414 | ret = i2d_PKCS8_PRIV_KEY_INFO_fp(fp, p8inf); | ||
| 415 | PKCS8_PRIV_KEY_INFO_free(p8inf); | ||
| 416 | return ret; | ||
| 417 | } | ||
| 418 | |||
| 419 | int i2d_PrivateKey_fp(FILE *fp, EVP_PKEY *pkey) | ||
| 420 | { | ||
| 421 | return(ASN1_i2d_fp(i2d_PrivateKey,fp,(unsigned char *)pkey)); | ||
| 422 | } | ||
| 423 | |||
| 424 | EVP_PKEY *d2i_PrivateKey_fp(FILE *fp, EVP_PKEY **a) | ||
| 425 | { | ||
| 426 | return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, | ||
| 427 | (char *(*)())d2i_AutoPrivateKey, (fp),(unsigned char **)(a))); | ||
| 428 | } | ||
| 429 | |||
| 430 | int i2d_PUBKEY_fp(FILE *fp, EVP_PKEY *pkey) | ||
| 431 | { | ||
| 432 | return(ASN1_i2d_fp(i2d_PUBKEY,fp,(unsigned char *)pkey)); | ||
| 433 | } | ||
| 434 | |||
| 435 | EVP_PKEY *d2i_PUBKEY_fp(FILE *fp, EVP_PKEY **a) | ||
| 436 | { | ||
| 437 | return((EVP_PKEY *)ASN1_d2i_fp((char *(*)())EVP_PKEY_new, | ||
| 438 | (char *(*)())d2i_PUBKEY, (fp),(unsigned char **)(a))); | ||
| 439 | } | ||
| 440 | |||
| 441 | #endif | ||
| 442 | |||
| 443 | PKCS8_PRIV_KEY_INFO *d2i_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, | ||
| 444 | PKCS8_PRIV_KEY_INFO **p8inf) | ||
| 445 | { | ||
| 446 | return((PKCS8_PRIV_KEY_INFO *)ASN1_d2i_bio( | ||
| 447 | (char *(*)())PKCS8_PRIV_KEY_INFO_new, | ||
| 448 | (char *(*)())d2i_PKCS8_PRIV_KEY_INFO, (bp), | ||
| 449 | (unsigned char **)(p8inf))); | ||
| 450 | } | ||
| 451 | |||
| 452 | int i2d_PKCS8_PRIV_KEY_INFO_bio(BIO *bp, PKCS8_PRIV_KEY_INFO *p8inf) | ||
| 453 | { | ||
| 454 | return(ASN1_i2d_bio(i2d_PKCS8_PRIV_KEY_INFO,bp,(unsigned char *)p8inf)); | ||
| 455 | } | ||
| 456 | |||
| 457 | int i2d_PKCS8PrivateKeyInfo_bio(BIO *bp, EVP_PKEY *key) | ||
| 458 | { | ||
| 459 | PKCS8_PRIV_KEY_INFO *p8inf; | ||
| 460 | int ret; | ||
| 461 | p8inf = EVP_PKEY2PKCS8(key); | ||
| 462 | if(!p8inf) return 0; | ||
| 463 | ret = i2d_PKCS8_PRIV_KEY_INFO_bio(bp, p8inf); | ||
| 464 | PKCS8_PRIV_KEY_INFO_free(p8inf); | ||
| 465 | return ret; | ||
| 466 | } | ||
| 467 | |||
| 468 | int i2d_PrivateKey_bio(BIO *bp, EVP_PKEY *pkey) | ||
| 469 | { | ||
| 470 | return(ASN1_i2d_bio(i2d_PrivateKey,bp,(unsigned char *)pkey)); | ||
| 471 | } | ||
| 472 | |||
| 473 | EVP_PKEY *d2i_PrivateKey_bio(BIO *bp, EVP_PKEY **a) | ||
| 474 | { | ||
| 475 | return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, | ||
| 476 | (char *(*)())d2i_AutoPrivateKey, (bp),(unsigned char **)(a))); | ||
| 477 | } | ||
| 478 | |||
| 479 | int i2d_PUBKEY_bio(BIO *bp, EVP_PKEY *pkey) | ||
| 480 | { | ||
| 481 | return(ASN1_i2d_bio(i2d_PUBKEY,bp,(unsigned char *)pkey)); | ||
| 482 | } | ||
| 483 | |||
| 484 | EVP_PKEY *d2i_PUBKEY_bio(BIO *bp, EVP_PKEY **a) | ||
| 485 | { | ||
| 486 | return((EVP_PKEY *)ASN1_d2i_bio((char *(*)())EVP_PKEY_new, | ||
| 487 | (char *(*)())d2i_PUBKEY, (bp),(unsigned char **)(a))); | ||
| 488 | } | ||
diff --git a/src/lib/libcrypto/x509v3/ext_dat.h b/src/lib/libcrypto/x509v3/ext_dat.h index 801a585a52..586f116db5 100644 --- a/src/lib/libcrypto/x509v3/ext_dat.h +++ b/src/lib/libcrypto/x509v3/ext_dat.h | |||
| @@ -58,9 +58,12 @@ | |||
| 58 | /* This file contains a table of "standard" extensions */ | 58 | /* This file contains a table of "standard" extensions */ |
| 59 | 59 | ||
| 60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | 60 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; |
| 61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info; | 61 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet, v3_info, v3_sinfo; |
| 62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | 62 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; |
| 63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; | 63 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_crl_invdate, v3_cpols, v3_crld; |
| 64 | extern X509V3_EXT_METHOD v3_ocsp_nonce, v3_ocsp_accresp, v3_ocsp_acutoff; | ||
| 65 | extern X509V3_EXT_METHOD v3_ocsp_crlid, v3_ocsp_nocheck, v3_ocsp_serviceloc; | ||
| 66 | extern X509V3_EXT_METHOD v3_crl_hold; | ||
| 64 | 67 | ||
| 65 | /* This table will be searched using OBJ_bsearch so it *must* kept in | 68 | /* This table will be searched using OBJ_bsearch so it *must* kept in |
| 66 | * order of the ext_nid values. | 69 | * order of the ext_nid values. |
| @@ -87,8 +90,17 @@ static X509V3_EXT_METHOD *standard_exts[] = { | |||
| 87 | &v3_crld, | 90 | &v3_crld, |
| 88 | &v3_ext_ku, | 91 | &v3_ext_ku, |
| 89 | &v3_crl_reason, | 92 | &v3_crl_reason, |
| 93 | &v3_crl_invdate, | ||
| 90 | &v3_sxnet, | 94 | &v3_sxnet, |
| 91 | &v3_info, | 95 | &v3_info, |
| 96 | &v3_ocsp_nonce, | ||
| 97 | &v3_ocsp_crlid, | ||
| 98 | &v3_ocsp_accresp, | ||
| 99 | &v3_ocsp_nocheck, | ||
| 100 | &v3_ocsp_acutoff, | ||
| 101 | &v3_ocsp_serviceloc, | ||
| 102 | &v3_crl_hold, | ||
| 103 | &v3_sinfo | ||
| 92 | }; | 104 | }; |
| 93 | 105 | ||
| 94 | /* Number of standard extensions */ | 106 | /* Number of standard extensions */ |
diff --git a/src/lib/libcrypto/x509v3/v3_akey.c b/src/lib/libcrypto/x509v3/v3_akey.c index 4099e6019e..97e686f97a 100644 --- a/src/lib/libcrypto/x509v3/v3_akey.c +++ b/src/lib/libcrypto/x509v3/v3_akey.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
| @@ -69,72 +69,15 @@ static AUTHORITY_KEYID *v2i_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
| 70 | 70 | ||
| 71 | X509V3_EXT_METHOD v3_akey_id = { | 71 | X509V3_EXT_METHOD v3_akey_id = { |
| 72 | NID_authority_key_identifier, X509V3_EXT_MULTILINE, | 72 | NID_authority_key_identifier, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_KEYID), |
| 73 | (X509V3_EXT_NEW)AUTHORITY_KEYID_new, | 73 | 0,0,0,0, |
| 74 | (X509V3_EXT_FREE)AUTHORITY_KEYID_free, | 74 | 0,0, |
| 75 | (X509V3_EXT_D2I)d2i_AUTHORITY_KEYID, | ||
| 76 | (X509V3_EXT_I2D)i2d_AUTHORITY_KEYID, | ||
| 77 | NULL, NULL, | ||
| 78 | (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, | 75 | (X509V3_EXT_I2V)i2v_AUTHORITY_KEYID, |
| 79 | (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, | 76 | (X509V3_EXT_V2I)v2i_AUTHORITY_KEYID, |
| 80 | NULL,NULL, | 77 | 0,0, |
| 81 | NULL | 78 | NULL |
| 82 | }; | 79 | }; |
| 83 | 80 | ||
| 84 | |||
| 85 | int i2d_AUTHORITY_KEYID(AUTHORITY_KEYID *a, unsigned char **pp) | ||
| 86 | { | ||
| 87 | M_ASN1_I2D_vars(a); | ||
| 88 | |||
| 89 | M_ASN1_I2D_len_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING); | ||
| 90 | M_ASN1_I2D_len_IMP_opt (a->issuer, i2d_GENERAL_NAMES); | ||
| 91 | M_ASN1_I2D_len_IMP_opt (a->serial, i2d_ASN1_INTEGER); | ||
| 92 | |||
| 93 | M_ASN1_I2D_seq_total(); | ||
| 94 | |||
| 95 | M_ASN1_I2D_put_IMP_opt (a->keyid, i2d_ASN1_OCTET_STRING, 0); | ||
| 96 | M_ASN1_I2D_put_IMP_opt (a->issuer, i2d_GENERAL_NAMES, 1); | ||
| 97 | M_ASN1_I2D_put_IMP_opt (a->serial, i2d_ASN1_INTEGER, 2); | ||
| 98 | |||
| 99 | M_ASN1_I2D_finish(); | ||
| 100 | } | ||
| 101 | |||
| 102 | AUTHORITY_KEYID *AUTHORITY_KEYID_new(void) | ||
| 103 | { | ||
| 104 | AUTHORITY_KEYID *ret=NULL; | ||
| 105 | ASN1_CTX c; | ||
| 106 | M_ASN1_New_Malloc(ret, AUTHORITY_KEYID); | ||
| 107 | ret->keyid = NULL; | ||
| 108 | ret->issuer = NULL; | ||
| 109 | ret->serial = NULL; | ||
| 110 | return (ret); | ||
| 111 | M_ASN1_New_Error(ASN1_F_AUTHORITY_KEYID_NEW); | ||
| 112 | } | ||
| 113 | |||
| 114 | AUTHORITY_KEYID *d2i_AUTHORITY_KEYID(AUTHORITY_KEYID **a, unsigned char **pp, | ||
| 115 | long length) | ||
| 116 | { | ||
| 117 | M_ASN1_D2I_vars(a,AUTHORITY_KEYID *,AUTHORITY_KEYID_new); | ||
| 118 | M_ASN1_D2I_Init(); | ||
| 119 | M_ASN1_D2I_start_sequence(); | ||
| 120 | M_ASN1_D2I_get_IMP_opt (ret->keyid, d2i_ASN1_OCTET_STRING, 0, | ||
| 121 | V_ASN1_OCTET_STRING); | ||
| 122 | M_ASN1_D2I_get_IMP_opt (ret->issuer, d2i_GENERAL_NAMES, 1, | ||
| 123 | V_ASN1_SEQUENCE); | ||
| 124 | M_ASN1_D2I_get_IMP_opt (ret->serial, d2i_ASN1_INTEGER, 2, | ||
| 125 | V_ASN1_INTEGER); | ||
| 126 | M_ASN1_D2I_Finish(a, AUTHORITY_KEYID_free, ASN1_F_D2I_AUTHORITY_KEYID); | ||
| 127 | } | ||
| 128 | |||
| 129 | void AUTHORITY_KEYID_free(AUTHORITY_KEYID *a) | ||
| 130 | { | ||
| 131 | if (a == NULL) return; | ||
| 132 | ASN1_OCTET_STRING_free(a->keyid); | ||
| 133 | sk_GENERAL_NAME_pop_free(a->issuer, GENERAL_NAME_free); | ||
| 134 | ASN1_INTEGER_free (a->serial); | ||
| 135 | Free ((char *)a); | ||
| 136 | } | ||
| 137 | |||
| 138 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | 81 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, |
| 139 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) | 82 | AUTHORITY_KEYID *akeyid, STACK_OF(CONF_VALUE) *extlist) |
| 140 | { | 83 | { |
| @@ -142,7 +85,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
| 142 | if(akeyid->keyid) { | 85 | if(akeyid->keyid) { |
| 143 | tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); | 86 | tmp = hex_to_string(akeyid->keyid->data, akeyid->keyid->length); |
| 144 | X509V3_add_value("keyid", tmp, &extlist); | 87 | X509V3_add_value("keyid", tmp, &extlist); |
| 145 | Free(tmp); | 88 | OPENSSL_free(tmp); |
| 146 | } | 89 | } |
| 147 | if(akeyid->issuer) | 90 | if(akeyid->issuer) |
| 148 | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); | 91 | extlist = i2v_GENERAL_NAMES(NULL, akeyid->issuer, extlist); |
| @@ -150,7 +93,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_KEYID(X509V3_EXT_METHOD *method, | |||
| 150 | tmp = hex_to_string(akeyid->serial->data, | 93 | tmp = hex_to_string(akeyid->serial->data, |
| 151 | akeyid->serial->length); | 94 | akeyid->serial->length); |
| 152 | X509V3_add_value("serial", tmp, &extlist); | 95 | X509V3_add_value("serial", tmp, &extlist); |
| 153 | Free(tmp); | 96 | OPENSSL_free(tmp); |
| 154 | } | 97 | } |
| 155 | return extlist; | 98 | return extlist; |
| 156 | } | 99 | } |
| @@ -171,7 +114,7 @@ int i; | |||
| 171 | CONF_VALUE *cnf; | 114 | CONF_VALUE *cnf; |
| 172 | ASN1_OCTET_STRING *ikeyid = NULL; | 115 | ASN1_OCTET_STRING *ikeyid = NULL; |
| 173 | X509_NAME *isname = NULL; | 116 | X509_NAME *isname = NULL; |
| 174 | STACK_OF(GENERAL_NAME) * gens = NULL; | 117 | GENERAL_NAMES * gens = NULL; |
| 175 | GENERAL_NAME *gen = NULL; | 118 | GENERAL_NAME *gen = NULL; |
| 176 | ASN1_INTEGER *serial = NULL; | 119 | ASN1_INTEGER *serial = NULL; |
| 177 | X509_EXTENSION *ext; | 120 | X509_EXTENSION *ext; |
| @@ -192,8 +135,6 @@ for(i = 0; i < sk_CONF_VALUE_num(values); i++) { | |||
| 192 | } | 135 | } |
| 193 | } | 136 | } |
| 194 | 137 | ||
| 195 | |||
| 196 | |||
| 197 | if(!ctx || !ctx->issuer_cert) { | 138 | if(!ctx || !ctx->issuer_cert) { |
| 198 | if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); | 139 | if(ctx && (ctx->flags==CTX_TEST)) return AUTHORITY_KEYID_new(); |
| 199 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); | 140 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_NO_ISSUER_CERTIFICATE); |
| @@ -214,7 +155,7 @@ if(keyid) { | |||
| 214 | 155 | ||
| 215 | if((issuer && !ikeyid) || (issuer == 2)) { | 156 | if((issuer && !ikeyid) || (issuer == 2)) { |
| 216 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); | 157 | isname = X509_NAME_dup(X509_get_issuer_name(cert)); |
| 217 | serial = ASN1_INTEGER_dup(X509_get_serialNumber(cert)); | 158 | serial = M_ASN1_INTEGER_dup(X509_get_serialNumber(cert)); |
| 218 | if(!isname || !serial) { | 159 | if(!isname || !serial) { |
| 219 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); | 160 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS); |
| 220 | goto err; | 161 | goto err; |
| @@ -224,7 +165,7 @@ if((issuer && !ikeyid) || (issuer == 2)) { | |||
| 224 | if(!(akeyid = AUTHORITY_KEYID_new())) goto err; | 165 | if(!(akeyid = AUTHORITY_KEYID_new())) goto err; |
| 225 | 166 | ||
| 226 | if(isname) { | 167 | if(isname) { |
| 227 | if(!(gens = sk_GENERAL_NAME_new(NULL)) || !(gen = GENERAL_NAME_new()) | 168 | if(!(gens = sk_GENERAL_NAME_new_null()) || !(gen = GENERAL_NAME_new()) |
| 228 | || !sk_GENERAL_NAME_push(gens, gen)) { | 169 | || !sk_GENERAL_NAME_push(gens, gen)) { |
| 229 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); | 170 | X509V3err(X509V3_F_V2I_AUTHORITY_KEYID,ERR_R_MALLOC_FAILURE); |
| 230 | goto err; | 171 | goto err; |
| @@ -241,8 +182,8 @@ return akeyid; | |||
| 241 | 182 | ||
| 242 | err: | 183 | err: |
| 243 | X509_NAME_free(isname); | 184 | X509_NAME_free(isname); |
| 244 | ASN1_INTEGER_free(serial); | 185 | M_ASN1_INTEGER_free(serial); |
| 245 | ASN1_OCTET_STRING_free(ikeyid); | 186 | M_ASN1_OCTET_STRING_free(ikeyid); |
| 246 | return NULL; | 187 | return NULL; |
| 247 | 188 | ||
| 248 | } | 189 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_alt.c b/src/lib/libcrypto/x509v3/v3_alt.c index b5e1f8af96..0e9e7dcb4f 100644 --- a/src/lib/libcrypto/x509v3/v3_alt.c +++ b/src/lib/libcrypto/x509v3/v3_alt.c | |||
| @@ -61,34 +61,28 @@ | |||
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
| 63 | 63 | ||
| 64 | static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 64 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 65 | static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 65 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 66 | static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); | 66 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p); |
| 67 | static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens); | 67 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens); |
| 68 | X509V3_EXT_METHOD v3_alt[] = { | 68 | X509V3_EXT_METHOD v3_alt[] = { |
| 69 | { NID_subject_alt_name, 0, | 69 | { NID_subject_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), |
| 70 | (X509V3_EXT_NEW)GENERAL_NAMES_new, | 70 | 0,0,0,0, |
| 71 | (X509V3_EXT_FREE)GENERAL_NAMES_free, | 71 | 0,0, |
| 72 | (X509V3_EXT_D2I)d2i_GENERAL_NAMES, | ||
| 73 | (X509V3_EXT_I2D)i2d_GENERAL_NAMES, | ||
| 74 | NULL, NULL, | ||
| 75 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | 72 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
| 76 | (X509V3_EXT_V2I)v2i_subject_alt, | 73 | (X509V3_EXT_V2I)v2i_subject_alt, |
| 77 | NULL, NULL, NULL}, | 74 | NULL, NULL, NULL}, |
| 78 | { NID_issuer_alt_name, 0, | 75 | |
| 79 | (X509V3_EXT_NEW)GENERAL_NAMES_new, | 76 | { NID_issuer_alt_name, 0, ASN1_ITEM_ref(GENERAL_NAMES), |
| 80 | (X509V3_EXT_FREE)GENERAL_NAMES_free, | 77 | 0,0,0,0, |
| 81 | (X509V3_EXT_D2I)d2i_GENERAL_NAMES, | 78 | 0,0, |
| 82 | (X509V3_EXT_I2D)i2d_GENERAL_NAMES, | ||
| 83 | NULL, NULL, | ||
| 84 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, | 79 | (X509V3_EXT_I2V)i2v_GENERAL_NAMES, |
| 85 | (X509V3_EXT_V2I)v2i_issuer_alt, | 80 | (X509V3_EXT_V2I)v2i_issuer_alt, |
| 86 | NULL, NULL, NULL}, | 81 | NULL, NULL, NULL}, |
| 87 | EXT_END | ||
| 88 | }; | 82 | }; |
| 89 | 83 | ||
| 90 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 84 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
| 91 | STACK_OF(GENERAL_NAME) *gens, STACK_OF(CONF_VALUE) *ret) | 85 | GENERAL_NAMES *gens, STACK_OF(CONF_VALUE) *ret) |
| 92 | { | 86 | { |
| 93 | int i; | 87 | int i; |
| 94 | GENERAL_NAME *gen; | 88 | GENERAL_NAME *gen; |
| @@ -103,8 +97,8 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | |||
| 103 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | 97 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, |
| 104 | GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) | 98 | GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret) |
| 105 | { | 99 | { |
| 106 | char oline[256]; | ||
| 107 | unsigned char *p; | 100 | unsigned char *p; |
| 101 | char oline[256]; | ||
| 108 | switch (gen->type) | 102 | switch (gen->type) |
| 109 | { | 103 | { |
| 110 | case GEN_OTHERNAME: | 104 | case GEN_OTHERNAME: |
| @@ -155,13 +149,66 @@ STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, | |||
| 155 | return ret; | 149 | return ret; |
| 156 | } | 150 | } |
| 157 | 151 | ||
| 158 | static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, | 152 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen) |
| 153 | { | ||
| 154 | unsigned char *p; | ||
| 155 | switch (gen->type) | ||
| 156 | { | ||
| 157 | case GEN_OTHERNAME: | ||
| 158 | BIO_printf(out, "othername:<unsupported>"); | ||
| 159 | break; | ||
| 160 | |||
| 161 | case GEN_X400: | ||
| 162 | BIO_printf(out, "X400Name:<unsupported>"); | ||
| 163 | break; | ||
| 164 | |||
| 165 | case GEN_EDIPARTY: | ||
| 166 | /* Maybe fix this: it is supported now */ | ||
| 167 | BIO_printf(out, "EdiPartyName:<unsupported>"); | ||
| 168 | break; | ||
| 169 | |||
| 170 | case GEN_EMAIL: | ||
| 171 | BIO_printf(out, "email:%s",gen->d.ia5->data); | ||
| 172 | break; | ||
| 173 | |||
| 174 | case GEN_DNS: | ||
| 175 | BIO_printf(out, "DNS:%s",gen->d.ia5->data); | ||
| 176 | break; | ||
| 177 | |||
| 178 | case GEN_URI: | ||
| 179 | BIO_printf(out, "URI:%s",gen->d.ia5->data); | ||
| 180 | break; | ||
| 181 | |||
| 182 | case GEN_DIRNAME: | ||
| 183 | BIO_printf(out, "DirName: "); | ||
| 184 | X509_NAME_print_ex(out, gen->d.dirn, 0, XN_FLAG_ONELINE); | ||
| 185 | break; | ||
| 186 | |||
| 187 | case GEN_IPADD: | ||
| 188 | p = gen->d.ip->data; | ||
| 189 | /* BUG: doesn't support IPV6 */ | ||
| 190 | if(gen->d.ip->length != 4) { | ||
| 191 | BIO_printf(out,"IP Address:<invalid>"); | ||
| 192 | break; | ||
| 193 | } | ||
| 194 | BIO_printf(out, "IP Address:%d.%d.%d.%d", p[0], p[1], p[2], p[3]); | ||
| 195 | break; | ||
| 196 | |||
| 197 | case GEN_RID: | ||
| 198 | BIO_printf(out, "Registered ID"); | ||
| 199 | i2a_ASN1_OBJECT(out, gen->d.rid); | ||
| 200 | break; | ||
| 201 | } | ||
| 202 | return 1; | ||
| 203 | } | ||
| 204 | |||
| 205 | static GENERAL_NAMES *v2i_issuer_alt(X509V3_EXT_METHOD *method, | ||
| 159 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 206 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 160 | { | 207 | { |
| 161 | STACK_OF(GENERAL_NAME) *gens = NULL; | 208 | GENERAL_NAMES *gens = NULL; |
| 162 | CONF_VALUE *cnf; | 209 | CONF_VALUE *cnf; |
| 163 | int i; | 210 | int i; |
| 164 | if(!(gens = sk_GENERAL_NAME_new(NULL))) { | 211 | if(!(gens = sk_GENERAL_NAME_new_null())) { |
| 165 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 212 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); |
| 166 | return NULL; | 213 | return NULL; |
| 167 | } | 214 | } |
| @@ -185,9 +232,9 @@ static STACK_OF(GENERAL_NAME) *v2i_issuer_alt(X509V3_EXT_METHOD *method, | |||
| 185 | 232 | ||
| 186 | /* Append subject altname of issuer to issuer alt name of subject */ | 233 | /* Append subject altname of issuer to issuer alt name of subject */ |
| 187 | 234 | ||
| 188 | static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | 235 | static int copy_issuer(X509V3_CTX *ctx, GENERAL_NAMES *gens) |
| 189 | { | 236 | { |
| 190 | STACK_OF(GENERAL_NAME) *ialt; | 237 | GENERAL_NAMES *ialt; |
| 191 | GENERAL_NAME *gen; | 238 | GENERAL_NAME *gen; |
| 192 | X509_EXTENSION *ext; | 239 | X509_EXTENSION *ext; |
| 193 | int i; | 240 | int i; |
| @@ -220,13 +267,13 @@ static int copy_issuer(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
| 220 | 267 | ||
| 221 | } | 268 | } |
| 222 | 269 | ||
| 223 | static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, | 270 | static GENERAL_NAMES *v2i_subject_alt(X509V3_EXT_METHOD *method, |
| 224 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 271 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 225 | { | 272 | { |
| 226 | STACK_OF(GENERAL_NAME) *gens = NULL; | 273 | GENERAL_NAMES *gens = NULL; |
| 227 | CONF_VALUE *cnf; | 274 | CONF_VALUE *cnf; |
| 228 | int i; | 275 | int i; |
| 229 | if(!(gens = sk_GENERAL_NAME_new(NULL))) { | 276 | if(!(gens = sk_GENERAL_NAME_new_null())) { |
| 230 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 277 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); |
| 231 | return NULL; | 278 | return NULL; |
| 232 | } | 279 | } |
| @@ -234,7 +281,10 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||
| 234 | cnf = sk_CONF_VALUE_value(nval, i); | 281 | cnf = sk_CONF_VALUE_value(nval, i); |
| 235 | if(!name_cmp(cnf->name, "email") && cnf->value && | 282 | if(!name_cmp(cnf->name, "email") && cnf->value && |
| 236 | !strcmp(cnf->value, "copy")) { | 283 | !strcmp(cnf->value, "copy")) { |
| 237 | if(!copy_email(ctx, gens)) goto err; | 284 | if(!copy_email(ctx, gens, 0)) goto err; |
| 285 | } else if(!name_cmp(cnf->name, "email") && cnf->value && | ||
| 286 | !strcmp(cnf->value, "move")) { | ||
| 287 | if(!copy_email(ctx, gens, 1)) goto err; | ||
| 238 | } else { | 288 | } else { |
| 239 | GENERAL_NAME *gen; | 289 | GENERAL_NAME *gen; |
| 240 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) | 290 | if(!(gen = v2i_GENERAL_NAME(method, ctx, cnf))) |
| @@ -252,7 +302,7 @@ static STACK_OF(GENERAL_NAME) *v2i_subject_alt(X509V3_EXT_METHOD *method, | |||
| 252 | * GENERAL_NAMES | 302 | * GENERAL_NAMES |
| 253 | */ | 303 | */ |
| 254 | 304 | ||
| 255 | static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | 305 | static int copy_email(X509V3_CTX *ctx, GENERAL_NAMES *gens, int move_p) |
| 256 | { | 306 | { |
| 257 | X509_NAME *nm; | 307 | X509_NAME *nm; |
| 258 | ASN1_IA5STRING *email = NULL; | 308 | ASN1_IA5STRING *email = NULL; |
| @@ -271,9 +321,14 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
| 271 | /* Now add any email address(es) to STACK */ | 321 | /* Now add any email address(es) to STACK */ |
| 272 | i = -1; | 322 | i = -1; |
| 273 | while((i = X509_NAME_get_index_by_NID(nm, | 323 | while((i = X509_NAME_get_index_by_NID(nm, |
| 274 | NID_pkcs9_emailAddress, i)) > 0) { | 324 | NID_pkcs9_emailAddress, i)) >= 0) { |
| 275 | ne = X509_NAME_get_entry(nm, i); | 325 | ne = X509_NAME_get_entry(nm, i); |
| 276 | email = ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); | 326 | email = M_ASN1_IA5STRING_dup(X509_NAME_ENTRY_get_data(ne)); |
| 327 | if (move_p) | ||
| 328 | { | ||
| 329 | X509_NAME_delete_entry(nm, i); | ||
| 330 | i--; | ||
| 331 | } | ||
| 277 | if(!email || !(gen = GENERAL_NAME_new())) { | 332 | if(!email || !(gen = GENERAL_NAME_new())) { |
| 278 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); | 333 | X509V3err(X509V3_F_COPY_EMAIL,ERR_R_MALLOC_FAILURE); |
| 279 | goto err; | 334 | goto err; |
| @@ -293,19 +348,19 @@ static int copy_email(X509V3_CTX *ctx, STACK_OF(GENERAL_NAME) *gens) | |||
| 293 | 348 | ||
| 294 | err: | 349 | err: |
| 295 | GENERAL_NAME_free(gen); | 350 | GENERAL_NAME_free(gen); |
| 296 | ASN1_IA5STRING_free(email); | 351 | M_ASN1_IA5STRING_free(email); |
| 297 | return 0; | 352 | return 0; |
| 298 | 353 | ||
| 299 | } | 354 | } |
| 300 | 355 | ||
| 301 | STACK_OF(GENERAL_NAME) *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | 356 | GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, |
| 302 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 357 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 303 | { | 358 | { |
| 304 | GENERAL_NAME *gen; | 359 | GENERAL_NAME *gen; |
| 305 | STACK_OF(GENERAL_NAME) *gens = NULL; | 360 | GENERAL_NAMES *gens = NULL; |
| 306 | CONF_VALUE *cnf; | 361 | CONF_VALUE *cnf; |
| 307 | int i; | 362 | int i; |
| 308 | if(!(gens = sk_GENERAL_NAME_new(NULL))) { | 363 | if(!(gens = sk_GENERAL_NAME_new_null())) { |
| 309 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); | 364 | X509V3err(X509V3_F_V2I_GENERAL_NAMES,ERR_R_MALLOC_FAILURE); |
| 310 | return NULL; | 365 | return NULL; |
| 311 | } | 366 | } |
| @@ -371,7 +426,7 @@ if(!name_cmp(name, "email")) { | |||
| 371 | goto err; | 426 | goto err; |
| 372 | } | 427 | } |
| 373 | ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; | 428 | ip[0] = i1; ip[1] = i2 ; ip[2] = i3 ; ip[3] = i4; |
| 374 | if(!(gen->d.ip = ASN1_OCTET_STRING_new()) || | 429 | if(!(gen->d.ip = M_ASN1_OCTET_STRING_new()) || |
| 375 | !ASN1_STRING_set(gen->d.ip, ip, 4)) { | 430 | !ASN1_STRING_set(gen->d.ip, ip, 4)) { |
| 376 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 431 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); |
| 377 | goto err; | 432 | goto err; |
| @@ -384,7 +439,7 @@ if(!name_cmp(name, "email")) { | |||
| 384 | } | 439 | } |
| 385 | 440 | ||
| 386 | if(is_string) { | 441 | if(is_string) { |
| 387 | if(!(gen->d.ia5 = ASN1_IA5STRING_new()) || | 442 | if(!(gen->d.ia5 = M_ASN1_IA5STRING_new()) || |
| 388 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, | 443 | !ASN1_STRING_set(gen->d.ia5, (unsigned char*)value, |
| 389 | strlen(value))) { | 444 | strlen(value))) { |
| 390 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); | 445 | X509V3err(X509V3_F_V2I_GENERAL_NAME,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/x509v3/v3_bcons.c b/src/lib/libcrypto/x509v3/v3_bcons.c index de2f855c35..cbb012715e 100644 --- a/src/lib/libcrypto/x509v3/v3_bcons.c +++ b/src/lib/libcrypto/x509v3/v3_bcons.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/conf.h> | 64 | #include <openssl/conf.h> |
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | 66 | ||
| @@ -69,62 +69,22 @@ static BASIC_CONSTRAINTS *v2i_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, X509V | |||
| 69 | 69 | ||
| 70 | X509V3_EXT_METHOD v3_bcons = { | 70 | X509V3_EXT_METHOD v3_bcons = { |
| 71 | NID_basic_constraints, 0, | 71 | NID_basic_constraints, 0, |
| 72 | (X509V3_EXT_NEW)BASIC_CONSTRAINTS_new, | 72 | ASN1_ITEM_ref(BASIC_CONSTRAINTS), |
| 73 | (X509V3_EXT_FREE)BASIC_CONSTRAINTS_free, | 73 | 0,0,0,0, |
| 74 | (X509V3_EXT_D2I)d2i_BASIC_CONSTRAINTS, | 74 | 0,0, |
| 75 | (X509V3_EXT_I2D)i2d_BASIC_CONSTRAINTS, | ||
| 76 | NULL, NULL, | ||
| 77 | (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, | 75 | (X509V3_EXT_I2V)i2v_BASIC_CONSTRAINTS, |
| 78 | (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, | 76 | (X509V3_EXT_V2I)v2i_BASIC_CONSTRAINTS, |
| 79 | NULL,NULL, | 77 | NULL,NULL, |
| 80 | NULL | 78 | NULL |
| 81 | }; | 79 | }; |
| 82 | 80 | ||
| 81 | ASN1_SEQUENCE(BASIC_CONSTRAINTS) = { | ||
| 82 | ASN1_OPT(BASIC_CONSTRAINTS, ca, ASN1_FBOOLEAN), | ||
| 83 | ASN1_OPT(BASIC_CONSTRAINTS, pathlen, ASN1_INTEGER) | ||
| 84 | } ASN1_SEQUENCE_END(BASIC_CONSTRAINTS) | ||
| 83 | 85 | ||
| 84 | int i2d_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS *a, unsigned char **pp) | 86 | IMPLEMENT_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) |
| 85 | { | ||
| 86 | M_ASN1_I2D_vars(a); | ||
| 87 | if(a->ca) M_ASN1_I2D_len (a->ca, i2d_ASN1_BOOLEAN); | ||
| 88 | M_ASN1_I2D_len (a->pathlen, i2d_ASN1_INTEGER); | ||
| 89 | |||
| 90 | M_ASN1_I2D_seq_total(); | ||
| 91 | |||
| 92 | if (a->ca) M_ASN1_I2D_put (a->ca, i2d_ASN1_BOOLEAN); | ||
| 93 | M_ASN1_I2D_put (a->pathlen, i2d_ASN1_INTEGER); | ||
| 94 | M_ASN1_I2D_finish(); | ||
| 95 | } | ||
| 96 | |||
| 97 | BASIC_CONSTRAINTS *BASIC_CONSTRAINTS_new(void) | ||
| 98 | { | ||
| 99 | BASIC_CONSTRAINTS *ret=NULL; | ||
| 100 | ASN1_CTX c; | ||
| 101 | M_ASN1_New_Malloc(ret, BASIC_CONSTRAINTS); | ||
| 102 | ret->ca = 0; | ||
| 103 | ret->pathlen = NULL; | ||
| 104 | return (ret); | ||
| 105 | M_ASN1_New_Error(ASN1_F_BASIC_CONSTRAINTS_NEW); | ||
| 106 | } | ||
| 107 | 87 | ||
| 108 | BASIC_CONSTRAINTS *d2i_BASIC_CONSTRAINTS(BASIC_CONSTRAINTS **a, | ||
| 109 | unsigned char **pp, long length) | ||
| 110 | { | ||
| 111 | M_ASN1_D2I_vars(a,BASIC_CONSTRAINTS *,BASIC_CONSTRAINTS_new); | ||
| 112 | M_ASN1_D2I_Init(); | ||
| 113 | M_ASN1_D2I_start_sequence(); | ||
| 114 | if((M_ASN1_next & (~V_ASN1_CONSTRUCTED)) == | ||
| 115 | (V_ASN1_UNIVERSAL|V_ASN1_BOOLEAN) ) { | ||
| 116 | M_ASN1_D2I_get_int (ret->ca, d2i_ASN1_BOOLEAN); | ||
| 117 | } | ||
| 118 | M_ASN1_D2I_get_opt (ret->pathlen, d2i_ASN1_INTEGER, V_ASN1_INTEGER); | ||
| 119 | M_ASN1_D2I_Finish(a, BASIC_CONSTRAINTS_free, ASN1_F_D2I_BASIC_CONSTRAINTS); | ||
| 120 | } | ||
| 121 | |||
| 122 | void BASIC_CONSTRAINTS_free(BASIC_CONSTRAINTS *a) | ||
| 123 | { | ||
| 124 | if (a == NULL) return; | ||
| 125 | ASN1_INTEGER_free (a->pathlen); | ||
| 126 | Free ((char *)a); | ||
| 127 | } | ||
| 128 | 88 | ||
| 129 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, | 89 | static STACK_OF(CONF_VALUE) *i2v_BASIC_CONSTRAINTS(X509V3_EXT_METHOD *method, |
| 130 | BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) | 90 | BASIC_CONSTRAINTS *bcons, STACK_OF(CONF_VALUE) *extlist) |
diff --git a/src/lib/libcrypto/x509v3/v3_bitst.c b/src/lib/libcrypto/x509v3/v3_bitst.c index 9828ba15b3..16cf125562 100644 --- a/src/lib/libcrypto/x509v3/v3_bitst.c +++ b/src/lib/libcrypto/x509v3/v3_bitst.c | |||
| @@ -61,12 +61,12 @@ | |||
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
| 63 | 63 | ||
| 64 | static ASN1_BIT_STRING *asn1_bit_string_new(void); | ||
| 65 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 64 | static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
| 66 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 65 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 67 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 66 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
| 68 | ASN1_BIT_STRING *bits, | 67 | ASN1_BIT_STRING *bits, |
| 69 | STACK_OF(CONF_VALUE) *extlist); | 68 | STACK_OF(CONF_VALUE) *extlist); |
| 69 | |||
| 70 | static BIT_STRING_BITNAME ns_cert_type_table[] = { | 70 | static BIT_STRING_BITNAME ns_cert_type_table[] = { |
| 71 | {0, "SSL Client", "client"}, | 71 | {0, "SSL Client", "client"}, |
| 72 | {1, "SSL Server", "server"}, | 72 | {1, "SSL Server", "server"}, |
| @@ -97,11 +97,6 @@ static BIT_STRING_BITNAME key_usage_type_table[] = { | |||
| 97 | X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); | 97 | X509V3_EXT_METHOD v3_nscert = EXT_BITSTRING(NID_netscape_cert_type, ns_cert_type_table); |
| 98 | X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); | 98 | X509V3_EXT_METHOD v3_key_usage = EXT_BITSTRING(NID_key_usage, key_usage_type_table); |
| 99 | 99 | ||
| 100 | static ASN1_BIT_STRING *asn1_bit_string_new(void) | ||
| 101 | { | ||
| 102 | return ASN1_BIT_STRING_new(); | ||
| 103 | } | ||
| 104 | |||
| 105 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | 100 | static STACK_OF(CONF_VALUE) *i2v_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, |
| 106 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) | 101 | ASN1_BIT_STRING *bits, STACK_OF(CONF_VALUE) *ret) |
| 107 | { | 102 | { |
| @@ -120,7 +115,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
| 120 | ASN1_BIT_STRING *bs; | 115 | ASN1_BIT_STRING *bs; |
| 121 | int i; | 116 | int i; |
| 122 | BIT_STRING_BITNAME *bnam; | 117 | BIT_STRING_BITNAME *bnam; |
| 123 | if(!(bs = ASN1_BIT_STRING_new())) { | 118 | if(!(bs = M_ASN1_BIT_STRING_new())) { |
| 124 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); | 119 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING,ERR_R_MALLOC_FAILURE); |
| 125 | return NULL; | 120 | return NULL; |
| 126 | } | 121 | } |
| @@ -137,7 +132,7 @@ static ASN1_BIT_STRING *v2i_ASN1_BIT_STRING(X509V3_EXT_METHOD *method, | |||
| 137 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, | 132 | X509V3err(X509V3_F_V2I_ASN1_BIT_STRING, |
| 138 | X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); | 133 | X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT); |
| 139 | X509V3_conf_err(val); | 134 | X509V3_conf_err(val); |
| 140 | ASN1_BIT_STRING_free(bs); | 135 | M_ASN1_BIT_STRING_free(bs); |
| 141 | return NULL; | 136 | return NULL; |
| 142 | } | 137 | } |
| 143 | } | 138 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_conf.c b/src/lib/libcrypto/x509v3/v3_conf.c index f19bb3ad84..1a3448e121 100644 --- a/src/lib/libcrypto/x509v3/v3_conf.c +++ b/src/lib/libcrypto/x509v3/v3_conf.c | |||
| @@ -68,115 +68,138 @@ | |||
| 68 | 68 | ||
| 69 | static int v3_check_critical(char **value); | 69 | static int v3_check_critical(char **value); |
| 70 | static int v3_check_generic(char **value); | 70 | static int v3_check_generic(char **value); |
| 71 | static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); | 71 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, int crit, char *value); |
| 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); | 72 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, int crit, int type); |
| 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); | 73 | static char *conf_lhash_get_string(void *db, char *section, char *value); |
| 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); | 74 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section); |
| 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 75 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, |
| 76 | int crit, void *ext_struc); | 76 | int crit, void *ext_struc); |
| 77 | /* LHASH *conf: Config file */ | 77 | /* CONF *conf: Config file */ |
| 78 | /* char *name: Name */ | 78 | /* char *name: Name */ |
| 79 | /* char *value: Value */ | 79 | /* char *value: Value */ |
| 80 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | 80 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, |
| 81 | char *value) | 81 | char *value) |
| 82 | { | 82 | { |
| 83 | int crit; | 83 | int crit; |
| 84 | int ext_type; | 84 | int ext_type; |
| 85 | X509_EXTENSION *ret; | 85 | X509_EXTENSION *ret; |
| 86 | crit = v3_check_critical(&value); | 86 | crit = v3_check_critical(&value); |
| 87 | if((ext_type = v3_check_generic(&value))) | 87 | if ((ext_type = v3_check_generic(&value))) |
| 88 | return v3_generic_extension(name, value, crit, ext_type); | 88 | return v3_generic_extension(name, value, crit, ext_type); |
| 89 | ret = do_ext_conf(conf, ctx, OBJ_sn2nid(name), crit, value); | 89 | ret = do_ext_nconf(conf, ctx, OBJ_sn2nid(name), crit, value); |
| 90 | if(!ret) { | 90 | if (!ret) |
| 91 | { | ||
| 91 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); | 92 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_ERROR_IN_EXTENSION); |
| 92 | ERR_add_error_data(4,"name=", name, ", value=", value); | 93 | ERR_add_error_data(4,"name=", name, ", value=", value); |
| 93 | } | 94 | } |
| 94 | return ret; | 95 | return ret; |
| 95 | } | 96 | } |
| 96 | 97 | ||
| 97 | /* LHASH *conf: Config file */ | 98 | /* CONF *conf: Config file */ |
| 98 | /* char *value: Value */ | 99 | /* char *value: Value */ |
| 99 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, | 100 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
| 100 | char *value) | 101 | char *value) |
| 101 | { | 102 | { |
| 102 | int crit; | 103 | int crit; |
| 103 | int ext_type; | 104 | int ext_type; |
| 104 | crit = v3_check_critical(&value); | 105 | crit = v3_check_critical(&value); |
| 105 | if((ext_type = v3_check_generic(&value))) | 106 | if ((ext_type = v3_check_generic(&value))) |
| 106 | return v3_generic_extension(OBJ_nid2sn(ext_nid), | 107 | return v3_generic_extension(OBJ_nid2sn(ext_nid), |
| 107 | value, crit, ext_type); | 108 | value, crit, ext_type); |
| 108 | return do_ext_conf(conf, ctx, ext_nid, crit, value); | 109 | return do_ext_nconf(conf, ctx, ext_nid, crit, value); |
| 109 | } | 110 | } |
| 110 | 111 | ||
| 111 | /* LHASH *conf: Config file */ | 112 | /* CONF *conf: Config file */ |
| 112 | /* char *value: Value */ | 113 | /* char *value: Value */ |
| 113 | static X509_EXTENSION *do_ext_conf(LHASH *conf, X509V3_CTX *ctx, int ext_nid, | 114 | static X509_EXTENSION *do_ext_nconf(CONF *conf, X509V3_CTX *ctx, int ext_nid, |
| 114 | int crit, char *value) | 115 | int crit, char *value) |
| 115 | { | 116 | { |
| 116 | X509V3_EXT_METHOD *method; | 117 | X509V3_EXT_METHOD *method; |
| 117 | X509_EXTENSION *ext; | 118 | X509_EXTENSION *ext; |
| 118 | STACK_OF(CONF_VALUE) *nval; | 119 | STACK_OF(CONF_VALUE) *nval; |
| 119 | void *ext_struc; | 120 | void *ext_struc; |
| 120 | if(ext_nid == NID_undef) { | 121 | if (ext_nid == NID_undef) |
| 122 | { | ||
| 121 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); | 123 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION_NAME); |
| 122 | return NULL; | 124 | return NULL; |
| 123 | } | 125 | } |
| 124 | if(!(method = X509V3_EXT_get_nid(ext_nid))) { | 126 | if (!(method = X509V3_EXT_get_nid(ext_nid))) |
| 127 | { | ||
| 125 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); | 128 | X509V3err(X509V3_F_DO_EXT_CONF,X509V3_R_UNKNOWN_EXTENSION); |
| 126 | return NULL; | 129 | return NULL; |
| 127 | } | 130 | } |
| 128 | /* Now get internal extension representation based on type */ | 131 | /* Now get internal extension representation based on type */ |
| 129 | if(method->v2i) { | 132 | if (method->v2i) |
| 130 | if(*value == '@') nval = CONF_get_section(conf, value + 1); | 133 | { |
| 134 | if(*value == '@') nval = NCONF_get_section(conf, value + 1); | ||
| 131 | else nval = X509V3_parse_list(value); | 135 | else nval = X509V3_parse_list(value); |
| 132 | if(!nval) { | 136 | if(!nval) |
| 137 | { | ||
| 133 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); | 138 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_INVALID_EXTENSION_STRING); |
| 134 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); | 139 | ERR_add_error_data(4, "name=", OBJ_nid2sn(ext_nid), ",section=", value); |
| 135 | return NULL; | 140 | return NULL; |
| 136 | } | 141 | } |
| 137 | ext_struc = method->v2i(method, ctx, nval); | 142 | ext_struc = method->v2i(method, ctx, nval); |
| 138 | if(*value != '@') sk_CONF_VALUE_pop_free(nval, | 143 | if(*value != '@') sk_CONF_VALUE_pop_free(nval, |
| 139 | X509V3_conf_free); | 144 | X509V3_conf_free); |
| 140 | if(!ext_struc) return NULL; | 145 | if(!ext_struc) return NULL; |
| 141 | } else if(method->s2i) { | 146 | } |
| 147 | else if(method->s2i) | ||
| 148 | { | ||
| 142 | if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; | 149 | if(!(ext_struc = method->s2i(method, ctx, value))) return NULL; |
| 143 | } else if(method->r2i) { | 150 | } |
| 144 | if(!ctx->db) { | 151 | else if(method->r2i) |
| 152 | { | ||
| 153 | if(!ctx->db) | ||
| 154 | { | ||
| 145 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); | 155 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_NO_CONFIG_DATABASE); |
| 146 | return NULL; | 156 | return NULL; |
| 147 | } | 157 | } |
| 148 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; | 158 | if(!(ext_struc = method->r2i(method, ctx, value))) return NULL; |
| 149 | } else { | 159 | } |
| 160 | else | ||
| 161 | { | ||
| 150 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); | 162 | X509V3err(X509V3_F_X509V3_EXT_CONF,X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED); |
| 151 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); | 163 | ERR_add_error_data(2, "name=", OBJ_nid2sn(ext_nid)); |
| 152 | return NULL; | 164 | return NULL; |
| 153 | } | 165 | } |
| 154 | 166 | ||
| 155 | ext = do_ext_i2d(method, ext_nid, crit, ext_struc); | 167 | ext = do_ext_i2d(method, ext_nid, crit, ext_struc); |
| 156 | method->ext_free(ext_struc); | 168 | if(method->it) ASN1_item_free(ext_struc, ASN1_ITEM_ptr(method->it)); |
| 169 | else method->ext_free(ext_struc); | ||
| 157 | return ext; | 170 | return ext; |
| 158 | 171 | ||
| 159 | } | 172 | } |
| 160 | 173 | ||
| 161 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | 174 | static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, |
| 162 | int crit, void *ext_struc) | 175 | int crit, void *ext_struc) |
| 163 | { | 176 | { |
| 164 | unsigned char *ext_der, *p; | 177 | unsigned char *ext_der; |
| 165 | int ext_len; | 178 | int ext_len; |
| 166 | ASN1_OCTET_STRING *ext_oct; | 179 | ASN1_OCTET_STRING *ext_oct; |
| 167 | X509_EXTENSION *ext; | 180 | X509_EXTENSION *ext; |
| 168 | /* Convert internal representation to DER */ | 181 | /* Convert internal representation to DER */ |
| 169 | ext_len = method->i2d(ext_struc, NULL); | 182 | if (method->it) |
| 170 | if(!(ext_der = Malloc(ext_len))) goto merr; | 183 | { |
| 171 | p = ext_der; | 184 | ext_der = NULL; |
| 172 | method->i2d(ext_struc, &p); | 185 | ext_len = ASN1_item_i2d(ext_struc, &ext_der, ASN1_ITEM_ptr(method->it)); |
| 173 | if(!(ext_oct = ASN1_OCTET_STRING_new())) goto merr; | 186 | if (ext_len < 0) goto merr; |
| 187 | } | ||
| 188 | else | ||
| 189 | { | ||
| 190 | unsigned char *p; | ||
| 191 | ext_len = method->i2d(ext_struc, NULL); | ||
| 192 | if(!(ext_der = OPENSSL_malloc(ext_len))) goto merr; | ||
| 193 | p = ext_der; | ||
| 194 | method->i2d(ext_struc, &p); | ||
| 195 | } | ||
| 196 | if (!(ext_oct = M_ASN1_OCTET_STRING_new())) goto merr; | ||
| 174 | ext_oct->data = ext_der; | 197 | ext_oct->data = ext_der; |
| 175 | ext_oct->length = ext_len; | 198 | ext_oct->length = ext_len; |
| 176 | 199 | ||
| 177 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); | 200 | ext = X509_EXTENSION_create_by_NID(NULL, ext_nid, crit, ext_oct); |
| 178 | if(!ext) goto merr; | 201 | if (!ext) goto merr; |
| 179 | ASN1_OCTET_STRING_free(ext_oct); | 202 | M_ASN1_OCTET_STRING_free(ext_oct); |
| 180 | 203 | ||
| 181 | return ext; | 204 | return ext; |
| 182 | 205 | ||
| @@ -184,14 +207,14 @@ static X509_EXTENSION *do_ext_i2d(X509V3_EXT_METHOD *method, int ext_nid, | |||
| 184 | X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); | 207 | X509V3err(X509V3_F_DO_EXT_I2D,ERR_R_MALLOC_FAILURE); |
| 185 | return NULL; | 208 | return NULL; |
| 186 | 209 | ||
| 187 | } | 210 | } |
| 188 | 211 | ||
| 189 | /* Given an internal structure, nid and critical flag create an extension */ | 212 | /* Given an internal structure, nid and critical flag create an extension */ |
| 190 | 213 | ||
| 191 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) | 214 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) |
| 192 | { | 215 | { |
| 193 | X509V3_EXT_METHOD *method; | 216 | X509V3_EXT_METHOD *method; |
| 194 | if(!(method = X509V3_EXT_get_nid(ext_nid))) { | 217 | if (!(method = X509V3_EXT_get_nid(ext_nid))) { |
| 195 | X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); | 218 | X509V3err(X509V3_F_X509V3_EXT_I2D,X509V3_R_UNKNOWN_EXTENSION); |
| 196 | return NULL; | 219 | return NULL; |
| 197 | } | 220 | } |
| @@ -202,7 +225,7 @@ X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc) | |||
| 202 | static int v3_check_critical(char **value) | 225 | static int v3_check_critical(char **value) |
| 203 | { | 226 | { |
| 204 | char *p = *value; | 227 | char *p = *value; |
| 205 | if((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; | 228 | if ((strlen(p) < 9) || strncmp(p, "critical,", 9)) return 0; |
| 206 | p+=9; | 229 | p+=9; |
| 207 | while(isspace((unsigned char)*p)) p++; | 230 | while(isspace((unsigned char)*p)) p++; |
| 208 | *value = p; | 231 | *value = p; |
| @@ -213,134 +236,212 @@ static int v3_check_critical(char **value) | |||
| 213 | static int v3_check_generic(char **value) | 236 | static int v3_check_generic(char **value) |
| 214 | { | 237 | { |
| 215 | char *p = *value; | 238 | char *p = *value; |
| 216 | if((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; | 239 | if ((strlen(p) < 4) || strncmp(p, "DER:,", 4)) return 0; |
| 217 | p+=4; | 240 | p+=4; |
| 218 | while(isspace((unsigned char)*p)) p++; | 241 | while (isspace((unsigned char)*p)) p++; |
| 219 | *value = p; | 242 | *value = p; |
| 220 | return 1; | 243 | return 1; |
| 221 | } | 244 | } |
| 222 | 245 | ||
| 223 | /* Create a generic extension: for now just handle RAW type */ | 246 | /* Create a generic extension: for now just handle DER type */ |
| 224 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, | 247 | static X509_EXTENSION *v3_generic_extension(const char *ext, char *value, |
| 225 | int crit, int type) | 248 | int crit, int type) |
| 226 | { | 249 | { |
| 227 | unsigned char *ext_der=NULL; | 250 | unsigned char *ext_der=NULL; |
| 228 | long ext_len; | 251 | long ext_len; |
| 229 | ASN1_OBJECT *obj=NULL; | 252 | ASN1_OBJECT *obj=NULL; |
| 230 | ASN1_OCTET_STRING *oct=NULL; | 253 | ASN1_OCTET_STRING *oct=NULL; |
| 231 | X509_EXTENSION *extension=NULL; | 254 | X509_EXTENSION *extension=NULL; |
| 232 | if(!(obj = OBJ_txt2obj(ext, 0))) { | 255 | if (!(obj = OBJ_txt2obj(ext, 0))) |
| 233 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); | 256 | { |
| 234 | ERR_add_error_data(2, "name=", ext); | 257 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_NAME_ERROR); |
| 235 | goto err; | 258 | ERR_add_error_data(2, "name=", ext); |
| 236 | } | 259 | goto err; |
| 260 | } | ||
| 237 | 261 | ||
| 238 | if(!(ext_der = string_to_hex(value, &ext_len))) { | 262 | if (!(ext_der = string_to_hex(value, &ext_len))) |
| 239 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); | 263 | { |
| 240 | ERR_add_error_data(2, "value=", value); | 264 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,X509V3_R_EXTENSION_VALUE_ERROR); |
| 241 | goto err; | 265 | ERR_add_error_data(2, "value=", value); |
| 242 | } | 266 | goto err; |
| 267 | } | ||
| 243 | 268 | ||
| 244 | if(!(oct = ASN1_OCTET_STRING_new())) { | 269 | if (!(oct = M_ASN1_OCTET_STRING_new())) |
| 245 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); | 270 | { |
| 246 | goto err; | 271 | X509V3err(X509V3_F_V3_GENERIC_EXTENSION,ERR_R_MALLOC_FAILURE); |
| 247 | } | 272 | goto err; |
| 273 | } | ||
| 248 | 274 | ||
| 249 | oct->data = ext_der; | 275 | oct->data = ext_der; |
| 250 | oct->length = ext_len; | 276 | oct->length = ext_len; |
| 251 | ext_der = NULL; | 277 | ext_der = NULL; |
| 252 | 278 | ||
| 253 | extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); | 279 | extension = X509_EXTENSION_create_by_OBJ(NULL, obj, crit, oct); |
| 254 | 280 | ||
| 255 | err: | 281 | err: |
| 256 | ASN1_OBJECT_free(obj); | 282 | ASN1_OBJECT_free(obj); |
| 257 | ASN1_OCTET_STRING_free(oct); | 283 | M_ASN1_OCTET_STRING_free(oct); |
| 258 | if(ext_der) Free(ext_der); | 284 | if(ext_der) OPENSSL_free(ext_der); |
| 259 | return extension; | 285 | return extension; |
| 260 | } | 286 | |
| 287 | } | ||
| 261 | 288 | ||
| 262 | 289 | ||
| 263 | /* This is the main function: add a bunch of extensions based on a config file | 290 | /* This is the main function: add a bunch of extensions based on a config file |
| 264 | * section | 291 | * section to an extension STACK. |
| 265 | */ | 292 | */ |
| 266 | 293 | ||
| 267 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | 294 | |
| 268 | X509 *cert) | 295 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, |
| 269 | { | 296 | STACK_OF(X509_EXTENSION) **sk) |
| 297 | { | ||
| 270 | X509_EXTENSION *ext; | 298 | X509_EXTENSION *ext; |
| 271 | STACK_OF(CONF_VALUE) *nval; | 299 | STACK_OF(CONF_VALUE) *nval; |
| 272 | CONF_VALUE *val; | 300 | CONF_VALUE *val; |
| 273 | int i; | 301 | int i; |
| 274 | if(!(nval = CONF_get_section(conf, section))) return 0; | 302 | if (!(nval = NCONF_get_section(conf, section))) return 0; |
| 275 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 303 | for (i = 0; i < sk_CONF_VALUE_num(nval); i++) |
| 304 | { | ||
| 276 | val = sk_CONF_VALUE_value(nval, i); | 305 | val = sk_CONF_VALUE_value(nval, i); |
| 277 | if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) | 306 | if (!(ext = X509V3_EXT_nconf(conf, ctx, val->name, val->value))) |
| 278 | return 0; | 307 | return 0; |
| 279 | if(cert) X509_add_ext(cert, ext, -1); | 308 | if (sk) X509v3_add_ext(sk, ext, -1); |
| 280 | X509_EXTENSION_free(ext); | 309 | X509_EXTENSION_free(ext); |
| 281 | } | 310 | } |
| 282 | return 1; | 311 | return 1; |
| 283 | } | 312 | } |
| 313 | |||
| 314 | /* Convenience functions to add extensions to a certificate, CRL and request */ | ||
| 315 | |||
| 316 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 317 | X509 *cert) | ||
| 318 | { | ||
| 319 | STACK_OF(X509_EXTENSION) **sk = NULL; | ||
| 320 | if (cert) | ||
| 321 | sk = &cert->cert_info->extensions; | ||
| 322 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | ||
| 323 | } | ||
| 284 | 324 | ||
| 285 | /* Same as above but for a CRL */ | 325 | /* Same as above but for a CRL */ |
| 286 | 326 | ||
| 287 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | 327 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, |
| 288 | X509_CRL *crl) | 328 | X509_CRL *crl) |
| 289 | { | 329 | { |
| 290 | X509_EXTENSION *ext; | 330 | STACK_OF(X509_EXTENSION) **sk = NULL; |
| 291 | STACK_OF(CONF_VALUE) *nval; | 331 | if (crl) |
| 292 | CONF_VALUE *val; | 332 | sk = &crl->crl->extensions; |
| 333 | return X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); | ||
| 334 | } | ||
| 335 | |||
| 336 | /* Add extensions to certificate request */ | ||
| 337 | |||
| 338 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, | ||
| 339 | X509_REQ *req) | ||
| 340 | { | ||
| 341 | STACK_OF(X509_EXTENSION) *extlist = NULL, **sk = NULL; | ||
| 293 | int i; | 342 | int i; |
| 294 | if(!(nval = CONF_get_section(conf, section))) return 0; | 343 | if (req) |
| 295 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 344 | sk = &extlist; |
| 296 | val = sk_CONF_VALUE_value(nval, i); | 345 | i = X509V3_EXT_add_nconf_sk(conf, ctx, section, sk); |
| 297 | if(!(ext = X509V3_EXT_conf(conf, ctx, val->name, val->value))) | 346 | if (!i || !sk) |
| 298 | return 0; | 347 | return i; |
| 299 | if(crl) X509_CRL_add_ext(crl, ext, -1); | 348 | i = X509_REQ_add_extensions(req, extlist); |
| 300 | X509_EXTENSION_free(ext); | 349 | sk_X509_EXTENSION_pop_free(extlist, X509_EXTENSION_free); |
| 350 | return i; | ||
| 301 | } | 351 | } |
| 302 | return 1; | ||
| 303 | } | ||
| 304 | 352 | ||
| 305 | /* Config database functions */ | 353 | /* Config database functions */ |
| 306 | 354 | ||
| 307 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) | 355 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section) |
| 308 | { | 356 | { |
| 309 | if(ctx->db_meth->get_string) | 357 | if (ctx->db_meth->get_string) |
| 310 | return ctx->db_meth->get_string(ctx->db, name, section); | 358 | return ctx->db_meth->get_string(ctx->db, name, section); |
| 311 | return NULL; | 359 | return NULL; |
| 312 | } | 360 | } |
| 313 | 361 | ||
| 314 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) | 362 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section) |
| 315 | { | 363 | { |
| 316 | if(ctx->db_meth->get_section) | 364 | if (ctx->db_meth->get_section) |
| 317 | return ctx->db_meth->get_section(ctx->db, section); | 365 | return ctx->db_meth->get_section(ctx->db, section); |
| 318 | return NULL; | 366 | return NULL; |
| 319 | } | 367 | } |
| 320 | 368 | ||
| 321 | void X509V3_string_free(X509V3_CTX *ctx, char *str) | 369 | void X509V3_string_free(X509V3_CTX *ctx, char *str) |
| 322 | { | 370 | { |
| 323 | if(!str) return; | 371 | if (!str) return; |
| 324 | if(ctx->db_meth->free_string) | 372 | if (ctx->db_meth->free_string) |
| 325 | ctx->db_meth->free_string(ctx->db, str); | 373 | ctx->db_meth->free_string(ctx->db, str); |
| 326 | } | 374 | } |
| 327 | 375 | ||
| 328 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) | 376 | void X509V3_section_free(X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section) |
| 329 | { | 377 | { |
| 330 | if(!section) return; | 378 | if (!section) return; |
| 331 | if(ctx->db_meth->free_section) | 379 | if (ctx->db_meth->free_section) |
| 332 | ctx->db_meth->free_section(ctx->db, section); | 380 | ctx->db_meth->free_section(ctx->db, section); |
| 333 | } | 381 | } |
| 382 | |||
| 383 | static char *nconf_get_string(void *db, char *section, char *value) | ||
| 384 | { | ||
| 385 | return NCONF_get_string(db, section, value); | ||
| 386 | } | ||
| 387 | |||
| 388 | static STACK_OF(CONF_VALUE) *nconf_get_section(void *db, char *section) | ||
| 389 | { | ||
| 390 | return NCONF_get_section(db, section); | ||
| 391 | } | ||
| 392 | |||
| 393 | static X509V3_CONF_METHOD nconf_method = { | ||
| 394 | nconf_get_string, | ||
| 395 | nconf_get_section, | ||
| 396 | NULL, | ||
| 397 | NULL | ||
| 398 | }; | ||
| 399 | |||
| 400 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf) | ||
| 401 | { | ||
| 402 | ctx->db_meth = &nconf_method; | ||
| 403 | ctx->db = conf; | ||
| 404 | } | ||
| 405 | |||
| 406 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, | ||
| 407 | X509_CRL *crl, int flags) | ||
| 408 | { | ||
| 409 | ctx->issuer_cert = issuer; | ||
| 410 | ctx->subject_cert = subj; | ||
| 411 | ctx->crl = crl; | ||
| 412 | ctx->subject_req = req; | ||
| 413 | ctx->flags = flags; | ||
| 414 | } | ||
| 415 | |||
| 416 | /* Old conf compatibility functions */ | ||
| 417 | |||
| 418 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | ||
| 419 | char *value) | ||
| 420 | { | ||
| 421 | CONF ctmp; | ||
| 422 | CONF_set_nconf(&ctmp, conf); | ||
| 423 | return X509V3_EXT_nconf(&ctmp, ctx, name, value); | ||
| 424 | } | ||
| 425 | |||
| 426 | /* LHASH *conf: Config file */ | ||
| 427 | /* char *value: Value */ | ||
| 428 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, | ||
| 429 | char *value) | ||
| 430 | { | ||
| 431 | CONF ctmp; | ||
| 432 | CONF_set_nconf(&ctmp, conf); | ||
| 433 | return X509V3_EXT_nconf_nid(&ctmp, ctx, ext_nid, value); | ||
| 434 | } | ||
| 334 | 435 | ||
| 335 | static char *conf_lhash_get_string(void *db, char *section, char *value) | 436 | static char *conf_lhash_get_string(void *db, char *section, char *value) |
| 336 | { | 437 | { |
| 337 | return CONF_get_string(db, section, value); | 438 | return CONF_get_string(db, section, value); |
| 338 | } | 439 | } |
| 339 | 440 | ||
| 340 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) | 441 | static STACK_OF(CONF_VALUE) *conf_lhash_get_section(void *db, char *section) |
| 341 | { | 442 | { |
| 342 | return CONF_get_section(db, section); | 443 | return CONF_get_section(db, section); |
| 343 | } | 444 | } |
| 344 | 445 | ||
| 345 | static X509V3_CONF_METHOD conf_lhash_method = { | 446 | static X509V3_CONF_METHOD conf_lhash_method = { |
| 346 | conf_lhash_get_string, | 447 | conf_lhash_get_string, |
| @@ -350,17 +451,35 @@ NULL | |||
| 350 | }; | 451 | }; |
| 351 | 452 | ||
| 352 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) | 453 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash) |
| 353 | { | 454 | { |
| 354 | ctx->db_meth = &conf_lhash_method; | 455 | ctx->db_meth = &conf_lhash_method; |
| 355 | ctx->db = lhash; | 456 | ctx->db = lhash; |
| 356 | } | 457 | } |
| 357 | 458 | ||
| 358 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subj, X509_REQ *req, | 459 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, |
| 359 | X509_CRL *crl, int flags) | 460 | X509 *cert) |
| 360 | { | 461 | { |
| 361 | ctx->issuer_cert = issuer; | 462 | CONF ctmp; |
| 362 | ctx->subject_cert = subj; | 463 | CONF_set_nconf(&ctmp, conf); |
| 363 | ctx->crl = crl; | 464 | return X509V3_EXT_add_nconf(&ctmp, ctx, section, cert); |
| 364 | ctx->subject_req = req; | 465 | } |
| 365 | ctx->flags = flags; | 466 | |
| 366 | } | 467 | /* Same as above but for a CRL */ |
| 468 | |||
| 469 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 470 | X509_CRL *crl) | ||
| 471 | { | ||
| 472 | CONF ctmp; | ||
| 473 | CONF_set_nconf(&ctmp, conf); | ||
| 474 | return X509V3_EXT_CRL_add_nconf(&ctmp, ctx, section, crl); | ||
| 475 | } | ||
| 476 | |||
| 477 | /* Add extensions to certificate request */ | ||
| 478 | |||
| 479 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, | ||
| 480 | X509_REQ *req) | ||
| 481 | { | ||
| 482 | CONF ctmp; | ||
| 483 | CONF_set_nconf(&ctmp, conf); | ||
| 484 | return X509V3_EXT_REQ_add_nconf(&ctmp, ctx, section, req); | ||
| 485 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_cpols.c b/src/lib/libcrypto/x509v3/v3_cpols.c index b4d4883545..0d4ab1f680 100644 --- a/src/lib/libcrypto/x509v3/v3_cpols.c +++ b/src/lib/libcrypto/x509v3/v3_cpols.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | /* Certificate policies extension support: this one is a bit complex... */ | 66 | /* Certificate policies extension support: this one is a bit complex... */ |
| @@ -73,21 +73,58 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
| 73 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); | 73 | STACK_OF(CONF_VALUE) *polstrs, int ia5org); |
| 74 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | 74 | static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, |
| 75 | STACK_OF(CONF_VALUE) *unot, int ia5org); | 75 | STACK_OF(CONF_VALUE) *unot, int ia5org); |
| 76 | static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos); | 76 | static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos); |
| 77 | 77 | ||
| 78 | X509V3_EXT_METHOD v3_cpols = { | 78 | X509V3_EXT_METHOD v3_cpols = { |
| 79 | NID_certificate_policies, 0, | 79 | NID_certificate_policies, 0,ASN1_ITEM_ref(CERTIFICATEPOLICIES), |
| 80 | (X509V3_EXT_NEW)CERTIFICATEPOLICIES_new, | 80 | 0,0,0,0, |
| 81 | (X509V3_EXT_FREE)CERTIFICATEPOLICIES_free, | 81 | 0,0, |
| 82 | (X509V3_EXT_D2I)d2i_CERTIFICATEPOLICIES, | 82 | 0,0, |
| 83 | (X509V3_EXT_I2D)i2d_CERTIFICATEPOLICIES, | ||
| 84 | NULL, NULL, | ||
| 85 | NULL, NULL, | ||
| 86 | (X509V3_EXT_I2R)i2r_certpol, | 83 | (X509V3_EXT_I2R)i2r_certpol, |
| 87 | (X509V3_EXT_R2I)r2i_certpol, | 84 | (X509V3_EXT_R2I)r2i_certpol, |
| 88 | NULL | 85 | NULL |
| 89 | }; | 86 | }; |
| 90 | 87 | ||
| 88 | ASN1_ITEM_TEMPLATE(CERTIFICATEPOLICIES) = | ||
| 89 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, CERTIFICATEPOLICIES, POLICYINFO) | ||
| 90 | ASN1_ITEM_TEMPLATE_END(CERTIFICATEPOLICIES) | ||
| 91 | |||
| 92 | IMPLEMENT_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | ||
| 93 | |||
| 94 | ASN1_SEQUENCE(POLICYINFO) = { | ||
| 95 | ASN1_SIMPLE(POLICYINFO, policyid, ASN1_OBJECT), | ||
| 96 | ASN1_SEQUENCE_OF_OPT(POLICYINFO, qualifiers, POLICYQUALINFO) | ||
| 97 | } ASN1_SEQUENCE_END(POLICYINFO) | ||
| 98 | |||
| 99 | IMPLEMENT_ASN1_FUNCTIONS(POLICYINFO) | ||
| 100 | |||
| 101 | ASN1_ADB_TEMPLATE(policydefault) = ASN1_SIMPLE(POLICYQUALINFO, d.other, ASN1_ANY); | ||
| 102 | |||
| 103 | ASN1_ADB(POLICYQUALINFO) = { | ||
| 104 | ADB_ENTRY(NID_id_qt_cps, ASN1_SIMPLE(POLICYQUALINFO, d.cpsuri, ASN1_IA5STRING)), | ||
| 105 | ADB_ENTRY(NID_id_qt_unotice, ASN1_SIMPLE(POLICYQUALINFO, d.usernotice, USERNOTICE)) | ||
| 106 | } ASN1_ADB_END(POLICYQUALINFO, 0, pqualid, 0, &policydefault_tt, NULL); | ||
| 107 | |||
| 108 | ASN1_SEQUENCE(POLICYQUALINFO) = { | ||
| 109 | ASN1_SIMPLE(POLICYQUALINFO, pqualid, ASN1_OBJECT), | ||
| 110 | ASN1_ADB_OBJECT(POLICYQUALINFO) | ||
| 111 | } ASN1_SEQUENCE_END(POLICYQUALINFO) | ||
| 112 | |||
| 113 | IMPLEMENT_ASN1_FUNCTIONS(POLICYQUALINFO) | ||
| 114 | |||
| 115 | ASN1_SEQUENCE(USERNOTICE) = { | ||
| 116 | ASN1_OPT(USERNOTICE, noticeref, NOTICEREF), | ||
| 117 | ASN1_OPT(USERNOTICE, exptext, DISPLAYTEXT) | ||
| 118 | } ASN1_SEQUENCE_END(USERNOTICE) | ||
| 119 | |||
| 120 | IMPLEMENT_ASN1_FUNCTIONS(USERNOTICE) | ||
| 121 | |||
| 122 | ASN1_SEQUENCE(NOTICEREF) = { | ||
| 123 | ASN1_SIMPLE(NOTICEREF, organization, DISPLAYTEXT), | ||
| 124 | ASN1_SEQUENCE_OF(NOTICEREF, noticenos, ASN1_INTEGER) | ||
| 125 | } ASN1_SEQUENCE_END(NOTICEREF) | ||
| 126 | |||
| 127 | IMPLEMENT_ASN1_FUNCTIONS(NOTICEREF) | ||
| 91 | 128 | ||
| 92 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, | 129 | static STACK_OF(POLICYINFO) *r2i_certpol(X509V3_EXT_METHOD *method, |
| 93 | X509V3_CTX *ctx, char *value) | 130 | X509V3_CTX *ctx, char *value) |
| @@ -169,7 +206,7 @@ static POLICYINFO *policy_section(X509V3_CTX *ctx, | |||
| 169 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) | 206 | if(!sk_POLICYQUALINFO_push(pol->qualifiers, qual)) |
| 170 | goto merr; | 207 | goto merr; |
| 171 | qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); | 208 | qual->pqualid = OBJ_nid2obj(NID_id_qt_cps); |
| 172 | qual->d.cpsuri = ASN1_IA5STRING_new(); | 209 | qual->d.cpsuri = M_ASN1_IA5STRING_new(); |
| 173 | if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, | 210 | if(!ASN1_STRING_set(qual->d.cpsuri, cnf->value, |
| 174 | strlen(cnf->value))) goto merr; | 211 | strlen(cnf->value))) goto merr; |
| 175 | } else if(!name_cmp(cnf->name, "userNotice")) { | 212 | } else if(!name_cmp(cnf->name, "userNotice")) { |
| @@ -229,7 +266,7 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 229 | for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { | 266 | for(i = 0; i < sk_CONF_VALUE_num(unot); i++) { |
| 230 | cnf = sk_CONF_VALUE_value(unot, i); | 267 | cnf = sk_CONF_VALUE_value(unot, i); |
| 231 | if(!strcmp(cnf->name, "explicitText")) { | 268 | if(!strcmp(cnf->name, "explicitText")) { |
| 232 | not->exptext = ASN1_VISIBLESTRING_new(); | 269 | not->exptext = M_ASN1_VISIBLESTRING_new(); |
| 233 | if(!ASN1_STRING_set(not->exptext, cnf->value, | 270 | if(!ASN1_STRING_set(not->exptext, cnf->value, |
| 234 | strlen(cnf->value))) goto merr; | 271 | strlen(cnf->value))) goto merr; |
| 235 | } else if(!strcmp(cnf->name, "organization")) { | 272 | } else if(!strcmp(cnf->name, "organization")) { |
| @@ -238,8 +275,8 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 238 | if(!(nref = NOTICEREF_new())) goto merr; | 275 | if(!(nref = NOTICEREF_new())) goto merr; |
| 239 | not->noticeref = nref; | 276 | not->noticeref = nref; |
| 240 | } else nref = not->noticeref; | 277 | } else nref = not->noticeref; |
| 241 | if(ia5org) nref->organization = ASN1_IA5STRING_new(); | 278 | if(ia5org) nref->organization = M_ASN1_IA5STRING_new(); |
| 242 | else nref->organization = ASN1_VISIBLESTRING_new(); | 279 | else nref->organization = M_ASN1_VISIBLESTRING_new(); |
| 243 | if(!ASN1_STRING_set(nref->organization, cnf->value, | 280 | if(!ASN1_STRING_set(nref->organization, cnf->value, |
| 244 | strlen(cnf->value))) goto merr; | 281 | strlen(cnf->value))) goto merr; |
| 245 | } else if(!strcmp(cnf->name, "noticeNumbers")) { | 282 | } else if(!strcmp(cnf->name, "noticeNumbers")) { |
| @@ -282,20 +319,22 @@ static POLICYQUALINFO *notice_section(X509V3_CTX *ctx, | |||
| 282 | return NULL; | 319 | return NULL; |
| 283 | } | 320 | } |
| 284 | 321 | ||
| 285 | static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos) | 322 | static STACK_OF(ASN1_INTEGER) *nref_nos(STACK_OF(CONF_VALUE) *nos) |
| 286 | { | 323 | { |
| 287 | STACK *nnums; | 324 | STACK_OF(ASN1_INTEGER) *nnums; |
| 288 | CONF_VALUE *cnf; | 325 | CONF_VALUE *cnf; |
| 289 | ASN1_INTEGER *aint; | 326 | ASN1_INTEGER *aint; |
| 327 | |||
| 290 | int i; | 328 | int i; |
| 291 | if(!(nnums = sk_new_null())) goto merr; | 329 | |
| 330 | if(!(nnums = sk_ASN1_INTEGER_new_null())) goto merr; | ||
| 292 | for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { | 331 | for(i = 0; i < sk_CONF_VALUE_num(nos); i++) { |
| 293 | cnf = sk_CONF_VALUE_value(nos, i); | 332 | cnf = sk_CONF_VALUE_value(nos, i); |
| 294 | if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { | 333 | if(!(aint = s2i_ASN1_INTEGER(NULL, cnf->name))) { |
| 295 | X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); | 334 | X509V3err(X509V3_F_NREF_NOS,X509V3_R_INVALID_NUMBER); |
| 296 | goto err; | 335 | goto err; |
| 297 | } | 336 | } |
| 298 | if(!sk_push(nnums, (char *)aint)) goto merr; | 337 | if(!sk_ASN1_INTEGER_push(nnums, aint)) goto merr; |
| 299 | } | 338 | } |
| 300 | return nnums; | 339 | return nnums; |
| 301 | 340 | ||
| @@ -303,7 +342,7 @@ static STACK *nref_nos(STACK_OF(CONF_VALUE) *nos) | |||
| 303 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); | 342 | X509V3err(X509V3_F_NOTICE_SECTION,ERR_R_MALLOC_FAILURE); |
| 304 | 343 | ||
| 305 | err: | 344 | err: |
| 306 | sk_pop_free(nnums, ASN1_STRING_free); | 345 | sk_ASN1_INTEGER_pop_free(nnums, ASN1_STRING_free); |
| 307 | return NULL; | 346 | return NULL; |
| 308 | } | 347 | } |
| 309 | 348 | ||
| @@ -325,83 +364,6 @@ static int i2r_certpol(X509V3_EXT_METHOD *method, STACK_OF(POLICYINFO) *pol, | |||
| 325 | return 1; | 364 | return 1; |
| 326 | } | 365 | } |
| 327 | 366 | ||
| 328 | |||
| 329 | int i2d_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) *a, unsigned char **pp) | ||
| 330 | { | ||
| 331 | |||
| 332 | return i2d_ASN1_SET_OF_POLICYINFO(a, pp, i2d_POLICYINFO, V_ASN1_SEQUENCE, | ||
| 333 | V_ASN1_UNIVERSAL, IS_SEQUENCE);} | ||
| 334 | |||
| 335 | STACK_OF(POLICYINFO) *CERTIFICATEPOLICIES_new(void) | ||
| 336 | { | ||
| 337 | return sk_POLICYINFO_new_null(); | ||
| 338 | } | ||
| 339 | |||
| 340 | void CERTIFICATEPOLICIES_free(STACK_OF(POLICYINFO) *a) | ||
| 341 | { | ||
| 342 | sk_POLICYINFO_pop_free(a, POLICYINFO_free); | ||
| 343 | } | ||
| 344 | |||
| 345 | STACK_OF(POLICYINFO) *d2i_CERTIFICATEPOLICIES(STACK_OF(POLICYINFO) **a, | ||
| 346 | unsigned char **pp,long length) | ||
| 347 | { | ||
| 348 | return d2i_ASN1_SET_OF_POLICYINFO(a, pp, length, d2i_POLICYINFO, | ||
| 349 | POLICYINFO_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 350 | |||
| 351 | } | ||
| 352 | |||
| 353 | IMPLEMENT_STACK_OF(POLICYINFO) | ||
| 354 | IMPLEMENT_ASN1_SET_OF(POLICYINFO) | ||
| 355 | |||
| 356 | int i2d_POLICYINFO(POLICYINFO *a, unsigned char **pp) | ||
| 357 | { | ||
| 358 | M_ASN1_I2D_vars(a); | ||
| 359 | |||
| 360 | M_ASN1_I2D_len (a->policyid, i2d_ASN1_OBJECT); | ||
| 361 | M_ASN1_I2D_len_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, | ||
| 362 | i2d_POLICYQUALINFO); | ||
| 363 | |||
| 364 | M_ASN1_I2D_seq_total(); | ||
| 365 | |||
| 366 | M_ASN1_I2D_put (a->policyid, i2d_ASN1_OBJECT); | ||
| 367 | M_ASN1_I2D_put_SEQUENCE_type(POLICYQUALINFO, a->qualifiers, | ||
| 368 | i2d_POLICYQUALINFO); | ||
| 369 | |||
| 370 | M_ASN1_I2D_finish(); | ||
| 371 | } | ||
| 372 | |||
| 373 | POLICYINFO *POLICYINFO_new(void) | ||
| 374 | { | ||
| 375 | POLICYINFO *ret=NULL; | ||
| 376 | ASN1_CTX c; | ||
| 377 | M_ASN1_New_Malloc(ret, POLICYINFO); | ||
| 378 | ret->policyid = NULL; | ||
| 379 | ret->qualifiers = NULL; | ||
| 380 | return (ret); | ||
| 381 | M_ASN1_New_Error(ASN1_F_POLICYINFO_NEW); | ||
| 382 | } | ||
| 383 | |||
| 384 | POLICYINFO *d2i_POLICYINFO(POLICYINFO **a, unsigned char **pp,long length) | ||
| 385 | { | ||
| 386 | M_ASN1_D2I_vars(a,POLICYINFO *,POLICYINFO_new); | ||
| 387 | M_ASN1_D2I_Init(); | ||
| 388 | M_ASN1_D2I_start_sequence(); | ||
| 389 | M_ASN1_D2I_get(ret->policyid, d2i_ASN1_OBJECT); | ||
| 390 | if(!M_ASN1_D2I_end_sequence()) { | ||
| 391 | M_ASN1_D2I_get_seq_type (POLICYQUALINFO, ret->qualifiers, | ||
| 392 | d2i_POLICYQUALINFO, POLICYQUALINFO_free); | ||
| 393 | } | ||
| 394 | M_ASN1_D2I_Finish(a, POLICYINFO_free, ASN1_F_D2I_POLICYINFO); | ||
| 395 | } | ||
| 396 | |||
| 397 | void POLICYINFO_free(POLICYINFO *a) | ||
| 398 | { | ||
| 399 | if (a == NULL) return; | ||
| 400 | ASN1_OBJECT_free(a->policyid); | ||
| 401 | sk_POLICYQUALINFO_pop_free(a->qualifiers, POLICYQUALINFO_free); | ||
| 402 | Free (a); | ||
| 403 | } | ||
| 404 | |||
| 405 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, | 367 | static void print_qualifiers(BIO *out, STACK_OF(POLICYQUALINFO) *quals, |
| 406 | int indent) | 368 | int indent) |
| 407 | { | 369 | { |
| @@ -441,15 +403,15 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 441 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", | 403 | BIO_printf(out, "%*sOrganization: %s\n", indent, "", |
| 442 | ref->organization->data); | 404 | ref->organization->data); |
| 443 | BIO_printf(out, "%*sNumber%s: ", indent, "", | 405 | BIO_printf(out, "%*sNumber%s: ", indent, "", |
| 444 | (sk_num(ref->noticenos) > 1) ? "s" : ""); | 406 | sk_ASN1_INTEGER_num(ref->noticenos) > 1 ? "s" : ""); |
| 445 | for(i = 0; i < sk_num(ref->noticenos); i++) { | 407 | for(i = 0; i < sk_ASN1_INTEGER_num(ref->noticenos); i++) { |
| 446 | ASN1_INTEGER *num; | 408 | ASN1_INTEGER *num; |
| 447 | char *tmp; | 409 | char *tmp; |
| 448 | num = (ASN1_INTEGER *)sk_value(ref->noticenos, i); | 410 | num = sk_ASN1_INTEGER_value(ref->noticenos, i); |
| 449 | if(i) BIO_puts(out, ", "); | 411 | if(i) BIO_puts(out, ", "); |
| 450 | tmp = i2s_ASN1_INTEGER(NULL, num); | 412 | tmp = i2s_ASN1_INTEGER(NULL, num); |
| 451 | BIO_puts(out, tmp); | 413 | BIO_puts(out, tmp); |
| 452 | Free(tmp); | 414 | OPENSSL_free(tmp); |
| 453 | } | 415 | } |
| 454 | BIO_puts(out, "\n"); | 416 | BIO_puts(out, "\n"); |
| 455 | } | 417 | } |
| @@ -457,199 +419,4 @@ static void print_notice(BIO *out, USERNOTICE *notice, int indent) | |||
| 457 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", | 419 | BIO_printf(out, "%*sExplicit Text: %s\n", indent, "", |
| 458 | notice->exptext->data); | 420 | notice->exptext->data); |
| 459 | } | 421 | } |
| 460 | |||
| 461 | |||
| 462 | |||
| 463 | int i2d_POLICYQUALINFO(POLICYQUALINFO *a, unsigned char **pp) | ||
| 464 | { | ||
| 465 | M_ASN1_I2D_vars(a); | ||
| 466 | |||
| 467 | M_ASN1_I2D_len (a->pqualid, i2d_ASN1_OBJECT); | ||
| 468 | switch(OBJ_obj2nid(a->pqualid)) { | ||
| 469 | case NID_id_qt_cps: | ||
| 470 | M_ASN1_I2D_len(a->d.cpsuri, i2d_ASN1_IA5STRING); | ||
| 471 | break; | ||
| 472 | |||
| 473 | case NID_id_qt_unotice: | ||
| 474 | M_ASN1_I2D_len(a->d.usernotice, i2d_USERNOTICE); | ||
| 475 | break; | ||
| 476 | |||
| 477 | default: | ||
| 478 | M_ASN1_I2D_len(a->d.other, i2d_ASN1_TYPE); | ||
| 479 | break; | ||
| 480 | } | ||
| 481 | |||
| 482 | M_ASN1_I2D_seq_total(); | ||
| 483 | |||
| 484 | M_ASN1_I2D_put (a->pqualid, i2d_ASN1_OBJECT); | ||
| 485 | switch(OBJ_obj2nid(a->pqualid)) { | ||
| 486 | case NID_id_qt_cps: | ||
| 487 | M_ASN1_I2D_put(a->d.cpsuri, i2d_ASN1_IA5STRING); | ||
| 488 | break; | ||
| 489 | |||
| 490 | case NID_id_qt_unotice: | ||
| 491 | M_ASN1_I2D_put(a->d.usernotice, i2d_USERNOTICE); | ||
| 492 | break; | ||
| 493 | |||
| 494 | default: | ||
| 495 | M_ASN1_I2D_put(a->d.other, i2d_ASN1_TYPE); | ||
| 496 | break; | ||
| 497 | } | ||
| 498 | |||
| 499 | M_ASN1_I2D_finish(); | ||
| 500 | } | ||
| 501 | |||
| 502 | POLICYQUALINFO *POLICYQUALINFO_new(void) | ||
| 503 | { | ||
| 504 | POLICYQUALINFO *ret=NULL; | ||
| 505 | ASN1_CTX c; | ||
| 506 | M_ASN1_New_Malloc(ret, POLICYQUALINFO); | ||
| 507 | ret->pqualid = NULL; | ||
| 508 | ret->d.other = NULL; | ||
| 509 | return (ret); | ||
| 510 | M_ASN1_New_Error(ASN1_F_POLICYQUALINFO_NEW); | ||
| 511 | } | ||
| 512 | |||
| 513 | POLICYQUALINFO *d2i_POLICYQUALINFO(POLICYQUALINFO **a, unsigned char **pp, | ||
| 514 | long length) | ||
| 515 | { | ||
| 516 | M_ASN1_D2I_vars(a,POLICYQUALINFO *,POLICYQUALINFO_new); | ||
| 517 | M_ASN1_D2I_Init(); | ||
| 518 | M_ASN1_D2I_start_sequence(); | ||
| 519 | M_ASN1_D2I_get (ret->pqualid, d2i_ASN1_OBJECT); | ||
| 520 | switch(OBJ_obj2nid(ret->pqualid)) { | ||
| 521 | case NID_id_qt_cps: | ||
| 522 | M_ASN1_D2I_get(ret->d.cpsuri, d2i_ASN1_IA5STRING); | ||
| 523 | break; | ||
| 524 | |||
| 525 | case NID_id_qt_unotice: | ||
| 526 | M_ASN1_D2I_get(ret->d.usernotice, d2i_USERNOTICE); | ||
| 527 | break; | ||
| 528 | |||
| 529 | default: | ||
| 530 | M_ASN1_D2I_get(ret->d.other, d2i_ASN1_TYPE); | ||
| 531 | break; | ||
| 532 | } | ||
| 533 | M_ASN1_D2I_Finish(a, POLICYQUALINFO_free, ASN1_F_D2I_POLICYQUALINFO); | ||
| 534 | } | ||
| 535 | |||
| 536 | void POLICYQUALINFO_free(POLICYQUALINFO *a) | ||
| 537 | { | ||
| 538 | if (a == NULL) return; | ||
| 539 | switch(OBJ_obj2nid(a->pqualid)) { | ||
| 540 | case NID_id_qt_cps: | ||
| 541 | ASN1_IA5STRING_free(a->d.cpsuri); | ||
| 542 | break; | ||
| 543 | |||
| 544 | case NID_id_qt_unotice: | ||
| 545 | USERNOTICE_free(a->d.usernotice); | ||
| 546 | break; | ||
| 547 | |||
| 548 | default: | ||
| 549 | ASN1_TYPE_free(a->d.other); | ||
| 550 | break; | ||
| 551 | } | ||
| 552 | |||
| 553 | ASN1_OBJECT_free(a->pqualid); | ||
| 554 | Free (a); | ||
| 555 | } | ||
| 556 | |||
| 557 | int i2d_USERNOTICE(USERNOTICE *a, unsigned char **pp) | ||
| 558 | { | ||
| 559 | M_ASN1_I2D_vars(a); | ||
| 560 | |||
| 561 | M_ASN1_I2D_len (a->noticeref, i2d_NOTICEREF); | ||
| 562 | M_ASN1_I2D_len (a->exptext, i2d_DISPLAYTEXT); | ||
| 563 | |||
| 564 | M_ASN1_I2D_seq_total(); | ||
| 565 | |||
| 566 | M_ASN1_I2D_put (a->noticeref, i2d_NOTICEREF); | ||
| 567 | M_ASN1_I2D_put (a->exptext, i2d_DISPLAYTEXT); | ||
| 568 | |||
| 569 | M_ASN1_I2D_finish(); | ||
| 570 | } | ||
| 571 | |||
| 572 | USERNOTICE *USERNOTICE_new(void) | ||
| 573 | { | ||
| 574 | USERNOTICE *ret=NULL; | ||
| 575 | ASN1_CTX c; | ||
| 576 | M_ASN1_New_Malloc(ret, USERNOTICE); | ||
| 577 | ret->noticeref = NULL; | ||
| 578 | ret->exptext = NULL; | ||
| 579 | return (ret); | ||
| 580 | M_ASN1_New_Error(ASN1_F_USERNOTICE_NEW); | ||
| 581 | } | ||
| 582 | |||
| 583 | USERNOTICE *d2i_USERNOTICE(USERNOTICE **a, unsigned char **pp,long length) | ||
| 584 | { | ||
| 585 | M_ASN1_D2I_vars(a,USERNOTICE *,USERNOTICE_new); | ||
| 586 | M_ASN1_D2I_Init(); | ||
| 587 | M_ASN1_D2I_start_sequence(); | ||
| 588 | M_ASN1_D2I_get_opt(ret->noticeref, d2i_NOTICEREF, V_ASN1_SEQUENCE); | ||
| 589 | if (!M_ASN1_D2I_end_sequence()) { | ||
| 590 | M_ASN1_D2I_get(ret->exptext, d2i_DISPLAYTEXT); | ||
| 591 | } | ||
| 592 | M_ASN1_D2I_Finish(a, USERNOTICE_free, ASN1_F_D2I_USERNOTICE); | ||
| 593 | } | ||
| 594 | |||
| 595 | void USERNOTICE_free(USERNOTICE *a) | ||
| 596 | { | ||
| 597 | if (a == NULL) return; | ||
| 598 | NOTICEREF_free(a->noticeref); | ||
| 599 | DISPLAYTEXT_free(a->exptext); | ||
| 600 | Free (a); | ||
| 601 | } | ||
| 602 | |||
| 603 | int i2d_NOTICEREF(NOTICEREF *a, unsigned char **pp) | ||
| 604 | { | ||
| 605 | M_ASN1_I2D_vars(a); | ||
| 606 | |||
| 607 | M_ASN1_I2D_len (a->organization, i2d_DISPLAYTEXT); | ||
| 608 | M_ASN1_I2D_len_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); | ||
| 609 | |||
| 610 | M_ASN1_I2D_seq_total(); | ||
| 611 | |||
| 612 | M_ASN1_I2D_put (a->organization, i2d_DISPLAYTEXT); | ||
| 613 | M_ASN1_I2D_put_SEQUENCE(a->noticenos, i2d_ASN1_INTEGER); | ||
| 614 | |||
| 615 | M_ASN1_I2D_finish(); | ||
| 616 | } | ||
| 617 | |||
| 618 | NOTICEREF *NOTICEREF_new(void) | ||
| 619 | { | ||
| 620 | NOTICEREF *ret=NULL; | ||
| 621 | ASN1_CTX c; | ||
| 622 | M_ASN1_New_Malloc(ret, NOTICEREF); | ||
| 623 | ret->organization = NULL; | ||
| 624 | ret->noticenos = NULL; | ||
| 625 | return (ret); | ||
| 626 | M_ASN1_New_Error(ASN1_F_NOTICEREF_NEW); | ||
| 627 | } | ||
| 628 | |||
| 629 | NOTICEREF *d2i_NOTICEREF(NOTICEREF **a, unsigned char **pp,long length) | ||
| 630 | { | ||
| 631 | M_ASN1_D2I_vars(a,NOTICEREF *,NOTICEREF_new); | ||
| 632 | M_ASN1_D2I_Init(); | ||
| 633 | M_ASN1_D2I_start_sequence(); | ||
| 634 | /* This is to cope with some broken encodings that use IA5STRING for | ||
| 635 | * the organization field | ||
| 636 | */ | ||
| 637 | M_ASN1_D2I_get_opt(ret->organization, d2i_ASN1_IA5STRING, | ||
| 638 | V_ASN1_IA5STRING); | ||
| 639 | if(!ret->organization) { | ||
| 640 | M_ASN1_D2I_get(ret->organization, d2i_DISPLAYTEXT); | ||
| 641 | } | ||
| 642 | M_ASN1_D2I_get_seq(ret->noticenos, d2i_ASN1_INTEGER, ASN1_STRING_free); | ||
| 643 | M_ASN1_D2I_Finish(a, NOTICEREF_free, ASN1_F_D2I_NOTICEREF); | ||
| 644 | } | ||
| 645 | |||
| 646 | void NOTICEREF_free(NOTICEREF *a) | ||
| 647 | { | ||
| 648 | if (a == NULL) return; | ||
| 649 | DISPLAYTEXT_free(a->organization); | ||
| 650 | sk_pop_free(a->noticenos, ASN1_STRING_free); | ||
| 651 | Free (a); | ||
| 652 | } | ||
| 653 | 422 | ||
| 654 | IMPLEMENT_STACK_OF(POLICYQUALINFO) | ||
| 655 | IMPLEMENT_ASN1_SET_OF(POLICYQUALINFO) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_crld.c b/src/lib/libcrypto/x509v3/v3_crld.c index 897ffb63e4..894a8b94d8 100644 --- a/src/lib/libcrypto/x509v3/v3_crld.c +++ b/src/lib/libcrypto/x509v3/v3_crld.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | 66 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, |
| @@ -69,15 +69,13 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | |||
| 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 69 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 70 | 70 | ||
| 71 | X509V3_EXT_METHOD v3_crld = { | 71 | X509V3_EXT_METHOD v3_crld = { |
| 72 | NID_crl_distribution_points, X509V3_EXT_MULTILINE, | 72 | NID_crl_distribution_points, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(CRL_DIST_POINTS), |
| 73 | (X509V3_EXT_NEW)CRL_DIST_POINTS_new, | 73 | 0,0,0,0, |
| 74 | (X509V3_EXT_FREE)CRL_DIST_POINTS_free, | 74 | 0,0, |
| 75 | (X509V3_EXT_D2I)d2i_CRL_DIST_POINTS, | ||
| 76 | (X509V3_EXT_I2D)i2d_CRL_DIST_POINTS, | ||
| 77 | NULL, NULL, | ||
| 78 | (X509V3_EXT_I2V)i2v_crld, | 75 | (X509V3_EXT_I2V)i2v_crld, |
| 79 | (X509V3_EXT_V2I)v2i_crld, | 76 | (X509V3_EXT_V2I)v2i_crld, |
| 80 | NULL, NULL, NULL | 77 | 0,0, |
| 78 | NULL | ||
| 81 | }; | 79 | }; |
| 82 | 80 | ||
| 83 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | 81 | static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, |
| @@ -87,16 +85,16 @@ static STACK_OF(CONF_VALUE) *i2v_crld(X509V3_EXT_METHOD *method, | |||
| 87 | int i; | 85 | int i; |
| 88 | for(i = 0; i < sk_DIST_POINT_num(crld); i++) { | 86 | for(i = 0; i < sk_DIST_POINT_num(crld); i++) { |
| 89 | point = sk_DIST_POINT_value(crld, i); | 87 | point = sk_DIST_POINT_value(crld, i); |
| 90 | if(point->distpoint->fullname) { | 88 | if(point->distpoint) { |
| 91 | exts = i2v_GENERAL_NAMES(NULL, | 89 | if(point->distpoint->type == 0) |
| 92 | point->distpoint->fullname, exts); | 90 | exts = i2v_GENERAL_NAMES(NULL, |
| 91 | point->distpoint->name.fullname, exts); | ||
| 92 | else X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts); | ||
| 93 | } | 93 | } |
| 94 | if(point->reasons) | 94 | if(point->reasons) |
| 95 | X509V3_add_value("reasons","<UNSUPPORTED>", &exts); | 95 | X509V3_add_value("reasons","<UNSUPPORTED>", &exts); |
| 96 | if(point->CRLissuer) | 96 | if(point->CRLissuer) |
| 97 | X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts); | 97 | X509V3_add_value("CRLissuer","<UNSUPPORTED>", &exts); |
| 98 | if(point->distpoint->relativename) | ||
| 99 | X509V3_add_value("RelativeName","<UNSUPPORTED>", &exts); | ||
| 100 | } | 98 | } |
| 101 | return exts; | 99 | return exts; |
| 102 | } | 100 | } |
| @@ -105,11 +103,11 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | |||
| 105 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 103 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 106 | { | 104 | { |
| 107 | STACK_OF(DIST_POINT) *crld = NULL; | 105 | STACK_OF(DIST_POINT) *crld = NULL; |
| 108 | STACK_OF(GENERAL_NAME) *gens = NULL; | 106 | GENERAL_NAMES *gens = NULL; |
| 109 | GENERAL_NAME *gen = NULL; | 107 | GENERAL_NAME *gen = NULL; |
| 110 | CONF_VALUE *cnf; | 108 | CONF_VALUE *cnf; |
| 111 | int i; | 109 | int i; |
| 112 | if(!(crld = sk_DIST_POINT_new(NULL))) goto merr; | 110 | if(!(crld = sk_DIST_POINT_new_null())) goto merr; |
| 113 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | 111 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| 114 | DIST_POINT *point; | 112 | DIST_POINT *point; |
| 115 | cnf = sk_CONF_VALUE_value(nval, i); | 113 | cnf = sk_CONF_VALUE_value(nval, i); |
| @@ -123,7 +121,8 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | |||
| 123 | goto merr; | 121 | goto merr; |
| 124 | } | 122 | } |
| 125 | if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; | 123 | if(!(point->distpoint = DIST_POINT_NAME_new())) goto merr; |
| 126 | point->distpoint->fullname = gens; | 124 | point->distpoint->name.fullname = gens; |
| 125 | point->distpoint->type = 0; | ||
| 127 | gens = NULL; | 126 | gens = NULL; |
| 128 | } | 127 | } |
| 129 | return crld; | 128 | return crld; |
| @@ -137,147 +136,27 @@ static STACK_OF(DIST_POINT) *v2i_crld(X509V3_EXT_METHOD *method, | |||
| 137 | return NULL; | 136 | return NULL; |
| 138 | } | 137 | } |
| 139 | 138 | ||
| 140 | int i2d_CRL_DIST_POINTS(STACK_OF(DIST_POINT) *a, unsigned char **pp) | ||
| 141 | { | ||
| 142 | |||
| 143 | return i2d_ASN1_SET_OF_DIST_POINT(a, pp, i2d_DIST_POINT, V_ASN1_SEQUENCE, | ||
| 144 | V_ASN1_UNIVERSAL, IS_SEQUENCE);} | ||
| 145 | |||
| 146 | STACK_OF(DIST_POINT) *CRL_DIST_POINTS_new(void) | ||
| 147 | { | ||
| 148 | return sk_DIST_POINT_new_null(); | ||
| 149 | } | ||
| 150 | |||
| 151 | void CRL_DIST_POINTS_free(STACK_OF(DIST_POINT) *a) | ||
| 152 | { | ||
| 153 | sk_DIST_POINT_pop_free(a, DIST_POINT_free); | ||
| 154 | } | ||
| 155 | |||
| 156 | STACK_OF(DIST_POINT) *d2i_CRL_DIST_POINTS(STACK_OF(DIST_POINT) **a, | ||
| 157 | unsigned char **pp,long length) | ||
| 158 | { | ||
| 159 | return d2i_ASN1_SET_OF_DIST_POINT(a, pp, length, d2i_DIST_POINT, | ||
| 160 | DIST_POINT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 161 | |||
| 162 | } | ||
| 163 | |||
| 164 | IMPLEMENT_STACK_OF(DIST_POINT) | 139 | IMPLEMENT_STACK_OF(DIST_POINT) |
| 165 | IMPLEMENT_ASN1_SET_OF(DIST_POINT) | 140 | IMPLEMENT_ASN1_SET_OF(DIST_POINT) |
| 166 | 141 | ||
| 167 | int i2d_DIST_POINT(DIST_POINT *a, unsigned char **pp) | ||
| 168 | { | ||
| 169 | int v = 0; | ||
| 170 | M_ASN1_I2D_vars(a); | ||
| 171 | /* NB: underlying type is a CHOICE so need EXPLICIT tagging */ | ||
| 172 | M_ASN1_I2D_len_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); | ||
| 173 | M_ASN1_I2D_len_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING); | ||
| 174 | M_ASN1_I2D_len_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES); | ||
| 175 | 142 | ||
| 176 | M_ASN1_I2D_seq_total(); | 143 | ASN1_CHOICE(DIST_POINT_NAME) = { |
| 144 | ASN1_IMP_SEQUENCE_OF(DIST_POINT_NAME, name.fullname, GENERAL_NAME, 0), | ||
| 145 | ASN1_IMP_SET_OF(DIST_POINT_NAME, name.relativename, X509_NAME_ENTRY, 1) | ||
| 146 | } ASN1_CHOICE_END(DIST_POINT_NAME) | ||
| 177 | 147 | ||
| 178 | M_ASN1_I2D_put_EXP_opt (a->distpoint, i2d_DIST_POINT_NAME, 0, v); | 148 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT_NAME) |
| 179 | M_ASN1_I2D_put_IMP_opt (a->reasons, i2d_ASN1_BIT_STRING, 1); | ||
| 180 | M_ASN1_I2D_put_IMP_opt (a->CRLissuer, i2d_GENERAL_NAMES, 2); | ||
| 181 | 149 | ||
| 182 | M_ASN1_I2D_finish(); | 150 | ASN1_SEQUENCE(DIST_POINT) = { |
| 183 | } | 151 | ASN1_EXP_OPT(DIST_POINT, distpoint, DIST_POINT_NAME, 0), |
| 152 | ASN1_IMP_OPT(DIST_POINT, reasons, ASN1_BIT_STRING, 1), | ||
| 153 | ASN1_IMP_SEQUENCE_OF_OPT(DIST_POINT, CRLissuer, GENERAL_NAME, 2) | ||
| 154 | } ASN1_SEQUENCE_END(DIST_POINT) | ||
| 184 | 155 | ||
| 185 | DIST_POINT *DIST_POINT_new(void) | 156 | IMPLEMENT_ASN1_FUNCTIONS(DIST_POINT) |
| 186 | { | ||
| 187 | DIST_POINT *ret=NULL; | ||
| 188 | ASN1_CTX c; | ||
| 189 | M_ASN1_New_Malloc(ret, DIST_POINT); | ||
| 190 | ret->distpoint = NULL; | ||
| 191 | ret->reasons = NULL; | ||
| 192 | ret->CRLissuer = NULL; | ||
| 193 | return (ret); | ||
| 194 | M_ASN1_New_Error(ASN1_F_DIST_POINT_NEW); | ||
| 195 | } | ||
| 196 | 157 | ||
| 197 | DIST_POINT *d2i_DIST_POINT(DIST_POINT **a, unsigned char **pp, long length) | 158 | ASN1_ITEM_TEMPLATE(CRL_DIST_POINTS) = |
| 198 | { | 159 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, DIST_POINT, DIST_POINT) |
| 199 | M_ASN1_D2I_vars(a,DIST_POINT *,DIST_POINT_new); | 160 | ASN1_ITEM_TEMPLATE_END(CRL_DIST_POINTS) |
| 200 | M_ASN1_D2I_Init(); | ||
| 201 | M_ASN1_D2I_start_sequence(); | ||
| 202 | M_ASN1_D2I_get_EXP_opt (ret->distpoint, d2i_DIST_POINT_NAME, 0); | ||
| 203 | M_ASN1_D2I_get_IMP_opt (ret->reasons, d2i_ASN1_BIT_STRING, 1, | ||
| 204 | V_ASN1_BIT_STRING); | ||
| 205 | M_ASN1_D2I_get_IMP_opt (ret->CRLissuer, d2i_GENERAL_NAMES, 2, | ||
| 206 | V_ASN1_SEQUENCE); | ||
| 207 | M_ASN1_D2I_Finish(a, DIST_POINT_free, ASN1_F_D2I_DIST_POINT); | ||
| 208 | } | ||
| 209 | 161 | ||
| 210 | void DIST_POINT_free(DIST_POINT *a) | 162 | IMPLEMENT_ASN1_FUNCTIONS(CRL_DIST_POINTS) |
| 211 | { | ||
| 212 | if (a == NULL) return; | ||
| 213 | DIST_POINT_NAME_free(a->distpoint); | ||
| 214 | ASN1_BIT_STRING_free(a->reasons); | ||
| 215 | sk_GENERAL_NAME_pop_free(a->CRLissuer, GENERAL_NAME_free); | ||
| 216 | Free ((char *)a); | ||
| 217 | } | ||
| 218 | |||
| 219 | int i2d_DIST_POINT_NAME(DIST_POINT_NAME *a, unsigned char **pp) | ||
| 220 | { | ||
| 221 | int v = 0; | ||
| 222 | M_ASN1_I2D_vars(a); | ||
| 223 | |||
| 224 | if(a->fullname) { | ||
| 225 | M_ASN1_I2D_len_IMP_opt (a->fullname, i2d_GENERAL_NAMES); | ||
| 226 | } else { | ||
| 227 | M_ASN1_I2D_len_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); | ||
| 228 | } | ||
| 229 | |||
| 230 | /* Don't want a SEQUENCE so... */ | ||
| 231 | if(pp == NULL) return ret; | ||
| 232 | p = *pp; | ||
| 233 | |||
| 234 | if(a->fullname) { | ||
| 235 | M_ASN1_I2D_put_IMP_opt (a->fullname, i2d_GENERAL_NAMES, 0); | ||
| 236 | } else { | ||
| 237 | M_ASN1_I2D_put_EXP_opt (a->relativename, i2d_X509_NAME, 1, v); | ||
| 238 | } | ||
| 239 | M_ASN1_I2D_finish(); | ||
| 240 | } | ||
| 241 | |||
| 242 | DIST_POINT_NAME *DIST_POINT_NAME_new(void) | ||
| 243 | { | ||
| 244 | DIST_POINT_NAME *ret=NULL; | ||
| 245 | ASN1_CTX c; | ||
| 246 | M_ASN1_New_Malloc(ret, DIST_POINT_NAME); | ||
| 247 | ret->fullname = NULL; | ||
| 248 | ret->relativename = NULL; | ||
| 249 | return (ret); | ||
| 250 | M_ASN1_New_Error(ASN1_F_DIST_POINT_NAME_NEW); | ||
| 251 | } | ||
| 252 | |||
| 253 | void DIST_POINT_NAME_free(DIST_POINT_NAME *a) | ||
| 254 | { | ||
| 255 | if (a == NULL) return; | ||
| 256 | X509_NAME_free(a->relativename); | ||
| 257 | sk_GENERAL_NAME_pop_free(a->fullname, GENERAL_NAME_free); | ||
| 258 | Free ((char *)a); | ||
| 259 | } | ||
| 260 | |||
| 261 | DIST_POINT_NAME *d2i_DIST_POINT_NAME(DIST_POINT_NAME **a, unsigned char **pp, | ||
| 262 | long length) | ||
| 263 | { | ||
| 264 | unsigned char _tmp, tag; | ||
| 265 | M_ASN1_D2I_vars(a,DIST_POINT_NAME *,DIST_POINT_NAME_new); | ||
| 266 | M_ASN1_D2I_Init(); | ||
| 267 | c.slen = length; | ||
| 268 | |||
| 269 | _tmp = M_ASN1_next; | ||
| 270 | tag = _tmp & ~V_ASN1_CONSTRUCTED; | ||
| 271 | |||
| 272 | if(tag == (0|V_ASN1_CONTEXT_SPECIFIC)) { | ||
| 273 | M_ASN1_D2I_get_imp(ret->fullname, d2i_GENERAL_NAMES, | ||
| 274 | V_ASN1_SEQUENCE); | ||
| 275 | } else if (tag == (1|V_ASN1_CONTEXT_SPECIFIC)) { | ||
| 276 | M_ASN1_D2I_get_EXP_opt (ret->relativename, d2i_X509_NAME, 1); | ||
| 277 | } else { | ||
| 278 | c.error = ASN1_R_BAD_TAG; | ||
| 279 | goto err; | ||
| 280 | } | ||
| 281 | |||
| 282 | M_ASN1_D2I_Finish(a, DIST_POINT_NAME_free, ASN1_F_D2I_DIST_POINT_NAME); | ||
| 283 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_enum.c b/src/lib/libcrypto/x509v3/v3_enum.c index db423548ff..010c9d6260 100644 --- a/src/lib/libcrypto/x509v3/v3_enum.c +++ b/src/lib/libcrypto/x509v3/v3_enum.c | |||
| @@ -60,8 +60,6 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
| 62 | 62 | ||
| 63 | static ASN1_ENUMERATED *asn1_enumerated_new(void); | ||
| 64 | |||
| 65 | static ENUMERATED_NAMES crl_reasons[] = { | 63 | static ENUMERATED_NAMES crl_reasons[] = { |
| 66 | {0, "Unspecified", "unspecified"}, | 64 | {0, "Unspecified", "unspecified"}, |
| 67 | {1, "Key Compromise", "keyCompromise"}, | 65 | {1, "Key Compromise", "keyCompromise"}, |
| @@ -75,20 +73,13 @@ static ENUMERATED_NAMES crl_reasons[] = { | |||
| 75 | }; | 73 | }; |
| 76 | 74 | ||
| 77 | X509V3_EXT_METHOD v3_crl_reason = { | 75 | X509V3_EXT_METHOD v3_crl_reason = { |
| 78 | NID_crl_reason, 0, | 76 | NID_crl_reason, 0, ASN1_ITEM_ref(ASN1_ENUMERATED), |
| 79 | (X509V3_EXT_NEW)asn1_enumerated_new, | 77 | 0,0,0,0, |
| 80 | (X509V3_EXT_FREE)ASN1_STRING_free, | ||
| 81 | (X509V3_EXT_D2I)d2i_ASN1_ENUMERATED, | ||
| 82 | (X509V3_EXT_I2D)i2d_ASN1_ENUMERATED, | ||
| 83 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, | 78 | (X509V3_EXT_I2S)i2s_ASN1_ENUMERATED_TABLE, |
| 84 | (X509V3_EXT_S2I)NULL, | 79 | 0, |
| 85 | NULL, NULL, NULL, NULL, crl_reasons}; | 80 | 0,0,0,0, |
| 86 | 81 | crl_reasons}; | |
| 87 | 82 | ||
| 88 | static ASN1_ENUMERATED *asn1_enumerated_new(void) | ||
| 89 | { | ||
| 90 | return ASN1_ENUMERATED_new(); | ||
| 91 | } | ||
| 92 | 83 | ||
| 93 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, | 84 | char *i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *method, |
| 94 | ASN1_ENUMERATED *e) | 85 | ASN1_ENUMERATED *e) |
diff --git a/src/lib/libcrypto/x509v3/v3_extku.c b/src/lib/libcrypto/x509v3/v3_extku.c index e039d21cbf..b1cfaba1aa 100644 --- a/src/lib/libcrypto/x509v3/v3_extku.c +++ b/src/lib/libcrypto/x509v3/v3_extku.c | |||
| @@ -59,92 +59,84 @@ | |||
| 59 | 59 | ||
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, | 66 | static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, |
| 67 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 67 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 68 | static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, | 68 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, |
| 69 | STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *extlist); | 69 | void *eku, STACK_OF(CONF_VALUE) *extlist); |
| 70 | |||
| 70 | X509V3_EXT_METHOD v3_ext_ku = { | 71 | X509V3_EXT_METHOD v3_ext_ku = { |
| 71 | NID_ext_key_usage, 0, | 72 | NID_ext_key_usage, 0, |
| 72 | (X509V3_EXT_NEW)ext_ku_new, | 73 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), |
| 73 | (X509V3_EXT_FREE)ext_ku_free, | 74 | 0,0,0,0, |
| 74 | (X509V3_EXT_D2I)d2i_ext_ku, | 75 | 0,0, |
| 75 | (X509V3_EXT_I2D)i2d_ext_ku, | 76 | i2v_EXTENDED_KEY_USAGE, |
| 76 | NULL, NULL, | 77 | v2i_EXTENDED_KEY_USAGE, |
| 77 | (X509V3_EXT_I2V)i2v_ext_ku, | 78 | 0,0, |
| 78 | (X509V3_EXT_V2I)v2i_ext_ku, | 79 | NULL |
| 79 | NULL,NULL, | ||
| 80 | NULL | ||
| 81 | }; | 80 | }; |
| 82 | 81 | ||
| 83 | STACK_OF(ASN1_OBJECT) *ext_ku_new(void) | 82 | /* NB OCSP acceptable responses also is a SEQUENCE OF OBJECT */ |
| 84 | { | 83 | X509V3_EXT_METHOD v3_ocsp_accresp = { |
| 85 | return sk_ASN1_OBJECT_new_null(); | 84 | NID_id_pkix_OCSP_acceptableResponses, 0, |
| 86 | } | 85 | ASN1_ITEM_ref(EXTENDED_KEY_USAGE), |
| 87 | 86 | 0,0,0,0, | |
| 88 | void ext_ku_free(STACK_OF(ASN1_OBJECT) *eku) | 87 | 0,0, |
| 89 | { | 88 | i2v_EXTENDED_KEY_USAGE, |
| 90 | sk_ASN1_OBJECT_pop_free(eku, ASN1_OBJECT_free); | 89 | v2i_EXTENDED_KEY_USAGE, |
| 91 | return; | 90 | 0,0, |
| 92 | } | 91 | NULL |
| 93 | 92 | }; | |
| 94 | int i2d_ext_ku(STACK_OF(ASN1_OBJECT) *a, unsigned char **pp) | ||
| 95 | { | ||
| 96 | return i2d_ASN1_SET_OF_ASN1_OBJECT(a, pp, i2d_ASN1_OBJECT, | ||
| 97 | V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 98 | } | ||
| 99 | |||
| 100 | STACK_OF(ASN1_OBJECT) *d2i_ext_ku(STACK_OF(ASN1_OBJECT) **a, | ||
| 101 | unsigned char **pp, long length) | ||
| 102 | { | ||
| 103 | return d2i_ASN1_SET_OF_ASN1_OBJECT(a, pp, length, d2i_ASN1_OBJECT, | ||
| 104 | ASN1_OBJECT_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 105 | } | ||
| 106 | 93 | ||
| 94 | ASN1_ITEM_TEMPLATE(EXTENDED_KEY_USAGE) = | ||
| 95 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, EXTENDED_KEY_USAGE, ASN1_OBJECT) | ||
| 96 | ASN1_ITEM_TEMPLATE_END(EXTENDED_KEY_USAGE) | ||
| 107 | 97 | ||
| 98 | IMPLEMENT_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) | ||
| 108 | 99 | ||
| 109 | static STACK_OF(CONF_VALUE) *i2v_ext_ku(X509V3_EXT_METHOD *method, | 100 | static STACK_OF(CONF_VALUE) *i2v_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, |
| 110 | STACK_OF(ASN1_OBJECT) *eku, STACK_OF(CONF_VALUE) *ext_list) | 101 | void *a, STACK_OF(CONF_VALUE) *ext_list) |
| 111 | { | 102 | { |
| 112 | int i; | 103 | EXTENDED_KEY_USAGE *eku = a; |
| 113 | ASN1_OBJECT *obj; | 104 | int i; |
| 114 | char obj_tmp[80]; | 105 | ASN1_OBJECT *obj; |
| 115 | for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { | 106 | char obj_tmp[80]; |
| 116 | obj = sk_ASN1_OBJECT_value(eku, i); | 107 | for(i = 0; i < sk_ASN1_OBJECT_num(eku); i++) { |
| 117 | i2t_ASN1_OBJECT(obj_tmp, 80, obj); | 108 | obj = sk_ASN1_OBJECT_value(eku, i); |
| 118 | X509V3_add_value(NULL, obj_tmp, &ext_list); | 109 | i2t_ASN1_OBJECT(obj_tmp, 80, obj); |
| 119 | } | 110 | X509V3_add_value(NULL, obj_tmp, &ext_list); |
| 120 | return ext_list; | 111 | } |
| 112 | return ext_list; | ||
| 121 | } | 113 | } |
| 122 | 114 | ||
| 123 | static STACK_OF(ASN1_OBJECT) *v2i_ext_ku(X509V3_EXT_METHOD *method, | 115 | static void *v2i_EXTENDED_KEY_USAGE(X509V3_EXT_METHOD *method, |
| 124 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 116 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 125 | { | 117 | { |
| 126 | STACK_OF(ASN1_OBJECT) *extku; | 118 | EXTENDED_KEY_USAGE *extku; |
| 127 | char *extval; | 119 | char *extval; |
| 128 | ASN1_OBJECT *objtmp; | 120 | ASN1_OBJECT *objtmp; |
| 129 | CONF_VALUE *val; | 121 | CONF_VALUE *val; |
| 130 | int i; | 122 | int i; |
| 131 | 123 | ||
| 132 | if(!(extku = sk_ASN1_OBJECT_new(NULL))) { | 124 | if(!(extku = sk_ASN1_OBJECT_new_null())) { |
| 133 | X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); | 125 | X509V3err(X509V3_F_V2I_EXT_KU,ERR_R_MALLOC_FAILURE); |
| 134 | return NULL; | ||
| 135 | } | ||
| 136 | |||
| 137 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { | ||
| 138 | val = sk_CONF_VALUE_value(nval, i); | ||
| 139 | if(val->value) extval = val->value; | ||
| 140 | else extval = val->name; | ||
| 141 | if(!(objtmp = OBJ_txt2obj(extval, 0))) { | ||
| 142 | sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); | ||
| 143 | X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 144 | X509V3_conf_err(val); | ||
| 145 | return NULL; | 126 | return NULL; |
| 146 | } | 127 | } |
| 147 | sk_ASN1_OBJECT_push(extku, objtmp); | 128 | |
| 148 | } | 129 | for(i = 0; i < sk_CONF_VALUE_num(nval); i++) { |
| 149 | return extku; | 130 | val = sk_CONF_VALUE_value(nval, i); |
| 131 | if(val->value) extval = val->value; | ||
| 132 | else extval = val->name; | ||
| 133 | if(!(objtmp = OBJ_txt2obj(extval, 0))) { | ||
| 134 | sk_ASN1_OBJECT_pop_free(extku, ASN1_OBJECT_free); | ||
| 135 | X509V3err(X509V3_F_V2I_EXT_KU,X509V3_R_INVALID_OBJECT_IDENTIFIER); | ||
| 136 | X509V3_conf_err(val); | ||
| 137 | return NULL; | ||
| 138 | } | ||
| 139 | sk_ASN1_OBJECT_push(extku, objtmp); | ||
| 140 | } | ||
| 141 | return extku; | ||
| 150 | } | 142 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_genn.c b/src/lib/libcrypto/x509v3/v3_genn.c index af716232f8..650b510980 100644 --- a/src/lib/libcrypto/x509v3/v3_genn.c +++ b/src/lib/libcrypto/x509v3/v3_genn.c | |||
| @@ -59,179 +59,43 @@ | |||
| 59 | 59 | ||
| 60 | #include <stdio.h> | 60 | #include <stdio.h> |
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/asn1_mac.h> | ||
| 64 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
| 65 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 66 | 65 | ||
| 67 | int i2d_GENERAL_NAME(GENERAL_NAME *a, unsigned char **pp) | 66 | ASN1_SEQUENCE(OTHERNAME) = { |
| 68 | { | 67 | ASN1_SIMPLE(OTHERNAME, type_id, ASN1_OBJECT), |
| 69 | unsigned char *p; | 68 | /* Maybe have a true ANY DEFINED BY later */ |
| 70 | int ret; | 69 | ASN1_EXP(OTHERNAME, value, ASN1_ANY, 0) |
| 71 | 70 | } ASN1_SEQUENCE_END(OTHERNAME) | |
| 72 | ret = 0; | 71 | |
| 73 | 72 | IMPLEMENT_ASN1_FUNCTIONS(OTHERNAME) | |
| 74 | /* Save the location of initial TAG */ | 73 | |
| 75 | if(pp) p = *pp; | 74 | ASN1_SEQUENCE(EDIPARTYNAME) = { |
| 76 | else p = NULL; | 75 | ASN1_IMP_OPT(EDIPARTYNAME, nameAssigner, DIRECTORYSTRING, 0), |
| 77 | 76 | ASN1_IMP_OPT(EDIPARTYNAME, partyName, DIRECTORYSTRING, 1) | |
| 78 | /* GEN_DNAME needs special treatment because of EXPLICIT tag */ | 77 | } ASN1_SEQUENCE_END(EDIPARTYNAME) |
| 79 | 78 | ||
| 80 | if(a->type == GEN_DIRNAME) { | 79 | IMPLEMENT_ASN1_FUNCTIONS(EDIPARTYNAME) |
| 81 | int v = 0; | 80 | |
| 82 | M_ASN1_I2D_len_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); | 81 | ASN1_CHOICE(GENERAL_NAME) = { |
| 83 | if(!p) return ret; | 82 | ASN1_IMP(GENERAL_NAME, d.otherName, OTHERNAME, GEN_OTHERNAME), |
| 84 | M_ASN1_I2D_put_EXP_opt(a->d.dirn, i2d_X509_NAME, 4, v); | 83 | ASN1_IMP(GENERAL_NAME, d.rfc822Name, ASN1_IA5STRING, GEN_EMAIL), |
| 85 | *pp = p; | 84 | ASN1_IMP(GENERAL_NAME, d.dNSName, ASN1_IA5STRING, GEN_DNS), |
| 86 | return ret; | 85 | /* Don't decode this */ |
| 87 | } | 86 | ASN1_IMP(GENERAL_NAME, d.x400Address, ASN1_SEQUENCE, GEN_X400), |
| 88 | 87 | /* X509_NAME is a CHOICE type so use EXPLICIT */ | |
| 89 | switch(a->type) { | 88 | ASN1_EXP(GENERAL_NAME, d.directoryName, X509_NAME, GEN_DIRNAME), |
| 90 | 89 | ASN1_IMP(GENERAL_NAME, d.ediPartyName, EDIPARTYNAME, GEN_EDIPARTY), | |
| 91 | case GEN_OTHERNAME: | 90 | ASN1_IMP(GENERAL_NAME, d.uniformResourceIdentifier, ASN1_IA5STRING, GEN_URI), |
| 92 | case GEN_X400: | 91 | ASN1_IMP(GENERAL_NAME, d.iPAddress, ASN1_OCTET_STRING, GEN_IPADD), |
| 93 | case GEN_EDIPARTY: | 92 | ASN1_IMP(GENERAL_NAME, d.registeredID, ASN1_OBJECT, GEN_RID) |
| 94 | ret = i2d_ASN1_TYPE(a->d.other, pp); | 93 | } ASN1_CHOICE_END(GENERAL_NAME) |
| 95 | break; | 94 | |
| 96 | 95 | IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAME) | |
| 97 | case GEN_EMAIL: | 96 | |
| 98 | case GEN_DNS: | 97 | ASN1_ITEM_TEMPLATE(GENERAL_NAMES) = |
| 99 | case GEN_URI: | 98 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, GENERAL_NAME) |
| 100 | ret = i2d_ASN1_IA5STRING(a->d.ia5, pp); | 99 | ASN1_ITEM_TEMPLATE_END(GENERAL_NAMES) |
| 101 | break; | 100 | |
| 102 | 101 | IMPLEMENT_ASN1_FUNCTIONS(GENERAL_NAMES) | |
| 103 | case GEN_IPADD: | ||
| 104 | ret = i2d_ASN1_OCTET_STRING(a->d.ip, pp); | ||
| 105 | break; | ||
| 106 | |||
| 107 | case GEN_RID: | ||
| 108 | ret = i2d_ASN1_OBJECT(a->d.rid, pp); | ||
| 109 | break; | ||
| 110 | } | ||
| 111 | /* Replace TAG with IMPLICIT value */ | ||
| 112 | if(p) *p = (*p & V_ASN1_CONSTRUCTED) | a->type; | ||
| 113 | return ret; | ||
| 114 | } | ||
| 115 | |||
| 116 | GENERAL_NAME *GENERAL_NAME_new() | ||
| 117 | { | ||
| 118 | GENERAL_NAME *ret=NULL; | ||
| 119 | ASN1_CTX c; | ||
| 120 | M_ASN1_New_Malloc(ret, GENERAL_NAME); | ||
| 121 | ret->type = -1; | ||
| 122 | ret->d.ptr = NULL; | ||
| 123 | return (ret); | ||
| 124 | M_ASN1_New_Error(ASN1_F_GENERAL_NAME_NEW); | ||
| 125 | } | ||
| 126 | |||
| 127 | GENERAL_NAME *d2i_GENERAL_NAME(GENERAL_NAME **a, unsigned char **pp, | ||
| 128 | long length) | ||
| 129 | { | ||
| 130 | unsigned char _tmp; | ||
| 131 | M_ASN1_D2I_vars(a,GENERAL_NAME *,GENERAL_NAME_new); | ||
| 132 | M_ASN1_D2I_Init(); | ||
| 133 | c.slen = length; | ||
| 134 | |||
| 135 | _tmp = M_ASN1_next; | ||
| 136 | ret->type = _tmp & ~V_ASN1_CONSTRUCTED; | ||
| 137 | |||
| 138 | switch(ret->type) { | ||
| 139 | /* Just put these in a "blob" for now */ | ||
| 140 | case GEN_OTHERNAME: | ||
| 141 | case GEN_X400: | ||
| 142 | case GEN_EDIPARTY: | ||
| 143 | M_ASN1_D2I_get_imp(ret->d.other, d2i_ASN1_TYPE,V_ASN1_SEQUENCE); | ||
| 144 | break; | ||
| 145 | |||
| 146 | case GEN_EMAIL: | ||
| 147 | case GEN_DNS: | ||
| 148 | case GEN_URI: | ||
| 149 | M_ASN1_D2I_get_imp(ret->d.ia5, d2i_ASN1_IA5STRING, | ||
| 150 | V_ASN1_IA5STRING); | ||
| 151 | break; | ||
| 152 | |||
| 153 | case GEN_DIRNAME: | ||
| 154 | M_ASN1_D2I_get_EXP_opt(ret->d.dirn, d2i_X509_NAME, 4); | ||
| 155 | break; | ||
| 156 | |||
| 157 | case GEN_IPADD: | ||
| 158 | M_ASN1_D2I_get_imp(ret->d.ip, d2i_ASN1_OCTET_STRING, | ||
| 159 | V_ASN1_OCTET_STRING); | ||
| 160 | break; | ||
| 161 | |||
| 162 | case GEN_RID: | ||
| 163 | M_ASN1_D2I_get_imp(ret->d.rid, d2i_ASN1_OBJECT,V_ASN1_OBJECT); | ||
| 164 | break; | ||
| 165 | |||
| 166 | default: | ||
| 167 | c.error = ASN1_R_BAD_TAG; | ||
| 168 | goto err; | ||
| 169 | } | ||
| 170 | |||
| 171 | c.slen = 0; | ||
| 172 | M_ASN1_D2I_Finish(a, GENERAL_NAME_free, ASN1_F_D2I_GENERAL_NAME); | ||
| 173 | } | ||
| 174 | |||
| 175 | void GENERAL_NAME_free(GENERAL_NAME *a) | ||
| 176 | { | ||
| 177 | if (a == NULL) return; | ||
| 178 | switch(a->type) { | ||
| 179 | case GEN_OTHERNAME: | ||
| 180 | case GEN_X400: | ||
| 181 | case GEN_EDIPARTY: | ||
| 182 | ASN1_TYPE_free(a->d.other); | ||
| 183 | break; | ||
| 184 | |||
| 185 | case GEN_EMAIL: | ||
| 186 | case GEN_DNS: | ||
| 187 | case GEN_URI: | ||
| 188 | |||
| 189 | ASN1_IA5STRING_free(a->d.ia5); | ||
| 190 | break; | ||
| 191 | |||
| 192 | case GEN_DIRNAME: | ||
| 193 | X509_NAME_free(a->d.dirn); | ||
| 194 | break; | ||
| 195 | |||
| 196 | case GEN_IPADD: | ||
| 197 | ASN1_OCTET_STRING_free(a->d.ip); | ||
| 198 | break; | ||
| 199 | |||
| 200 | case GEN_RID: | ||
| 201 | ASN1_OBJECT_free(a->d.rid); | ||
| 202 | break; | ||
| 203 | |||
| 204 | } | ||
| 205 | Free ((char *)a); | ||
| 206 | } | ||
| 207 | |||
| 208 | /* Now the GeneralNames versions: a SEQUENCE OF GeneralName These are needed as | ||
| 209 | * an explicit functions. | ||
| 210 | */ | ||
| 211 | |||
| 212 | STACK_OF(GENERAL_NAME) *GENERAL_NAMES_new() | ||
| 213 | { | ||
| 214 | return sk_GENERAL_NAME_new(NULL); | ||
| 215 | } | ||
| 216 | |||
| 217 | void GENERAL_NAMES_free(STACK_OF(GENERAL_NAME) *a) | ||
| 218 | { | ||
| 219 | sk_GENERAL_NAME_pop_free(a, GENERAL_NAME_free); | ||
| 220 | } | ||
| 221 | |||
| 222 | STACK_OF(GENERAL_NAME) *d2i_GENERAL_NAMES(STACK_OF(GENERAL_NAME) **a, | ||
| 223 | unsigned char **pp, long length) | ||
| 224 | { | ||
| 225 | return d2i_ASN1_SET_OF_GENERAL_NAME(a, pp, length, d2i_GENERAL_NAME, | ||
| 226 | GENERAL_NAME_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 227 | } | ||
| 228 | |||
| 229 | int i2d_GENERAL_NAMES(STACK_OF(GENERAL_NAME) *a, unsigned char **pp) | ||
| 230 | { | ||
| 231 | return i2d_ASN1_SET_OF_GENERAL_NAME(a, pp, i2d_GENERAL_NAME, V_ASN1_SEQUENCE, | ||
| 232 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 233 | } | ||
| 234 | |||
| 235 | IMPLEMENT_STACK_OF(GENERAL_NAME) | ||
| 236 | IMPLEMENT_ASN1_SET_OF(GENERAL_NAME) | ||
| 237 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_ia5.c b/src/lib/libcrypto/x509v3/v3_ia5.c index 3446c5cd6a..f9414456de 100644 --- a/src/lib/libcrypto/x509v3/v3_ia5.c +++ b/src/lib/libcrypto/x509v3/v3_ia5.c | |||
| @@ -63,7 +63,6 @@ | |||
| 63 | #include <openssl/conf.h> | 63 | #include <openssl/conf.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | static ASN1_IA5STRING *ia5string_new(void); | ||
| 67 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); | 66 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, ASN1_IA5STRING *ia5); |
| 68 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 67 | static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
| 69 | X509V3_EXT_METHOD v3_ns_ia5_list[] = { | 68 | X509V3_EXT_METHOD v3_ns_ia5_list[] = { |
| @@ -78,17 +77,12 @@ EXT_END | |||
| 78 | }; | 77 | }; |
| 79 | 78 | ||
| 80 | 79 | ||
| 81 | static ASN1_IA5STRING *ia5string_new(void) | ||
| 82 | { | ||
| 83 | return ASN1_IA5STRING_new(); | ||
| 84 | } | ||
| 85 | |||
| 86 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | 80 | static char *i2s_ASN1_IA5STRING(X509V3_EXT_METHOD *method, |
| 87 | ASN1_IA5STRING *ia5) | 81 | ASN1_IA5STRING *ia5) |
| 88 | { | 82 | { |
| 89 | char *tmp; | 83 | char *tmp; |
| 90 | if(!ia5 || !ia5->length) return NULL; | 84 | if(!ia5 || !ia5->length) return NULL; |
| 91 | tmp = Malloc(ia5->length + 1); | 85 | if (!(tmp = OPENSSL_malloc(ia5->length + 1))) return NULL; |
| 92 | memcpy(tmp, ia5->data, ia5->length); | 86 | memcpy(tmp, ia5->data, ia5->length); |
| 93 | tmp[ia5->length] = 0; | 87 | tmp[ia5->length] = 0; |
| 94 | return tmp; | 88 | return tmp; |
| @@ -102,12 +96,15 @@ static ASN1_IA5STRING *s2i_ASN1_IA5STRING(X509V3_EXT_METHOD *method, | |||
| 102 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); | 96 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,X509V3_R_INVALID_NULL_ARGUMENT); |
| 103 | return NULL; | 97 | return NULL; |
| 104 | } | 98 | } |
| 105 | if(!(ia5 = ASN1_IA5STRING_new())) goto err; | 99 | if(!(ia5 = M_ASN1_IA5STRING_new())) goto err; |
| 106 | if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, | 100 | if(!ASN1_STRING_set((ASN1_STRING *)ia5, (unsigned char*)str, |
| 107 | strlen(str))) { | 101 | strlen(str))) { |
| 108 | ASN1_IA5STRING_free(ia5); | 102 | M_ASN1_IA5STRING_free(ia5); |
| 109 | goto err; | 103 | goto err; |
| 110 | } | 104 | } |
| 105 | #ifdef CHARSET_EBCDIC | ||
| 106 | ebcdic2ascii(ia5->data, ia5->data, ia5->length); | ||
| 107 | #endif /*CHARSET_EBCDIC*/ | ||
| 111 | return ia5; | 108 | return ia5; |
| 112 | err: | 109 | err: |
| 113 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); | 110 | X509V3err(X509V3_F_S2I_ASN1_IA5STRING,ERR_R_MALLOC_FAILURE); |
diff --git a/src/lib/libcrypto/x509v3/v3_info.c b/src/lib/libcrypto/x509v3/v3_info.c index 78d2135046..7f17f3231d 100644 --- a/src/lib/libcrypto/x509v3/v3_info.c +++ b/src/lib/libcrypto/x509v3/v3_info.c | |||
| @@ -60,28 +60,48 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | 66 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, |
| 67 | STACK_OF(ACCESS_DESCRIPTION) *ainfo, | 67 | AUTHORITY_INFO_ACCESS *ainfo, |
| 68 | STACK_OF(CONF_VALUE) *ret); | 68 | STACK_OF(CONF_VALUE) *ret); |
| 69 | static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | 69 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, |
| 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | 70 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); |
| 71 | 71 | ||
| 72 | X509V3_EXT_METHOD v3_info = | 72 | X509V3_EXT_METHOD v3_info = |
| 73 | { NID_info_access, X509V3_EXT_MULTILINE, | 73 | { NID_info_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), |
| 74 | (X509V3_EXT_NEW)AUTHORITY_INFO_ACCESS_new, | 74 | 0,0,0,0, |
| 75 | (X509V3_EXT_FREE)AUTHORITY_INFO_ACCESS_free, | 75 | 0,0, |
| 76 | (X509V3_EXT_D2I)d2i_AUTHORITY_INFO_ACCESS, | ||
| 77 | (X509V3_EXT_I2D)i2d_AUTHORITY_INFO_ACCESS, | ||
| 78 | NULL, NULL, | ||
| 79 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, | 76 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, |
| 80 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, | 77 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, |
| 81 | NULL, NULL, NULL}; | 78 | 0,0, |
| 79 | NULL}; | ||
| 80 | |||
| 81 | X509V3_EXT_METHOD v3_sinfo = | ||
| 82 | { NID_sinfo_access, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(AUTHORITY_INFO_ACCESS), | ||
| 83 | 0,0,0,0, | ||
| 84 | 0,0, | ||
| 85 | (X509V3_EXT_I2V)i2v_AUTHORITY_INFO_ACCESS, | ||
| 86 | (X509V3_EXT_V2I)v2i_AUTHORITY_INFO_ACCESS, | ||
| 87 | 0,0, | ||
| 88 | NULL}; | ||
| 89 | |||
| 90 | ASN1_SEQUENCE(ACCESS_DESCRIPTION) = { | ||
| 91 | ASN1_SIMPLE(ACCESS_DESCRIPTION, method, ASN1_OBJECT), | ||
| 92 | ASN1_SIMPLE(ACCESS_DESCRIPTION, location, GENERAL_NAME) | ||
| 93 | } ASN1_SEQUENCE_END(ACCESS_DESCRIPTION) | ||
| 94 | |||
| 95 | IMPLEMENT_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) | ||
| 96 | |||
| 97 | ASN1_ITEM_TEMPLATE(AUTHORITY_INFO_ACCESS) = | ||
| 98 | ASN1_EX_TEMPLATE_TYPE(ASN1_TFLG_SEQUENCE_OF, 0, GeneralNames, ACCESS_DESCRIPTION) | ||
| 99 | ASN1_ITEM_TEMPLATE_END(AUTHORITY_INFO_ACCESS) | ||
| 100 | |||
| 101 | IMPLEMENT_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | ||
| 82 | 102 | ||
| 83 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | 103 | static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, |
| 84 | STACK_OF(ACCESS_DESCRIPTION) *ainfo, | 104 | AUTHORITY_INFO_ACCESS *ainfo, |
| 85 | STACK_OF(CONF_VALUE) *ret) | 105 | STACK_OF(CONF_VALUE) *ret) |
| 86 | { | 106 | { |
| 87 | ACCESS_DESCRIPTION *desc; | 107 | ACCESS_DESCRIPTION *desc; |
| @@ -94,7 +114,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 94 | if(!ret) break; | 114 | if(!ret) break; |
| 95 | vtmp = sk_CONF_VALUE_value(ret, i); | 115 | vtmp = sk_CONF_VALUE_value(ret, i); |
| 96 | i2t_ASN1_OBJECT(objtmp, 80, desc->method); | 116 | i2t_ASN1_OBJECT(objtmp, 80, desc->method); |
| 97 | ntmp = Malloc(strlen(objtmp) + strlen(vtmp->name) + 5); | 117 | ntmp = OPENSSL_malloc(strlen(objtmp) + strlen(vtmp->name) + 5); |
| 98 | if(!ntmp) { | 118 | if(!ntmp) { |
| 99 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, | 119 | X509V3err(X509V3_F_I2V_AUTHORITY_INFO_ACCESS, |
| 100 | ERR_R_MALLOC_FAILURE); | 120 | ERR_R_MALLOC_FAILURE); |
| @@ -103,7 +123,7 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 103 | strcpy(ntmp, objtmp); | 123 | strcpy(ntmp, objtmp); |
| 104 | strcat(ntmp, " - "); | 124 | strcat(ntmp, " - "); |
| 105 | strcat(ntmp, vtmp->name); | 125 | strcat(ntmp, vtmp->name); |
| 106 | Free(vtmp->name); | 126 | OPENSSL_free(vtmp->name); |
| 107 | vtmp->name = ntmp; | 127 | vtmp->name = ntmp; |
| 108 | 128 | ||
| 109 | } | 129 | } |
| @@ -111,15 +131,15 @@ static STACK_OF(CONF_VALUE) *i2v_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method | |||
| 111 | return ret; | 131 | return ret; |
| 112 | } | 132 | } |
| 113 | 133 | ||
| 114 | static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, | 134 | static AUTHORITY_INFO_ACCESS *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD *method, |
| 115 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) | 135 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval) |
| 116 | { | 136 | { |
| 117 | STACK_OF(ACCESS_DESCRIPTION) *ainfo = NULL; | 137 | AUTHORITY_INFO_ACCESS *ainfo = NULL; |
| 118 | CONF_VALUE *cnf, ctmp; | 138 | CONF_VALUE *cnf, ctmp; |
| 119 | ACCESS_DESCRIPTION *acc; | 139 | ACCESS_DESCRIPTION *acc; |
| 120 | int i, objlen; | 140 | int i, objlen; |
| 121 | char *objtmp, *ptmp; | 141 | char *objtmp, *ptmp; |
| 122 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new(NULL))) { | 142 | if(!(ainfo = sk_ACCESS_DESCRIPTION_new_null())) { |
| 123 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | 143 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); |
| 124 | return NULL; | 144 | return NULL; |
| 125 | } | 145 | } |
| @@ -140,7 +160,7 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD | |||
| 140 | ctmp.value = cnf->value; | 160 | ctmp.value = cnf->value; |
| 141 | if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) | 161 | if(!(acc->location = v2i_GENERAL_NAME(method, ctx, &ctmp))) |
| 142 | goto err; | 162 | goto err; |
| 143 | if(!(objtmp = Malloc(objlen + 1))) { | 163 | if(!(objtmp = OPENSSL_malloc(objlen + 1))) { |
| 144 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); | 164 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,ERR_R_MALLOC_FAILURE); |
| 145 | goto err; | 165 | goto err; |
| 146 | } | 166 | } |
| @@ -150,10 +170,10 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD | |||
| 150 | if(!acc->method) { | 170 | if(!acc->method) { |
| 151 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); | 171 | X509V3err(X509V3_F_V2I_ACCESS_DESCRIPTION,X509V3_R_BAD_OBJECT); |
| 152 | ERR_add_error_data(2, "value=", objtmp); | 172 | ERR_add_error_data(2, "value=", objtmp); |
| 153 | Free(objtmp); | 173 | OPENSSL_free(objtmp); |
| 154 | goto err; | 174 | goto err; |
| 155 | } | 175 | } |
| 156 | Free(objtmp); | 176 | OPENSSL_free(objtmp); |
| 157 | 177 | ||
| 158 | } | 178 | } |
| 159 | return ainfo; | 179 | return ainfo; |
| @@ -162,75 +182,11 @@ static STACK_OF(ACCESS_DESCRIPTION) *v2i_AUTHORITY_INFO_ACCESS(X509V3_EXT_METHOD | |||
| 162 | return NULL; | 182 | return NULL; |
| 163 | } | 183 | } |
| 164 | 184 | ||
| 165 | int i2d_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION *a, unsigned char **pp) | 185 | int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a) |
| 166 | { | 186 | { |
| 167 | M_ASN1_I2D_vars(a); | 187 | i2a_ASN1_OBJECT(bp, a->method); |
| 168 | 188 | #ifdef UNDEF | |
| 169 | M_ASN1_I2D_len(a->method, i2d_ASN1_OBJECT); | 189 | i2a_GENERAL_NAME(bp, a->location); |
| 170 | M_ASN1_I2D_len(a->location, i2d_GENERAL_NAME); | 190 | #endif |
| 171 | 191 | return 2; | |
| 172 | M_ASN1_I2D_seq_total(); | 192 | } |
| 173 | |||
| 174 | M_ASN1_I2D_put(a->method, i2d_ASN1_OBJECT); | ||
| 175 | M_ASN1_I2D_put(a->location, i2d_GENERAL_NAME); | ||
| 176 | |||
| 177 | M_ASN1_I2D_finish(); | ||
| 178 | } | ||
| 179 | |||
| 180 | ACCESS_DESCRIPTION *ACCESS_DESCRIPTION_new(void) | ||
| 181 | { | ||
| 182 | ACCESS_DESCRIPTION *ret=NULL; | ||
| 183 | ASN1_CTX c; | ||
| 184 | M_ASN1_New_Malloc(ret, ACCESS_DESCRIPTION); | ||
| 185 | ret->method = OBJ_nid2obj(NID_undef); | ||
| 186 | ret->location = NULL; | ||
| 187 | return (ret); | ||
| 188 | M_ASN1_New_Error(ASN1_F_ACCESS_DESCRIPTION_NEW); | ||
| 189 | } | ||
| 190 | |||
| 191 | ACCESS_DESCRIPTION *d2i_ACCESS_DESCRIPTION(ACCESS_DESCRIPTION **a, unsigned char **pp, | ||
| 192 | long length) | ||
| 193 | { | ||
| 194 | M_ASN1_D2I_vars(a,ACCESS_DESCRIPTION *,ACCESS_DESCRIPTION_new); | ||
| 195 | M_ASN1_D2I_Init(); | ||
| 196 | M_ASN1_D2I_start_sequence(); | ||
| 197 | M_ASN1_D2I_get(ret->method, d2i_ASN1_OBJECT); | ||
| 198 | M_ASN1_D2I_get(ret->location, d2i_GENERAL_NAME); | ||
| 199 | M_ASN1_D2I_Finish(a, ACCESS_DESCRIPTION_free, ASN1_F_D2I_ACCESS_DESCRIPTION); | ||
| 200 | } | ||
| 201 | |||
| 202 | void ACCESS_DESCRIPTION_free(ACCESS_DESCRIPTION *a) | ||
| 203 | { | ||
| 204 | if (a == NULL) return; | ||
| 205 | ASN1_OBJECT_free(a->method); | ||
| 206 | GENERAL_NAME_free(a->location); | ||
| 207 | Free (a); | ||
| 208 | } | ||
| 209 | |||
| 210 | STACK_OF(ACCESS_DESCRIPTION) *AUTHORITY_INFO_ACCESS_new(void) | ||
| 211 | { | ||
| 212 | return sk_ACCESS_DESCRIPTION_new(NULL); | ||
| 213 | } | ||
| 214 | |||
| 215 | void AUTHORITY_INFO_ACCESS_free(STACK_OF(ACCESS_DESCRIPTION) *a) | ||
| 216 | { | ||
| 217 | sk_ACCESS_DESCRIPTION_pop_free(a, ACCESS_DESCRIPTION_free); | ||
| 218 | } | ||
| 219 | |||
| 220 | STACK_OF(ACCESS_DESCRIPTION) *d2i_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) **a, | ||
| 221 | unsigned char **pp, long length) | ||
| 222 | { | ||
| 223 | return d2i_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, length, d2i_ACCESS_DESCRIPTION, | ||
| 224 | ACCESS_DESCRIPTION_free, V_ASN1_SEQUENCE, V_ASN1_UNIVERSAL); | ||
| 225 | } | ||
| 226 | |||
| 227 | int i2d_AUTHORITY_INFO_ACCESS(STACK_OF(ACCESS_DESCRIPTION) *a, unsigned char **pp) | ||
| 228 | { | ||
| 229 | return i2d_ASN1_SET_OF_ACCESS_DESCRIPTION(a, pp, i2d_ACCESS_DESCRIPTION, V_ASN1_SEQUENCE, | ||
| 230 | V_ASN1_UNIVERSAL, IS_SEQUENCE); | ||
| 231 | } | ||
| 232 | |||
| 233 | IMPLEMENT_STACK_OF(ACCESS_DESCRIPTION) | ||
| 234 | IMPLEMENT_ASN1_SET_OF(ACCESS_DESCRIPTION) | ||
| 235 | |||
| 236 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_int.c b/src/lib/libcrypto/x509v3/v3_int.c index 637dd5e128..f34cbfb731 100644 --- a/src/lib/libcrypto/x509v3/v3_int.c +++ b/src/lib/libcrypto/x509v3/v3_int.c | |||
| @@ -60,20 +60,10 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
| 62 | 62 | ||
| 63 | static ASN1_INTEGER *asn1_integer_new(void); | ||
| 64 | |||
| 65 | X509V3_EXT_METHOD v3_crl_num = { | 63 | X509V3_EXT_METHOD v3_crl_num = { |
| 66 | NID_crl_number, 0, | 64 | NID_crl_number, 0, ASN1_ITEM_ref(ASN1_INTEGER), |
| 67 | (X509V3_EXT_NEW)asn1_integer_new, | 65 | 0,0,0,0, |
| 68 | (X509V3_EXT_FREE)ASN1_STRING_free, | ||
| 69 | (X509V3_EXT_D2I)d2i_ASN1_INTEGER, | ||
| 70 | (X509V3_EXT_I2D)i2d_ASN1_INTEGER, | ||
| 71 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, | 66 | (X509V3_EXT_I2S)i2s_ASN1_INTEGER, |
| 72 | (X509V3_EXT_S2I)NULL, | 67 | 0, |
| 73 | NULL, NULL, NULL, NULL, NULL}; | 68 | 0,0,0,0, NULL}; |
| 74 | |||
| 75 | 69 | ||
| 76 | static ASN1_INTEGER *asn1_integer_new(void) | ||
| 77 | { | ||
| 78 | return ASN1_INTEGER_new(); | ||
| 79 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3_lib.c b/src/lib/libcrypto/x509v3/v3_lib.c index a0aa5de794..482ca8ccf5 100644 --- a/src/lib/libcrypto/x509v3/v3_lib.c +++ b/src/lib/libcrypto/x509v3/v3_lib.c | |||
| @@ -62,38 +62,47 @@ | |||
| 62 | #include <openssl/conf.h> | 62 | #include <openssl/conf.h> |
| 63 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
| 64 | 64 | ||
| 65 | static STACK *ext_list = NULL; | 65 | #include "ext_dat.h" |
| 66 | 66 | ||
| 67 | static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b); | 67 | static STACK_OF(X509V3_EXT_METHOD) *ext_list = NULL; |
| 68 | |||
| 69 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, | ||
| 70 | const X509V3_EXT_METHOD * const *b); | ||
| 68 | static void ext_list_free(X509V3_EXT_METHOD *ext); | 71 | static void ext_list_free(X509V3_EXT_METHOD *ext); |
| 69 | 72 | ||
| 70 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext) | 73 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext) |
| 71 | { | 74 | { |
| 72 | if(!ext_list && !(ext_list = sk_new(ext_cmp))) { | 75 | if(!ext_list && !(ext_list = sk_X509V3_EXT_METHOD_new(ext_cmp))) { |
| 73 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | 76 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); |
| 74 | return 0; | 77 | return 0; |
| 75 | } | 78 | } |
| 76 | if(!sk_push(ext_list, (char *)ext)) { | 79 | if(!sk_X509V3_EXT_METHOD_push(ext_list, ext)) { |
| 77 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); | 80 | X509V3err(X509V3_F_X509V3_EXT_ADD,ERR_R_MALLOC_FAILURE); |
| 78 | return 0; | 81 | return 0; |
| 79 | } | 82 | } |
| 80 | return 1; | 83 | return 1; |
| 81 | } | 84 | } |
| 82 | 85 | ||
| 83 | static int ext_cmp(X509V3_EXT_METHOD **a, X509V3_EXT_METHOD **b) | 86 | static int ext_cmp(const X509V3_EXT_METHOD * const *a, |
| 87 | const X509V3_EXT_METHOD * const *b) | ||
| 84 | { | 88 | { |
| 85 | return ((*a)->ext_nid - (*b)->ext_nid); | 89 | return ((*a)->ext_nid - (*b)->ext_nid); |
| 86 | } | 90 | } |
| 87 | 91 | ||
| 88 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) | 92 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid) |
| 89 | { | 93 | { |
| 90 | X509V3_EXT_METHOD tmp; | 94 | X509V3_EXT_METHOD tmp, *t = &tmp, **ret; |
| 91 | int idx; | 95 | int idx; |
| 96 | if(nid < 0) return NULL; | ||
| 92 | tmp.ext_nid = nid; | 97 | tmp.ext_nid = nid; |
| 93 | if(!ext_list || (tmp.ext_nid < 0) ) return NULL; | 98 | ret = (X509V3_EXT_METHOD **) OBJ_bsearch((char *)&t, |
| 94 | idx = sk_find(ext_list, (char *)&tmp); | 99 | (char *)standard_exts, STANDARD_EXTENSION_COUNT, |
| 100 | sizeof(X509V3_EXT_METHOD *), (int (*)(const void *, const void *))ext_cmp); | ||
| 101 | if(ret) return *ret; | ||
| 102 | if(!ext_list) return NULL; | ||
| 103 | idx = sk_X509V3_EXT_METHOD_find(ext_list, &tmp); | ||
| 95 | if(idx == -1) return NULL; | 104 | if(idx == -1) return NULL; |
| 96 | return (X509V3_EXT_METHOD *)sk_value(ext_list, idx); | 105 | return sk_X509V3_EXT_METHOD_value(ext_list, idx); |
| 97 | } | 106 | } |
| 98 | 107 | ||
| 99 | X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) | 108 | X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext) |
| @@ -118,49 +127,33 @@ int X509V3_EXT_add_alias(int nid_to, int nid_from) | |||
| 118 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); | 127 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,X509V3_R_EXTENSION_NOT_FOUND); |
| 119 | return 0; | 128 | return 0; |
| 120 | } | 129 | } |
| 121 | if(!(tmpext = (X509V3_EXT_METHOD *)Malloc(sizeof(X509V3_EXT_METHOD)))) { | 130 | if(!(tmpext = (X509V3_EXT_METHOD *)OPENSSL_malloc(sizeof(X509V3_EXT_METHOD)))) { |
| 122 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); | 131 | X509V3err(X509V3_F_X509V3_EXT_ADD_ALIAS,ERR_R_MALLOC_FAILURE); |
| 123 | return 0; | 132 | return 0; |
| 124 | } | 133 | } |
| 125 | *tmpext = *ext; | 134 | *tmpext = *ext; |
| 126 | tmpext->ext_nid = nid_to; | 135 | tmpext->ext_nid = nid_to; |
| 127 | tmpext->ext_flags |= X509V3_EXT_DYNAMIC; | 136 | tmpext->ext_flags |= X509V3_EXT_DYNAMIC; |
| 128 | return 1; | 137 | return X509V3_EXT_add(tmpext); |
| 129 | } | 138 | } |
| 130 | 139 | ||
| 131 | void X509V3_EXT_cleanup(void) | 140 | void X509V3_EXT_cleanup(void) |
| 132 | { | 141 | { |
| 133 | sk_pop_free(ext_list, ext_list_free); | 142 | sk_X509V3_EXT_METHOD_pop_free(ext_list, ext_list_free); |
| 134 | ext_list = NULL; | 143 | ext_list = NULL; |
| 135 | } | 144 | } |
| 136 | 145 | ||
| 137 | static void ext_list_free(X509V3_EXT_METHOD *ext) | 146 | static void ext_list_free(X509V3_EXT_METHOD *ext) |
| 138 | { | 147 | { |
| 139 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) Free(ext); | 148 | if(ext->ext_flags & X509V3_EXT_DYNAMIC) OPENSSL_free(ext); |
| 140 | } | 149 | } |
| 141 | 150 | ||
| 142 | extern X509V3_EXT_METHOD v3_bcons, v3_nscert, v3_key_usage, v3_ext_ku; | 151 | /* Legacy function: we don't need to add standard extensions |
| 143 | extern X509V3_EXT_METHOD v3_pkey_usage_period, v3_sxnet; | 152 | * any more because they are now kept in ext_dat.h. |
| 144 | extern X509V3_EXT_METHOD v3_ns_ia5_list[], v3_alt[], v3_skey_id, v3_akey_id; | 153 | */ |
| 145 | |||
| 146 | extern X509V3_EXT_METHOD v3_crl_num, v3_crl_reason, v3_cpols, v3_crld; | ||
| 147 | 154 | ||
| 148 | int X509V3_add_standard_extensions(void) | 155 | int X509V3_add_standard_extensions(void) |
| 149 | { | 156 | { |
| 150 | X509V3_EXT_add_list(v3_ns_ia5_list); | ||
| 151 | X509V3_EXT_add_list(v3_alt); | ||
| 152 | X509V3_EXT_add(&v3_bcons); | ||
| 153 | X509V3_EXT_add(&v3_nscert); | ||
| 154 | X509V3_EXT_add(&v3_key_usage); | ||
| 155 | X509V3_EXT_add(&v3_ext_ku); | ||
| 156 | X509V3_EXT_add(&v3_skey_id); | ||
| 157 | X509V3_EXT_add(&v3_akey_id); | ||
| 158 | X509V3_EXT_add(&v3_pkey_usage_period); | ||
| 159 | X509V3_EXT_add(&v3_crl_num); | ||
| 160 | X509V3_EXT_add(&v3_sxnet); | ||
| 161 | X509V3_EXT_add(&v3_crl_reason); | ||
| 162 | X509V3_EXT_add(&v3_cpols); | ||
| 163 | X509V3_EXT_add(&v3_crld); | ||
| 164 | return 1; | 157 | return 1; |
| 165 | } | 158 | } |
| 166 | 159 | ||
| @@ -170,8 +163,139 @@ void *X509V3_EXT_d2i(X509_EXTENSION *ext) | |||
| 170 | { | 163 | { |
| 171 | X509V3_EXT_METHOD *method; | 164 | X509V3_EXT_METHOD *method; |
| 172 | unsigned char *p; | 165 | unsigned char *p; |
| 173 | if(!(method = X509V3_EXT_get(ext)) || !method->d2i) return NULL; | 166 | if(!(method = X509V3_EXT_get(ext))) return NULL; |
| 174 | p = ext->value->data; | 167 | p = ext->value->data; |
| 168 | if(method->it) return ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); | ||
| 175 | return method->d2i(NULL, &p, ext->value->length); | 169 | return method->d2i(NULL, &p, ext->value->length); |
| 176 | } | 170 | } |
| 177 | 171 | ||
| 172 | /* Get critical flag and decoded version of extension from a NID. | ||
| 173 | * The "idx" variable returns the last found extension and can | ||
| 174 | * be used to retrieve multiple extensions of the same NID. | ||
| 175 | * However multiple extensions with the same NID is usually | ||
| 176 | * due to a badly encoded certificate so if idx is NULL we | ||
| 177 | * choke if multiple extensions exist. | ||
| 178 | * The "crit" variable is set to the critical value. | ||
| 179 | * The return value is the decoded extension or NULL on | ||
| 180 | * error. The actual error can have several different causes, | ||
| 181 | * the value of *crit reflects the cause: | ||
| 182 | * >= 0, extension found but not decoded (reflects critical value). | ||
| 183 | * -1 extension not found. | ||
| 184 | * -2 extension occurs more than once. | ||
| 185 | */ | ||
| 186 | |||
| 187 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx) | ||
| 188 | { | ||
| 189 | int lastpos, i; | ||
| 190 | X509_EXTENSION *ex, *found_ex = NULL; | ||
| 191 | if(!x) { | ||
| 192 | if(idx) *idx = -1; | ||
| 193 | if(crit) *crit = -1; | ||
| 194 | return NULL; | ||
| 195 | } | ||
| 196 | if(idx) lastpos = *idx + 1; | ||
| 197 | else lastpos = 0; | ||
| 198 | if(lastpos < 0) lastpos = 0; | ||
| 199 | for(i = lastpos; i < sk_X509_EXTENSION_num(x); i++) | ||
| 200 | { | ||
| 201 | ex = sk_X509_EXTENSION_value(x, i); | ||
| 202 | if(OBJ_obj2nid(ex->object) == nid) { | ||
| 203 | if(idx) { | ||
| 204 | *idx = i; | ||
| 205 | break; | ||
| 206 | } else if(found_ex) { | ||
| 207 | /* Found more than one */ | ||
| 208 | if(crit) *crit = -2; | ||
| 209 | return NULL; | ||
| 210 | } | ||
| 211 | found_ex = ex; | ||
| 212 | } | ||
| 213 | } | ||
| 214 | if(found_ex) { | ||
| 215 | /* Found it */ | ||
| 216 | if(crit) *crit = X509_EXTENSION_get_critical(found_ex); | ||
| 217 | return X509V3_EXT_d2i(found_ex); | ||
| 218 | } | ||
| 219 | |||
| 220 | /* Extension not found */ | ||
| 221 | if(idx) *idx = -1; | ||
| 222 | if(crit) *crit = -1; | ||
| 223 | return NULL; | ||
| 224 | } | ||
| 225 | |||
| 226 | /* This function is a general extension append, replace and delete utility. | ||
| 227 | * The precise operation is governed by the 'flags' value. The 'crit' and | ||
| 228 | * 'value' arguments (if relevant) are the extensions internal structure. | ||
| 229 | */ | ||
| 230 | |||
| 231 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, | ||
| 232 | int crit, unsigned long flags) | ||
| 233 | { | ||
| 234 | int extidx = -1; | ||
| 235 | int errcode; | ||
| 236 | X509_EXTENSION *ext, *extmp; | ||
| 237 | unsigned long ext_op = flags & X509V3_ADD_OP_MASK; | ||
| 238 | |||
| 239 | /* If appending we don't care if it exists, otherwise | ||
| 240 | * look for existing extension. | ||
| 241 | */ | ||
| 242 | if(ext_op != X509V3_ADD_APPEND) | ||
| 243 | extidx = X509v3_get_ext_by_NID(*x, nid, -1); | ||
| 244 | |||
| 245 | /* See if extension exists */ | ||
| 246 | if(extidx >= 0) { | ||
| 247 | /* If keep existing, nothing to do */ | ||
| 248 | if(ext_op == X509V3_ADD_KEEP_EXISTING) | ||
| 249 | return 1; | ||
| 250 | /* If default then its an error */ | ||
| 251 | if(ext_op == X509V3_ADD_DEFAULT) { | ||
| 252 | errcode = X509V3_R_EXTENSION_EXISTS; | ||
| 253 | goto err; | ||
| 254 | } | ||
| 255 | /* If delete, just delete it */ | ||
| 256 | if(ext_op == X509V3_ADD_DELETE) { | ||
| 257 | if(!sk_X509_EXTENSION_delete(*x, extidx)) return -1; | ||
| 258 | return 1; | ||
| 259 | } | ||
| 260 | } else { | ||
| 261 | /* If replace existing or delete, error since | ||
| 262 | * extension must exist | ||
| 263 | */ | ||
| 264 | if((ext_op == X509V3_ADD_REPLACE_EXISTING) || | ||
| 265 | (ext_op == X509V3_ADD_DELETE)) { | ||
| 266 | errcode = X509V3_R_EXTENSION_NOT_FOUND; | ||
| 267 | goto err; | ||
| 268 | } | ||
| 269 | } | ||
| 270 | |||
| 271 | /* If we get this far then we have to create an extension: | ||
| 272 | * could have some flags for alternative encoding schemes... | ||
| 273 | */ | ||
| 274 | |||
| 275 | ext = X509V3_EXT_i2d(nid, crit, value); | ||
| 276 | |||
| 277 | if(!ext) { | ||
| 278 | X509V3err(X509V3_F_X509V3_ADD_I2D, X509V3_R_ERROR_CREATING_EXTENSION); | ||
| 279 | return 0; | ||
| 280 | } | ||
| 281 | |||
| 282 | /* If extension exists replace it.. */ | ||
| 283 | if(extidx >= 0) { | ||
| 284 | extmp = sk_X509_EXTENSION_value(*x, extidx); | ||
| 285 | X509_EXTENSION_free(extmp); | ||
| 286 | if(!sk_X509_EXTENSION_set(*x, extidx, ext)) return -1; | ||
| 287 | return 1; | ||
| 288 | } | ||
| 289 | |||
| 290 | if(!*x && !(*x = sk_X509_EXTENSION_new_null())) return -1; | ||
| 291 | if(!sk_X509_EXTENSION_push(*x, ext)) return -1; | ||
| 292 | |||
| 293 | return 1; | ||
| 294 | |||
| 295 | err: | ||
| 296 | if(!(flags & X509V3_ADD_SILENT)) | ||
| 297 | X509V3err(X509V3_F_X509V3_ADD_I2D, errcode); | ||
| 298 | return 0; | ||
| 299 | } | ||
| 300 | |||
| 301 | IMPLEMENT_STACK_OF(X509V3_EXT_METHOD) | ||
diff --git a/src/lib/libcrypto/x509v3/v3_pku.c b/src/lib/libcrypto/x509v3/v3_pku.c index c13e7d8f45..49a2e4697a 100644 --- a/src/lib/libcrypto/x509v3/v3_pku.c +++ b/src/lib/libcrypto/x509v3/v3_pku.c | |||
| @@ -59,7 +59,7 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/asn1.h> | 61 | #include <openssl/asn1.h> |
| 62 | #include <openssl/asn1_mac.h> | 62 | #include <openssl/asn1t.h> |
| 63 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
| 64 | 64 | ||
| 65 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); | 65 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *usage, BIO *out, int indent); |
| @@ -67,62 +67,19 @@ static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, PKEY_USAGE_PERIOD *u | |||
| 67 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); | 67 | static PKEY_USAGE_PERIOD *v2i_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *values); |
| 68 | */ | 68 | */ |
| 69 | X509V3_EXT_METHOD v3_pkey_usage_period = { | 69 | X509V3_EXT_METHOD v3_pkey_usage_period = { |
| 70 | NID_private_key_usage_period, 0, | 70 | NID_private_key_usage_period, 0, ASN1_ITEM_ref(PKEY_USAGE_PERIOD), |
| 71 | (X509V3_EXT_NEW)PKEY_USAGE_PERIOD_new, | 71 | 0,0,0,0, |
| 72 | (X509V3_EXT_FREE)PKEY_USAGE_PERIOD_free, | 72 | 0,0,0,0, |
| 73 | (X509V3_EXT_D2I)d2i_PKEY_USAGE_PERIOD, | ||
| 74 | (X509V3_EXT_I2D)i2d_PKEY_USAGE_PERIOD, | ||
| 75 | NULL, NULL, NULL, NULL, | ||
| 76 | (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, | 73 | (X509V3_EXT_I2R)i2r_PKEY_USAGE_PERIOD, NULL, |
| 77 | NULL | 74 | NULL |
| 78 | }; | 75 | }; |
| 79 | 76 | ||
| 80 | int i2d_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD *a, unsigned char **pp) | 77 | ASN1_SEQUENCE(PKEY_USAGE_PERIOD) = { |
| 81 | { | 78 | ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notBefore, ASN1_GENERALIZEDTIME, 0), |
| 82 | M_ASN1_I2D_vars(a); | 79 | ASN1_IMP_OPT(PKEY_USAGE_PERIOD, notAfter, ASN1_GENERALIZEDTIME, 1) |
| 83 | 80 | } ASN1_SEQUENCE_END(PKEY_USAGE_PERIOD) | |
| 84 | M_ASN1_I2D_len_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME); | ||
| 85 | M_ASN1_I2D_len_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME); | ||
| 86 | |||
| 87 | M_ASN1_I2D_seq_total(); | ||
| 88 | |||
| 89 | M_ASN1_I2D_put_IMP_opt (a->notBefore, i2d_ASN1_GENERALIZEDTIME, 0); | ||
| 90 | M_ASN1_I2D_put_IMP_opt (a->notAfter, i2d_ASN1_GENERALIZEDTIME, 1); | ||
| 91 | |||
| 92 | M_ASN1_I2D_finish(); | ||
| 93 | } | ||
| 94 | |||
| 95 | PKEY_USAGE_PERIOD *PKEY_USAGE_PERIOD_new(void) | ||
| 96 | { | ||
| 97 | PKEY_USAGE_PERIOD *ret=NULL; | ||
| 98 | ASN1_CTX c; | ||
| 99 | M_ASN1_New_Malloc(ret, PKEY_USAGE_PERIOD); | ||
| 100 | ret->notBefore = NULL; | ||
| 101 | ret->notAfter = NULL; | ||
| 102 | return (ret); | ||
| 103 | M_ASN1_New_Error(ASN1_F_PKEY_USAGE_PERIOD_NEW); | ||
| 104 | } | ||
| 105 | 81 | ||
| 106 | PKEY_USAGE_PERIOD *d2i_PKEY_USAGE_PERIOD(PKEY_USAGE_PERIOD **a, | 82 | IMPLEMENT_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) |
| 107 | unsigned char **pp, long length) | ||
| 108 | { | ||
| 109 | M_ASN1_D2I_vars(a,PKEY_USAGE_PERIOD *,PKEY_USAGE_PERIOD_new); | ||
| 110 | M_ASN1_D2I_Init(); | ||
| 111 | M_ASN1_D2I_start_sequence(); | ||
| 112 | M_ASN1_D2I_get_IMP_opt (ret->notBefore, d2i_ASN1_GENERALIZEDTIME, 0, | ||
| 113 | V_ASN1_GENERALIZEDTIME); | ||
| 114 | M_ASN1_D2I_get_IMP_opt (ret->notAfter, d2i_ASN1_GENERALIZEDTIME, 1, | ||
| 115 | V_ASN1_GENERALIZEDTIME); | ||
| 116 | M_ASN1_D2I_Finish(a, PKEY_USAGE_PERIOD_free, ASN1_F_D2I_PKEY_USAGE_PERIOD); | ||
| 117 | } | ||
| 118 | |||
| 119 | void PKEY_USAGE_PERIOD_free(PKEY_USAGE_PERIOD *a) | ||
| 120 | { | ||
| 121 | if (a == NULL) return; | ||
| 122 | ASN1_GENERALIZEDTIME_free(a->notBefore); | ||
| 123 | ASN1_GENERALIZEDTIME_free(a->notAfter); | ||
| 124 | Free ((char *)a); | ||
| 125 | } | ||
| 126 | 83 | ||
| 127 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, | 84 | static int i2r_PKEY_USAGE_PERIOD(X509V3_EXT_METHOD *method, |
| 128 | PKEY_USAGE_PERIOD *usage, BIO *out, int indent) | 85 | PKEY_USAGE_PERIOD *usage, BIO *out, int indent) |
diff --git a/src/lib/libcrypto/x509v3/v3_prn.c b/src/lib/libcrypto/x509v3/v3_prn.c index dc20c6bdba..aeaf6170fe 100644 --- a/src/lib/libcrypto/x509v3/v3_prn.c +++ b/src/lib/libcrypto/x509v3/v3_prn.c | |||
| @@ -64,6 +64,8 @@ | |||
| 64 | 64 | ||
| 65 | /* Extension printing routines */ | 65 | /* Extension printing routines */ |
| 66 | 66 | ||
| 67 | static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported); | ||
| 68 | |||
| 67 | /* Print out a name+value stack */ | 69 | /* Print out a name+value stack */ |
| 68 | 70 | ||
| 69 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | 71 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) |
| @@ -81,29 +83,65 @@ void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, int ml) | |||
| 81 | nval = sk_CONF_VALUE_value(val, i); | 83 | nval = sk_CONF_VALUE_value(val, i); |
| 82 | if(!nval->name) BIO_puts(out, nval->value); | 84 | if(!nval->name) BIO_puts(out, nval->value); |
| 83 | else if(!nval->value) BIO_puts(out, nval->name); | 85 | else if(!nval->value) BIO_puts(out, nval->name); |
| 86 | #ifndef CHARSET_EBCDIC | ||
| 84 | else BIO_printf(out, "%s:%s", nval->name, nval->value); | 87 | else BIO_printf(out, "%s:%s", nval->name, nval->value); |
| 88 | #else | ||
| 89 | else { | ||
| 90 | int len; | ||
| 91 | char *tmp; | ||
| 92 | len = strlen(nval->value)+1; | ||
| 93 | tmp = OPENSSL_malloc(len); | ||
| 94 | if (tmp) | ||
| 95 | { | ||
| 96 | ascii2ebcdic(tmp, nval->value, len); | ||
| 97 | BIO_printf(out, "%s:%s", nval->name, tmp); | ||
| 98 | OPENSSL_free(tmp); | ||
| 99 | } | ||
| 100 | } | ||
| 101 | #endif | ||
| 85 | if(ml) BIO_puts(out, "\n"); | 102 | if(ml) BIO_puts(out, "\n"); |
| 86 | } | 103 | } |
| 87 | } | 104 | } |
| 88 | 105 | ||
| 89 | /* Main routine: print out a general extension */ | 106 | /* Main routine: print out a general extension */ |
| 90 | 107 | ||
| 91 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) | 108 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent) |
| 92 | { | 109 | { |
| 93 | char *ext_str = NULL, *value = NULL; | 110 | void *ext_str = NULL; |
| 111 | char *value = NULL; | ||
| 94 | unsigned char *p; | 112 | unsigned char *p; |
| 95 | X509V3_EXT_METHOD *method; | 113 | X509V3_EXT_METHOD *method; |
| 96 | STACK_OF(CONF_VALUE) *nval = NULL; | 114 | STACK_OF(CONF_VALUE) *nval = NULL; |
| 97 | int ok = 1; | 115 | int ok = 1; |
| 98 | if(!(method = X509V3_EXT_get(ext))) return 0; | 116 | if(!(method = X509V3_EXT_get(ext))) |
| 117 | return unknown_ext_print(out, ext, flag, indent, 0); | ||
| 99 | p = ext->value->data; | 118 | p = ext->value->data; |
| 100 | if(!(ext_str = method->d2i(NULL, &p, ext->value->length))) return 0; | 119 | if(method->it) ext_str = ASN1_item_d2i(NULL, &p, ext->value->length, ASN1_ITEM_ptr(method->it)); |
| 120 | else ext_str = method->d2i(NULL, &p, ext->value->length); | ||
| 121 | |||
| 122 | if(!ext_str) return unknown_ext_print(out, ext, flag, indent, 1); | ||
| 123 | |||
| 101 | if(method->i2s) { | 124 | if(method->i2s) { |
| 102 | if(!(value = method->i2s(method, ext_str))) { | 125 | if(!(value = method->i2s(method, ext_str))) { |
| 103 | ok = 0; | 126 | ok = 0; |
| 104 | goto err; | 127 | goto err; |
| 105 | } | 128 | } |
| 129 | #ifndef CHARSET_EBCDIC | ||
| 106 | BIO_printf(out, "%*s%s", indent, "", value); | 130 | BIO_printf(out, "%*s%s", indent, "", value); |
| 131 | #else | ||
| 132 | { | ||
| 133 | int len; | ||
| 134 | char *tmp; | ||
| 135 | len = strlen(value)+1; | ||
| 136 | tmp = OPENSSL_malloc(len); | ||
| 137 | if (tmp) | ||
| 138 | { | ||
| 139 | ascii2ebcdic(tmp, value, len); | ||
| 140 | BIO_printf(out, "%*s%s", indent, "", tmp); | ||
| 141 | OPENSSL_free(tmp); | ||
| 142 | } | ||
| 143 | } | ||
| 144 | #endif | ||
| 107 | } else if(method->i2v) { | 145 | } else if(method->i2v) { |
| 108 | if(!(nval = method->i2v(method, ext_str, NULL))) { | 146 | if(!(nval = method->i2v(method, ext_str, NULL))) { |
| 109 | ok = 0; | 147 | ok = 0; |
| @@ -117,12 +155,72 @@ int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, int flag, int indent) | |||
| 117 | 155 | ||
| 118 | err: | 156 | err: |
| 119 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); | 157 | sk_CONF_VALUE_pop_free(nval, X509V3_conf_free); |
| 120 | if(value) Free(value); | 158 | if(value) OPENSSL_free(value); |
| 121 | method->ext_free(ext_str); | 159 | if(method->it) ASN1_item_free(ext_str, ASN1_ITEM_ptr(method->it)); |
| 160 | else method->ext_free(ext_str); | ||
| 122 | return ok; | 161 | return ok; |
| 123 | } | 162 | } |
| 124 | 163 | ||
| 125 | #ifndef NO_FP_API | 164 | int X509V3_extensions_print(BIO *bp, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent) |
| 165 | { | ||
| 166 | int i, j; | ||
| 167 | |||
| 168 | if(sk_X509_EXTENSION_num(exts) <= 0) return 1; | ||
| 169 | |||
| 170 | if(title) | ||
| 171 | { | ||
| 172 | BIO_printf(bp,"%*s%s:\n",indent, "", title); | ||
| 173 | indent += 4; | ||
| 174 | } | ||
| 175 | |||
| 176 | for (i=0; i<sk_X509_EXTENSION_num(exts); i++) | ||
| 177 | { | ||
| 178 | ASN1_OBJECT *obj; | ||
| 179 | X509_EXTENSION *ex; | ||
| 180 | ex=sk_X509_EXTENSION_value(exts, i); | ||
| 181 | if (BIO_printf(bp,"%*s",indent, "") <= 0) return 0; | ||
| 182 | obj=X509_EXTENSION_get_object(ex); | ||
| 183 | i2a_ASN1_OBJECT(bp,obj); | ||
| 184 | j=X509_EXTENSION_get_critical(ex); | ||
| 185 | if (BIO_printf(bp,": %s\n",j?"critical":"","") <= 0) | ||
| 186 | return 0; | ||
| 187 | if(!X509V3_EXT_print(bp, ex, flag, 12)) | ||
| 188 | { | ||
| 189 | BIO_printf(bp, "%*s", indent + 4, ""); | ||
| 190 | M_ASN1_OCTET_STRING_print(bp,ex->value); | ||
| 191 | } | ||
| 192 | if (BIO_write(bp,"\n",1) <= 0) return 0; | ||
| 193 | } | ||
| 194 | return 1; | ||
| 195 | } | ||
| 196 | |||
| 197 | static int unknown_ext_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent, int supported) | ||
| 198 | { | ||
| 199 | switch(flag & X509V3_EXT_UNKNOWN_MASK) { | ||
| 200 | |||
| 201 | case X509V3_EXT_DEFAULT: | ||
| 202 | return 0; | ||
| 203 | |||
| 204 | case X509V3_EXT_ERROR_UNKNOWN: | ||
| 205 | if(supported) | ||
| 206 | BIO_printf(out, "%*s<Parse Error>", indent, ""); | ||
| 207 | else | ||
| 208 | BIO_printf(out, "%*s<Not Supported>", indent, ""); | ||
| 209 | return 1; | ||
| 210 | |||
| 211 | case X509V3_EXT_PARSE_UNKNOWN: | ||
| 212 | return ASN1_parse_dump(out, | ||
| 213 | ext->value->data, ext->value->length, indent, -1); | ||
| 214 | case X509V3_EXT_DUMP_UNKNOWN: | ||
| 215 | return BIO_dump_indent(out, (char *)ext->value->data, ext->value->length, indent); | ||
| 216 | |||
| 217 | default: | ||
| 218 | return 1; | ||
| 219 | } | ||
| 220 | } | ||
| 221 | |||
| 222 | |||
| 223 | #ifndef OPENSSL_NO_FP_API | ||
| 126 | int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) | 224 | int X509V3_EXT_print_fp(FILE *fp, X509_EXTENSION *ext, int flag, int indent) |
| 127 | { | 225 | { |
| 128 | BIO *bio_tmp; | 226 | BIO *bio_tmp; |
diff --git a/src/lib/libcrypto/x509v3/v3_purp.c b/src/lib/libcrypto/x509v3/v3_purp.c index b7494ebcd5..b739e4fd83 100644 --- a/src/lib/libcrypto/x509v3/v3_purp.c +++ b/src/lib/libcrypto/x509v3/v3_purp.c | |||
| @@ -1,9 +1,9 @@ | |||
| 1 | /* v3_purp.c */ | 1 | /* v3_purp.c */ |
| 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * project 1999. | 3 | * project 2001. |
| 4 | */ | 4 | */ |
| 5 | /* ==================================================================== | 5 | /* ==================================================================== |
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 6 | * Copyright (c) 1999-2001 The OpenSSL Project. All rights reserved. |
| 7 | * | 7 | * |
| 8 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 9 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| @@ -59,20 +59,24 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/x509v3.h> | 61 | #include <openssl/x509v3.h> |
| 62 | 62 | #include <openssl/x509_vfy.h> | |
| 63 | 63 | ||
| 64 | static void x509v3_cache_extensions(X509 *x); | 64 | static void x509v3_cache_extensions(X509 *x); |
| 65 | 65 | ||
| 66 | static int ca_check(X509 *x); | 66 | static int ca_check(const X509 *x); |
| 67 | static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca); | 67 | static int check_ssl_ca(const X509 *x); |
| 68 | static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); | 68 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 69 | static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca); | 69 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 70 | static int purpose_smime(X509 *x, int ca); | 70 | static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 71 | static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca); | 71 | static int purpose_smime(const X509 *x, int ca); |
| 72 | static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca); | 72 | static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 73 | static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca); | 73 | static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 74 | 74 | static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca); | |
| 75 | static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b); | 75 | static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca); |
| 76 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca); | ||
| 77 | |||
| 78 | static int xp_cmp(const X509_PURPOSE * const *a, | ||
| 79 | const X509_PURPOSE * const *b); | ||
| 76 | static void xptable_free(X509_PURPOSE *p); | 80 | static void xptable_free(X509_PURPOSE *p); |
| 77 | 81 | ||
| 78 | static X509_PURPOSE xstandard[] = { | 82 | static X509_PURPOSE xstandard[] = { |
| @@ -81,7 +85,9 @@ static X509_PURPOSE xstandard[] = { | |||
| 81 | {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, | 85 | {X509_PURPOSE_NS_SSL_SERVER, X509_TRUST_SSL_SERVER, 0, check_purpose_ns_ssl_server, "Netscape SSL server", "nssslserver", NULL}, |
| 82 | {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, | 86 | {X509_PURPOSE_SMIME_SIGN, X509_TRUST_EMAIL, 0, check_purpose_smime_sign, "S/MIME signing", "smimesign", NULL}, |
| 83 | {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, | 87 | {X509_PURPOSE_SMIME_ENCRYPT, X509_TRUST_EMAIL, 0, check_purpose_smime_encrypt, "S/MIME encryption", "smimeencrypt", NULL}, |
| 84 | {X509_PURPOSE_CRL_SIGN, X509_TRUST_ANY, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, | 88 | {X509_PURPOSE_CRL_SIGN, X509_TRUST_COMPAT, 0, check_purpose_crl_sign, "CRL signing", "crlsign", NULL}, |
| 89 | {X509_PURPOSE_ANY, X509_TRUST_DEFAULT, 0, no_check, "Any Purpose", "any", NULL}, | ||
| 90 | {X509_PURPOSE_OCSP_HELPER, X509_TRUST_COMPAT, 0, ocsp_helper, "OCSP helper", "ocsphelper", NULL}, | ||
| 85 | }; | 91 | }; |
| 86 | 92 | ||
| 87 | #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) | 93 | #define X509_PURPOSE_COUNT (sizeof(xstandard)/sizeof(X509_PURPOSE)) |
| @@ -90,15 +96,19 @@ IMPLEMENT_STACK_OF(X509_PURPOSE) | |||
| 90 | 96 | ||
| 91 | static STACK_OF(X509_PURPOSE) *xptable = NULL; | 97 | static STACK_OF(X509_PURPOSE) *xptable = NULL; |
| 92 | 98 | ||
| 93 | static int xp_cmp(X509_PURPOSE **a, X509_PURPOSE **b) | 99 | static int xp_cmp(const X509_PURPOSE * const *a, |
| 100 | const X509_PURPOSE * const *b) | ||
| 94 | { | 101 | { |
| 95 | return (*a)->purpose - (*b)->purpose; | 102 | return (*a)->purpose - (*b)->purpose; |
| 96 | } | 103 | } |
| 97 | 104 | ||
| 105 | /* As much as I'd like to make X509_check_purpose use a "const" X509* | ||
| 106 | * I really can't because it does recalculate hashes and do other non-const | ||
| 107 | * things. */ | ||
| 98 | int X509_check_purpose(X509 *x, int id, int ca) | 108 | int X509_check_purpose(X509 *x, int id, int ca) |
| 99 | { | 109 | { |
| 100 | int idx; | 110 | int idx; |
| 101 | X509_PURPOSE *pt; | 111 | const X509_PURPOSE *pt; |
| 102 | if(!(x->ex_flags & EXFLAG_SET)) { | 112 | if(!(x->ex_flags & EXFLAG_SET)) { |
| 103 | CRYPTO_w_lock(CRYPTO_LOCK_X509); | 113 | CRYPTO_w_lock(CRYPTO_LOCK_X509); |
| 104 | x509v3_cache_extensions(x); | 114 | x509v3_cache_extensions(x); |
| @@ -111,6 +121,16 @@ int X509_check_purpose(X509 *x, int id, int ca) | |||
| 111 | return pt->check_purpose(pt, x, ca); | 121 | return pt->check_purpose(pt, x, ca); |
| 112 | } | 122 | } |
| 113 | 123 | ||
| 124 | int X509_PURPOSE_set(int *p, int purpose) | ||
| 125 | { | ||
| 126 | if(X509_PURPOSE_get_by_id(purpose) == -1) { | ||
| 127 | X509V3err(X509V3_F_X509_PURPOSE_SET, X509V3_R_INVALID_PURPOSE); | ||
| 128 | return 0; | ||
| 129 | } | ||
| 130 | *p = purpose; | ||
| 131 | return 1; | ||
| 132 | } | ||
| 133 | |||
| 114 | int X509_PURPOSE_get_count(void) | 134 | int X509_PURPOSE_get_count(void) |
| 115 | { | 135 | { |
| 116 | if(!xptable) return X509_PURPOSE_COUNT; | 136 | if(!xptable) return X509_PURPOSE_COUNT; |
| @@ -135,7 +155,6 @@ int X509_PURPOSE_get_by_sname(char *sname) | |||
| 135 | return -1; | 155 | return -1; |
| 136 | } | 156 | } |
| 137 | 157 | ||
| 138 | |||
| 139 | int X509_PURPOSE_get_by_id(int purpose) | 158 | int X509_PURPOSE_get_by_id(int purpose) |
| 140 | { | 159 | { |
| 141 | X509_PURPOSE tmp; | 160 | X509_PURPOSE tmp; |
| @@ -150,7 +169,7 @@ int X509_PURPOSE_get_by_id(int purpose) | |||
| 150 | } | 169 | } |
| 151 | 170 | ||
| 152 | int X509_PURPOSE_add(int id, int trust, int flags, | 171 | int X509_PURPOSE_add(int id, int trust, int flags, |
| 153 | int (*ck)(X509_PURPOSE *, X509 *, int), | 172 | int (*ck)(const X509_PURPOSE *, const X509 *, int), |
| 154 | char *name, char *sname, void *arg) | 173 | char *name, char *sname, void *arg) |
| 155 | { | 174 | { |
| 156 | int idx; | 175 | int idx; |
| @@ -163,17 +182,17 @@ int X509_PURPOSE_add(int id, int trust, int flags, | |||
| 163 | idx = X509_PURPOSE_get_by_id(id); | 182 | idx = X509_PURPOSE_get_by_id(id); |
| 164 | /* Need a new entry */ | 183 | /* Need a new entry */ |
| 165 | if(idx == -1) { | 184 | if(idx == -1) { |
| 166 | if(!(ptmp = Malloc(sizeof(X509_PURPOSE)))) { | 185 | if(!(ptmp = OPENSSL_malloc(sizeof(X509_PURPOSE)))) { |
| 167 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); | 186 | X509V3err(X509V3_F_X509_PURPOSE_ADD,ERR_R_MALLOC_FAILURE); |
| 168 | return 0; | 187 | return 0; |
| 169 | } | 188 | } |
| 170 | ptmp->flags = X509_PURPOSE_DYNAMIC; | 189 | ptmp->flags = X509_PURPOSE_DYNAMIC; |
| 171 | } else ptmp = X509_PURPOSE_get0(idx); | 190 | } else ptmp = X509_PURPOSE_get0(idx); |
| 172 | 191 | ||
| 173 | /* Free existing name if dynamic */ | 192 | /* OPENSSL_free existing name if dynamic */ |
| 174 | if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { | 193 | if(ptmp->flags & X509_PURPOSE_DYNAMIC_NAME) { |
| 175 | Free(ptmp->name); | 194 | OPENSSL_free(ptmp->name); |
| 176 | Free(ptmp->sname); | 195 | OPENSSL_free(ptmp->sname); |
| 177 | } | 196 | } |
| 178 | /* dup supplied name */ | 197 | /* dup supplied name */ |
| 179 | ptmp->name = BUF_strdup(name); | 198 | ptmp->name = BUF_strdup(name); |
| @@ -212,10 +231,10 @@ static void xptable_free(X509_PURPOSE *p) | |||
| 212 | if (p->flags & X509_PURPOSE_DYNAMIC) | 231 | if (p->flags & X509_PURPOSE_DYNAMIC) |
| 213 | { | 232 | { |
| 214 | if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { | 233 | if (p->flags & X509_PURPOSE_DYNAMIC_NAME) { |
| 215 | Free(p->name); | 234 | OPENSSL_free(p->name); |
| 216 | Free(p->sname); | 235 | OPENSSL_free(p->sname); |
| 217 | } | 236 | } |
| 218 | Free(p); | 237 | OPENSSL_free(p); |
| 219 | } | 238 | } |
| 220 | } | 239 | } |
| 221 | 240 | ||
| @@ -247,16 +266,57 @@ int X509_PURPOSE_get_trust(X509_PURPOSE *xp) | |||
| 247 | return xp->trust; | 266 | return xp->trust; |
| 248 | } | 267 | } |
| 249 | 268 | ||
| 250 | #ifndef NO_SHA | 269 | static int nid_cmp(int *a, int *b) |
| 270 | { | ||
| 271 | return *a - *b; | ||
| 272 | } | ||
| 273 | |||
| 274 | int X509_supported_extension(X509_EXTENSION *ex) | ||
| 275 | { | ||
| 276 | /* This table is a list of the NIDs of supported extensions: | ||
| 277 | * that is those which are used by the verify process. If | ||
| 278 | * an extension is critical and doesn't appear in this list | ||
| 279 | * then the verify process will normally reject the certificate. | ||
| 280 | * The list must be kept in numerical order because it will be | ||
| 281 | * searched using bsearch. | ||
| 282 | */ | ||
| 283 | |||
| 284 | static int supported_nids[] = { | ||
| 285 | NID_netscape_cert_type, /* 71 */ | ||
| 286 | NID_key_usage, /* 83 */ | ||
| 287 | NID_subject_alt_name, /* 85 */ | ||
| 288 | NID_basic_constraints, /* 87 */ | ||
| 289 | NID_ext_key_usage /* 126 */ | ||
| 290 | }; | ||
| 291 | |||
| 292 | int ex_nid; | ||
| 293 | |||
| 294 | ex_nid = OBJ_obj2nid(X509_EXTENSION_get_object(ex)); | ||
| 295 | |||
| 296 | if (ex_nid == NID_undef) | ||
| 297 | return 0; | ||
| 298 | |||
| 299 | if (OBJ_bsearch((char *)&ex_nid, (char *)supported_nids, | ||
| 300 | sizeof(supported_nids)/sizeof(int), sizeof(int), | ||
| 301 | (int (*)(const void *, const void *))nid_cmp)) | ||
| 302 | return 1; | ||
| 303 | return 0; | ||
| 304 | } | ||
| 305 | |||
| 306 | |||
| 251 | static void x509v3_cache_extensions(X509 *x) | 307 | static void x509v3_cache_extensions(X509 *x) |
| 252 | { | 308 | { |
| 253 | BASIC_CONSTRAINTS *bs; | 309 | BASIC_CONSTRAINTS *bs; |
| 254 | ASN1_BIT_STRING *usage; | 310 | ASN1_BIT_STRING *usage; |
| 255 | ASN1_BIT_STRING *ns; | 311 | ASN1_BIT_STRING *ns; |
| 256 | STACK_OF(ASN1_OBJECT) *extusage; | 312 | EXTENDED_KEY_USAGE *extusage; |
| 313 | X509_EXTENSION *ex; | ||
| 314 | |||
| 257 | int i; | 315 | int i; |
| 258 | if(x->ex_flags & EXFLAG_SET) return; | 316 | if(x->ex_flags & EXFLAG_SET) return; |
| 317 | #ifndef OPENSSL_NO_SHA | ||
| 259 | X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); | 318 | X509_digest(x, EVP_sha1(), x->sha1_hash, NULL); |
| 319 | #endif | ||
| 260 | /* Does subject name match issuer ? */ | 320 | /* Does subject name match issuer ? */ |
| 261 | if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) | 321 | if(!X509_NAME_cmp(X509_get_subject_name(x), X509_get_issuer_name(x))) |
| 262 | x->ex_flags |= EXFLAG_SS; | 322 | x->ex_flags |= EXFLAG_SS; |
| @@ -309,6 +369,15 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 309 | case NID_ms_sgc: | 369 | case NID_ms_sgc: |
| 310 | case NID_ns_sgc: | 370 | case NID_ns_sgc: |
| 311 | x->ex_xkusage |= XKU_SGC; | 371 | x->ex_xkusage |= XKU_SGC; |
| 372 | break; | ||
| 373 | |||
| 374 | case NID_OCSP_sign: | ||
| 375 | x->ex_xkusage |= XKU_OCSP_SIGN; | ||
| 376 | break; | ||
| 377 | |||
| 378 | case NID_time_stamp: | ||
| 379 | x->ex_xkusage |= XKU_TIMESTAMP; | ||
| 380 | break; | ||
| 312 | } | 381 | } |
| 313 | } | 382 | } |
| 314 | sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); | 383 | sk_ASN1_OBJECT_pop_free(extusage, ASN1_OBJECT_free); |
| @@ -320,9 +389,21 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 320 | x->ex_flags |= EXFLAG_NSCERT; | 389 | x->ex_flags |= EXFLAG_NSCERT; |
| 321 | ASN1_BIT_STRING_free(ns); | 390 | ASN1_BIT_STRING_free(ns); |
| 322 | } | 391 | } |
| 392 | x->skid =X509_get_ext_d2i(x, NID_subject_key_identifier, NULL, NULL); | ||
| 393 | x->akid =X509_get_ext_d2i(x, NID_authority_key_identifier, NULL, NULL); | ||
| 394 | for (i = 0; i < X509_get_ext_count(x); i++) | ||
| 395 | { | ||
| 396 | ex = X509_get_ext(x, i); | ||
| 397 | if (!X509_EXTENSION_get_critical(ex)) | ||
| 398 | continue; | ||
| 399 | if (!X509_supported_extension(ex)) | ||
| 400 | { | ||
| 401 | x->ex_flags |= EXFLAG_CRITICAL; | ||
| 402 | break; | ||
| 403 | } | ||
| 404 | } | ||
| 323 | x->ex_flags |= EXFLAG_SET; | 405 | x->ex_flags |= EXFLAG_SET; |
| 324 | } | 406 | } |
| 325 | #endif | ||
| 326 | 407 | ||
| 327 | /* CA checks common to all purposes | 408 | /* CA checks common to all purposes |
| 328 | * return codes: | 409 | * return codes: |
| @@ -340,7 +421,7 @@ static void x509v3_cache_extensions(X509 *x) | |||
| 340 | #define ns_reject(x, usage) \ | 421 | #define ns_reject(x, usage) \ |
| 341 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) | 422 | (((x)->ex_flags & EXFLAG_NSCERT) && !((x)->ex_nscert & (usage))) |
| 342 | 423 | ||
| 343 | static int ca_check(X509 *x) | 424 | static int ca_check(const X509 *x) |
| 344 | { | 425 | { |
| 345 | /* keyUsage if present should allow cert signing */ | 426 | /* keyUsage if present should allow cert signing */ |
| 346 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; | 427 | if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0; |
| @@ -350,26 +431,32 @@ static int ca_check(X509 *x) | |||
| 350 | else return 0; | 431 | else return 0; |
| 351 | } else { | 432 | } else { |
| 352 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; | 433 | if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3; |
| 434 | /* If key usage present it must have certSign so tolerate it */ | ||
| 435 | else if (x->ex_flags & EXFLAG_KUSAGE) return 3; | ||
| 353 | else return 2; | 436 | else return 2; |
| 354 | } | 437 | } |
| 355 | } | 438 | } |
| 356 | 439 | ||
| 440 | /* Check SSL CA: common checks for SSL client and server */ | ||
| 441 | static int check_ssl_ca(const X509 *x) | ||
| 442 | { | ||
| 443 | int ca_ret; | ||
| 444 | ca_ret = ca_check(x); | ||
| 445 | if(!ca_ret) return 0; | ||
| 446 | /* check nsCertType if present */ | ||
| 447 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
| 448 | if(x->ex_nscert & NS_SSL_CA) return ca_ret; | ||
| 449 | return 0; | ||
| 450 | } | ||
| 451 | if(ca_ret != 2) return ca_ret; | ||
| 452 | else return 0; | ||
| 453 | } | ||
| 357 | 454 | ||
| 358 | static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) | 455 | |
| 456 | static int check_purpose_ssl_client(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 359 | { | 457 | { |
| 360 | if(xku_reject(x,XKU_SSL_CLIENT)) return 0; | 458 | if(xku_reject(x,XKU_SSL_CLIENT)) return 0; |
| 361 | if(ca) { | 459 | if(ca) return check_ssl_ca(x); |
| 362 | int ca_ret; | ||
| 363 | ca_ret = ca_check(x); | ||
| 364 | if(!ca_ret) return 0; | ||
| 365 | /* check nsCertType if present */ | ||
| 366 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
| 367 | if(x->ex_nscert & NS_SSL_CA) return ca_ret; | ||
| 368 | return 0; | ||
| 369 | } | ||
| 370 | if(ca_ret != 2) return ca_ret; | ||
| 371 | else return 0; | ||
| 372 | } | ||
| 373 | /* We need to do digital signatures with it */ | 460 | /* We need to do digital signatures with it */ |
| 374 | if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; | 461 | if(ku_reject(x,KU_DIGITAL_SIGNATURE)) return 0; |
| 375 | /* nsCertType if present should allow SSL client use */ | 462 | /* nsCertType if present should allow SSL client use */ |
| @@ -377,11 +464,10 @@ static int check_purpose_ssl_client(X509_PURPOSE *xp, X509 *x, int ca) | |||
| 377 | return 1; | 464 | return 1; |
| 378 | } | 465 | } |
| 379 | 466 | ||
| 380 | static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | 467 | static int check_purpose_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 381 | { | 468 | { |
| 382 | if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; | 469 | if(xku_reject(x,XKU_SSL_SERVER|XKU_SGC)) return 0; |
| 383 | /* Otherwise same as SSL client for a CA */ | 470 | if(ca) return check_ssl_ca(x); |
| 384 | if(ca) return check_purpose_ssl_client(xp, x, 1); | ||
| 385 | 471 | ||
| 386 | if(ns_reject(x, NS_SSL_SERVER)) return 0; | 472 | if(ns_reject(x, NS_SSL_SERVER)) return 0; |
| 387 | /* Now as for keyUsage: we'll at least need to sign OR encipher */ | 473 | /* Now as for keyUsage: we'll at least need to sign OR encipher */ |
| @@ -391,7 +477,7 @@ static int check_purpose_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | |||
| 391 | 477 | ||
| 392 | } | 478 | } |
| 393 | 479 | ||
| 394 | static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | 480 | static int check_purpose_ns_ssl_server(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 395 | { | 481 | { |
| 396 | int ret; | 482 | int ret; |
| 397 | ret = check_purpose_ssl_server(xp, x, ca); | 483 | ret = check_purpose_ssl_server(xp, x, ca); |
| @@ -402,7 +488,7 @@ static int check_purpose_ns_ssl_server(X509_PURPOSE *xp, X509 *x, int ca) | |||
| 402 | } | 488 | } |
| 403 | 489 | ||
| 404 | /* common S/MIME checks */ | 490 | /* common S/MIME checks */ |
| 405 | static int purpose_smime(X509 *x, int ca) | 491 | static int purpose_smime(const X509 *x, int ca) |
| 406 | { | 492 | { |
| 407 | if(xku_reject(x,XKU_SMIME)) return 0; | 493 | if(xku_reject(x,XKU_SMIME)) return 0; |
| 408 | if(ca) { | 494 | if(ca) { |
| @@ -426,16 +512,16 @@ static int purpose_smime(X509 *x, int ca) | |||
| 426 | return 1; | 512 | return 1; |
| 427 | } | 513 | } |
| 428 | 514 | ||
| 429 | static int check_purpose_smime_sign(X509_PURPOSE *xp, X509 *x, int ca) | 515 | static int check_purpose_smime_sign(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 430 | { | 516 | { |
| 431 | int ret; | 517 | int ret; |
| 432 | ret = purpose_smime(x, ca); | 518 | ret = purpose_smime(x, ca); |
| 433 | if(!ret || ca) return ret; | 519 | if(!ret || ca) return ret; |
| 434 | if(ku_reject(x, KU_DIGITAL_SIGNATURE)) return 0; | 520 | if(ku_reject(x, KU_DIGITAL_SIGNATURE|KU_NON_REPUDIATION)) return 0; |
| 435 | return ret; | 521 | return ret; |
| 436 | } | 522 | } |
| 437 | 523 | ||
| 438 | static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) | 524 | static int check_purpose_smime_encrypt(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 439 | { | 525 | { |
| 440 | int ret; | 526 | int ret; |
| 441 | ret = purpose_smime(x, ca); | 527 | ret = purpose_smime(x, ca); |
| @@ -444,7 +530,7 @@ static int check_purpose_smime_encrypt(X509_PURPOSE *xp, X509 *x, int ca) | |||
| 444 | return ret; | 530 | return ret; |
| 445 | } | 531 | } |
| 446 | 532 | ||
| 447 | static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) | 533 | static int check_purpose_crl_sign(const X509_PURPOSE *xp, const X509 *x, int ca) |
| 448 | { | 534 | { |
| 449 | if(ca) { | 535 | if(ca) { |
| 450 | int ca_ret; | 536 | int ca_ret; |
| @@ -454,3 +540,86 @@ static int check_purpose_crl_sign(X509_PURPOSE *xp, X509 *x, int ca) | |||
| 454 | if(ku_reject(x, KU_CRL_SIGN)) return 0; | 540 | if(ku_reject(x, KU_CRL_SIGN)) return 0; |
| 455 | return 1; | 541 | return 1; |
| 456 | } | 542 | } |
| 543 | |||
| 544 | /* OCSP helper: this is *not* a full OCSP check. It just checks that | ||
| 545 | * each CA is valid. Additional checks must be made on the chain. | ||
| 546 | */ | ||
| 547 | |||
| 548 | static int ocsp_helper(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 549 | { | ||
| 550 | /* Must be a valid CA */ | ||
| 551 | if(ca) { | ||
| 552 | int ca_ret; | ||
| 553 | ca_ret = ca_check(x); | ||
| 554 | if(ca_ret != 2) return ca_ret; | ||
| 555 | if(x->ex_flags & EXFLAG_NSCERT) { | ||
| 556 | if(x->ex_nscert & NS_ANY_CA) return ca_ret; | ||
| 557 | return 0; | ||
| 558 | } | ||
| 559 | return 0; | ||
| 560 | } | ||
| 561 | /* leaf certificate is checked in OCSP_verify() */ | ||
| 562 | return 1; | ||
| 563 | } | ||
| 564 | |||
| 565 | static int no_check(const X509_PURPOSE *xp, const X509 *x, int ca) | ||
| 566 | { | ||
| 567 | return 1; | ||
| 568 | } | ||
| 569 | |||
| 570 | /* Various checks to see if one certificate issued the second. | ||
| 571 | * This can be used to prune a set of possible issuer certificates | ||
| 572 | * which have been looked up using some simple method such as by | ||
| 573 | * subject name. | ||
| 574 | * These are: | ||
| 575 | * 1. Check issuer_name(subject) == subject_name(issuer) | ||
| 576 | * 2. If akid(subject) exists check it matches issuer | ||
| 577 | * 3. If key_usage(issuer) exists check it supports certificate signing | ||
| 578 | * returns 0 for OK, positive for reason for mismatch, reasons match | ||
| 579 | * codes for X509_verify_cert() | ||
| 580 | */ | ||
| 581 | |||
| 582 | int X509_check_issued(X509 *issuer, X509 *subject) | ||
| 583 | { | ||
| 584 | if(X509_NAME_cmp(X509_get_subject_name(issuer), | ||
| 585 | X509_get_issuer_name(subject))) | ||
| 586 | return X509_V_ERR_SUBJECT_ISSUER_MISMATCH; | ||
| 587 | x509v3_cache_extensions(issuer); | ||
| 588 | x509v3_cache_extensions(subject); | ||
| 589 | if(subject->akid) { | ||
| 590 | /* Check key ids (if present) */ | ||
| 591 | if(subject->akid->keyid && issuer->skid && | ||
| 592 | ASN1_OCTET_STRING_cmp(subject->akid->keyid, issuer->skid) ) | ||
| 593 | return X509_V_ERR_AKID_SKID_MISMATCH; | ||
| 594 | /* Check serial number */ | ||
| 595 | if(subject->akid->serial && | ||
| 596 | ASN1_INTEGER_cmp(X509_get_serialNumber(issuer), | ||
| 597 | subject->akid->serial)) | ||
| 598 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | ||
| 599 | /* Check issuer name */ | ||
| 600 | if(subject->akid->issuer) { | ||
| 601 | /* Ugh, for some peculiar reason AKID includes | ||
| 602 | * SEQUENCE OF GeneralName. So look for a DirName. | ||
| 603 | * There may be more than one but we only take any | ||
| 604 | * notice of the first. | ||
| 605 | */ | ||
| 606 | GENERAL_NAMES *gens; | ||
| 607 | GENERAL_NAME *gen; | ||
| 608 | X509_NAME *nm = NULL; | ||
| 609 | int i; | ||
| 610 | gens = subject->akid->issuer; | ||
| 611 | for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) { | ||
| 612 | gen = sk_GENERAL_NAME_value(gens, i); | ||
| 613 | if(gen->type == GEN_DIRNAME) { | ||
| 614 | nm = gen->d.dirn; | ||
| 615 | break; | ||
| 616 | } | ||
| 617 | } | ||
| 618 | if(nm && X509_NAME_cmp(nm, X509_get_issuer_name(issuer))) | ||
| 619 | return X509_V_ERR_AKID_ISSUER_SERIAL_MISMATCH; | ||
| 620 | } | ||
| 621 | } | ||
| 622 | if(ku_reject(issuer, KU_KEY_CERT_SIGN)) return X509_V_ERR_KEYUSAGE_NO_CERTSIGN; | ||
| 623 | return X509_V_OK; | ||
| 624 | } | ||
| 625 | |||
diff --git a/src/lib/libcrypto/x509v3/v3_skey.c b/src/lib/libcrypto/x509v3/v3_skey.c index fb3e36014d..c0f044ac1b 100644 --- a/src/lib/libcrypto/x509v3/v3_skey.c +++ b/src/lib/libcrypto/x509v3/v3_skey.c | |||
| @@ -61,23 +61,14 @@ | |||
| 61 | #include "cryptlib.h" | 61 | #include "cryptlib.h" |
| 62 | #include <openssl/x509v3.h> | 62 | #include <openssl/x509v3.h> |
| 63 | 63 | ||
| 64 | static ASN1_OCTET_STRING *octet_string_new(void); | ||
| 65 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | 64 | static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); |
| 66 | X509V3_EXT_METHOD v3_skey_id = { | 65 | X509V3_EXT_METHOD v3_skey_id = { |
| 67 | NID_subject_key_identifier, 0, | 66 | NID_subject_key_identifier, 0, ASN1_ITEM_ref(ASN1_OCTET_STRING), |
| 68 | (X509V3_EXT_NEW)octet_string_new, | 67 | 0,0,0,0, |
| 69 | (X509V3_EXT_FREE)ASN1_STRING_free, | ||
| 70 | (X509V3_EXT_D2I)d2i_ASN1_OCTET_STRING, | ||
| 71 | (X509V3_EXT_I2D)i2d_ASN1_OCTET_STRING, | ||
| 72 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, | 68 | (X509V3_EXT_I2S)i2s_ASN1_OCTET_STRING, |
| 73 | (X509V3_EXT_S2I)s2i_skey_id, | 69 | (X509V3_EXT_S2I)s2i_skey_id, |
| 74 | NULL, NULL, NULL, NULL, NULL}; | 70 | 0,0,0,0, |
| 75 | 71 | NULL}; | |
| 76 | |||
| 77 | static ASN1_OCTET_STRING *octet_string_new(void) | ||
| 78 | { | ||
| 79 | return ASN1_OCTET_STRING_new(); | ||
| 80 | } | ||
| 81 | 72 | ||
| 82 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | 73 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, |
| 83 | ASN1_OCTET_STRING *oct) | 74 | ASN1_OCTET_STRING *oct) |
| @@ -91,13 +82,13 @@ ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, | |||
| 91 | ASN1_OCTET_STRING *oct; | 82 | ASN1_OCTET_STRING *oct; |
| 92 | long length; | 83 | long length; |
| 93 | 84 | ||
| 94 | if(!(oct = ASN1_OCTET_STRING_new())) { | 85 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
| 95 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); | 86 | X509V3err(X509V3_F_S2I_ASN1_OCTET_STRING,ERR_R_MALLOC_FAILURE); |
| 96 | return NULL; | 87 | return NULL; |
| 97 | } | 88 | } |
| 98 | 89 | ||
| 99 | if(!(oct->data = string_to_hex(str, &length))) { | 90 | if(!(oct->data = string_to_hex(str, &length))) { |
| 100 | ASN1_OCTET_STRING_free(oct); | 91 | M_ASN1_OCTET_STRING_free(oct); |
| 101 | return NULL; | 92 | return NULL; |
| 102 | } | 93 | } |
| 103 | 94 | ||
| @@ -113,12 +104,11 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
| 113 | ASN1_OCTET_STRING *oct; | 104 | ASN1_OCTET_STRING *oct; |
| 114 | ASN1_BIT_STRING *pk; | 105 | ASN1_BIT_STRING *pk; |
| 115 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; | 106 | unsigned char pkey_dig[EVP_MAX_MD_SIZE]; |
| 116 | EVP_MD_CTX md; | ||
| 117 | unsigned int diglen; | 107 | unsigned int diglen; |
| 118 | 108 | ||
| 119 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); | 109 | if(strcmp(str, "hash")) return s2i_ASN1_OCTET_STRING(method, ctx, str); |
| 120 | 110 | ||
| 121 | if(!(oct = ASN1_OCTET_STRING_new())) { | 111 | if(!(oct = M_ASN1_OCTET_STRING_new())) { |
| 122 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 112 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
| 123 | return NULL; | 113 | return NULL; |
| 124 | } | 114 | } |
| @@ -139,11 +129,9 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
| 139 | goto err; | 129 | goto err; |
| 140 | } | 130 | } |
| 141 | 131 | ||
| 142 | EVP_DigestInit(&md, EVP_sha1()); | 132 | EVP_Digest(pk->data, pk->length, pkey_dig, &diglen, EVP_sha1(), NULL); |
| 143 | EVP_DigestUpdate(&md, pk->data, pk->length); | ||
| 144 | EVP_DigestFinal(&md, pkey_dig, &diglen); | ||
| 145 | 133 | ||
| 146 | if(!ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { | 134 | if(!M_ASN1_OCTET_STRING_set(oct, pkey_dig, diglen)) { |
| 147 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); | 135 | X509V3err(X509V3_F_S2I_S2I_SKEY_ID,ERR_R_MALLOC_FAILURE); |
| 148 | goto err; | 136 | goto err; |
| 149 | } | 137 | } |
| @@ -151,6 +139,6 @@ static ASN1_OCTET_STRING *s2i_skey_id(X509V3_EXT_METHOD *method, | |||
| 151 | return oct; | 139 | return oct; |
| 152 | 140 | ||
| 153 | err: | 141 | err: |
| 154 | ASN1_OCTET_STRING_free(oct); | 142 | M_ASN1_OCTET_STRING_free(oct); |
| 155 | return NULL; | 143 | return NULL; |
| 156 | } | 144 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_sxnet.c b/src/lib/libcrypto/x509v3/v3_sxnet.c index 0687bb4e3d..d3f4ba3a72 100644 --- a/src/lib/libcrypto/x509v3/v3_sxnet.c +++ b/src/lib/libcrypto/x509v3/v3_sxnet.c | |||
| @@ -60,7 +60,7 @@ | |||
| 60 | #include "cryptlib.h" | 60 | #include "cryptlib.h" |
| 61 | #include <openssl/conf.h> | 61 | #include <openssl/conf.h> |
| 62 | #include <openssl/asn1.h> | 62 | #include <openssl/asn1.h> |
| 63 | #include <openssl/asn1_mac.h> | 63 | #include <openssl/asn1t.h> |
| 64 | #include <openssl/x509v3.h> | 64 | #include <openssl/x509v3.h> |
| 65 | 65 | ||
| 66 | /* Support for Thawte strong extranet extension */ | 66 | /* Support for Thawte strong extranet extension */ |
| @@ -73,111 +73,33 @@ static SXNET * sxnet_v2i(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, | |||
| 73 | STACK_OF(CONF_VALUE) *nval); | 73 | STACK_OF(CONF_VALUE) *nval); |
| 74 | #endif | 74 | #endif |
| 75 | X509V3_EXT_METHOD v3_sxnet = { | 75 | X509V3_EXT_METHOD v3_sxnet = { |
| 76 | NID_sxnet, X509V3_EXT_MULTILINE, | 76 | NID_sxnet, X509V3_EXT_MULTILINE, ASN1_ITEM_ref(SXNET), |
| 77 | (X509V3_EXT_NEW)SXNET_new, | 77 | 0,0,0,0, |
| 78 | (X509V3_EXT_FREE)SXNET_free, | 78 | 0,0, |
| 79 | (X509V3_EXT_D2I)d2i_SXNET, | 79 | 0, |
| 80 | (X509V3_EXT_I2D)i2d_SXNET, | ||
| 81 | NULL, NULL, | ||
| 82 | NULL, | ||
| 83 | #ifdef SXNET_TEST | 80 | #ifdef SXNET_TEST |
| 84 | (X509V3_EXT_V2I)sxnet_v2i, | 81 | (X509V3_EXT_V2I)sxnet_v2i, |
| 85 | #else | 82 | #else |
| 86 | NULL, | 83 | 0, |
| 87 | #endif | 84 | #endif |
| 88 | (X509V3_EXT_I2R)sxnet_i2r, | 85 | (X509V3_EXT_I2R)sxnet_i2r, |
| 89 | NULL, | 86 | 0, |
| 90 | NULL | 87 | NULL |
| 91 | }; | 88 | }; |
| 92 | 89 | ||
| 90 | ASN1_SEQUENCE(SXNETID) = { | ||
| 91 | ASN1_SIMPLE(SXNETID, zone, ASN1_INTEGER), | ||
| 92 | ASN1_SIMPLE(SXNETID, user, ASN1_OCTET_STRING) | ||
| 93 | } ASN1_SEQUENCE_END(SXNETID) | ||
| 93 | 94 | ||
| 94 | int i2d_SXNET(SXNET *a, unsigned char **pp) | 95 | IMPLEMENT_ASN1_FUNCTIONS(SXNETID) |
| 95 | { | ||
| 96 | M_ASN1_I2D_vars(a); | ||
| 97 | |||
| 98 | M_ASN1_I2D_len (a->version, i2d_ASN1_INTEGER); | ||
| 99 | M_ASN1_I2D_len_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); | ||
| 100 | |||
| 101 | M_ASN1_I2D_seq_total(); | ||
| 102 | |||
| 103 | M_ASN1_I2D_put (a->version, i2d_ASN1_INTEGER); | ||
| 104 | M_ASN1_I2D_put_SEQUENCE_type (SXNETID, a->ids, i2d_SXNETID); | ||
| 105 | 96 | ||
| 106 | M_ASN1_I2D_finish(); | 97 | ASN1_SEQUENCE(SXNET) = { |
| 107 | } | 98 | ASN1_SIMPLE(SXNET, version, ASN1_INTEGER), |
| 108 | 99 | ASN1_SEQUENCE_OF(SXNET, ids, SXNETID) | |
| 109 | SXNET *SXNET_new(void) | 100 | } ASN1_SEQUENCE_END(SXNET) |
| 110 | { | ||
| 111 | SXNET *ret=NULL; | ||
| 112 | ASN1_CTX c; | ||
| 113 | M_ASN1_New_Malloc(ret, SXNET); | ||
| 114 | M_ASN1_New(ret->version,ASN1_INTEGER_new); | ||
| 115 | M_ASN1_New(ret->ids,sk_SXNETID_new_null); | ||
| 116 | return (ret); | ||
| 117 | M_ASN1_New_Error(ASN1_F_SXNET_NEW); | ||
| 118 | } | ||
| 119 | 101 | ||
| 120 | SXNET *d2i_SXNET(SXNET **a, unsigned char **pp, long length) | 102 | IMPLEMENT_ASN1_FUNCTIONS(SXNET) |
| 121 | { | ||
| 122 | M_ASN1_D2I_vars(a,SXNET *,SXNET_new); | ||
| 123 | M_ASN1_D2I_Init(); | ||
| 124 | M_ASN1_D2I_start_sequence(); | ||
| 125 | M_ASN1_D2I_get (ret->version, d2i_ASN1_INTEGER); | ||
| 126 | M_ASN1_D2I_get_seq_type (SXNETID, ret->ids, d2i_SXNETID, SXNETID_free); | ||
| 127 | M_ASN1_D2I_Finish(a, SXNET_free, ASN1_F_D2I_SXNET); | ||
| 128 | } | ||
| 129 | |||
| 130 | void SXNET_free(SXNET *a) | ||
| 131 | { | ||
| 132 | if (a == NULL) return; | ||
| 133 | ASN1_INTEGER_free(a->version); | ||
| 134 | sk_SXNETID_pop_free(a->ids, SXNETID_free); | ||
| 135 | Free (a); | ||
| 136 | } | ||
| 137 | |||
| 138 | int i2d_SXNETID(SXNETID *a, unsigned char **pp) | ||
| 139 | { | ||
| 140 | M_ASN1_I2D_vars(a); | ||
| 141 | |||
| 142 | M_ASN1_I2D_len (a->zone, i2d_ASN1_INTEGER); | ||
| 143 | M_ASN1_I2D_len (a->user, i2d_ASN1_OCTET_STRING); | ||
| 144 | |||
| 145 | M_ASN1_I2D_seq_total(); | ||
| 146 | |||
| 147 | M_ASN1_I2D_put (a->zone, i2d_ASN1_INTEGER); | ||
| 148 | M_ASN1_I2D_put (a->user, i2d_ASN1_OCTET_STRING); | ||
| 149 | |||
| 150 | M_ASN1_I2D_finish(); | ||
| 151 | } | ||
| 152 | |||
| 153 | SXNETID *SXNETID_new(void) | ||
| 154 | { | ||
| 155 | SXNETID *ret=NULL; | ||
| 156 | ASN1_CTX c; | ||
| 157 | M_ASN1_New_Malloc(ret, SXNETID); | ||
| 158 | ret->zone = NULL; | ||
| 159 | M_ASN1_New(ret->user,ASN1_OCTET_STRING_new); | ||
| 160 | return (ret); | ||
| 161 | M_ASN1_New_Error(ASN1_F_SXNETID_NEW); | ||
| 162 | } | ||
| 163 | |||
| 164 | SXNETID *d2i_SXNETID(SXNETID **a, unsigned char **pp, long length) | ||
| 165 | { | ||
| 166 | M_ASN1_D2I_vars(a,SXNETID *,SXNETID_new); | ||
| 167 | M_ASN1_D2I_Init(); | ||
| 168 | M_ASN1_D2I_start_sequence(); | ||
| 169 | M_ASN1_D2I_get(ret->zone, d2i_ASN1_INTEGER); | ||
| 170 | M_ASN1_D2I_get(ret->user, d2i_ASN1_OCTET_STRING); | ||
| 171 | M_ASN1_D2I_Finish(a, SXNETID_free, ASN1_F_D2I_SXNETID); | ||
| 172 | } | ||
| 173 | |||
| 174 | void SXNETID_free(SXNETID *a) | ||
| 175 | { | ||
| 176 | if (a == NULL) return; | ||
| 177 | ASN1_INTEGER_free(a->zone); | ||
| 178 | ASN1_OCTET_STRING_free(a->user); | ||
| 179 | Free (a); | ||
| 180 | } | ||
| 181 | 103 | ||
| 182 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, | 104 | static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, |
| 183 | int indent) | 105 | int indent) |
| @@ -192,8 +114,8 @@ static int sxnet_i2r(X509V3_EXT_METHOD *method, SXNET *sx, BIO *out, | |||
| 192 | id = sk_SXNETID_value(sx->ids, i); | 114 | id = sk_SXNETID_value(sx->ids, i); |
| 193 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); | 115 | tmp = i2s_ASN1_INTEGER(NULL, id->zone); |
| 194 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); | 116 | BIO_printf(out, "\n%*sZone: %s, User: ", indent, "", tmp); |
| 195 | Free(tmp); | 117 | OPENSSL_free(tmp); |
| 196 | ASN1_OCTET_STRING_print(out, id->user); | 118 | M_ASN1_OCTET_STRING_print(out, id->user); |
| 197 | } | 119 | } |
| 198 | return 1; | 120 | return 1; |
| 199 | } | 121 | } |
| @@ -244,9 +166,9 @@ int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, | |||
| 244 | int userlen) | 166 | int userlen) |
| 245 | { | 167 | { |
| 246 | ASN1_INTEGER *izone = NULL; | 168 | ASN1_INTEGER *izone = NULL; |
| 247 | if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | 169 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
| 248 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); | 170 | X509V3err(X509V3_F_SXNET_ADD_ID_ULONG,ERR_R_MALLOC_FAILURE); |
| 249 | ASN1_INTEGER_free(izone); | 171 | M_ASN1_INTEGER_free(izone); |
| 250 | return 0; | 172 | return 0; |
| 251 | } | 173 | } |
| 252 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); | 174 | return SXNET_add_id_INTEGER(psx, izone, user, userlen); |
| @@ -285,7 +207,7 @@ int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *zone, char *user, | |||
| 285 | if(!(id = SXNETID_new())) goto err; | 207 | if(!(id = SXNETID_new())) goto err; |
| 286 | if(userlen == -1) userlen = strlen(user); | 208 | if(userlen == -1) userlen = strlen(user); |
| 287 | 209 | ||
| 288 | if(!ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; | 210 | if(!M_ASN1_OCTET_STRING_set(id->user, user, userlen)) goto err; |
| 289 | if(!sk_SXNETID_push(sx->ids, id)) goto err; | 211 | if(!sk_SXNETID_push(sx->ids, id)) goto err; |
| 290 | id->zone = zone; | 212 | id->zone = zone; |
| 291 | return 1; | 213 | return 1; |
| @@ -307,7 +229,7 @@ ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone) | |||
| 307 | return NULL; | 229 | return NULL; |
| 308 | } | 230 | } |
| 309 | oct = SXNET_get_id_INTEGER(sx, izone); | 231 | oct = SXNET_get_id_INTEGER(sx, izone); |
| 310 | ASN1_INTEGER_free(izone); | 232 | M_ASN1_INTEGER_free(izone); |
| 311 | return oct; | 233 | return oct; |
| 312 | } | 234 | } |
| 313 | 235 | ||
| @@ -315,13 +237,13 @@ ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone) | |||
| 315 | { | 237 | { |
| 316 | ASN1_INTEGER *izone = NULL; | 238 | ASN1_INTEGER *izone = NULL; |
| 317 | ASN1_OCTET_STRING *oct; | 239 | ASN1_OCTET_STRING *oct; |
| 318 | if(!(izone = ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { | 240 | if(!(izone = M_ASN1_INTEGER_new()) || !ASN1_INTEGER_set(izone, lzone)) { |
| 319 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); | 241 | X509V3err(X509V3_F_SXNET_GET_ID_ULONG,ERR_R_MALLOC_FAILURE); |
| 320 | ASN1_INTEGER_free(izone); | 242 | M_ASN1_INTEGER_free(izone); |
| 321 | return NULL; | 243 | return NULL; |
| 322 | } | 244 | } |
| 323 | oct = SXNET_get_id_INTEGER(sx, izone); | 245 | oct = SXNET_get_id_INTEGER(sx, izone); |
| 324 | ASN1_INTEGER_free(izone); | 246 | M_ASN1_INTEGER_free(izone); |
| 325 | return oct; | 247 | return oct; |
| 326 | } | 248 | } |
| 327 | 249 | ||
| @@ -331,7 +253,7 @@ ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone) | |||
| 331 | int i; | 253 | int i; |
| 332 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { | 254 | for(i = 0; i < sk_SXNETID_num(sx->ids); i++) { |
| 333 | id = sk_SXNETID_value(sx->ids, i); | 255 | id = sk_SXNETID_value(sx->ids, i); |
| 334 | if(!ASN1_INTEGER_cmp(id->zone, zone)) return id->user; | 256 | if(!M_ASN1_INTEGER_cmp(id->zone, zone)) return id->user; |
| 335 | } | 257 | } |
| 336 | return NULL; | 258 | return NULL; |
| 337 | } | 259 | } |
diff --git a/src/lib/libcrypto/x509v3/v3_utl.c b/src/lib/libcrypto/x509v3/v3_utl.c index 40f71c71b4..283e943e46 100644 --- a/src/lib/libcrypto/x509v3/v3_utl.c +++ b/src/lib/libcrypto/x509v3/v3_utl.c | |||
| @@ -65,6 +65,10 @@ | |||
| 65 | #include <openssl/x509v3.h> | 65 | #include <openssl/x509v3.h> |
| 66 | 66 | ||
| 67 | static char *strip_spaces(char *name); | 67 | static char *strip_spaces(char *name); |
| 68 | static int sk_strcmp(const char * const *a, const char * const *b); | ||
| 69 | static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens); | ||
| 70 | static void str_free(void *str); | ||
| 71 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email); | ||
| 68 | 72 | ||
| 69 | /* Add a CONF_VALUE name value pair to stack */ | 73 | /* Add a CONF_VALUE name value pair to stack */ |
| 70 | 74 | ||
| @@ -75,8 +79,8 @@ int X509V3_add_value(const char *name, const char *value, | |||
| 75 | char *tname = NULL, *tvalue = NULL; | 79 | char *tname = NULL, *tvalue = NULL; |
| 76 | if(name && !(tname = BUF_strdup(name))) goto err; | 80 | if(name && !(tname = BUF_strdup(name))) goto err; |
| 77 | if(value && !(tvalue = BUF_strdup(value))) goto err;; | 81 | if(value && !(tvalue = BUF_strdup(value))) goto err;; |
| 78 | if(!(vtmp = (CONF_VALUE *)Malloc(sizeof(CONF_VALUE)))) goto err; | 82 | if(!(vtmp = (CONF_VALUE *)OPENSSL_malloc(sizeof(CONF_VALUE)))) goto err; |
| 79 | if(!*extlist && !(*extlist = sk_CONF_VALUE_new(NULL))) goto err; | 83 | if(!*extlist && !(*extlist = sk_CONF_VALUE_new_null())) goto err; |
| 80 | vtmp->section = NULL; | 84 | vtmp->section = NULL; |
| 81 | vtmp->name = tname; | 85 | vtmp->name = tname; |
| 82 | vtmp->value = tvalue; | 86 | vtmp->value = tvalue; |
| @@ -84,9 +88,9 @@ int X509V3_add_value(const char *name, const char *value, | |||
| 84 | return 1; | 88 | return 1; |
| 85 | err: | 89 | err: |
| 86 | X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); | 90 | X509V3err(X509V3_F_X509V3_ADD_VALUE,ERR_R_MALLOC_FAILURE); |
| 87 | if(vtmp) Free(vtmp); | 91 | if(vtmp) OPENSSL_free(vtmp); |
| 88 | if(tname) Free(tname); | 92 | if(tname) OPENSSL_free(tname); |
| 89 | if(tvalue) Free(tvalue); | 93 | if(tvalue) OPENSSL_free(tvalue); |
| 90 | return 0; | 94 | return 0; |
| 91 | } | 95 | } |
| 92 | 96 | ||
| @@ -101,10 +105,10 @@ int X509V3_add_value_uchar(const char *name, const unsigned char *value, | |||
| 101 | void X509V3_conf_free(CONF_VALUE *conf) | 105 | void X509V3_conf_free(CONF_VALUE *conf) |
| 102 | { | 106 | { |
| 103 | if(!conf) return; | 107 | if(!conf) return; |
| 104 | if(conf->name) Free(conf->name); | 108 | if(conf->name) OPENSSL_free(conf->name); |
| 105 | if(conf->value) Free(conf->value); | 109 | if(conf->value) OPENSSL_free(conf->value); |
| 106 | if(conf->section) Free(conf->section); | 110 | if(conf->section) OPENSSL_free(conf->section); |
| 107 | Free((char *)conf); | 111 | OPENSSL_free(conf); |
| 108 | } | 112 | } |
| 109 | 113 | ||
| 110 | int X509V3_add_value_bool(const char *name, int asn1_bool, | 114 | int X509V3_add_value_bool(const char *name, int asn1_bool, |
| @@ -150,21 +154,40 @@ ASN1_INTEGER *s2i_ASN1_INTEGER(X509V3_EXT_METHOD *method, char *value) | |||
| 150 | { | 154 | { |
| 151 | BIGNUM *bn = NULL; | 155 | BIGNUM *bn = NULL; |
| 152 | ASN1_INTEGER *aint; | 156 | ASN1_INTEGER *aint; |
| 157 | int isneg, ishex; | ||
| 158 | int ret; | ||
| 153 | bn = BN_new(); | 159 | bn = BN_new(); |
| 154 | if(!value) { | 160 | if (!value) { |
| 155 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); | 161 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_INVALID_NULL_VALUE); |
| 156 | return 0; | 162 | return 0; |
| 157 | } | 163 | } |
| 158 | if(!BN_dec2bn(&bn, value)) { | 164 | if (value[0] == '-') { |
| 165 | value++; | ||
| 166 | isneg = 1; | ||
| 167 | } else isneg = 0; | ||
| 168 | |||
| 169 | if (value[0] == '0' && ((value[1] == 'x') || (value[1] == 'X'))) { | ||
| 170 | value += 2; | ||
| 171 | ishex = 1; | ||
| 172 | } else ishex = 0; | ||
| 173 | |||
| 174 | if (ishex) ret = BN_hex2bn(&bn, value); | ||
| 175 | else ret = BN_dec2bn(&bn, value); | ||
| 176 | |||
| 177 | if (!ret) { | ||
| 159 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); | 178 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_DEC2BN_ERROR); |
| 160 | return 0; | 179 | return 0; |
| 161 | } | 180 | } |
| 162 | 181 | ||
| 163 | if(!(aint = BN_to_ASN1_INTEGER(bn, NULL))) { | 182 | if (isneg && BN_is_zero(bn)) isneg = 0; |
| 183 | |||
| 184 | aint = BN_to_ASN1_INTEGER(bn, NULL); | ||
| 185 | BN_free(bn); | ||
| 186 | if (!aint) { | ||
| 164 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); | 187 | X509V3err(X509V3_F_S2I_ASN1_INTEGER,X509V3_R_BN_TO_ASN1_INTEGER_ERROR); |
| 165 | return 0; | 188 | return 0; |
| 166 | } | 189 | } |
| 167 | BN_free(bn); | 190 | if (isneg) aint->type |= V_ASN1_NEG; |
| 168 | return aint; | 191 | return aint; |
| 169 | } | 192 | } |
| 170 | 193 | ||
| @@ -176,7 +199,7 @@ int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | |||
| 176 | if(!aint) return 1; | 199 | if(!aint) return 1; |
| 177 | if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; | 200 | if(!(strtmp = i2s_ASN1_INTEGER(NULL, aint))) return 0; |
| 178 | ret = X509V3_add_value(name, strtmp, extlist); | 201 | ret = X509V3_add_value(name, strtmp, extlist); |
| 179 | Free(strtmp); | 202 | OPENSSL_free(strtmp); |
| 180 | return ret; | 203 | return ret; |
| 181 | } | 204 | } |
| 182 | 205 | ||
| @@ -217,7 +240,7 @@ int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint) | |||
| 217 | 240 | ||
| 218 | /*#define DEBUG*/ | 241 | /*#define DEBUG*/ |
| 219 | 242 | ||
| 220 | STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | 243 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line) |
| 221 | { | 244 | { |
| 222 | char *p, *q, c; | 245 | char *p, *q, c; |
| 223 | char *ntmp, *vtmp; | 246 | char *ntmp, *vtmp; |
| @@ -246,7 +269,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | |||
| 246 | *p = 0; | 269 | *p = 0; |
| 247 | ntmp = strip_spaces(q); | 270 | ntmp = strip_spaces(q); |
| 248 | q = p + 1; | 271 | q = p + 1; |
| 249 | #ifdef DEBUG | 272 | #if 0 |
| 250 | printf("%s\n", ntmp); | 273 | printf("%s\n", ntmp); |
| 251 | #endif | 274 | #endif |
| 252 | if(!ntmp) { | 275 | if(!ntmp) { |
| @@ -262,7 +285,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | |||
| 262 | state = HDR_NAME; | 285 | state = HDR_NAME; |
| 263 | *p = 0; | 286 | *p = 0; |
| 264 | vtmp = strip_spaces(q); | 287 | vtmp = strip_spaces(q); |
| 265 | #ifdef DEBUG | 288 | #if 0 |
| 266 | printf("%s\n", ntmp); | 289 | printf("%s\n", ntmp); |
| 267 | #endif | 290 | #endif |
| 268 | if(!vtmp) { | 291 | if(!vtmp) { |
| @@ -279,7 +302,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | |||
| 279 | 302 | ||
| 280 | if(state == HDR_VALUE) { | 303 | if(state == HDR_VALUE) { |
| 281 | vtmp = strip_spaces(q); | 304 | vtmp = strip_spaces(q); |
| 282 | #ifdef DEBUG | 305 | #if 0 |
| 283 | printf("%s=%s\n", ntmp, vtmp); | 306 | printf("%s=%s\n", ntmp, vtmp); |
| 284 | #endif | 307 | #endif |
| 285 | if(!vtmp) { | 308 | if(!vtmp) { |
| @@ -289,7 +312,7 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | |||
| 289 | X509V3_add_value(ntmp, vtmp, &values); | 312 | X509V3_add_value(ntmp, vtmp, &values); |
| 290 | } else { | 313 | } else { |
| 291 | ntmp = strip_spaces(q); | 314 | ntmp = strip_spaces(q); |
| 292 | #ifdef DEBUG | 315 | #if 0 |
| 293 | printf("%s\n", ntmp); | 316 | printf("%s\n", ntmp); |
| 294 | #endif | 317 | #endif |
| 295 | if(!ntmp) { | 318 | if(!ntmp) { |
| @@ -298,11 +321,11 @@ STACK_OF(CONF_VALUE) *X509V3_parse_list(char *line) | |||
| 298 | } | 321 | } |
| 299 | X509V3_add_value(ntmp, NULL, &values); | 322 | X509V3_add_value(ntmp, NULL, &values); |
| 300 | } | 323 | } |
| 301 | Free(linebuf); | 324 | OPENSSL_free(linebuf); |
| 302 | return values; | 325 | return values; |
| 303 | 326 | ||
| 304 | err: | 327 | err: |
| 305 | Free(linebuf); | 328 | OPENSSL_free(linebuf); |
| 306 | sk_CONF_VALUE_pop_free(values, X509V3_conf_free); | 329 | sk_CONF_VALUE_pop_free(values, X509V3_conf_free); |
| 307 | return NULL; | 330 | return NULL; |
| 308 | 331 | ||
| @@ -325,8 +348,9 @@ static char *strip_spaces(char *name) | |||
| 325 | 348 | ||
| 326 | /* hex string utilities */ | 349 | /* hex string utilities */ |
| 327 | 350 | ||
| 328 | /* Given a buffer of length 'len' return a Malloc'ed string with its | 351 | /* Given a buffer of length 'len' return a OPENSSL_malloc'ed string with its |
| 329 | * hex representation | 352 | * hex representation |
| 353 | * @@@ (Contents of buffer are always kept in ASCII, also on EBCDIC machines) | ||
| 330 | */ | 354 | */ |
| 331 | 355 | ||
| 332 | char *hex_to_string(unsigned char *buffer, long len) | 356 | char *hex_to_string(unsigned char *buffer, long len) |
| @@ -336,7 +360,7 @@ char *hex_to_string(unsigned char *buffer, long len) | |||
| 336 | int i; | 360 | int i; |
| 337 | static char hexdig[] = "0123456789ABCDEF"; | 361 | static char hexdig[] = "0123456789ABCDEF"; |
| 338 | if(!buffer || !len) return NULL; | 362 | if(!buffer || !len) return NULL; |
| 339 | if(!(tmp = Malloc(len * 3 + 1))) { | 363 | if(!(tmp = OPENSSL_malloc(len * 3 + 1))) { |
| 340 | X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); | 364 | X509V3err(X509V3_F_HEX_TO_STRING,ERR_R_MALLOC_FAILURE); |
| 341 | return NULL; | 365 | return NULL; |
| 342 | } | 366 | } |
| @@ -347,6 +371,10 @@ char *hex_to_string(unsigned char *buffer, long len) | |||
| 347 | *q++ = ':'; | 371 | *q++ = ':'; |
| 348 | } | 372 | } |
| 349 | q[-1] = 0; | 373 | q[-1] = 0; |
| 374 | #ifdef CHARSET_EBCDIC | ||
| 375 | ebcdic2ascii(tmp, tmp, q - tmp - 1); | ||
| 376 | #endif | ||
| 377 | |||
| 350 | return tmp; | 378 | return tmp; |
| 351 | } | 379 | } |
| 352 | 380 | ||
| @@ -362,14 +390,20 @@ unsigned char *string_to_hex(char *str, long *len) | |||
| 362 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); | 390 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_INVALID_NULL_ARGUMENT); |
| 363 | return NULL; | 391 | return NULL; |
| 364 | } | 392 | } |
| 365 | if(!(hexbuf = Malloc(strlen(str) >> 1))) goto err; | 393 | if(!(hexbuf = OPENSSL_malloc(strlen(str) >> 1))) goto err; |
| 366 | for(p = (unsigned char *)str, q = hexbuf; *p;) { | 394 | for(p = (unsigned char *)str, q = hexbuf; *p;) { |
| 367 | ch = *p++; | 395 | ch = *p++; |
| 396 | #ifdef CHARSET_EBCDIC | ||
| 397 | ch = os_toebcdic[ch]; | ||
| 398 | #endif | ||
| 368 | if(ch == ':') continue; | 399 | if(ch == ':') continue; |
| 369 | cl = *p++; | 400 | cl = *p++; |
| 401 | #ifdef CHARSET_EBCDIC | ||
| 402 | cl = os_toebcdic[cl]; | ||
| 403 | #endif | ||
| 370 | if(!cl) { | 404 | if(!cl) { |
| 371 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); | 405 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ODD_NUMBER_OF_DIGITS); |
| 372 | Free(hexbuf); | 406 | OPENSSL_free(hexbuf); |
| 373 | return NULL; | 407 | return NULL; |
| 374 | } | 408 | } |
| 375 | if(isupper(ch)) ch = tolower(ch); | 409 | if(isupper(ch)) ch = tolower(ch); |
| @@ -391,12 +425,12 @@ unsigned char *string_to_hex(char *str, long *len) | |||
| 391 | return hexbuf; | 425 | return hexbuf; |
| 392 | 426 | ||
| 393 | err: | 427 | err: |
| 394 | if(hexbuf) Free(hexbuf); | 428 | if(hexbuf) OPENSSL_free(hexbuf); |
| 395 | X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); | 429 | X509V3err(X509V3_F_STRING_TO_HEX,ERR_R_MALLOC_FAILURE); |
| 396 | return NULL; | 430 | return NULL; |
| 397 | 431 | ||
| 398 | badhex: | 432 | badhex: |
| 399 | Free(hexbuf); | 433 | OPENSSL_free(hexbuf); |
| 400 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); | 434 | X509V3err(X509V3_F_STRING_TO_HEX,X509V3_R_ILLEGAL_HEX_DIGIT); |
| 401 | return NULL; | 435 | return NULL; |
| 402 | 436 | ||
| @@ -416,3 +450,86 @@ int name_cmp(const char *name, const char *cmp) | |||
| 416 | if(!c || (c=='.')) return 0; | 450 | if(!c || (c=='.')) return 0; |
| 417 | return 1; | 451 | return 1; |
| 418 | } | 452 | } |
| 453 | |||
| 454 | static int sk_strcmp(const char * const *a, const char * const *b) | ||
| 455 | { | ||
| 456 | return strcmp(*a, *b); | ||
| 457 | } | ||
| 458 | |||
| 459 | STACK *X509_get1_email(X509 *x) | ||
| 460 | { | ||
| 461 | GENERAL_NAMES *gens; | ||
| 462 | STACK *ret; | ||
| 463 | gens = X509_get_ext_d2i(x, NID_subject_alt_name, NULL, NULL); | ||
| 464 | ret = get_email(X509_get_subject_name(x), gens); | ||
| 465 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 466 | return ret; | ||
| 467 | } | ||
| 468 | |||
| 469 | STACK *X509_REQ_get1_email(X509_REQ *x) | ||
| 470 | { | ||
| 471 | GENERAL_NAMES *gens; | ||
| 472 | STACK_OF(X509_EXTENSION) *exts; | ||
| 473 | STACK *ret; | ||
| 474 | exts = X509_REQ_get_extensions(x); | ||
| 475 | gens = X509V3_get_d2i(exts, NID_subject_alt_name, NULL, NULL); | ||
| 476 | ret = get_email(X509_REQ_get_subject_name(x), gens); | ||
| 477 | sk_GENERAL_NAME_pop_free(gens, GENERAL_NAME_free); | ||
| 478 | sk_X509_EXTENSION_pop_free(exts, X509_EXTENSION_free); | ||
| 479 | return ret; | ||
| 480 | } | ||
| 481 | |||
| 482 | |||
| 483 | static STACK *get_email(X509_NAME *name, GENERAL_NAMES *gens) | ||
| 484 | { | ||
| 485 | STACK *ret = NULL; | ||
| 486 | X509_NAME_ENTRY *ne; | ||
| 487 | ASN1_IA5STRING *email; | ||
| 488 | GENERAL_NAME *gen; | ||
| 489 | int i; | ||
| 490 | /* Now add any email address(es) to STACK */ | ||
| 491 | i = -1; | ||
| 492 | /* First supplied X509_NAME */ | ||
| 493 | while((i = X509_NAME_get_index_by_NID(name, | ||
| 494 | NID_pkcs9_emailAddress, i)) > 0) { | ||
| 495 | ne = X509_NAME_get_entry(name, i); | ||
| 496 | email = X509_NAME_ENTRY_get_data(ne); | ||
| 497 | if(!append_ia5(&ret, email)) return NULL; | ||
| 498 | } | ||
| 499 | for(i = 0; i < sk_GENERAL_NAME_num(gens); i++) | ||
| 500 | { | ||
| 501 | gen = sk_GENERAL_NAME_value(gens, i); | ||
| 502 | if(gen->type != GEN_EMAIL) continue; | ||
| 503 | if(!append_ia5(&ret, gen->d.ia5)) return NULL; | ||
| 504 | } | ||
| 505 | return ret; | ||
| 506 | } | ||
| 507 | |||
| 508 | static void str_free(void *str) | ||
| 509 | { | ||
| 510 | OPENSSL_free(str); | ||
| 511 | } | ||
| 512 | |||
| 513 | static int append_ia5(STACK **sk, ASN1_IA5STRING *email) | ||
| 514 | { | ||
| 515 | char *emtmp; | ||
| 516 | /* First some sanity checks */ | ||
| 517 | if(email->type != V_ASN1_IA5STRING) return 1; | ||
| 518 | if(!email->data || !email->length) return 1; | ||
| 519 | if(!*sk) *sk = sk_new(sk_strcmp); | ||
| 520 | if(!*sk) return 0; | ||
| 521 | /* Don't add duplicates */ | ||
| 522 | if(sk_find(*sk, (char *)email->data) != -1) return 1; | ||
| 523 | emtmp = BUF_strdup((char *)email->data); | ||
| 524 | if(!emtmp || !sk_push(*sk, emtmp)) { | ||
| 525 | X509_email_free(*sk); | ||
| 526 | *sk = NULL; | ||
| 527 | return 0; | ||
| 528 | } | ||
| 529 | return 1; | ||
| 530 | } | ||
| 531 | |||
| 532 | void X509_email_free(STACK *sk) | ||
| 533 | { | ||
| 534 | sk_pop_free(sk, str_free); | ||
| 535 | } | ||
diff --git a/src/lib/libcrypto/x509v3/v3err.c b/src/lib/libcrypto/x509v3/v3err.c index 50efa8d99d..6458e95bb9 100644 --- a/src/lib/libcrypto/x509v3/v3err.c +++ b/src/lib/libcrypto/x509v3/v3err.c | |||
| @@ -54,7 +54,8 @@ | |||
| 54 | */ | 54 | */ |
| 55 | 55 | ||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes |
| 57 | * made to it will be overwritten when the script next updates this file. | 57 | * made to it will be overwritten when the script next updates this file, |
| 58 | * only reason strings will be preserved. | ||
| 58 | */ | 59 | */ |
| 59 | 60 | ||
| 60 | #include <stdio.h> | 61 | #include <stdio.h> |
| @@ -62,7 +63,7 @@ | |||
| 62 | #include <openssl/x509v3.h> | 63 | #include <openssl/x509v3.h> |
| 63 | 64 | ||
| 64 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 65 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 66 | static ERR_STRING_DATA X509V3_str_functs[]= | 67 | static ERR_STRING_DATA X509V3_str_functs[]= |
| 67 | { | 68 | { |
| 68 | {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, | 69 | {ERR_PACK(0,X509V3_F_COPY_EMAIL,0), "COPY_EMAIL"}, |
| @@ -72,6 +73,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 72 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, | 73 | {ERR_PACK(0,X509V3_F_HEX_TO_STRING,0), "hex_to_string"}, |
| 73 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, | 74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_ENUMERATED,0), "i2s_ASN1_ENUMERATED"}, |
| 74 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, | 75 | {ERR_PACK(0,X509V3_F_I2S_ASN1_INTEGER,0), "i2s_ASN1_INTEGER"}, |
| 76 | {ERR_PACK(0,X509V3_F_I2V_AUTHORITY_INFO_ACCESS,0), "I2V_AUTHORITY_INFO_ACCESS"}, | ||
| 75 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, | 77 | {ERR_PACK(0,X509V3_F_NOTICE_SECTION,0), "NOTICE_SECTION"}, |
| 76 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, | 78 | {ERR_PACK(0,X509V3_F_NREF_NOS,0), "NREF_NOS"}, |
| 77 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, | 79 | {ERR_PACK(0,X509V3_F_POLICY_SECTION,0), "POLICY_SECTION"}, |
| @@ -87,6 +89,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 87 | {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, | 89 | {ERR_PACK(0,X509V3_F_SXNET_ADD_ID_ULONG,0), "SXNET_add_id_ulong"}, |
| 88 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, | 90 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ASC,0), "SXNET_get_id_asc"}, |
| 89 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, | 91 | {ERR_PACK(0,X509V3_F_SXNET_GET_ID_ULONG,0), "SXNET_get_id_ulong"}, |
| 92 | {ERR_PACK(0,X509V3_F_V2I_ACCESS_DESCRIPTION,0), "V2I_ACCESS_DESCRIPTION"}, | ||
| 90 | {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, | 93 | {ERR_PACK(0,X509V3_F_V2I_ASN1_BIT_STRING,0), "V2I_ASN1_BIT_STRING"}, |
| 91 | {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, | 94 | {ERR_PACK(0,X509V3_F_V2I_AUTHORITY_KEYID,0), "V2I_AUTHORITY_KEYID"}, |
| 92 | {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, | 95 | {ERR_PACK(0,X509V3_F_V2I_BASIC_CONSTRAINTS,0), "V2I_BASIC_CONSTRAINTS"}, |
| @@ -95,6 +98,7 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 95 | {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, | 98 | {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAME,0), "v2i_GENERAL_NAME"}, |
| 96 | {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, | 99 | {ERR_PACK(0,X509V3_F_V2I_GENERAL_NAMES,0), "v2i_GENERAL_NAMES"}, |
| 97 | {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, | 100 | {ERR_PACK(0,X509V3_F_V3_GENERIC_EXTENSION,0), "V3_GENERIC_EXTENSION"}, |
| 101 | {ERR_PACK(0,X509V3_F_X509V3_ADD_I2D,0), "X509V3_ADD_I2D"}, | ||
| 98 | {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, | 102 | {ERR_PACK(0,X509V3_F_X509V3_ADD_VALUE,0), "X509V3_add_value"}, |
| 99 | {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, | 103 | {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD,0), "X509V3_EXT_add"}, |
| 100 | {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, | 104 | {ERR_PACK(0,X509V3_F_X509V3_EXT_ADD_ALIAS,0), "X509V3_EXT_add_alias"}, |
| @@ -102,6 +106,8 @@ static ERR_STRING_DATA X509V3_str_functs[]= | |||
| 102 | {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, | 106 | {ERR_PACK(0,X509V3_F_X509V3_EXT_I2D,0), "X509V3_EXT_i2d"}, |
| 103 | {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, | 107 | {ERR_PACK(0,X509V3_F_X509V3_GET_VALUE_BOOL,0), "X509V3_get_value_bool"}, |
| 104 | {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, | 108 | {ERR_PACK(0,X509V3_F_X509V3_PARSE_LIST,0), "X509V3_parse_list"}, |
| 109 | {ERR_PACK(0,X509V3_F_X509_PURPOSE_ADD,0), "X509_PURPOSE_add"}, | ||
| 110 | {ERR_PACK(0,X509V3_F_X509_PURPOSE_SET,0), "X509_PURPOSE_set"}, | ||
| 105 | {0,NULL} | 111 | {0,NULL} |
| 106 | }; | 112 | }; |
| 107 | 113 | ||
| @@ -113,8 +119,10 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 113 | {X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, | 119 | {X509V3_R_BN_TO_ASN1_INTEGER_ERROR ,"bn to asn1 integer error"}, |
| 114 | {X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, | 120 | {X509V3_R_DUPLICATE_ZONE_ID ,"duplicate zone id"}, |
| 115 | {X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, | 121 | {X509V3_R_ERROR_CONVERTING_ZONE ,"error converting zone"}, |
| 122 | {X509V3_R_ERROR_CREATING_EXTENSION ,"error creating extension"}, | ||
| 116 | {X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, | 123 | {X509V3_R_ERROR_IN_EXTENSION ,"error in extension"}, |
| 117 | {X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, | 124 | {X509V3_R_EXPECTED_A_SECTION_NAME ,"expected a section name"}, |
| 125 | {X509V3_R_EXTENSION_EXISTS ,"extension exists"}, | ||
| 118 | {X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, | 126 | {X509V3_R_EXTENSION_NAME_ERROR ,"extension name error"}, |
| 119 | {X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, | 127 | {X509V3_R_EXTENSION_NOT_FOUND ,"extension not found"}, |
| 120 | {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, | 128 | {X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED,"extension setting not supported"}, |
| @@ -131,7 +139,9 @@ static ERR_STRING_DATA X509V3_str_reasons[]= | |||
| 131 | {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, | 139 | {X509V3_R_INVALID_OBJECT_IDENTIFIER ,"invalid object identifier"}, |
| 132 | {X509V3_R_INVALID_OPTION ,"invalid option"}, | 140 | {X509V3_R_INVALID_OPTION ,"invalid option"}, |
| 133 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, | 141 | {X509V3_R_INVALID_POLICY_IDENTIFIER ,"invalid policy identifier"}, |
| 142 | {X509V3_R_INVALID_PURPOSE ,"invalid purpose"}, | ||
| 134 | {X509V3_R_INVALID_SECTION ,"invalid section"}, | 143 | {X509V3_R_INVALID_SECTION ,"invalid section"}, |
| 144 | {X509V3_R_INVALID_SYNTAX ,"invalid syntax"}, | ||
| 135 | {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, | 145 | {X509V3_R_ISSUER_DECODE_ERROR ,"issuer decode error"}, |
| 136 | {X509V3_R_MISSING_VALUE ,"missing value"}, | 146 | {X509V3_R_MISSING_VALUE ,"missing value"}, |
| 137 | {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, | 147 | {X509V3_R_NEED_ORGANIZATION_AND_NUMBERS ,"need organization and numbers"}, |
| @@ -162,7 +172,7 @@ void ERR_load_X509V3_strings(void) | |||
| 162 | if (init) | 172 | if (init) |
| 163 | { | 173 | { |
| 164 | init=0; | 174 | init=0; |
| 165 | #ifndef NO_ERR | 175 | #ifndef OPENSSL_NO_ERR |
| 166 | ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); | 176 | ERR_load_strings(ERR_LIB_X509V3,X509V3_str_functs); |
| 167 | ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); | 177 | ERR_load_strings(ERR_LIB_X509V3,X509V3_str_reasons); |
| 168 | #endif | 178 | #endif |
diff --git a/src/lib/libcrypto/x509v3/x509v3.h b/src/lib/libcrypto/x509v3/x509v3.h index d7945bc9cd..daecc55271 100644 --- a/src/lib/libcrypto/x509v3/x509v3.h +++ b/src/lib/libcrypto/x509v3/x509v3.h | |||
| @@ -1,87 +1,655 @@ | |||
| 1 | /* crypto/x509v3/x509v3.h */ | 1 | /* x509v3.h */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL |
| 3 | * All rights reserved. | 3 | * project 1999. |
| 4 | */ | ||
| 5 | /* ==================================================================== | ||
| 6 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 4 | * | 7 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 8 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 9 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 10 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 11 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 12 | * 1. Redistributions of source code must retain the above copyright |
| 13 | * notice, this list of conditions and the following disclaimer. | ||
| 14 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 15 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 16 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 17 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 18 | * distribution. |
| 32 | * must display the following acknowledgement: | 19 | * |
| 33 | * "This product includes cryptographic software written by | 20 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 21 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 22 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 23 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 24 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 25 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 26 | * endorse or promote products derived from this software without |
| 40 | * | 27 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 28 | * licensing@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 29 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 30 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 31 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 32 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 33 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 34 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 35 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 36 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 37 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 38 | * |
| 52 | * | 39 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 40 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 41 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 42 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 43 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 44 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 45 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 46 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 47 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 48 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 49 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 50 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 51 | * ==================================================================== | ||
| 52 | * | ||
| 53 | * This product includes cryptographic software written by Eric Young | ||
| 54 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 55 | * Hudson (tjh@cryptsoft.com). | ||
| 56 | * | ||
| 57 | */ | ||
| 58 | #ifndef HEADER_X509V3_H | ||
| 59 | #define HEADER_X509V3_H | ||
| 60 | |||
| 61 | #include <openssl/bio.h> | ||
| 62 | #include <openssl/x509.h> | ||
| 63 | #include <openssl/conf.h> | ||
| 64 | |||
| 65 | #ifdef __cplusplus | ||
| 66 | extern "C" { | ||
| 67 | #endif | ||
| 68 | |||
| 69 | /* Forward reference */ | ||
| 70 | struct v3_ext_method; | ||
| 71 | struct v3_ext_ctx; | ||
| 72 | |||
| 73 | /* Useful typedefs */ | ||
| 74 | |||
| 75 | typedef void * (*X509V3_EXT_NEW)(void); | ||
| 76 | typedef void (*X509V3_EXT_FREE)(void *); | ||
| 77 | typedef void * (*X509V3_EXT_D2I)(void *, unsigned char ** , long); | ||
| 78 | typedef int (*X509V3_EXT_I2D)(void *, unsigned char **); | ||
| 79 | typedef STACK_OF(CONF_VALUE) * (*X509V3_EXT_I2V)(struct v3_ext_method *method, void *ext, STACK_OF(CONF_VALUE) *extlist); | ||
| 80 | typedef void * (*X509V3_EXT_V2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, STACK_OF(CONF_VALUE) *values); | ||
| 81 | typedef char * (*X509V3_EXT_I2S)(struct v3_ext_method *method, void *ext); | ||
| 82 | typedef void * (*X509V3_EXT_S2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
| 83 | typedef int (*X509V3_EXT_I2R)(struct v3_ext_method *method, void *ext, BIO *out, int indent); | ||
| 84 | typedef void * (*X509V3_EXT_R2I)(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | ||
| 85 | |||
| 86 | /* V3 extension structure */ | ||
| 87 | |||
| 88 | struct v3_ext_method { | ||
| 89 | int ext_nid; | ||
| 90 | int ext_flags; | ||
| 91 | /* If this is set the following four fields are ignored */ | ||
| 92 | ASN1_ITEM_EXP *it; | ||
| 93 | /* Old style ASN1 calls */ | ||
| 94 | X509V3_EXT_NEW ext_new; | ||
| 95 | X509V3_EXT_FREE ext_free; | ||
| 96 | X509V3_EXT_D2I d2i; | ||
| 97 | X509V3_EXT_I2D i2d; | ||
| 98 | |||
| 99 | /* The following pair is used for string extensions */ | ||
| 100 | X509V3_EXT_I2S i2s; | ||
| 101 | X509V3_EXT_S2I s2i; | ||
| 102 | |||
| 103 | /* The following pair is used for multi-valued extensions */ | ||
| 104 | X509V3_EXT_I2V i2v; | ||
| 105 | X509V3_EXT_V2I v2i; | ||
| 106 | |||
| 107 | /* The following are used for raw extensions */ | ||
| 108 | X509V3_EXT_I2R i2r; | ||
| 109 | X509V3_EXT_R2I r2i; | ||
| 110 | |||
| 111 | void *usr_data; /* Any extension specific data */ | ||
| 112 | }; | ||
| 113 | |||
| 114 | typedef struct X509V3_CONF_METHOD_st { | ||
| 115 | char * (*get_string)(void *db, char *section, char *value); | ||
| 116 | STACK_OF(CONF_VALUE) * (*get_section)(void *db, char *section); | ||
| 117 | void (*free_string)(void *db, char * string); | ||
| 118 | void (*free_section)(void *db, STACK_OF(CONF_VALUE) *section); | ||
| 119 | } X509V3_CONF_METHOD; | ||
| 120 | |||
| 121 | /* Context specific info */ | ||
| 122 | struct v3_ext_ctx { | ||
| 123 | #define CTX_TEST 0x1 | ||
| 124 | int flags; | ||
| 125 | X509 *issuer_cert; | ||
| 126 | X509 *subject_cert; | ||
| 127 | X509_REQ *subject_req; | ||
| 128 | X509_CRL *crl; | ||
| 129 | X509V3_CONF_METHOD *db_meth; | ||
| 130 | void *db; | ||
| 131 | /* Maybe more here */ | ||
| 132 | }; | ||
| 133 | |||
| 134 | typedef struct v3_ext_method X509V3_EXT_METHOD; | ||
| 135 | typedef struct v3_ext_ctx X509V3_CTX; | ||
| 136 | |||
| 137 | DECLARE_STACK_OF(X509V3_EXT_METHOD) | ||
| 138 | |||
| 139 | /* ext_flags values */ | ||
| 140 | #define X509V3_EXT_DYNAMIC 0x1 | ||
| 141 | #define X509V3_EXT_CTX_DEP 0x2 | ||
| 142 | #define X509V3_EXT_MULTILINE 0x4 | ||
| 143 | |||
| 144 | typedef BIT_STRING_BITNAME ENUMERATED_NAMES; | ||
| 145 | |||
| 146 | typedef struct BASIC_CONSTRAINTS_st { | ||
| 147 | int ca; | ||
| 148 | ASN1_INTEGER *pathlen; | ||
| 149 | } BASIC_CONSTRAINTS; | ||
| 150 | |||
| 151 | |||
| 152 | typedef struct PKEY_USAGE_PERIOD_st { | ||
| 153 | ASN1_GENERALIZEDTIME *notBefore; | ||
| 154 | ASN1_GENERALIZEDTIME *notAfter; | ||
| 155 | } PKEY_USAGE_PERIOD; | ||
| 156 | |||
| 157 | typedef struct otherName_st { | ||
| 158 | ASN1_OBJECT *type_id; | ||
| 159 | ASN1_TYPE *value; | ||
| 160 | } OTHERNAME; | ||
| 161 | |||
| 162 | typedef struct EDIPartyName_st { | ||
| 163 | ASN1_STRING *nameAssigner; | ||
| 164 | ASN1_STRING *partyName; | ||
| 165 | } EDIPARTYNAME; | ||
| 166 | |||
| 167 | typedef struct GENERAL_NAME_st { | ||
| 168 | |||
| 169 | #define GEN_OTHERNAME 0 | ||
| 170 | #define GEN_EMAIL 1 | ||
| 171 | #define GEN_DNS 2 | ||
| 172 | #define GEN_X400 3 | ||
| 173 | #define GEN_DIRNAME 4 | ||
| 174 | #define GEN_EDIPARTY 5 | ||
| 175 | #define GEN_URI 6 | ||
| 176 | #define GEN_IPADD 7 | ||
| 177 | #define GEN_RID 8 | ||
| 178 | |||
| 179 | int type; | ||
| 180 | union { | ||
| 181 | char *ptr; | ||
| 182 | OTHERNAME *otherName; /* otherName */ | ||
| 183 | ASN1_IA5STRING *rfc822Name; | ||
| 184 | ASN1_IA5STRING *dNSName; | ||
| 185 | ASN1_TYPE *x400Address; | ||
| 186 | X509_NAME *directoryName; | ||
| 187 | EDIPARTYNAME *ediPartyName; | ||
| 188 | ASN1_IA5STRING *uniformResourceIdentifier; | ||
| 189 | ASN1_OCTET_STRING *iPAddress; | ||
| 190 | ASN1_OBJECT *registeredID; | ||
| 191 | |||
| 192 | /* Old names */ | ||
| 193 | ASN1_OCTET_STRING *ip; /* iPAddress */ | ||
| 194 | X509_NAME *dirn; /* dirn */ | ||
| 195 | ASN1_IA5STRING *ia5;/* rfc822Name, dNSName, uniformResourceIdentifier */ | ||
| 196 | ASN1_OBJECT *rid; /* registeredID */ | ||
| 197 | ASN1_TYPE *other; /* x400Address */ | ||
| 198 | } d; | ||
| 199 | } GENERAL_NAME; | ||
| 200 | |||
| 201 | typedef STACK_OF(GENERAL_NAME) GENERAL_NAMES; | ||
| 202 | |||
| 203 | typedef struct ACCESS_DESCRIPTION_st { | ||
| 204 | ASN1_OBJECT *method; | ||
| 205 | GENERAL_NAME *location; | ||
| 206 | } ACCESS_DESCRIPTION; | ||
| 207 | |||
| 208 | typedef STACK_OF(ACCESS_DESCRIPTION) AUTHORITY_INFO_ACCESS; | ||
| 209 | |||
| 210 | typedef STACK_OF(ASN1_OBJECT) EXTENDED_KEY_USAGE; | ||
| 211 | |||
| 212 | DECLARE_STACK_OF(GENERAL_NAME) | ||
| 213 | DECLARE_ASN1_SET_OF(GENERAL_NAME) | ||
| 214 | |||
| 215 | DECLARE_STACK_OF(ACCESS_DESCRIPTION) | ||
| 216 | DECLARE_ASN1_SET_OF(ACCESS_DESCRIPTION) | ||
| 217 | |||
| 218 | typedef struct DIST_POINT_NAME_st { | ||
| 219 | int type; | ||
| 220 | union { | ||
| 221 | GENERAL_NAMES *fullname; | ||
| 222 | STACK_OF(X509_NAME_ENTRY) *relativename; | ||
| 223 | } name; | ||
| 224 | } DIST_POINT_NAME; | ||
| 225 | |||
| 226 | typedef struct DIST_POINT_st { | ||
| 227 | DIST_POINT_NAME *distpoint; | ||
| 228 | ASN1_BIT_STRING *reasons; | ||
| 229 | GENERAL_NAMES *CRLissuer; | ||
| 230 | } DIST_POINT; | ||
| 231 | |||
| 232 | typedef STACK_OF(DIST_POINT) CRL_DIST_POINTS; | ||
| 233 | |||
| 234 | DECLARE_STACK_OF(DIST_POINT) | ||
| 235 | DECLARE_ASN1_SET_OF(DIST_POINT) | ||
| 236 | |||
| 237 | typedef struct AUTHORITY_KEYID_st { | ||
| 238 | ASN1_OCTET_STRING *keyid; | ||
| 239 | GENERAL_NAMES *issuer; | ||
| 240 | ASN1_INTEGER *serial; | ||
| 241 | } AUTHORITY_KEYID; | ||
| 242 | |||
| 243 | /* Strong extranet structures */ | ||
| 244 | |||
| 245 | typedef struct SXNET_ID_st { | ||
| 246 | ASN1_INTEGER *zone; | ||
| 247 | ASN1_OCTET_STRING *user; | ||
| 248 | } SXNETID; | ||
| 249 | |||
| 250 | DECLARE_STACK_OF(SXNETID) | ||
| 251 | DECLARE_ASN1_SET_OF(SXNETID) | ||
| 252 | |||
| 253 | typedef struct SXNET_st { | ||
| 254 | ASN1_INTEGER *version; | ||
| 255 | STACK_OF(SXNETID) *ids; | ||
| 256 | } SXNET; | ||
| 257 | |||
| 258 | typedef struct NOTICEREF_st { | ||
| 259 | ASN1_STRING *organization; | ||
| 260 | STACK_OF(ASN1_INTEGER) *noticenos; | ||
| 261 | } NOTICEREF; | ||
| 262 | |||
| 263 | typedef struct USERNOTICE_st { | ||
| 264 | NOTICEREF *noticeref; | ||
| 265 | ASN1_STRING *exptext; | ||
| 266 | } USERNOTICE; | ||
| 267 | |||
| 268 | typedef struct POLICYQUALINFO_st { | ||
| 269 | ASN1_OBJECT *pqualid; | ||
| 270 | union { | ||
| 271 | ASN1_IA5STRING *cpsuri; | ||
| 272 | USERNOTICE *usernotice; | ||
| 273 | ASN1_TYPE *other; | ||
| 274 | } d; | ||
| 275 | } POLICYQUALINFO; | ||
| 276 | |||
| 277 | DECLARE_STACK_OF(POLICYQUALINFO) | ||
| 278 | DECLARE_ASN1_SET_OF(POLICYQUALINFO) | ||
| 279 | |||
| 280 | typedef struct POLICYINFO_st { | ||
| 281 | ASN1_OBJECT *policyid; | ||
| 282 | STACK_OF(POLICYQUALINFO) *qualifiers; | ||
| 283 | } POLICYINFO; | ||
| 284 | |||
| 285 | typedef STACK_OF(POLICYINFO) CERTIFICATEPOLICIES; | ||
| 286 | |||
| 287 | DECLARE_STACK_OF(POLICYINFO) | ||
| 288 | DECLARE_ASN1_SET_OF(POLICYINFO) | ||
| 289 | |||
| 290 | #define X509V3_conf_err(val) ERR_add_error_data(6, "section:", val->section, \ | ||
| 291 | ",name:", val->name, ",value:", val->value); | ||
| 292 | |||
| 293 | #define X509V3_set_ctx_test(ctx) \ | ||
| 294 | X509V3_set_ctx(ctx, NULL, NULL, NULL, NULL, CTX_TEST) | ||
| 295 | #define X509V3_set_ctx_nodb(ctx) (ctx)->db = NULL; | ||
| 296 | |||
| 297 | #define EXT_BITSTRING(nid, table) { nid, 0, ASN1_ITEM_ref(ASN1_BIT_STRING), \ | ||
| 298 | 0,0,0,0, \ | ||
| 299 | 0,0, \ | ||
| 300 | (X509V3_EXT_I2V)i2v_ASN1_BIT_STRING, \ | ||
| 301 | (X509V3_EXT_V2I)v2i_ASN1_BIT_STRING, \ | ||
| 302 | NULL, NULL, \ | ||
| 303 | table} | ||
| 304 | |||
| 305 | #define EXT_IA5STRING(nid) { nid, 0, ASN1_ITEM_ref(ASN1_IA5STRING), \ | ||
| 306 | 0,0,0,0, \ | ||
| 307 | (X509V3_EXT_I2S)i2s_ASN1_IA5STRING, \ | ||
| 308 | (X509V3_EXT_S2I)s2i_ASN1_IA5STRING, \ | ||
| 309 | 0,0,0,0, \ | ||
| 310 | NULL} | ||
| 311 | |||
| 312 | #define EXT_END { -1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0} | ||
| 313 | |||
| 314 | |||
| 315 | /* X509_PURPOSE stuff */ | ||
| 316 | |||
| 317 | #define EXFLAG_BCONS 0x1 | ||
| 318 | #define EXFLAG_KUSAGE 0x2 | ||
| 319 | #define EXFLAG_XKUSAGE 0x4 | ||
| 320 | #define EXFLAG_NSCERT 0x8 | ||
| 321 | |||
| 322 | #define EXFLAG_CA 0x10 | ||
| 323 | #define EXFLAG_SS 0x20 | ||
| 324 | #define EXFLAG_V1 0x40 | ||
| 325 | #define EXFLAG_INVALID 0x80 | ||
| 326 | #define EXFLAG_SET 0x100 | ||
| 327 | #define EXFLAG_CRITICAL 0x200 | ||
| 328 | |||
| 329 | #define KU_DIGITAL_SIGNATURE 0x0080 | ||
| 330 | #define KU_NON_REPUDIATION 0x0040 | ||
| 331 | #define KU_KEY_ENCIPHERMENT 0x0020 | ||
| 332 | #define KU_DATA_ENCIPHERMENT 0x0010 | ||
| 333 | #define KU_KEY_AGREEMENT 0x0008 | ||
| 334 | #define KU_KEY_CERT_SIGN 0x0004 | ||
| 335 | #define KU_CRL_SIGN 0x0002 | ||
| 336 | #define KU_ENCIPHER_ONLY 0x0001 | ||
| 337 | #define KU_DECIPHER_ONLY 0x8000 | ||
| 338 | |||
| 339 | #define NS_SSL_CLIENT 0x80 | ||
| 340 | #define NS_SSL_SERVER 0x40 | ||
| 341 | #define NS_SMIME 0x20 | ||
| 342 | #define NS_OBJSIGN 0x10 | ||
| 343 | #define NS_SSL_CA 0x04 | ||
| 344 | #define NS_SMIME_CA 0x02 | ||
| 345 | #define NS_OBJSIGN_CA 0x01 | ||
| 346 | #define NS_ANY_CA (NS_SSL_CA|NS_SMIME_CA|NS_OBJSIGN_CA) | ||
| 347 | |||
| 348 | #define XKU_SSL_SERVER 0x1 | ||
| 349 | #define XKU_SSL_CLIENT 0x2 | ||
| 350 | #define XKU_SMIME 0x4 | ||
| 351 | #define XKU_CODE_SIGN 0x8 | ||
| 352 | #define XKU_SGC 0x10 | ||
| 353 | #define XKU_OCSP_SIGN 0x20 | ||
| 354 | #define XKU_TIMESTAMP 0x40 | ||
| 355 | |||
| 356 | #define X509_PURPOSE_DYNAMIC 0x1 | ||
| 357 | #define X509_PURPOSE_DYNAMIC_NAME 0x2 | ||
| 358 | |||
| 359 | typedef struct x509_purpose_st { | ||
| 360 | int purpose; | ||
| 361 | int trust; /* Default trust ID */ | ||
| 362 | int flags; | ||
| 363 | int (*check_purpose)(const struct x509_purpose_st *, | ||
| 364 | const X509 *, int); | ||
| 365 | char *name; | ||
| 366 | char *sname; | ||
| 367 | void *usr_data; | ||
| 368 | } X509_PURPOSE; | ||
| 369 | |||
| 370 | #define X509_PURPOSE_SSL_CLIENT 1 | ||
| 371 | #define X509_PURPOSE_SSL_SERVER 2 | ||
| 372 | #define X509_PURPOSE_NS_SSL_SERVER 3 | ||
| 373 | #define X509_PURPOSE_SMIME_SIGN 4 | ||
| 374 | #define X509_PURPOSE_SMIME_ENCRYPT 5 | ||
| 375 | #define X509_PURPOSE_CRL_SIGN 6 | ||
| 376 | #define X509_PURPOSE_ANY 7 | ||
| 377 | #define X509_PURPOSE_OCSP_HELPER 8 | ||
| 378 | |||
| 379 | #define X509_PURPOSE_MIN 1 | ||
| 380 | #define X509_PURPOSE_MAX 8 | ||
| 381 | |||
| 382 | /* Flags for X509V3_EXT_print() */ | ||
| 383 | |||
| 384 | #define X509V3_EXT_UNKNOWN_MASK (0xfL << 16) | ||
| 385 | /* Return error for unknown extensions */ | ||
| 386 | #define X509V3_EXT_DEFAULT 0 | ||
| 387 | /* Print error for unknown extensions */ | ||
| 388 | #define X509V3_EXT_ERROR_UNKNOWN (1L << 16) | ||
| 389 | /* ASN1 parse unknown extensions */ | ||
| 390 | #define X509V3_EXT_PARSE_UNKNOWN (2L << 16) | ||
| 391 | /* BIO_dump unknown extensions */ | ||
| 392 | #define X509V3_EXT_DUMP_UNKNOWN (3L << 16) | ||
| 393 | |||
| 394 | /* Flags for X509V3_add1_i2d */ | ||
| 395 | |||
| 396 | #define X509V3_ADD_OP_MASK 0xfL | ||
| 397 | #define X509V3_ADD_DEFAULT 0L | ||
| 398 | #define X509V3_ADD_APPEND 1L | ||
| 399 | #define X509V3_ADD_REPLACE 2L | ||
| 400 | #define X509V3_ADD_REPLACE_EXISTING 3L | ||
| 401 | #define X509V3_ADD_KEEP_EXISTING 4L | ||
| 402 | #define X509V3_ADD_DELETE 5L | ||
| 403 | #define X509V3_ADD_SILENT 0x10 | ||
| 404 | |||
| 405 | DECLARE_STACK_OF(X509_PURPOSE) | ||
| 406 | |||
| 407 | DECLARE_ASN1_FUNCTIONS(BASIC_CONSTRAINTS) | ||
| 408 | |||
| 409 | DECLARE_ASN1_FUNCTIONS(SXNET) | ||
| 410 | DECLARE_ASN1_FUNCTIONS(SXNETID) | ||
| 411 | |||
| 412 | int SXNET_add_id_asc(SXNET **psx, char *zone, char *user, int userlen); | ||
| 413 | int SXNET_add_id_ulong(SXNET **psx, unsigned long lzone, char *user, int userlen); | ||
| 414 | int SXNET_add_id_INTEGER(SXNET **psx, ASN1_INTEGER *izone, char *user, int userlen); | ||
| 415 | |||
| 416 | ASN1_OCTET_STRING *SXNET_get_id_asc(SXNET *sx, char *zone); | ||
| 417 | ASN1_OCTET_STRING *SXNET_get_id_ulong(SXNET *sx, unsigned long lzone); | ||
| 418 | ASN1_OCTET_STRING *SXNET_get_id_INTEGER(SXNET *sx, ASN1_INTEGER *zone); | ||
| 419 | |||
| 420 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_KEYID) | ||
| 421 | |||
| 422 | DECLARE_ASN1_FUNCTIONS(PKEY_USAGE_PERIOD) | ||
| 423 | |||
| 424 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAME) | ||
| 425 | |||
| 426 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAME(X509V3_EXT_METHOD *method, GENERAL_NAME *gen, STACK_OF(CONF_VALUE) *ret); | ||
| 427 | int GENERAL_NAME_print(BIO *out, GENERAL_NAME *gen); | ||
| 428 | |||
| 429 | DECLARE_ASN1_FUNCTIONS(GENERAL_NAMES) | ||
| 430 | |||
| 431 | STACK_OF(CONF_VALUE) *i2v_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 432 | GENERAL_NAMES *gen, STACK_OF(CONF_VALUE) *extlist); | ||
| 433 | GENERAL_NAMES *v2i_GENERAL_NAMES(X509V3_EXT_METHOD *method, | ||
| 434 | X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *nval); | ||
| 435 | |||
| 436 | DECLARE_ASN1_FUNCTIONS(OTHERNAME) | ||
| 437 | DECLARE_ASN1_FUNCTIONS(EDIPARTYNAME) | ||
| 438 | |||
| 439 | char *i2s_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, ASN1_OCTET_STRING *ia5); | ||
| 440 | ASN1_OCTET_STRING *s2i_ASN1_OCTET_STRING(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, char *str); | ||
| 441 | |||
| 442 | DECLARE_ASN1_FUNCTIONS(EXTENDED_KEY_USAGE) | ||
| 443 | int i2a_ACCESS_DESCRIPTION(BIO *bp, ACCESS_DESCRIPTION* a); | ||
| 444 | |||
| 445 | DECLARE_ASN1_FUNCTIONS(CERTIFICATEPOLICIES) | ||
| 446 | DECLARE_ASN1_FUNCTIONS(POLICYINFO) | ||
| 447 | DECLARE_ASN1_FUNCTIONS(POLICYQUALINFO) | ||
| 448 | DECLARE_ASN1_FUNCTIONS(USERNOTICE) | ||
| 449 | DECLARE_ASN1_FUNCTIONS(NOTICEREF) | ||
| 450 | |||
| 451 | DECLARE_ASN1_FUNCTIONS(CRL_DIST_POINTS) | ||
| 452 | DECLARE_ASN1_FUNCTIONS(DIST_POINT) | ||
| 453 | DECLARE_ASN1_FUNCTIONS(DIST_POINT_NAME) | ||
| 454 | |||
| 455 | DECLARE_ASN1_FUNCTIONS(ACCESS_DESCRIPTION) | ||
| 456 | DECLARE_ASN1_FUNCTIONS(AUTHORITY_INFO_ACCESS) | ||
| 457 | |||
| 458 | #ifdef HEADER_CONF_H | ||
| 459 | GENERAL_NAME *v2i_GENERAL_NAME(X509V3_EXT_METHOD *method, X509V3_CTX *ctx, CONF_VALUE *cnf); | ||
| 460 | void X509V3_conf_free(CONF_VALUE *val); | ||
| 461 | |||
| 462 | X509_EXTENSION *X509V3_EXT_nconf_nid(CONF *conf, X509V3_CTX *ctx, int ext_nid, char *value); | ||
| 463 | X509_EXTENSION *X509V3_EXT_nconf(CONF *conf, X509V3_CTX *ctx, char *name, char *value); | ||
| 464 | int X509V3_EXT_add_nconf_sk(CONF *conf, X509V3_CTX *ctx, char *section, STACK_OF(X509_EXTENSION) **sk); | ||
| 465 | int X509V3_EXT_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509 *cert); | ||
| 466 | int X509V3_EXT_REQ_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); | ||
| 467 | int X509V3_EXT_CRL_add_nconf(CONF *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); | ||
| 468 | |||
| 469 | X509_EXTENSION *X509V3_EXT_conf_nid(LHASH *conf, X509V3_CTX *ctx, int ext_nid, char *value); | ||
| 470 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, char *value); | ||
| 471 | int X509V3_EXT_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509 *cert); | ||
| 472 | int X509V3_EXT_REQ_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_REQ *req); | ||
| 473 | int X509V3_EXT_CRL_add_conf(LHASH *conf, X509V3_CTX *ctx, char *section, X509_CRL *crl); | ||
| 474 | |||
| 475 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | ||
| 476 | STACK_OF(CONF_VALUE) **extlist); | ||
| 477 | int X509V3_get_value_bool(CONF_VALUE *value, int *asn1_bool); | ||
| 478 | int X509V3_get_value_int(CONF_VALUE *value, ASN1_INTEGER **aint); | ||
| 479 | void X509V3_set_nconf(X509V3_CTX *ctx, CONF *conf); | ||
| 480 | void X509V3_set_conf_lhash(X509V3_CTX *ctx, LHASH *lhash); | ||
| 481 | #endif | ||
| 482 | |||
| 483 | char * X509V3_get_string(X509V3_CTX *ctx, char *name, char *section); | ||
| 484 | STACK_OF(CONF_VALUE) * X509V3_get_section(X509V3_CTX *ctx, char *section); | ||
| 485 | void X509V3_string_free(X509V3_CTX *ctx, char *str); | ||
| 486 | void X509V3_section_free( X509V3_CTX *ctx, STACK_OF(CONF_VALUE) *section); | ||
| 487 | void X509V3_set_ctx(X509V3_CTX *ctx, X509 *issuer, X509 *subject, | ||
| 488 | X509_REQ *req, X509_CRL *crl, int flags); | ||
| 489 | |||
| 490 | int X509V3_add_value(const char *name, const char *value, | ||
| 491 | STACK_OF(CONF_VALUE) **extlist); | ||
| 492 | int X509V3_add_value_uchar(const char *name, const unsigned char *value, | ||
| 493 | STACK_OF(CONF_VALUE) **extlist); | ||
| 494 | int X509V3_add_value_bool(const char *name, int asn1_bool, | ||
| 495 | STACK_OF(CONF_VALUE) **extlist); | ||
| 496 | int X509V3_add_value_int(const char *name, ASN1_INTEGER *aint, | ||
| 497 | STACK_OF(CONF_VALUE) **extlist); | ||
| 498 | char * i2s_ASN1_INTEGER(X509V3_EXT_METHOD *meth, ASN1_INTEGER *aint); | ||
| 499 | ASN1_INTEGER * s2i_ASN1_INTEGER(X509V3_EXT_METHOD *meth, char *value); | ||
| 500 | char * i2s_ASN1_ENUMERATED(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
| 501 | char * i2s_ASN1_ENUMERATED_TABLE(X509V3_EXT_METHOD *meth, ASN1_ENUMERATED *aint); | ||
| 502 | int X509V3_EXT_add(X509V3_EXT_METHOD *ext); | ||
| 503 | int X509V3_EXT_add_list(X509V3_EXT_METHOD *extlist); | ||
| 504 | int X509V3_EXT_add_alias(int nid_to, int nid_from); | ||
| 505 | void X509V3_EXT_cleanup(void); | ||
| 506 | |||
| 507 | X509V3_EXT_METHOD *X509V3_EXT_get(X509_EXTENSION *ext); | ||
| 508 | X509V3_EXT_METHOD *X509V3_EXT_get_nid(int nid); | ||
| 509 | int X509V3_add_standard_extensions(void); | ||
| 510 | STACK_OF(CONF_VALUE) *X509V3_parse_list(const char *line); | ||
| 511 | void *X509V3_EXT_d2i(X509_EXTENSION *ext); | ||
| 512 | void *X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
| 513 | |||
| 514 | |||
| 515 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | ||
| 516 | int X509V3_add1_i2d(STACK_OF(X509_EXTENSION) **x, int nid, void *value, int crit, unsigned long flags); | ||
| 517 | |||
| 518 | char *hex_to_string(unsigned char *buffer, long len); | ||
| 519 | unsigned char *string_to_hex(char *str, long *len); | ||
| 520 | int name_cmp(const char *name, const char *cmp); | ||
| 521 | |||
| 522 | void X509V3_EXT_val_prn(BIO *out, STACK_OF(CONF_VALUE) *val, int indent, | ||
| 523 | int ml); | ||
| 524 | int X509V3_EXT_print(BIO *out, X509_EXTENSION *ext, unsigned long flag, int indent); | ||
| 525 | int X509V3_EXT_print_fp(FILE *out, X509_EXTENSION *ext, int flag, int indent); | ||
| 526 | |||
| 527 | int X509V3_extensions_print(BIO *out, char *title, STACK_OF(X509_EXTENSION) *exts, unsigned long flag, int indent); | ||
| 528 | |||
| 529 | int X509_check_purpose(X509 *x, int id, int ca); | ||
| 530 | int X509_supported_extension(X509_EXTENSION *ex); | ||
| 531 | int X509_PURPOSE_set(int *p, int purpose); | ||
| 532 | int X509_check_issued(X509 *issuer, X509 *subject); | ||
| 533 | int X509_PURPOSE_get_count(void); | ||
| 534 | X509_PURPOSE * X509_PURPOSE_get0(int idx); | ||
| 535 | int X509_PURPOSE_get_by_sname(char *sname); | ||
| 536 | int X509_PURPOSE_get_by_id(int id); | ||
| 537 | int X509_PURPOSE_add(int id, int trust, int flags, | ||
| 538 | int (*ck)(const X509_PURPOSE *, const X509 *, int), | ||
| 539 | char *name, char *sname, void *arg); | ||
| 540 | char *X509_PURPOSE_get0_name(X509_PURPOSE *xp); | ||
| 541 | char *X509_PURPOSE_get0_sname(X509_PURPOSE *xp); | ||
| 542 | int X509_PURPOSE_get_trust(X509_PURPOSE *xp); | ||
| 543 | void X509_PURPOSE_cleanup(void); | ||
| 544 | int X509_PURPOSE_get_id(X509_PURPOSE *); | ||
| 545 | |||
| 546 | STACK *X509_get1_email(X509 *x); | ||
| 547 | STACK *X509_REQ_get1_email(X509_REQ *x); | ||
| 548 | void X509_email_free(STACK *sk); | ||
| 549 | |||
| 550 | |||
| 551 | /* BEGIN ERROR CODES */ | ||
| 552 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 553 | * made after this point may be overwritten when the script is next run. | ||
| 57 | */ | 554 | */ |
| 58 | #define X509v3_N_KU_digitalSignature 0 | 555 | void ERR_load_X509V3_strings(void); |
| 59 | #define X509v3_N_KU_nonRepudiation 1 | 556 | |
| 60 | #define X509v3_N_KU_keyEncipherment 2 | 557 | /* Error codes for the X509V3 functions. */ |
| 61 | #define X509v3_N_KU_dataEncipherment 3 | 558 | |
| 62 | #define X509v3_N_KU_keyAgreement 4 | 559 | /* Function codes. */ |
| 63 | #define X509v3_N_KU_keyCertSign 5 | 560 | #define X509V3_F_COPY_EMAIL 122 |
| 64 | #define X509v3_N_KU_cRLSign 6 | 561 | #define X509V3_F_COPY_ISSUER 123 |
| 65 | #define X509v3_N_KU_encipherOnly 7 | 562 | #define X509V3_F_DO_EXT_CONF 124 |
| 66 | #define X509v3_N_KU_decipherOnly 8 | 563 | #define X509V3_F_DO_EXT_I2D 135 |
| 67 | #define X509v3_N_KU_NUM 9 | 564 | #define X509V3_F_HEX_TO_STRING 111 |
| 68 | #define X509v3_S_KU_digitalSignature "digitalSignature" | 565 | #define X509V3_F_I2S_ASN1_ENUMERATED 121 |
| 69 | #define X509v3_S_KU_nonRepudiation "nonRepudiation" | 566 | #define X509V3_F_I2S_ASN1_INTEGER 120 |
| 70 | #define X509v3_S_KU_keyEncipherment "keyEncipherment" | 567 | #define X509V3_F_I2V_AUTHORITY_INFO_ACCESS 138 |
| 71 | #define X509v3_S_KU_dataEncipherment "dataEncipherment" | 568 | #define X509V3_F_NOTICE_SECTION 132 |
| 72 | #define X509v3_S_KU_keyAgreement "keyAgreement" | 569 | #define X509V3_F_NREF_NOS 133 |
| 73 | #define X509v3_S_KU_keyCertSign "keyCertSign" | 570 | #define X509V3_F_POLICY_SECTION 131 |
| 74 | #define X509v3_S_KU_cRLSign "cRLSign" | 571 | #define X509V3_F_R2I_CERTPOL 130 |
| 75 | #define X509v3_S_KU_encipherOnly "encipherOnly" | 572 | #define X509V3_F_S2I_ASN1_IA5STRING 100 |
| 76 | #define X509v3_S_KU_decipherOnly "decipherOnly" | 573 | #define X509V3_F_S2I_ASN1_INTEGER 108 |
| 77 | 574 | #define X509V3_F_S2I_ASN1_OCTET_STRING 112 | |
| 78 | 575 | #define X509V3_F_S2I_ASN1_SKEY_ID 114 | |
| 79 | void X509_ex_clear(X509_EXTENSION *a); | 576 | #define X509V3_F_S2I_S2I_SKEY_ID 115 |
| 80 | int X509_ex_get_bool(X509_EXTENSION *a,int num); | 577 | #define X509V3_F_STRING_TO_HEX 113 |
| 81 | int X509_ex_set_bool(X509_EXTENSION *a,int num,int value); | 578 | #define X509V3_F_SXNET_ADD_ASC 125 |
| 82 | int X509_ex_get_str(X509_EXTENSION *a,int index,char **p,int *len); | 579 | #define X509V3_F_SXNET_ADD_ID_INTEGER 126 |
| 83 | int X509_ex_set_str(X509_EXTENSION *a,int oid,int index,char *p,int len); | 580 | #define X509V3_F_SXNET_ADD_ID_ULONG 127 |
| 84 | char *X509_ex_get_struct(X509_EXTENSION *a,int oid,int index,char **p); | 581 | #define X509V3_F_SXNET_GET_ID_ASC 128 |
| 85 | int X509_ex_set_struct(X509_EXTENSION *a,int index,char *p); | 582 | #define X509V3_F_SXNET_GET_ID_ULONG 129 |
| 86 | int a2i_X509_EXTENSION(BIO *bp,X509_EXTENSION *a,char *buf,int len); | 583 | #define X509V3_F_V2I_ACCESS_DESCRIPTION 139 |
| 87 | int i2a_X509_EXTENSION(BIO *bp,X509_EXTENSION *a); | 584 | #define X509V3_F_V2I_ASN1_BIT_STRING 101 |
| 585 | #define X509V3_F_V2I_AUTHORITY_KEYID 119 | ||
| 586 | #define X509V3_F_V2I_BASIC_CONSTRAINTS 102 | ||
| 587 | #define X509V3_F_V2I_CRLD 134 | ||
| 588 | #define X509V3_F_V2I_EXT_KU 103 | ||
| 589 | #define X509V3_F_V2I_GENERAL_NAME 117 | ||
| 590 | #define X509V3_F_V2I_GENERAL_NAMES 118 | ||
| 591 | #define X509V3_F_V3_GENERIC_EXTENSION 116 | ||
| 592 | #define X509V3_F_X509V3_ADD_I2D 140 | ||
| 593 | #define X509V3_F_X509V3_ADD_VALUE 105 | ||
| 594 | #define X509V3_F_X509V3_EXT_ADD 104 | ||
| 595 | #define X509V3_F_X509V3_EXT_ADD_ALIAS 106 | ||
| 596 | #define X509V3_F_X509V3_EXT_CONF 107 | ||
| 597 | #define X509V3_F_X509V3_EXT_I2D 136 | ||
| 598 | #define X509V3_F_X509V3_GET_VALUE_BOOL 110 | ||
| 599 | #define X509V3_F_X509V3_PARSE_LIST 109 | ||
| 600 | #define X509V3_F_X509_PURPOSE_ADD 137 | ||
| 601 | #define X509V3_F_X509_PURPOSE_SET 141 | ||
| 602 | |||
| 603 | /* Reason codes. */ | ||
| 604 | #define X509V3_R_BAD_IP_ADDRESS 118 | ||
| 605 | #define X509V3_R_BAD_OBJECT 119 | ||
| 606 | #define X509V3_R_BN_DEC2BN_ERROR 100 | ||
| 607 | #define X509V3_R_BN_TO_ASN1_INTEGER_ERROR 101 | ||
| 608 | #define X509V3_R_DUPLICATE_ZONE_ID 133 | ||
| 609 | #define X509V3_R_ERROR_CONVERTING_ZONE 131 | ||
| 610 | #define X509V3_R_ERROR_CREATING_EXTENSION 144 | ||
| 611 | #define X509V3_R_ERROR_IN_EXTENSION 128 | ||
| 612 | #define X509V3_R_EXPECTED_A_SECTION_NAME 137 | ||
| 613 | #define X509V3_R_EXTENSION_EXISTS 145 | ||
| 614 | #define X509V3_R_EXTENSION_NAME_ERROR 115 | ||
| 615 | #define X509V3_R_EXTENSION_NOT_FOUND 102 | ||
| 616 | #define X509V3_R_EXTENSION_SETTING_NOT_SUPPORTED 103 | ||
| 617 | #define X509V3_R_EXTENSION_VALUE_ERROR 116 | ||
| 618 | #define X509V3_R_ILLEGAL_HEX_DIGIT 113 | ||
| 619 | #define X509V3_R_INVALID_BOOLEAN_STRING 104 | ||
| 620 | #define X509V3_R_INVALID_EXTENSION_STRING 105 | ||
| 621 | #define X509V3_R_INVALID_NAME 106 | ||
| 622 | #define X509V3_R_INVALID_NULL_ARGUMENT 107 | ||
| 623 | #define X509V3_R_INVALID_NULL_NAME 108 | ||
| 624 | #define X509V3_R_INVALID_NULL_VALUE 109 | ||
| 625 | #define X509V3_R_INVALID_NUMBER 140 | ||
| 626 | #define X509V3_R_INVALID_NUMBERS 141 | ||
| 627 | #define X509V3_R_INVALID_OBJECT_IDENTIFIER 110 | ||
| 628 | #define X509V3_R_INVALID_OPTION 138 | ||
| 629 | #define X509V3_R_INVALID_POLICY_IDENTIFIER 134 | ||
| 630 | #define X509V3_R_INVALID_PURPOSE 146 | ||
| 631 | #define X509V3_R_INVALID_SECTION 135 | ||
| 632 | #define X509V3_R_INVALID_SYNTAX 143 | ||
| 633 | #define X509V3_R_ISSUER_DECODE_ERROR 126 | ||
| 634 | #define X509V3_R_MISSING_VALUE 124 | ||
| 635 | #define X509V3_R_NEED_ORGANIZATION_AND_NUMBERS 142 | ||
| 636 | #define X509V3_R_NO_CONFIG_DATABASE 136 | ||
| 637 | #define X509V3_R_NO_ISSUER_CERTIFICATE 121 | ||
| 638 | #define X509V3_R_NO_ISSUER_DETAILS 127 | ||
| 639 | #define X509V3_R_NO_POLICY_IDENTIFIER 139 | ||
| 640 | #define X509V3_R_NO_PUBLIC_KEY 114 | ||
| 641 | #define X509V3_R_NO_SUBJECT_DETAILS 125 | ||
| 642 | #define X509V3_R_ODD_NUMBER_OF_DIGITS 112 | ||
| 643 | #define X509V3_R_UNABLE_TO_GET_ISSUER_DETAILS 122 | ||
| 644 | #define X509V3_R_UNABLE_TO_GET_ISSUER_KEYID 123 | ||
| 645 | #define X509V3_R_UNKNOWN_BIT_STRING_ARGUMENT 111 | ||
| 646 | #define X509V3_R_UNKNOWN_EXTENSION 129 | ||
| 647 | #define X509V3_R_UNKNOWN_EXTENSION_NAME 130 | ||
| 648 | #define X509V3_R_UNKNOWN_OPTION 120 | ||
| 649 | #define X509V3_R_UNSUPPORTED_OPTION 117 | ||
| 650 | #define X509V3_R_USER_TOO_LONG 132 | ||
| 651 | |||
| 652 | #ifdef __cplusplus | ||
| 653 | } | ||
| 654 | #endif | ||
| 655 | #endif | ||
diff --git a/src/lib/libssl/LICENSE b/src/lib/libssl/LICENSE index b9e18d5e7b..7b93e0dbce 100644 --- a/src/lib/libssl/LICENSE +++ b/src/lib/libssl/LICENSE | |||
| @@ -12,7 +12,7 @@ | |||
| 12 | --------------- | 12 | --------------- |
| 13 | 13 | ||
| 14 | /* ==================================================================== | 14 | /* ==================================================================== |
| 15 | * Copyright (c) 1998-1999 The OpenSSL Project. All rights reserved. | 15 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. |
| 16 | * | 16 | * |
| 17 | * Redistribution and use in source and binary forms, with or without | 17 | * Redistribution and use in source and binary forms, with or without |
| 18 | * modification, are permitted provided that the following conditions | 18 | * modification, are permitted provided that the following conditions |
diff --git a/src/lib/libssl/bio_ssl.c b/src/lib/libssl/bio_ssl.c index 58a6d69b9b..467e149947 100644 --- a/src/lib/libssl/bio_ssl.c +++ b/src/lib/libssl/bio_ssl.c | |||
| @@ -60,27 +60,18 @@ | |||
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include <string.h> | 61 | #include <string.h> |
| 62 | #include <errno.h> | 62 | #include <errno.h> |
| 63 | #include "crypto.h" | 63 | #include <openssl/crypto.h> |
| 64 | #include "bio.h" | 64 | #include <openssl/bio.h> |
| 65 | #include "err.h" | 65 | #include <openssl/err.h> |
| 66 | #include "ssl.h" | 66 | #include <openssl/ssl.h> |
| 67 | 67 | ||
| 68 | #ifndef NOPROTO | 68 | static int ssl_write(BIO *h, const char *buf, int num); |
| 69 | static int ssl_write(BIO *h,char *buf,int num); | 69 | static int ssl_read(BIO *h, char *buf, int size); |
| 70 | static int ssl_read(BIO *h,char *buf,int size); | 70 | static int ssl_puts(BIO *h, const char *str); |
| 71 | static int ssl_puts(BIO *h,char *str); | 71 | static long ssl_ctrl(BIO *h, int cmd, long arg1, void *arg2); |
| 72 | static long ssl_ctrl(BIO *h,int cmd,long arg1,char *arg2); | ||
| 73 | static int ssl_new(BIO *h); | 72 | static int ssl_new(BIO *h); |
| 74 | static int ssl_free(BIO *data); | 73 | static int ssl_free(BIO *data); |
| 75 | #else | 74 | static long ssl_callback_ctrl(BIO *h, int cmd, bio_info_cb *fp); |
| 76 | static int ssl_write(); | ||
| 77 | static int ssl_read(); | ||
| 78 | static int ssl_puts(); | ||
| 79 | static long ssl_ctrl(); | ||
| 80 | static int ssl_new(); | ||
| 81 | static int ssl_free(); | ||
| 82 | #endif | ||
| 83 | |||
| 84 | typedef struct bio_ssl_st | 75 | typedef struct bio_ssl_st |
| 85 | { | 76 | { |
| 86 | SSL *ssl; /* The ssl handle :-) */ | 77 | SSL *ssl; /* The ssl handle :-) */ |
| @@ -102,19 +93,19 @@ static BIO_METHOD methods_sslp= | |||
| 102 | ssl_ctrl, | 93 | ssl_ctrl, |
| 103 | ssl_new, | 94 | ssl_new, |
| 104 | ssl_free, | 95 | ssl_free, |
| 96 | ssl_callback_ctrl, | ||
| 105 | }; | 97 | }; |
| 106 | 98 | ||
| 107 | BIO_METHOD *BIO_f_ssl() | 99 | BIO_METHOD *BIO_f_ssl(void) |
| 108 | { | 100 | { |
| 109 | return(&methods_sslp); | 101 | return(&methods_sslp); |
| 110 | } | 102 | } |
| 111 | 103 | ||
| 112 | static int ssl_new(bi) | 104 | static int ssl_new(BIO *bi) |
| 113 | BIO *bi; | ||
| 114 | { | 105 | { |
| 115 | BIO_SSL *bs; | 106 | BIO_SSL *bs; |
| 116 | 107 | ||
| 117 | bs=(BIO_SSL *)Malloc(sizeof(BIO_SSL)); | 108 | bs=(BIO_SSL *)OPENSSL_malloc(sizeof(BIO_SSL)); |
| 118 | if (bs == NULL) | 109 | if (bs == NULL) |
| 119 | { | 110 | { |
| 120 | BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | 111 | BIOerr(BIO_F_SSL_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -127,8 +118,7 @@ BIO *bi; | |||
| 127 | return(1); | 118 | return(1); |
| 128 | } | 119 | } |
| 129 | 120 | ||
| 130 | static int ssl_free(a) | 121 | static int ssl_free(BIO *a) |
| 131 | BIO *a; | ||
| 132 | { | 122 | { |
| 133 | BIO_SSL *bs; | 123 | BIO_SSL *bs; |
| 134 | 124 | ||
| @@ -143,14 +133,11 @@ BIO *a; | |||
| 143 | a->flags=0; | 133 | a->flags=0; |
| 144 | } | 134 | } |
| 145 | if (a->ptr != NULL) | 135 | if (a->ptr != NULL) |
| 146 | Free(a->ptr); | 136 | OPENSSL_free(a->ptr); |
| 147 | return(1); | 137 | return(1); |
| 148 | } | 138 | } |
| 149 | 139 | ||
| 150 | static int ssl_read(b,out,outl) | 140 | static int ssl_read(BIO *b, char *out, int outl) |
| 151 | BIO *b; | ||
| 152 | char *out; | ||
| 153 | int outl; | ||
| 154 | { | 141 | { |
| 155 | int ret=1; | 142 | int ret=1; |
| 156 | BIO_SSL *sb; | 143 | BIO_SSL *sb; |
| @@ -219,6 +206,10 @@ int outl; | |||
| 219 | BIO_set_retry_special(b); | 206 | BIO_set_retry_special(b); |
| 220 | retry_reason=BIO_RR_SSL_X509_LOOKUP; | 207 | retry_reason=BIO_RR_SSL_X509_LOOKUP; |
| 221 | break; | 208 | break; |
| 209 | case SSL_ERROR_WANT_ACCEPT: | ||
| 210 | BIO_set_retry_special(b); | ||
| 211 | retry_reason=BIO_RR_ACCEPT; | ||
| 212 | break; | ||
| 222 | case SSL_ERROR_WANT_CONNECT: | 213 | case SSL_ERROR_WANT_CONNECT: |
| 223 | BIO_set_retry_special(b); | 214 | BIO_set_retry_special(b); |
| 224 | retry_reason=BIO_RR_CONNECT; | 215 | retry_reason=BIO_RR_CONNECT; |
| @@ -234,10 +225,7 @@ int outl; | |||
| 234 | return(ret); | 225 | return(ret); |
| 235 | } | 226 | } |
| 236 | 227 | ||
| 237 | static int ssl_write(b,out,outl) | 228 | static int ssl_write(BIO *b, const char *out, int outl) |
| 238 | BIO *b; | ||
| 239 | char *out; | ||
| 240 | int outl; | ||
| 241 | { | 229 | { |
| 242 | int ret,r=0; | 230 | int ret,r=0; |
| 243 | int retry_reason=0; | 231 | int retry_reason=0; |
| @@ -305,11 +293,7 @@ int outl; | |||
| 305 | return(ret); | 293 | return(ret); |
| 306 | } | 294 | } |
| 307 | 295 | ||
| 308 | static long ssl_ctrl(b,cmd,num,ptr) | 296 | static long ssl_ctrl(BIO *b, int cmd, long num, void *ptr) |
| 309 | BIO *b; | ||
| 310 | int cmd; | ||
| 311 | long num; | ||
| 312 | char *ptr; | ||
| 313 | { | 297 | { |
| 314 | SSL **sslp,*ssl; | 298 | SSL **sslp,*ssl; |
| 315 | BIO_SSL *bs; | 299 | BIO_SSL *bs; |
| @@ -466,7 +450,14 @@ char *ptr; | |||
| 466 | ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); | 450 | ret=BIO_ctrl(ssl->rbio,cmd,num,ptr); |
| 467 | break; | 451 | break; |
| 468 | case BIO_CTRL_SET_CALLBACK: | 452 | case BIO_CTRL_SET_CALLBACK: |
| 469 | SSL_set_info_callback(ssl,(void (*)())ptr); | 453 | { |
| 454 | #if 0 /* FIXME: Should this be used? -- Richard Levitte */ | ||
| 455 | BIOerr(SSL_F_SSL_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 456 | ret = -1; | ||
| 457 | #else | ||
| 458 | ret=0; | ||
| 459 | #endif | ||
| 460 | } | ||
| 470 | break; | 461 | break; |
| 471 | case BIO_CTRL_GET_CALLBACK: | 462 | case BIO_CTRL_GET_CALLBACK: |
| 472 | { | 463 | { |
| @@ -483,9 +474,31 @@ char *ptr; | |||
| 483 | return(ret); | 474 | return(ret); |
| 484 | } | 475 | } |
| 485 | 476 | ||
| 486 | static int ssl_puts(bp,str) | 477 | static long ssl_callback_ctrl(BIO *b, int cmd, bio_info_cb *fp) |
| 487 | BIO *bp; | 478 | { |
| 488 | char *str; | 479 | SSL *ssl; |
| 480 | BIO_SSL *bs; | ||
| 481 | long ret=1; | ||
| 482 | |||
| 483 | bs=(BIO_SSL *)b->ptr; | ||
| 484 | ssl=bs->ssl; | ||
| 485 | switch (cmd) | ||
| 486 | { | ||
| 487 | case BIO_CTRL_SET_CALLBACK: | ||
| 488 | { | ||
| 489 | /* FIXME: setting this via a completely different prototype | ||
| 490 | seems like a crap idea */ | ||
| 491 | SSL_set_info_callback(ssl,(void (*)(const SSL *,int,int))fp); | ||
| 492 | } | ||
| 493 | break; | ||
| 494 | default: | ||
| 495 | ret=BIO_callback_ctrl(ssl->rbio,cmd,fp); | ||
| 496 | break; | ||
| 497 | } | ||
| 498 | return(ret); | ||
| 499 | } | ||
| 500 | |||
| 501 | static int ssl_puts(BIO *bp, const char *str) | ||
| 489 | { | 502 | { |
| 490 | int n,ret; | 503 | int n,ret; |
| 491 | 504 | ||
| @@ -494,8 +507,7 @@ char *str; | |||
| 494 | return(ret); | 507 | return(ret); |
| 495 | } | 508 | } |
| 496 | 509 | ||
| 497 | BIO *BIO_new_buffer_ssl_connect(ctx) | 510 | BIO *BIO_new_buffer_ssl_connect(SSL_CTX *ctx) |
| 498 | SSL_CTX *ctx; | ||
| 499 | { | 511 | { |
| 500 | BIO *ret=NULL,*buf=NULL,*ssl=NULL; | 512 | BIO *ret=NULL,*buf=NULL,*ssl=NULL; |
| 501 | 513 | ||
| @@ -512,8 +524,7 @@ err: | |||
| 512 | return(NULL); | 524 | return(NULL); |
| 513 | } | 525 | } |
| 514 | 526 | ||
| 515 | BIO *BIO_new_ssl_connect(ctx) | 527 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx) |
| 516 | SSL_CTX *ctx; | ||
| 517 | { | 528 | { |
| 518 | BIO *ret=NULL,*con=NULL,*ssl=NULL; | 529 | BIO *ret=NULL,*con=NULL,*ssl=NULL; |
| 519 | 530 | ||
| @@ -530,9 +541,7 @@ err: | |||
| 530 | return(NULL); | 541 | return(NULL); |
| 531 | } | 542 | } |
| 532 | 543 | ||
| 533 | BIO *BIO_new_ssl(ctx,client) | 544 | BIO *BIO_new_ssl(SSL_CTX *ctx, int client) |
| 534 | SSL_CTX *ctx; | ||
| 535 | int client; | ||
| 536 | { | 545 | { |
| 537 | BIO *ret; | 546 | BIO *ret; |
| 538 | SSL *ssl; | 547 | SSL *ssl; |
| @@ -553,8 +562,7 @@ int client; | |||
| 553 | return(ret); | 562 | return(ret); |
| 554 | } | 563 | } |
| 555 | 564 | ||
| 556 | int BIO_ssl_copy_session_id(t,f) | 565 | int BIO_ssl_copy_session_id(BIO *t, BIO *f) |
| 557 | BIO *t,*f; | ||
| 558 | { | 566 | { |
| 559 | t=BIO_find_type(t,BIO_TYPE_SSL); | 567 | t=BIO_find_type(t,BIO_TYPE_SSL); |
| 560 | f=BIO_find_type(f,BIO_TYPE_SSL); | 568 | f=BIO_find_type(f,BIO_TYPE_SSL); |
| @@ -567,8 +575,7 @@ BIO *t,*f; | |||
| 567 | return(1); | 575 | return(1); |
| 568 | } | 576 | } |
| 569 | 577 | ||
| 570 | void BIO_ssl_shutdown(b) | 578 | void BIO_ssl_shutdown(BIO *b) |
| 571 | BIO *b; | ||
| 572 | { | 579 | { |
| 573 | SSL *s; | 580 | SSL *s; |
| 574 | 581 | ||
diff --git a/src/lib/libssl/doc/openssl.cnf b/src/lib/libssl/doc/openssl.cnf index d70dd25622..eca51c3322 100644 --- a/src/lib/libssl/doc/openssl.cnf +++ b/src/lib/libssl/doc/openssl.cnf | |||
| @@ -3,8 +3,13 @@ | |||
| 3 | # This is mostly being used for generation of certificate requests. | 3 | # This is mostly being used for generation of certificate requests. |
| 4 | # | 4 | # |
| 5 | 5 | ||
| 6 | # This definition stops the following lines choking if HOME isn't | ||
| 7 | # defined. | ||
| 8 | HOME = . | ||
| 6 | RANDFILE = $ENV::HOME/.rnd | 9 | RANDFILE = $ENV::HOME/.rnd |
| 7 | oid_file = $ENV::HOME/.oid | 10 | |
| 11 | # Extra OBJECT IDENTIFIER info: | ||
| 12 | #oid_file = $ENV::HOME/.oid | ||
| 8 | oid_section = new_oids | 13 | oid_section = new_oids |
| 9 | 14 | ||
| 10 | # To use this configuration file with the "-extfile" option of the | 15 | # To use this configuration file with the "-extfile" option of the |
| @@ -43,6 +48,14 @@ RANDFILE = $dir/private/.rand # private random number file | |||
| 43 | 48 | ||
| 44 | x509_extensions = usr_cert # The extentions to add to the cert | 49 | x509_extensions = usr_cert # The extentions to add to the cert |
| 45 | 50 | ||
| 51 | # Comment out the following two lines for the "traditional" | ||
| 52 | # (and highly broken) format. | ||
| 53 | name_opt = ca_default # Subject Name options | ||
| 54 | cert_opt = ca_default # Certificate field options | ||
| 55 | |||
| 56 | # Extension copying option: use with caution. | ||
| 57 | # copy_extensions = copy | ||
| 58 | |||
| 46 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs | 59 | # Extensions to add to a CRL. Note: Netscape communicator chokes on V2 CRLs |
| 47 | # so this is commented out by default to leave a V1 CRL. | 60 | # so this is commented out by default to leave a V1 CRL. |
| 48 | # crl_extensions = crl_ext | 61 | # crl_extensions = crl_ext |
| @@ -86,6 +99,22 @@ distinguished_name = req_distinguished_name | |||
| 86 | attributes = req_attributes | 99 | attributes = req_attributes |
| 87 | x509_extensions = v3_ca # The extentions to add to the self signed cert | 100 | x509_extensions = v3_ca # The extentions to add to the self signed cert |
| 88 | 101 | ||
| 102 | # Passwords for private keys if not present they will be prompted for | ||
| 103 | # input_password = secret | ||
| 104 | # output_password = secret | ||
| 105 | |||
| 106 | # This sets a mask for permitted string types. There are several options. | ||
| 107 | # default: PrintableString, T61String, BMPString. | ||
| 108 | # pkix : PrintableString, BMPString. | ||
| 109 | # utf8only: only UTF8Strings. | ||
| 110 | # nombstr : PrintableString, T61String (no BMPStrings or UTF8Strings). | ||
| 111 | # MASK:XXXX a literal mask value. | ||
| 112 | # WARNING: current versions of Netscape crash on BMPStrings or UTF8Strings | ||
| 113 | # so use this option with caution! | ||
| 114 | string_mask = nombstr | ||
| 115 | |||
| 116 | # req_extensions = v3_req # The extensions to add to a certificate request | ||
| 117 | |||
| 89 | [ req_distinguished_name ] | 118 | [ req_distinguished_name ] |
| 90 | countryName = Country Name (2 letter code) | 119 | countryName = Country Name (2 letter code) |
| 91 | countryName_default = AU | 120 | countryName_default = AU |
| @@ -111,7 +140,7 @@ commonName = Common Name (eg, YOUR name) | |||
| 111 | commonName_max = 64 | 140 | commonName_max = 64 |
| 112 | 141 | ||
| 113 | emailAddress = Email Address | 142 | emailAddress = Email Address |
| 114 | emailAddress_max = 40 | 143 | emailAddress_max = 64 |
| 115 | 144 | ||
| 116 | # SET-ex3 = SET extension number 3 | 145 | # SET-ex3 = SET extension number 3 |
| 117 | 146 | ||
| @@ -159,6 +188,9 @@ authorityKeyIdentifier=keyid,issuer:always | |||
| 159 | # This stuff is for subjectAltName and issuerAltname. | 188 | # This stuff is for subjectAltName and issuerAltname. |
| 160 | # Import the email address. | 189 | # Import the email address. |
| 161 | # subjectAltName=email:copy | 190 | # subjectAltName=email:copy |
| 191 | # An alternative to produce certificates that aren't | ||
| 192 | # deprecated according to PKIX. | ||
| 193 | # subjectAltName=email:move | ||
| 162 | 194 | ||
| 163 | # Copy subject details | 195 | # Copy subject details |
| 164 | # issuerAltName=issuer:copy | 196 | # issuerAltName=issuer:copy |
| @@ -170,8 +202,16 @@ authorityKeyIdentifier=keyid,issuer:always | |||
| 170 | #nsCaPolicyUrl | 202 | #nsCaPolicyUrl |
| 171 | #nsSslServerName | 203 | #nsSslServerName |
| 172 | 204 | ||
| 205 | [ v3_req ] | ||
| 206 | |||
| 207 | # Extensions to add to a certificate request | ||
| 208 | |||
| 209 | basicConstraints = CA:FALSE | ||
| 210 | keyUsage = nonRepudiation, digitalSignature, keyEncipherment | ||
| 211 | |||
| 173 | [ v3_ca ] | 212 | [ v3_ca ] |
| 174 | 213 | ||
| 214 | |||
| 175 | # Extensions for a typical CA | 215 | # Extensions for a typical CA |
| 176 | 216 | ||
| 177 | 217 | ||
| @@ -200,10 +240,11 @@ basicConstraints = CA:true | |||
| 200 | # Copy issuer details | 240 | # Copy issuer details |
| 201 | # issuerAltName=issuer:copy | 241 | # issuerAltName=issuer:copy |
| 202 | 242 | ||
| 203 | # RAW DER hex encoding of an extension: beware experts only! | 243 | # DER hex encoding of an extension: beware experts only! |
| 204 | # 1.2.3.5=RAW:02:03 | 244 | # obj=DER:02:03 |
| 245 | # Where 'obj' is a standard or added object | ||
| 205 | # You can even override a supported extension: | 246 | # You can even override a supported extension: |
| 206 | # basicConstraints= critical, RAW:30:03:01:01:FF | 247 | # basicConstraints= critical, DER:30:03:01:01:FF |
| 207 | 248 | ||
| 208 | [ crl_ext ] | 249 | [ crl_ext ] |
| 209 | 250 | ||
diff --git a/src/lib/libssl/doc/openssl.txt b/src/lib/libssl/doc/openssl.txt index 91b85e5f14..5da519e7e4 100644 --- a/src/lib/libssl/doc/openssl.txt +++ b/src/lib/libssl/doc/openssl.txt | |||
| @@ -1,53 +1,12 @@ | |||
| 1 | 1 | ||
| 2 | This is some preliminary documentation for OpenSSL. | 2 | This is some preliminary documentation for OpenSSL. |
| 3 | 3 | ||
| 4 | ============================================================================== | 4 | Contents: |
| 5 | BUFFER Library | ||
| 6 | ============================================================================== | ||
| 7 | |||
| 8 | The buffer library handles simple character arrays. Buffers are used for | ||
| 9 | various purposes in the library, most notably memory BIOs. | ||
| 10 | |||
| 11 | The library uses the BUF_MEM structure defined in buffer.h: | ||
| 12 | |||
| 13 | typedef struct buf_mem_st | ||
| 14 | { | ||
| 15 | int length; /* current number of bytes */ | ||
| 16 | char *data; | ||
| 17 | int max; /* size of buffer */ | ||
| 18 | } BUF_MEM; | ||
| 19 | |||
| 20 | 'length' is the current size of the buffer in bytes, 'max' is the amount of | ||
| 21 | memory allocated to the buffer. There are three functions which handle these | ||
| 22 | and one "miscellaneous" function. | ||
| 23 | |||
| 24 | BUF_MEM *BUF_MEM_new() | ||
| 25 | |||
| 26 | This allocates a new buffer of zero size. Returns the buffer or NULL on error. | ||
| 27 | |||
| 28 | void BUF_MEM_free(BUF_MEM *a) | ||
| 29 | |||
| 30 | This frees up an already existing buffer. The data is zeroed before freeing | ||
| 31 | up in case the buffer contains sensitive data. | ||
| 32 | |||
| 33 | int BUF_MEM_grow(BUF_MEM *str, int len) | ||
| 34 | 5 | ||
| 35 | This changes the size of an already existing buffer. It returns zero on error | 6 | OpenSSL X509V3 extension configuration |
| 36 | or the new size (i.e. 'len'). Any data already in the buffer is preserved if | 7 | X509V3 Extension code: programmers guide |
| 37 | it increases in size. | 8 | PKCS#12 Library |
| 38 | 9 | ||
| 39 | char * BUF_strdup(char *str) | ||
| 40 | |||
| 41 | This is the previously mentioned strdup function: like the standard library | ||
| 42 | strdup() it copies a null terminated string into a block of allocated memory | ||
| 43 | and returns a pointer to the allocated block. | ||
| 44 | |||
| 45 | Unlike the standard C library strdup() this function uses Malloc() and so | ||
| 46 | should be used in preference to the standard library strdup() because it can | ||
| 47 | be used for memory leak checking or replacing the malloc() function. | ||
| 48 | |||
| 49 | The memory allocated from BUF_strdup() should be freed up using the Free() | ||
| 50 | function. | ||
| 51 | 10 | ||
| 52 | ============================================================================== | 11 | ============================================================================== |
| 53 | OpenSSL X509V3 extension configuration | 12 | OpenSSL X509V3 extension configuration |
| @@ -188,7 +147,7 @@ email.1=steve@here | |||
| 188 | email.2=steve@there | 147 | email.2=steve@there |
| 189 | 148 | ||
| 190 | This is because the configuration file code cannot handle the same name | 149 | This is because the configuration file code cannot handle the same name |
| 191 | occurring twice in the same extension. | 150 | occurring twice in the same section. |
| 192 | 151 | ||
| 193 | The syntax of raw extensions is governed by the extension code: it can | 152 | The syntax of raw extensions is governed by the extension code: it can |
| 194 | for example contain data in multiple sections. The correct syntax to | 153 | for example contain data in multiple sections. The correct syntax to |
| @@ -315,6 +274,41 @@ TRUE. An end user certificate MUST NOT have the CA value set to true. | |||
| 315 | According to PKIX recommendations it should exclude the extension entirely, | 274 | According to PKIX recommendations it should exclude the extension entirely, |
| 316 | however some software may require CA set to FALSE for end entity certificates. | 275 | however some software may require CA set to FALSE for end entity certificates. |
| 317 | 276 | ||
| 277 | Extended Key Usage. | ||
| 278 | |||
| 279 | This extensions consists of a list of usages. | ||
| 280 | |||
| 281 | These can either be object short names of the dotted numerical form of OIDs. | ||
| 282 | While any OID can be used only certain values make sense. In particular the | ||
| 283 | following PKIX, NS and MS values are meaningful: | ||
| 284 | |||
| 285 | Value Meaning | ||
| 286 | ----- ------- | ||
| 287 | serverAuth SSL/TLS Web Server Authentication. | ||
| 288 | clientAuth SSL/TLS Web Client Authentication. | ||
| 289 | codeSigning Code signing. | ||
| 290 | emailProtection E-mail Protection (S/MIME). | ||
| 291 | timeStamping Trusted Timestamping | ||
| 292 | msCodeInd Microsoft Individual Code Signing (authenticode) | ||
| 293 | msCodeCom Microsoft Commercial Code Signing (authenticode) | ||
| 294 | msCTLSign Microsoft Trust List Signing | ||
| 295 | msSGC Microsoft Server Gated Crypto | ||
| 296 | msEFS Microsoft Encrypted File System | ||
| 297 | nsSGC Netscape Server Gated Crypto | ||
| 298 | |||
| 299 | For example, under IE5 a CA can be used for any purpose: by including a list | ||
| 300 | of the above usages the CA can be restricted to only authorised uses. | ||
| 301 | |||
| 302 | Note: software packages may place additional interpretations on certificate | ||
| 303 | use, in particular some usages may only work for selected CAs. Don't for example | ||
| 304 | expect just including msSGC or nsSGC will automatically mean that a certificate | ||
| 305 | can be used for SGC ("step up" encryption) otherwise anyone could use it. | ||
| 306 | |||
| 307 | Examples: | ||
| 308 | |||
| 309 | extendedKeyUsage=critical,codeSigning,1.2.3.4 | ||
| 310 | extendedKeyUsage=nsSGC,msSGC | ||
| 311 | |||
| 318 | Subject Key Identifier. | 312 | Subject Key Identifier. |
| 319 | 313 | ||
| 320 | This is really a string extension and can take two possible values. Either | 314 | This is really a string extension and can take two possible values. Either |
| @@ -361,6 +355,24 @@ that would not make sense. It does support an additional issuer:copy option | |||
| 361 | that will copy all the subject alternative name values from the issuer | 355 | that will copy all the subject alternative name values from the issuer |
| 362 | certificate (if possible). | 356 | certificate (if possible). |
| 363 | 357 | ||
| 358 | Example: | ||
| 359 | |||
| 360 | issuserAltName = issuer:copy | ||
| 361 | |||
| 362 | Authority Info Access. | ||
| 363 | |||
| 364 | The authority information access extension gives details about how to access | ||
| 365 | certain information relating to the CA. Its syntax is accessOID;location | ||
| 366 | where 'location' has the same syntax as subject alternative name (except | ||
| 367 | that email:copy is not supported). accessOID can be any valid OID but only | ||
| 368 | certain values are meaningful for example OCSP and caIssuers. OCSP gives the | ||
| 369 | location of an OCSP responder: this is used by Netscape PSM and other software. | ||
| 370 | |||
| 371 | Example: | ||
| 372 | |||
| 373 | authorityInfoAccess = OCSP;URI:http://ocsp.my.host/ | ||
| 374 | authorityInfoAccess = caIssuers;URI:http://my.ca/ca.html | ||
| 375 | |||
| 364 | CRL distribution points. | 376 | CRL distribution points. |
| 365 | 377 | ||
| 366 | This is a multi-valued extension that supports all the literal options of | 378 | This is a multi-valued extension that supports all the literal options of |
| @@ -459,16 +471,16 @@ extension in a human or machine readable form. | |||
| 459 | 471 | ||
| 460 | 1. Initialisation and cleanup. | 472 | 1. Initialisation and cleanup. |
| 461 | 473 | ||
| 462 | X509V3_add_standard_extensions(); | 474 | No special initialisation is needed before calling the extension functions. |
| 463 | 475 | You used to have to call X509V3_add_standard_extensions(); but this is no longer | |
| 464 | This function should be called before any other extension code. It adds support | 476 | required and this function no longer does anything. |
| 465 | for some common PKIX and Netscape extensions. Additional custom extensions can | ||
| 466 | be added as well (see later). | ||
| 467 | 477 | ||
| 468 | void X509V3_EXT_cleanup(void); | 478 | void X509V3_EXT_cleanup(void); |
| 469 | 479 | ||
| 470 | This function should be called last to cleanup the extension code. After this | 480 | This function should be called to cleanup the extension code if any custom |
| 471 | call no other extension calls should be made. | 481 | extensions have been added. If no custom extensions have been added then this |
| 482 | call does nothing. After this call all custom extension code is freed up but | ||
| 483 | you can still use the standard extensions. | ||
| 472 | 484 | ||
| 473 | 2. Printing and parsing extensions. | 485 | 2. Printing and parsing extensions. |
| 474 | 486 | ||
| @@ -495,6 +507,47 @@ details about the structures returned. The returned structure should be freed | |||
| 495 | after use using the relevant free function, BASIC_CONSTRAINTS_free() for | 507 | after use using the relevant free function, BASIC_CONSTRAINTS_free() for |
| 496 | example. | 508 | example. |
| 497 | 509 | ||
| 510 | void * X509_get_ext_d2i(X509 *x, int nid, int *crit, int *idx); | ||
| 511 | void * X509_CRL_get_ext_d2i(X509_CRL *x, int nid, int *crit, int *idx); | ||
| 512 | void * X509_REVOKED_get_ext_d2i(X509_REVOKED *x, int nid, int *crit, int *idx); | ||
| 513 | void * X509V3_get_d2i(STACK_OF(X509_EXTENSION) *x, int nid, int *crit, int *idx); | ||
| 514 | |||
| 515 | These functions combine the operations of searching for extensions and | ||
| 516 | parsing them. They search a certificate, a CRL a CRL entry or a stack | ||
| 517 | of extensions respectively for extension whose NID is 'nid' and return | ||
| 518 | the parsed result of NULL if an error occurred. For example: | ||
| 519 | |||
| 520 | BASIC_CONSTRAINTS *bs; | ||
| 521 | bs = X509_get_ext_d2i(cert, NID_basic_constraints, NULL, NULL); | ||
| 522 | |||
| 523 | This will search for the basicConstraints extension and either return | ||
| 524 | it value or NULL. NULL can mean either the extension was not found, it | ||
| 525 | occurred more than once or it could not be parsed. | ||
| 526 | |||
| 527 | If 'idx' is NULL then an extension is only parsed if it occurs precisely | ||
| 528 | once. This is standard behaviour because extensions normally cannot occur | ||
| 529 | more than once. If however more than one extension of the same type can | ||
| 530 | occur it can be used to parse successive extensions for example: | ||
| 531 | |||
| 532 | int i; | ||
| 533 | void *ext; | ||
| 534 | |||
| 535 | i = -1; | ||
| 536 | for(;;) { | ||
| 537 | ext = X509_get_ext_d2i(x, nid, crit, &idx); | ||
| 538 | if(ext == NULL) break; | ||
| 539 | /* Do something with ext */ | ||
| 540 | } | ||
| 541 | |||
| 542 | If 'crit' is not NULL and the extension was found then the int it points to | ||
| 543 | is set to 1 for critical extensions and 0 for non critical. Therefore if the | ||
| 544 | function returns NULL but 'crit' is set to 0 or 1 then the extension was | ||
| 545 | found but it could not be parsed. | ||
| 546 | |||
| 547 | The int pointed to by crit will be set to -1 if the extension was not found | ||
| 548 | and -2 if the extension occurred more than once (this will only happen if | ||
| 549 | idx is NULL). In both cases the function will return NULL. | ||
| 550 | |||
| 498 | 3. Generating extensions. | 551 | 3. Generating extensions. |
| 499 | 552 | ||
| 500 | An extension will typically be generated from a configuration file, or some | 553 | An extension will typically be generated from a configuration file, or some |
| @@ -512,7 +565,7 @@ or CRL is due to be signed. Both return 0 on error on non zero for success. | |||
| 512 | In each case 'conf' is the LHASH pointer of the configuration file to use | 565 | In each case 'conf' is the LHASH pointer of the configuration file to use |
| 513 | and 'section' is the section containing the extension details. | 566 | and 'section' is the section containing the extension details. |
| 514 | 567 | ||
| 515 | See the 'context functions' section for a description of the ctx paramater. | 568 | See the 'context functions' section for a description of the ctx parameter. |
| 516 | 569 | ||
| 517 | 570 | ||
| 518 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, | 571 | X509_EXTENSION *X509V3_EXT_conf(LHASH *conf, X509V3_CTX *ctx, char *name, |
| @@ -531,7 +584,7 @@ takes the NID of the extension rather than its name. | |||
| 531 | For example to produce basicConstraints with the CA flag and a path length of | 584 | For example to produce basicConstraints with the CA flag and a path length of |
| 532 | 10: | 585 | 10: |
| 533 | 586 | ||
| 534 | x = X509V3_EXT_conf_nid(NULL, NULL, NID_basicConstraints, "CA:TRUE,pathlen:10"); | 587 | x = X509V3_EXT_conf_nid(NULL, NULL, NID_basic_constraints,"CA:TRUE,pathlen:10"); |
| 535 | 588 | ||
| 536 | 589 | ||
| 537 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); | 590 | X509_EXTENSION *X509V3_EXT_i2d(int ext_nid, int crit, void *ext_struc); |
| @@ -659,7 +712,7 @@ The same as above but for an unsigned character value. | |||
| 659 | int X509V3_add_value_bool(const char *name, int asn1_bool, | 712 | int X509V3_add_value_bool(const char *name, int asn1_bool, |
| 660 | STACK_OF(CONF_VALUE) **extlist); | 713 | STACK_OF(CONF_VALUE) **extlist); |
| 661 | 714 | ||
| 662 | This adds either "TRUE" or "FALSE" depending on the value of 'ans1_bool' | 715 | This adds either "TRUE" or "FALSE" depending on the value of 'asn1_bool' |
| 663 | 716 | ||
| 664 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, | 717 | int X509V3_add_value_bool_nf(char *name, int asn1_bool, |
| 665 | STACK_OF(CONF_VALUE) **extlist); | 718 | STACK_OF(CONF_VALUE) **extlist); |
| @@ -686,7 +739,7 @@ Multi value extensions are passed a STACK_OF(CONF_VALUE) name and value pairs | |||
| 686 | or return a STACK_OF(CONF_VALUE). | 739 | or return a STACK_OF(CONF_VALUE). |
| 687 | 740 | ||
| 688 | Raw extensions are just passed a BIO or a value and it is the extensions | 741 | Raw extensions are just passed a BIO or a value and it is the extensions |
| 689 | responsiblity to handle all the necessary printing. | 742 | responsibility to handle all the necessary printing. |
| 690 | 743 | ||
| 691 | There are two ways to add an extension. One is simply as an alias to an already | 744 | There are two ways to add an extension. One is simply as an alias to an already |
| 692 | existing extension. An alias is an extension that is identical in ASN1 structure | 745 | existing extension. An alias is an extension that is identical in ASN1 structure |
| @@ -811,7 +864,7 @@ int i2r(struct v3_ext_method *method, void *ext, BIO *out, int indent); | |||
| 811 | 864 | ||
| 812 | This function is passed the internal extension structure in the ext parameter | 865 | This function is passed the internal extension structure in the ext parameter |
| 813 | and sends out a human readable version of the extension to out. The 'indent' | 866 | and sends out a human readable version of the extension to out. The 'indent' |
| 814 | paremeter should be noted to determine the necessary amount of indentation | 867 | parameter should be noted to determine the necessary amount of indentation |
| 815 | needed on the output. | 868 | needed on the output. |
| 816 | 869 | ||
| 817 | void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); | 870 | void * r2i(struct v3_ext_method *method, struct v3_ext_ctx *ctx, char *str); |
| @@ -882,7 +935,7 @@ d2i_PKCS12_fp(fp, p12) | |||
| 882 | 935 | ||
| 883 | This is the same but for a FILE pointer. | 936 | This is the same but for a FILE pointer. |
| 884 | 937 | ||
| 885 | 3. Parsing and creation functions. | 938 | 3. High level functions. |
| 886 | 939 | ||
| 887 | 3.1 Parsing with PKCS12_parse(). | 940 | 3.1 Parsing with PKCS12_parse(). |
| 888 | 941 | ||
| @@ -920,6 +973,14 @@ p12 = PKCS12_create(pass, "My Certificate", pkey, cert, NULL, 0,0,0,0,0); | |||
| 920 | i2d_PKCS12_fp(fp, p12); | 973 | i2d_PKCS12_fp(fp, p12); |
| 921 | PKCS12_free(p12); | 974 | PKCS12_free(p12); |
| 922 | 975 | ||
| 976 | 3.3 Changing a PKCS#12 structure password. | ||
| 977 | |||
| 978 | int PKCS12_newpass(PKCS12 *p12, char *oldpass, char *newpass); | ||
| 979 | |||
| 980 | This changes the password of an already existing PKCS#12 structure. oldpass | ||
| 981 | is the old password and newpass is the new one. An error occurs if the old | ||
| 982 | password is incorrect. | ||
| 983 | |||
| 923 | LOW LEVEL FUNCTIONS. | 984 | LOW LEVEL FUNCTIONS. |
| 924 | 985 | ||
| 925 | In some cases the high level functions do not provide the necessary | 986 | In some cases the high level functions do not provide the necessary |
diff --git a/src/lib/libssl/doc/standards.txt b/src/lib/libssl/doc/standards.txt index 61ccc5d7e0..596d9001e6 100644 --- a/src/lib/libssl/doc/standards.txt +++ b/src/lib/libssl/doc/standards.txt | |||
| @@ -24,7 +24,8 @@ http://www.rsasecurity.com/rsalabs/pkcs/. | |||
| 24 | Implemented: | 24 | Implemented: |
| 25 | ------------ | 25 | ------------ |
| 26 | 26 | ||
| 27 | These are documents that describe things that are implemented in OpenSSL. | 27 | These are documents that describe things that are implemented (in |
| 28 | whole or at least great parts) in OpenSSL. | ||
| 28 | 29 | ||
| 29 | 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. | 30 | 1319 The MD2 Message-Digest Algorithm. B. Kaliski. April 1992. |
| 30 | (Format: TXT=25661 bytes) (Status: INFORMATIONAL) | 31 | (Format: TXT=25661 bytes) (Status: INFORMATIONAL) |
| @@ -59,6 +60,11 @@ PKCS#8: Private-Key Information Syntax Standard | |||
| 59 | 60 | ||
| 60 | PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. | 61 | PKCS#12: Personal Information Exchange Syntax Standard, version 1.0. |
| 61 | 62 | ||
| 63 | 2560 X.509 Internet Public Key Infrastructure Online Certificate | ||
| 64 | Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, | ||
| 65 | C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED | ||
| 66 | STANDARD) | ||
| 67 | |||
| 62 | 68 | ||
| 63 | Related: | 69 | Related: |
| 64 | -------- | 70 | -------- |
| @@ -84,6 +90,10 @@ STARTTLS documents. | |||
| 84 | Certification and Related Services. B. Kaliski. February 1993. | 90 | Certification and Related Services. B. Kaliski. February 1993. |
| 85 | (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) | 91 | (Format: TXT=17537 bytes) (Status: PROPOSED STANDARD) |
| 86 | 92 | ||
| 93 | 2256 A Summary of the X.500(96) User Schema for use with LDAPv3. M. | ||
| 94 | Wahl. December 1997. (Format: TXT=32377 bytes) (Status: PROPOSED | ||
| 95 | STANDARD) | ||
| 96 | |||
| 87 | 2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman. | 97 | 2487 SMTP Service Extension for Secure SMTP over TLS. P. Hoffman. |
| 88 | January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD) | 98 | January 1999. (Format: TXT=15120 bytes) (Status: PROPOSED STANDARD) |
| 89 | 99 | ||
| @@ -114,8 +124,7 @@ To be implemented: | |||
| 114 | These are documents that describe things that are planed to be | 124 | These are documents that describe things that are planed to be |
| 115 | implemented in the hopefully short future. | 125 | implemented in the hopefully short future. |
| 116 | 126 | ||
| 117 | 2560 X.509 Internet Public Key Infrastructure Online Certificate | 127 | 2712 Addition of Kerberos Cipher Suites to Transport Layer Security |
| 118 | Status Protocol - OCSP. M. Myers, R. Ankney, A. Malpani, S. Galperin, | 128 | (TLS). A. Medvinsky, M. Hur. October 1999. (Format: TXT=13763 bytes) |
| 119 | C. Adams. June 1999. (Format: TXT=43243 bytes) (Status: PROPOSED | 129 | (Status: PROPOSED STANDARD) |
| 120 | STANDARD) | ||
| 121 | 130 | ||
diff --git a/src/lib/libssl/s23_clnt.c b/src/lib/libssl/s23_clnt.c index a4661ebb68..b2be8340fb 100644 --- a/src/lib/libssl/s23_clnt.c +++ b/src/lib/libssl/s23_clnt.c | |||
| @@ -57,28 +57,22 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "buffer.h" | 60 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 65 | 65 | ||
| 66 | #define BREAK break | 66 | static SSL_METHOD *ssl23_get_client_method(int ver); |
| 67 | |||
| 68 | #ifndef NOPROTO | ||
| 69 | static int ssl23_client_hello(SSL *s); | 67 | static int ssl23_client_hello(SSL *s); |
| 70 | static int ssl23_get_server_hello(SSL *s); | 68 | static int ssl23_get_server_hello(SSL *s); |
| 71 | #else | 69 | static SSL_METHOD *ssl23_get_client_method(int ver) |
| 72 | static int ssl23_client_hello(); | ||
| 73 | static int ssl23_get_server_hello(); | ||
| 74 | #endif | ||
| 75 | |||
| 76 | static SSL_METHOD *ssl23_get_client_method(ver) | ||
| 77 | int ver; | ||
| 78 | { | 70 | { |
| 71 | #ifndef OPENSSL_NO_SSL2 | ||
| 79 | if (ver == SSL2_VERSION) | 72 | if (ver == SSL2_VERSION) |
| 80 | return(SSLv2_client_method()); | 73 | return(SSLv2_client_method()); |
| 81 | else if (ver == SSL3_VERSION) | 74 | #endif |
| 75 | if (ver == SSL3_VERSION) | ||
| 82 | return(SSLv3_client_method()); | 76 | return(SSLv3_client_method()); |
| 83 | else if (ver == TLS1_VERSION) | 77 | else if (ver == TLS1_VERSION) |
| 84 | return(TLSv1_client_method()); | 78 | return(TLSv1_client_method()); |
| @@ -86,32 +80,31 @@ int ver; | |||
| 86 | return(NULL); | 80 | return(NULL); |
| 87 | } | 81 | } |
| 88 | 82 | ||
| 89 | SSL_METHOD *SSLv23_client_method() | 83 | SSL_METHOD *SSLv23_client_method(void) |
| 90 | { | 84 | { |
| 91 | static int init=1; | 85 | static int init=1; |
| 92 | static SSL_METHOD SSLv23_client_data; | 86 | static SSL_METHOD SSLv23_client_data; |
| 93 | 87 | ||
| 94 | if (init) | 88 | if (init) |
| 95 | { | 89 | { |
| 96 | init=0; | ||
| 97 | memcpy((char *)&SSLv23_client_data, | 90 | memcpy((char *)&SSLv23_client_data, |
| 98 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | 91 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); |
| 99 | SSLv23_client_data.ssl_connect=ssl23_connect; | 92 | SSLv23_client_data.ssl_connect=ssl23_connect; |
| 100 | SSLv23_client_data.get_ssl_method=ssl23_get_client_method; | 93 | SSLv23_client_data.get_ssl_method=ssl23_get_client_method; |
| 94 | init=0; | ||
| 101 | } | 95 | } |
| 102 | return(&SSLv23_client_data); | 96 | return(&SSLv23_client_data); |
| 103 | } | 97 | } |
| 104 | 98 | ||
| 105 | int ssl23_connect(s) | 99 | int ssl23_connect(SSL *s) |
| 106 | SSL *s; | ||
| 107 | { | 100 | { |
| 108 | BUF_MEM *buf; | 101 | BUF_MEM *buf; |
| 109 | unsigned long Time=time(NULL); | 102 | unsigned long Time=time(NULL); |
| 110 | void (*cb)()=NULL; | 103 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 111 | int ret= -1; | 104 | int ret= -1; |
| 112 | int new_state,state; | 105 | int new_state,state; |
| 113 | 106 | ||
| 114 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 107 | RAND_add(&Time,sizeof(Time),0); |
| 115 | ERR_clear_error(); | 108 | ERR_clear_error(); |
| 116 | clear_sys_error(); | 109 | clear_sys_error(); |
| 117 | 110 | ||
| @@ -120,8 +113,8 @@ SSL *s; | |||
| 120 | else if (s->ctx->info_callback != NULL) | 113 | else if (s->ctx->info_callback != NULL) |
| 121 | cb=s->ctx->info_callback; | 114 | cb=s->ctx->info_callback; |
| 122 | 115 | ||
| 123 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 124 | s->in_handshake++; | 116 | s->in_handshake++; |
| 117 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 125 | 118 | ||
| 126 | for (;;) | 119 | for (;;) |
| 127 | { | 120 | { |
| @@ -134,6 +127,13 @@ SSL *s; | |||
| 134 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | 127 | case SSL_ST_BEFORE|SSL_ST_CONNECT: |
| 135 | case SSL_ST_OK|SSL_ST_CONNECT: | 128 | case SSL_ST_OK|SSL_ST_CONNECT: |
| 136 | 129 | ||
| 130 | if (s->session != NULL) | ||
| 131 | { | ||
| 132 | SSLerr(SSL_F_SSL23_CONNECT,SSL_R_SSL23_DOING_SESSION_ID_REUSE); | ||
| 133 | ret= -1; | ||
| 134 | goto end; | ||
| 135 | } | ||
| 136 | s->server=0; | ||
| 137 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 137 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 138 | 138 | ||
| 139 | /* s->version=TLS1_VERSION; */ | 139 | /* s->version=TLS1_VERSION; */ |
| @@ -159,7 +159,7 @@ SSL *s; | |||
| 159 | ssl3_init_finished_mac(s); | 159 | ssl3_init_finished_mac(s); |
| 160 | 160 | ||
| 161 | s->state=SSL23_ST_CW_CLNT_HELLO_A; | 161 | s->state=SSL23_ST_CW_CLNT_HELLO_A; |
| 162 | s->ctx->sess_connect++; | 162 | s->ctx->stats.sess_connect++; |
| 163 | s->init_num=0; | 163 | s->init_num=0; |
| 164 | break; | 164 | break; |
| 165 | 165 | ||
| @@ -179,7 +179,7 @@ SSL *s; | |||
| 179 | ret=ssl23_get_server_hello(s); | 179 | ret=ssl23_get_server_hello(s); |
| 180 | if (ret >= 0) cb=NULL; | 180 | if (ret >= 0) cb=NULL; |
| 181 | goto end; | 181 | goto end; |
| 182 | break; | 182 | /* break; */ |
| 183 | 183 | ||
| 184 | default: | 184 | default: |
| 185 | SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); | 185 | SSLerr(SSL_F_SSL23_CONNECT,SSL_R_UNKNOWN_STATE); |
| @@ -188,7 +188,7 @@ SSL *s; | |||
| 188 | /* break; */ | 188 | /* break; */ |
| 189 | } | 189 | } |
| 190 | 190 | ||
| 191 | if (s->debug) BIO_flush(s->wbio); | 191 | if (s->debug) { (void)BIO_flush(s->wbio); } |
| 192 | 192 | ||
| 193 | if ((cb != NULL) && (s->state != state)) | 193 | if ((cb != NULL) && (s->state != state)) |
| 194 | { | 194 | { |
| @@ -206,12 +206,12 @@ end: | |||
| 206 | } | 206 | } |
| 207 | 207 | ||
| 208 | 208 | ||
| 209 | static int ssl23_client_hello(s) | 209 | static int ssl23_client_hello(SSL *s) |
| 210 | SSL *s; | ||
| 211 | { | 210 | { |
| 212 | unsigned char *buf; | 211 | unsigned char *buf; |
| 213 | unsigned char *p,*d; | 212 | unsigned char *p,*d; |
| 214 | int i,ch_len; | 213 | int i,ch_len; |
| 214 | int ret; | ||
| 215 | 215 | ||
| 216 | buf=(unsigned char *)s->init_buf->data; | 216 | buf=(unsigned char *)s->init_buf->data; |
| 217 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) | 217 | if (s->state == SSL23_ST_CW_CLNT_HELLO_A) |
| @@ -225,7 +225,7 @@ SSL *s; | |||
| 225 | #endif | 225 | #endif |
| 226 | 226 | ||
| 227 | p=s->s3->client_random; | 227 | p=s->s3->client_random; |
| 228 | RAND_bytes(p,SSL3_RANDOM_SIZE); | 228 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE); |
| 229 | 229 | ||
| 230 | /* Do the message type and length last */ | 230 | /* Do the message type and length last */ |
| 231 | d= &(buf[2]); | 231 | d= &(buf[2]); |
| @@ -236,16 +236,19 @@ SSL *s; | |||
| 236 | { | 236 | { |
| 237 | *(d++)=TLS1_VERSION_MAJOR; | 237 | *(d++)=TLS1_VERSION_MAJOR; |
| 238 | *(d++)=TLS1_VERSION_MINOR; | 238 | *(d++)=TLS1_VERSION_MINOR; |
| 239 | s->client_version=TLS1_VERSION; | ||
| 239 | } | 240 | } |
| 240 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 241 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 241 | { | 242 | { |
| 242 | *(d++)=SSL3_VERSION_MAJOR; | 243 | *(d++)=SSL3_VERSION_MAJOR; |
| 243 | *(d++)=SSL3_VERSION_MINOR; | 244 | *(d++)=SSL3_VERSION_MINOR; |
| 245 | s->client_version=SSL3_VERSION; | ||
| 244 | } | 246 | } |
| 245 | else if (!(s->options & SSL_OP_NO_SSLv2)) | 247 | else if (!(s->options & SSL_OP_NO_SSLv2)) |
| 246 | { | 248 | { |
| 247 | *(d++)=SSL2_VERSION_MAJOR; | 249 | *(d++)=SSL2_VERSION_MAJOR; |
| 248 | *(d++)=SSL2_VERSION_MINOR; | 250 | *(d++)=SSL2_VERSION_MINOR; |
| 251 | s->client_version=SSL2_VERSION; | ||
| 249 | } | 252 | } |
| 250 | else | 253 | else |
| 251 | { | 254 | { |
| @@ -283,7 +286,7 @@ SSL *s; | |||
| 283 | i=ch_len; | 286 | i=ch_len; |
| 284 | s2n(i,d); | 287 | s2n(i,d); |
| 285 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); | 288 | memset(&(s->s3->client_random[0]),0,SSL3_RANDOM_SIZE); |
| 286 | RAND_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 289 | RAND_pseudo_bytes(&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
| 287 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); | 290 | memcpy(p,&(s->s3->client_random[SSL3_RANDOM_SIZE-i]),i); |
| 288 | p+=i; | 291 | p+=i; |
| 289 | 292 | ||
| @@ -300,15 +303,18 @@ SSL *s; | |||
| 300 | } | 303 | } |
| 301 | 304 | ||
| 302 | /* SSL3_ST_CW_CLNT_HELLO_B */ | 305 | /* SSL3_ST_CW_CLNT_HELLO_B */ |
| 303 | return(ssl23_write_bytes(s)); | 306 | ret = ssl23_write_bytes(s); |
| 307 | if (ret >= 2) | ||
| 308 | if (s->msg_callback) | ||
| 309 | s->msg_callback(1, SSL2_VERSION, 0, s->init_buf->data+2, ret-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | ||
| 310 | return ret; | ||
| 304 | } | 311 | } |
| 305 | 312 | ||
| 306 | static int ssl23_get_server_hello(s) | 313 | static int ssl23_get_server_hello(SSL *s) |
| 307 | SSL *s; | ||
| 308 | { | 314 | { |
| 309 | char buf[8]; | 315 | char buf[8]; |
| 310 | unsigned char *p; | 316 | unsigned char *p; |
| 311 | int i,ch_len; | 317 | int i; |
| 312 | int n; | 318 | int n; |
| 313 | 319 | ||
| 314 | n=ssl23_read_bytes(s,7); | 320 | n=ssl23_read_bytes(s,7); |
| @@ -321,9 +327,14 @@ SSL *s; | |||
| 321 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && | 327 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_SERVER_HELLO) && |
| 322 | (p[5] == 0x00) && (p[6] == 0x02)) | 328 | (p[5] == 0x00) && (p[6] == 0x02)) |
| 323 | { | 329 | { |
| 330 | #ifdef OPENSSL_NO_SSL2 | ||
| 331 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 332 | goto err; | ||
| 333 | #else | ||
| 324 | /* we are talking sslv2 */ | 334 | /* we are talking sslv2 */ |
| 325 | /* we need to clean up the SSLv3 setup and put in the | 335 | /* we need to clean up the SSLv3 setup and put in the |
| 326 | * sslv2 stuff. */ | 336 | * sslv2 stuff. */ |
| 337 | int ch_len; | ||
| 327 | 338 | ||
| 328 | if (s->options & SSL_OP_NO_SSLv2) | 339 | if (s->options & SSL_OP_NO_SSLv2) |
| 329 | { | 340 | { |
| @@ -360,7 +371,9 @@ SSL *s; | |||
| 360 | } | 371 | } |
| 361 | 372 | ||
| 362 | s->state=SSL2_ST_GET_SERVER_HELLO_A; | 373 | s->state=SSL2_ST_GET_SERVER_HELLO_A; |
| 363 | s->s2->ssl2_rollback=1; | 374 | if (!(s->client_version == SSL2_VERSION)) |
| 375 | /* use special padding (SSL 3.0 draft/RFC 2246, App. E.2) */ | ||
| 376 | s->s2->ssl2_rollback=1; | ||
| 364 | 377 | ||
| 365 | /* setup the 5 bytes we have read so we get them from | 378 | /* setup the 5 bytes we have read so we get them from |
| 366 | * the sslv2 buffer */ | 379 | * the sslv2 buffer */ |
| @@ -376,6 +389,7 @@ SSL *s; | |||
| 376 | 389 | ||
| 377 | s->method=SSLv2_client_method(); | 390 | s->method=SSLv2_client_method(); |
| 378 | s->handshake_func=s->method->ssl_connect; | 391 | s->handshake_func=s->method->ssl_connect; |
| 392 | #endif | ||
| 379 | } | 393 | } |
| 380 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | 394 | else if ((p[0] == SSL3_RT_HANDSHAKE) && |
| 381 | (p[1] == SSL3_VERSION_MAJOR) && | 395 | (p[1] == SSL3_VERSION_MAJOR) && |
| @@ -426,7 +440,7 @@ SSL *s; | |||
| 426 | (p[3] == 0) && | 440 | (p[3] == 0) && |
| 427 | (p[4] == 2)) | 441 | (p[4] == 2)) |
| 428 | { | 442 | { |
| 429 | void (*cb)()=NULL; | 443 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 430 | int j; | 444 | int j; |
| 431 | 445 | ||
| 432 | /* An alert */ | 446 | /* An alert */ |
| @@ -443,7 +457,7 @@ SSL *s; | |||
| 443 | } | 457 | } |
| 444 | 458 | ||
| 445 | s->rwstate=SSL_NOTHING; | 459 | s->rwstate=SSL_NOTHING; |
| 446 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,1000+p[6]); | 460 | SSLerr(SSL_F_SSL23_GET_SERVER_HELLO,SSL_AD_REASON_OFFSET+p[6]); |
| 447 | goto err; | 461 | goto err; |
| 448 | } | 462 | } |
| 449 | else | 463 | else |
diff --git a/src/lib/libssl/s23_lib.c b/src/lib/libssl/s23_lib.c index e16f641101..b70002a647 100644 --- a/src/lib/libssl/s23_lib.c +++ b/src/lib/libssl/s23_lib.c | |||
| @@ -57,28 +57,18 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "objects.h" | 60 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | #ifndef NOPROTO | ||
| 64 | static int ssl23_num_ciphers(void ); | 63 | static int ssl23_num_ciphers(void ); |
| 65 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u); | 64 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u); |
| 66 | static int ssl23_read(SSL *s, char *buf, int len); | 65 | static int ssl23_read(SSL *s, void *buf, int len); |
| 67 | static int ssl23_write(SSL *s, char *buf, int len); | 66 | static int ssl23_peek(SSL *s, void *buf, int len); |
| 67 | static int ssl23_write(SSL *s, const void *buf, int len); | ||
| 68 | static long ssl23_default_timeout(void ); | 68 | static long ssl23_default_timeout(void ); |
| 69 | static int ssl23_put_cipher_by_char(SSL_CIPHER *c, unsigned char *p); | 69 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p); |
| 70 | static SSL_CIPHER *ssl23_get_cipher_by_char(unsigned char *p); | 70 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p); |
| 71 | #else | 71 | const char *SSL23_version_str="SSLv2/3 compatibility" OPENSSL_VERSION_PTEXT; |
| 72 | static int ssl23_num_ciphers(); | ||
| 73 | static SSL_CIPHER *ssl23_get_cipher(); | ||
| 74 | static int ssl23_read(); | ||
| 75 | static int ssl23_write(); | ||
| 76 | static long ssl23_default_timeout(); | ||
| 77 | static int ssl23_put_cipher_by_char(); | ||
| 78 | static SSL_CIPHER *ssl23_get_cipher_by_char(); | ||
| 79 | #endif | ||
| 80 | |||
| 81 | char *SSL23_version_str="SSLv2/3 compatablity part of SSLeay 0.7.0 30-Jan-1997"; | ||
| 82 | 72 | ||
| 83 | static SSL_METHOD SSLv23_data= { | 73 | static SSL_METHOD SSLv23_data= { |
| 84 | TLS1_VERSION, | 74 | TLS1_VERSION, |
| @@ -88,10 +78,11 @@ static SSL_METHOD SSLv23_data= { | |||
| 88 | ssl_undefined_function, | 78 | ssl_undefined_function, |
| 89 | ssl_undefined_function, | 79 | ssl_undefined_function, |
| 90 | ssl23_read, | 80 | ssl23_read, |
| 91 | ssl_undefined_function, | 81 | ssl23_peek, |
| 92 | ssl23_write, | 82 | ssl23_write, |
| 93 | ssl_undefined_function, | 83 | ssl_undefined_function, |
| 94 | ssl_undefined_function, | 84 | ssl_undefined_function, |
| 85 | ssl_ok, | ||
| 95 | ssl3_ctrl, | 86 | ssl3_ctrl, |
| 96 | ssl3_ctx_ctrl, | 87 | ssl3_ctx_ctrl, |
| 97 | ssl23_get_cipher_by_char, | 88 | ssl23_get_cipher_by_char, |
| @@ -102,38 +93,47 @@ static SSL_METHOD SSLv23_data= { | |||
| 102 | ssl_bad_method, | 93 | ssl_bad_method, |
| 103 | ssl23_default_timeout, | 94 | ssl23_default_timeout, |
| 104 | &ssl3_undef_enc_method, | 95 | &ssl3_undef_enc_method, |
| 96 | ssl_undefined_function, | ||
| 97 | ssl3_callback_ctrl, | ||
| 98 | ssl3_ctx_callback_ctrl, | ||
| 105 | }; | 99 | }; |
| 106 | 100 | ||
| 107 | static long ssl23_default_timeout() | 101 | static long ssl23_default_timeout(void) |
| 108 | { | 102 | { |
| 109 | return(300); | 103 | return(300); |
| 110 | } | 104 | } |
| 111 | 105 | ||
| 112 | SSL_METHOD *sslv23_base_method() | 106 | SSL_METHOD *sslv23_base_method(void) |
| 113 | { | 107 | { |
| 114 | return(&SSLv23_data); | 108 | return(&SSLv23_data); |
| 115 | } | 109 | } |
| 116 | 110 | ||
| 117 | static int ssl23_num_ciphers() | 111 | static int ssl23_num_ciphers(void) |
| 118 | { | 112 | { |
| 119 | return(ssl3_num_ciphers()+ssl2_num_ciphers()); | 113 | return(ssl3_num_ciphers() |
| 114 | #ifndef OPENSSL_NO_SSL2 | ||
| 115 | + ssl2_num_ciphers() | ||
| 116 | #endif | ||
| 117 | ); | ||
| 120 | } | 118 | } |
| 121 | 119 | ||
| 122 | static SSL_CIPHER *ssl23_get_cipher(u) | 120 | static SSL_CIPHER *ssl23_get_cipher(unsigned int u) |
| 123 | unsigned int u; | ||
| 124 | { | 121 | { |
| 125 | unsigned int uu=ssl3_num_ciphers(); | 122 | unsigned int uu=ssl3_num_ciphers(); |
| 126 | 123 | ||
| 127 | if (u < uu) | 124 | if (u < uu) |
| 128 | return(ssl3_get_cipher(u)); | 125 | return(ssl3_get_cipher(u)); |
| 129 | else | 126 | else |
| 127 | #ifndef OPENSSL_NO_SSL2 | ||
| 130 | return(ssl2_get_cipher(u-uu)); | 128 | return(ssl2_get_cipher(u-uu)); |
| 129 | #else | ||
| 130 | return(NULL); | ||
| 131 | #endif | ||
| 131 | } | 132 | } |
| 132 | 133 | ||
| 133 | /* This function needs to check if the ciphers required are actually | 134 | /* This function needs to check if the ciphers required are actually |
| 134 | * available */ | 135 | * available */ |
| 135 | static SSL_CIPHER *ssl23_get_cipher_by_char(p) | 136 | static SSL_CIPHER *ssl23_get_cipher_by_char(const unsigned char *p) |
| 136 | unsigned char *p; | ||
| 137 | { | 137 | { |
| 138 | SSL_CIPHER c,*cp; | 138 | SSL_CIPHER c,*cp; |
| 139 | unsigned long id; | 139 | unsigned long id; |
| @@ -144,14 +144,14 @@ unsigned char *p; | |||
| 144 | ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; | 144 | ((unsigned long)p[1]<<8L)|(unsigned long)p[2]; |
| 145 | c.id=id; | 145 | c.id=id; |
| 146 | cp=ssl3_get_cipher_by_char(p); | 146 | cp=ssl3_get_cipher_by_char(p); |
| 147 | #ifndef OPENSSL_NO_SSL2 | ||
| 147 | if (cp == NULL) | 148 | if (cp == NULL) |
| 148 | cp=ssl2_get_cipher_by_char(p); | 149 | cp=ssl2_get_cipher_by_char(p); |
| 150 | #endif | ||
| 149 | return(cp); | 151 | return(cp); |
| 150 | } | 152 | } |
| 151 | 153 | ||
| 152 | static int ssl23_put_cipher_by_char(c,p) | 154 | static int ssl23_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 153 | SSL_CIPHER *c; | ||
| 154 | unsigned char *p; | ||
| 155 | { | 155 | { |
| 156 | long l; | 156 | long l; |
| 157 | 157 | ||
| @@ -166,20 +166,10 @@ unsigned char *p; | |||
| 166 | return(3); | 166 | return(3); |
| 167 | } | 167 | } |
| 168 | 168 | ||
| 169 | static int ssl23_read(s,buf,len) | 169 | static int ssl23_read(SSL *s, void *buf, int len) |
| 170 | SSL *s; | ||
| 171 | char *buf; | ||
| 172 | int len; | ||
| 173 | { | 170 | { |
| 174 | int n; | 171 | int n; |
| 175 | 172 | ||
| 176 | #if 0 | ||
| 177 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | ||
| 178 | { | ||
| 179 | s->rwstate=SSL_NOTHING; | ||
| 180 | return(0); | ||
| 181 | } | ||
| 182 | #endif | ||
| 183 | clear_sys_error(); | 173 | clear_sys_error(); |
| 184 | if (SSL_in_init(s) && (!s->in_handshake)) | 174 | if (SSL_in_init(s) && (!s->in_handshake)) |
| 185 | { | 175 | { |
| @@ -199,20 +189,33 @@ int len; | |||
| 199 | } | 189 | } |
| 200 | } | 190 | } |
| 201 | 191 | ||
| 202 | static int ssl23_write(s,buf,len) | 192 | static int ssl23_peek(SSL *s, void *buf, int len) |
| 203 | SSL *s; | ||
| 204 | char *buf; | ||
| 205 | int len; | ||
| 206 | { | 193 | { |
| 207 | int n; | 194 | int n; |
| 208 | 195 | ||
| 209 | #if 0 | 196 | clear_sys_error(); |
| 210 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 197 | if (SSL_in_init(s) && (!s->in_handshake)) |
| 211 | { | 198 | { |
| 212 | s->rwstate=SSL_NOTHING; | 199 | n=s->handshake_func(s); |
| 213 | return(0); | 200 | if (n < 0) return(n); |
| 201 | if (n == 0) | ||
| 202 | { | ||
| 203 | SSLerr(SSL_F_SSL23_PEEK,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 204 | return(-1); | ||
| 205 | } | ||
| 206 | return(SSL_peek(s,buf,len)); | ||
| 214 | } | 207 | } |
| 215 | #endif | 208 | else |
| 209 | { | ||
| 210 | ssl_undefined_function(s); | ||
| 211 | return(-1); | ||
| 212 | } | ||
| 213 | } | ||
| 214 | |||
| 215 | static int ssl23_write(SSL *s, const void *buf, int len) | ||
| 216 | { | ||
| 217 | int n; | ||
| 218 | |||
| 216 | clear_sys_error(); | 219 | clear_sys_error(); |
| 217 | if (SSL_in_init(s) && (!s->in_handshake)) | 220 | if (SSL_in_init(s) && (!s->in_handshake)) |
| 218 | { | 221 | { |
diff --git a/src/lib/libssl/s23_pkt.c b/src/lib/libssl/s23_pkt.c index c25c312772..f45e1ce3d8 100644 --- a/src/lib/libssl/s23_pkt.c +++ b/src/lib/libssl/s23_pkt.c | |||
| @@ -59,12 +59,11 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <errno.h> | 60 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 61 | #define USE_SOCKETS |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "buffer.h" | 63 | #include <openssl/buffer.h> |
| 64 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 65 | 65 | ||
| 66 | int ssl23_write_bytes(s) | 66 | int ssl23_write_bytes(SSL *s) |
| 67 | SSL *s; | ||
| 68 | { | 67 | { |
| 69 | int i,num,tot; | 68 | int i,num,tot; |
| 70 | char *buf; | 69 | char *buf; |
| @@ -76,7 +75,7 @@ SSL *s; | |||
| 76 | { | 75 | { |
| 77 | s->rwstate=SSL_WRITING; | 76 | s->rwstate=SSL_WRITING; |
| 78 | i=BIO_write(s->wbio,&(buf[tot]),num); | 77 | i=BIO_write(s->wbio,&(buf[tot]),num); |
| 79 | if (i < 0) | 78 | if (i <= 0) |
| 80 | { | 79 | { |
| 81 | s->init_off=tot; | 80 | s->init_off=tot; |
| 82 | s->init_num=num; | 81 | s->init_num=num; |
| @@ -90,10 +89,8 @@ SSL *s; | |||
| 90 | } | 89 | } |
| 91 | } | 90 | } |
| 92 | 91 | ||
| 93 | /* only return when we have read 'n' bytes */ | 92 | /* return regularly only when we have read (at least) 'n' bytes */ |
| 94 | int ssl23_read_bytes(s,n) | 93 | int ssl23_read_bytes(SSL *s, int n) |
| 95 | SSL *s; | ||
| 96 | int n; | ||
| 97 | { | 94 | { |
| 98 | unsigned char *p; | 95 | unsigned char *p; |
| 99 | int j; | 96 | int j; |
diff --git a/src/lib/libssl/s23_srvr.c b/src/lib/libssl/s23_srvr.c index c7b9ecbcf2..9e89cc7f9a 100644 --- a/src/lib/libssl/s23_srvr.c +++ b/src/lib/libssl/s23_srvr.c | |||
| @@ -55,28 +55,76 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "buffer.h" | 113 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 114 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 115 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 116 | #include <openssl/evp.h> |
| 64 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
| 65 | 118 | ||
| 66 | #define BREAK break | 119 | static SSL_METHOD *ssl23_get_server_method(int ver); |
| 67 | |||
| 68 | #ifndef NOPROTO | ||
| 69 | int ssl23_get_client_hello(SSL *s); | 120 | int ssl23_get_client_hello(SSL *s); |
| 70 | #else | 121 | static SSL_METHOD *ssl23_get_server_method(int ver) |
| 71 | int ssl23_get_client_hello(); | ||
| 72 | #endif | ||
| 73 | |||
| 74 | static SSL_METHOD *ssl23_get_server_method(ver) | ||
| 75 | int ver; | ||
| 76 | { | 122 | { |
| 123 | #ifndef OPENSSL_NO_SSL2 | ||
| 77 | if (ver == SSL2_VERSION) | 124 | if (ver == SSL2_VERSION) |
| 78 | return(SSLv2_server_method()); | 125 | return(SSLv2_server_method()); |
| 79 | else if (ver == SSL3_VERSION) | 126 | #endif |
| 127 | if (ver == SSL3_VERSION) | ||
| 80 | return(SSLv3_server_method()); | 128 | return(SSLv3_server_method()); |
| 81 | else if (ver == TLS1_VERSION) | 129 | else if (ver == TLS1_VERSION) |
| 82 | return(TLSv1_server_method()); | 130 | return(TLSv1_server_method()); |
| @@ -84,32 +132,31 @@ int ver; | |||
| 84 | return(NULL); | 132 | return(NULL); |
| 85 | } | 133 | } |
| 86 | 134 | ||
| 87 | SSL_METHOD *SSLv23_server_method() | 135 | SSL_METHOD *SSLv23_server_method(void) |
| 88 | { | 136 | { |
| 89 | static int init=1; | 137 | static int init=1; |
| 90 | static SSL_METHOD SSLv23_server_data; | 138 | static SSL_METHOD SSLv23_server_data; |
| 91 | 139 | ||
| 92 | if (init) | 140 | if (init) |
| 93 | { | 141 | { |
| 94 | init=0; | ||
| 95 | memcpy((char *)&SSLv23_server_data, | 142 | memcpy((char *)&SSLv23_server_data, |
| 96 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); | 143 | (char *)sslv23_base_method(),sizeof(SSL_METHOD)); |
| 97 | SSLv23_server_data.ssl_accept=ssl23_accept; | 144 | SSLv23_server_data.ssl_accept=ssl23_accept; |
| 98 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; | 145 | SSLv23_server_data.get_ssl_method=ssl23_get_server_method; |
| 146 | init=0; | ||
| 99 | } | 147 | } |
| 100 | return(&SSLv23_server_data); | 148 | return(&SSLv23_server_data); |
| 101 | } | 149 | } |
| 102 | 150 | ||
| 103 | int ssl23_accept(s) | 151 | int ssl23_accept(SSL *s) |
| 104 | SSL *s; | ||
| 105 | { | 152 | { |
| 106 | BUF_MEM *buf; | 153 | BUF_MEM *buf; |
| 107 | unsigned long Time=time(NULL); | 154 | unsigned long Time=time(NULL); |
| 108 | void (*cb)()=NULL; | 155 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 109 | int ret= -1; | 156 | int ret= -1; |
| 110 | int new_state,state; | 157 | int new_state,state; |
| 111 | 158 | ||
| 112 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 159 | RAND_add(&Time,sizeof(Time),0); |
| 113 | ERR_clear_error(); | 160 | ERR_clear_error(); |
| 114 | clear_sys_error(); | 161 | clear_sys_error(); |
| 115 | 162 | ||
| @@ -118,8 +165,8 @@ SSL *s; | |||
| 118 | else if (s->ctx->info_callback != NULL) | 165 | else if (s->ctx->info_callback != NULL) |
| 119 | cb=s->ctx->info_callback; | 166 | cb=s->ctx->info_callback; |
| 120 | 167 | ||
| 121 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 122 | s->in_handshake++; | 168 | s->in_handshake++; |
| 169 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 123 | 170 | ||
| 124 | for (;;) | 171 | for (;;) |
| 125 | { | 172 | { |
| @@ -132,6 +179,7 @@ SSL *s; | |||
| 132 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | 179 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: |
| 133 | case SSL_ST_OK|SSL_ST_ACCEPT: | 180 | case SSL_ST_OK|SSL_ST_ACCEPT: |
| 134 | 181 | ||
| 182 | s->server=1; | ||
| 135 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 183 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 136 | 184 | ||
| 137 | /* s->version=SSL3_VERSION; */ | 185 | /* s->version=SSL3_VERSION; */ |
| @@ -155,7 +203,7 @@ SSL *s; | |||
| 155 | ssl3_init_finished_mac(s); | 203 | ssl3_init_finished_mac(s); |
| 156 | 204 | ||
| 157 | s->state=SSL23_ST_SR_CLNT_HELLO_A; | 205 | s->state=SSL23_ST_SR_CLNT_HELLO_A; |
| 158 | s->ctx->sess_accept++; | 206 | s->ctx->stats.sess_accept++; |
| 159 | s->init_num=0; | 207 | s->init_num=0; |
| 160 | break; | 208 | break; |
| 161 | 209 | ||
| @@ -166,7 +214,7 @@ SSL *s; | |||
| 166 | ret=ssl23_get_client_hello(s); | 214 | ret=ssl23_get_client_hello(s); |
| 167 | if (ret >= 0) cb=NULL; | 215 | if (ret >= 0) cb=NULL; |
| 168 | goto end; | 216 | goto end; |
| 169 | break; | 217 | /* break; */ |
| 170 | 218 | ||
| 171 | default: | 219 | default: |
| 172 | SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); | 220 | SSLerr(SSL_F_SSL23_ACCEPT,SSL_R_UNKNOWN_STATE); |
| @@ -184,31 +232,48 @@ SSL *s; | |||
| 184 | } | 232 | } |
| 185 | } | 233 | } |
| 186 | end: | 234 | end: |
| 235 | s->in_handshake--; | ||
| 187 | if (cb != NULL) | 236 | if (cb != NULL) |
| 188 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | 237 | cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 189 | s->in_handshake--; | ||
| 190 | return(ret); | 238 | return(ret); |
| 191 | } | 239 | } |
| 192 | 240 | ||
| 193 | 241 | ||
| 194 | int ssl23_get_client_hello(s) | 242 | int ssl23_get_client_hello(SSL *s) |
| 195 | SSL *s; | ||
| 196 | { | 243 | { |
| 197 | char buf_space[8]; | 244 | char buf_space[11]; /* Request this many bytes in initial read. |
| 245 | * We can detect SSL 3.0/TLS 1.0 Client Hellos | ||
| 246 | * ('type == 3') correctly only when the following | ||
| 247 | * is in a single record, which is not guaranteed by | ||
| 248 | * the protocol specification: | ||
| 249 | * Byte Content | ||
| 250 | * 0 type \ | ||
| 251 | * 1/2 version > record header | ||
| 252 | * 3/4 length / | ||
| 253 | * 5 msg_type \ | ||
| 254 | * 6-8 length > Client Hello message | ||
| 255 | * 9/10 client_version / | ||
| 256 | */ | ||
| 198 | char *buf= &(buf_space[0]); | 257 | char *buf= &(buf_space[0]); |
| 199 | unsigned char *p,*d,*dd; | 258 | unsigned char *p,*d,*d_len,*dd; |
| 200 | unsigned int i; | 259 | unsigned int i; |
| 201 | unsigned int csl,sil,cl; | 260 | unsigned int csl,sil,cl; |
| 202 | int n=0,j,tls1=0; | 261 | int n=0,j; |
| 203 | int type=0,use_sslv2_strong=0; | 262 | int type=0; |
| 263 | int v[2]; | ||
| 264 | #ifndef OPENSSL_NO_RSA | ||
| 265 | int use_sslv2_strong=0; | ||
| 266 | #endif | ||
| 204 | 267 | ||
| 205 | /* read the initial header */ | ||
| 206 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) | 268 | if (s->state == SSL23_ST_SR_CLNT_HELLO_A) |
| 207 | { | 269 | { |
| 270 | /* read the initial header */ | ||
| 271 | v[0]=v[1]=0; | ||
| 272 | |||
| 208 | if (!ssl3_setup_buffers(s)) goto err; | 273 | if (!ssl3_setup_buffers(s)) goto err; |
| 209 | 274 | ||
| 210 | n=ssl23_read_bytes(s,7); | 275 | n=ssl23_read_bytes(s, sizeof buf_space); |
| 211 | if (n != 7) return(n); | 276 | if (n != sizeof buf_space) return(n); /* n == -1 || n == 0 */ |
| 212 | 277 | ||
| 213 | p=s->packet; | 278 | p=s->packet; |
| 214 | 279 | ||
| @@ -216,124 +281,135 @@ SSL *s; | |||
| 216 | 281 | ||
| 217 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) | 282 | if ((p[0] & 0x80) && (p[2] == SSL2_MT_CLIENT_HELLO)) |
| 218 | { | 283 | { |
| 219 | /* SSLv2 header */ | 284 | /* |
| 285 | * SSLv2 header | ||
| 286 | */ | ||
| 220 | if ((p[3] == 0x00) && (p[4] == 0x02)) | 287 | if ((p[3] == 0x00) && (p[4] == 0x02)) |
| 221 | { | 288 | { |
| 289 | v[0]=p[3]; v[1]=p[4]; | ||
| 222 | /* SSLv2 */ | 290 | /* SSLv2 */ |
| 223 | if (!(s->options & SSL_OP_NO_SSLv2)) | 291 | if (!(s->options & SSL_OP_NO_SSLv2)) |
| 224 | type=1; | 292 | type=1; |
| 225 | } | 293 | } |
| 226 | else if (p[3] == SSL3_VERSION_MAJOR) | 294 | else if (p[3] == SSL3_VERSION_MAJOR) |
| 227 | { | 295 | { |
| 296 | v[0]=p[3]; v[1]=p[4]; | ||
| 228 | /* SSLv3/TLSv1 */ | 297 | /* SSLv3/TLSv1 */ |
| 229 | if (p[4] >= TLS1_VERSION_MINOR) | 298 | if (p[4] >= TLS1_VERSION_MINOR) |
| 230 | { | 299 | { |
| 231 | if (!(s->options & SSL_OP_NO_TLSv1)) | 300 | if (!(s->options & SSL_OP_NO_TLSv1)) |
| 232 | { | 301 | { |
| 233 | tls1=1; | 302 | s->version=TLS1_VERSION; |
| 303 | /* type=2; */ /* done later to survive restarts */ | ||
| 234 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | 304 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 235 | } | 305 | } |
| 236 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 306 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 237 | { | 307 | { |
| 308 | s->version=SSL3_VERSION; | ||
| 309 | /* type=2; */ | ||
| 238 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | 310 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 239 | } | 311 | } |
| 312 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 313 | { | ||
| 314 | type=1; | ||
| 315 | } | ||
| 240 | } | 316 | } |
| 241 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 317 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 242 | s->state=SSL23_ST_SR_CLNT_HELLO_B; | ||
| 243 | |||
| 244 | if (s->options & SSL_OP_NON_EXPORT_FIRST) | ||
| 245 | { | 318 | { |
| 246 | STACK *sk; | 319 | s->version=SSL3_VERSION; |
| 247 | SSL_CIPHER *c; | 320 | /* type=2; */ |
| 248 | int ne2,ne3; | 321 | s->state=SSL23_ST_SR_CLNT_HELLO_B; |
| 249 | |||
| 250 | j=((p[0]&0x7f)<<8)|p[1]; | ||
| 251 | if (j > (1024*4)) | ||
| 252 | { | ||
| 253 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_LARGE); | ||
| 254 | goto err; | ||
| 255 | } | ||
| 256 | |||
| 257 | n=ssl23_read_bytes(s,j+2); | ||
| 258 | if (n <= 0) return(n); | ||
| 259 | p=s->packet; | ||
| 260 | |||
| 261 | if ((buf=Malloc(n)) == NULL) | ||
| 262 | { | ||
| 263 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 264 | goto err; | ||
| 265 | } | ||
| 266 | memcpy(buf,p,n); | ||
| 267 | |||
| 268 | p+=5; | ||
| 269 | n2s(p,csl); | ||
| 270 | p+=4; | ||
| 271 | |||
| 272 | sk=ssl_bytes_to_cipher_list( | ||
| 273 | s,p,csl,NULL); | ||
| 274 | if (sk != NULL) | ||
| 275 | { | ||
| 276 | ne2=ne3=0; | ||
| 277 | for (j=0; j<sk_num(sk); j++) | ||
| 278 | { | ||
| 279 | c=(SSL_CIPHER *)sk_value(sk,j); | ||
| 280 | if (!(c->algorithms & SSL_EXP)) | ||
| 281 | { | ||
| 282 | if ((c->id>>24L) == 2L) | ||
| 283 | ne2=1; | ||
| 284 | else | ||
| 285 | ne3=1; | ||
| 286 | } | ||
| 287 | } | ||
| 288 | if (ne2 && !ne3) | ||
| 289 | { | ||
| 290 | type=1; | ||
| 291 | use_sslv2_strong=1; | ||
| 292 | goto next_bit; | ||
| 293 | } | ||
| 294 | } | ||
| 295 | } | 322 | } |
| 323 | else if (!(s->options & SSL_OP_NO_SSLv2)) | ||
| 324 | type=1; | ||
| 325 | |||
| 296 | } | 326 | } |
| 297 | } | 327 | } |
| 298 | else if ((p[0] == SSL3_RT_HANDSHAKE) && | 328 | else if ((p[0] == SSL3_RT_HANDSHAKE) && |
| 299 | (p[1] == SSL3_VERSION_MAJOR) && | 329 | (p[1] == SSL3_VERSION_MAJOR) && |
| 300 | (p[5] == SSL3_MT_CLIENT_HELLO)) | 330 | (p[5] == SSL3_MT_CLIENT_HELLO) && |
| 331 | ((p[3] == 0 && p[4] < 5 /* silly record length? */) | ||
| 332 | || (p[9] == p[1]))) | ||
| 301 | { | 333 | { |
| 302 | /* true SSLv3 or tls1 */ | 334 | /* |
| 303 | if (p[2] >= TLS1_VERSION_MINOR) | 335 | * SSLv3 or tls1 header |
| 336 | */ | ||
| 337 | |||
| 338 | v[0]=p[1]; /* major version (= SSL3_VERSION_MAJOR) */ | ||
| 339 | /* We must look at client_version inside the Client Hello message | ||
| 340 | * to get the correct minor version. | ||
| 341 | * However if we have only a pathologically small fragment of the | ||
| 342 | * Client Hello message, this would be difficult, and we'd have | ||
| 343 | * to read more records to find out. | ||
| 344 | * No known SSL 3.0 client fragments ClientHello like this, | ||
| 345 | * so we simply assume TLS 1.0 to avoid protocol version downgrade | ||
| 346 | * attacks. */ | ||
| 347 | if (p[3] == 0 && p[4] < 6) | ||
| 348 | { | ||
| 349 | #if 0 | ||
| 350 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_RECORD_TOO_SMALL); | ||
| 351 | goto err; | ||
| 352 | #else | ||
| 353 | v[1] = TLS1_VERSION_MINOR; | ||
| 354 | #endif | ||
| 355 | } | ||
| 356 | else | ||
| 357 | v[1]=p[10]; /* minor version according to client_version */ | ||
| 358 | if (v[1] >= TLS1_VERSION_MINOR) | ||
| 304 | { | 359 | { |
| 305 | if (!(s->options & SSL_OP_NO_TLSv1)) | 360 | if (!(s->options & SSL_OP_NO_TLSv1)) |
| 306 | { | 361 | { |
| 362 | s->version=TLS1_VERSION; | ||
| 307 | type=3; | 363 | type=3; |
| 308 | tls1=1; | ||
| 309 | } | 364 | } |
| 310 | else if (!(s->options & SSL_OP_NO_SSLv3)) | 365 | else if (!(s->options & SSL_OP_NO_SSLv3)) |
| 366 | { | ||
| 367 | s->version=SSL3_VERSION; | ||
| 368 | type=3; | ||
| 369 | } | ||
| 370 | } | ||
| 371 | else | ||
| 372 | { | ||
| 373 | /* client requests SSL 3.0 */ | ||
| 374 | if (!(s->options & SSL_OP_NO_SSLv3)) | ||
| 375 | { | ||
| 376 | s->version=SSL3_VERSION; | ||
| 311 | type=3; | 377 | type=3; |
| 378 | } | ||
| 379 | else if (!(s->options & SSL_OP_NO_TLSv1)) | ||
| 380 | { | ||
| 381 | /* we won't be able to use TLS of course, | ||
| 382 | * but this will send an appropriate alert */ | ||
| 383 | s->version=TLS1_VERSION; | ||
| 384 | type=3; | ||
| 385 | } | ||
| 312 | } | 386 | } |
| 313 | else if (!(s->options & SSL_OP_NO_SSLv3)) | ||
| 314 | type=3; | ||
| 315 | } | 387 | } |
| 316 | else if ((strncmp("GET ", p,4) == 0) || | 388 | else if ((strncmp("GET ", (char *)p,4) == 0) || |
| 317 | (strncmp("POST ",p,5) == 0) || | 389 | (strncmp("POST ",(char *)p,5) == 0) || |
| 318 | (strncmp("HEAD ",p,5) == 0) || | 390 | (strncmp("HEAD ",(char *)p,5) == 0) || |
| 319 | (strncmp("PUT ", p,4) == 0)) | 391 | (strncmp("PUT ", (char *)p,4) == 0)) |
| 320 | { | 392 | { |
| 321 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); | 393 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTP_REQUEST); |
| 322 | goto err; | 394 | goto err; |
| 323 | } | 395 | } |
| 324 | else if (strncmp("CONNECT",p,7) == 0) | 396 | else if (strncmp("CONNECT",(char *)p,7) == 0) |
| 325 | { | 397 | { |
| 326 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); | 398 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_HTTPS_PROXY_REQUEST); |
| 327 | goto err; | 399 | goto err; |
| 328 | } | 400 | } |
| 329 | } | 401 | } |
| 330 | 402 | ||
| 331 | next_bit: | ||
| 332 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) | 403 | if (s->state == SSL23_ST_SR_CLNT_HELLO_B) |
| 333 | { | 404 | { |
| 334 | /* we have a SSLv3/TLSv1 in a SSLv2 header */ | 405 | /* we have SSLv3/TLSv1 in an SSLv2 header |
| 406 | * (other cases skip this state) */ | ||
| 407 | |||
| 335 | type=2; | 408 | type=2; |
| 336 | p=s->packet; | 409 | p=s->packet; |
| 410 | v[0] = p[3]; /* == SSL3_VERSION_MAJOR */ | ||
| 411 | v[1] = p[4]; | ||
| 412 | |||
| 337 | n=((p[0]&0x7f)<<8)|p[1]; | 413 | n=((p[0]&0x7f)<<8)|p[1]; |
| 338 | if (n > (1024*4)) | 414 | if (n > (1024*4)) |
| 339 | { | 415 | { |
| @@ -344,7 +420,9 @@ next_bit: | |||
| 344 | j=ssl23_read_bytes(s,n+2); | 420 | j=ssl23_read_bytes(s,n+2); |
| 345 | if (j <= 0) return(j); | 421 | if (j <= 0) return(j); |
| 346 | 422 | ||
| 347 | ssl3_finish_mac(s,&(s->packet[2]),s->packet_length-2); | 423 | ssl3_finish_mac(s, s->packet+2, s->packet_length-2); |
| 424 | if (s->msg_callback) | ||
| 425 | s->msg_callback(0, SSL2_VERSION, 0, s->packet+2, s->packet_length-2, s, s->msg_callback_arg); /* CLIENT-HELLO */ | ||
| 348 | 426 | ||
| 349 | p=s->packet; | 427 | p=s->packet; |
| 350 | p+=5; | 428 | p+=5; |
| @@ -358,14 +436,18 @@ next_bit: | |||
| 358 | goto err; | 436 | goto err; |
| 359 | } | 437 | } |
| 360 | 438 | ||
| 361 | *(d++)=SSL3_VERSION_MAJOR; | 439 | /* record header: msg_type ... */ |
| 362 | if (tls1) | 440 | *(d++) = SSL3_MT_CLIENT_HELLO; |
| 363 | *(d++)=TLS1_VERSION_MINOR; | 441 | /* ... and length (actual value will be written later) */ |
| 364 | else | 442 | d_len = d; |
| 365 | *(d++)=SSL3_VERSION_MINOR; | 443 | d += 3; |
| 444 | |||
| 445 | /* client_version */ | ||
| 446 | *(d++) = SSL3_VERSION_MAJOR; /* == v[0] */ | ||
| 447 | *(d++) = v[1]; | ||
| 366 | 448 | ||
| 367 | /* lets populate the random area */ | 449 | /* lets populate the random area */ |
| 368 | /* get the chalenge_length */ | 450 | /* get the challenge_length */ |
| 369 | i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; | 451 | i=(cl > SSL3_RANDOM_SIZE)?SSL3_RANDOM_SIZE:cl; |
| 370 | memset(d,0,SSL3_RANDOM_SIZE); | 452 | memset(d,0,SSL3_RANDOM_SIZE); |
| 371 | memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); | 453 | memcpy(&(d[SSL3_RANDOM_SIZE-i]),&(p[csl+sil]),i); |
| @@ -387,11 +469,12 @@ next_bit: | |||
| 387 | } | 469 | } |
| 388 | s2n(j,dd); | 470 | s2n(j,dd); |
| 389 | 471 | ||
| 390 | /* compression */ | 472 | /* COMPRESSION */ |
| 391 | *(d++)=1; | 473 | *(d++)=1; |
| 392 | *(d++)=0; | 474 | *(d++)=0; |
| 393 | 475 | ||
| 394 | i=(d-(unsigned char *)s->init_buf->data); | 476 | i = (d-(unsigned char *)s->init_buf->data) - 4; |
| 477 | l2n3((long)i, d_len); | ||
| 395 | 478 | ||
| 396 | /* get the data reused from the init_buf */ | 479 | /* get the data reused from the init_buf */ |
| 397 | s->s3->tmp.reuse_message=1; | 480 | s->s3->tmp.reuse_message=1; |
| @@ -399,8 +482,15 @@ next_bit: | |||
| 399 | s->s3->tmp.message_size=i; | 482 | s->s3->tmp.message_size=i; |
| 400 | } | 483 | } |
| 401 | 484 | ||
| 485 | /* imaginary new state (for program structure): */ | ||
| 486 | /* s->state = SSL23_SR_CLNT_HELLO_C */ | ||
| 487 | |||
| 402 | if (type == 1) | 488 | if (type == 1) |
| 403 | { | 489 | { |
| 490 | #ifdef OPENSSL_NO_SSL2 | ||
| 491 | SSLerr(SSL_F_SSL23_GET_CLIENT_HELLO,SSL_R_UNSUPPORTED_PROTOCOL); | ||
| 492 | goto err; | ||
| 493 | #else | ||
| 404 | /* we are talking sslv2 */ | 494 | /* we are talking sslv2 */ |
| 405 | /* we need to clean up the SSLv3/TLSv1 setup and put in the | 495 | /* we need to clean up the SSLv3/TLSv1 setup and put in the |
| 406 | * sslv2 stuff. */ | 496 | * sslv2 stuff. */ |
| @@ -423,12 +513,15 @@ next_bit: | |||
| 423 | 513 | ||
| 424 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; | 514 | s->state=SSL2_ST_GET_CLIENT_HELLO_A; |
| 425 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || | 515 | if ((s->options & SSL_OP_MSIE_SSLV2_RSA_PADDING) || |
| 426 | use_sslv2_strong) | 516 | use_sslv2_strong || |
| 517 | (s->options & SSL_OP_NO_TLSv1 && s->options & SSL_OP_NO_SSLv3)) | ||
| 427 | s->s2->ssl2_rollback=0; | 518 | s->s2->ssl2_rollback=0; |
| 428 | else | 519 | else |
| 520 | /* reject SSL 2.0 session if client supports SSL 3.0 or TLS 1.0 | ||
| 521 | * (SSL 3.0 draft/RFC 2246, App. E.2) */ | ||
| 429 | s->s2->ssl2_rollback=1; | 522 | s->s2->ssl2_rollback=1; |
| 430 | 523 | ||
| 431 | /* setup the 5 bytes we have read so we get them from | 524 | /* setup the n bytes we have read so we get them from |
| 432 | * the sslv2 buffer */ | 525 | * the sslv2 buffer */ |
| 433 | s->rstate=SSL_ST_READ_HEADER; | 526 | s->rstate=SSL_ST_READ_HEADER; |
| 434 | s->packet_length=n; | 527 | s->packet_length=n; |
| @@ -439,11 +532,12 @@ next_bit: | |||
| 439 | 532 | ||
| 440 | s->method=SSLv2_server_method(); | 533 | s->method=SSLv2_server_method(); |
| 441 | s->handshake_func=s->method->ssl_accept; | 534 | s->handshake_func=s->method->ssl_accept; |
| 535 | #endif | ||
| 442 | } | 536 | } |
| 443 | 537 | ||
| 444 | if ((type == 2) || (type == 3)) | 538 | if ((type == 2) || (type == 3)) |
| 445 | { | 539 | { |
| 446 | /* we have SSLv3/TLSv1 */ | 540 | /* we have SSLv3/TLSv1 (type 2: SSL2 style, type 3: SSL3/TLS style) */ |
| 447 | 541 | ||
| 448 | if (!ssl_init_wbio_buffer(s,1)) goto err; | 542 | if (!ssl_init_wbio_buffer(s,1)) goto err; |
| 449 | 543 | ||
| @@ -468,16 +562,13 @@ next_bit: | |||
| 468 | s->s3->rbuf.offset=0; | 562 | s->s3->rbuf.offset=0; |
| 469 | } | 563 | } |
| 470 | 564 | ||
| 471 | if (tls1) | 565 | if (s->version == TLS1_VERSION) |
| 472 | { | 566 | s->method = TLSv1_server_method(); |
| 473 | s->version=TLS1_VERSION; | ||
| 474 | s->method=TLSv1_server_method(); | ||
| 475 | } | ||
| 476 | else | 567 | else |
| 477 | { | 568 | s->method = SSLv3_server_method(); |
| 478 | s->version=SSL3_VERSION; | 569 | #if 0 /* ssl3_get_client_hello does this */ |
| 479 | s->method=SSLv3_server_method(); | 570 | s->client_version=(v[0]<<8)|v[1]; |
| 480 | } | 571 | #endif |
| 481 | s->handshake_func=s->method->ssl_accept; | 572 | s->handshake_func=s->method->ssl_accept; |
| 482 | } | 573 | } |
| 483 | 574 | ||
| @@ -489,11 +580,10 @@ next_bit: | |||
| 489 | } | 580 | } |
| 490 | s->init_num=0; | 581 | s->init_num=0; |
| 491 | 582 | ||
| 492 | if (buf != buf_space) Free(buf); | 583 | if (buf != buf_space) OPENSSL_free(buf); |
| 493 | s->first_packet=1; | 584 | s->first_packet=1; |
| 494 | return(SSL_accept(s)); | 585 | return(SSL_accept(s)); |
| 495 | err: | 586 | err: |
| 496 | if (buf != buf_space) Free(buf); | 587 | if (buf != buf_space) OPENSSL_free(buf); |
| 497 | return(-1); | 588 | return(-1); |
| 498 | } | 589 | } |
| 499 | |||
diff --git a/src/lib/libssl/s3_both.c b/src/lib/libssl/s3_both.c index 6de62e1591..58a24cd883 100644 --- a/src/lib/libssl/s3_both.c +++ b/src/lib/libssl/s3_both.c | |||
| @@ -55,26 +55,95 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 112 | #include <limits.h> | ||
| 113 | #include <string.h> | ||
| 59 | #include <stdio.h> | 114 | #include <stdio.h> |
| 60 | #include "buffer.h" | 115 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 116 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 117 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 118 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 119 | #include <openssl/x509.h> |
| 65 | #include "ssl_locl.h" | 120 | #include "ssl_locl.h" |
| 66 | 121 | ||
| 67 | #define BREAK break | 122 | /* send s->init_buf in records of type 'type' (SSL3_RT_HANDSHAKE or SSL3_RT_CHANGE_CIPHER_SPEC) */ |
| 68 | 123 | int ssl3_do_write(SSL *s, int type) | |
| 69 | /* SSL3err(SSL_F_SSL3_GET_FINISHED,SSL_R_EXCESSIVE_MESSAGE_SIZE); | 124 | { |
| 70 | */ | 125 | int ret; |
| 126 | |||
| 127 | ret=ssl3_write_bytes(s,type,&s->init_buf->data[s->init_off], | ||
| 128 | s->init_num); | ||
| 129 | if (ret < 0) return(-1); | ||
| 130 | if (type == SSL3_RT_HANDSHAKE) | ||
| 131 | /* should not be done for 'Hello Request's, but in that case | ||
| 132 | * we'll ignore the result anyway */ | ||
| 133 | ssl3_finish_mac(s,(unsigned char *)&s->init_buf->data[s->init_off],ret); | ||
| 134 | |||
| 135 | if (ret == s->init_num) | ||
| 136 | { | ||
| 137 | if (s->msg_callback) | ||
| 138 | s->msg_callback(1, s->version, type, s->init_buf->data, (size_t)(s->init_off + s->init_num), s, s->msg_callback_arg); | ||
| 139 | return(1); | ||
| 140 | } | ||
| 141 | s->init_off+=ret; | ||
| 142 | s->init_num-=ret; | ||
| 143 | return(0); | ||
| 144 | } | ||
| 71 | 145 | ||
| 72 | int ssl3_send_finished(s,a,b,sender,slen) | 146 | int ssl3_send_finished(SSL *s, int a, int b, const char *sender, int slen) |
| 73 | SSL *s; | ||
| 74 | int a; | ||
| 75 | int b; | ||
| 76 | unsigned char *sender; | ||
| 77 | int slen; | ||
| 78 | { | 147 | { |
| 79 | unsigned char *p,*d; | 148 | unsigned char *p,*d; |
| 80 | int i; | 149 | int i; |
| @@ -88,10 +157,19 @@ int slen; | |||
| 88 | i=s->method->ssl3_enc->final_finish_mac(s, | 157 | i=s->method->ssl3_enc->final_finish_mac(s, |
| 89 | &(s->s3->finish_dgst1), | 158 | &(s->s3->finish_dgst1), |
| 90 | &(s->s3->finish_dgst2), | 159 | &(s->s3->finish_dgst2), |
| 91 | sender,slen,p); | 160 | sender,slen,s->s3->tmp.finish_md); |
| 161 | s->s3->tmp.finish_md_len = i; | ||
| 162 | memcpy(p, s->s3->tmp.finish_md, i); | ||
| 92 | p+=i; | 163 | p+=i; |
| 93 | l=i; | 164 | l=i; |
| 94 | 165 | ||
| 166 | #ifdef OPENSSL_SYS_WIN16 | ||
| 167 | /* MSVC 1.5 does not clear the top bytes of the word unless | ||
| 168 | * I do this. | ||
| 169 | */ | ||
| 170 | l&=0xffff; | ||
| 171 | #endif | ||
| 172 | |||
| 95 | *(d++)=SSL3_MT_FINISHED; | 173 | *(d++)=SSL3_MT_FINISHED; |
| 96 | l2n3(l,d); | 174 | l2n3(l,d); |
| 97 | s->init_num=(int)l+4; | 175 | s->init_num=(int)l+4; |
| @@ -104,17 +182,14 @@ int slen; | |||
| 104 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 182 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 105 | } | 183 | } |
| 106 | 184 | ||
| 107 | int ssl3_get_finished(s,a,b) | 185 | int ssl3_get_finished(SSL *s, int a, int b) |
| 108 | SSL *s; | ||
| 109 | int a; | ||
| 110 | int b; | ||
| 111 | { | 186 | { |
| 112 | int al,i,ok; | 187 | int al,i,ok; |
| 113 | long n; | 188 | long n; |
| 114 | unsigned char *p; | 189 | unsigned char *p; |
| 115 | 190 | ||
| 116 | /* the mac has already been generated when we received the | 191 | /* the mac has already been generated when we received the |
| 117 | * change cipher spec message and is in s->s3->tmp.in_dgst[12] | 192 | * change cipher spec message and is in s->s3->tmp.peer_finish_md |
| 118 | */ | 193 | */ |
| 119 | 194 | ||
| 120 | n=ssl3_get_message(s, | 195 | n=ssl3_get_message(s, |
| @@ -126,7 +201,7 @@ int b; | |||
| 126 | 201 | ||
| 127 | if (!ok) return((int)n); | 202 | if (!ok) return((int)n); |
| 128 | 203 | ||
| 129 | /* If this occurs if we has missed a message */ | 204 | /* If this occurs, we have missed a message */ |
| 130 | if (!s->s3->change_cipher_spec) | 205 | if (!s->s3->change_cipher_spec) |
| 131 | { | 206 | { |
| 132 | al=SSL_AD_UNEXPECTED_MESSAGE; | 207 | al=SSL_AD_UNEXPECTED_MESSAGE; |
| @@ -135,9 +210,8 @@ int b; | |||
| 135 | } | 210 | } |
| 136 | s->s3->change_cipher_spec=0; | 211 | s->s3->change_cipher_spec=0; |
| 137 | 212 | ||
| 138 | p=(unsigned char *)s->init_buf->data; | 213 | p = (unsigned char *)s->init_msg; |
| 139 | 214 | i = s->s3->tmp.peer_finish_md_len; | |
| 140 | i=s->method->ssl3_enc->finish_mac_length; | ||
| 141 | 215 | ||
| 142 | if (i != n) | 216 | if (i != n) |
| 143 | { | 217 | { |
| @@ -146,7 +220,7 @@ int b; | |||
| 146 | goto f_err; | 220 | goto f_err; |
| 147 | } | 221 | } |
| 148 | 222 | ||
| 149 | if (memcmp( p, (char *)&(s->s3->tmp.finish_md[0]),i) != 0) | 223 | if (memcmp(p, s->s3->tmp.peer_finish_md, i) != 0) |
| 150 | { | 224 | { |
| 151 | al=SSL_AD_DECRYPT_ERROR; | 225 | al=SSL_AD_DECRYPT_ERROR; |
| 152 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); | 226 | SSLerr(SSL_F_SSL3_GET_FINISHED,SSL_R_DIGEST_CHECK_FAILED); |
| @@ -167,9 +241,7 @@ f_err: | |||
| 167 | * ssl->session->read_compression assign | 241 | * ssl->session->read_compression assign |
| 168 | * ssl->session->read_hash assign | 242 | * ssl->session->read_hash assign |
| 169 | */ | 243 | */ |
| 170 | int ssl3_send_change_cipher_spec(s,a,b) | 244 | int ssl3_send_change_cipher_spec(SSL *s, int a, int b) |
| 171 | SSL *s; | ||
| 172 | int a,b; | ||
| 173 | { | 245 | { |
| 174 | unsigned char *p; | 246 | unsigned char *p; |
| 175 | 247 | ||
| @@ -187,9 +259,7 @@ int a,b; | |||
| 187 | return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); | 259 | return(ssl3_do_write(s,SSL3_RT_CHANGE_CIPHER_SPEC)); |
| 188 | } | 260 | } |
| 189 | 261 | ||
| 190 | unsigned long ssl3_output_cert_chain(s,x) | 262 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x) |
| 191 | SSL *s; | ||
| 192 | X509 *x; | ||
| 193 | { | 263 | { |
| 194 | unsigned char *p; | 264 | unsigned char *p; |
| 195 | int n,i; | 265 | int n,i; |
| @@ -207,7 +277,11 @@ X509 *x; | |||
| 207 | } | 277 | } |
| 208 | if (x != NULL) | 278 | if (x != NULL) |
| 209 | { | 279 | { |
| 210 | X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL); | 280 | if(!X509_STORE_CTX_init(&xs_ctx,s->ctx->cert_store,NULL,NULL)) |
| 281 | { | ||
| 282 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_X509_LIB); | ||
| 283 | return(0); | ||
| 284 | } | ||
| 211 | 285 | ||
| 212 | for (;;) | 286 | for (;;) |
| 213 | { | 287 | { |
| @@ -236,6 +310,23 @@ X509 *x; | |||
| 236 | X509_STORE_CTX_cleanup(&xs_ctx); | 310 | X509_STORE_CTX_cleanup(&xs_ctx); |
| 237 | } | 311 | } |
| 238 | 312 | ||
| 313 | /* Thawte special :-) */ | ||
| 314 | if (s->ctx->extra_certs != NULL) | ||
| 315 | for (i=0; i<sk_X509_num(s->ctx->extra_certs); i++) | ||
| 316 | { | ||
| 317 | x=sk_X509_value(s->ctx->extra_certs,i); | ||
| 318 | n=i2d_X509(x,NULL); | ||
| 319 | if (!BUF_MEM_grow(buf,(int)(n+l+3))) | ||
| 320 | { | ||
| 321 | SSLerr(SSL_F_SSL3_OUTPUT_CERT_CHAIN,ERR_R_BUF_LIB); | ||
| 322 | return(0); | ||
| 323 | } | ||
| 324 | p=(unsigned char *)&(buf->data[l]); | ||
| 325 | l2n3(n,p); | ||
| 326 | i2d_X509(x,&p); | ||
| 327 | l+=n+3; | ||
| 328 | } | ||
| 329 | |||
| 239 | l-=7; | 330 | l-=7; |
| 240 | p=(unsigned char *)&(buf->data[4]); | 331 | p=(unsigned char *)&(buf->data[4]); |
| 241 | l2n3(l,p); | 332 | l2n3(l,p); |
| @@ -247,11 +338,12 @@ X509 *x; | |||
| 247 | return(l); | 338 | return(l); |
| 248 | } | 339 | } |
| 249 | 340 | ||
| 250 | long ssl3_get_message(s,st1,stn,mt,max,ok) | 341 | /* Obtain handshake message of message type 'mt' (any if mt == -1), |
| 251 | SSL *s; | 342 | * maximum acceptable body length 'max'. |
| 252 | int st1,stn,mt; | 343 | * The first four bytes (msg_type and length) are read in state 'st1', |
| 253 | long max; | 344 | * the body is read in state 'stn'. |
| 254 | int *ok; | 345 | */ |
| 346 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok) | ||
| 255 | { | 347 | { |
| 256 | unsigned char *p; | 348 | unsigned char *p; |
| 257 | unsigned long l; | 349 | unsigned long l; |
| @@ -268,21 +360,51 @@ int *ok; | |||
| 268 | goto f_err; | 360 | goto f_err; |
| 269 | } | 361 | } |
| 270 | *ok=1; | 362 | *ok=1; |
| 271 | return((int)s->s3->tmp.message_size); | 363 | s->init_msg = s->init_buf->data + 4; |
| 364 | s->init_num = (int)s->s3->tmp.message_size; | ||
| 365 | return s->init_num; | ||
| 272 | } | 366 | } |
| 273 | 367 | ||
| 274 | p=(unsigned char *)s->init_buf->data; | 368 | p=(unsigned char *)s->init_buf->data; |
| 275 | 369 | ||
| 276 | if (s->state == st1) | 370 | if (s->state == st1) /* s->init_num < 4 */ |
| 277 | { | 371 | { |
| 278 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE, | 372 | int skip_message; |
| 279 | (char *)&(p[s->init_num]), | 373 | |
| 280 | 4-s->init_num); | 374 | do |
| 281 | if (i < (4-s->init_num)) | ||
| 282 | { | 375 | { |
| 283 | *ok=0; | 376 | while (s->init_num < 4) |
| 284 | return(ssl3_part_read(s,i)); | 377 | { |
| 378 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num], | ||
| 379 | 4 - s->init_num, 0); | ||
| 380 | if (i <= 0) | ||
| 381 | { | ||
| 382 | s->rwstate=SSL_READING; | ||
| 383 | *ok = 0; | ||
| 384 | return i; | ||
| 385 | } | ||
| 386 | s->init_num+=i; | ||
| 387 | } | ||
| 388 | |||
| 389 | skip_message = 0; | ||
| 390 | if (!s->server) | ||
| 391 | if (p[0] == SSL3_MT_HELLO_REQUEST) | ||
| 392 | /* The server may always send 'Hello Request' messages -- | ||
| 393 | * we are doing a handshake anyway now, so ignore them | ||
| 394 | * if their format is correct. Does not count for | ||
| 395 | * 'Finished' MAC. */ | ||
| 396 | if (p[1] == 0 && p[2] == 0 &&p[3] == 0) | ||
| 397 | { | ||
| 398 | s->init_num = 0; | ||
| 399 | skip_message = 1; | ||
| 400 | |||
| 401 | if (s->msg_callback) | ||
| 402 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, p, 4, s, s->msg_callback_arg); | ||
| 403 | } | ||
| 285 | } | 404 | } |
| 405 | while (skip_message); | ||
| 406 | |||
| 407 | /* s->init_num == 4 */ | ||
| 286 | 408 | ||
| 287 | if ((mt >= 0) && (*p != mt)) | 409 | if ((mt >= 0) && (*p != mt)) |
| 288 | { | 410 | { |
| @@ -290,6 +412,18 @@ int *ok; | |||
| 290 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); | 412 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_UNEXPECTED_MESSAGE); |
| 291 | goto f_err; | 413 | goto f_err; |
| 292 | } | 414 | } |
| 415 | if ((mt < 0) && (*p == SSL3_MT_CLIENT_HELLO) && | ||
| 416 | (st1 == SSL3_ST_SR_CERT_A) && | ||
| 417 | (stn == SSL3_ST_SR_CERT_B)) | ||
| 418 | { | ||
| 419 | /* At this point we have got an MS SGC second client | ||
| 420 | * hello (maybe we should always allow the client to | ||
| 421 | * start a new handshake?). We need to restart the mac. | ||
| 422 | * Don't increment {num,total}_renegotiations because | ||
| 423 | * we have not completed the handshake. */ | ||
| 424 | ssl3_init_finished_mac(s); | ||
| 425 | } | ||
| 426 | |||
| 293 | s->s3->tmp.message_type= *(p++); | 427 | s->s3->tmp.message_type= *(p++); |
| 294 | 428 | ||
| 295 | n2l3(p,l); | 429 | n2l3(p,l); |
| @@ -299,7 +433,13 @@ int *ok; | |||
| 299 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); | 433 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); |
| 300 | goto f_err; | 434 | goto f_err; |
| 301 | } | 435 | } |
| 302 | if (l && !BUF_MEM_grow(s->init_buf,(int)l)) | 436 | if (l > (INT_MAX-4)) /* BUF_MEM_grow takes an 'int' parameter */ |
| 437 | { | ||
| 438 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 439 | SSLerr(SSL_F_SSL3_GET_MESSAGE,SSL_R_EXCESSIVE_MESSAGE_SIZE); | ||
| 440 | goto f_err; | ||
| 441 | } | ||
| 442 | if (l && !BUF_MEM_grow(s->init_buf,(int)l+4)) | ||
| 303 | { | 443 | { |
| 304 | SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); | 444 | SSLerr(SSL_F_SSL3_GET_MESSAGE,ERR_R_BUF_LIB); |
| 305 | goto err; | 445 | goto err; |
| @@ -307,24 +447,30 @@ int *ok; | |||
| 307 | s->s3->tmp.message_size=l; | 447 | s->s3->tmp.message_size=l; |
| 308 | s->state=stn; | 448 | s->state=stn; |
| 309 | 449 | ||
| 310 | s->init_num=0; | 450 | s->init_msg = s->init_buf->data + 4; |
| 451 | s->init_num = 0; | ||
| 311 | } | 452 | } |
| 312 | 453 | ||
| 313 | /* next state (stn) */ | 454 | /* next state (stn) */ |
| 314 | p=(unsigned char *)s->init_buf->data; | 455 | p = s->init_msg; |
| 315 | n=s->s3->tmp.message_size; | 456 | n = s->s3->tmp.message_size - s->init_num; |
| 316 | if (n > 0) | 457 | while (n > 0) |
| 317 | { | 458 | { |
| 318 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE, | 459 | i=ssl3_read_bytes(s,SSL3_RT_HANDSHAKE,&p[s->init_num],n,0); |
| 319 | (char *)&(p[s->init_num]),(int)n); | 460 | if (i <= 0) |
| 320 | if (i != (int)n) | ||
| 321 | { | 461 | { |
| 322 | *ok=0; | 462 | s->rwstate=SSL_READING; |
| 323 | return(ssl3_part_read(s,i)); | 463 | *ok = 0; |
| 464 | return i; | ||
| 324 | } | 465 | } |
| 466 | s->init_num += i; | ||
| 467 | n -= i; | ||
| 325 | } | 468 | } |
| 469 | ssl3_finish_mac(s, (unsigned char *)s->init_buf->data, s->init_num + 4); | ||
| 470 | if (s->msg_callback) | ||
| 471 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->init_buf->data, (size_t)s->init_num + 4, s, s->msg_callback_arg); | ||
| 326 | *ok=1; | 472 | *ok=1; |
| 327 | return(n); | 473 | return s->init_num; |
| 328 | f_err: | 474 | f_err: |
| 329 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 475 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 330 | err: | 476 | err: |
| @@ -332,9 +478,7 @@ err: | |||
| 332 | return(-1); | 478 | return(-1); |
| 333 | } | 479 | } |
| 334 | 480 | ||
| 335 | int ssl_cert_type(x,pkey) | 481 | int ssl_cert_type(X509 *x, EVP_PKEY *pkey) |
| 336 | X509 *x; | ||
| 337 | EVP_PKEY *pkey; | ||
| 338 | { | 482 | { |
| 339 | EVP_PKEY *pk; | 483 | EVP_PKEY *pk; |
| 340 | int ret= -1,i,j; | 484 | int ret= -1,i,j; |
| @@ -380,11 +524,11 @@ EVP_PKEY *pkey; | |||
| 380 | ret= -1; | 524 | ret= -1; |
| 381 | 525 | ||
| 382 | err: | 526 | err: |
| 527 | if(!pkey) EVP_PKEY_free(pk); | ||
| 383 | return(ret); | 528 | return(ret); |
| 384 | } | 529 | } |
| 385 | 530 | ||
| 386 | int ssl_verify_alarm_type(type) | 531 | int ssl_verify_alarm_type(long type) |
| 387 | long type; | ||
| 388 | { | 532 | { |
| 389 | int al; | 533 | int al; |
| 390 | 534 | ||
| @@ -392,6 +536,7 @@ long type; | |||
| 392 | { | 536 | { |
| 393 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: | 537 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: |
| 394 | case X509_V_ERR_UNABLE_TO_GET_CRL: | 538 | case X509_V_ERR_UNABLE_TO_GET_CRL: |
| 539 | case X509_V_ERR_UNABLE_TO_GET_CRL_ISSUER: | ||
| 395 | al=SSL_AD_UNKNOWN_CA; | 540 | al=SSL_AD_UNKNOWN_CA; |
| 396 | break; | 541 | break; |
| 397 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: | 542 | case X509_V_ERR_UNABLE_TO_DECRYPT_CERT_SIGNATURE: |
| @@ -403,6 +548,8 @@ long type; | |||
| 403 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: | 548 | case X509_V_ERR_ERROR_IN_CRL_NEXT_UPDATE_FIELD: |
| 404 | case X509_V_ERR_CERT_NOT_YET_VALID: | 549 | case X509_V_ERR_CERT_NOT_YET_VALID: |
| 405 | case X509_V_ERR_CRL_NOT_YET_VALID: | 550 | case X509_V_ERR_CRL_NOT_YET_VALID: |
| 551 | case X509_V_ERR_CERT_UNTRUSTED: | ||
| 552 | case X509_V_ERR_CERT_REJECTED: | ||
| 406 | al=SSL_AD_BAD_CERTIFICATE; | 553 | al=SSL_AD_BAD_CERTIFICATE; |
| 407 | break; | 554 | break; |
| 408 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: | 555 | case X509_V_ERR_CERT_SIGNATURE_FAILURE: |
| @@ -424,11 +571,16 @@ long type; | |||
| 424 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: | 571 | case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT_LOCALLY: |
| 425 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: | 572 | case X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE: |
| 426 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: | 573 | case X509_V_ERR_CERT_CHAIN_TOO_LONG: |
| 574 | case X509_V_ERR_PATH_LENGTH_EXCEEDED: | ||
| 575 | case X509_V_ERR_INVALID_CA: | ||
| 427 | al=SSL_AD_UNKNOWN_CA; | 576 | al=SSL_AD_UNKNOWN_CA; |
| 428 | break; | 577 | break; |
| 429 | case X509_V_ERR_APPLICATION_VERIFICATION: | 578 | case X509_V_ERR_APPLICATION_VERIFICATION: |
| 430 | al=SSL_AD_HANDSHAKE_FAILURE; | 579 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 431 | break; | 580 | break; |
| 581 | case X509_V_ERR_INVALID_PURPOSE: | ||
| 582 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | ||
| 583 | break; | ||
| 432 | default: | 584 | default: |
| 433 | al=SSL_AD_CERTIFICATE_UNKNOWN; | 585 | al=SSL_AD_CERTIFICATE_UNKNOWN; |
| 434 | break; | 586 | break; |
| @@ -436,11 +588,11 @@ long type; | |||
| 436 | return(al); | 588 | return(al); |
| 437 | } | 589 | } |
| 438 | 590 | ||
| 439 | int ssl3_setup_buffers(s) | 591 | int ssl3_setup_buffers(SSL *s) |
| 440 | SSL *s; | ||
| 441 | { | 592 | { |
| 442 | unsigned char *p; | 593 | unsigned char *p; |
| 443 | unsigned int extra; | 594 | unsigned int extra; |
| 595 | size_t len; | ||
| 444 | 596 | ||
| 445 | if (s->s3->rbuf.buf == NULL) | 597 | if (s->s3->rbuf.buf == NULL) |
| 446 | { | 598 | { |
| @@ -448,18 +600,21 @@ SSL *s; | |||
| 448 | extra=SSL3_RT_MAX_EXTRA; | 600 | extra=SSL3_RT_MAX_EXTRA; |
| 449 | else | 601 | else |
| 450 | extra=0; | 602 | extra=0; |
| 451 | if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE+extra)) | 603 | len = SSL3_RT_MAX_PACKET_SIZE + extra; |
| 452 | == NULL) | 604 | if ((p=OPENSSL_malloc(len)) == NULL) |
| 453 | goto err; | 605 | goto err; |
| 454 | s->s3->rbuf.buf=p; | 606 | s->s3->rbuf.buf = p; |
| 607 | s->s3->rbuf.len = len; | ||
| 455 | } | 608 | } |
| 456 | 609 | ||
| 457 | if (s->s3->wbuf.buf == NULL) | 610 | if (s->s3->wbuf.buf == NULL) |
| 458 | { | 611 | { |
| 459 | if ((p=(unsigned char *)Malloc(SSL3_RT_MAX_PACKET_SIZE)) | 612 | len = SSL3_RT_MAX_PACKET_SIZE; |
| 460 | == NULL) | 613 | len += SSL3_RT_HEADER_LENGTH + 256; /* extra space for empty fragment */ |
| 614 | if ((p=OPENSSL_malloc(len)) == NULL) | ||
| 461 | goto err; | 615 | goto err; |
| 462 | s->s3->wbuf.buf=p; | 616 | s->s3->wbuf.buf = p; |
| 617 | s->s3->wbuf.len = len; | ||
| 463 | } | 618 | } |
| 464 | s->packet= &(s->s3->rbuf.buf[0]); | 619 | s->packet= &(s->s3->rbuf.buf[0]); |
| 465 | return(1); | 620 | return(1); |
diff --git a/src/lib/libssl/s3_clnt.c b/src/lib/libssl/s3_clnt.c index 940c6a458f..e5853ede95 100644 --- a/src/lib/libssl/s3_clnt.c +++ b/src/lib/libssl/s3_clnt.c | |||
| @@ -55,29 +55,74 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "buffer.h" | 113 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 114 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 115 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 116 | #include <openssl/evp.h> |
| 64 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
| 118 | #include "kssl_lcl.h" | ||
| 119 | #include <openssl/md5.h> | ||
| 65 | 120 | ||
| 66 | #define BREAK break | 121 | static SSL_METHOD *ssl3_get_client_method(int ver); |
| 67 | /* SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 68 | * SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 69 | * SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 70 | * SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 71 | * SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); | ||
| 72 | * SSLerr(SSL_F_SSL3_GET_SERVER_DONE,ERR_R_MALLOC_FAILURE); | ||
| 73 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_SSL3_SESSION_ID_TOO_SHORT); | ||
| 74 | */ | ||
| 75 | |||
| 76 | #ifndef NOPROTO | ||
| 77 | static int ssl3_client_hello(SSL *s); | 122 | static int ssl3_client_hello(SSL *s); |
| 78 | static int ssl3_get_server_hello(SSL *s); | 123 | static int ssl3_get_server_hello(SSL *s); |
| 79 | static int ssl3_get_certificate_request(SSL *s); | 124 | static int ssl3_get_certificate_request(SSL *s); |
| 80 | static int ca_dn_cmp(X509_NAME **a,X509_NAME **b); | 125 | static int ca_dn_cmp(const X509_NAME * const *a,const X509_NAME * const *b); |
| 81 | static int ssl3_get_server_done(SSL *s); | 126 | static int ssl3_get_server_done(SSL *s); |
| 82 | static int ssl3_send_client_verify(SSL *s); | 127 | static int ssl3_send_client_verify(SSL *s); |
| 83 | static int ssl3_send_client_certificate(SSL *s); | 128 | static int ssl3_send_client_certificate(SSL *s); |
| @@ -85,22 +130,7 @@ static int ssl3_send_client_key_exchange(SSL *s); | |||
| 85 | static int ssl3_get_key_exchange(SSL *s); | 130 | static int ssl3_get_key_exchange(SSL *s); |
| 86 | static int ssl3_get_server_certificate(SSL *s); | 131 | static int ssl3_get_server_certificate(SSL *s); |
| 87 | static int ssl3_check_cert_and_algorithm(SSL *s); | 132 | static int ssl3_check_cert_and_algorithm(SSL *s); |
| 88 | #else | 133 | static SSL_METHOD *ssl3_get_client_method(int ver) |
| 89 | static int ssl3_client_hello(); | ||
| 90 | static int ssl3_get_server_hello(); | ||
| 91 | static int ssl3_get_certificate_request(); | ||
| 92 | static int ca_dn_cmp(); | ||
| 93 | static int ssl3_get_server_done(); | ||
| 94 | static int ssl3_send_client_verify(); | ||
| 95 | static int ssl3_send_client_certificate(); | ||
| 96 | static int ssl3_send_client_key_exchange(); | ||
| 97 | static int ssl3_get_key_exchange(); | ||
| 98 | static int ssl3_get_server_certificate(); | ||
| 99 | static int ssl3_check_cert_and_algorithm(); | ||
| 100 | #endif | ||
| 101 | |||
| 102 | static SSL_METHOD *ssl3_get_client_method(ver) | ||
| 103 | int ver; | ||
| 104 | { | 134 | { |
| 105 | if (ver == SSL3_VERSION) | 135 | if (ver == SSL3_VERSION) |
| 106 | return(SSLv3_client_method()); | 136 | return(SSLv3_client_method()); |
| @@ -108,7 +138,7 @@ int ver; | |||
| 108 | return(NULL); | 138 | return(NULL); |
| 109 | } | 139 | } |
| 110 | 140 | ||
| 111 | SSL_METHOD *SSLv3_client_method() | 141 | SSL_METHOD *SSLv3_client_method(void) |
| 112 | { | 142 | { |
| 113 | static int init=1; | 143 | static int init=1; |
| 114 | static SSL_METHOD SSLv3_client_data; | 144 | static SSL_METHOD SSLv3_client_data; |
| @@ -124,18 +154,16 @@ SSL_METHOD *SSLv3_client_method() | |||
| 124 | return(&SSLv3_client_data); | 154 | return(&SSLv3_client_data); |
| 125 | } | 155 | } |
| 126 | 156 | ||
| 127 | int ssl3_connect(s) | 157 | int ssl3_connect(SSL *s) |
| 128 | SSL *s; | ||
| 129 | { | 158 | { |
| 130 | BUF_MEM *buf; | 159 | BUF_MEM *buf; |
| 131 | unsigned long Time=time(NULL),l; | 160 | unsigned long Time=time(NULL),l; |
| 132 | long num1; | 161 | long num1; |
| 133 | void (*cb)()=NULL; | 162 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 134 | int ret= -1; | 163 | int ret= -1; |
| 135 | BIO *under; | ||
| 136 | int new_state,state,skip=0;; | 164 | int new_state,state,skip=0;; |
| 137 | 165 | ||
| 138 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 166 | RAND_add(&Time,sizeof(Time),0); |
| 139 | ERR_clear_error(); | 167 | ERR_clear_error(); |
| 140 | clear_sys_error(); | 168 | clear_sys_error(); |
| 141 | 169 | ||
| @@ -144,8 +172,8 @@ SSL *s; | |||
| 144 | else if (s->ctx->info_callback != NULL) | 172 | else if (s->ctx->info_callback != NULL) |
| 145 | cb=s->ctx->info_callback; | 173 | cb=s->ctx->info_callback; |
| 146 | 174 | ||
| 147 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 148 | s->in_handshake++; | 175 | s->in_handshake++; |
| 176 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 149 | 177 | ||
| 150 | for (;;) | 178 | for (;;) |
| 151 | { | 179 | { |
| @@ -156,17 +184,23 @@ SSL *s; | |||
| 156 | case SSL_ST_RENEGOTIATE: | 184 | case SSL_ST_RENEGOTIATE: |
| 157 | s->new_session=1; | 185 | s->new_session=1; |
| 158 | s->state=SSL_ST_CONNECT; | 186 | s->state=SSL_ST_CONNECT; |
| 159 | s->ctx->sess_connect_renegotiate++; | 187 | s->ctx->stats.sess_connect_renegotiate++; |
| 160 | /* break */ | 188 | /* break */ |
| 161 | case SSL_ST_BEFORE: | 189 | case SSL_ST_BEFORE: |
| 162 | case SSL_ST_CONNECT: | 190 | case SSL_ST_CONNECT: |
| 163 | case SSL_ST_BEFORE|SSL_ST_CONNECT: | 191 | case SSL_ST_BEFORE|SSL_ST_CONNECT: |
| 164 | case SSL_ST_OK|SSL_ST_CONNECT: | 192 | case SSL_ST_OK|SSL_ST_CONNECT: |
| 165 | 193 | ||
| 194 | s->server=0; | ||
| 166 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 195 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 167 | 196 | ||
| 168 | if ((s->version & 0xff00 ) != 0x0300) | 197 | if ((s->version & 0xff00 ) != 0x0300) |
| 169 | abort(); | 198 | { |
| 199 | SSLerr(SSL_F_SSL3_CONNECT, ERR_R_INTERNAL_ERROR); | ||
| 200 | ret = -1; | ||
| 201 | goto end; | ||
| 202 | } | ||
| 203 | |||
| 170 | /* s->version=SSL3_VERSION; */ | 204 | /* s->version=SSL3_VERSION; */ |
| 171 | s->type=SSL_ST_CONNECT; | 205 | s->type=SSL_ST_CONNECT; |
| 172 | 206 | ||
| @@ -195,7 +229,7 @@ SSL *s; | |||
| 195 | ssl3_init_finished_mac(s); | 229 | ssl3_init_finished_mac(s); |
| 196 | 230 | ||
| 197 | s->state=SSL3_ST_CW_CLNT_HELLO_A; | 231 | s->state=SSL3_ST_CW_CLNT_HELLO_A; |
| 198 | s->ctx->sess_connect++; | 232 | s->ctx->stats.sess_connect++; |
| 199 | s->init_num=0; | 233 | s->init_num=0; |
| 200 | break; | 234 | break; |
| 201 | 235 | ||
| @@ -278,6 +312,7 @@ SSL *s; | |||
| 278 | case SSL3_ST_CW_CERT_A: | 312 | case SSL3_ST_CW_CERT_A: |
| 279 | case SSL3_ST_CW_CERT_B: | 313 | case SSL3_ST_CW_CERT_B: |
| 280 | case SSL3_ST_CW_CERT_C: | 314 | case SSL3_ST_CW_CERT_C: |
| 315 | case SSL3_ST_CW_CERT_D: | ||
| 281 | ret=ssl3_send_client_certificate(s); | 316 | ret=ssl3_send_client_certificate(s); |
| 282 | if (ret <= 0) goto end; | 317 | if (ret <= 0) goto end; |
| 283 | s->state=SSL3_ST_CW_KEY_EXCH_A; | 318 | s->state=SSL3_ST_CW_KEY_EXCH_A; |
| @@ -324,6 +359,11 @@ SSL *s; | |||
| 324 | s->init_num=0; | 359 | s->init_num=0; |
| 325 | 360 | ||
| 326 | s->session->cipher=s->s3->tmp.new_cipher; | 361 | s->session->cipher=s->s3->tmp.new_cipher; |
| 362 | if (s->s3->tmp.new_compression == NULL) | ||
| 363 | s->session->compress_meth=0; | ||
| 364 | else | ||
| 365 | s->session->compress_meth= | ||
| 366 | s->s3->tmp.new_compression->id; | ||
| 327 | if (!s->method->ssl3_enc->setup_key_block(s)) | 367 | if (!s->method->ssl3_enc->setup_key_block(s)) |
| 328 | { | 368 | { |
| 329 | ret= -1; | 369 | ret= -1; |
| @@ -343,8 +383,8 @@ SSL *s; | |||
| 343 | case SSL3_ST_CW_FINISHED_B: | 383 | case SSL3_ST_CW_FINISHED_B: |
| 344 | ret=ssl3_send_finished(s, | 384 | ret=ssl3_send_finished(s, |
| 345 | SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, | 385 | SSL3_ST_CW_FINISHED_A,SSL3_ST_CW_FINISHED_B, |
| 346 | s->method->ssl3_enc->client_finished, | 386 | s->method->ssl3_enc->client_finished_label, |
| 347 | s->method->ssl3_enc->client_finished_len); | 387 | s->method->ssl3_enc->client_finished_label_len); |
| 348 | if (ret <= 0) goto end; | 388 | if (ret <= 0) goto end; |
| 349 | s->state=SSL3_ST_CW_FLUSH; | 389 | s->state=SSL3_ST_CW_FLUSH; |
| 350 | 390 | ||
| @@ -399,38 +439,33 @@ SSL *s; | |||
| 399 | /* clean a few things up */ | 439 | /* clean a few things up */ |
| 400 | ssl3_cleanup_key_block(s); | 440 | ssl3_cleanup_key_block(s); |
| 401 | 441 | ||
| 402 | BUF_MEM_free(s->init_buf); | 442 | if (s->init_buf != NULL) |
| 403 | s->init_buf=NULL; | ||
| 404 | |||
| 405 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
| 406 | { | 443 | { |
| 407 | /* remove buffering */ | 444 | BUF_MEM_free(s->init_buf); |
| 408 | under=BIO_pop(s->wbio); | 445 | s->init_buf=NULL; |
| 409 | if (under != NULL) | ||
| 410 | s->wbio=under; | ||
| 411 | else | ||
| 412 | abort(); /* ok */ | ||
| 413 | |||
| 414 | BIO_free(s->bbio); | ||
| 415 | s->bbio=NULL; | ||
| 416 | } | 446 | } |
| 417 | /* else do it later */ | 447 | |
| 448 | /* If we are not 'joining' the last two packets, | ||
| 449 | * remove the buffering now */ | ||
| 450 | if (!(s->s3->flags & SSL3_FLAGS_POP_BUFFER)) | ||
| 451 | ssl_free_wbio_buffer(s); | ||
| 452 | /* else do it later in ssl3_write */ | ||
| 418 | 453 | ||
| 419 | s->init_num=0; | 454 | s->init_num=0; |
| 420 | s->new_session=0; | 455 | s->new_session=0; |
| 421 | 456 | ||
| 422 | ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); | 457 | ssl_update_cache(s,SSL_SESS_CACHE_CLIENT); |
| 423 | if (s->hit) s->ctx->sess_hit++; | 458 | if (s->hit) s->ctx->stats.sess_hit++; |
| 424 | 459 | ||
| 425 | ret=1; | 460 | ret=1; |
| 426 | /* s->server=0; */ | 461 | /* s->server=0; */ |
| 427 | s->handshake_func=ssl3_connect; | 462 | s->handshake_func=ssl3_connect; |
| 428 | s->ctx->sess_connect_good++; | 463 | s->ctx->stats.sess_connect_good++; |
| 429 | 464 | ||
| 430 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | 465 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); |
| 431 | 466 | ||
| 432 | goto end; | 467 | goto end; |
| 433 | break; | 468 | /* break; */ |
| 434 | 469 | ||
| 435 | default: | 470 | default: |
| 436 | SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); | 471 | SSLerr(SSL_F_SSL3_CONNECT,SSL_R_UNKNOWN_STATE); |
| @@ -459,26 +494,27 @@ SSL *s; | |||
| 459 | skip=0; | 494 | skip=0; |
| 460 | } | 495 | } |
| 461 | end: | 496 | end: |
| 497 | s->in_handshake--; | ||
| 462 | if (cb != NULL) | 498 | if (cb != NULL) |
| 463 | cb(s,SSL_CB_CONNECT_EXIT,ret); | 499 | cb(s,SSL_CB_CONNECT_EXIT,ret); |
| 464 | s->in_handshake--; | ||
| 465 | return(ret); | 500 | return(ret); |
| 466 | } | 501 | } |
| 467 | 502 | ||
| 468 | 503 | ||
| 469 | static int ssl3_client_hello(s) | 504 | static int ssl3_client_hello(SSL *s) |
| 470 | SSL *s; | ||
| 471 | { | 505 | { |
| 472 | unsigned char *buf; | 506 | unsigned char *buf; |
| 473 | unsigned char *p,*d; | 507 | unsigned char *p,*d; |
| 474 | int i; | 508 | int i,j; |
| 475 | unsigned long Time,l; | 509 | unsigned long Time,l; |
| 510 | SSL_COMP *comp; | ||
| 476 | 511 | ||
| 477 | buf=(unsigned char *)s->init_buf->data; | 512 | buf=(unsigned char *)s->init_buf->data; |
| 478 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) | 513 | if (s->state == SSL3_ST_CW_CLNT_HELLO_A) |
| 479 | { | 514 | { |
| 480 | if ((s->session == NULL) || | 515 | if ((s->session == NULL) || |
| 481 | (s->session->ssl_version != s->version)) | 516 | (s->session->ssl_version != s->version) || |
| 517 | (s->session->not_resumable)) | ||
| 482 | { | 518 | { |
| 483 | if (!ssl_get_new_session(s,0)) | 519 | if (!ssl_get_new_session(s,0)) |
| 484 | goto err; | 520 | goto err; |
| @@ -488,13 +524,14 @@ SSL *s; | |||
| 488 | p=s->s3->client_random; | 524 | p=s->s3->client_random; |
| 489 | Time=time(NULL); /* Time */ | 525 | Time=time(NULL); /* Time */ |
| 490 | l2n(Time,p); | 526 | l2n(Time,p); |
| 491 | RAND_bytes(&(p[4]),SSL3_RANDOM_SIZE-sizeof(Time)); | 527 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); |
| 492 | 528 | ||
| 493 | /* Do the message type and length last */ | 529 | /* Do the message type and length last */ |
| 494 | d=p= &(buf[4]); | 530 | d=p= &(buf[4]); |
| 495 | 531 | ||
| 496 | *(p++)=s->version>>8; | 532 | *(p++)=s->version>>8; |
| 497 | *(p++)=s->version&0xff; | 533 | *(p++)=s->version&0xff; |
| 534 | s->client_version=s->version; | ||
| 498 | 535 | ||
| 499 | /* Random stuff */ | 536 | /* Random stuff */ |
| 500 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | 537 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); |
| @@ -522,9 +559,18 @@ SSL *s; | |||
| 522 | s2n(i,p); | 559 | s2n(i,p); |
| 523 | p+=i; | 560 | p+=i; |
| 524 | 561 | ||
| 525 | /* hardwire in the NULL compression algorithm. */ | 562 | /* COMPRESSION */ |
| 526 | *(p++)=1; | 563 | if (s->ctx->comp_methods == NULL) |
| 527 | *(p++)=0; | 564 | j=0; |
| 565 | else | ||
| 566 | j=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
| 567 | *(p++)=1+j; | ||
| 568 | for (i=0; i<j; i++) | ||
| 569 | { | ||
| 570 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,i); | ||
| 571 | *(p++)=comp->id; | ||
| 572 | } | ||
| 573 | *(p++)=0; /* Add the NULL method */ | ||
| 528 | 574 | ||
| 529 | l=(p-d); | 575 | l=(p-d); |
| 530 | d=buf; | 576 | d=buf; |
| @@ -543,15 +589,15 @@ err: | |||
| 543 | return(-1); | 589 | return(-1); |
| 544 | } | 590 | } |
| 545 | 591 | ||
| 546 | static int ssl3_get_server_hello(s) | 592 | static int ssl3_get_server_hello(SSL *s) |
| 547 | SSL *s; | ||
| 548 | { | 593 | { |
| 549 | STACK *sk; | 594 | STACK_OF(SSL_CIPHER) *sk; |
| 550 | SSL_CIPHER *c; | 595 | SSL_CIPHER *c; |
| 551 | unsigned char *p,*d; | 596 | unsigned char *p,*d; |
| 552 | int i,al,ok; | 597 | int i,al,ok; |
| 553 | unsigned int j; | 598 | unsigned int j; |
| 554 | long n; | 599 | long n; |
| 600 | SSL_COMP *comp; | ||
| 555 | 601 | ||
| 556 | n=ssl3_get_message(s, | 602 | n=ssl3_get_message(s, |
| 557 | SSL3_ST_CR_SRVR_HELLO_A, | 603 | SSL3_ST_CR_SRVR_HELLO_A, |
| @@ -561,7 +607,7 @@ SSL *s; | |||
| 561 | &ok); | 607 | &ok); |
| 562 | 608 | ||
| 563 | if (!ok) return((int)n); | 609 | if (!ok) return((int)n); |
| 564 | d=p=(unsigned char *)s->init_buf->data; | 610 | d=p=(unsigned char *)s->init_msg; |
| 565 | 611 | ||
| 566 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) | 612 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version&0xff))) |
| 567 | { | 613 | { |
| @@ -590,9 +636,18 @@ SSL *s; | |||
| 590 | goto f_err; | 636 | goto f_err; |
| 591 | } | 637 | } |
| 592 | } | 638 | } |
| 593 | if ((j != 0) && (j == s->session->session_id_length) && | 639 | if (j != 0 && j == s->session->session_id_length |
| 594 | (memcmp(p,s->session->session_id,j) == 0)) | 640 | && memcmp(p,s->session->session_id,j) == 0) |
| 595 | s->hit=1; | 641 | { |
| 642 | if(s->sid_ctx_length != s->session->sid_ctx_length | ||
| 643 | || memcmp(s->session->sid_ctx,s->sid_ctx,s->sid_ctx_length)) | ||
| 644 | { | ||
| 645 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 646 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
| 647 | goto f_err; | ||
| 648 | } | ||
| 649 | s->hit=1; | ||
| 650 | } | ||
| 596 | else /* a miss or crap from the other end */ | 651 | else /* a miss or crap from the other end */ |
| 597 | { | 652 | { |
| 598 | /* If we were trying for session-id reuse, make a new | 653 | /* If we were trying for session-id reuse, make a new |
| @@ -621,7 +676,7 @@ SSL *s; | |||
| 621 | p+=ssl_put_cipher_by_char(s,NULL,NULL); | 676 | p+=ssl_put_cipher_by_char(s,NULL,NULL); |
| 622 | 677 | ||
| 623 | sk=ssl_get_ciphers_by_id(s); | 678 | sk=ssl_get_ciphers_by_id(s); |
| 624 | i=sk_find(sk,(char *)c); | 679 | i=sk_SSL_CIPHER_find(sk,c); |
| 625 | if (i < 0) | 680 | if (i < 0) |
| 626 | { | 681 | { |
| 627 | /* we did not say we would use this cipher */ | 682 | /* we did not say we would use this cipher */ |
| @@ -643,13 +698,23 @@ SSL *s; | |||
| 643 | s->s3->tmp.new_cipher=c; | 698 | s->s3->tmp.new_cipher=c; |
| 644 | 699 | ||
| 645 | /* lets get the compression algorithm */ | 700 | /* lets get the compression algorithm */ |
| 701 | /* COMPRESSION */ | ||
| 646 | j= *(p++); | 702 | j= *(p++); |
| 647 | if (j != 0) | 703 | if (j == 0) |
| 704 | comp=NULL; | ||
| 705 | else | ||
| 706 | comp=ssl3_comp_find(s->ctx->comp_methods,j); | ||
| 707 | |||
| 708 | if ((j != 0) && (comp == NULL)) | ||
| 648 | { | 709 | { |
| 649 | al=SSL_AD_ILLEGAL_PARAMETER; | 710 | al=SSL_AD_ILLEGAL_PARAMETER; |
| 650 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); | 711 | SSLerr(SSL_F_SSL3_GET_SERVER_HELLO,SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM); |
| 651 | goto f_err; | 712 | goto f_err; |
| 652 | } | 713 | } |
| 714 | else | ||
| 715 | { | ||
| 716 | s->s3->tmp.new_compression=comp; | ||
| 717 | } | ||
| 653 | 718 | ||
| 654 | if (p != (d+n)) | 719 | if (p != (d+n)) |
| 655 | { | 720 | { |
| @@ -666,26 +731,22 @@ err: | |||
| 666 | return(-1); | 731 | return(-1); |
| 667 | } | 732 | } |
| 668 | 733 | ||
| 669 | static int ssl3_get_server_certificate(s) | 734 | static int ssl3_get_server_certificate(SSL *s) |
| 670 | SSL *s; | ||
| 671 | { | 735 | { |
| 672 | int al,i,ok,ret= -1; | 736 | int al,i,ok,ret= -1; |
| 673 | unsigned long n,nc,llen,l; | 737 | unsigned long n,nc,llen,l; |
| 674 | X509 *x=NULL; | 738 | X509 *x=NULL; |
| 675 | unsigned char *p,*d,*q; | 739 | unsigned char *p,*d,*q; |
| 676 | STACK *sk=NULL; | 740 | STACK_OF(X509) *sk=NULL; |
| 677 | CERT *c; | 741 | SESS_CERT *sc; |
| 678 | EVP_PKEY *pkey=NULL; | 742 | EVP_PKEY *pkey=NULL; |
| 743 | int need_cert = 1; /* VRS: 0=> will allow null cert if auth == KRB5 */ | ||
| 679 | 744 | ||
| 680 | n=ssl3_get_message(s, | 745 | n=ssl3_get_message(s, |
| 681 | SSL3_ST_CR_CERT_A, | 746 | SSL3_ST_CR_CERT_A, |
| 682 | SSL3_ST_CR_CERT_B, | 747 | SSL3_ST_CR_CERT_B, |
| 683 | -1, | 748 | -1, |
| 684 | #if defined(MSDOS) && !defined(WIN32) | 749 | s->max_cert_list, |
| 685 | 1024*30, /* 30k max cert list :-) */ | ||
| 686 | #else | ||
| 687 | 1024*100, /* 100k max cert list :-) */ | ||
| 688 | #endif | ||
| 689 | &ok); | 750 | &ok); |
| 690 | 751 | ||
| 691 | if (!ok) return((int)n); | 752 | if (!ok) return((int)n); |
| @@ -702,9 +763,9 @@ SSL *s; | |||
| 702 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); | 763 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_BAD_MESSAGE_TYPE); |
| 703 | goto f_err; | 764 | goto f_err; |
| 704 | } | 765 | } |
| 705 | d=p=(unsigned char *)s->init_buf->data; | 766 | d=p=(unsigned char *)s->init_msg; |
| 706 | 767 | ||
| 707 | if ((sk=sk_new_null()) == NULL) | 768 | if ((sk=sk_X509_new_null()) == NULL) |
| 708 | { | 769 | { |
| 709 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 770 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 710 | goto err; | 771 | goto err; |
| @@ -741,7 +802,7 @@ SSL *s; | |||
| 741 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | 802 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); |
| 742 | goto f_err; | 803 | goto f_err; |
| 743 | } | 804 | } |
| 744 | if (!sk_push(sk,(char *)x)) | 805 | if (!sk_X509_push(sk,x)) |
| 745 | { | 806 | { |
| 746 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 807 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 747 | goto err; | 808 | goto err; |
| @@ -752,53 +813,91 @@ SSL *s; | |||
| 752 | } | 813 | } |
| 753 | 814 | ||
| 754 | i=ssl_verify_cert_chain(s,sk); | 815 | i=ssl_verify_cert_chain(s,sk); |
| 755 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i)) | 816 | if ((s->verify_mode != SSL_VERIFY_NONE) && (!i) |
| 817 | #ifndef OPENSSL_NO_KRB5 | ||
| 818 | && (s->s3->tmp.new_cipher->algorithms & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | ||
| 819 | != (SSL_aKRB5|SSL_kKRB5) | ||
| 820 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 821 | ) | ||
| 756 | { | 822 | { |
| 757 | al=ssl_verify_alarm_type(s->verify_result); | 823 | al=ssl_verify_alarm_type(s->verify_result); |
| 758 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); | 824 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_CERTIFICATE_VERIFY_FAILED); |
| 759 | goto f_err; | 825 | goto f_err; |
| 760 | } | 826 | } |
| 827 | ERR_clear_error(); /* but we keep s->verify_result */ | ||
| 761 | 828 | ||
| 762 | c=ssl_cert_new(); | 829 | sc=ssl_sess_cert_new(); |
| 763 | if (c == NULL) goto err; | 830 | if (sc == NULL) goto err; |
| 764 | 831 | ||
| 765 | if (s->session->cert) ssl_cert_free(s->session->cert); | 832 | if (s->session->sess_cert) ssl_sess_cert_free(s->session->sess_cert); |
| 766 | s->session->cert=c; | 833 | s->session->sess_cert=sc; |
| 767 | 834 | ||
| 768 | c->cert_chain=sk; | 835 | sc->cert_chain=sk; |
| 769 | x=(X509 *)sk_value(sk,0); | 836 | /* Inconsistency alert: cert_chain does include the peer's |
| 837 | * certificate, which we don't include in s3_srvr.c */ | ||
| 838 | x=sk_X509_value(sk,0); | ||
| 770 | sk=NULL; | 839 | sk=NULL; |
| 840 | /* VRS 19990621: possible memory leak; sk=null ==> !sk_pop_free() @end*/ | ||
| 771 | 841 | ||
| 772 | pkey=X509_get_pubkey(x); | 842 | pkey=X509_get_pubkey(x); |
| 773 | 843 | ||
| 774 | if (EVP_PKEY_missing_parameters(pkey)) | 844 | /* VRS: allow null cert if auth == KRB5 */ |
| 845 | need_cert = ((s->s3->tmp.new_cipher->algorithms | ||
| 846 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | ||
| 847 | == (SSL_aKRB5|SSL_kKRB5))? 0: 1; | ||
| 848 | |||
| 849 | #ifdef KSSL_DEBUG | ||
| 850 | printf("pkey,x = %p, %p\n", pkey,x); | ||
| 851 | printf("ssl_cert_type(x,pkey) = %d\n", ssl_cert_type(x,pkey)); | ||
| 852 | printf("cipher, alg, nc = %s, %lx, %d\n", s->s3->tmp.new_cipher->name, | ||
| 853 | s->s3->tmp.new_cipher->algorithms, need_cert); | ||
| 854 | #endif /* KSSL_DEBUG */ | ||
| 855 | |||
| 856 | if (need_cert && ((pkey == NULL) || EVP_PKEY_missing_parameters(pkey))) | ||
| 775 | { | 857 | { |
| 776 | x=NULL; | 858 | x=NULL; |
| 777 | al=SSL3_AL_FATAL; | 859 | al=SSL3_AL_FATAL; |
| 778 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | 860 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 861 | SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS); | ||
| 779 | goto f_err; | 862 | goto f_err; |
| 780 | } | 863 | } |
| 781 | 864 | ||
| 782 | i=ssl_cert_type(x,pkey); | 865 | i=ssl_cert_type(x,pkey); |
| 783 | if (i < 0) | 866 | if (need_cert && i < 0) |
| 784 | { | 867 | { |
| 785 | x=NULL; | 868 | x=NULL; |
| 786 | al=SSL3_AL_FATAL; | 869 | al=SSL3_AL_FATAL; |
| 787 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 870 | SSLerr(SSL_F_SSL3_GET_SERVER_CERTIFICATE, |
| 871 | SSL_R_UNKNOWN_CERTIFICATE_TYPE); | ||
| 788 | goto f_err; | 872 | goto f_err; |
| 789 | } | 873 | } |
| 790 | 874 | ||
| 791 | c->cert_type=i; | 875 | if (need_cert) |
| 792 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 876 | { |
| 793 | if (c->pkeys[i].x509 != NULL) | 877 | sc->peer_cert_type=i; |
| 794 | X509_free(c->pkeys[i].x509); | 878 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); |
| 795 | c->pkeys[i].x509=x; | 879 | /* Why would the following ever happen? |
| 796 | c->key= &(c->pkeys[i]); | 880 | * We just created sc a couple of lines ago. */ |
| 797 | 881 | if (sc->peer_pkeys[i].x509 != NULL) | |
| 798 | if ((s->session != NULL) && (s->session->peer != NULL)) | 882 | X509_free(sc->peer_pkeys[i].x509); |
| 799 | X509_free(s->session->peer); | 883 | sc->peer_pkeys[i].x509=x; |
| 800 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | 884 | sc->peer_key= &(sc->peer_pkeys[i]); |
| 801 | s->session->peer=x; | 885 | |
| 886 | if (s->session->peer != NULL) | ||
| 887 | X509_free(s->session->peer); | ||
| 888 | CRYPTO_add(&x->references,1,CRYPTO_LOCK_X509); | ||
| 889 | s->session->peer=x; | ||
| 890 | } | ||
| 891 | else | ||
| 892 | { | ||
| 893 | sc->peer_cert_type=i; | ||
| 894 | sc->peer_key= NULL; | ||
| 895 | |||
| 896 | if (s->session->peer != NULL) | ||
| 897 | X509_free(s->session->peer); | ||
| 898 | s->session->peer=NULL; | ||
| 899 | } | ||
| 900 | s->session->verify_result = s->verify_result; | ||
| 802 | 901 | ||
| 803 | x=NULL; | 902 | x=NULL; |
| 804 | ret=1; | 903 | ret=1; |
| @@ -809,15 +908,15 @@ f_err: | |||
| 809 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 908 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 810 | } | 909 | } |
| 811 | err: | 910 | err: |
| 812 | if (x != NULL) X509_free(x); | 911 | EVP_PKEY_free(pkey); |
| 813 | if (sk != NULL) sk_pop_free(sk,X509_free); | 912 | X509_free(x); |
| 913 | sk_X509_pop_free(sk,X509_free); | ||
| 814 | return(ret); | 914 | return(ret); |
| 815 | } | 915 | } |
| 816 | 916 | ||
| 817 | static int ssl3_get_key_exchange(s) | 917 | static int ssl3_get_key_exchange(SSL *s) |
| 818 | SSL *s; | ||
| 819 | { | 918 | { |
| 820 | #ifndef NO_RSA | 919 | #ifndef OPENSSL_NO_RSA |
| 821 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; | 920 | unsigned char *q,md_buf[EVP_MAX_MD_SIZE*2]; |
| 822 | #endif | 921 | #endif |
| 823 | EVP_MD_CTX md_ctx; | 922 | EVP_MD_CTX md_ctx; |
| @@ -825,16 +924,20 @@ SSL *s; | |||
| 825 | int al,i,j,param_len,ok; | 924 | int al,i,j,param_len,ok; |
| 826 | long n,alg; | 925 | long n,alg; |
| 827 | EVP_PKEY *pkey=NULL; | 926 | EVP_PKEY *pkey=NULL; |
| 927 | #ifndef OPENSSL_NO_RSA | ||
| 828 | RSA *rsa=NULL; | 928 | RSA *rsa=NULL; |
| 829 | #ifndef NO_DH | 929 | #endif |
| 930 | #ifndef OPENSSL_NO_DH | ||
| 830 | DH *dh=NULL; | 931 | DH *dh=NULL; |
| 831 | #endif | 932 | #endif |
| 832 | 933 | ||
| 934 | /* use same message size as in ssl3_get_certificate_request() | ||
| 935 | * as ServerKeyExchange message may be skipped */ | ||
| 833 | n=ssl3_get_message(s, | 936 | n=ssl3_get_message(s, |
| 834 | SSL3_ST_CR_KEY_EXCH_A, | 937 | SSL3_ST_CR_KEY_EXCH_A, |
| 835 | SSL3_ST_CR_KEY_EXCH_B, | 938 | SSL3_ST_CR_KEY_EXCH_B, |
| 836 | -1, | 939 | -1, |
| 837 | 1024*8, /* ?? */ | 940 | s->max_cert_list, |
| 838 | &ok); | 941 | &ok); |
| 839 | 942 | ||
| 840 | if (!ok) return((int)n); | 943 | if (!ok) return((int)n); |
| @@ -845,34 +948,35 @@ SSL *s; | |||
| 845 | return(1); | 948 | return(1); |
| 846 | } | 949 | } |
| 847 | 950 | ||
| 848 | param=p=(unsigned char *)s->init_buf->data; | 951 | param=p=(unsigned char *)s->init_msg; |
| 849 | 952 | ||
| 850 | if (s->session->cert != NULL) | 953 | if (s->session->sess_cert != NULL) |
| 851 | { | 954 | { |
| 852 | #ifndef NO_RSA | 955 | #ifndef OPENSSL_NO_RSA |
| 853 | if (s->session->cert->rsa_tmp != NULL) | 956 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 854 | { | 957 | { |
| 855 | RSA_free(s->session->cert->rsa_tmp); | 958 | RSA_free(s->session->sess_cert->peer_rsa_tmp); |
| 856 | s->session->cert->rsa_tmp=NULL; | 959 | s->session->sess_cert->peer_rsa_tmp=NULL; |
| 857 | } | 960 | } |
| 858 | #endif | 961 | #endif |
| 859 | #ifndef NO_DH | 962 | #ifndef OPENSSL_NO_DH |
| 860 | if (s->session->cert->dh_tmp) | 963 | if (s->session->sess_cert->peer_dh_tmp) |
| 861 | { | 964 | { |
| 862 | DH_free(s->session->cert->dh_tmp); | 965 | DH_free(s->session->sess_cert->peer_dh_tmp); |
| 863 | s->session->cert->dh_tmp=NULL; | 966 | s->session->sess_cert->peer_dh_tmp=NULL; |
| 864 | } | 967 | } |
| 865 | #endif | 968 | #endif |
| 866 | } | 969 | } |
| 867 | else | 970 | else |
| 868 | { | 971 | { |
| 869 | s->session->cert=ssl_cert_new(); | 972 | s->session->sess_cert=ssl_sess_cert_new(); |
| 870 | } | 973 | } |
| 871 | 974 | ||
| 872 | param_len=0; | 975 | param_len=0; |
| 873 | alg=s->s3->tmp.new_cipher->algorithms; | 976 | alg=s->s3->tmp.new_cipher->algorithms; |
| 977 | EVP_MD_CTX_init(&md_ctx); | ||
| 874 | 978 | ||
| 875 | #ifndef NO_RSA | 979 | #ifndef OPENSSL_NO_RSA |
| 876 | if (alg & SSL_kRSA) | 980 | if (alg & SSL_kRSA) |
| 877 | { | 981 | { |
| 878 | if ((rsa=RSA_new()) == NULL) | 982 | if ((rsa=RSA_new()) == NULL) |
| @@ -911,21 +1015,23 @@ SSL *s; | |||
| 911 | p+=i; | 1015 | p+=i; |
| 912 | n-=param_len; | 1016 | n-=param_len; |
| 913 | 1017 | ||
| 914 | /* s->session->cert->rsa_tmp=rsa;*/ | ||
| 915 | /* this should be because we are using an export cipher */ | 1018 | /* this should be because we are using an export cipher */ |
| 916 | if (alg & SSL_aRSA) | 1019 | if (alg & SSL_aRSA) |
| 917 | pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); | 1020 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 918 | else | 1021 | else |
| 919 | { | 1022 | { |
| 920 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); | 1023 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 921 | goto err; | 1024 | goto err; |
| 922 | } | 1025 | } |
| 923 | s->session->cert->rsa_tmp=rsa; | 1026 | s->session->sess_cert->peer_rsa_tmp=rsa; |
| 1027 | rsa=NULL; | ||
| 924 | } | 1028 | } |
| 925 | else | 1029 | #else /* OPENSSL_NO_RSA */ |
| 1030 | if (0) | ||
| 1031 | ; | ||
| 926 | #endif | 1032 | #endif |
| 927 | #ifndef NO_DH | 1033 | #ifndef OPENSSL_NO_DH |
| 928 | if (alg & SSL_kEDH) | 1034 | else if (alg & SSL_kEDH) |
| 929 | { | 1035 | { |
| 930 | if ((dh=DH_new()) == NULL) | 1036 | if ((dh=DH_new()) == NULL) |
| 931 | { | 1037 | { |
| @@ -978,18 +1084,21 @@ SSL *s; | |||
| 978 | p+=i; | 1084 | p+=i; |
| 979 | n-=param_len; | 1085 | n-=param_len; |
| 980 | 1086 | ||
| 981 | #ifndef NO_RSA | 1087 | #ifndef OPENSSL_NO_RSA |
| 982 | if (alg & SSL_aRSA) | 1088 | if (alg & SSL_aRSA) |
| 983 | pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); | 1089 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 984 | else | 1090 | #else |
| 1091 | if (0) | ||
| 1092 | ; | ||
| 985 | #endif | 1093 | #endif |
| 986 | #ifndef NO_DSA | 1094 | #ifndef OPENSSL_NO_DSA |
| 987 | if (alg & SSL_aDSS) | 1095 | else if (alg & SSL_aDSS) |
| 988 | pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_DSA_SIGN].x509); | 1096 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_DSA_SIGN].x509); |
| 989 | #endif | 1097 | #endif |
| 990 | /* else anonymous DH, so no certificate or pkey. */ | 1098 | /* else anonymous DH, so no certificate or pkey. */ |
| 991 | 1099 | ||
| 992 | s->session->cert->dh_tmp=dh; | 1100 | s->session->sess_cert->peer_dh_tmp=dh; |
| 1101 | dh=NULL; | ||
| 993 | } | 1102 | } |
| 994 | else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) | 1103 | else if ((alg & SSL_kDHr) || (alg & SSL_kDHd)) |
| 995 | { | 1104 | { |
| @@ -997,7 +1106,14 @@ SSL *s; | |||
| 997 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | 1106 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); |
| 998 | goto f_err; | 1107 | goto f_err; |
| 999 | } | 1108 | } |
| 1000 | #endif | 1109 | #endif /* !OPENSSL_NO_DH */ |
| 1110 | if (alg & SSL_aFZA) | ||
| 1111 | { | ||
| 1112 | al=SSL_AD_HANDSHAKE_FAILURE; | ||
| 1113 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER); | ||
| 1114 | goto f_err; | ||
| 1115 | } | ||
| 1116 | |||
| 1001 | 1117 | ||
| 1002 | /* p points to the next byte, there are 'n' bytes left */ | 1118 | /* p points to the next byte, there are 'n' bytes left */ |
| 1003 | 1119 | ||
| @@ -1014,10 +1130,10 @@ SSL *s; | |||
| 1014 | /* wrong packet length */ | 1130 | /* wrong packet length */ |
| 1015 | al=SSL_AD_DECODE_ERROR; | 1131 | al=SSL_AD_DECODE_ERROR; |
| 1016 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); | 1132 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_WRONG_SIGNATURE_LENGTH); |
| 1017 | goto err; | 1133 | goto f_err; |
| 1018 | } | 1134 | } |
| 1019 | 1135 | ||
| 1020 | #ifndef NO_RSA | 1136 | #ifndef OPENSSL_NO_RSA |
| 1021 | if (pkey->type == EVP_PKEY_RSA) | 1137 | if (pkey->type == EVP_PKEY_RSA) |
| 1022 | { | 1138 | { |
| 1023 | int num; | 1139 | int num; |
| @@ -1026,24 +1142,24 @@ SSL *s; | |||
| 1026 | q=md_buf; | 1142 | q=md_buf; |
| 1027 | for (num=2; num > 0; num--) | 1143 | for (num=2; num > 0; num--) |
| 1028 | { | 1144 | { |
| 1029 | EVP_DigestInit(&md_ctx,(num == 2) | 1145 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1030 | ?s->ctx->md5:s->ctx->sha1); | 1146 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1031 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1147 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1032 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1148 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1033 | EVP_DigestUpdate(&md_ctx,param,param_len); | 1149 | EVP_DigestUpdate(&md_ctx,param,param_len); |
| 1034 | EVP_DigestFinal(&md_ctx,q,(unsigned int *)&i); | 1150 | EVP_DigestFinal_ex(&md_ctx,q,(unsigned int *)&i); |
| 1035 | q+=i; | 1151 | q+=i; |
| 1036 | j+=i; | 1152 | j+=i; |
| 1037 | } | 1153 | } |
| 1038 | i=RSA_public_decrypt((int)n,p,p,pkey->pkey.rsa, | 1154 | i=RSA_verify(NID_md5_sha1, md_buf, j, p, n, |
| 1039 | RSA_PKCS1_PADDING); | 1155 | pkey->pkey.rsa); |
| 1040 | if (i <= 0) | 1156 | if (i < 0) |
| 1041 | { | 1157 | { |
| 1042 | al=SSL_AD_DECRYPT_ERROR; | 1158 | al=SSL_AD_DECRYPT_ERROR; |
| 1043 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); | 1159 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); |
| 1044 | goto f_err; | 1160 | goto f_err; |
| 1045 | } | 1161 | } |
| 1046 | if ((j != i) || (memcmp(p,md_buf,i) != 0)) | 1162 | if (i == 0) |
| 1047 | { | 1163 | { |
| 1048 | /* bad signature */ | 1164 | /* bad signature */ |
| 1049 | al=SSL_AD_DECRYPT_ERROR; | 1165 | al=SSL_AD_DECRYPT_ERROR; |
| @@ -1053,11 +1169,11 @@ SSL *s; | |||
| 1053 | } | 1169 | } |
| 1054 | else | 1170 | else |
| 1055 | #endif | 1171 | #endif |
| 1056 | #ifndef NO_DSA | 1172 | #ifndef OPENSSL_NO_DSA |
| 1057 | if (pkey->type == EVP_PKEY_DSA) | 1173 | if (pkey->type == EVP_PKEY_DSA) |
| 1058 | { | 1174 | { |
| 1059 | /* lets do DSS */ | 1175 | /* lets do DSS */ |
| 1060 | EVP_VerifyInit(&md_ctx,EVP_dss1()); | 1176 | EVP_VerifyInit_ex(&md_ctx,EVP_dss1(), NULL); |
| 1061 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1177 | EVP_VerifyUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1062 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1178 | EVP_VerifyUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1063 | EVP_VerifyUpdate(&md_ctx,param,param_len); | 1179 | EVP_VerifyUpdate(&md_ctx,param,param_len); |
| @@ -1072,7 +1188,7 @@ SSL *s; | |||
| 1072 | else | 1188 | else |
| 1073 | #endif | 1189 | #endif |
| 1074 | { | 1190 | { |
| 1075 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); | 1191 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1076 | goto err; | 1192 | goto err; |
| 1077 | } | 1193 | } |
| 1078 | } | 1194 | } |
| @@ -1081,7 +1197,7 @@ SSL *s; | |||
| 1081 | /* still data left over */ | 1197 | /* still data left over */ |
| 1082 | if (!(alg & SSL_aNULL)) | 1198 | if (!(alg & SSL_aNULL)) |
| 1083 | { | 1199 | { |
| 1084 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); | 1200 | SSLerr(SSL_F_SSL3_GET_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1085 | goto err; | 1201 | goto err; |
| 1086 | } | 1202 | } |
| 1087 | if (n != 0) | 1203 | if (n != 0) |
| @@ -1091,33 +1207,39 @@ SSL *s; | |||
| 1091 | goto f_err; | 1207 | goto f_err; |
| 1092 | } | 1208 | } |
| 1093 | } | 1209 | } |
| 1094 | 1210 | EVP_PKEY_free(pkey); | |
| 1211 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1095 | return(1); | 1212 | return(1); |
| 1096 | f_err: | 1213 | f_err: |
| 1097 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1214 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1098 | err: | 1215 | err: |
| 1216 | EVP_PKEY_free(pkey); | ||
| 1217 | #ifndef OPENSSL_NO_RSA | ||
| 1218 | if (rsa != NULL) | ||
| 1219 | RSA_free(rsa); | ||
| 1220 | #endif | ||
| 1221 | #ifndef OPENSSL_NO_DH | ||
| 1222 | if (dh != NULL) | ||
| 1223 | DH_free(dh); | ||
| 1224 | #endif | ||
| 1225 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1099 | return(-1); | 1226 | return(-1); |
| 1100 | } | 1227 | } |
| 1101 | 1228 | ||
| 1102 | static int ssl3_get_certificate_request(s) | 1229 | static int ssl3_get_certificate_request(SSL *s) |
| 1103 | SSL *s; | ||
| 1104 | { | 1230 | { |
| 1105 | int ok,ret=0; | 1231 | int ok,ret=0; |
| 1106 | unsigned long n,nc,l; | 1232 | unsigned long n,nc,l; |
| 1107 | unsigned int llen,ctype_num,i; | 1233 | unsigned int llen,ctype_num,i; |
| 1108 | X509_NAME *xn=NULL; | 1234 | X509_NAME *xn=NULL; |
| 1109 | unsigned char *p,*d,*q; | 1235 | unsigned char *p,*d,*q; |
| 1110 | STACK *ca_sk=NULL; | 1236 | STACK_OF(X509_NAME) *ca_sk=NULL; |
| 1111 | 1237 | ||
| 1112 | n=ssl3_get_message(s, | 1238 | n=ssl3_get_message(s, |
| 1113 | SSL3_ST_CR_CERT_REQ_A, | 1239 | SSL3_ST_CR_CERT_REQ_A, |
| 1114 | SSL3_ST_CR_CERT_REQ_B, | 1240 | SSL3_ST_CR_CERT_REQ_B, |
| 1115 | -1, | 1241 | -1, |
| 1116 | #if defined(MSDOS) && !defined(WIN32) | 1242 | s->max_cert_list, |
| 1117 | 1024*30, /* 30k max cert list :-) */ | ||
| 1118 | #else | ||
| 1119 | 1024*100, /* 100k max cert list :-) */ | ||
| 1120 | #endif | ||
| 1121 | &ok); | 1243 | &ok); |
| 1122 | 1244 | ||
| 1123 | if (!ok) return((int)n); | 1245 | if (!ok) return((int)n); |
| @@ -1149,9 +1271,9 @@ SSL *s; | |||
| 1149 | } | 1271 | } |
| 1150 | } | 1272 | } |
| 1151 | 1273 | ||
| 1152 | d=p=(unsigned char *)s->init_buf->data; | 1274 | d=p=(unsigned char *)s->init_msg; |
| 1153 | 1275 | ||
| 1154 | if ((ca_sk=sk_new(ca_dn_cmp)) == NULL) | 1276 | if ((ca_sk=sk_X509_NAME_new(ca_dn_cmp)) == NULL) |
| 1155 | { | 1277 | { |
| 1156 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); | 1278 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); |
| 1157 | goto err; | 1279 | goto err; |
| @@ -1167,6 +1289,15 @@ SSL *s; | |||
| 1167 | 1289 | ||
| 1168 | /* get the CA RDNs */ | 1290 | /* get the CA RDNs */ |
| 1169 | n2s(p,llen); | 1291 | n2s(p,llen); |
| 1292 | #if 0 | ||
| 1293 | { | ||
| 1294 | FILE *out; | ||
| 1295 | out=fopen("/tmp/vsign.der","w"); | ||
| 1296 | fwrite(p,1,llen,out); | ||
| 1297 | fclose(out); | ||
| 1298 | } | ||
| 1299 | #endif | ||
| 1300 | |||
| 1170 | if ((llen+ctype_num+2+1) != n) | 1301 | if ((llen+ctype_num+2+1) != n) |
| 1171 | { | 1302 | { |
| 1172 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | 1303 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); |
| @@ -1190,7 +1321,7 @@ SSL *s; | |||
| 1190 | 1321 | ||
| 1191 | if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) | 1322 | if ((xn=d2i_X509_NAME(NULL,&q,l)) == NULL) |
| 1192 | { | 1323 | { |
| 1193 | /* If netscape tollerance is on, ignore errors */ | 1324 | /* If netscape tolerance is on, ignore errors */ |
| 1194 | if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) | 1325 | if (s->options & SSL_OP_NETSCAPE_CA_DN_BUG) |
| 1195 | goto cont; | 1326 | goto cont; |
| 1196 | else | 1327 | else |
| @@ -1207,7 +1338,7 @@ SSL *s; | |||
| 1207 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); | 1338 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,SSL_R_CA_DN_LENGTH_MISMATCH); |
| 1208 | goto err; | 1339 | goto err; |
| 1209 | } | 1340 | } |
| 1210 | if (!sk_push(ca_sk,(char *)xn)) | 1341 | if (!sk_X509_NAME_push(ca_sk,xn)) |
| 1211 | { | 1342 | { |
| 1212 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); | 1343 | SSLerr(SSL_F_SSL3_GET_CERTIFICATE_REQUEST,ERR_R_MALLOC_FAILURE); |
| 1213 | goto err; | 1344 | goto err; |
| @@ -1223,28 +1354,26 @@ cont: | |||
| 1223 | ERR_clear_error(); | 1354 | ERR_clear_error(); |
| 1224 | } | 1355 | } |
| 1225 | 1356 | ||
| 1226 | /* we should setup a certficate to return.... */ | 1357 | /* we should setup a certificate to return.... */ |
| 1227 | s->s3->tmp.cert_req=1; | 1358 | s->s3->tmp.cert_req=1; |
| 1228 | s->s3->tmp.ctype_num=ctype_num; | 1359 | s->s3->tmp.ctype_num=ctype_num; |
| 1229 | if (s->s3->tmp.ca_names != NULL) | 1360 | if (s->s3->tmp.ca_names != NULL) |
| 1230 | sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 1361 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 1231 | s->s3->tmp.ca_names=ca_sk; | 1362 | s->s3->tmp.ca_names=ca_sk; |
| 1232 | ca_sk=NULL; | 1363 | ca_sk=NULL; |
| 1233 | 1364 | ||
| 1234 | ret=1; | 1365 | ret=1; |
| 1235 | err: | 1366 | err: |
| 1236 | if (ca_sk != NULL) sk_pop_free(ca_sk,X509_NAME_free); | 1367 | if (ca_sk != NULL) sk_X509_NAME_pop_free(ca_sk,X509_NAME_free); |
| 1237 | return(ret); | 1368 | return(ret); |
| 1238 | } | 1369 | } |
| 1239 | 1370 | ||
| 1240 | static int ca_dn_cmp(a,b) | 1371 | static int ca_dn_cmp(const X509_NAME * const *a, const X509_NAME * const *b) |
| 1241 | X509_NAME **a,**b; | ||
| 1242 | { | 1372 | { |
| 1243 | return(X509_NAME_cmp(*a,*b)); | 1373 | return(X509_NAME_cmp(*a,*b)); |
| 1244 | } | 1374 | } |
| 1245 | 1375 | ||
| 1246 | static int ssl3_get_server_done(s) | 1376 | static int ssl3_get_server_done(SSL *s) |
| 1247 | SSL *s; | ||
| 1248 | { | 1377 | { |
| 1249 | int ok,ret=0; | 1378 | int ok,ret=0; |
| 1250 | long n; | 1379 | long n; |
| @@ -1262,18 +1391,24 @@ SSL *s; | |||
| 1262 | /* should contain no data */ | 1391 | /* should contain no data */ |
| 1263 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); | 1392 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECODE_ERROR); |
| 1264 | SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); | 1393 | SSLerr(SSL_F_SSL3_GET_SERVER_DONE,SSL_R_LENGTH_MISMATCH); |
| 1394 | return -1; | ||
| 1265 | } | 1395 | } |
| 1266 | ret=1; | 1396 | ret=1; |
| 1267 | return(ret); | 1397 | return(ret); |
| 1268 | } | 1398 | } |
| 1269 | 1399 | ||
| 1270 | static int ssl3_send_client_key_exchange(s) | 1400 | static int ssl3_send_client_key_exchange(SSL *s) |
| 1271 | SSL *s; | ||
| 1272 | { | 1401 | { |
| 1273 | unsigned char *p,*q,*d; | 1402 | unsigned char *p,*d; |
| 1274 | int n; | 1403 | int n; |
| 1275 | unsigned long l; | 1404 | unsigned long l; |
| 1405 | #ifndef OPENSSL_NO_RSA | ||
| 1406 | unsigned char *q; | ||
| 1276 | EVP_PKEY *pkey=NULL; | 1407 | EVP_PKEY *pkey=NULL; |
| 1408 | #endif | ||
| 1409 | #ifndef OPENSSL_NO_KRB5 | ||
| 1410 | KSSL_ERR kssl_err; | ||
| 1411 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 1277 | 1412 | ||
| 1278 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) | 1413 | if (s->state == SSL3_ST_CW_KEY_EXCH_A) |
| 1279 | { | 1414 | { |
| @@ -1282,30 +1417,34 @@ SSL *s; | |||
| 1282 | 1417 | ||
| 1283 | l=s->s3->tmp.new_cipher->algorithms; | 1418 | l=s->s3->tmp.new_cipher->algorithms; |
| 1284 | 1419 | ||
| 1285 | #ifndef NO_RSA | 1420 | /* Fool emacs indentation */ |
| 1286 | if (l & SSL_kRSA) | 1421 | if (0) {} |
| 1422 | #ifndef OPENSSL_NO_RSA | ||
| 1423 | else if (l & SSL_kRSA) | ||
| 1287 | { | 1424 | { |
| 1288 | RSA *rsa; | 1425 | RSA *rsa; |
| 1289 | unsigned char tmp_buf[48]; | 1426 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; |
| 1290 | 1427 | ||
| 1291 | if (s->session->cert->rsa_tmp != NULL) | 1428 | if (s->session->sess_cert->peer_rsa_tmp != NULL) |
| 1292 | rsa=s->session->cert->rsa_tmp; | 1429 | rsa=s->session->sess_cert->peer_rsa_tmp; |
| 1293 | else | 1430 | else |
| 1294 | { | 1431 | { |
| 1295 | pkey=X509_get_pubkey(s->session->cert->pkeys[SSL_PKEY_RSA_ENC].x509); | 1432 | pkey=X509_get_pubkey(s->session->sess_cert->peer_pkeys[SSL_PKEY_RSA_ENC].x509); |
| 1296 | if ((pkey == NULL) || | 1433 | if ((pkey == NULL) || |
| 1297 | (pkey->type != EVP_PKEY_RSA) || | 1434 | (pkey->type != EVP_PKEY_RSA) || |
| 1298 | (pkey->pkey.rsa == NULL)) | 1435 | (pkey->pkey.rsa == NULL)) |
| 1299 | { | 1436 | { |
| 1300 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); | 1437 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1301 | goto err; | 1438 | goto err; |
| 1302 | } | 1439 | } |
| 1303 | rsa=pkey->pkey.rsa; | 1440 | rsa=pkey->pkey.rsa; |
| 1441 | EVP_PKEY_free(pkey); | ||
| 1304 | } | 1442 | } |
| 1305 | 1443 | ||
| 1306 | tmp_buf[0]=s->version>>8; | 1444 | tmp_buf[0]=s->client_version>>8; |
| 1307 | tmp_buf[1]=s->version&0xff; | 1445 | tmp_buf[1]=s->client_version&0xff; |
| 1308 | RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2); | 1446 | if (RAND_bytes(&(tmp_buf[2]),SSL_MAX_MASTER_KEY_LENGTH-2) <= 0) |
| 1447 | goto err; | ||
| 1309 | 1448 | ||
| 1310 | s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; | 1449 | s->session->master_key_length=SSL_MAX_MASTER_KEY_LENGTH; |
| 1311 | 1450 | ||
| @@ -1315,6 +1454,10 @@ SSL *s; | |||
| 1315 | p+=2; | 1454 | p+=2; |
| 1316 | n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, | 1455 | n=RSA_public_encrypt(SSL_MAX_MASTER_KEY_LENGTH, |
| 1317 | tmp_buf,p,rsa,RSA_PKCS1_PADDING); | 1456 | tmp_buf,p,rsa,RSA_PKCS1_PADDING); |
| 1457 | #ifdef PKCS1_CHECK | ||
| 1458 | if (s->options & SSL_OP_PKCS1_CHECK_1) p[1]++; | ||
| 1459 | if (s->options & SSL_OP_PKCS1_CHECK_2) tmp_buf[0]=0x70; | ||
| 1460 | #endif | ||
| 1318 | if (n <= 0) | 1461 | if (n <= 0) |
| 1319 | { | 1462 | { |
| 1320 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); | 1463 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_ENCRYPT); |
| @@ -1331,18 +1474,144 @@ SSL *s; | |||
| 1331 | s->session->master_key_length= | 1474 | s->session->master_key_length= |
| 1332 | s->method->ssl3_enc->generate_master_secret(s, | 1475 | s->method->ssl3_enc->generate_master_secret(s, |
| 1333 | s->session->master_key, | 1476 | s->session->master_key, |
| 1334 | tmp_buf,48); | 1477 | tmp_buf,SSL_MAX_MASTER_KEY_LENGTH); |
| 1335 | memset(tmp_buf,0,48); | 1478 | memset(tmp_buf,0,SSL_MAX_MASTER_KEY_LENGTH); |
| 1336 | } | 1479 | } |
| 1337 | else | ||
| 1338 | #endif | 1480 | #endif |
| 1339 | #ifndef NO_DH | 1481 | #ifndef OPENSSL_NO_KRB5 |
| 1340 | if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 1482 | else if (l & SSL_kKRB5) |
| 1483 | { | ||
| 1484 | krb5_error_code krb5rc; | ||
| 1485 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | ||
| 1486 | /* krb5_data krb5_ap_req; */ | ||
| 1487 | krb5_data *enc_ticket; | ||
| 1488 | krb5_data authenticator, *authp = NULL; | ||
| 1489 | EVP_CIPHER_CTX ciph_ctx; | ||
| 1490 | EVP_CIPHER *enc = NULL; | ||
| 1491 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 1492 | unsigned char tmp_buf[SSL_MAX_MASTER_KEY_LENGTH]; | ||
| 1493 | unsigned char epms[SSL_MAX_MASTER_KEY_LENGTH | ||
| 1494 | + EVP_MAX_IV_LENGTH]; | ||
| 1495 | int padl, outl = sizeof(epms); | ||
| 1496 | |||
| 1497 | EVP_CIPHER_CTX_init(&ciph_ctx); | ||
| 1498 | |||
| 1499 | #ifdef KSSL_DEBUG | ||
| 1500 | printf("ssl3_send_client_key_exchange(%lx & %lx)\n", | ||
| 1501 | l, SSL_kKRB5); | ||
| 1502 | #endif /* KSSL_DEBUG */ | ||
| 1503 | |||
| 1504 | authp = NULL; | ||
| 1505 | #ifdef KRB5SENDAUTH | ||
| 1506 | if (KRB5SENDAUTH) authp = &authenticator; | ||
| 1507 | #endif /* KRB5SENDAUTH */ | ||
| 1508 | |||
| 1509 | krb5rc = kssl_cget_tkt(kssl_ctx, &enc_ticket, authp, | ||
| 1510 | &kssl_err); | ||
| 1511 | enc = kssl_map_enc(kssl_ctx->enctype); | ||
| 1512 | if (enc == NULL) | ||
| 1513 | goto err; | ||
| 1514 | #ifdef KSSL_DEBUG | ||
| 1515 | { | ||
| 1516 | printf("kssl_cget_tkt rtn %d\n", krb5rc); | ||
| 1517 | if (krb5rc && kssl_err.text) | ||
| 1518 | printf("kssl_cget_tkt kssl_err=%s\n", kssl_err.text); | ||
| 1519 | } | ||
| 1520 | #endif /* KSSL_DEBUG */ | ||
| 1521 | |||
| 1522 | if (krb5rc) | ||
| 1523 | { | ||
| 1524 | ssl3_send_alert(s,SSL3_AL_FATAL, | ||
| 1525 | SSL_AD_HANDSHAKE_FAILURE); | ||
| 1526 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1527 | kssl_err.reason); | ||
| 1528 | goto err; | ||
| 1529 | } | ||
| 1530 | |||
| 1531 | /* 20010406 VRS - Earlier versions used KRB5 AP_REQ | ||
| 1532 | ** in place of RFC 2712 KerberosWrapper, as in: | ||
| 1533 | ** | ||
| 1534 | ** Send ticket (copy to *p, set n = length) | ||
| 1535 | ** n = krb5_ap_req.length; | ||
| 1536 | ** memcpy(p, krb5_ap_req.data, krb5_ap_req.length); | ||
| 1537 | ** if (krb5_ap_req.data) | ||
| 1538 | ** kssl_krb5_free_data_contents(NULL,&krb5_ap_req); | ||
| 1539 | ** | ||
| 1540 | ** Now using real RFC 2712 KerberosWrapper | ||
| 1541 | ** (Thanks to Simon Wilkinson <sxw@sxw.org.uk>) | ||
| 1542 | ** Note: 2712 "opaque" types are here replaced | ||
| 1543 | ** with a 2-byte length followed by the value. | ||
| 1544 | ** Example: | ||
| 1545 | ** KerberosWrapper= xx xx asn1ticket 0 0 xx xx encpms | ||
| 1546 | ** Where "xx xx" = length bytes. Shown here with | ||
| 1547 | ** optional authenticator omitted. | ||
| 1548 | */ | ||
| 1549 | |||
| 1550 | /* KerberosWrapper.Ticket */ | ||
| 1551 | s2n(enc_ticket->length,p); | ||
| 1552 | memcpy(p, enc_ticket->data, enc_ticket->length); | ||
| 1553 | p+= enc_ticket->length; | ||
| 1554 | n = enc_ticket->length + 2; | ||
| 1555 | |||
| 1556 | /* KerberosWrapper.Authenticator */ | ||
| 1557 | if (authp && authp->length) | ||
| 1558 | { | ||
| 1559 | s2n(authp->length,p); | ||
| 1560 | memcpy(p, authp->data, authp->length); | ||
| 1561 | p+= authp->length; | ||
| 1562 | n+= authp->length + 2; | ||
| 1563 | |||
| 1564 | free(authp->data); | ||
| 1565 | authp->data = NULL; | ||
| 1566 | authp->length = 0; | ||
| 1567 | } | ||
| 1568 | else | ||
| 1569 | { | ||
| 1570 | s2n(0,p);/* null authenticator length */ | ||
| 1571 | n+=2; | ||
| 1572 | } | ||
| 1573 | |||
| 1574 | if (RAND_bytes(tmp_buf,SSL_MAX_MASTER_KEY_LENGTH) <= 0) | ||
| 1575 | goto err; | ||
| 1576 | |||
| 1577 | /* 20010420 VRS. Tried it this way; failed. | ||
| 1578 | ** EVP_EncryptInit_ex(&ciph_ctx,enc, NULL,NULL); | ||
| 1579 | ** EVP_CIPHER_CTX_set_key_length(&ciph_ctx, | ||
| 1580 | ** kssl_ctx->length); | ||
| 1581 | ** EVP_EncryptInit_ex(&ciph_ctx,NULL, key,iv); | ||
| 1582 | */ | ||
| 1583 | |||
| 1584 | memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ | ||
| 1585 | EVP_EncryptInit_ex(&ciph_ctx,enc, NULL, | ||
| 1586 | kssl_ctx->key,iv); | ||
| 1587 | EVP_EncryptUpdate(&ciph_ctx,epms,&outl,tmp_buf, | ||
| 1588 | SSL_MAX_MASTER_KEY_LENGTH); | ||
| 1589 | EVP_EncryptFinal_ex(&ciph_ctx,&(epms[outl]),&padl); | ||
| 1590 | outl += padl; | ||
| 1591 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||
| 1592 | |||
| 1593 | /* KerberosWrapper.EncryptedPreMasterSecret */ | ||
| 1594 | s2n(outl,p); | ||
| 1595 | memcpy(p, epms, outl); | ||
| 1596 | p+=outl; | ||
| 1597 | n+=outl + 2; | ||
| 1598 | |||
| 1599 | s->session->master_key_length= | ||
| 1600 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 1601 | s->session->master_key, | ||
| 1602 | tmp_buf, SSL_MAX_MASTER_KEY_LENGTH); | ||
| 1603 | |||
| 1604 | memset(tmp_buf, 0, SSL_MAX_MASTER_KEY_LENGTH); | ||
| 1605 | memset(epms, 0, outl); | ||
| 1606 | } | ||
| 1607 | #endif | ||
| 1608 | #ifndef OPENSSL_NO_DH | ||
| 1609 | else if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | ||
| 1341 | { | 1610 | { |
| 1342 | DH *dh_srvr,*dh_clnt; | 1611 | DH *dh_srvr,*dh_clnt; |
| 1343 | 1612 | ||
| 1344 | if (s->session->cert->dh_tmp != NULL) | 1613 | if (s->session->sess_cert->peer_dh_tmp != NULL) |
| 1345 | dh_srvr=s->session->cert->dh_tmp; | 1614 | dh_srvr=s->session->sess_cert->peer_dh_tmp; |
| 1346 | else | 1615 | else |
| 1347 | { | 1616 | { |
| 1348 | /* we get them from the cert */ | 1617 | /* we get them from the cert */ |
| @@ -1391,11 +1660,11 @@ SSL *s; | |||
| 1391 | 1660 | ||
| 1392 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ | 1661 | /* perhaps clean things up a bit EAY EAY EAY EAY*/ |
| 1393 | } | 1662 | } |
| 1394 | else | ||
| 1395 | #endif | 1663 | #endif |
| 1664 | else | ||
| 1396 | { | 1665 | { |
| 1397 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); | 1666 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_HANDSHAKE_FAILURE); |
| 1398 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,SSL_R_INTERNAL_ERROR); | 1667 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE,ERR_R_INTERNAL_ERROR); |
| 1399 | goto err; | 1668 | goto err; |
| 1400 | } | 1669 | } |
| 1401 | 1670 | ||
| @@ -1414,15 +1683,16 @@ err: | |||
| 1414 | return(-1); | 1683 | return(-1); |
| 1415 | } | 1684 | } |
| 1416 | 1685 | ||
| 1417 | static int ssl3_send_client_verify(s) | 1686 | static int ssl3_send_client_verify(SSL *s) |
| 1418 | SSL *s; | ||
| 1419 | { | 1687 | { |
| 1420 | unsigned char *p,*d; | 1688 | unsigned char *p,*d; |
| 1421 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 1689 | unsigned char data[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
| 1422 | EVP_PKEY *pkey; | 1690 | EVP_PKEY *pkey; |
| 1423 | int i=0; | 1691 | #ifndef OPENSSL_NO_RSA |
| 1692 | unsigned u=0; | ||
| 1693 | #endif | ||
| 1424 | unsigned long n; | 1694 | unsigned long n; |
| 1425 | #ifndef NO_DSA | 1695 | #ifndef OPENSSL_NO_DSA |
| 1426 | int j; | 1696 | int j; |
| 1427 | #endif | 1697 | #endif |
| 1428 | 1698 | ||
| @@ -1435,26 +1705,24 @@ SSL *s; | |||
| 1435 | s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), | 1705 | s->method->ssl3_enc->cert_verify_mac(s,&(s->s3->finish_dgst2), |
| 1436 | &(data[MD5_DIGEST_LENGTH])); | 1706 | &(data[MD5_DIGEST_LENGTH])); |
| 1437 | 1707 | ||
| 1438 | #ifndef NO_RSA | 1708 | #ifndef OPENSSL_NO_RSA |
| 1439 | if (pkey->type == EVP_PKEY_RSA) | 1709 | if (pkey->type == EVP_PKEY_RSA) |
| 1440 | { | 1710 | { |
| 1441 | s->method->ssl3_enc->cert_verify_mac(s, | 1711 | s->method->ssl3_enc->cert_verify_mac(s, |
| 1442 | &(s->s3->finish_dgst1),&(data[0])); | 1712 | &(s->s3->finish_dgst1),&(data[0])); |
| 1443 | i=RSA_private_encrypt( | 1713 | if (RSA_sign(NID_md5_sha1, data, |
| 1444 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, | 1714 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, |
| 1445 | data,&(p[2]),pkey->pkey.rsa, | 1715 | &(p[2]), &u, pkey->pkey.rsa) <= 0 ) |
| 1446 | RSA_PKCS1_PADDING); | ||
| 1447 | if (i <= 0) | ||
| 1448 | { | 1716 | { |
| 1449 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); | 1717 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_RSA_LIB); |
| 1450 | goto err; | 1718 | goto err; |
| 1451 | } | 1719 | } |
| 1452 | s2n(i,p); | 1720 | s2n(u,p); |
| 1453 | n=i+2; | 1721 | n=u+2; |
| 1454 | } | 1722 | } |
| 1455 | else | 1723 | else |
| 1456 | #endif | 1724 | #endif |
| 1457 | #ifndef NO_DSA | 1725 | #ifndef OPENSSL_NO_DSA |
| 1458 | if (pkey->type == EVP_PKEY_DSA) | 1726 | if (pkey->type == EVP_PKEY_DSA) |
| 1459 | { | 1727 | { |
| 1460 | if (!DSA_sign(pkey->save_type, | 1728 | if (!DSA_sign(pkey->save_type, |
| @@ -1471,7 +1739,7 @@ SSL *s; | |||
| 1471 | else | 1739 | else |
| 1472 | #endif | 1740 | #endif |
| 1473 | { | 1741 | { |
| 1474 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,SSL_R_INTERNAL_ERROR); | 1742 | SSLerr(SSL_F_SSL3_SEND_CLIENT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1475 | goto err; | 1743 | goto err; |
| 1476 | } | 1744 | } |
| 1477 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; | 1745 | *(d++)=SSL3_MT_CERTIFICATE_VERIFY; |
| @@ -1485,8 +1753,7 @@ err: | |||
| 1485 | return(-1); | 1753 | return(-1); |
| 1486 | } | 1754 | } |
| 1487 | 1755 | ||
| 1488 | static int ssl3_send_client_certificate(s) | 1756 | static int ssl3_send_client_certificate(SSL *s) |
| 1489 | SSL *s; | ||
| 1490 | { | 1757 | { |
| 1491 | X509 *x509=NULL; | 1758 | X509 *x509=NULL; |
| 1492 | EVP_PKEY *pkey=NULL; | 1759 | EVP_PKEY *pkey=NULL; |
| @@ -1565,38 +1832,46 @@ SSL *s; | |||
| 1565 | 1832 | ||
| 1566 | #define has_bits(i,m) (((i)&(m)) == (m)) | 1833 | #define has_bits(i,m) (((i)&(m)) == (m)) |
| 1567 | 1834 | ||
| 1568 | static int ssl3_check_cert_and_algorithm(s) | 1835 | static int ssl3_check_cert_and_algorithm(SSL *s) |
| 1569 | SSL *s; | ||
| 1570 | { | 1836 | { |
| 1571 | int i,idx; | 1837 | int i,idx; |
| 1572 | long algs; | 1838 | long algs; |
| 1573 | EVP_PKEY *pkey=NULL; | 1839 | EVP_PKEY *pkey=NULL; |
| 1574 | CERT *c; | 1840 | SESS_CERT *sc; |
| 1841 | #ifndef OPENSSL_NO_RSA | ||
| 1575 | RSA *rsa; | 1842 | RSA *rsa; |
| 1843 | #endif | ||
| 1844 | #ifndef OPENSSL_NO_DH | ||
| 1576 | DH *dh; | 1845 | DH *dh; |
| 1846 | #endif | ||
| 1577 | 1847 | ||
| 1578 | c=s->session->cert; | 1848 | sc=s->session->sess_cert; |
| 1579 | 1849 | ||
| 1580 | if (c == NULL) | 1850 | if (sc == NULL) |
| 1581 | { | 1851 | { |
| 1582 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_INTERNAL_ERROR); | 1852 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,ERR_R_INTERNAL_ERROR); |
| 1583 | goto err; | 1853 | goto err; |
| 1584 | } | 1854 | } |
| 1585 | 1855 | ||
| 1586 | algs=s->s3->tmp.new_cipher->algorithms; | 1856 | algs=s->s3->tmp.new_cipher->algorithms; |
| 1587 | 1857 | ||
| 1588 | /* we don't have a certificate */ | 1858 | /* we don't have a certificate */ |
| 1589 | if (algs & (SSL_aDH|SSL_aNULL)) | 1859 | if (algs & (SSL_aDH|SSL_aNULL|SSL_aKRB5)) |
| 1590 | return(1); | 1860 | return(1); |
| 1591 | 1861 | ||
| 1592 | rsa=s->session->cert->rsa_tmp; | 1862 | #ifndef OPENSSL_NO_RSA |
| 1593 | dh=s->session->cert->dh_tmp; | 1863 | rsa=s->session->sess_cert->peer_rsa_tmp; |
| 1864 | #endif | ||
| 1865 | #ifndef OPENSSL_NO_DH | ||
| 1866 | dh=s->session->sess_cert->peer_dh_tmp; | ||
| 1867 | #endif | ||
| 1594 | 1868 | ||
| 1595 | /* This is the passed certificate */ | 1869 | /* This is the passed certificate */ |
| 1596 | 1870 | ||
| 1597 | idx=c->cert_type; | 1871 | idx=sc->peer_cert_type; |
| 1598 | pkey=X509_get_pubkey(c->pkeys[idx].x509); | 1872 | pkey=X509_get_pubkey(sc->peer_pkeys[idx].x509); |
| 1599 | i=X509_certificate_type(c->pkeys[idx].x509,pkey); | 1873 | i=X509_certificate_type(sc->peer_pkeys[idx].x509,pkey); |
| 1874 | EVP_PKEY_free(pkey); | ||
| 1600 | 1875 | ||
| 1601 | 1876 | ||
| 1602 | /* Check that we have a certificate if we require one */ | 1877 | /* Check that we have a certificate if we require one */ |
| @@ -1605,22 +1880,23 @@ SSL *s; | |||
| 1605 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); | 1880 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_SIGNING_CERT); |
| 1606 | goto f_err; | 1881 | goto f_err; |
| 1607 | } | 1882 | } |
| 1608 | #ifndef NO_DSA | 1883 | #ifndef OPENSSL_NO_DSA |
| 1609 | else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) | 1884 | else if ((algs & SSL_aDSS) && !has_bits(i,EVP_PK_DSA|EVP_PKT_SIGN)) |
| 1610 | { | 1885 | { |
| 1611 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); | 1886 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DSA_SIGNING_CERT); |
| 1612 | goto f_err; | 1887 | goto f_err; |
| 1613 | } | 1888 | } |
| 1614 | #endif | 1889 | #endif |
| 1615 | 1890 | #ifndef OPENSSL_NO_RSA | |
| 1616 | if ((algs & SSL_kRSA) && | 1891 | if ((algs & SSL_kRSA) && |
| 1617 | !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) | 1892 | !(has_bits(i,EVP_PK_RSA|EVP_PKT_ENC) || (rsa != NULL))) |
| 1618 | { | 1893 | { |
| 1619 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); | 1894 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_RSA_ENCRYPTING_CERT); |
| 1620 | goto f_err; | 1895 | goto f_err; |
| 1621 | } | 1896 | } |
| 1622 | #ifndef NO_DH | 1897 | #endif |
| 1623 | else if ((algs & SSL_kEDH) && | 1898 | #ifndef OPENSSL_NO_DH |
| 1899 | if ((algs & SSL_kEDH) && | ||
| 1624 | !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) | 1900 | !(has_bits(i,EVP_PK_DH|EVP_PKT_EXCH) || (dh != NULL))) |
| 1625 | { | 1901 | { |
| 1626 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); | 1902 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_KEY); |
| @@ -1631,7 +1907,7 @@ SSL *s; | |||
| 1631 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); | 1907 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_RSA_CERT); |
| 1632 | goto f_err; | 1908 | goto f_err; |
| 1633 | } | 1909 | } |
| 1634 | #ifndef NO_DSA | 1910 | #ifndef OPENSSL_NO_DSA |
| 1635 | else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) | 1911 | else if ((algs & SSL_kDHd) && !has_bits(i,EVP_PK_DH|EVP_PKS_DSA)) |
| 1636 | { | 1912 | { |
| 1637 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); | 1913 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_DH_DSA_CERT); |
| @@ -1640,12 +1916,13 @@ SSL *s; | |||
| 1640 | #endif | 1916 | #endif |
| 1641 | #endif | 1917 | #endif |
| 1642 | 1918 | ||
| 1643 | if ((algs & SSL_EXP) && !has_bits(i,EVP_PKT_EXP)) | 1919 | if (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) && !has_bits(i,EVP_PKT_EXP)) |
| 1644 | { | 1920 | { |
| 1645 | #ifndef NO_RSA | 1921 | #ifndef OPENSSL_NO_RSA |
| 1646 | if (algs & SSL_kRSA) | 1922 | if (algs & SSL_kRSA) |
| 1647 | { | 1923 | { |
| 1648 | if ((rsa == NULL) || (RSA_size(rsa) > 512)) | 1924 | if (rsa == NULL |
| 1925 | || RSA_size(rsa) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | ||
| 1649 | { | 1926 | { |
| 1650 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); | 1927 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_RSA_KEY); |
| 1651 | goto f_err; | 1928 | goto f_err; |
| @@ -1653,10 +1930,11 @@ SSL *s; | |||
| 1653 | } | 1930 | } |
| 1654 | else | 1931 | else |
| 1655 | #endif | 1932 | #endif |
| 1656 | #ifndef NO_DH | 1933 | #ifndef OPENSSL_NO_DH |
| 1657 | if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 1934 | if (algs & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 1658 | { | 1935 | { |
| 1659 | if ((dh == NULL) || (DH_size(dh) > 512)) | 1936 | if (dh == NULL |
| 1937 | || DH_size(dh) > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)) | ||
| 1660 | { | 1938 | { |
| 1661 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); | 1939 | SSLerr(SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,SSL_R_MISSING_EXPORT_TMP_DH_KEY); |
| 1662 | goto f_err; | 1940 | goto f_err; |
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 0fd945025d..686992406c 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c | |||
| @@ -55,40 +55,99 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "objects.h" | 113 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 114 | #include "ssl_locl.h" |
| 115 | #include "kssl_lcl.h" | ||
| 116 | #include <openssl/md5.h> | ||
| 62 | 117 | ||
| 63 | char *ssl3_version_str="SSLv3 part of SSLeay 0.9.0b 29-Jun-1998"; | 118 | const char *ssl3_version_str="SSLv3" OPENSSL_VERSION_PTEXT; |
| 64 | 119 | ||
| 65 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) | 120 | #define SSL3_NUM_CIPHERS (sizeof(ssl3_ciphers)/sizeof(SSL_CIPHER)) |
| 66 | 121 | ||
| 67 | #ifndef NOPROTO | ||
| 68 | static long ssl3_default_timeout(void ); | 122 | static long ssl3_default_timeout(void ); |
| 69 | #else | ||
| 70 | static long ssl3_default_timeout(); | ||
| 71 | #endif | ||
| 72 | 123 | ||
| 73 | SSL_CIPHER ssl3_ciphers[]={ | 124 | OPENSSL_GLOBAL SSL_CIPHER ssl3_ciphers[]={ |
| 74 | /* The RSA ciphers */ | 125 | /* The RSA ciphers */ |
| 75 | /* Cipher 01 */ | 126 | /* Cipher 01 */ |
| 76 | { | 127 | { |
| 77 | 1, | 128 | 1, |
| 78 | SSL3_TXT_RSA_NULL_MD5, | 129 | SSL3_TXT_RSA_NULL_MD5, |
| 79 | SSL3_CK_RSA_NULL_MD5, | 130 | SSL3_CK_RSA_NULL_MD5, |
| 80 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, | 131 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_MD5|SSL_SSLV3, |
| 132 | SSL_NOT_EXP, | ||
| 133 | 0, | ||
| 134 | 0, | ||
| 81 | 0, | 135 | 0, |
| 82 | SSL_ALL_CIPHERS, | 136 | SSL_ALL_CIPHERS, |
| 137 | SSL_ALL_STRENGTHS, | ||
| 83 | }, | 138 | }, |
| 84 | /* Cipher 02 */ | 139 | /* Cipher 02 */ |
| 85 | { | 140 | { |
| 86 | 1, | 141 | 1, |
| 87 | SSL3_TXT_RSA_NULL_SHA, | 142 | SSL3_TXT_RSA_NULL_SHA, |
| 88 | SSL3_CK_RSA_NULL_SHA, | 143 | SSL3_CK_RSA_NULL_SHA, |
| 89 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 144 | SSL_kRSA|SSL_aRSA|SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
| 145 | SSL_NOT_EXP, | ||
| 146 | 0, | ||
| 147 | 0, | ||
| 90 | 0, | 148 | 0, |
| 91 | SSL_ALL_CIPHERS, | 149 | SSL_ALL_CIPHERS, |
| 150 | SSL_ALL_STRENGTHS, | ||
| 92 | }, | 151 | }, |
| 93 | 152 | ||
| 94 | /* anon DH */ | 153 | /* anon DH */ |
| @@ -97,45 +156,65 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 97 | 1, | 156 | 1, |
| 98 | SSL3_TXT_ADH_RC4_40_MD5, | 157 | SSL3_TXT_ADH_RC4_40_MD5, |
| 99 | SSL3_CK_ADH_RC4_40_MD5, | 158 | SSL3_CK_ADH_RC4_40_MD5, |
| 100 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, | 159 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
| 160 | SSL_EXPORT|SSL_EXP40, | ||
| 101 | 0, | 161 | 0, |
| 162 | 40, | ||
| 163 | 128, | ||
| 102 | SSL_ALL_CIPHERS, | 164 | SSL_ALL_CIPHERS, |
| 165 | SSL_ALL_STRENGTHS, | ||
| 103 | }, | 166 | }, |
| 104 | /* Cipher 18 */ | 167 | /* Cipher 18 */ |
| 105 | { | 168 | { |
| 106 | 1, | 169 | 1, |
| 107 | SSL3_TXT_ADH_RC4_128_MD5, | 170 | SSL3_TXT_ADH_RC4_128_MD5, |
| 108 | SSL3_CK_ADH_RC4_128_MD5, | 171 | SSL3_CK_ADH_RC4_128_MD5, |
| 109 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3, | 172 | SSL_kEDH |SSL_aNULL|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
| 173 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 110 | 0, | 174 | 0, |
| 175 | 128, | ||
| 176 | 128, | ||
| 111 | SSL_ALL_CIPHERS, | 177 | SSL_ALL_CIPHERS, |
| 178 | SSL_ALL_STRENGTHS, | ||
| 112 | }, | 179 | }, |
| 113 | /* Cipher 19 */ | 180 | /* Cipher 19 */ |
| 114 | { | 181 | { |
| 115 | 1, | 182 | 1, |
| 116 | SSL3_TXT_ADH_DES_40_CBC_SHA, | 183 | SSL3_TXT_ADH_DES_40_CBC_SHA, |
| 117 | SSL3_CK_ADH_DES_40_CBC_SHA, | 184 | SSL3_CK_ADH_DES_40_CBC_SHA, |
| 118 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 185 | SSL_kEDH |SSL_aNULL|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 186 | SSL_EXPORT|SSL_EXP40, | ||
| 119 | 0, | 187 | 0, |
| 188 | 40, | ||
| 189 | 128, | ||
| 120 | SSL_ALL_CIPHERS, | 190 | SSL_ALL_CIPHERS, |
| 191 | SSL_ALL_STRENGTHS, | ||
| 121 | }, | 192 | }, |
| 122 | /* Cipher 1A */ | 193 | /* Cipher 1A */ |
| 123 | { | 194 | { |
| 124 | 1, | 195 | 1, |
| 125 | SSL3_TXT_ADH_DES_64_CBC_SHA, | 196 | SSL3_TXT_ADH_DES_64_CBC_SHA, |
| 126 | SSL3_CK_ADH_DES_64_CBC_SHA, | 197 | SSL3_CK_ADH_DES_64_CBC_SHA, |
| 127 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 198 | SSL_kEDH |SSL_aNULL|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 199 | SSL_NOT_EXP|SSL_LOW, | ||
| 128 | 0, | 200 | 0, |
| 201 | 56, | ||
| 202 | 56, | ||
| 129 | SSL_ALL_CIPHERS, | 203 | SSL_ALL_CIPHERS, |
| 204 | SSL_ALL_STRENGTHS, | ||
| 130 | }, | 205 | }, |
| 131 | /* Cipher 1B */ | 206 | /* Cipher 1B */ |
| 132 | { | 207 | { |
| 133 | 1, | 208 | 1, |
| 134 | SSL3_TXT_ADH_DES_192_CBC_SHA, | 209 | SSL3_TXT_ADH_DES_192_CBC_SHA, |
| 135 | SSL3_CK_ADH_DES_192_CBC_SHA, | 210 | SSL3_CK_ADH_DES_192_CBC_SHA, |
| 136 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 211 | SSL_kEDH |SSL_aNULL|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 212 | SSL_NOT_EXP|SSL_HIGH, | ||
| 137 | 0, | 213 | 0, |
| 214 | 168, | ||
| 215 | 168, | ||
| 138 | SSL_ALL_CIPHERS, | 216 | SSL_ALL_CIPHERS, |
| 217 | SSL_ALL_STRENGTHS, | ||
| 139 | }, | 218 | }, |
| 140 | 219 | ||
| 141 | /* RSA again */ | 220 | /* RSA again */ |
| @@ -144,72 +223,104 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 144 | 1, | 223 | 1, |
| 145 | SSL3_TXT_RSA_RC4_40_MD5, | 224 | SSL3_TXT_RSA_RC4_40_MD5, |
| 146 | SSL3_CK_RSA_RC4_40_MD5, | 225 | SSL3_CK_RSA_RC4_40_MD5, |
| 147 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_EXP|SSL_SSLV3, | 226 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5 |SSL_SSLV3, |
| 227 | SSL_EXPORT|SSL_EXP40, | ||
| 148 | 0, | 228 | 0, |
| 229 | 40, | ||
| 230 | 128, | ||
| 149 | SSL_ALL_CIPHERS, | 231 | SSL_ALL_CIPHERS, |
| 232 | SSL_ALL_STRENGTHS, | ||
| 150 | }, | 233 | }, |
| 151 | /* Cipher 04 */ | 234 | /* Cipher 04 */ |
| 152 | { | 235 | { |
| 153 | 1, | 236 | 1, |
| 154 | SSL3_TXT_RSA_RC4_128_MD5, | 237 | SSL3_TXT_RSA_RC4_128_MD5, |
| 155 | SSL3_CK_RSA_RC4_128_MD5, | 238 | SSL3_CK_RSA_RC4_128_MD5, |
| 156 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, | 239 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_MD5|SSL_SSLV3, |
| 240 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 157 | 0, | 241 | 0, |
| 242 | 128, | ||
| 243 | 128, | ||
| 158 | SSL_ALL_CIPHERS, | 244 | SSL_ALL_CIPHERS, |
| 245 | SSL_ALL_STRENGTHS, | ||
| 159 | }, | 246 | }, |
| 160 | /* Cipher 05 */ | 247 | /* Cipher 05 */ |
| 161 | { | 248 | { |
| 162 | 1, | 249 | 1, |
| 163 | SSL3_TXT_RSA_RC4_128_SHA, | 250 | SSL3_TXT_RSA_RC4_128_SHA, |
| 164 | SSL3_CK_RSA_RC4_128_SHA, | 251 | SSL3_CK_RSA_RC4_128_SHA, |
| 165 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, | 252 | SSL_kRSA|SSL_aRSA|SSL_RC4 |SSL_SHA1|SSL_SSLV3, |
| 253 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 166 | 0, | 254 | 0, |
| 255 | 128, | ||
| 256 | 128, | ||
| 167 | SSL_ALL_CIPHERS, | 257 | SSL_ALL_CIPHERS, |
| 258 | SSL_ALL_STRENGTHS, | ||
| 168 | }, | 259 | }, |
| 169 | /* Cipher 06 */ | 260 | /* Cipher 06 */ |
| 170 | { | 261 | { |
| 171 | 1, | 262 | 1, |
| 172 | SSL3_TXT_RSA_RC2_40_MD5, | 263 | SSL3_TXT_RSA_RC2_40_MD5, |
| 173 | SSL3_CK_RSA_RC2_40_MD5, | 264 | SSL3_CK_RSA_RC2_40_MD5, |
| 174 | SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_EXP|SSL_SSLV3, | 265 | SSL_kRSA|SSL_aRSA|SSL_RC2 |SSL_MD5 |SSL_SSLV3, |
| 266 | SSL_EXPORT|SSL_EXP40, | ||
| 175 | 0, | 267 | 0, |
| 268 | 40, | ||
| 269 | 128, | ||
| 176 | SSL_ALL_CIPHERS, | 270 | SSL_ALL_CIPHERS, |
| 271 | SSL_ALL_STRENGTHS, | ||
| 177 | }, | 272 | }, |
| 178 | /* Cipher 07 */ | 273 | /* Cipher 07 */ |
| 179 | { | 274 | { |
| 180 | 1, | 275 | 1, |
| 181 | SSL3_TXT_RSA_IDEA_128_SHA, | 276 | SSL3_TXT_RSA_IDEA_128_SHA, |
| 182 | SSL3_CK_RSA_IDEA_128_SHA, | 277 | SSL3_CK_RSA_IDEA_128_SHA, |
| 183 | SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_MEDIUM, | 278 | SSL_kRSA|SSL_aRSA|SSL_IDEA |SSL_SHA1|SSL_SSLV3, |
| 279 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 184 | 0, | 280 | 0, |
| 281 | 128, | ||
| 282 | 128, | ||
| 185 | SSL_ALL_CIPHERS, | 283 | SSL_ALL_CIPHERS, |
| 284 | SSL_ALL_STRENGTHS, | ||
| 186 | }, | 285 | }, |
| 187 | /* Cipher 08 */ | 286 | /* Cipher 08 */ |
| 188 | { | 287 | { |
| 189 | 1, | 288 | 1, |
| 190 | SSL3_TXT_RSA_DES_40_CBC_SHA, | 289 | SSL3_TXT_RSA_DES_40_CBC_SHA, |
| 191 | SSL3_CK_RSA_DES_40_CBC_SHA, | 290 | SSL3_CK_RSA_DES_40_CBC_SHA, |
| 192 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 291 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 292 | SSL_EXPORT|SSL_EXP40, | ||
| 193 | 0, | 293 | 0, |
| 294 | 40, | ||
| 295 | 56, | ||
| 194 | SSL_ALL_CIPHERS, | 296 | SSL_ALL_CIPHERS, |
| 297 | SSL_ALL_STRENGTHS, | ||
| 195 | }, | 298 | }, |
| 196 | /* Cipher 09 */ | 299 | /* Cipher 09 */ |
| 197 | { | 300 | { |
| 198 | 1, | 301 | 1, |
| 199 | SSL3_TXT_RSA_DES_64_CBC_SHA, | 302 | SSL3_TXT_RSA_DES_64_CBC_SHA, |
| 200 | SSL3_CK_RSA_DES_64_CBC_SHA, | 303 | SSL3_CK_RSA_DES_64_CBC_SHA, |
| 201 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, | 304 | SSL_kRSA|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 305 | SSL_NOT_EXP|SSL_LOW, | ||
| 202 | 0, | 306 | 0, |
| 307 | 56, | ||
| 308 | 56, | ||
| 203 | SSL_ALL_CIPHERS, | 309 | SSL_ALL_CIPHERS, |
| 310 | SSL_ALL_STRENGTHS, | ||
| 204 | }, | 311 | }, |
| 205 | /* Cipher 0A */ | 312 | /* Cipher 0A */ |
| 206 | { | 313 | { |
| 207 | 1, | 314 | 1, |
| 208 | SSL3_TXT_RSA_DES_192_CBC3_SHA, | 315 | SSL3_TXT_RSA_DES_192_CBC3_SHA, |
| 209 | SSL3_CK_RSA_DES_192_CBC3_SHA, | 316 | SSL3_CK_RSA_DES_192_CBC3_SHA, |
| 210 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, | 317 | SSL_kRSA|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 318 | SSL_NOT_EXP|SSL_HIGH, | ||
| 211 | 0, | 319 | 0, |
| 320 | 168, | ||
| 321 | 168, | ||
| 212 | SSL_ALL_CIPHERS, | 322 | SSL_ALL_CIPHERS, |
| 323 | SSL_ALL_STRENGTHS, | ||
| 213 | }, | 324 | }, |
| 214 | 325 | ||
| 215 | /* The DH ciphers */ | 326 | /* The DH ciphers */ |
| @@ -218,54 +329,78 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 218 | 0, | 329 | 0, |
| 219 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, | 330 | SSL3_TXT_DH_DSS_DES_40_CBC_SHA, |
| 220 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, | 331 | SSL3_CK_DH_DSS_DES_40_CBC_SHA, |
| 221 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 332 | SSL_kDHd |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 333 | SSL_EXPORT|SSL_EXP40, | ||
| 222 | 0, | 334 | 0, |
| 335 | 40, | ||
| 336 | 56, | ||
| 223 | SSL_ALL_CIPHERS, | 337 | SSL_ALL_CIPHERS, |
| 338 | SSL_ALL_STRENGTHS, | ||
| 224 | }, | 339 | }, |
| 225 | /* Cipher 0C */ | 340 | /* Cipher 0C */ |
| 226 | { | 341 | { |
| 227 | 0, | 342 | 0, |
| 228 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, | 343 | SSL3_TXT_DH_DSS_DES_64_CBC_SHA, |
| 229 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, | 344 | SSL3_CK_DH_DSS_DES_64_CBC_SHA, |
| 230 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, | 345 | SSL_kDHd |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 346 | SSL_NOT_EXP|SSL_LOW, | ||
| 231 | 0, | 347 | 0, |
| 348 | 56, | ||
| 349 | 56, | ||
| 232 | SSL_ALL_CIPHERS, | 350 | SSL_ALL_CIPHERS, |
| 351 | SSL_ALL_STRENGTHS, | ||
| 233 | }, | 352 | }, |
| 234 | /* Cipher 0D */ | 353 | /* Cipher 0D */ |
| 235 | { | 354 | { |
| 236 | 0, | 355 | 0, |
| 237 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, | 356 | SSL3_TXT_DH_DSS_DES_192_CBC3_SHA, |
| 238 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, | 357 | SSL3_CK_DH_DSS_DES_192_CBC3_SHA, |
| 239 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, | 358 | SSL_kDHd |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 359 | SSL_NOT_EXP|SSL_HIGH, | ||
| 240 | 0, | 360 | 0, |
| 361 | 168, | ||
| 362 | 168, | ||
| 241 | SSL_ALL_CIPHERS, | 363 | SSL_ALL_CIPHERS, |
| 364 | SSL_ALL_STRENGTHS, | ||
| 242 | }, | 365 | }, |
| 243 | /* Cipher 0E */ | 366 | /* Cipher 0E */ |
| 244 | { | 367 | { |
| 245 | 0, | 368 | 0, |
| 246 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, | 369 | SSL3_TXT_DH_RSA_DES_40_CBC_SHA, |
| 247 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, | 370 | SSL3_CK_DH_RSA_DES_40_CBC_SHA, |
| 248 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 371 | SSL_kDHr |SSL_aDH|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 372 | SSL_EXPORT|SSL_EXP40, | ||
| 249 | 0, | 373 | 0, |
| 374 | 40, | ||
| 375 | 56, | ||
| 250 | SSL_ALL_CIPHERS, | 376 | SSL_ALL_CIPHERS, |
| 377 | SSL_ALL_STRENGTHS, | ||
| 251 | }, | 378 | }, |
| 252 | /* Cipher 0F */ | 379 | /* Cipher 0F */ |
| 253 | { | 380 | { |
| 254 | 0, | 381 | 0, |
| 255 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, | 382 | SSL3_TXT_DH_RSA_DES_64_CBC_SHA, |
| 256 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, | 383 | SSL3_CK_DH_RSA_DES_64_CBC_SHA, |
| 257 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, | 384 | SSL_kDHr |SSL_aDH|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 385 | SSL_NOT_EXP|SSL_LOW, | ||
| 258 | 0, | 386 | 0, |
| 387 | 56, | ||
| 388 | 56, | ||
| 259 | SSL_ALL_CIPHERS, | 389 | SSL_ALL_CIPHERS, |
| 390 | SSL_ALL_STRENGTHS, | ||
| 260 | }, | 391 | }, |
| 261 | /* Cipher 10 */ | 392 | /* Cipher 10 */ |
| 262 | { | 393 | { |
| 263 | 0, | 394 | 0, |
| 264 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, | 395 | SSL3_TXT_DH_RSA_DES_192_CBC3_SHA, |
| 265 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, | 396 | SSL3_CK_DH_RSA_DES_192_CBC3_SHA, |
| 266 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, | 397 | SSL_kDHr |SSL_aDH|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 398 | SSL_NOT_EXP|SSL_HIGH, | ||
| 267 | 0, | 399 | 0, |
| 400 | 168, | ||
| 401 | 168, | ||
| 268 | SSL_ALL_CIPHERS, | 402 | SSL_ALL_CIPHERS, |
| 403 | SSL_ALL_STRENGTHS, | ||
| 269 | }, | 404 | }, |
| 270 | 405 | ||
| 271 | /* The Ephemeral DH ciphers */ | 406 | /* The Ephemeral DH ciphers */ |
| @@ -274,54 +409,78 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 274 | 1, | 409 | 1, |
| 275 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, | 410 | SSL3_TXT_EDH_DSS_DES_40_CBC_SHA, |
| 276 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, | 411 | SSL3_CK_EDH_DSS_DES_40_CBC_SHA, |
| 277 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 412 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 413 | SSL_EXPORT|SSL_EXP40, | ||
| 278 | 0, | 414 | 0, |
| 415 | 40, | ||
| 416 | 56, | ||
| 279 | SSL_ALL_CIPHERS, | 417 | SSL_ALL_CIPHERS, |
| 418 | SSL_ALL_STRENGTHS, | ||
| 280 | }, | 419 | }, |
| 281 | /* Cipher 12 */ | 420 | /* Cipher 12 */ |
| 282 | { | 421 | { |
| 283 | 1, | 422 | 1, |
| 284 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, | 423 | SSL3_TXT_EDH_DSS_DES_64_CBC_SHA, |
| 285 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, | 424 | SSL3_CK_EDH_DSS_DES_64_CBC_SHA, |
| 286 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, | 425 | SSL_kEDH|SSL_aDSS|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 426 | SSL_NOT_EXP|SSL_LOW, | ||
| 287 | 0, | 427 | 0, |
| 428 | 56, | ||
| 429 | 56, | ||
| 288 | SSL_ALL_CIPHERS, | 430 | SSL_ALL_CIPHERS, |
| 431 | SSL_ALL_STRENGTHS, | ||
| 289 | }, | 432 | }, |
| 290 | /* Cipher 13 */ | 433 | /* Cipher 13 */ |
| 291 | { | 434 | { |
| 292 | 1, | 435 | 1, |
| 293 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, | 436 | SSL3_TXT_EDH_DSS_DES_192_CBC3_SHA, |
| 294 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, | 437 | SSL3_CK_EDH_DSS_DES_192_CBC3_SHA, |
| 295 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, | 438 | SSL_kEDH|SSL_aDSS|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 439 | SSL_NOT_EXP|SSL_HIGH, | ||
| 296 | 0, | 440 | 0, |
| 441 | 168, | ||
| 442 | 168, | ||
| 297 | SSL_ALL_CIPHERS, | 443 | SSL_ALL_CIPHERS, |
| 444 | SSL_ALL_STRENGTHS, | ||
| 298 | }, | 445 | }, |
| 299 | /* Cipher 14 */ | 446 | /* Cipher 14 */ |
| 300 | { | 447 | { |
| 301 | 1, | 448 | 1, |
| 302 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, | 449 | SSL3_TXT_EDH_RSA_DES_40_CBC_SHA, |
| 303 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, | 450 | SSL3_CK_EDH_RSA_DES_40_CBC_SHA, |
| 304 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_EXP|SSL_SSLV3, | 451 | SSL_kEDH|SSL_aRSA|SSL_DES|SSL_SHA1|SSL_SSLV3, |
| 452 | SSL_EXPORT|SSL_EXP40, | ||
| 305 | 0, | 453 | 0, |
| 454 | 40, | ||
| 455 | 56, | ||
| 306 | SSL_ALL_CIPHERS, | 456 | SSL_ALL_CIPHERS, |
| 457 | SSL_ALL_STRENGTHS, | ||
| 307 | }, | 458 | }, |
| 308 | /* Cipher 15 */ | 459 | /* Cipher 15 */ |
| 309 | { | 460 | { |
| 310 | 1, | 461 | 1, |
| 311 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, | 462 | SSL3_TXT_EDH_RSA_DES_64_CBC_SHA, |
| 312 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, | 463 | SSL3_CK_EDH_RSA_DES_64_CBC_SHA, |
| 313 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_LOW, | 464 | SSL_kEDH|SSL_aRSA|SSL_DES |SSL_SHA1|SSL_SSLV3, |
| 465 | SSL_NOT_EXP|SSL_LOW, | ||
| 314 | 0, | 466 | 0, |
| 467 | 56, | ||
| 468 | 56, | ||
| 315 | SSL_ALL_CIPHERS, | 469 | SSL_ALL_CIPHERS, |
| 470 | SSL_ALL_STRENGTHS, | ||
| 316 | }, | 471 | }, |
| 317 | /* Cipher 16 */ | 472 | /* Cipher 16 */ |
| 318 | { | 473 | { |
| 319 | 1, | 474 | 1, |
| 320 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, | 475 | SSL3_TXT_EDH_RSA_DES_192_CBC3_SHA, |
| 321 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, | 476 | SSL3_CK_EDH_RSA_DES_192_CBC3_SHA, |
| 322 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3|SSL_HIGH, | 477 | SSL_kEDH|SSL_aRSA|SSL_3DES |SSL_SHA1|SSL_SSLV3, |
| 478 | SSL_NOT_EXP|SSL_HIGH, | ||
| 323 | 0, | 479 | 0, |
| 480 | 168, | ||
| 481 | 168, | ||
| 324 | SSL_ALL_CIPHERS, | 482 | SSL_ALL_CIPHERS, |
| 483 | SSL_ALL_STRENGTHS, | ||
| 325 | }, | 484 | }, |
| 326 | 485 | ||
| 327 | /* Fortezza */ | 486 | /* Fortezza */ |
| @@ -330,9 +489,13 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 330 | 0, | 489 | 0, |
| 331 | SSL3_TXT_FZA_DMS_NULL_SHA, | 490 | SSL3_TXT_FZA_DMS_NULL_SHA, |
| 332 | SSL3_CK_FZA_DMS_NULL_SHA, | 491 | SSL3_CK_FZA_DMS_NULL_SHA, |
| 333 | SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 492 | SSL_kFZA|SSL_aFZA |SSL_eNULL |SSL_SHA1|SSL_SSLV3, |
| 493 | SSL_NOT_EXP, | ||
| 494 | 0, | ||
| 495 | 0, | ||
| 334 | 0, | 496 | 0, |
| 335 | SSL_ALL_CIPHERS, | 497 | SSL_ALL_CIPHERS, |
| 498 | SSL_ALL_STRENGTHS, | ||
| 336 | }, | 499 | }, |
| 337 | 500 | ||
| 338 | /* Cipher 1D */ | 501 | /* Cipher 1D */ |
| @@ -340,9 +503,13 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 340 | 0, | 503 | 0, |
| 341 | SSL3_TXT_FZA_DMS_FZA_SHA, | 504 | SSL3_TXT_FZA_DMS_FZA_SHA, |
| 342 | SSL3_CK_FZA_DMS_FZA_SHA, | 505 | SSL3_CK_FZA_DMS_FZA_SHA, |
| 343 | SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 506 | SSL_kFZA|SSL_aFZA |SSL_eFZA |SSL_SHA1|SSL_SSLV3, |
| 507 | SSL_NOT_EXP, | ||
| 508 | 0, | ||
| 509 | 0, | ||
| 344 | 0, | 510 | 0, |
| 345 | SSL_ALL_CIPHERS, | 511 | SSL_ALL_CIPHERS, |
| 512 | SSL_ALL_STRENGTHS, | ||
| 346 | }, | 513 | }, |
| 347 | 514 | ||
| 348 | /* Cipher 1E */ | 515 | /* Cipher 1E */ |
| @@ -350,10 +517,359 @@ SSL_CIPHER ssl3_ciphers[]={ | |||
| 350 | 0, | 517 | 0, |
| 351 | SSL3_TXT_FZA_DMS_RC4_SHA, | 518 | SSL3_TXT_FZA_DMS_RC4_SHA, |
| 352 | SSL3_CK_FZA_DMS_RC4_SHA, | 519 | SSL3_CK_FZA_DMS_RC4_SHA, |
| 353 | SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_NOT_EXP|SSL_SSLV3, | 520 | SSL_kFZA|SSL_aFZA |SSL_RC4 |SSL_SHA1|SSL_SSLV3, |
| 521 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 522 | 0, | ||
| 523 | 128, | ||
| 524 | 128, | ||
| 525 | SSL_ALL_CIPHERS, | ||
| 526 | SSL_ALL_STRENGTHS, | ||
| 527 | }, | ||
| 528 | |||
| 529 | #ifndef OPENSSL_NO_KRB5 | ||
| 530 | /* The Kerberos ciphers | ||
| 531 | ** 20000107 VRS: And the first shall be last, | ||
| 532 | ** in hopes of avoiding the lynx ssl renegotiation problem. | ||
| 533 | */ | ||
| 534 | /* Cipher 21 VRS */ | ||
| 535 | { | ||
| 536 | 1, | ||
| 537 | SSL3_TXT_KRB5_DES_40_CBC_SHA, | ||
| 538 | SSL3_CK_KRB5_DES_40_CBC_SHA, | ||
| 539 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | ||
| 540 | SSL_EXPORT|SSL_EXP40, | ||
| 541 | 0, | ||
| 542 | 40, | ||
| 543 | 56, | ||
| 544 | SSL_ALL_CIPHERS, | ||
| 545 | SSL_ALL_STRENGTHS, | ||
| 546 | }, | ||
| 547 | |||
| 548 | /* Cipher 22 VRS */ | ||
| 549 | { | ||
| 550 | 1, | ||
| 551 | SSL3_TXT_KRB5_DES_40_CBC_MD5, | ||
| 552 | SSL3_CK_KRB5_DES_40_CBC_MD5, | ||
| 553 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | ||
| 554 | SSL_EXPORT|SSL_EXP40, | ||
| 555 | 0, | ||
| 556 | 40, | ||
| 557 | 56, | ||
| 558 | SSL_ALL_CIPHERS, | ||
| 559 | SSL_ALL_STRENGTHS, | ||
| 560 | }, | ||
| 561 | |||
| 562 | /* Cipher 23 VRS */ | ||
| 563 | { | ||
| 564 | 1, | ||
| 565 | SSL3_TXT_KRB5_DES_64_CBC_SHA, | ||
| 566 | SSL3_CK_KRB5_DES_64_CBC_SHA, | ||
| 567 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_SHA1 |SSL_SSLV3, | ||
| 568 | SSL_NOT_EXP|SSL_LOW, | ||
| 569 | 0, | ||
| 570 | 56, | ||
| 571 | 56, | ||
| 572 | SSL_ALL_CIPHERS, | ||
| 573 | SSL_ALL_STRENGTHS, | ||
| 574 | }, | ||
| 575 | |||
| 576 | /* Cipher 24 VRS */ | ||
| 577 | { | ||
| 578 | 1, | ||
| 579 | SSL3_TXT_KRB5_DES_64_CBC_MD5, | ||
| 580 | SSL3_CK_KRB5_DES_64_CBC_MD5, | ||
| 581 | SSL_kKRB5|SSL_aKRB5| SSL_DES|SSL_MD5 |SSL_SSLV3, | ||
| 582 | SSL_NOT_EXP|SSL_LOW, | ||
| 583 | 0, | ||
| 584 | 56, | ||
| 585 | 56, | ||
| 586 | SSL_ALL_CIPHERS, | ||
| 587 | SSL_ALL_STRENGTHS, | ||
| 588 | }, | ||
| 589 | |||
| 590 | /* Cipher 25 VRS */ | ||
| 591 | { | ||
| 592 | 1, | ||
| 593 | SSL3_TXT_KRB5_DES_192_CBC3_SHA, | ||
| 594 | SSL3_CK_KRB5_DES_192_CBC3_SHA, | ||
| 595 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_SHA1 |SSL_SSLV3, | ||
| 596 | SSL_NOT_EXP|SSL_HIGH, | ||
| 597 | 0, | ||
| 598 | 112, | ||
| 599 | 168, | ||
| 600 | SSL_ALL_CIPHERS, | ||
| 601 | SSL_ALL_STRENGTHS, | ||
| 602 | }, | ||
| 603 | |||
| 604 | /* Cipher 26 VRS */ | ||
| 605 | { | ||
| 606 | 1, | ||
| 607 | SSL3_TXT_KRB5_DES_192_CBC3_MD5, | ||
| 608 | SSL3_CK_KRB5_DES_192_CBC3_MD5, | ||
| 609 | SSL_kKRB5|SSL_aKRB5| SSL_3DES|SSL_MD5 |SSL_SSLV3, | ||
| 610 | SSL_NOT_EXP|SSL_HIGH, | ||
| 354 | 0, | 611 | 0, |
| 612 | 112, | ||
| 613 | 168, | ||
| 355 | SSL_ALL_CIPHERS, | 614 | SSL_ALL_CIPHERS, |
| 615 | SSL_ALL_STRENGTHS, | ||
| 356 | }, | 616 | }, |
| 617 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 618 | |||
| 619 | |||
| 620 | #if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES | ||
| 621 | /* New TLS Export CipherSuites */ | ||
| 622 | /* Cipher 60 */ | ||
| 623 | { | ||
| 624 | 1, | ||
| 625 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5, | ||
| 626 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5, | ||
| 627 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_MD5|SSL_TLSV1, | ||
| 628 | SSL_EXPORT|SSL_EXP56, | ||
| 629 | 0, | ||
| 630 | 56, | ||
| 631 | 128, | ||
| 632 | SSL_ALL_CIPHERS, | ||
| 633 | SSL_ALL_STRENGTHS, | ||
| 634 | }, | ||
| 635 | /* Cipher 61 */ | ||
| 636 | { | ||
| 637 | 1, | ||
| 638 | TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | ||
| 639 | TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5, | ||
| 640 | SSL_kRSA|SSL_aRSA|SSL_RC2|SSL_MD5|SSL_TLSV1, | ||
| 641 | SSL_EXPORT|SSL_EXP56, | ||
| 642 | 0, | ||
| 643 | 56, | ||
| 644 | 128, | ||
| 645 | SSL_ALL_CIPHERS, | ||
| 646 | SSL_ALL_STRENGTHS, | ||
| 647 | }, | ||
| 648 | /* Cipher 62 */ | ||
| 649 | { | ||
| 650 | 1, | ||
| 651 | TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA, | ||
| 652 | TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA, | ||
| 653 | SSL_kRSA|SSL_aRSA|SSL_DES|SSL_SHA|SSL_TLSV1, | ||
| 654 | SSL_EXPORT|SSL_EXP56, | ||
| 655 | 0, | ||
| 656 | 56, | ||
| 657 | 56, | ||
| 658 | SSL_ALL_CIPHERS, | ||
| 659 | SSL_ALL_STRENGTHS, | ||
| 660 | }, | ||
| 661 | /* Cipher 63 */ | ||
| 662 | { | ||
| 663 | 1, | ||
| 664 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | ||
| 665 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA, | ||
| 666 | SSL_kEDH|SSL_aDSS|SSL_DES|SSL_SHA|SSL_TLSV1, | ||
| 667 | SSL_EXPORT|SSL_EXP56, | ||
| 668 | 0, | ||
| 669 | 56, | ||
| 670 | 56, | ||
| 671 | SSL_ALL_CIPHERS, | ||
| 672 | SSL_ALL_STRENGTHS, | ||
| 673 | }, | ||
| 674 | /* Cipher 64 */ | ||
| 675 | { | ||
| 676 | 1, | ||
| 677 | TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA, | ||
| 678 | TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA, | ||
| 679 | SSL_kRSA|SSL_aRSA|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 680 | SSL_EXPORT|SSL_EXP56, | ||
| 681 | 0, | ||
| 682 | 56, | ||
| 683 | 128, | ||
| 684 | SSL_ALL_CIPHERS, | ||
| 685 | SSL_ALL_STRENGTHS, | ||
| 686 | }, | ||
| 687 | /* Cipher 65 */ | ||
| 688 | { | ||
| 689 | 1, | ||
| 690 | TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | ||
| 691 | TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA, | ||
| 692 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 693 | SSL_EXPORT|SSL_EXP56, | ||
| 694 | 0, | ||
| 695 | 56, | ||
| 696 | 128, | ||
| 697 | SSL_ALL_CIPHERS, | ||
| 698 | SSL_ALL_STRENGTHS, | ||
| 699 | }, | ||
| 700 | /* Cipher 66 */ | ||
| 701 | { | ||
| 702 | 1, | ||
| 703 | TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA, | ||
| 704 | TLS1_CK_DHE_DSS_WITH_RC4_128_SHA, | ||
| 705 | SSL_kEDH|SSL_aDSS|SSL_RC4|SSL_SHA|SSL_TLSV1, | ||
| 706 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 707 | 0, | ||
| 708 | 128, | ||
| 709 | 128, | ||
| 710 | SSL_ALL_CIPHERS, | ||
| 711 | SSL_ALL_STRENGTHS | ||
| 712 | }, | ||
| 713 | #endif | ||
| 714 | /* New AES ciphersuites */ | ||
| 715 | |||
| 716 | /* Cipher 2F */ | ||
| 717 | { | ||
| 718 | 1, | ||
| 719 | TLS1_TXT_RSA_WITH_AES_128_SHA, | ||
| 720 | TLS1_CK_RSA_WITH_AES_128_SHA, | ||
| 721 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 722 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 723 | 0, | ||
| 724 | 128, | ||
| 725 | 128, | ||
| 726 | SSL_ALL_CIPHERS, | ||
| 727 | SSL_ALL_STRENGTHS, | ||
| 728 | }, | ||
| 729 | /* Cipher 30 */ | ||
| 730 | { | ||
| 731 | 0, | ||
| 732 | TLS1_TXT_DH_DSS_WITH_AES_128_SHA, | ||
| 733 | TLS1_CK_DH_DSS_WITH_AES_128_SHA, | ||
| 734 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 735 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 736 | 0, | ||
| 737 | 128, | ||
| 738 | 128, | ||
| 739 | SSL_ALL_CIPHERS, | ||
| 740 | SSL_ALL_STRENGTHS, | ||
| 741 | }, | ||
| 742 | /* Cipher 31 */ | ||
| 743 | { | ||
| 744 | 0, | ||
| 745 | TLS1_TXT_DH_RSA_WITH_AES_128_SHA, | ||
| 746 | TLS1_CK_DH_RSA_WITH_AES_128_SHA, | ||
| 747 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 748 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 749 | 0, | ||
| 750 | 128, | ||
| 751 | 128, | ||
| 752 | SSL_ALL_CIPHERS, | ||
| 753 | SSL_ALL_STRENGTHS, | ||
| 754 | }, | ||
| 755 | /* Cipher 32 */ | ||
| 756 | { | ||
| 757 | 1, | ||
| 758 | TLS1_TXT_DHE_DSS_WITH_AES_128_SHA, | ||
| 759 | TLS1_CK_DHE_DSS_WITH_AES_128_SHA, | ||
| 760 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 761 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 762 | 0, | ||
| 763 | 128, | ||
| 764 | 128, | ||
| 765 | SSL_ALL_CIPHERS, | ||
| 766 | SSL_ALL_STRENGTHS, | ||
| 767 | }, | ||
| 768 | /* Cipher 33 */ | ||
| 769 | { | ||
| 770 | 1, | ||
| 771 | TLS1_TXT_DHE_RSA_WITH_AES_128_SHA, | ||
| 772 | TLS1_CK_DHE_RSA_WITH_AES_128_SHA, | ||
| 773 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 774 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 775 | 0, | ||
| 776 | 128, | ||
| 777 | 128, | ||
| 778 | SSL_ALL_CIPHERS, | ||
| 779 | SSL_ALL_STRENGTHS, | ||
| 780 | }, | ||
| 781 | /* Cipher 34 */ | ||
| 782 | { | ||
| 783 | 1, | ||
| 784 | TLS1_TXT_ADH_WITH_AES_128_SHA, | ||
| 785 | TLS1_CK_ADH_WITH_AES_128_SHA, | ||
| 786 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 787 | SSL_NOT_EXP|SSL_MEDIUM, | ||
| 788 | 0, | ||
| 789 | 128, | ||
| 790 | 128, | ||
| 791 | SSL_ALL_CIPHERS, | ||
| 792 | SSL_ALL_STRENGTHS, | ||
| 793 | }, | ||
| 794 | |||
| 795 | /* Cipher 35 */ | ||
| 796 | { | ||
| 797 | 1, | ||
| 798 | TLS1_TXT_RSA_WITH_AES_256_SHA, | ||
| 799 | TLS1_CK_RSA_WITH_AES_256_SHA, | ||
| 800 | SSL_kRSA|SSL_aRSA|SSL_AES|SSL_SHA |SSL_TLSV1, | ||
| 801 | SSL_NOT_EXP|SSL_HIGH, | ||
| 802 | 0, | ||
| 803 | 256, | ||
| 804 | 256, | ||
| 805 | SSL_ALL_CIPHERS, | ||
| 806 | SSL_ALL_STRENGTHS, | ||
| 807 | }, | ||
| 808 | /* Cipher 36 */ | ||
| 809 | { | ||
| 810 | 0, | ||
| 811 | TLS1_TXT_DH_DSS_WITH_AES_256_SHA, | ||
| 812 | TLS1_CK_DH_DSS_WITH_AES_256_SHA, | ||
| 813 | SSL_kDHd|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 814 | SSL_NOT_EXP|SSL_HIGH, | ||
| 815 | 0, | ||
| 816 | 256, | ||
| 817 | 256, | ||
| 818 | SSL_ALL_CIPHERS, | ||
| 819 | SSL_ALL_STRENGTHS, | ||
| 820 | }, | ||
| 821 | /* Cipher 37 */ | ||
| 822 | { | ||
| 823 | 0, | ||
| 824 | TLS1_TXT_DH_RSA_WITH_AES_256_SHA, | ||
| 825 | TLS1_CK_DH_RSA_WITH_AES_256_SHA, | ||
| 826 | SSL_kDHr|SSL_aDH|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 827 | SSL_NOT_EXP|SSL_HIGH, | ||
| 828 | 0, | ||
| 829 | 256, | ||
| 830 | 256, | ||
| 831 | SSL_ALL_CIPHERS, | ||
| 832 | SSL_ALL_STRENGTHS, | ||
| 833 | }, | ||
| 834 | /* Cipher 38 */ | ||
| 835 | { | ||
| 836 | 1, | ||
| 837 | TLS1_TXT_DHE_DSS_WITH_AES_256_SHA, | ||
| 838 | TLS1_CK_DHE_DSS_WITH_AES_256_SHA, | ||
| 839 | SSL_kEDH|SSL_aDSS|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 840 | SSL_NOT_EXP|SSL_HIGH, | ||
| 841 | 0, | ||
| 842 | 256, | ||
| 843 | 256, | ||
| 844 | SSL_ALL_CIPHERS, | ||
| 845 | SSL_ALL_STRENGTHS, | ||
| 846 | }, | ||
| 847 | /* Cipher 39 */ | ||
| 848 | { | ||
| 849 | 1, | ||
| 850 | TLS1_TXT_DHE_RSA_WITH_AES_256_SHA, | ||
| 851 | TLS1_CK_DHE_RSA_WITH_AES_256_SHA, | ||
| 852 | SSL_kEDH|SSL_aRSA|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 853 | SSL_NOT_EXP|SSL_HIGH, | ||
| 854 | 0, | ||
| 855 | 256, | ||
| 856 | 256, | ||
| 857 | SSL_ALL_CIPHERS, | ||
| 858 | SSL_ALL_STRENGTHS, | ||
| 859 | }, | ||
| 860 | /* Cipher 3A */ | ||
| 861 | { | ||
| 862 | 1, | ||
| 863 | TLS1_TXT_ADH_WITH_AES_256_SHA, | ||
| 864 | TLS1_CK_ADH_WITH_AES_256_SHA, | ||
| 865 | SSL_kEDH|SSL_aNULL|SSL_AES|SSL_SHA|SSL_TLSV1, | ||
| 866 | SSL_NOT_EXP|SSL_HIGH, | ||
| 867 | 0, | ||
| 868 | 256, | ||
| 869 | 256, | ||
| 870 | SSL_ALL_CIPHERS, | ||
| 871 | SSL_ALL_STRENGTHS, | ||
| 872 | }, | ||
| 357 | 873 | ||
| 358 | /* end of list */ | 874 | /* end of list */ |
| 359 | }; | 875 | }; |
| @@ -384,6 +900,7 @@ static SSL_METHOD SSLv3_data= { | |||
| 384 | ssl3_write, | 900 | ssl3_write, |
| 385 | ssl3_shutdown, | 901 | ssl3_shutdown, |
| 386 | ssl3_renegotiate, | 902 | ssl3_renegotiate, |
| 903 | ssl3_renegotiate_check, | ||
| 387 | ssl3_ctrl, | 904 | ssl3_ctrl, |
| 388 | ssl3_ctx_ctrl, | 905 | ssl3_ctx_ctrl, |
| 389 | ssl3_get_cipher_by_char, | 906 | ssl3_get_cipher_by_char, |
| @@ -394,27 +911,29 @@ static SSL_METHOD SSLv3_data= { | |||
| 394 | ssl_bad_method, | 911 | ssl_bad_method, |
| 395 | ssl3_default_timeout, | 912 | ssl3_default_timeout, |
| 396 | &SSLv3_enc_data, | 913 | &SSLv3_enc_data, |
| 914 | ssl_undefined_function, | ||
| 915 | ssl3_callback_ctrl, | ||
| 916 | ssl3_ctx_callback_ctrl, | ||
| 397 | }; | 917 | }; |
| 398 | 918 | ||
| 399 | static long ssl3_default_timeout() | 919 | static long ssl3_default_timeout(void) |
| 400 | { | 920 | { |
| 401 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec | 921 | /* 2 hours, the 24 hours mentioned in the SSLv3 spec |
| 402 | * is way too long for http, the cache would over fill */ | 922 | * is way too long for http, the cache would over fill */ |
| 403 | return(60*60*2); | 923 | return(60*60*2); |
| 404 | } | 924 | } |
| 405 | 925 | ||
| 406 | SSL_METHOD *sslv3_base_method() | 926 | SSL_METHOD *sslv3_base_method(void) |
| 407 | { | 927 | { |
| 408 | return(&SSLv3_data); | 928 | return(&SSLv3_data); |
| 409 | } | 929 | } |
| 410 | 930 | ||
| 411 | int ssl3_num_ciphers() | 931 | int ssl3_num_ciphers(void) |
| 412 | { | 932 | { |
| 413 | return(SSL3_NUM_CIPHERS); | 933 | return(SSL3_NUM_CIPHERS); |
| 414 | } | 934 | } |
| 415 | 935 | ||
| 416 | SSL_CIPHER *ssl3_get_cipher(u) | 936 | SSL_CIPHER *ssl3_get_cipher(unsigned int u) |
| 417 | unsigned int u; | ||
| 418 | { | 937 | { |
| 419 | if (u < SSL3_NUM_CIPHERS) | 938 | if (u < SSL3_NUM_CIPHERS) |
| 420 | return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); | 939 | return(&(ssl3_ciphers[SSL3_NUM_CIPHERS-1-u])); |
| @@ -422,29 +941,24 @@ unsigned int u; | |||
| 422 | return(NULL); | 941 | return(NULL); |
| 423 | } | 942 | } |
| 424 | 943 | ||
| 425 | /* The problem is that it may not be the correct record type */ | 944 | int ssl3_pending(SSL *s) |
| 426 | int ssl3_pending(s) | ||
| 427 | SSL *s; | ||
| 428 | { | 945 | { |
| 429 | return(s->s3->rrec.length); | 946 | if (s->rstate == SSL_ST_READ_BODY) |
| 947 | return 0; | ||
| 948 | |||
| 949 | return (s->s3->rrec.type == SSL3_RT_APPLICATION_DATA) ? s->s3->rrec.length : 0; | ||
| 430 | } | 950 | } |
| 431 | 951 | ||
| 432 | int ssl3_new(s) | 952 | int ssl3_new(SSL *s) |
| 433 | SSL *s; | ||
| 434 | { | 953 | { |
| 435 | SSL3_CTX *s3; | 954 | SSL3_STATE *s3; |
| 436 | 955 | ||
| 437 | if ((s3=(SSL3_CTX *)Malloc(sizeof(SSL3_CTX))) == NULL) goto err; | 956 | if ((s3=OPENSSL_malloc(sizeof *s3)) == NULL) goto err; |
| 438 | memset(s3,0,sizeof(SSL3_CTX)); | 957 | memset(s3,0,sizeof *s3); |
| 958 | EVP_MD_CTX_init(&s3->finish_dgst1); | ||
| 959 | EVP_MD_CTX_init(&s3->finish_dgst2); | ||
| 439 | 960 | ||
| 440 | s->s3=s3; | 961 | s->s3=s3; |
| 441 | /* | ||
| 442 | s->s3->tmp.ca_names=NULL; | ||
| 443 | s->s3->tmp.key_block=NULL; | ||
| 444 | s->s3->tmp.key_block_length=0; | ||
| 445 | s->s3->rbuf.buf=NULL; | ||
| 446 | s->s3->wbuf.buf=NULL; | ||
| 447 | */ | ||
| 448 | 962 | ||
| 449 | s->method->ssl_clear(s); | 963 | s->method->ssl_clear(s); |
| 450 | return(1); | 964 | return(1); |
| @@ -452,40 +966,66 @@ err: | |||
| 452 | return(0); | 966 | return(0); |
| 453 | } | 967 | } |
| 454 | 968 | ||
| 455 | void ssl3_free(s) | 969 | void ssl3_free(SSL *s) |
| 456 | SSL *s; | ||
| 457 | { | 970 | { |
| 971 | if(s == NULL) | ||
| 972 | return; | ||
| 973 | |||
| 458 | ssl3_cleanup_key_block(s); | 974 | ssl3_cleanup_key_block(s); |
| 459 | if (s->s3->rbuf.buf != NULL) | 975 | if (s->s3->rbuf.buf != NULL) |
| 460 | Free(s->s3->rbuf.buf); | 976 | OPENSSL_free(s->s3->rbuf.buf); |
| 461 | if (s->s3->wbuf.buf != NULL) | 977 | if (s->s3->wbuf.buf != NULL) |
| 462 | Free(s->s3->wbuf.buf); | 978 | OPENSSL_free(s->s3->wbuf.buf); |
| 463 | #ifndef NO_DH | 979 | if (s->s3->rrec.comp != NULL) |
| 980 | OPENSSL_free(s->s3->rrec.comp); | ||
| 981 | #ifndef OPENSSL_NO_DH | ||
| 464 | if (s->s3->tmp.dh != NULL) | 982 | if (s->s3->tmp.dh != NULL) |
| 465 | DH_free(s->s3->tmp.dh); | 983 | DH_free(s->s3->tmp.dh); |
| 466 | #endif | 984 | #endif |
| 467 | if (s->s3->tmp.ca_names != NULL) | 985 | if (s->s3->tmp.ca_names != NULL) |
| 468 | sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 986 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 469 | memset(s->s3,0,sizeof(SSL3_CTX)); | 987 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); |
| 470 | Free(s->s3); | 988 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); |
| 989 | memset(s->s3,0,sizeof *s->s3); | ||
| 990 | OPENSSL_free(s->s3); | ||
| 471 | s->s3=NULL; | 991 | s->s3=NULL; |
| 472 | } | 992 | } |
| 473 | 993 | ||
| 474 | void ssl3_clear(s) | 994 | void ssl3_clear(SSL *s) |
| 475 | SSL *s; | ||
| 476 | { | 995 | { |
| 477 | unsigned char *rp,*wp; | 996 | unsigned char *rp,*wp; |
| 997 | size_t rlen, wlen; | ||
| 478 | 998 | ||
| 479 | ssl3_cleanup_key_block(s); | 999 | ssl3_cleanup_key_block(s); |
| 480 | if (s->s3->tmp.ca_names != NULL) | 1000 | if (s->s3->tmp.ca_names != NULL) |
| 481 | sk_pop_free(s->s3->tmp.ca_names,X509_NAME_free); | 1001 | sk_X509_NAME_pop_free(s->s3->tmp.ca_names,X509_NAME_free); |
| 482 | 1002 | ||
| 483 | rp=s->s3->rbuf.buf; | 1003 | if (s->s3->rrec.comp != NULL) |
| 484 | wp=s->s3->wbuf.buf; | 1004 | { |
| 1005 | OPENSSL_free(s->s3->rrec.comp); | ||
| 1006 | s->s3->rrec.comp=NULL; | ||
| 1007 | } | ||
| 1008 | #ifndef OPENSSL_NO_DH | ||
| 1009 | if (s->s3->tmp.dh != NULL) | ||
| 1010 | DH_free(s->s3->tmp.dh); | ||
| 1011 | #endif | ||
| 1012 | |||
| 1013 | rp = s->s3->rbuf.buf; | ||
| 1014 | wp = s->s3->wbuf.buf; | ||
| 1015 | rlen = s->s3->rbuf.len; | ||
| 1016 | wlen = s->s3->wbuf.len; | ||
| 1017 | |||
| 1018 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst1); | ||
| 1019 | EVP_MD_CTX_cleanup(&s->s3->finish_dgst2); | ||
| 1020 | |||
| 1021 | memset(s->s3,0,sizeof *s->s3); | ||
| 1022 | s->s3->rbuf.buf = rp; | ||
| 1023 | s->s3->wbuf.buf = wp; | ||
| 1024 | s->s3->rbuf.len = rlen; | ||
| 1025 | s->s3->wbuf.len = wlen; | ||
| 1026 | |||
| 1027 | ssl_free_wbio_buffer(s); | ||
| 485 | 1028 | ||
| 486 | memset(s->s3,0,sizeof(SSL3_CTX)); | ||
| 487 | if (rp != NULL) s->s3->rbuf.buf=rp; | ||
| 488 | if (wp != NULL) s->s3->wbuf.buf=wp; | ||
| 489 | s->packet_length=0; | 1029 | s->packet_length=0; |
| 490 | s->s3->renegotiate=0; | 1030 | s->s3->renegotiate=0; |
| 491 | s->s3->total_renegotiations=0; | 1031 | s->s3->total_renegotiations=0; |
| @@ -494,14 +1034,30 @@ SSL *s; | |||
| 494 | s->version=SSL3_VERSION; | 1034 | s->version=SSL3_VERSION; |
| 495 | } | 1035 | } |
| 496 | 1036 | ||
| 497 | long ssl3_ctrl(s,cmd,larg,parg) | 1037 | long ssl3_ctrl(SSL *s, int cmd, long larg, void *parg) |
| 498 | SSL *s; | ||
| 499 | int cmd; | ||
| 500 | long larg; | ||
| 501 | char *parg; | ||
| 502 | { | 1038 | { |
| 503 | int ret=0; | 1039 | int ret=0; |
| 504 | 1040 | ||
| 1041 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) | ||
| 1042 | if ( | ||
| 1043 | #ifndef OPENSSL_NO_RSA | ||
| 1044 | cmd == SSL_CTRL_SET_TMP_RSA || | ||
| 1045 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | ||
| 1046 | #endif | ||
| 1047 | #ifndef OPENSSL_NO_DSA | ||
| 1048 | cmd == SSL_CTRL_SET_TMP_DH || | ||
| 1049 | cmd == SSL_CTRL_SET_TMP_DH_CB || | ||
| 1050 | #endif | ||
| 1051 | 0) | ||
| 1052 | { | ||
| 1053 | if (!ssl_cert_inst(&s->cert)) | ||
| 1054 | { | ||
| 1055 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_MALLOC_FAILURE); | ||
| 1056 | return(0); | ||
| 1057 | } | ||
| 1058 | } | ||
| 1059 | #endif | ||
| 1060 | |||
| 505 | switch (cmd) | 1061 | switch (cmd) |
| 506 | { | 1062 | { |
| 507 | case SSL_CTRL_GET_SESSION_REUSED: | 1063 | case SSL_CTRL_GET_SESSION_REUSED: |
| @@ -519,25 +1075,137 @@ char *parg; | |||
| 519 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: | 1075 | case SSL_CTRL_GET_TOTAL_RENEGOTIATIONS: |
| 520 | ret=s->s3->total_renegotiations; | 1076 | ret=s->s3->total_renegotiations; |
| 521 | break; | 1077 | break; |
| 1078 | case SSL_CTRL_GET_FLAGS: | ||
| 1079 | ret=(int)(s->s3->flags); | ||
| 1080 | break; | ||
| 1081 | #ifndef OPENSSL_NO_RSA | ||
| 1082 | case SSL_CTRL_NEED_TMP_RSA: | ||
| 1083 | if ((s->cert != NULL) && (s->cert->rsa_tmp == NULL) && | ||
| 1084 | ((s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | ||
| 1085 | (EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey) > (512/8)))) | ||
| 1086 | ret = 1; | ||
| 1087 | break; | ||
| 1088 | case SSL_CTRL_SET_TMP_RSA: | ||
| 1089 | { | ||
| 1090 | RSA *rsa = (RSA *)parg; | ||
| 1091 | if (rsa == NULL) | ||
| 1092 | { | ||
| 1093 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1094 | return(ret); | ||
| 1095 | } | ||
| 1096 | if ((rsa = RSAPrivateKey_dup(rsa)) == NULL) | ||
| 1097 | { | ||
| 1098 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_RSA_LIB); | ||
| 1099 | return(ret); | ||
| 1100 | } | ||
| 1101 | if (s->cert->rsa_tmp != NULL) | ||
| 1102 | RSA_free(s->cert->rsa_tmp); | ||
| 1103 | s->cert->rsa_tmp = rsa; | ||
| 1104 | ret = 1; | ||
| 1105 | } | ||
| 1106 | break; | ||
| 1107 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 1108 | { | ||
| 1109 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1110 | return(ret); | ||
| 1111 | } | ||
| 1112 | break; | ||
| 1113 | #endif | ||
| 1114 | #ifndef OPENSSL_NO_DH | ||
| 1115 | case SSL_CTRL_SET_TMP_DH: | ||
| 1116 | { | ||
| 1117 | DH *dh = (DH *)parg; | ||
| 1118 | if (dh == NULL) | ||
| 1119 | { | ||
| 1120 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_PASSED_NULL_PARAMETER); | ||
| 1121 | return(ret); | ||
| 1122 | } | ||
| 1123 | if ((dh = DHparams_dup(dh)) == NULL) | ||
| 1124 | { | ||
| 1125 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | ||
| 1126 | return(ret); | ||
| 1127 | } | ||
| 1128 | if (!(s->options & SSL_OP_SINGLE_DH_USE)) | ||
| 1129 | { | ||
| 1130 | if (!DH_generate_key(dh)) | ||
| 1131 | { | ||
| 1132 | DH_free(dh); | ||
| 1133 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_DH_LIB); | ||
| 1134 | return(ret); | ||
| 1135 | } | ||
| 1136 | } | ||
| 1137 | if (s->cert->dh_tmp != NULL) | ||
| 1138 | DH_free(s->cert->dh_tmp); | ||
| 1139 | s->cert->dh_tmp = dh; | ||
| 1140 | ret = 1; | ||
| 1141 | } | ||
| 1142 | break; | ||
| 1143 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 1144 | { | ||
| 1145 | SSLerr(SSL_F_SSL3_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1146 | return(ret); | ||
| 1147 | } | ||
| 1148 | break; | ||
| 1149 | #endif | ||
| 522 | default: | 1150 | default: |
| 523 | break; | 1151 | break; |
| 524 | } | 1152 | } |
| 525 | return(ret); | 1153 | return(ret); |
| 526 | } | 1154 | } |
| 527 | 1155 | ||
| 528 | long ssl3_ctx_ctrl(ctx,cmd,larg,parg) | 1156 | long ssl3_callback_ctrl(SSL *s, int cmd, void (*fp)()) |
| 529 | SSL_CTX *ctx; | 1157 | { |
| 530 | int cmd; | 1158 | int ret=0; |
| 531 | long larg; | 1159 | |
| 532 | char *parg; | 1160 | #if !defined(OPENSSL_NO_DSA) || !defined(OPENSSL_NO_RSA) |
| 1161 | if ( | ||
| 1162 | #ifndef OPENSSL_NO_RSA | ||
| 1163 | cmd == SSL_CTRL_SET_TMP_RSA_CB || | ||
| 1164 | #endif | ||
| 1165 | #ifndef OPENSSL_NO_DSA | ||
| 1166 | cmd == SSL_CTRL_SET_TMP_DH_CB || | ||
| 1167 | #endif | ||
| 1168 | 0) | ||
| 1169 | { | ||
| 1170 | if (!ssl_cert_inst(&s->cert)) | ||
| 1171 | { | ||
| 1172 | SSLerr(SSL_F_SSL3_CALLBACK_CTRL, ERR_R_MALLOC_FAILURE); | ||
| 1173 | return(0); | ||
| 1174 | } | ||
| 1175 | } | ||
| 1176 | #endif | ||
| 1177 | |||
| 1178 | switch (cmd) | ||
| 1179 | { | ||
| 1180 | #ifndef OPENSSL_NO_RSA | ||
| 1181 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 1182 | { | ||
| 1183 | s->cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | ||
| 1184 | } | ||
| 1185 | break; | ||
| 1186 | #endif | ||
| 1187 | #ifndef OPENSSL_NO_DH | ||
| 1188 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 1189 | { | ||
| 1190 | s->cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
| 1191 | } | ||
| 1192 | break; | ||
| 1193 | #endif | ||
| 1194 | default: | ||
| 1195 | break; | ||
| 1196 | } | ||
| 1197 | return(ret); | ||
| 1198 | } | ||
| 1199 | |||
| 1200 | long ssl3_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) | ||
| 533 | { | 1201 | { |
| 534 | CERT *cert; | 1202 | CERT *cert; |
| 535 | 1203 | ||
| 536 | cert=ctx->default_cert; | 1204 | cert=ctx->cert; |
| 537 | 1205 | ||
| 538 | switch (cmd) | 1206 | switch (cmd) |
| 539 | { | 1207 | { |
| 540 | #ifndef NO_RSA | 1208 | #ifndef OPENSSL_NO_RSA |
| 541 | case SSL_CTRL_NEED_TMP_RSA: | 1209 | case SSL_CTRL_NEED_TMP_RSA: |
| 542 | if ( (cert->rsa_tmp == NULL) && | 1210 | if ( (cert->rsa_tmp == NULL) && |
| 543 | ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || | 1211 | ((cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL) || |
| @@ -546,7 +1214,7 @@ char *parg; | |||
| 546 | return(1); | 1214 | return(1); |
| 547 | else | 1215 | else |
| 548 | return(0); | 1216 | return(0); |
| 549 | break; | 1217 | /* break; */ |
| 550 | case SSL_CTRL_SET_TMP_RSA: | 1218 | case SSL_CTRL_SET_TMP_RSA: |
| 551 | { | 1219 | { |
| 552 | RSA *rsa; | 1220 | RSA *rsa; |
| @@ -574,35 +1242,83 @@ char *parg; | |||
| 574 | return(1); | 1242 | return(1); |
| 575 | } | 1243 | } |
| 576 | } | 1244 | } |
| 577 | break; | 1245 | /* break; */ |
| 578 | case SSL_CTRL_SET_TMP_RSA_CB: | 1246 | case SSL_CTRL_SET_TMP_RSA_CB: |
| 579 | cert->rsa_tmp_cb=(RSA *(*)())parg; | 1247 | { |
| 1248 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1249 | return(0); | ||
| 1250 | } | ||
| 580 | break; | 1251 | break; |
| 581 | #endif | 1252 | #endif |
| 582 | #ifndef NO_DH | 1253 | #ifndef OPENSSL_NO_DH |
| 583 | case SSL_CTRL_SET_TMP_DH: | 1254 | case SSL_CTRL_SET_TMP_DH: |
| 584 | { | 1255 | { |
| 585 | DH *new=NULL,*dh; | 1256 | DH *new=NULL,*dh; |
| 586 | 1257 | ||
| 587 | dh=(DH *)parg; | 1258 | dh=(DH *)parg; |
| 588 | if ( ((new=DHparams_dup(dh)) == NULL) || | 1259 | if ((new=DHparams_dup(dh)) == NULL) |
| 589 | (!DH_generate_key(new))) | ||
| 590 | { | 1260 | { |
| 591 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); | 1261 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); |
| 592 | if (new != NULL) DH_free(new); | 1262 | return 0; |
| 593 | return(0); | ||
| 594 | } | 1263 | } |
| 595 | else | 1264 | if (!(ctx->options & SSL_OP_SINGLE_DH_USE)) |
| 596 | { | 1265 | { |
| 597 | if (cert->dh_tmp != NULL) | 1266 | if (!DH_generate_key(new)) |
| 598 | DH_free(cert->dh_tmp); | 1267 | { |
| 599 | cert->dh_tmp=new; | 1268 | SSLerr(SSL_F_SSL3_CTX_CTRL,ERR_R_DH_LIB); |
| 600 | return(1); | 1269 | DH_free(new); |
| 1270 | return 0; | ||
| 1271 | } | ||
| 601 | } | 1272 | } |
| 1273 | if (cert->dh_tmp != NULL) | ||
| 1274 | DH_free(cert->dh_tmp); | ||
| 1275 | cert->dh_tmp=new; | ||
| 1276 | return 1; | ||
| 1277 | } | ||
| 1278 | /*break; */ | ||
| 1279 | case SSL_CTRL_SET_TMP_DH_CB: | ||
| 1280 | { | ||
| 1281 | SSLerr(SSL_F_SSL3_CTX_CTRL, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | ||
| 1282 | return(0); | ||
| 602 | } | 1283 | } |
| 603 | break; | 1284 | break; |
| 1285 | #endif | ||
| 1286 | /* A Thawte special :-) */ | ||
| 1287 | case SSL_CTRL_EXTRA_CHAIN_CERT: | ||
| 1288 | if (ctx->extra_certs == NULL) | ||
| 1289 | { | ||
| 1290 | if ((ctx->extra_certs=sk_X509_new_null()) == NULL) | ||
| 1291 | return(0); | ||
| 1292 | } | ||
| 1293 | sk_X509_push(ctx->extra_certs,(X509 *)parg); | ||
| 1294 | break; | ||
| 1295 | |||
| 1296 | default: | ||
| 1297 | return(0); | ||
| 1298 | } | ||
| 1299 | return(1); | ||
| 1300 | } | ||
| 1301 | |||
| 1302 | long ssl3_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | ||
| 1303 | { | ||
| 1304 | CERT *cert; | ||
| 1305 | |||
| 1306 | cert=ctx->cert; | ||
| 1307 | |||
| 1308 | switch (cmd) | ||
| 1309 | { | ||
| 1310 | #ifndef OPENSSL_NO_RSA | ||
| 1311 | case SSL_CTRL_SET_TMP_RSA_CB: | ||
| 1312 | { | ||
| 1313 | cert->rsa_tmp_cb = (RSA *(*)(SSL *, int, int))fp; | ||
| 1314 | } | ||
| 1315 | break; | ||
| 1316 | #endif | ||
| 1317 | #ifndef OPENSSL_NO_DH | ||
| 604 | case SSL_CTRL_SET_TMP_DH_CB: | 1318 | case SSL_CTRL_SET_TMP_DH_CB: |
| 605 | cert->dh_tmp_cb=(DH *(*)())parg; | 1319 | { |
| 1320 | cert->dh_tmp_cb = (DH *(*)(SSL *, int, int))fp; | ||
| 1321 | } | ||
| 606 | break; | 1322 | break; |
| 607 | #endif | 1323 | #endif |
| 608 | default: | 1324 | default: |
| @@ -613,8 +1329,7 @@ char *parg; | |||
| 613 | 1329 | ||
| 614 | /* This function needs to check if the ciphers required are actually | 1330 | /* This function needs to check if the ciphers required are actually |
| 615 | * available */ | 1331 | * available */ |
| 616 | SSL_CIPHER *ssl3_get_cipher_by_char(p) | 1332 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p) |
| 617 | unsigned char *p; | ||
| 618 | { | 1333 | { |
| 619 | static int init=1; | 1334 | static int init=1; |
| 620 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; | 1335 | static SSL_CIPHER *sorted[SSL3_NUM_CIPHERS]; |
| @@ -624,7 +1339,7 @@ unsigned char *p; | |||
| 624 | 1339 | ||
| 625 | if (init) | 1340 | if (init) |
| 626 | { | 1341 | { |
| 627 | init=0; | 1342 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); |
| 628 | 1343 | ||
| 629 | for (i=0; i<SSL3_NUM_CIPHERS; i++) | 1344 | for (i=0; i<SSL3_NUM_CIPHERS; i++) |
| 630 | sorted[i]= &(ssl3_ciphers[i]); | 1345 | sorted[i]= &(ssl3_ciphers[i]); |
| @@ -632,6 +1347,10 @@ unsigned char *p; | |||
| 632 | qsort( (char *)sorted, | 1347 | qsort( (char *)sorted, |
| 633 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 1348 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), |
| 634 | FP_ICC ssl_cipher_ptr_id_cmp); | 1349 | FP_ICC ssl_cipher_ptr_id_cmp); |
| 1350 | |||
| 1351 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 1352 | |||
| 1353 | init=0; | ||
| 635 | } | 1354 | } |
| 636 | 1355 | ||
| 637 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; | 1356 | id=0x03000000L|((unsigned long)p[0]<<8L)|(unsigned long)p[1]; |
| @@ -639,16 +1358,14 @@ unsigned char *p; | |||
| 639 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, | 1358 | cpp=(SSL_CIPHER **)OBJ_bsearch((char *)&cp, |
| 640 | (char *)sorted, | 1359 | (char *)sorted, |
| 641 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), | 1360 | SSL3_NUM_CIPHERS,sizeof(SSL_CIPHER *), |
| 642 | (int (*)())ssl_cipher_ptr_id_cmp); | 1361 | FP_ICC ssl_cipher_ptr_id_cmp); |
| 643 | if ((cpp == NULL) || !(*cpp)->valid) | 1362 | if ((cpp == NULL) || !(*cpp)->valid) |
| 644 | return(NULL); | 1363 | return(NULL); |
| 645 | else | 1364 | else |
| 646 | return(*cpp); | 1365 | return(*cpp); |
| 647 | } | 1366 | } |
| 648 | 1367 | ||
| 649 | int ssl3_put_cipher_by_char(c,p) | 1368 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c, unsigned char *p) |
| 650 | SSL_CIPHER *c; | ||
| 651 | unsigned char *p; | ||
| 652 | { | 1369 | { |
| 653 | long l; | 1370 | long l; |
| 654 | 1371 | ||
| @@ -662,114 +1379,141 @@ unsigned char *p; | |||
| 662 | return(2); | 1379 | return(2); |
| 663 | } | 1380 | } |
| 664 | 1381 | ||
| 665 | int ssl3_part_read(s,i) | 1382 | SSL_CIPHER *ssl3_choose_cipher(SSL *s, STACK_OF(SSL_CIPHER) *clnt, |
| 666 | SSL *s; | 1383 | STACK_OF(SSL_CIPHER) *srvr) |
| 667 | int i; | ||
| 668 | { | ||
| 669 | s->rwstate=SSL_READING; | ||
| 670 | |||
| 671 | if (i < 0) | ||
| 672 | { | ||
| 673 | return(i); | ||
| 674 | } | ||
| 675 | else | ||
| 676 | { | ||
| 677 | s->init_num+=i; | ||
| 678 | return(0); | ||
| 679 | } | ||
| 680 | } | ||
| 681 | |||
| 682 | SSL_CIPHER *ssl3_choose_cipher(s,have,pref) | ||
| 683 | SSL *s; | ||
| 684 | STACK *have,*pref; | ||
| 685 | { | 1384 | { |
| 686 | SSL_CIPHER *c,*ret=NULL; | 1385 | SSL_CIPHER *c,*ret=NULL; |
| 1386 | STACK_OF(SSL_CIPHER) *prio, *allow; | ||
| 687 | int i,j,ok; | 1387 | int i,j,ok; |
| 688 | CERT *cert; | 1388 | CERT *cert; |
| 689 | unsigned long alg,mask,emask; | 1389 | unsigned long alg,mask,emask; |
| 690 | 1390 | ||
| 691 | /* Lets see which ciphers we can supported */ | 1391 | /* Let's see which ciphers we can support */ |
| 692 | if (s->cert != NULL) | 1392 | cert=s->cert; |
| 693 | cert=s->cert; | 1393 | |
| 1394 | #if 0 | ||
| 1395 | /* Do not set the compare functions, because this may lead to a | ||
| 1396 | * reordering by "id". We want to keep the original ordering. | ||
| 1397 | * We may pay a price in performance during sk_SSL_CIPHER_find(), | ||
| 1398 | * but would have to pay with the price of sk_SSL_CIPHER_dup(). | ||
| 1399 | */ | ||
| 1400 | sk_SSL_CIPHER_set_cmp_func(srvr, ssl_cipher_ptr_id_cmp); | ||
| 1401 | sk_SSL_CIPHER_set_cmp_func(clnt, ssl_cipher_ptr_id_cmp); | ||
| 1402 | #endif | ||
| 1403 | |||
| 1404 | #ifdef CIPHER_DEBUG | ||
| 1405 | printf("Server has %d from %p:\n", sk_SSL_CIPHER_num(srvr), srvr); | ||
| 1406 | for(i=0 ; i < sk_SSL_CIPHER_num(srvr) ; ++i) | ||
| 1407 | { | ||
| 1408 | c=sk_SSL_CIPHER_value(srvr,i); | ||
| 1409 | printf("%p:%s\n",c,c->name); | ||
| 1410 | } | ||
| 1411 | printf("Client sent %d from %p:\n", sk_SSL_CIPHER_num(clnt), clnt); | ||
| 1412 | for(i=0 ; i < sk_SSL_CIPHER_num(clnt) ; ++i) | ||
| 1413 | { | ||
| 1414 | c=sk_SSL_CIPHER_value(clnt,i); | ||
| 1415 | printf("%p:%s\n",c,c->name); | ||
| 1416 | } | ||
| 1417 | #endif | ||
| 1418 | |||
| 1419 | if (s->options & SSL_OP_CIPHER_SERVER_PREFERENCE) | ||
| 1420 | { | ||
| 1421 | prio = srvr; | ||
| 1422 | allow = clnt; | ||
| 1423 | } | ||
| 694 | else | 1424 | else |
| 695 | cert=s->ctx->default_cert; | 1425 | { |
| 1426 | prio = clnt; | ||
| 1427 | allow = srvr; | ||
| 1428 | } | ||
| 1429 | |||
| 1430 | for (i=0; i<sk_SSL_CIPHER_num(prio); i++) | ||
| 1431 | { | ||
| 1432 | c=sk_SSL_CIPHER_value(prio,i); | ||
| 696 | 1433 | ||
| 697 | ssl_set_cert_masks(cert); | 1434 | ssl_set_cert_masks(cert,c); |
| 698 | mask=cert->mask; | 1435 | mask=cert->mask; |
| 699 | emask=cert->export_mask; | 1436 | emask=cert->export_mask; |
| 700 | 1437 | ||
| 701 | sk_set_cmp_func(pref,ssl_cipher_ptr_id_cmp); | 1438 | #ifdef KSSL_DEBUG |
| 1439 | printf("ssl3_choose_cipher %d alg= %lx\n", i,c->algorithms); | ||
| 1440 | #endif /* KSSL_DEBUG */ | ||
| 702 | 1441 | ||
| 703 | for (i=0; i<sk_num(have); i++) | ||
| 704 | { | ||
| 705 | c=(SSL_CIPHER *)sk_value(have,i); | ||
| 706 | alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); | 1442 | alg=c->algorithms&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
| 707 | if (alg & SSL_EXPORT) | 1443 | #ifndef OPENSSL_NO_KRB5 |
| 1444 | if (alg & SSL_KRB5) | ||
| 1445 | { | ||
| 1446 | if ( !kssl_keytab_is_available(s->kssl_ctx) ) | ||
| 1447 | continue; | ||
| 1448 | } | ||
| 1449 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 1450 | if (SSL_C_IS_EXPORT(c)) | ||
| 708 | { | 1451 | { |
| 709 | ok=((alg & emask) == alg)?1:0; | 1452 | ok=((alg & emask) == alg)?1:0; |
| 710 | #ifdef CIPHER_DEBUG | 1453 | #ifdef CIPHER_DEBUG |
| 711 | printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); | 1454 | printf("%d:[%08lX:%08lX]%p:%s (export)\n",ok,alg,emask, |
| 1455 | c,c->name); | ||
| 712 | #endif | 1456 | #endif |
| 713 | } | 1457 | } |
| 714 | else | 1458 | else |
| 715 | { | 1459 | { |
| 716 | ok=((alg & mask) == alg)?1:0; | 1460 | ok=((alg & mask) == alg)?1:0; |
| 717 | #ifdef CIPHER_DEBUG | 1461 | #ifdef CIPHER_DEBUG |
| 718 | printf("%d:[%08lX:%08lX]%s\n",ok,alg,mask,c->name); | 1462 | printf("%d:[%08lX:%08lX]%p:%s\n",ok,alg,mask,c, |
| 1463 | c->name); | ||
| 719 | #endif | 1464 | #endif |
| 720 | } | 1465 | } |
| 721 | 1466 | ||
| 722 | if (!ok) continue; | 1467 | if (!ok) continue; |
| 723 | 1468 | ||
| 724 | j=sk_find(pref,(char *)c); | 1469 | j=sk_SSL_CIPHER_find(allow,c); |
| 725 | if (j >= 0) | 1470 | if (j >= 0) |
| 726 | { | 1471 | { |
| 727 | ret=(SSL_CIPHER *)sk_value(pref,j); | 1472 | ret=sk_SSL_CIPHER_value(allow,j); |
| 728 | break; | 1473 | break; |
| 729 | } | 1474 | } |
| 730 | } | 1475 | } |
| 731 | return(ret); | 1476 | return(ret); |
| 732 | } | 1477 | } |
| 733 | 1478 | ||
| 734 | int ssl3_get_req_cert_type(s,p) | 1479 | int ssl3_get_req_cert_type(SSL *s, unsigned char *p) |
| 735 | SSL *s; | ||
| 736 | unsigned char *p; | ||
| 737 | { | 1480 | { |
| 738 | int ret=0; | 1481 | int ret=0; |
| 739 | unsigned long alg; | 1482 | unsigned long alg; |
| 740 | 1483 | ||
| 741 | alg=s->s3->tmp.new_cipher->algorithms; | 1484 | alg=s->s3->tmp.new_cipher->algorithms; |
| 742 | 1485 | ||
| 743 | #ifndef NO_DH | 1486 | #ifndef OPENSSL_NO_DH |
| 744 | if (alg & (SSL_kDHr|SSL_kEDH)) | 1487 | if (alg & (SSL_kDHr|SSL_kEDH)) |
| 745 | { | 1488 | { |
| 746 | #ifndef NO_RSA | 1489 | # ifndef OPENSSL_NO_RSA |
| 747 | p[ret++]=SSL3_CT_RSA_FIXED_DH; | 1490 | p[ret++]=SSL3_CT_RSA_FIXED_DH; |
| 748 | #endif | 1491 | # endif |
| 749 | #ifndef NO_DSA | 1492 | # ifndef OPENSSL_NO_DSA |
| 750 | p[ret++]=SSL3_CT_DSS_FIXED_DH; | 1493 | p[ret++]=SSL3_CT_DSS_FIXED_DH; |
| 751 | #endif | 1494 | # endif |
| 752 | } | 1495 | } |
| 753 | if ((s->version == SSL3_VERSION) && | 1496 | if ((s->version == SSL3_VERSION) && |
| 754 | (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) | 1497 | (alg & (SSL_kEDH|SSL_kDHd|SSL_kDHr))) |
| 755 | { | 1498 | { |
| 756 | #ifndef NO_RSA | 1499 | # ifndef OPENSSL_NO_RSA |
| 757 | p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; | 1500 | p[ret++]=SSL3_CT_RSA_EPHEMERAL_DH; |
| 758 | #endif | 1501 | # endif |
| 759 | #ifndef NO_DSA | 1502 | # ifndef OPENSSL_NO_DSA |
| 760 | p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; | 1503 | p[ret++]=SSL3_CT_DSS_EPHEMERAL_DH; |
| 761 | #endif | 1504 | # endif |
| 762 | } | 1505 | } |
| 763 | #endif /* !NO_DH */ | 1506 | #endif /* !OPENSSL_NO_DH */ |
| 764 | #ifndef NO_RSA | 1507 | #ifndef OPENSSL_NO_RSA |
| 765 | p[ret++]=SSL3_CT_RSA_SIGN; | 1508 | p[ret++]=SSL3_CT_RSA_SIGN; |
| 766 | #endif | 1509 | #endif |
| 1510 | #ifndef OPENSSL_NO_DSA | ||
| 767 | p[ret++]=SSL3_CT_DSS_SIGN; | 1511 | p[ret++]=SSL3_CT_DSS_SIGN; |
| 1512 | #endif | ||
| 768 | return(ret); | 1513 | return(ret); |
| 769 | } | 1514 | } |
| 770 | 1515 | ||
| 771 | int ssl3_shutdown(s) | 1516 | int ssl3_shutdown(SSL *s) |
| 772 | SSL *s; | ||
| 773 | { | 1517 | { |
| 774 | 1518 | ||
| 775 | /* Don't do anything much if we have not done the handshake or | 1519 | /* Don't do anything much if we have not done the handshake or |
| @@ -799,7 +1543,7 @@ SSL *s; | |||
| 799 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) | 1543 | else if (!(s->shutdown & SSL_RECEIVED_SHUTDOWN)) |
| 800 | { | 1544 | { |
| 801 | /* If we are waiting for a close from our peer, we are closed */ | 1545 | /* If we are waiting for a close from our peer, we are closed */ |
| 802 | ssl3_read_bytes(s,0,NULL,0); | 1546 | ssl3_read_bytes(s,0,NULL,0,0); |
| 803 | } | 1547 | } |
| 804 | 1548 | ||
| 805 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && | 1549 | if ((s->shutdown == (SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN)) && |
| @@ -809,13 +1553,9 @@ SSL *s; | |||
| 809 | return(0); | 1553 | return(0); |
| 810 | } | 1554 | } |
| 811 | 1555 | ||
| 812 | int ssl3_write(s,buf,len) | 1556 | int ssl3_write(SSL *s, const void *buf, int len) |
| 813 | SSL *s; | ||
| 814 | char *buf; | ||
| 815 | int len; | ||
| 816 | { | 1557 | { |
| 817 | int ret,n; | 1558 | int ret,n; |
| 818 | BIO *under; | ||
| 819 | 1559 | ||
| 820 | #if 0 | 1560 | #if 0 |
| 821 | if (s->shutdown & SSL_SEND_SHUTDOWN) | 1561 | if (s->shutdown & SSL_SEND_SHUTDOWN) |
| @@ -838,7 +1578,7 @@ int len; | |||
| 838 | if (s->s3->delay_buf_pop_ret == 0) | 1578 | if (s->s3->delay_buf_pop_ret == 0) |
| 839 | { | 1579 | { |
| 840 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | 1580 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, |
| 841 | (char *)buf,len); | 1581 | buf,len); |
| 842 | if (ret <= 0) return(ret); | 1582 | if (ret <= 0) return(ret); |
| 843 | 1583 | ||
| 844 | s->s3->delay_buf_pop_ret=ret; | 1584 | s->s3->delay_buf_pop_ret=ret; |
| @@ -849,43 +1589,40 @@ int len; | |||
| 849 | if (n <= 0) return(n); | 1589 | if (n <= 0) return(n); |
| 850 | s->rwstate=SSL_NOTHING; | 1590 | s->rwstate=SSL_NOTHING; |
| 851 | 1591 | ||
| 852 | /* We have flushed the buffer */ | 1592 | /* We have flushed the buffer, so remove it */ |
| 853 | under=BIO_pop(s->wbio); | 1593 | ssl_free_wbio_buffer(s); |
| 854 | s->wbio=under; | 1594 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; |
| 855 | BIO_free(s->bbio); | 1595 | |
| 856 | s->bbio=NULL; | ||
| 857 | ret=s->s3->delay_buf_pop_ret; | 1596 | ret=s->s3->delay_buf_pop_ret; |
| 858 | s->s3->delay_buf_pop_ret=0; | 1597 | s->s3->delay_buf_pop_ret=0; |
| 859 | |||
| 860 | s->s3->flags&= ~SSL3_FLAGS_POP_BUFFER; | ||
| 861 | } | 1598 | } |
| 862 | else | 1599 | else |
| 863 | { | 1600 | { |
| 864 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, | 1601 | ret=ssl3_write_bytes(s,SSL3_RT_APPLICATION_DATA, |
| 865 | (char *)buf,len); | 1602 | buf,len); |
| 866 | if (ret <= 0) return(ret); | 1603 | if (ret <= 0) return(ret); |
| 867 | } | 1604 | } |
| 868 | 1605 | ||
| 869 | return(ret); | 1606 | return(ret); |
| 870 | } | 1607 | } |
| 871 | 1608 | ||
| 872 | int ssl3_read(s,buf,len) | 1609 | static int ssl3_read_internal(SSL *s, void *buf, int len, int peek) |
| 873 | SSL *s; | ||
| 874 | char *buf; | ||
| 875 | int len; | ||
| 876 | { | 1610 | { |
| 877 | int ret; | 1611 | int ret; |
| 878 | 1612 | ||
| 879 | clear_sys_error(); | 1613 | clear_sys_error(); |
| 880 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | 1614 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); |
| 881 | s->s3->in_read_app_data=1; | 1615 | s->s3->in_read_app_data=1; |
| 882 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); | 1616 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 883 | if ((ret == -1) && (s->s3->in_read_app_data == 0)) | 1617 | if ((ret == -1) && (s->s3->in_read_app_data == 2)) |
| 884 | { | 1618 | { |
| 885 | ERR_get_error(); /* clear the error */ | 1619 | /* ssl3_read_bytes decided to call s->handshake_func, which |
| 886 | s->s3->in_read_app_data=0; | 1620 | * called ssl3_read_bytes to read handshake data. |
| 1621 | * However, ssl3_read_bytes actually found application data | ||
| 1622 | * and thinks that application data makes sense here; so disable | ||
| 1623 | * handshake processing and try to read application data again. */ | ||
| 887 | s->in_handshake++; | 1624 | s->in_handshake++; |
| 888 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len); | 1625 | ret=ssl3_read_bytes(s,SSL3_RT_APPLICATION_DATA,buf,len,peek); |
| 889 | s->in_handshake--; | 1626 | s->in_handshake--; |
| 890 | } | 1627 | } |
| 891 | else | 1628 | else |
| @@ -894,33 +1631,17 @@ int len; | |||
| 894 | return(ret); | 1631 | return(ret); |
| 895 | } | 1632 | } |
| 896 | 1633 | ||
| 897 | int ssl3_peek(s,buf,len) | 1634 | int ssl3_read(SSL *s, void *buf, int len) |
| 898 | SSL *s; | ||
| 899 | char *buf; | ||
| 900 | int len; | ||
| 901 | { | 1635 | { |
| 902 | SSL3_RECORD *rr; | 1636 | return ssl3_read_internal(s, buf, len, 0); |
| 903 | int n; | 1637 | } |
| 904 | |||
| 905 | rr= &(s->s3->rrec); | ||
| 906 | if ((rr->length == 0) || (rr->type != SSL3_RT_APPLICATION_DATA)) | ||
| 907 | { | ||
| 908 | n=ssl3_read(s,buf,1); | ||
| 909 | if (n <= 0) return(n); | ||
| 910 | rr->length++; | ||
| 911 | rr->off--; | ||
| 912 | } | ||
| 913 | 1638 | ||
| 914 | if ((unsigned int)len > rr->length) | 1639 | int ssl3_peek(SSL *s, void *buf, int len) |
| 915 | n=rr->length; | 1640 | { |
| 916 | else | 1641 | return ssl3_read_internal(s, buf, len, 1); |
| 917 | n=len; | ||
| 918 | memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); | ||
| 919 | return(n); | ||
| 920 | } | 1642 | } |
| 921 | 1643 | ||
| 922 | int ssl3_renegotiate(s) | 1644 | int ssl3_renegotiate(SSL *s) |
| 923 | SSL *s; | ||
| 924 | { | 1645 | { |
| 925 | if (s->handshake_func == NULL) | 1646 | if (s->handshake_func == NULL) |
| 926 | return(1); | 1647 | return(1); |
| @@ -932,8 +1653,7 @@ SSL *s; | |||
| 932 | return(1); | 1653 | return(1); |
| 933 | } | 1654 | } |
| 934 | 1655 | ||
| 935 | int ssl3_renegotiate_check(s) | 1656 | int ssl3_renegotiate_check(SSL *s) |
| 936 | SSL *s; | ||
| 937 | { | 1657 | { |
| 938 | int ret=0; | 1658 | int ret=0; |
| 939 | 1659 | ||
| @@ -945,7 +1665,7 @@ SSL *s; | |||
| 945 | { | 1665 | { |
| 946 | /* | 1666 | /* |
| 947 | if we are the server, and we have sent a 'RENEGOTIATE' message, we | 1667 | if we are the server, and we have sent a 'RENEGOTIATE' message, we |
| 948 | need to go to SSL_ST_ACCEPT. | 1668 | need to go to SSL_ST_ACCEPT. |
| 949 | */ | 1669 | */ |
| 950 | /* SSL_ST_ACCEPT */ | 1670 | /* SSL_ST_ACCEPT */ |
| 951 | s->state=SSL_ST_RENEGOTIATE; | 1671 | s->state=SSL_ST_RENEGOTIATE; |
| @@ -958,4 +1678,3 @@ need to go to SSL_ST_ACCEPT. | |||
| 958 | return(ret); | 1678 | return(ret); |
| 959 | } | 1679 | } |
| 960 | 1680 | ||
| 961 | |||
diff --git a/src/lib/libssl/s3_pkt.c b/src/lib/libssl/s3_pkt.c index 2385080347..43e8502b66 100644 --- a/src/lib/libssl/s3_pkt.c +++ b/src/lib/libssl/s3_pkt.c | |||
| @@ -55,150 +55,165 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include <errno.h> | 113 | #include <errno.h> |
| 61 | #define USE_SOCKETS | 114 | #define USE_SOCKETS |
| 62 | #include "evp.h" | 115 | #include <openssl/evp.h> |
| 63 | #include "buffer.h" | 116 | #include <openssl/buffer.h> |
| 64 | #include "ssl_locl.h" | 117 | #include "ssl_locl.h" |
| 65 | 118 | ||
| 66 | /* SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER); | 119 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 67 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE); | 120 | unsigned int len, int create_empty_fragment); |
| 68 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE); | 121 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 69 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE); | 122 | unsigned int len); |
| 70 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE); | ||
| 71 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE); | ||
| 72 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_RECORD_MAC); | ||
| 73 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_DECOMPRESSION_FAILURE); | ||
| 74 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE); | ||
| 75 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_NO_CERTIFICATE); | ||
| 76 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_BAD_CERTIFICATE); | ||
| 77 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE); | ||
| 78 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_REVOKED); | ||
| 79 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED); | ||
| 80 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_CERTIFICATE_UNKNOWN); | ||
| 81 | * SSLerr(SSL_F_GET_SERVER_HELLO,SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER); | ||
| 82 | */ | ||
| 83 | |||
| 84 | #ifndef NOPROTO | ||
| 85 | static int do_ssl3_write(SSL *s, int type, char *buf, unsigned int len); | ||
| 86 | static int ssl3_write_pending(SSL *s, int type, char *buf, unsigned int len); | ||
| 87 | static int ssl3_get_record(SSL *s); | 123 | static int ssl3_get_record(SSL *s); |
| 88 | static int do_compress(SSL *ssl); | 124 | static int do_compress(SSL *ssl); |
| 89 | static int do_uncompress(SSL *ssl); | 125 | static int do_uncompress(SSL *ssl); |
| 90 | static int do_change_cipher_spec(SSL *ssl); | 126 | static int do_change_cipher_spec(SSL *ssl); |
| 91 | #else | ||
| 92 | static int do_ssl3_write(); | ||
| 93 | static int ssl3_write_pending(); | ||
| 94 | static int ssl3_get_record(); | ||
| 95 | static int do_compress(); | ||
| 96 | static int do_uncompress(); | ||
| 97 | static int do_change_cipher_spec(); | ||
| 98 | #endif | ||
| 99 | 127 | ||
| 100 | static int ssl3_read_n(s,n,max,extend) | 128 | /* used only by ssl3_get_record */ |
| 101 | SSL *s; | 129 | static int ssl3_read_n(SSL *s, int n, int max, int extend) |
| 102 | int n; | ||
| 103 | int max; | ||
| 104 | int extend; | ||
| 105 | { | 130 | { |
| 131 | /* If extend == 0, obtain new n-byte packet; if extend == 1, increase | ||
| 132 | * packet by another n bytes. | ||
| 133 | * The packet will be in the sub-array of s->s3->rbuf.buf specified | ||
| 134 | * by s->packet and s->packet_length. | ||
| 135 | * (If s->read_ahead is set, 'max' bytes may be stored in rbuf | ||
| 136 | * [plus s->packet_length bytes if extend == 1].) | ||
| 137 | */ | ||
| 106 | int i,off,newb; | 138 | int i,off,newb; |
| 107 | 139 | ||
| 108 | /* if there is stuff still in the buffer from a previous read, | 140 | if (!extend) |
| 109 | * and there is more than we want, take some. */ | 141 | { |
| 142 | /* start with empty packet ... */ | ||
| 143 | if (s->s3->rbuf.left == 0) | ||
| 144 | s->s3->rbuf.offset = 0; | ||
| 145 | s->packet = s->s3->rbuf.buf + s->s3->rbuf.offset; | ||
| 146 | s->packet_length = 0; | ||
| 147 | /* ... now we can act as if 'extend' was set */ | ||
| 148 | } | ||
| 149 | |||
| 150 | /* if there is enough in the buffer from a previous read, take some */ | ||
| 110 | if (s->s3->rbuf.left >= (int)n) | 151 | if (s->s3->rbuf.left >= (int)n) |
| 111 | { | 152 | { |
| 112 | if (extend) | 153 | s->packet_length+=n; |
| 113 | s->packet_length+=n; | ||
| 114 | else | ||
| 115 | { | ||
| 116 | s->packet= &(s->s3->rbuf.buf[s->s3->rbuf.offset]); | ||
| 117 | s->packet_length=n; | ||
| 118 | } | ||
| 119 | s->s3->rbuf.left-=n; | 154 | s->s3->rbuf.left-=n; |
| 120 | s->s3->rbuf.offset+=n; | 155 | s->s3->rbuf.offset+=n; |
| 121 | return(n); | 156 | return(n); |
| 122 | } | 157 | } |
| 123 | 158 | ||
| 124 | /* else we need to read more data */ | 159 | /* else we need to read more data */ |
| 125 | if (!s->read_ahead) max=n; | 160 | if (!s->read_ahead) |
| 126 | if (max > SSL3_RT_MAX_PACKET_SIZE) | 161 | max=n; |
| 127 | max=SSL3_RT_MAX_PACKET_SIZE; | ||
| 128 | |||
| 129 | /* First check if there is some left or we want to extend */ | ||
| 130 | off=0; | ||
| 131 | if ( (s->s3->rbuf.left != 0) || | ||
| 132 | ((s->packet_length != 0) && extend)) | ||
| 133 | { | ||
| 134 | newb=s->s3->rbuf.left; | ||
| 135 | if (extend) | ||
| 136 | { | ||
| 137 | /* Copy bytes back to the front of the buffer | ||
| 138 | * Take the bytes already pointed to by 'packet' | ||
| 139 | * and take the extra ones on the end. */ | ||
| 140 | off=s->packet_length; | ||
| 141 | if (s->packet != s->s3->rbuf.buf) | ||
| 142 | memcpy(s->s3->rbuf.buf,s->packet,newb+off); | ||
| 143 | } | ||
| 144 | else if (s->s3->rbuf.offset != 0) | ||
| 145 | { /* so the data is not at the start of the buffer */ | ||
| 146 | memcpy(s->s3->rbuf.buf, | ||
| 147 | &(s->s3->rbuf.buf[s->s3->rbuf.offset]),newb); | ||
| 148 | s->s3->rbuf.offset=0; | ||
| 149 | } | ||
| 150 | 162 | ||
| 151 | s->s3->rbuf.left=0; | 163 | { |
| 164 | /* avoid buffer overflow */ | ||
| 165 | int max_max = s->s3->rbuf.len - s->packet_length; | ||
| 166 | if (max > max_max) | ||
| 167 | max = max_max; | ||
| 168 | } | ||
| 169 | if (n > max) /* does not happen */ | ||
| 170 | { | ||
| 171 | SSLerr(SSL_F_SSL3_READ_N,ERR_R_INTERNAL_ERROR); | ||
| 172 | return -1; | ||
| 152 | } | 173 | } |
| 153 | else | ||
| 154 | newb=0; | ||
| 155 | 174 | ||
| 156 | /* So we now have 'newb' bytes at the front of | 175 | off = s->packet_length; |
| 157 | * s->s3->rbuf.buf and need to read some more in on the end | 176 | newb = s->s3->rbuf.left; |
| 158 | * We start reading into the buffer at 's->s3->rbuf.offset' | 177 | /* Move any available bytes to front of buffer: |
| 159 | */ | 178 | * 'off' bytes already pointed to by 'packet', |
| 160 | s->packet=s->s3->rbuf.buf; | 179 | * 'newb' extra ones at the end */ |
| 180 | if (s->packet != s->s3->rbuf.buf) | ||
| 181 | { | ||
| 182 | /* off > 0 */ | ||
| 183 | memmove(s->s3->rbuf.buf, s->packet, off+newb); | ||
| 184 | s->packet = s->s3->rbuf.buf; | ||
| 185 | } | ||
| 161 | 186 | ||
| 162 | while (newb < n) | 187 | while (newb < n) |
| 163 | { | 188 | { |
| 189 | /* Now we have off+newb bytes at the front of s->s3->rbuf.buf and need | ||
| 190 | * to read in more until we have off+n (up to off+max if possible) */ | ||
| 191 | |||
| 164 | clear_sys_error(); | 192 | clear_sys_error(); |
| 165 | if (s->rbio != NULL) | 193 | if (s->rbio != NULL) |
| 166 | { | 194 | { |
| 167 | s->rwstate=SSL_READING; | 195 | s->rwstate=SSL_READING; |
| 168 | i=BIO_read(s->rbio, | 196 | i=BIO_read(s->rbio, &(s->s3->rbuf.buf[off+newb]), max-newb); |
| 169 | (char *)&(s->s3->rbuf.buf[off+newb]), | ||
| 170 | max-newb); | ||
| 171 | } | 197 | } |
| 172 | else | 198 | else |
| 173 | { | 199 | { |
| 174 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); | 200 | SSLerr(SSL_F_SSL3_READ_N,SSL_R_READ_BIO_NOT_SET); |
| 175 | i= -1; | 201 | i = -1; |
| 176 | } | 202 | } |
| 177 | 203 | ||
| 178 | if (i <= 0) | 204 | if (i <= 0) |
| 179 | { | 205 | { |
| 180 | s->s3->rbuf.left+=newb; | 206 | s->s3->rbuf.left = newb; |
| 181 | return(i); | 207 | return(i); |
| 182 | } | 208 | } |
| 183 | newb+=i; | 209 | newb+=i; |
| 184 | } | 210 | } |
| 185 | 211 | ||
| 186 | /* record used data read */ | 212 | /* done reading, now the book-keeping */ |
| 187 | if (newb > n) | 213 | s->s3->rbuf.offset = off + n; |
| 188 | { | 214 | s->s3->rbuf.left = newb - n; |
| 189 | s->s3->rbuf.offset=n+off; | 215 | s->packet_length += n; |
| 190 | s->s3->rbuf.left=newb-n; | 216 | s->rwstate=SSL_NOTHING; |
| 191 | } | ||
| 192 | else | ||
| 193 | { | ||
| 194 | s->s3->rbuf.offset=0; | ||
| 195 | s->s3->rbuf.left=0; | ||
| 196 | } | ||
| 197 | |||
| 198 | if (extend) | ||
| 199 | s->packet_length+=n; | ||
| 200 | else | ||
| 201 | s->packet_length+=n; | ||
| 202 | return(n); | 217 | return(n); |
| 203 | } | 218 | } |
| 204 | 219 | ||
| @@ -206,41 +221,45 @@ int extend; | |||
| 206 | * It will return <= 0 if more data is needed, normally due to an error | 221 | * It will return <= 0 if more data is needed, normally due to an error |
| 207 | * or non-blocking IO. | 222 | * or non-blocking IO. |
| 208 | * When it finishes, one packet has been decoded and can be found in | 223 | * When it finishes, one packet has been decoded and can be found in |
| 209 | * ssl->s3->rrec.type - is the type of record | 224 | * ssl->s3->rrec.type - is the type of record |
| 210 | * ssl->s3->rrec.data, - data | 225 | * ssl->s3->rrec.data, - data |
| 211 | * ssl->s3->rrec.length, - number of bytes | 226 | * ssl->s3->rrec.length, - number of bytes |
| 212 | */ | 227 | */ |
| 213 | static int ssl3_get_record(s) | 228 | /* used only by ssl3_read_bytes */ |
| 214 | SSL *s; | 229 | static int ssl3_get_record(SSL *s) |
| 215 | { | 230 | { |
| 216 | char tmp_buf[512]; | ||
| 217 | int ssl_major,ssl_minor,al; | 231 | int ssl_major,ssl_minor,al; |
| 218 | int n,i,ret= -1; | 232 | int enc_err,n,i,ret= -1; |
| 219 | SSL3_BUFFER *rb; | ||
| 220 | SSL3_RECORD *rr; | 233 | SSL3_RECORD *rr; |
| 221 | SSL_SESSION *sess; | 234 | SSL_SESSION *sess; |
| 222 | unsigned char *p; | 235 | unsigned char *p; |
| 223 | unsigned char md[EVP_MAX_MD_SIZE]; | 236 | unsigned char md[EVP_MAX_MD_SIZE]; |
| 224 | short version; | 237 | short version; |
| 225 | unsigned int mac_size; | 238 | unsigned int mac_size; |
| 226 | int clear=0,extra; | 239 | int clear=0; |
| 240 | size_t extra; | ||
| 227 | 241 | ||
| 228 | rr= &(s->s3->rrec); | 242 | rr= &(s->s3->rrec); |
| 229 | rb= &(s->s3->rbuf); | ||
| 230 | sess=s->session; | 243 | sess=s->session; |
| 231 | 244 | ||
| 232 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) | 245 | if (s->options & SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER) |
| 233 | extra=SSL3_RT_MAX_EXTRA; | 246 | extra=SSL3_RT_MAX_EXTRA; |
| 234 | else | 247 | else |
| 235 | extra=0; | 248 | extra=0; |
| 249 | if (extra != s->s3->rbuf.len - SSL3_RT_MAX_PACKET_SIZE) | ||
| 250 | { | ||
| 251 | /* actually likely an application error: SLS_OP_MICROSOFT_BIG_SSLV3_BUFFER | ||
| 252 | * set after ssl3_setup_buffers() was done */ | ||
| 253 | SSLerr(SSL_F_SSL3_GET_RECORD, ERR_R_INTERNAL_ERROR); | ||
| 254 | return -1; | ||
| 255 | } | ||
| 236 | 256 | ||
| 237 | again: | 257 | again: |
| 238 | /* check if we have the header */ | 258 | /* check if we have the header */ |
| 239 | if ( (s->rstate != SSL_ST_READ_BODY) || | 259 | if ( (s->rstate != SSL_ST_READ_BODY) || |
| 240 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) | 260 | (s->packet_length < SSL3_RT_HEADER_LENGTH)) |
| 241 | { | 261 | { |
| 242 | n=ssl3_read_n(s,SSL3_RT_HEADER_LENGTH, | 262 | n=ssl3_read_n(s, SSL3_RT_HEADER_LENGTH, s->s3->rbuf.len, 0); |
| 243 | SSL3_RT_MAX_PACKET_SIZE,0); | ||
| 244 | if (n <= 0) return(n); /* error or non-blocking */ | 263 | if (n <= 0) return(n); /* error or non-blocking */ |
| 245 | s->rstate=SSL_ST_READ_BODY; | 264 | s->rstate=SSL_ST_READ_BODY; |
| 246 | 265 | ||
| @@ -277,35 +296,33 @@ again: | |||
| 277 | goto err; | 296 | goto err; |
| 278 | } | 297 | } |
| 279 | 298 | ||
| 280 | if (rr->length > | 299 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
| 281 | (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | ||
| 282 | { | 300 | { |
| 283 | al=SSL_AD_RECORD_OVERFLOW; | 301 | al=SSL_AD_RECORD_OVERFLOW; |
| 284 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); | 302 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PACKET_LENGTH_TOO_LONG); |
| 285 | goto f_err; | 303 | goto f_err; |
| 286 | } | 304 | } |
| 287 | 305 | ||
| 288 | s->rstate=SSL_ST_READ_BODY; | 306 | /* now s->rstate == SSL_ST_READ_BODY */ |
| 289 | } | 307 | } |
| 290 | 308 | ||
| 291 | /* get and decode the data */ | 309 | /* s->rstate == SSL_ST_READ_BODY, get and decode the data */ |
| 292 | if (s->rstate == SSL_ST_READ_BODY) | 310 | |
| 311 | if (rr->length > s->packet_length-SSL3_RT_HEADER_LENGTH) | ||
| 293 | { | 312 | { |
| 294 | if (rr->length > (s->packet_length-SSL3_RT_HEADER_LENGTH)) | 313 | /* now s->packet_length == SSL3_RT_HEADER_LENGTH */ |
| 295 | { | 314 | i=rr->length; |
| 296 | i=rr->length; | 315 | n=ssl3_read_n(s,i,i,1); |
| 297 | /*-(s->packet_length-SSL3_RT_HEADER_LENGTH); */ | 316 | if (n <= 0) return(n); /* error or non-blocking io */ |
| 298 | n=ssl3_read_n(s,i,i,1); | 317 | /* now n == rr->length, |
| 299 | if (n <= 0) return(n); /* error or non-blocking io */ | 318 | * and s->packet_length == SSL3_RT_HEADER_LENGTH + rr->length */ |
| 300 | } | ||
| 301 | s->rstate=SSL_ST_READ_HEADER; | ||
| 302 | } | 319 | } |
| 303 | 320 | ||
| 304 | /* At this point, we have the data in s->packet and there should be | 321 | s->rstate=SSL_ST_READ_HEADER; /* set state for later operations */ |
| 305 | * s->packet_length bytes, we must not 'overrun' this buffer :-) | ||
| 306 | * One of the following functions will copy the data from the | ||
| 307 | * s->packet buffer */ | ||
| 308 | 322 | ||
| 323 | /* At this point, s->packet_length == SSL3_RT_HEADER_LNGTH + rr->length, | ||
| 324 | * and we have that many bytes in s->packet | ||
| 325 | */ | ||
| 309 | rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); | 326 | rr->input= &(s->packet[SSL3_RT_HEADER_LENGTH]); |
| 310 | 327 | ||
| 311 | /* ok, we can now read from 's->packet' data into 'rr' | 328 | /* ok, we can now read from 's->packet' data into 'rr' |
| @@ -315,14 +332,11 @@ again: | |||
| 315 | * When the data is 'copied' into the rr->data buffer, | 332 | * When the data is 'copied' into the rr->data buffer, |
| 316 | * rr->input will be pointed at the new buffer */ | 333 | * rr->input will be pointed at the new buffer */ |
| 317 | 334 | ||
| 318 | /* Set the state for the following operations */ | ||
| 319 | s->rstate=SSL_ST_READ_HEADER; | ||
| 320 | |||
| 321 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] | 335 | /* We now have - encrypted [ MAC [ compressed [ plain ] ] ] |
| 322 | * rr->length bytes of encrypted compressed stuff. */ | 336 | * rr->length bytes of encrypted compressed stuff. */ |
| 323 | 337 | ||
| 324 | /* check is not needed I belive */ | 338 | /* check is not needed I believe */ |
| 325 | if (rr->length > (unsigned int)SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) | 339 | if (rr->length > SSL3_RT_MAX_ENCRYPTED_LENGTH+extra) |
| 326 | { | 340 | { |
| 327 | al=SSL_AD_RECORD_OVERFLOW; | 341 | al=SSL_AD_RECORD_OVERFLOW; |
| 328 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); | 342 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_ENCRYPTED_LENGTH_TOO_LONG); |
| @@ -331,18 +345,24 @@ again: | |||
| 331 | 345 | ||
| 332 | /* decrypt in place in 'rr->input' */ | 346 | /* decrypt in place in 'rr->input' */ |
| 333 | rr->data=rr->input; | 347 | rr->data=rr->input; |
| 334 | memcpy(tmp_buf,rr->input,(rr->length > 512)?512:rr->length); | ||
| 335 | 348 | ||
| 336 | if (!s->method->ssl3_enc->enc(s,0)) | 349 | enc_err = s->method->ssl3_enc->enc(s,0); |
| 350 | if (enc_err <= 0) | ||
| 337 | { | 351 | { |
| 338 | al=SSL_AD_DECRYPT_ERROR; | 352 | if (enc_err == 0) |
| 339 | goto f_err; | 353 | /* SSLerr() and ssl3_send_alert() have been called */ |
| 354 | goto err; | ||
| 355 | |||
| 356 | /* otherwise enc_err == -1 */ | ||
| 357 | goto decryption_failed_or_bad_record_mac; | ||
| 340 | } | 358 | } |
| 359 | |||
| 341 | #ifdef TLS_DEBUG | 360 | #ifdef TLS_DEBUG |
| 342 | printf("dec %d\n",rr->length); | 361 | printf("dec %d\n",rr->length); |
| 343 | { int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } | 362 | { unsigned int z; for (z=0; z<rr->length; z++) printf("%02X%c",rr->data[z],((z+1)%16)?' ':'\n'); } |
| 344 | printf("\n"); | 363 | printf("\n"); |
| 345 | #endif | 364 | #endif |
| 365 | |||
| 346 | /* r->length is now the compressed data plus mac */ | 366 | /* r->length is now the compressed data plus mac */ |
| 347 | if ( (sess == NULL) || | 367 | if ( (sess == NULL) || |
| 348 | (s->enc_read_ctx == NULL) || | 368 | (s->enc_read_ctx == NULL) || |
| @@ -355,33 +375,37 @@ printf("\n"); | |||
| 355 | 375 | ||
| 356 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) | 376 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra+mac_size) |
| 357 | { | 377 | { |
| 378 | #if 0 /* OK only for stream ciphers (then rr->length is visible from ciphertext anyway) */ | ||
| 358 | al=SSL_AD_RECORD_OVERFLOW; | 379 | al=SSL_AD_RECORD_OVERFLOW; |
| 359 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); | 380 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_PRE_MAC_LENGTH_TOO_LONG); |
| 360 | goto f_err; | 381 | goto f_err; |
| 382 | #else | ||
| 383 | goto decryption_failed_or_bad_record_mac; | ||
| 384 | #endif | ||
| 361 | } | 385 | } |
| 362 | /* check MAC for rr->input' */ | 386 | /* check the MAC for rr->input (it's in mac_size bytes at the tail) */ |
| 363 | if (rr->length < mac_size) | 387 | if (rr->length < mac_size) |
| 364 | { | 388 | { |
| 389 | #if 0 /* OK only for stream ciphers */ | ||
| 365 | al=SSL_AD_DECODE_ERROR; | 390 | al=SSL_AD_DECODE_ERROR; |
| 366 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); | 391 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_LENGTH_TOO_SHORT); |
| 367 | goto f_err; | 392 | goto f_err; |
| 393 | #else | ||
| 394 | goto decryption_failed_or_bad_record_mac; | ||
| 395 | #endif | ||
| 368 | } | 396 | } |
| 369 | rr->length-=mac_size; | 397 | rr->length-=mac_size; |
| 370 | i=s->method->ssl3_enc->mac(s,md,0); | 398 | i=s->method->ssl3_enc->mac(s,md,0); |
| 371 | if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) | 399 | if (memcmp(md,&(rr->data[rr->length]),mac_size) != 0) |
| 372 | { | 400 | { |
| 373 | al=SSL_AD_BAD_RECORD_MAC; | 401 | goto decryption_failed_or_bad_record_mac; |
| 374 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_BAD_MAC_DECODE); | ||
| 375 | ret= -1; | ||
| 376 | goto f_err; | ||
| 377 | } | 402 | } |
| 378 | } | 403 | } |
| 379 | 404 | ||
| 380 | /* r->length is now just compressed */ | 405 | /* r->length is now just compressed */ |
| 381 | if ((sess != NULL) && (sess->read_compression != NULL)) | 406 | if (s->expand != NULL) |
| 382 | { | 407 | { |
| 383 | if (rr->length > | 408 | if (rr->length > SSL3_RT_MAX_COMPRESSED_LENGTH+extra) |
| 384 | (unsigned int)SSL3_RT_MAX_COMPRESSED_LENGTH+extra) | ||
| 385 | { | 409 | { |
| 386 | al=SSL_AD_RECORD_OVERFLOW; | 410 | al=SSL_AD_RECORD_OVERFLOW; |
| 387 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); | 411 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_COMPRESSED_LENGTH_TOO_LONG); |
| @@ -395,7 +419,7 @@ printf("\n"); | |||
| 395 | } | 419 | } |
| 396 | } | 420 | } |
| 397 | 421 | ||
| 398 | if (rr->length > (unsigned int)SSL3_RT_MAX_PLAIN_LENGTH+extra) | 422 | if (rr->length > SSL3_RT_MAX_PLAIN_LENGTH+extra) |
| 399 | { | 423 | { |
| 400 | al=SSL_AD_RECORD_OVERFLOW; | 424 | al=SSL_AD_RECORD_OVERFLOW; |
| 401 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); | 425 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DATA_LENGTH_TOO_LONG); |
| @@ -418,33 +442,62 @@ printf("\n"); | |||
| 418 | if (rr->length == 0) goto again; | 442 | if (rr->length == 0) goto again; |
| 419 | 443 | ||
| 420 | return(1); | 444 | return(1); |
| 445 | |||
| 446 | decryption_failed_or_bad_record_mac: | ||
| 447 | /* Separate 'decryption_failed' alert was introduced with TLS 1.0, | ||
| 448 | * SSL 3.0 only has 'bad_record_mac'. But unless a decryption | ||
| 449 | * failure is directly visible from the ciphertext anyway, | ||
| 450 | * we should not reveal which kind of error occured -- this | ||
| 451 | * might become visible to an attacker (e.g. via logfile) */ | ||
| 452 | al=SSL_AD_BAD_RECORD_MAC; | ||
| 453 | SSLerr(SSL_F_SSL3_GET_RECORD,SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC); | ||
| 421 | f_err: | 454 | f_err: |
| 422 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 455 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 423 | err: | 456 | err: |
| 424 | return(ret); | 457 | return(ret); |
| 425 | } | 458 | } |
| 426 | 459 | ||
| 427 | static int do_uncompress(ssl) | 460 | static int do_uncompress(SSL *ssl) |
| 428 | SSL *ssl; | ||
| 429 | { | 461 | { |
| 462 | int i; | ||
| 463 | SSL3_RECORD *rr; | ||
| 464 | |||
| 465 | rr= &(ssl->s3->rrec); | ||
| 466 | i=COMP_expand_block(ssl->expand,rr->comp, | ||
| 467 | SSL3_RT_MAX_PLAIN_LENGTH,rr->data,(int)rr->length); | ||
| 468 | if (i < 0) | ||
| 469 | return(0); | ||
| 470 | else | ||
| 471 | rr->length=i; | ||
| 472 | rr->data=rr->comp; | ||
| 473 | |||
| 430 | return(1); | 474 | return(1); |
| 431 | } | 475 | } |
| 432 | 476 | ||
| 433 | static int do_compress(ssl) | 477 | static int do_compress(SSL *ssl) |
| 434 | SSL *ssl; | ||
| 435 | { | 478 | { |
| 479 | int i; | ||
| 480 | SSL3_RECORD *wr; | ||
| 481 | |||
| 482 | wr= &(ssl->s3->wrec); | ||
| 483 | i=COMP_compress_block(ssl->compress,wr->data, | ||
| 484 | SSL3_RT_MAX_COMPRESSED_LENGTH, | ||
| 485 | wr->input,(int)wr->length); | ||
| 486 | if (i < 0) | ||
| 487 | return(0); | ||
| 488 | else | ||
| 489 | wr->length=i; | ||
| 490 | |||
| 491 | wr->input=wr->data; | ||
| 436 | return(1); | 492 | return(1); |
| 437 | } | 493 | } |
| 438 | 494 | ||
| 439 | /* Call this to write data | 495 | /* Call this to write data in records of type 'type' |
| 440 | * It will return <= 0 if not all data has been sent or non-blocking IO. | 496 | * It will return <= 0 if not all data has been sent or non-blocking IO. |
| 441 | */ | 497 | */ |
| 442 | int ssl3_write_bytes(s,type,buf,len) | 498 | int ssl3_write_bytes(SSL *s, int type, const void *buf_, int len) |
| 443 | SSL *s; | ||
| 444 | int type; | ||
| 445 | char *buf; | ||
| 446 | int len; | ||
| 447 | { | 499 | { |
| 500 | const unsigned char *buf=buf_; | ||
| 448 | unsigned int tot,n,nw; | 501 | unsigned int tot,n,nw; |
| 449 | int i; | 502 | int i; |
| 450 | 503 | ||
| @@ -459,7 +512,7 @@ int len; | |||
| 459 | if (i == 0) | 512 | if (i == 0) |
| 460 | { | 513 | { |
| 461 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | 514 | SSLerr(SSL_F_SSL3_WRITE_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); |
| 462 | return(-1); | 515 | return -1; |
| 463 | } | 516 | } |
| 464 | } | 517 | } |
| 465 | 518 | ||
| @@ -470,37 +523,41 @@ int len; | |||
| 470 | nw=SSL3_RT_MAX_PLAIN_LENGTH; | 523 | nw=SSL3_RT_MAX_PLAIN_LENGTH; |
| 471 | else | 524 | else |
| 472 | nw=n; | 525 | nw=n; |
| 473 | 526 | ||
| 474 | i=do_ssl3_write(s,type,&(buf[tot]),nw); | 527 | i=do_ssl3_write(s, type, &(buf[tot]), nw, 0); |
| 475 | if (i <= 0) | 528 | if (i <= 0) |
| 476 | { | 529 | { |
| 477 | s->s3->wnum=tot; | 530 | s->s3->wnum=tot; |
| 478 | return(i); | 531 | return i; |
| 479 | } | 532 | } |
| 480 | 533 | ||
| 481 | if (type == SSL3_RT_HANDSHAKE) | 534 | if ((i == (int)n) || |
| 482 | ssl3_finish_mac(s,(unsigned char *)&(buf[tot]),i); | 535 | (type == SSL3_RT_APPLICATION_DATA && |
| 483 | 536 | (s->mode & SSL_MODE_ENABLE_PARTIAL_WRITE))) | |
| 484 | if (i == (int)n) return(tot+i); | 537 | { |
| 538 | /* next chunk of data should get another prepended empty fragment | ||
| 539 | * in ciphersuites with known-IV weakness: */ | ||
| 540 | s->s3->empty_fragment_done = 0; | ||
| 541 | |||
| 542 | return tot+i; | ||
| 543 | } | ||
| 485 | 544 | ||
| 486 | n-=i; | 545 | n-=i; |
| 487 | tot+=i; | 546 | tot+=i; |
| 488 | } | 547 | } |
| 489 | } | 548 | } |
| 490 | 549 | ||
| 491 | static int do_ssl3_write(s,type,buf,len) | 550 | static int do_ssl3_write(SSL *s, int type, const unsigned char *buf, |
| 492 | SSL *s; | 551 | unsigned int len, int create_empty_fragment) |
| 493 | int type; | ||
| 494 | char *buf; | ||
| 495 | unsigned int len; | ||
| 496 | { | 552 | { |
| 497 | unsigned char *p,*plen; | 553 | unsigned char *p,*plen; |
| 498 | int i,mac_size,clear=0; | 554 | int i,mac_size,clear=0; |
| 555 | int prefix_len = 0; | ||
| 499 | SSL3_RECORD *wr; | 556 | SSL3_RECORD *wr; |
| 500 | SSL3_BUFFER *wb; | 557 | SSL3_BUFFER *wb; |
| 501 | SSL_SESSION *sess; | 558 | SSL_SESSION *sess; |
| 502 | 559 | ||
| 503 | /* first check is there is a SSL3_RECORD still being written | 560 | /* first check if there is a SSL3_BUFFER still being written |
| 504 | * out. This will happen with non blocking IO */ | 561 | * out. This will happen with non blocking IO */ |
| 505 | if (s->s3->wbuf.left != 0) | 562 | if (s->s3->wbuf.left != 0) |
| 506 | return(ssl3_write_pending(s,type,buf,len)); | 563 | return(ssl3_write_pending(s,type,buf,len)); |
| @@ -514,8 +571,9 @@ unsigned int len; | |||
| 514 | /* if it went, fall through and send more stuff */ | 571 | /* if it went, fall through and send more stuff */ |
| 515 | } | 572 | } |
| 516 | 573 | ||
| 517 | if (len <= 0) return(len); | 574 | if (len == 0 && !create_empty_fragment) |
| 518 | 575 | return 0; | |
| 576 | |||
| 519 | wr= &(s->s3->wrec); | 577 | wr= &(s->s3->wrec); |
| 520 | wb= &(s->s3->wbuf); | 578 | wb= &(s->s3->wbuf); |
| 521 | sess=s->session; | 579 | sess=s->session; |
| @@ -530,19 +588,47 @@ unsigned int len; | |||
| 530 | else | 588 | else |
| 531 | mac_size=EVP_MD_size(s->write_hash); | 589 | mac_size=EVP_MD_size(s->write_hash); |
| 532 | 590 | ||
| 533 | p=wb->buf; | 591 | /* 'create_empty_fragment' is true only when this function calls itself */ |
| 592 | if (!clear && !create_empty_fragment && !s->s3->empty_fragment_done) | ||
| 593 | { | ||
| 594 | /* countermeasure against known-IV weakness in CBC ciphersuites | ||
| 595 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
| 596 | |||
| 597 | if (s->s3->need_empty_fragments && type == SSL3_RT_APPLICATION_DATA) | ||
| 598 | { | ||
| 599 | /* recursive function call with 'create_empty_fragment' set; | ||
| 600 | * this prepares and buffers the data for an empty fragment | ||
| 601 | * (these 'prefix_len' bytes are sent out later | ||
| 602 | * together with the actual payload) */ | ||
| 603 | prefix_len = do_ssl3_write(s, type, buf, 0, 1); | ||
| 604 | if (prefix_len <= 0) | ||
| 605 | goto err; | ||
| 606 | |||
| 607 | if (s->s3->wbuf.len < (size_t)prefix_len + SSL3_RT_MAX_PACKET_SIZE) | ||
| 608 | { | ||
| 609 | /* insufficient space */ | ||
| 610 | SSLerr(SSL_F_DO_SSL3_WRITE, ERR_R_INTERNAL_ERROR); | ||
| 611 | goto err; | ||
| 612 | } | ||
| 613 | } | ||
| 614 | |||
| 615 | s->s3->empty_fragment_done = 1; | ||
| 616 | } | ||
| 617 | |||
| 618 | p = wb->buf + prefix_len; | ||
| 534 | 619 | ||
| 535 | /* write the header */ | 620 | /* write the header */ |
| 621 | |||
| 536 | *(p++)=type&0xff; | 622 | *(p++)=type&0xff; |
| 537 | wr->type=type; | 623 | wr->type=type; |
| 538 | 624 | ||
| 539 | *(p++)=(s->version>>8); | 625 | *(p++)=(s->version>>8); |
| 540 | *(p++)=s->version&0xff; | 626 | *(p++)=s->version&0xff; |
| 541 | 627 | ||
| 542 | /* record where we are to write out packet length */ | 628 | /* field where we are to write out packet length */ |
| 543 | plen=p; | 629 | plen=p; |
| 544 | p+=2; | 630 | p+=2; |
| 545 | 631 | ||
| 546 | /* lets setup the record stuff. */ | 632 | /* lets setup the record stuff. */ |
| 547 | wr->data=p; | 633 | wr->data=p; |
| 548 | wr->length=(int)len; | 634 | wr->length=(int)len; |
| @@ -552,7 +638,7 @@ unsigned int len; | |||
| 552 | * wr->data */ | 638 | * wr->data */ |
| 553 | 639 | ||
| 554 | /* first we compress */ | 640 | /* first we compress */ |
| 555 | if ((sess != NULL) && (sess->write_compression != NULL)) | 641 | if (s->compress != NULL) |
| 556 | { | 642 | { |
| 557 | if (!do_compress(s)) | 643 | if (!do_compress(s)) |
| 558 | { | 644 | { |
| @@ -590,32 +676,40 @@ unsigned int len; | |||
| 590 | wr->type=type; /* not needed but helps for debugging */ | 676 | wr->type=type; /* not needed but helps for debugging */ |
| 591 | wr->length+=SSL3_RT_HEADER_LENGTH; | 677 | wr->length+=SSL3_RT_HEADER_LENGTH; |
| 592 | 678 | ||
| 593 | /* Now lets setup wb */ | 679 | if (create_empty_fragment) |
| 594 | wb->left=wr->length; | 680 | { |
| 595 | wb->offset=0; | 681 | /* we are in a recursive call; |
| 682 | * just return the length, don't write out anything here | ||
| 683 | */ | ||
| 684 | return wr->length; | ||
| 685 | } | ||
| 686 | |||
| 687 | /* now let's set up wb */ | ||
| 688 | wb->left = prefix_len + wr->length; | ||
| 689 | wb->offset = 0; | ||
| 596 | 690 | ||
| 691 | /* memorize arguments so that ssl3_write_pending can detect bad write retries later */ | ||
| 597 | s->s3->wpend_tot=len; | 692 | s->s3->wpend_tot=len; |
| 598 | s->s3->wpend_buf=buf; | 693 | s->s3->wpend_buf=buf; |
| 599 | s->s3->wpend_type=type; | 694 | s->s3->wpend_type=type; |
| 600 | s->s3->wpend_ret=len; | 695 | s->s3->wpend_ret=len; |
| 601 | 696 | ||
| 602 | /* we now just need to write the buffer */ | 697 | /* we now just need to write the buffer */ |
| 603 | return(ssl3_write_pending(s,type,buf,len)); | 698 | return ssl3_write_pending(s,type,buf,len); |
| 604 | err: | 699 | err: |
| 605 | return(-1); | 700 | return -1; |
| 606 | } | 701 | } |
| 607 | 702 | ||
| 608 | /* if s->s3->wbuf.left != 0, we need to call this */ | 703 | /* if s->s3->wbuf.left != 0, we need to call this */ |
| 609 | static int ssl3_write_pending(s,type,buf,len) | 704 | static int ssl3_write_pending(SSL *s, int type, const unsigned char *buf, |
| 610 | SSL *s; | 705 | unsigned int len) |
| 611 | int type; | ||
| 612 | char *buf; | ||
| 613 | unsigned int len; | ||
| 614 | { | 706 | { |
| 615 | int i; | 707 | int i; |
| 616 | 708 | ||
| 617 | /* XXXX */ | 709 | /* XXXX */ |
| 618 | if ((s->s3->wpend_tot > (int)len) || (s->s3->wpend_buf != buf) | 710 | if ((s->s3->wpend_tot > (int)len) |
| 711 | || ((s->s3->wpend_buf != buf) && | ||
| 712 | !(s->mode & SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER)) | ||
| 619 | || (s->s3->wpend_type != type)) | 713 | || (s->s3->wpend_type != type)) |
| 620 | { | 714 | { |
| 621 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); | 715 | SSLerr(SSL_F_SSL3_WRITE_PENDING,SSL_R_BAD_WRITE_RETRY); |
| @@ -650,23 +744,77 @@ unsigned int len; | |||
| 650 | } | 744 | } |
| 651 | } | 745 | } |
| 652 | 746 | ||
| 653 | int ssl3_read_bytes(s,type,buf,len) | 747 | /* Return up to 'len' payload bytes received in 'type' records. |
| 654 | SSL *s; | 748 | * 'type' is one of the following: |
| 655 | int type; | 749 | * |
| 656 | char *buf; | 750 | * - SSL3_RT_HANDSHAKE (when ssl3_get_message calls us) |
| 657 | int len; | 751 | * - SSL3_RT_APPLICATION_DATA (when ssl3_read calls us) |
| 752 | * - 0 (during a shutdown, no data has to be returned) | ||
| 753 | * | ||
| 754 | * If we don't have stored data to work from, read a SSL/TLS record first | ||
| 755 | * (possibly multiple records if we still don't have anything to return). | ||
| 756 | * | ||
| 757 | * This function must handle any surprises the peer may have for us, such as | ||
| 758 | * Alert records (e.g. close_notify), ChangeCipherSpec records (not really | ||
| 759 | * a surprise, but handled as if it were), or renegotiation requests. | ||
| 760 | * Also if record payloads contain fragments too small to process, we store | ||
| 761 | * them until there is enough for the respective protocol (the record protocol | ||
| 762 | * may use arbitrary fragmentation and even interleaving): | ||
| 763 | * Change cipher spec protocol | ||
| 764 | * just 1 byte needed, no need for keeping anything stored | ||
| 765 | * Alert protocol | ||
| 766 | * 2 bytes needed (AlertLevel, AlertDescription) | ||
| 767 | * Handshake protocol | ||
| 768 | * 4 bytes needed (HandshakeType, uint24 length) -- we just have | ||
| 769 | * to detect unexpected Client Hello and Hello Request messages | ||
| 770 | * here, anything else is handled by higher layers | ||
| 771 | * Application data protocol | ||
| 772 | * none of our business | ||
| 773 | */ | ||
| 774 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek) | ||
| 658 | { | 775 | { |
| 659 | int al,i,j,n,ret; | 776 | int al,i,j,ret; |
| 777 | unsigned int n; | ||
| 660 | SSL3_RECORD *rr; | 778 | SSL3_RECORD *rr; |
| 661 | void (*cb)()=NULL; | 779 | void (*cb)(const SSL *ssl,int type2,int val)=NULL; |
| 662 | BIO *bio; | ||
| 663 | 780 | ||
| 664 | if (s->s3->rbuf.buf == NULL) /* Not initalised yet */ | 781 | if (s->s3->rbuf.buf == NULL) /* Not initialized yet */ |
| 665 | if (!ssl3_setup_buffers(s)) | 782 | if (!ssl3_setup_buffers(s)) |
| 666 | return(-1); | 783 | return(-1); |
| 667 | 784 | ||
| 785 | if ((type && (type != SSL3_RT_APPLICATION_DATA) && (type != SSL3_RT_HANDSHAKE) && type) || | ||
| 786 | (peek && (type != SSL3_RT_APPLICATION_DATA))) | ||
| 787 | { | ||
| 788 | SSLerr(SSL_F_SSL3_READ_BYTES, ERR_R_INTERNAL_ERROR); | ||
| 789 | return -1; | ||
| 790 | } | ||
| 791 | |||
| 792 | if ((type == SSL3_RT_HANDSHAKE) && (s->s3->handshake_fragment_len > 0)) | ||
| 793 | /* (partially) satisfy request from storage */ | ||
| 794 | { | ||
| 795 | unsigned char *src = s->s3->handshake_fragment; | ||
| 796 | unsigned char *dst = buf; | ||
| 797 | unsigned int k; | ||
| 798 | |||
| 799 | /* peek == 0 */ | ||
| 800 | n = 0; | ||
| 801 | while ((len > 0) && (s->s3->handshake_fragment_len > 0)) | ||
| 802 | { | ||
| 803 | *dst++ = *src++; | ||
| 804 | len--; s->s3->handshake_fragment_len--; | ||
| 805 | n++; | ||
| 806 | } | ||
| 807 | /* move any remaining fragment bytes: */ | ||
| 808 | for (k = 0; k < s->s3->handshake_fragment_len; k++) | ||
| 809 | s->s3->handshake_fragment[k] = *src++; | ||
| 810 | return n; | ||
| 811 | } | ||
| 812 | |||
| 813 | /* Now s->s3->handshake_fragment_len == 0 if type == SSL3_RT_HANDSHAKE. */ | ||
| 814 | |||
| 668 | if (!s->in_handshake && SSL_in_init(s)) | 815 | if (!s->in_handshake && SSL_in_init(s)) |
| 669 | { | 816 | { |
| 817 | /* type == SSL3_RT_APPLICATION_DATA */ | ||
| 670 | i=s->handshake_func(s); | 818 | i=s->handshake_func(s); |
| 671 | if (i < 0) return(i); | 819 | if (i < 0) return(i); |
| 672 | if (i == 0) | 820 | if (i == 0) |
| @@ -678,13 +826,13 @@ int len; | |||
| 678 | start: | 826 | start: |
| 679 | s->rwstate=SSL_NOTHING; | 827 | s->rwstate=SSL_NOTHING; |
| 680 | 828 | ||
| 681 | /* s->s3->rrec.type - is the type of record | 829 | /* s->s3->rrec.type - is the type of record |
| 682 | * s->s3->rrec.data, - data | 830 | * s->s3->rrec.data, - data |
| 683 | * s->s3->rrec.off, - ofset into 'data' for next read | 831 | * s->s3->rrec.off, - offset into 'data' for next read |
| 684 | * s->s3->rrec.length, - number of bytes. */ | 832 | * s->s3->rrec.length, - number of bytes. */ |
| 685 | rr= &(s->s3->rrec); | 833 | rr = &(s->s3->rrec); |
| 686 | 834 | ||
| 687 | /* get new packet */ | 835 | /* get new packet if necessary */ |
| 688 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) | 836 | if ((rr->length == 0) || (s->rstate == SSL_ST_READ_BODY)) |
| 689 | { | 837 | { |
| 690 | ret=ssl3_get_record(s); | 838 | ret=ssl3_get_record(s); |
| @@ -693,14 +841,17 @@ start: | |||
| 693 | 841 | ||
| 694 | /* we now have a packet which can be read and processed */ | 842 | /* we now have a packet which can be read and processed */ |
| 695 | 843 | ||
| 696 | if (s->s3->change_cipher_spec && (rr->type != SSL3_RT_HANDSHAKE)) | 844 | if (s->s3->change_cipher_spec /* set when we receive ChangeCipherSpec, |
| 845 | * reset by ssl3_get_finished */ | ||
| 846 | && (rr->type != SSL3_RT_HANDSHAKE)) | ||
| 697 | { | 847 | { |
| 698 | al=SSL_AD_UNEXPECTED_MESSAGE; | 848 | al=SSL_AD_UNEXPECTED_MESSAGE; |
| 699 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); | 849 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_DATA_BETWEEN_CCS_AND_FINISHED); |
| 700 | goto err; | 850 | goto err; |
| 701 | } | 851 | } |
| 702 | 852 | ||
| 703 | /* If the other end has shutdown, throw anything we read away */ | 853 | /* If the other end has shut down, throw anything we read away |
| 854 | * (even in 'peek' mode) */ | ||
| 704 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 855 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) |
| 705 | { | 856 | { |
| 706 | rr->length=0; | 857 | rr->length=0; |
| @@ -708,19 +859,107 @@ start: | |||
| 708 | return(0); | 859 | return(0); |
| 709 | } | 860 | } |
| 710 | 861 | ||
| 711 | /* Check for an incoming 'Client Request' message */ | 862 | |
| 712 | if ((rr->type == SSL3_RT_HANDSHAKE) && (rr->length == 4) && | 863 | if (type == rr->type) /* SSL3_RT_APPLICATION_DATA or SSL3_RT_HANDSHAKE */ |
| 713 | (rr->data[0] == SSL3_MT_CLIENT_REQUEST) && | 864 | { |
| 865 | /* make sure that we are not getting application data when we | ||
| 866 | * are doing a handshake for the first time */ | ||
| 867 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
| 868 | (s->enc_read_ctx == NULL)) | ||
| 869 | { | ||
| 870 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 871 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); | ||
| 872 | goto f_err; | ||
| 873 | } | ||
| 874 | |||
| 875 | if (len <= 0) return(len); | ||
| 876 | |||
| 877 | if ((unsigned int)len > rr->length) | ||
| 878 | n = rr->length; | ||
| 879 | else | ||
| 880 | n = (unsigned int)len; | ||
| 881 | |||
| 882 | memcpy(buf,&(rr->data[rr->off]),n); | ||
| 883 | if (!peek) | ||
| 884 | { | ||
| 885 | rr->length-=n; | ||
| 886 | rr->off+=n; | ||
| 887 | if (rr->length == 0) | ||
| 888 | { | ||
| 889 | s->rstate=SSL_ST_READ_HEADER; | ||
| 890 | rr->off=0; | ||
| 891 | } | ||
| 892 | } | ||
| 893 | return(n); | ||
| 894 | } | ||
| 895 | |||
| 896 | |||
| 897 | /* If we get here, then type != rr->type; if we have a handshake | ||
| 898 | * message, then it was unexpected (Hello Request or Client Hello). */ | ||
| 899 | |||
| 900 | /* In case of record types for which we have 'fragment' storage, | ||
| 901 | * fill that so that we can process the data at a fixed place. | ||
| 902 | */ | ||
| 903 | { | ||
| 904 | unsigned int dest_maxlen = 0; | ||
| 905 | unsigned char *dest = NULL; | ||
| 906 | unsigned int *dest_len = NULL; | ||
| 907 | |||
| 908 | if (rr->type == SSL3_RT_HANDSHAKE) | ||
| 909 | { | ||
| 910 | dest_maxlen = sizeof s->s3->handshake_fragment; | ||
| 911 | dest = s->s3->handshake_fragment; | ||
| 912 | dest_len = &s->s3->handshake_fragment_len; | ||
| 913 | } | ||
| 914 | else if (rr->type == SSL3_RT_ALERT) | ||
| 915 | { | ||
| 916 | dest_maxlen = sizeof s->s3->alert_fragment; | ||
| 917 | dest = s->s3->alert_fragment; | ||
| 918 | dest_len = &s->s3->alert_fragment_len; | ||
| 919 | } | ||
| 920 | |||
| 921 | if (dest_maxlen > 0) | ||
| 922 | { | ||
| 923 | n = dest_maxlen - *dest_len; /* available space in 'dest' */ | ||
| 924 | if (rr->length < n) | ||
| 925 | n = rr->length; /* available bytes */ | ||
| 926 | |||
| 927 | /* now move 'n' bytes: */ | ||
| 928 | while (n-- > 0) | ||
| 929 | { | ||
| 930 | dest[(*dest_len)++] = rr->data[rr->off++]; | ||
| 931 | rr->length--; | ||
| 932 | } | ||
| 933 | |||
| 934 | if (*dest_len < dest_maxlen) | ||
| 935 | goto start; /* fragment was too small */ | ||
| 936 | } | ||
| 937 | } | ||
| 938 | |||
| 939 | /* s->s3->handshake_fragment_len == 4 iff rr->type == SSL3_RT_HANDSHAKE; | ||
| 940 | * s->s3->alert_fragment_len == 2 iff rr->type == SSL3_RT_ALERT. | ||
| 941 | * (Possibly rr is 'empty' now, i.e. rr->length may be 0.) */ | ||
| 942 | |||
| 943 | /* If we are a client, check for an incoming 'Hello Request': */ | ||
| 944 | if ((!s->server) && | ||
| 945 | (s->s3->handshake_fragment_len >= 4) && | ||
| 946 | (s->s3->handshake_fragment[0] == SSL3_MT_HELLO_REQUEST) && | ||
| 714 | (s->session != NULL) && (s->session->cipher != NULL)) | 947 | (s->session != NULL) && (s->session->cipher != NULL)) |
| 715 | { | 948 | { |
| 716 | if ((rr->data[1] != 0) || (rr->data[2] != 0) || | 949 | s->s3->handshake_fragment_len = 0; |
| 717 | (rr->data[3] != 0)) | 950 | |
| 951 | if ((s->s3->handshake_fragment[1] != 0) || | ||
| 952 | (s->s3->handshake_fragment[2] != 0) || | ||
| 953 | (s->s3->handshake_fragment[3] != 0)) | ||
| 718 | { | 954 | { |
| 719 | al=SSL_AD_DECODE_ERROR; | 955 | al=SSL_AD_DECODE_ERROR; |
| 720 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CLIENT_REQUEST); | 956 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_HELLO_REQUEST); |
| 721 | goto err; | 957 | goto err; |
| 722 | } | 958 | } |
| 723 | 959 | ||
| 960 | if (s->msg_callback) | ||
| 961 | s->msg_callback(0, s->version, SSL3_RT_HANDSHAKE, s->s3->handshake_fragment, 4, s, s->msg_callback_arg); | ||
| 962 | |||
| 724 | if (SSL_is_init_finished(s) && | 963 | if (SSL_is_init_finished(s) && |
| 725 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && | 964 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS) && |
| 726 | !s->s3->renegotiate) | 965 | !s->s3->renegotiate) |
| @@ -728,228 +967,231 @@ start: | |||
| 728 | ssl3_renegotiate(s); | 967 | ssl3_renegotiate(s); |
| 729 | if (ssl3_renegotiate_check(s)) | 968 | if (ssl3_renegotiate_check(s)) |
| 730 | { | 969 | { |
| 731 | n=s->handshake_func(s); | 970 | i=s->handshake_func(s); |
| 732 | if (n < 0) return(n); | 971 | if (i < 0) return(i); |
| 733 | if (n == 0) | 972 | if (i == 0) |
| 734 | { | 973 | { |
| 735 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | 974 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); |
| 736 | return(-1); | 975 | return(-1); |
| 737 | } | 976 | } |
| 977 | |||
| 978 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) | ||
| 979 | { | ||
| 980 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ | ||
| 981 | { | ||
| 982 | BIO *bio; | ||
| 983 | /* In the case where we try to read application data, | ||
| 984 | * but we trigger an SSL handshake, we return -1 with | ||
| 985 | * the retry option set. Otherwise renegotiation may | ||
| 986 | * cause nasty problems in the blocking world */ | ||
| 987 | s->rwstate=SSL_READING; | ||
| 988 | bio=SSL_get_rbio(s); | ||
| 989 | BIO_clear_retry_flags(bio); | ||
| 990 | BIO_set_retry_read(bio); | ||
| 991 | return(-1); | ||
| 992 | } | ||
| 993 | } | ||
| 738 | } | 994 | } |
| 739 | } | 995 | } |
| 740 | rr->length=0; | 996 | /* we either finished a handshake or ignored the request, |
| 741 | /* ZZZ */ goto start; | 997 | * now try again to obtain the (application) data we were asked for */ |
| 998 | goto start; | ||
| 742 | } | 999 | } |
| 743 | 1000 | ||
| 744 | /* if it is not the type we want, or we have shutdown and want | 1001 | if (s->s3->alert_fragment_len >= 2) |
| 745 | * the peer shutdown */ | ||
| 746 | if ((rr->type != type) || (s->shutdown & SSL_SENT_SHUTDOWN)) | ||
| 747 | { | 1002 | { |
| 748 | if (rr->type == SSL3_RT_ALERT) | 1003 | int alert_level = s->s3->alert_fragment[0]; |
| 749 | { | 1004 | int alert_descr = s->s3->alert_fragment[1]; |
| 750 | if ((rr->length != 2) || (rr->off != 0)) | ||
| 751 | { | ||
| 752 | al=SSL_AD_DECODE_ERROR; | ||
| 753 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_ALERT_RECORD); | ||
| 754 | goto f_err; | ||
| 755 | } | ||
| 756 | 1005 | ||
| 757 | i=rr->data[0]; | 1006 | s->s3->alert_fragment_len = 0; |
| 758 | n=rr->data[1]; | ||
| 759 | 1007 | ||
| 760 | /* clear from buffer */ | 1008 | if (s->msg_callback) |
| 761 | rr->length=0; | 1009 | s->msg_callback(0, s->version, SSL3_RT_ALERT, s->s3->alert_fragment, 2, s, s->msg_callback_arg); |
| 762 | 1010 | ||
| 763 | if (s->info_callback != NULL) | 1011 | if (s->info_callback != NULL) |
| 764 | cb=s->info_callback; | 1012 | cb=s->info_callback; |
| 765 | else if (s->ctx->info_callback != NULL) | 1013 | else if (s->ctx->info_callback != NULL) |
| 766 | cb=s->ctx->info_callback; | 1014 | cb=s->ctx->info_callback; |
| 767 | 1015 | ||
| 768 | if (cb != NULL) | 1016 | if (cb != NULL) |
| 769 | { | 1017 | { |
| 770 | j=(i<<8)|n; | 1018 | j = (alert_level << 8) | alert_descr; |
| 771 | cb(s,SSL_CB_READ_ALERT,j); | 1019 | cb(s, SSL_CB_READ_ALERT, j); |
| 772 | } | 1020 | } |
| 773 | 1021 | ||
| 774 | if (i == 1) | 1022 | if (alert_level == 1) /* warning */ |
| 775 | { | 1023 | { |
| 776 | s->s3->warn_alert=n; | 1024 | s->s3->warn_alert = alert_descr; |
| 777 | if (n == SSL_AD_CLOSE_NOTIFY) | 1025 | if (alert_descr == SSL_AD_CLOSE_NOTIFY) |
| 778 | { | ||
| 779 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
| 780 | return(0); | ||
| 781 | } | ||
| 782 | } | ||
| 783 | else if (i == 2) | ||
| 784 | { | 1026 | { |
| 785 | char tmp[16]; | 1027 | s->shutdown |= SSL_RECEIVED_SHUTDOWN; |
| 786 | |||
| 787 | s->rwstate=SSL_NOTHING; | ||
| 788 | s->s3->fatal_alert=n; | ||
| 789 | SSLerr(SSL_F_SSL3_READ_BYTES,1000+n); | ||
| 790 | sprintf(tmp,"%d",n); | ||
| 791 | ERR_add_error_data(2,"SSL alert number ",tmp); | ||
| 792 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
| 793 | SSL_CTX_remove_session(s->ctx,s->session); | ||
| 794 | return(0); | 1028 | return(0); |
| 795 | } | 1029 | } |
| 796 | else | ||
| 797 | { | ||
| 798 | al=SSL_AD_ILLEGAL_PARAMETER; | ||
| 799 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); | ||
| 800 | goto f_err; | ||
| 801 | } | ||
| 802 | |||
| 803 | rr->length=0; | ||
| 804 | goto start; | ||
| 805 | } | 1030 | } |
| 806 | 1031 | else if (alert_level == 2) /* fatal */ | |
| 807 | if (s->shutdown & SSL_SENT_SHUTDOWN) | ||
| 808 | { | 1032 | { |
| 1033 | char tmp[16]; | ||
| 1034 | |||
| 809 | s->rwstate=SSL_NOTHING; | 1035 | s->rwstate=SSL_NOTHING; |
| 810 | rr->length=0; | 1036 | s->s3->fatal_alert = alert_descr; |
| 1037 | SSLerr(SSL_F_SSL3_READ_BYTES, SSL_AD_REASON_OFFSET + alert_descr); | ||
| 1038 | BIO_snprintf(tmp,sizeof tmp,"%d",alert_descr); | ||
| 1039 | ERR_add_error_data(2,"SSL alert number ",tmp); | ||
| 1040 | s->shutdown|=SSL_RECEIVED_SHUTDOWN; | ||
| 1041 | SSL_CTX_remove_session(s->ctx,s->session); | ||
| 811 | return(0); | 1042 | return(0); |
| 812 | } | 1043 | } |
| 813 | 1044 | else | |
| 814 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
| 815 | { | 1045 | { |
| 816 | if ( (rr->length != 1) || (rr->off != 0) || | 1046 | al=SSL_AD_ILLEGAL_PARAMETER; |
| 817 | (rr->data[0] != SSL3_MT_CCS)) | 1047 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNKNOWN_ALERT_TYPE); |
| 818 | { | 1048 | goto f_err; |
| 819 | i=SSL_AD_ILLEGAL_PARAMETER; | ||
| 820 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); | ||
| 821 | goto err; | ||
| 822 | } | ||
| 823 | |||
| 824 | rr->length=0; | ||
| 825 | s->s3->change_cipher_spec=1; | ||
| 826 | if (!do_change_cipher_spec(s)) | ||
| 827 | goto err; | ||
| 828 | else | ||
| 829 | goto start; | ||
| 830 | } | 1049 | } |
| 831 | 1050 | ||
| 832 | /* else we have a handshake */ | 1051 | goto start; |
| 833 | if ((rr->type == SSL3_RT_HANDSHAKE) && | 1052 | } |
| 834 | !s->in_handshake) | 1053 | |
| 1054 | if (s->shutdown & SSL_SENT_SHUTDOWN) /* but we have not received a shutdown */ | ||
| 1055 | { | ||
| 1056 | s->rwstate=SSL_NOTHING; | ||
| 1057 | rr->length=0; | ||
| 1058 | return(0); | ||
| 1059 | } | ||
| 1060 | |||
| 1061 | if (rr->type == SSL3_RT_CHANGE_CIPHER_SPEC) | ||
| 1062 | { | ||
| 1063 | /* 'Change Cipher Spec' is just a single byte, so we know | ||
| 1064 | * exactly what the record payload has to look like */ | ||
| 1065 | if ( (rr->length != 1) || (rr->off != 0) || | ||
| 1066 | (rr->data[0] != SSL3_MT_CCS)) | ||
| 835 | { | 1067 | { |
| 836 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | 1068 | i=SSL_AD_ILLEGAL_PARAMETER; |
| 837 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | 1069 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_BAD_CHANGE_CIPHER_SPEC); |
| 838 | { | 1070 | goto err; |
| 839 | s->state=SSL_ST_BEFORE; | 1071 | } |
| 840 | s->new_session=1; | 1072 | |
| 841 | } | 1073 | rr->length=0; |
| 842 | n=s->handshake_func(s); | ||
| 843 | if (n < 0) return(n); | ||
| 844 | if (n == 0) | ||
| 845 | { | ||
| 846 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 847 | return(-1); | ||
| 848 | } | ||
| 849 | 1074 | ||
| 850 | /* In the case where we try to read application data | 1075 | if (s->msg_callback) |
| 851 | * the first time, but we trigger an SSL handshake, we | 1076 | s->msg_callback(0, s->version, SSL3_RT_CHANGE_CIPHER_SPEC, rr->data, 1, s, s->msg_callback_arg); |
| 852 | * return -1 with the retry option set. I do this | ||
| 853 | * otherwise renegotiation can cause nasty problems | ||
| 854 | * in the non-blocking world */ | ||
| 855 | 1077 | ||
| 856 | s->rwstate=SSL_READING; | 1078 | s->s3->change_cipher_spec=1; |
| 857 | bio=SSL_get_rbio(s); | 1079 | if (!do_change_cipher_spec(s)) |
| 858 | BIO_clear_retry_flags(bio); | 1080 | goto err; |
| 859 | BIO_set_retry_read(bio); | 1081 | else |
| 1082 | goto start; | ||
| 1083 | } | ||
| 1084 | |||
| 1085 | /* Unexpected handshake message (Client Hello, or protocol violation) */ | ||
| 1086 | if ((s->s3->handshake_fragment_len >= 4) && !s->in_handshake) | ||
| 1087 | { | ||
| 1088 | if (((s->state&SSL_ST_MASK) == SSL_ST_OK) && | ||
| 1089 | !(s->s3->flags & SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)) | ||
| 1090 | { | ||
| 1091 | #if 0 /* worked only because C operator preferences are not as expected (and | ||
| 1092 | * because this is not really needed for clients except for detecting | ||
| 1093 | * protocol violations): */ | ||
| 1094 | s->state=SSL_ST_BEFORE|(s->server) | ||
| 1095 | ?SSL_ST_ACCEPT | ||
| 1096 | :SSL_ST_CONNECT; | ||
| 1097 | #else | ||
| 1098 | s->state = s->server ? SSL_ST_ACCEPT : SSL_ST_CONNECT; | ||
| 1099 | #endif | ||
| 1100 | s->new_session=1; | ||
| 1101 | } | ||
| 1102 | i=s->handshake_func(s); | ||
| 1103 | if (i < 0) return(i); | ||
| 1104 | if (i == 0) | ||
| 1105 | { | ||
| 1106 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_SSL_HANDSHAKE_FAILURE); | ||
| 860 | return(-1); | 1107 | return(-1); |
| 861 | } | 1108 | } |
| 862 | 1109 | ||
| 863 | switch (rr->type) | 1110 | if (!(s->mode & SSL_MODE_AUTO_RETRY)) |
| 864 | { | 1111 | { |
| 865 | default: | 1112 | if (s->s3->rbuf.left == 0) /* no read-ahead left? */ |
| 866 | #ifndef NO_TLS | ||
| 867 | /* TLS just ignores unknown message types */ | ||
| 868 | if (s->version == TLS1_VERSION) | ||
| 869 | { | ||
| 870 | goto start; | ||
| 871 | } | ||
| 872 | #endif | ||
| 873 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
| 874 | case SSL3_RT_ALERT: | ||
| 875 | case SSL3_RT_HANDSHAKE: | ||
| 876 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 877 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
| 878 | goto f_err; | ||
| 879 | case SSL3_RT_APPLICATION_DATA: | ||
| 880 | /* At this point, we were expecting something else, | ||
| 881 | * but have application data. What we do is set the | ||
| 882 | * error, and return -1. On the way out, if the | ||
| 883 | * library was running inside ssl3_read() and it makes | ||
| 884 | * sense to read application data at this point, we | ||
| 885 | * will indulge it. This will mostly happen during | ||
| 886 | * session renegotiation. | ||
| 887 | */ | ||
| 888 | if (s->s3->in_read_app_data && | ||
| 889 | (s->s3->total_renegotiations != 0) && | ||
| 890 | (( | ||
| 891 | (s->state & SSL_ST_CONNECT) && | ||
| 892 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
| 893 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | ||
| 894 | ) || ( | ||
| 895 | (s->state & SSL_ST_ACCEPT) && | ||
| 896 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
| 897 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | ||
| 898 | ) | ||
| 899 | )) | ||
| 900 | { | 1113 | { |
| 901 | s->s3->in_read_app_data=0; | 1114 | BIO *bio; |
| 1115 | /* In the case where we try to read application data, | ||
| 1116 | * but we trigger an SSL handshake, we return -1 with | ||
| 1117 | * the retry option set. Otherwise renegotiation may | ||
| 1118 | * cause nasty problems in the blocking world */ | ||
| 1119 | s->rwstate=SSL_READING; | ||
| 1120 | bio=SSL_get_rbio(s); | ||
| 1121 | BIO_clear_retry_flags(bio); | ||
| 1122 | BIO_set_retry_read(bio); | ||
| 902 | return(-1); | 1123 | return(-1); |
| 903 | } | 1124 | } |
| 904 | else | ||
| 905 | { | ||
| 906 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 907 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
| 908 | goto f_err; | ||
| 909 | } | ||
| 910 | } | 1125 | } |
| 1126 | goto start; | ||
| 911 | } | 1127 | } |
| 912 | 1128 | ||
| 913 | /* make sure that we are not getting application data when we | 1129 | switch (rr->type) |
| 914 | * are doing a handshake for the first time */ | ||
| 915 | if (SSL_in_init(s) && (type == SSL3_RT_APPLICATION_DATA) && | ||
| 916 | (s->enc_read_ctx == NULL)) | ||
| 917 | { | 1130 | { |
| 1131 | default: | ||
| 1132 | #ifndef OPENSSL_NO_TLS | ||
| 1133 | /* TLS just ignores unknown message types */ | ||
| 1134 | if (s->version == TLS1_VERSION) | ||
| 1135 | { | ||
| 1136 | rr->length = 0; | ||
| 1137 | goto start; | ||
| 1138 | } | ||
| 1139 | #endif | ||
| 918 | al=SSL_AD_UNEXPECTED_MESSAGE; | 1140 | al=SSL_AD_UNEXPECTED_MESSAGE; |
| 919 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_APP_DATA_IN_HANDSHAKE); | 1141 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); |
| 920 | goto f_err; | 1142 | goto f_err; |
| 1143 | case SSL3_RT_CHANGE_CIPHER_SPEC: | ||
| 1144 | case SSL3_RT_ALERT: | ||
| 1145 | case SSL3_RT_HANDSHAKE: | ||
| 1146 | /* we already handled all of these, with the possible exception | ||
| 1147 | * of SSL3_RT_HANDSHAKE when s->in_handshake is set, but that | ||
| 1148 | * should not happen when type != rr->type */ | ||
| 1149 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1150 | SSLerr(SSL_F_SSL3_READ_BYTES,ERR_R_INTERNAL_ERROR); | ||
| 1151 | goto f_err; | ||
| 1152 | case SSL3_RT_APPLICATION_DATA: | ||
| 1153 | /* At this point, we were expecting handshake data, | ||
| 1154 | * but have application data. If the library was | ||
| 1155 | * running inside ssl3_read() (i.e. in_read_app_data | ||
| 1156 | * is set) and it makes sense to read application data | ||
| 1157 | * at this point (session renegotiation not yet started), | ||
| 1158 | * we will indulge it. | ||
| 1159 | */ | ||
| 1160 | if (s->s3->in_read_app_data && | ||
| 1161 | (s->s3->total_renegotiations != 0) && | ||
| 1162 | (( | ||
| 1163 | (s->state & SSL_ST_CONNECT) && | ||
| 1164 | (s->state >= SSL3_ST_CW_CLNT_HELLO_A) && | ||
| 1165 | (s->state <= SSL3_ST_CR_SRVR_HELLO_A) | ||
| 1166 | ) || ( | ||
| 1167 | (s->state & SSL_ST_ACCEPT) && | ||
| 1168 | (s->state <= SSL3_ST_SW_HELLO_REQ_A) && | ||
| 1169 | (s->state >= SSL3_ST_SR_CLNT_HELLO_A) | ||
| 1170 | ) | ||
| 1171 | )) | ||
| 1172 | { | ||
| 1173 | s->s3->in_read_app_data=2; | ||
| 1174 | return(-1); | ||
| 1175 | } | ||
| 1176 | else | ||
| 1177 | { | ||
| 1178 | al=SSL_AD_UNEXPECTED_MESSAGE; | ||
| 1179 | SSLerr(SSL_F_SSL3_READ_BYTES,SSL_R_UNEXPECTED_RECORD); | ||
| 1180 | goto f_err; | ||
| 1181 | } | ||
| 921 | } | 1182 | } |
| 1183 | /* not reached */ | ||
| 922 | 1184 | ||
| 923 | if (len <= 0) return(len); | ||
| 924 | |||
| 925 | if ((unsigned int)len > rr->length) | ||
| 926 | n=rr->length; | ||
| 927 | else | ||
| 928 | n=len; | ||
| 929 | |||
| 930 | memcpy(buf,&(rr->data[rr->off]),(unsigned int)n); | ||
| 931 | rr->length-=n; | ||
| 932 | rr->off+=n; | ||
| 933 | if (rr->length <= 0) | ||
| 934 | { | ||
| 935 | s->rstate=SSL_ST_READ_HEADER; | ||
| 936 | rr->off=0; | ||
| 937 | } | ||
| 938 | |||
| 939 | if (type == SSL3_RT_HANDSHAKE) | ||
| 940 | ssl3_finish_mac(s,(unsigned char *)buf,n); | ||
| 941 | return(n); | ||
| 942 | f_err: | 1185 | f_err: |
| 943 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1186 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 944 | err: | 1187 | err: |
| 945 | return(-1); | 1188 | return(-1); |
| 946 | } | 1189 | } |
| 947 | 1190 | ||
| 948 | static int do_change_cipher_spec(s) | 1191 | static int do_change_cipher_spec(SSL *s) |
| 949 | SSL *s; | ||
| 950 | { | 1192 | { |
| 951 | int i; | 1193 | int i; |
| 952 | unsigned char *sender; | 1194 | const char *sender; |
| 953 | int slen; | 1195 | int slen; |
| 954 | 1196 | ||
| 955 | if (s->state & SSL_ST_ACCEPT) | 1197 | if (s->state & SSL_ST_ACCEPT) |
| @@ -971,46 +1213,29 @@ SSL *s; | |||
| 971 | * the finished message */ | 1213 | * the finished message */ |
| 972 | if (s->state & SSL_ST_CONNECT) | 1214 | if (s->state & SSL_ST_CONNECT) |
| 973 | { | 1215 | { |
| 974 | sender=s->method->ssl3_enc->server_finished; | 1216 | sender=s->method->ssl3_enc->server_finished_label; |
| 975 | slen=s->method->ssl3_enc->server_finished_len; | 1217 | slen=s->method->ssl3_enc->server_finished_label_len; |
| 976 | } | 1218 | } |
| 977 | else | 1219 | else |
| 978 | { | 1220 | { |
| 979 | sender=s->method->ssl3_enc->client_finished; | 1221 | sender=s->method->ssl3_enc->client_finished_label; |
| 980 | slen=s->method->ssl3_enc->client_finished_len; | 1222 | slen=s->method->ssl3_enc->client_finished_label_len; |
| 981 | } | 1223 | } |
| 982 | 1224 | ||
| 983 | s->method->ssl3_enc->final_finish_mac(s, | 1225 | s->s3->tmp.peer_finish_md_len = s->method->ssl3_enc->final_finish_mac(s, |
| 984 | &(s->s3->finish_dgst1), | 1226 | &(s->s3->finish_dgst1), |
| 985 | &(s->s3->finish_dgst2), | 1227 | &(s->s3->finish_dgst2), |
| 986 | sender,slen,&(s->s3->tmp.finish_md[0])); | 1228 | sender,slen,s->s3->tmp.peer_finish_md); |
| 987 | 1229 | ||
| 988 | return(1); | 1230 | return(1); |
| 989 | } | 1231 | } |
| 990 | 1232 | ||
| 991 | int ssl3_do_write(s,type) | 1233 | void ssl3_send_alert(SSL *s, int level, int desc) |
| 992 | SSL *s; | ||
| 993 | int type; | ||
| 994 | { | ||
| 995 | int ret; | ||
| 996 | |||
| 997 | ret=ssl3_write_bytes(s,type,(char *) | ||
| 998 | &(s->init_buf->data[s->init_off]),s->init_num); | ||
| 999 | if (ret == s->init_num) | ||
| 1000 | return(1); | ||
| 1001 | if (ret < 0) return(-1); | ||
| 1002 | s->init_off+=ret; | ||
| 1003 | s->init_num-=ret; | ||
| 1004 | return(0); | ||
| 1005 | } | ||
| 1006 | |||
| 1007 | void ssl3_send_alert(s,level,desc) | ||
| 1008 | SSL *s; | ||
| 1009 | int level; | ||
| 1010 | int desc; | ||
| 1011 | { | 1234 | { |
| 1012 | /* Map tls/ssl alert value to correct one */ | 1235 | /* Map tls/ssl alert value to correct one */ |
| 1013 | desc=s->method->ssl3_enc->alert_value(desc); | 1236 | desc=s->method->ssl3_enc->alert_value(desc); |
| 1237 | if (s->version == SSL3_VERSION && desc == SSL_AD_PROTOCOL_VERSION) | ||
| 1238 | desc = SSL_AD_HANDSHAKE_FAILURE; /* SSL 3.0 does not have protocol_version alerts */ | ||
| 1014 | if (desc < 0) return; | 1239 | if (desc < 0) return; |
| 1015 | /* If a fatal one, remove from cache */ | 1240 | /* If a fatal one, remove from cache */ |
| 1016 | if ((level == 2) && (s->session != NULL)) | 1241 | if ((level == 2) && (s->session != NULL)) |
| @@ -1019,37 +1244,39 @@ int desc; | |||
| 1019 | s->s3->alert_dispatch=1; | 1244 | s->s3->alert_dispatch=1; |
| 1020 | s->s3->send_alert[0]=level; | 1245 | s->s3->send_alert[0]=level; |
| 1021 | s->s3->send_alert[1]=desc; | 1246 | s->s3->send_alert[1]=desc; |
| 1022 | if (s->s3->wbuf.left == 0) /* data still being written out */ | 1247 | if (s->s3->wbuf.left == 0) /* data still being written out? */ |
| 1023 | ssl3_dispatch_alert(s); | 1248 | ssl3_dispatch_alert(s); |
| 1024 | /* else data is still being written out, we will get written | 1249 | /* else data is still being written out, we will get written |
| 1025 | * some time in the future */ | 1250 | * some time in the future */ |
| 1026 | } | 1251 | } |
| 1027 | 1252 | ||
| 1028 | int ssl3_dispatch_alert(s) | 1253 | int ssl3_dispatch_alert(SSL *s) |
| 1029 | SSL *s; | ||
| 1030 | { | 1254 | { |
| 1031 | int i,j; | 1255 | int i,j; |
| 1032 | void (*cb)()=NULL; | 1256 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 1033 | 1257 | ||
| 1034 | s->s3->alert_dispatch=0; | 1258 | s->s3->alert_dispatch=0; |
| 1035 | i=do_ssl3_write(s,SSL3_RT_ALERT,&(s->s3->send_alert[0]),2); | 1259 | i = do_ssl3_write(s, SSL3_RT_ALERT, &s->s3->send_alert[0], 2, 0); |
| 1036 | if (i <= 0) | 1260 | if (i <= 0) |
| 1037 | { | 1261 | { |
| 1038 | s->s3->alert_dispatch=1; | 1262 | s->s3->alert_dispatch=1; |
| 1039 | } | 1263 | } |
| 1040 | else | 1264 | else |
| 1041 | { | 1265 | { |
| 1042 | /* If it is important, send it now. If the message | 1266 | /* Alert sent to BIO. If it is important, flush it now. |
| 1043 | * does not get sent due to non-blocking IO, we will | 1267 | * If the message does not get sent due to non-blocking IO, |
| 1044 | * not worry too much. */ | 1268 | * we will not worry too much. */ |
| 1045 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) | 1269 | if (s->s3->send_alert[0] == SSL3_AL_FATAL) |
| 1046 | BIO_flush(s->wbio); | 1270 | (void)BIO_flush(s->wbio); |
| 1271 | |||
| 1272 | if (s->msg_callback) | ||
| 1273 | s->msg_callback(1, s->version, SSL3_RT_ALERT, s->s3->send_alert, 2, s, s->msg_callback_arg); | ||
| 1047 | 1274 | ||
| 1048 | if (s->info_callback != NULL) | 1275 | if (s->info_callback != NULL) |
| 1049 | cb=s->info_callback; | 1276 | cb=s->info_callback; |
| 1050 | else if (s->ctx->info_callback != NULL) | 1277 | else if (s->ctx->info_callback != NULL) |
| 1051 | cb=s->ctx->info_callback; | 1278 | cb=s->ctx->info_callback; |
| 1052 | 1279 | ||
| 1053 | if (cb != NULL) | 1280 | if (cb != NULL) |
| 1054 | { | 1281 | { |
| 1055 | j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; | 1282 | j=(s->s3->send_alert[0]<<8)|s->s3->send_alert[1]; |
| @@ -1058,4 +1285,3 @@ SSL *s; | |||
| 1058 | } | 1285 | } |
| 1059 | return(i); | 1286 | return(i); |
| 1060 | } | 1287 | } |
| 1061 | |||
diff --git a/src/lib/libssl/s3_srvr.c b/src/lib/libssl/s3_srvr.c index 64903af151..99b6a86983 100644 --- a/src/lib/libssl/s3_srvr.c +++ b/src/lib/libssl/s3_srvr.c | |||
| @@ -55,52 +55,88 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #define REUSE_CIPHER_BUG | 112 | #define REUSE_CIPHER_BUG |
| 113 | #define NETSCAPE_HANG_BUG | ||
| 114 | |||
| 60 | 115 | ||
| 61 | #include <stdio.h> | 116 | #include <stdio.h> |
| 62 | #include "buffer.h" | 117 | #include <openssl/buffer.h> |
| 63 | #include "rand.h" | 118 | #include <openssl/rand.h> |
| 64 | #include "objects.h" | 119 | #include <openssl/objects.h> |
| 65 | #include "evp.h" | 120 | #include <openssl/evp.h> |
| 66 | #include "x509.h" | 121 | #include <openssl/x509.h> |
| 122 | #include <openssl/krb5_asn.h> | ||
| 67 | #include "ssl_locl.h" | 123 | #include "ssl_locl.h" |
| 124 | #include "kssl_lcl.h" | ||
| 125 | #include <openssl/md5.h> | ||
| 68 | 126 | ||
| 69 | #define BREAK break | 127 | static SSL_METHOD *ssl3_get_server_method(int ver); |
| 70 | /* SSLerr(SSL_F_SSL3_ACCEPT,ERR_R_MALLOC_FAILURE); | ||
| 71 | * SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,ERR_R_MALLOC_FAILURE); | ||
| 72 | * SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,ERR_R_MALLOC_FAILURE); | ||
| 73 | * SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_MALLOC_FAILURE); | ||
| 74 | * SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 75 | */ | ||
| 76 | |||
| 77 | #ifndef NOPROTO | ||
| 78 | static int ssl3_get_client_hello(SSL *s); | 128 | static int ssl3_get_client_hello(SSL *s); |
| 129 | static int ssl3_check_client_hello(SSL *s); | ||
| 79 | static int ssl3_send_server_hello(SSL *s); | 130 | static int ssl3_send_server_hello(SSL *s); |
| 80 | static int ssl3_send_server_key_exchange(SSL *s); | 131 | static int ssl3_send_server_key_exchange(SSL *s); |
| 81 | static int ssl3_send_certificate_request(SSL *s); | 132 | static int ssl3_send_certificate_request(SSL *s); |
| 82 | static int ssl3_send_server_done(SSL *s); | 133 | static int ssl3_send_server_done(SSL *s); |
| 83 | static int ssl3_get_cert_verify(SSL *s); | ||
| 84 | static int ssl3_get_client_key_exchange(SSL *s); | 134 | static int ssl3_get_client_key_exchange(SSL *s); |
| 85 | static int ssl3_get_client_certificate(SSL *s); | 135 | static int ssl3_get_client_certificate(SSL *s); |
| 136 | static int ssl3_get_cert_verify(SSL *s); | ||
| 86 | static int ssl3_send_hello_request(SSL *s); | 137 | static int ssl3_send_hello_request(SSL *s); |
| 87 | 138 | ||
| 88 | #else | 139 | static SSL_METHOD *ssl3_get_server_method(int ver) |
| 89 | |||
| 90 | static int ssl3_get_client_hello(); | ||
| 91 | static int ssl3_send_server_hello(); | ||
| 92 | static int ssl3_send_server_key_exchange(); | ||
| 93 | static int ssl3_send_certificate_request(); | ||
| 94 | static int ssl3_send_server_done(); | ||
| 95 | static int ssl3_get_cert_verify(); | ||
| 96 | static int ssl3_get_client_key_exchange(); | ||
| 97 | static int ssl3_get_client_certificate(); | ||
| 98 | static int ssl3_send_hello_request(); | ||
| 99 | |||
| 100 | #endif | ||
| 101 | |||
| 102 | static SSL_METHOD *ssl3_get_server_method(ver) | ||
| 103 | int ver; | ||
| 104 | { | 140 | { |
| 105 | if (ver == SSL3_VERSION) | 141 | if (ver == SSL3_VERSION) |
| 106 | return(SSLv3_server_method()); | 142 | return(SSLv3_server_method()); |
| @@ -108,35 +144,32 @@ int ver; | |||
| 108 | return(NULL); | 144 | return(NULL); |
| 109 | } | 145 | } |
| 110 | 146 | ||
| 111 | SSL_METHOD *SSLv3_server_method() | 147 | SSL_METHOD *SSLv3_server_method(void) |
| 112 | { | 148 | { |
| 113 | static int init=1; | 149 | static int init=1; |
| 114 | static SSL_METHOD SSLv3_server_data; | 150 | static SSL_METHOD SSLv3_server_data; |
| 115 | 151 | ||
| 116 | if (init) | 152 | if (init) |
| 117 | { | 153 | { |
| 118 | init=0; | ||
| 119 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), | 154 | memcpy((char *)&SSLv3_server_data,(char *)sslv3_base_method(), |
| 120 | sizeof(SSL_METHOD)); | 155 | sizeof(SSL_METHOD)); |
| 121 | SSLv3_server_data.ssl_accept=ssl3_accept; | 156 | SSLv3_server_data.ssl_accept=ssl3_accept; |
| 122 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; | 157 | SSLv3_server_data.get_ssl_method=ssl3_get_server_method; |
| 158 | init=0; | ||
| 123 | } | 159 | } |
| 124 | return(&SSLv3_server_data); | 160 | return(&SSLv3_server_data); |
| 125 | } | 161 | } |
| 126 | 162 | ||
| 127 | int ssl3_accept(s) | 163 | int ssl3_accept(SSL *s) |
| 128 | SSL *s; | ||
| 129 | { | 164 | { |
| 130 | BUF_MEM *buf; | 165 | BUF_MEM *buf; |
| 131 | unsigned long l,Time=time(NULL); | 166 | unsigned long l,Time=time(NULL); |
| 132 | void (*cb)()=NULL; | 167 | void (*cb)(const SSL *ssl,int type,int val)=NULL; |
| 133 | long num1; | 168 | long num1; |
| 134 | int ret= -1; | 169 | int ret= -1; |
| 135 | CERT *ct; | ||
| 136 | BIO *under; | ||
| 137 | int new_state,state,skip=0; | 170 | int new_state,state,skip=0; |
| 138 | 171 | ||
| 139 | RAND_seed((unsigned char *)&Time,sizeof(Time)); | 172 | RAND_add(&Time,sizeof(Time),0); |
| 140 | ERR_clear_error(); | 173 | ERR_clear_error(); |
| 141 | clear_sys_error(); | 174 | clear_sys_error(); |
| 142 | 175 | ||
| @@ -146,20 +179,14 @@ SSL *s; | |||
| 146 | cb=s->ctx->info_callback; | 179 | cb=s->ctx->info_callback; |
| 147 | 180 | ||
| 148 | /* init things to blank */ | 181 | /* init things to blank */ |
| 149 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 150 | s->in_handshake++; | 182 | s->in_handshake++; |
| 183 | if (!SSL_in_init(s) || SSL_in_before(s)) SSL_clear(s); | ||
| 151 | 184 | ||
| 152 | #ifdef undef | 185 | if (s->cert == NULL) |
| 153 | /* FIX THIS EAY EAY EAY */ | ||
| 154 | /* we don't actually need a cert, we just need a cert or a DH_tmp */ | ||
| 155 | if (((s->session == NULL) || (s->session->cert == NULL)) && | ||
| 156 | (s->cert == NULL)) | ||
| 157 | { | 186 | { |
| 158 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); | 187 | SSLerr(SSL_F_SSL3_ACCEPT,SSL_R_NO_CERTIFICATE_SET); |
| 159 | ret= -1; | 188 | return(-1); |
| 160 | goto end; | ||
| 161 | } | 189 | } |
| 162 | #endif | ||
| 163 | 190 | ||
| 164 | for (;;) | 191 | for (;;) |
| 165 | { | 192 | { |
| @@ -176,11 +203,14 @@ SSL *s; | |||
| 176 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: | 203 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: |
| 177 | case SSL_ST_OK|SSL_ST_ACCEPT: | 204 | case SSL_ST_OK|SSL_ST_ACCEPT: |
| 178 | 205 | ||
| 206 | s->server=1; | ||
| 179 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); | 207 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_START,1); |
| 180 | 208 | ||
| 181 | if ((s->version>>8) != 3) | 209 | if ((s->version>>8) != 3) |
| 182 | abort(); | 210 | { |
| 183 | /* s->version=SSL3_VERSION; */ | 211 | SSLerr(SSL_F_SSL3_ACCEPT, ERR_R_INTERNAL_ERROR); |
| 212 | return -1; | ||
| 213 | } | ||
| 184 | s->type=SSL_ST_ACCEPT; | 214 | s->type=SSL_ST_ACCEPT; |
| 185 | 215 | ||
| 186 | if (s->init_buf == NULL) | 216 | if (s->init_buf == NULL) |
| @@ -204,22 +234,24 @@ SSL *s; | |||
| 204 | goto end; | 234 | goto end; |
| 205 | } | 235 | } |
| 206 | 236 | ||
| 207 | /* Ok, we now need to push on a buffering BIO so that | ||
| 208 | * the output is sent in a way that TCP likes :-) | ||
| 209 | */ | ||
| 210 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | ||
| 211 | |||
| 212 | s->init_num=0; | 237 | s->init_num=0; |
| 213 | 238 | ||
| 214 | if (s->state != SSL_ST_RENEGOTIATE) | 239 | if (s->state != SSL_ST_RENEGOTIATE) |
| 215 | { | 240 | { |
| 216 | s->state=SSL3_ST_SR_CLNT_HELLO_A; | 241 | /* Ok, we now need to push on a buffering BIO so that |
| 242 | * the output is sent in a way that TCP likes :-) | ||
| 243 | */ | ||
| 244 | if (!ssl_init_wbio_buffer(s,1)) { ret= -1; goto end; } | ||
| 245 | |||
| 217 | ssl3_init_finished_mac(s); | 246 | ssl3_init_finished_mac(s); |
| 218 | s->ctx->sess_accept++; | 247 | s->state=SSL3_ST_SR_CLNT_HELLO_A; |
| 248 | s->ctx->stats.sess_accept++; | ||
| 219 | } | 249 | } |
| 220 | else | 250 | else |
| 221 | { | 251 | { |
| 222 | s->ctx->sess_accept_renegotiate++; | 252 | /* s->state == SSL_ST_RENEGOTIATE, |
| 253 | * we will just send a HelloRequest */ | ||
| 254 | s->ctx->stats.sess_accept_renegotiate++; | ||
| 223 | s->state=SSL3_ST_SW_HELLO_REQ_A; | 255 | s->state=SSL3_ST_SW_HELLO_REQ_A; |
| 224 | } | 256 | } |
| 225 | break; | 257 | break; |
| @@ -238,19 +270,8 @@ SSL *s; | |||
| 238 | break; | 270 | break; |
| 239 | 271 | ||
| 240 | case SSL3_ST_SW_HELLO_REQ_C: | 272 | case SSL3_ST_SW_HELLO_REQ_C: |
| 241 | /* remove buffering on output */ | ||
| 242 | under=BIO_pop(s->wbio); | ||
| 243 | if (under != NULL) | ||
| 244 | s->wbio=under; | ||
| 245 | else | ||
| 246 | abort(); /* ok */ | ||
| 247 | BIO_free(s->bbio); | ||
| 248 | s->bbio=NULL; | ||
| 249 | |||
| 250 | s->state=SSL_ST_OK; | 273 | s->state=SSL_ST_OK; |
| 251 | ret=1; | 274 | break; |
| 252 | goto end; | ||
| 253 | /* break; */ | ||
| 254 | 275 | ||
| 255 | case SSL3_ST_SR_CLNT_HELLO_A: | 276 | case SSL3_ST_SR_CLNT_HELLO_A: |
| 256 | case SSL3_ST_SR_CLNT_HELLO_B: | 277 | case SSL3_ST_SR_CLNT_HELLO_B: |
| @@ -259,6 +280,7 @@ SSL *s; | |||
| 259 | s->shutdown=0; | 280 | s->shutdown=0; |
| 260 | ret=ssl3_get_client_hello(s); | 281 | ret=ssl3_get_client_hello(s); |
| 261 | if (ret <= 0) goto end; | 282 | if (ret <= 0) goto end; |
| 283 | s->new_session = 2; | ||
| 262 | s->state=SSL3_ST_SW_SRVR_HELLO_A; | 284 | s->state=SSL3_ST_SW_SRVR_HELLO_A; |
| 263 | s->init_num=0; | 285 | s->init_num=0; |
| 264 | break; | 286 | break; |
| @@ -292,40 +314,34 @@ SSL *s; | |||
| 292 | case SSL3_ST_SW_KEY_EXCH_A: | 314 | case SSL3_ST_SW_KEY_EXCH_A: |
| 293 | case SSL3_ST_SW_KEY_EXCH_B: | 315 | case SSL3_ST_SW_KEY_EXCH_B: |
| 294 | l=s->s3->tmp.new_cipher->algorithms; | 316 | l=s->s3->tmp.new_cipher->algorithms; |
| 295 | if (s->session->cert == NULL) | ||
| 296 | { | ||
| 297 | if (s->cert != NULL) | ||
| 298 | { | ||
| 299 | CRYPTO_add(&s->cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 300 | s->session->cert=s->cert; | ||
| 301 | } | ||
| 302 | else | ||
| 303 | { | ||
| 304 | CRYPTO_add(&s->ctx->default_cert->references,1,CRYPTO_LOCK_SSL_CERT); | ||
| 305 | s->session->cert=s->ctx->default_cert; | ||
| 306 | } | ||
| 307 | } | ||
| 308 | ct=s->session->cert; | ||
| 309 | 317 | ||
| 310 | /* clear this, it may get reset by | 318 | /* clear this, it may get reset by |
| 311 | * send_server_key_exchange */ | 319 | * send_server_key_exchange */ |
| 312 | if (s->options & SSL_OP_EPHEMERAL_RSA) | 320 | if ((s->options & SSL_OP_EPHEMERAL_RSA) |
| 321 | #ifndef OPENSSL_NO_KRB5 | ||
| 322 | && !(l & SSL_KRB5) | ||
| 323 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 324 | ) | ||
| 325 | /* option SSL_OP_EPHEMERAL_RSA sends temporary RSA key | ||
| 326 | * even when forbidden by protocol specs | ||
| 327 | * (handshake may fail as clients are not required to | ||
| 328 | * be able to handle this) */ | ||
| 313 | s->s3->tmp.use_rsa_tmp=1; | 329 | s->s3->tmp.use_rsa_tmp=1; |
| 314 | else | 330 | else |
| 315 | s->s3->tmp.use_rsa_tmp=0; | 331 | s->s3->tmp.use_rsa_tmp=0; |
| 316 | 332 | ||
| 317 | /* only send if a DH key exchange, fortezza or | 333 | /* only send if a DH key exchange, fortezza or |
| 318 | * RSA but we have a sign only certificate */ | 334 | * RSA but we have a sign only certificate */ |
| 319 | if ( s->s3->tmp.use_rsa_tmp || | 335 | if (s->s3->tmp.use_rsa_tmp |
| 320 | (l & (SSL_DH|SSL_kFZA)) || | 336 | || (l & (SSL_DH|SSL_kFZA)) |
| 321 | ((l & SSL_kRSA) && | 337 | || ((l & SSL_kRSA) |
| 322 | ((ct->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL)|| | 338 | && (s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey == NULL |
| 323 | ((l & SSL_EXPORT) && | 339 | || (SSL_C_IS_EXPORT(s->s3->tmp.new_cipher) |
| 324 | (EVP_PKEY_size(ct->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > 512) | 340 | && EVP_PKEY_size(s->cert->pkeys[SSL_PKEY_RSA_ENC].privatekey)*8 > SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher) |
| 325 | ) | 341 | ) |
| 326 | ) | 342 | ) |
| 343 | ) | ||
| 327 | ) | 344 | ) |
| 328 | ) | ||
| 329 | { | 345 | { |
| 330 | ret=ssl3_send_server_key_exchange(s); | 346 | ret=ssl3_send_server_key_exchange(s); |
| 331 | if (ret <= 0) goto end; | 347 | if (ret <= 0) goto end; |
| @@ -339,9 +355,21 @@ SSL *s; | |||
| 339 | 355 | ||
| 340 | case SSL3_ST_SW_CERT_REQ_A: | 356 | case SSL3_ST_SW_CERT_REQ_A: |
| 341 | case SSL3_ST_SW_CERT_REQ_B: | 357 | case SSL3_ST_SW_CERT_REQ_B: |
| 342 | if (!(s->verify_mode & SSL_VERIFY_PEER) || | 358 | if (/* don't request cert unless asked for it: */ |
| 359 | !(s->verify_mode & SSL_VERIFY_PEER) || | ||
| 360 | /* if SSL_VERIFY_CLIENT_ONCE is set, | ||
| 361 | * don't request cert during re-negotiation: */ | ||
| 343 | ((s->session->peer != NULL) && | 362 | ((s->session->peer != NULL) && |
| 344 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE))) | 363 | (s->verify_mode & SSL_VERIFY_CLIENT_ONCE)) || |
| 364 | /* never request cert in anonymous ciphersuites | ||
| 365 | * (see section "Certificate request" in SSL 3 drafts | ||
| 366 | * and in RFC 2246): */ | ||
| 367 | ((s->s3->tmp.new_cipher->algorithms & SSL_aNULL) && | ||
| 368 | /* ... except when the application insists on verification | ||
| 369 | * (against the specs, but s3_clnt.c accepts this for SSL 3) */ | ||
| 370 | !(s->verify_mode & SSL_VERIFY_FAIL_IF_NO_PEER_CERT)) || | ||
| 371 | /* never request cert in Kerberos ciphersuites */ | ||
| 372 | (s->s3->tmp.new_cipher->algorithms & SSL_aKRB5)) | ||
| 345 | { | 373 | { |
| 346 | /* no cert request */ | 374 | /* no cert request */ |
| 347 | skip=1; | 375 | skip=1; |
| @@ -353,7 +381,12 @@ SSL *s; | |||
| 353 | s->s3->tmp.cert_request=1; | 381 | s->s3->tmp.cert_request=1; |
| 354 | ret=ssl3_send_certificate_request(s); | 382 | ret=ssl3_send_certificate_request(s); |
| 355 | if (ret <= 0) goto end; | 383 | if (ret <= 0) goto end; |
| 384 | #ifndef NETSCAPE_HANG_BUG | ||
| 356 | s->state=SSL3_ST_SW_SRVR_DONE_A; | 385 | s->state=SSL3_ST_SW_SRVR_DONE_A; |
| 386 | #else | ||
| 387 | s->state=SSL3_ST_SW_FLUSH; | ||
| 388 | s->s3->tmp.next_state=SSL3_ST_SR_CERT_A; | ||
| 389 | #endif | ||
| 357 | s->init_num=0; | 390 | s->init_num=0; |
| 358 | } | 391 | } |
| 359 | break; | 392 | break; |
| @@ -383,12 +416,20 @@ SSL *s; | |||
| 383 | 416 | ||
| 384 | case SSL3_ST_SR_CERT_A: | 417 | case SSL3_ST_SR_CERT_A: |
| 385 | case SSL3_ST_SR_CERT_B: | 418 | case SSL3_ST_SR_CERT_B: |
| 386 | /* could be sent for a DH cert, even if we | 419 | /* Check for second client hello (MS SGC) */ |
| 387 | * have not asked for it :-) */ | 420 | ret = ssl3_check_client_hello(s); |
| 388 | ret=ssl3_get_client_certificate(s); | 421 | if (ret <= 0) |
| 389 | if (ret <= 0) goto end; | 422 | goto end; |
| 390 | s->init_num=0; | 423 | if (ret == 2) |
| 391 | s->state=SSL3_ST_SR_KEY_EXCH_A; | 424 | s->state = SSL3_ST_SR_CLNT_HELLO_C; |
| 425 | else { | ||
| 426 | /* could be sent for a DH cert, even if we | ||
| 427 | * have not asked for it :-) */ | ||
| 428 | ret=ssl3_get_client_certificate(s); | ||
| 429 | if (ret <= 0) goto end; | ||
| 430 | s->init_num=0; | ||
| 431 | s->state=SSL3_ST_SR_KEY_EXCH_A; | ||
| 432 | } | ||
| 392 | break; | 433 | break; |
| 393 | 434 | ||
| 394 | case SSL3_ST_SR_KEY_EXCH_A: | 435 | case SSL3_ST_SR_KEY_EXCH_A: |
| @@ -402,10 +443,10 @@ SSL *s; | |||
| 402 | * a client cert, it can be verified */ | 443 | * a client cert, it can be verified */ |
| 403 | s->method->ssl3_enc->cert_verify_mac(s, | 444 | s->method->ssl3_enc->cert_verify_mac(s, |
| 404 | &(s->s3->finish_dgst1), | 445 | &(s->s3->finish_dgst1), |
| 405 | &(s->s3->tmp.finish_md[0])); | 446 | &(s->s3->tmp.cert_verify_md[0])); |
| 406 | s->method->ssl3_enc->cert_verify_mac(s, | 447 | s->method->ssl3_enc->cert_verify_mac(s, |
| 407 | &(s->s3->finish_dgst2), | 448 | &(s->s3->finish_dgst2), |
| 408 | &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH])); | 449 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH])); |
| 409 | 450 | ||
| 410 | break; | 451 | break; |
| 411 | 452 | ||
| @@ -459,8 +500,8 @@ SSL *s; | |||
| 459 | case SSL3_ST_SW_FINISHED_B: | 500 | case SSL3_ST_SW_FINISHED_B: |
| 460 | ret=ssl3_send_finished(s, | 501 | ret=ssl3_send_finished(s, |
| 461 | SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, | 502 | SSL3_ST_SW_FINISHED_A,SSL3_ST_SW_FINISHED_B, |
| 462 | s->method->ssl3_enc->server_finished, | 503 | s->method->ssl3_enc->server_finished_label, |
| 463 | s->method->ssl3_enc->server_finished_len); | 504 | s->method->ssl3_enc->server_finished_label_len); |
| 464 | if (ret <= 0) goto end; | 505 | if (ret <= 0) goto end; |
| 465 | s->state=SSL3_ST_SW_FLUSH; | 506 | s->state=SSL3_ST_SW_FLUSH; |
| 466 | if (s->hit) | 507 | if (s->hit) |
| @@ -478,26 +519,27 @@ SSL *s; | |||
| 478 | s->init_buf=NULL; | 519 | s->init_buf=NULL; |
| 479 | 520 | ||
| 480 | /* remove buffering on output */ | 521 | /* remove buffering on output */ |
| 481 | under=BIO_pop(s->wbio); | 522 | ssl_free_wbio_buffer(s); |
| 482 | if (under != NULL) | ||
| 483 | s->wbio=under; | ||
| 484 | else | ||
| 485 | abort(); /* ok */ | ||
| 486 | BIO_free(s->bbio); | ||
| 487 | s->bbio=NULL; | ||
| 488 | 523 | ||
| 489 | s->new_session=0; | ||
| 490 | s->init_num=0; | 524 | s->init_num=0; |
| 491 | 525 | ||
| 492 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); | 526 | if (s->new_session == 2) /* skipped if we just sent a HelloRequest */ |
| 493 | 527 | { | |
| 494 | s->ctx->sess_accept_good++; | 528 | /* actually not necessarily a 'new' session unless |
| 495 | /* s->server=1; */ | 529 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ |
| 496 | s->handshake_func=ssl3_accept; | 530 | |
| 497 | ret=1; | 531 | s->new_session=0; |
| 498 | 532 | ||
| 499 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | 533 | ssl_update_cache(s,SSL_SESS_CACHE_SERVER); |
| 500 | 534 | ||
| 535 | s->ctx->stats.sess_accept_good++; | ||
| 536 | /* s->server=1; */ | ||
| 537 | s->handshake_func=ssl3_accept; | ||
| 538 | |||
| 539 | if (cb != NULL) cb(s,SSL_CB_HANDSHAKE_DONE,1); | ||
| 540 | } | ||
| 541 | |||
| 542 | ret = 1; | ||
| 501 | goto end; | 543 | goto end; |
| 502 | /* break; */ | 544 | /* break; */ |
| 503 | 545 | ||
| @@ -530,21 +572,20 @@ SSL *s; | |||
| 530 | end: | 572 | end: |
| 531 | /* BIO_flush(s->wbio); */ | 573 | /* BIO_flush(s->wbio); */ |
| 532 | 574 | ||
| 575 | s->in_handshake--; | ||
| 533 | if (cb != NULL) | 576 | if (cb != NULL) |
| 534 | cb(s,SSL_CB_ACCEPT_EXIT,ret); | 577 | cb(s,SSL_CB_ACCEPT_EXIT,ret); |
| 535 | s->in_handshake--; | ||
| 536 | return(ret); | 578 | return(ret); |
| 537 | } | 579 | } |
| 538 | 580 | ||
| 539 | static int ssl3_send_hello_request(s) | 581 | static int ssl3_send_hello_request(SSL *s) |
| 540 | SSL *s; | ||
| 541 | { | 582 | { |
| 542 | unsigned char *p; | 583 | unsigned char *p; |
| 543 | 584 | ||
| 544 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) | 585 | if (s->state == SSL3_ST_SW_HELLO_REQ_A) |
| 545 | { | 586 | { |
| 546 | p=(unsigned char *)s->init_buf->data; | 587 | p=(unsigned char *)s->init_buf->data; |
| 547 | *(p++)=SSL3_MT_CLIENT_REQUEST; | 588 | *(p++)=SSL3_MT_HELLO_REQUEST; |
| 548 | *(p++)=0; | 589 | *(p++)=0; |
| 549 | *(p++)=0; | 590 | *(p++)=0; |
| 550 | *(p++)=0; | 591 | *(p++)=0; |
| @@ -559,15 +600,48 @@ SSL *s; | |||
| 559 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 600 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 560 | } | 601 | } |
| 561 | 602 | ||
| 562 | static int ssl3_get_client_hello(s) | 603 | static int ssl3_check_client_hello(SSL *s) |
| 563 | SSL *s; | 604 | { |
| 605 | int ok; | ||
| 606 | long n; | ||
| 607 | |||
| 608 | /* this function is called when we really expect a Certificate message, | ||
| 609 | * so permit appropriate message length */ | ||
| 610 | n=ssl3_get_message(s, | ||
| 611 | SSL3_ST_SR_CERT_A, | ||
| 612 | SSL3_ST_SR_CERT_B, | ||
| 613 | -1, | ||
| 614 | s->max_cert_list, | ||
| 615 | &ok); | ||
| 616 | if (!ok) return((int)n); | ||
| 617 | s->s3->tmp.reuse_message = 1; | ||
| 618 | if (s->s3->tmp.message_type == SSL3_MT_CLIENT_HELLO) | ||
| 619 | { | ||
| 620 | /* Throw away what we have done so far in the current handshake, | ||
| 621 | * which will now be aborted. (A full SSL_clear would be too much.) | ||
| 622 | * I hope that tmp.dh is the only thing that may need to be cleared | ||
| 623 | * when a handshake is not completed ... */ | ||
| 624 | #ifndef OPENSSL_NO_DH | ||
| 625 | if (s->s3->tmp.dh != NULL) | ||
| 626 | { | ||
| 627 | DH_free(s->s3->tmp.dh); | ||
| 628 | s->s3->tmp.dh = NULL; | ||
| 629 | } | ||
| 630 | #endif | ||
| 631 | return 2; | ||
| 632 | } | ||
| 633 | return 1; | ||
| 634 | } | ||
| 635 | |||
| 636 | static int ssl3_get_client_hello(SSL *s) | ||
| 564 | { | 637 | { |
| 565 | int i,j,ok,al,ret= -1; | 638 | int i,j,ok,al,ret= -1; |
| 566 | long n; | 639 | long n; |
| 567 | unsigned long id; | 640 | unsigned long id; |
| 568 | unsigned char *p,*d; | 641 | unsigned char *p,*d,*q; |
| 569 | SSL_CIPHER *c; | 642 | SSL_CIPHER *c; |
| 570 | STACK *ciphers=NULL; | 643 | SSL_COMP *comp=NULL; |
| 644 | STACK_OF(SSL_CIPHER) *ciphers=NULL; | ||
| 571 | 645 | ||
| 572 | /* We do this so that we will respond with our native type. | 646 | /* We do this so that we will respond with our native type. |
| 573 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, | 647 | * If we are TLSv1 and we get SSLv3, we will respond with TLSv1, |
| @@ -588,13 +662,25 @@ SSL *s; | |||
| 588 | &ok); | 662 | &ok); |
| 589 | 663 | ||
| 590 | if (!ok) return((int)n); | 664 | if (!ok) return((int)n); |
| 591 | d=p=(unsigned char *)s->init_buf->data; | 665 | d=p=(unsigned char *)s->init_msg; |
| 592 | 666 | ||
| 593 | /* The version number has already been checked in ssl3_get_message. | 667 | /* use version from inside client hello, not from record header |
| 594 | * I a native TLSv1/SSLv3 method, the match must be correct except | 668 | * (may differ: see RFC 2246, Appendix E, second paragraph) */ |
| 595 | * perhaps for the first message */ | 669 | s->client_version=(((int)p[0])<<8)|(int)p[1]; |
| 596 | p+=2; | 670 | p+=2; |
| 597 | 671 | ||
| 672 | if (s->client_version < s->version) | ||
| 673 | { | ||
| 674 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO, SSL_R_WRONG_VERSION_NUMBER); | ||
| 675 | if ((s->client_version>>8) == SSL3_VERSION_MAJOR) | ||
| 676 | { | ||
| 677 | /* similar to ssl3_get_record, send alert using remote version number */ | ||
| 678 | s->version = s->client_version; | ||
| 679 | } | ||
| 680 | al = SSL_AD_PROTOCOL_VERSION; | ||
| 681 | goto f_err; | ||
| 682 | } | ||
| 683 | |||
| 598 | /* load the client random */ | 684 | /* load the client random */ |
| 599 | memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); | 685 | memcpy(s->s3->client_random,p,SSL3_RANDOM_SIZE); |
| 600 | p+=SSL3_RANDOM_SIZE; | 686 | p+=SSL3_RANDOM_SIZE; |
| @@ -603,7 +689,15 @@ SSL *s; | |||
| 603 | j= *(p++); | 689 | j= *(p++); |
| 604 | 690 | ||
| 605 | s->hit=0; | 691 | s->hit=0; |
| 606 | if (j == 0) | 692 | /* Versions before 0.9.7 always allow session reuse during renegotiation |
| 693 | * (i.e. when s->new_session is true), option | ||
| 694 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is new with 0.9.7. | ||
| 695 | * Maybe this optional behaviour should always have been the default, | ||
| 696 | * but we cannot safely change the default behaviour (or new applications | ||
| 697 | * might be written that become totally unsecure when compiled with | ||
| 698 | * an earlier library version) | ||
| 699 | */ | ||
| 700 | if (j == 0 || (s->new_session && (s->options & SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION))) | ||
| 607 | { | 701 | { |
| 608 | if (!ssl_get_new_session(s,1)) | 702 | if (!ssl_get_new_session(s,1)) |
| 609 | goto err; | 703 | goto err; |
| @@ -615,7 +709,9 @@ SSL *s; | |||
| 615 | { /* previous session */ | 709 | { /* previous session */ |
| 616 | s->hit=1; | 710 | s->hit=1; |
| 617 | } | 711 | } |
| 618 | else | 712 | else if (i == -1) |
| 713 | goto err; | ||
| 714 | else /* i == 0 */ | ||
| 619 | { | 715 | { |
| 620 | if (!ssl_get_new_session(s,1)) | 716 | if (!ssl_get_new_session(s,1)) |
| 621 | goto err; | 717 | goto err; |
| @@ -631,7 +727,7 @@ SSL *s; | |||
| 631 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); | 727 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_NO_CIPHERS_SPECIFIED); |
| 632 | goto f_err; | 728 | goto f_err; |
| 633 | } | 729 | } |
| 634 | if ((i+p) > (d+n)) | 730 | if ((p+i) >= (d+n)) |
| 635 | { | 731 | { |
| 636 | /* not enough data */ | 732 | /* not enough data */ |
| 637 | al=SSL_AD_DECODE_ERROR; | 733 | al=SSL_AD_DECODE_ERROR; |
| @@ -651,9 +747,16 @@ SSL *s; | |||
| 651 | j=0; | 747 | j=0; |
| 652 | id=s->session->cipher->id; | 748 | id=s->session->cipher->id; |
| 653 | 749 | ||
| 654 | for (i=0; i<sk_num(ciphers); i++) | 750 | #ifdef CIPHER_DEBUG |
| 751 | printf("client sent %d ciphers\n",sk_num(ciphers)); | ||
| 752 | #endif | ||
| 753 | for (i=0; i<sk_SSL_CIPHER_num(ciphers); i++) | ||
| 655 | { | 754 | { |
| 656 | c=(SSL_CIPHER *)sk_value(ciphers,i); | 755 | c=sk_SSL_CIPHER_value(ciphers,i); |
| 756 | #ifdef CIPHER_DEBUG | ||
| 757 | printf("client [%2d of %2d]:%s\n", | ||
| 758 | i,sk_num(ciphers),SSL_CIPHER_get_name(c)); | ||
| 759 | #endif | ||
| 657 | if (c->id == id) | 760 | if (c->id == id) |
| 658 | { | 761 | { |
| 659 | j=1; | 762 | j=1; |
| @@ -662,11 +765,11 @@ SSL *s; | |||
| 662 | } | 765 | } |
| 663 | if (j == 0) | 766 | if (j == 0) |
| 664 | { | 767 | { |
| 665 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_num(ciphers) == 1)) | 768 | if ((s->options & SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG) && (sk_SSL_CIPHER_num(ciphers) == 1)) |
| 666 | { | 769 | { |
| 667 | /* Very bad for multi-threading.... */ | 770 | /* Very bad for multi-threading.... */ |
| 668 | s->session->cipher= | 771 | s->session->cipher=sk_SSL_CIPHER_value(ciphers, |
| 669 | (SSL_CIPHER *)sk_value(ciphers,0); | 772 | 0); |
| 670 | } | 773 | } |
| 671 | else | 774 | else |
| 672 | { | 775 | { |
| @@ -681,8 +784,18 @@ SSL *s; | |||
| 681 | 784 | ||
| 682 | /* compression */ | 785 | /* compression */ |
| 683 | i= *(p++); | 786 | i= *(p++); |
| 787 | if ((p+i) > (d+n)) | ||
| 788 | { | ||
| 789 | /* not enough data */ | ||
| 790 | al=SSL_AD_DECODE_ERROR; | ||
| 791 | SSLerr(SSL_F_SSL3_GET_CLIENT_HELLO,SSL_R_LENGTH_MISMATCH); | ||
| 792 | goto f_err; | ||
| 793 | } | ||
| 794 | q=p; | ||
| 684 | for (j=0; j<i; j++) | 795 | for (j=0; j<i; j++) |
| 796 | { | ||
| 685 | if (p[j] == 0) break; | 797 | if (p[j] == 0) break; |
| 798 | } | ||
| 686 | 799 | ||
| 687 | p+=i; | 800 | p+=i; |
| 688 | if (j >= i) | 801 | if (j >= i) |
| @@ -693,10 +806,39 @@ SSL *s; | |||
| 693 | goto f_err; | 806 | goto f_err; |
| 694 | } | 807 | } |
| 695 | 808 | ||
| 809 | /* Worst case, we will use the NULL compression, but if we have other | ||
| 810 | * options, we will now look for them. We have i-1 compression | ||
| 811 | * algorithms from the client, starting at q. */ | ||
| 812 | s->s3->tmp.new_compression=NULL; | ||
| 813 | if (s->ctx->comp_methods != NULL) | ||
| 814 | { /* See if we have a match */ | ||
| 815 | int m,nn,o,v,done=0; | ||
| 816 | |||
| 817 | nn=sk_SSL_COMP_num(s->ctx->comp_methods); | ||
| 818 | for (m=0; m<nn; m++) | ||
| 819 | { | ||
| 820 | comp=sk_SSL_COMP_value(s->ctx->comp_methods,m); | ||
| 821 | v=comp->id; | ||
| 822 | for (o=0; o<i; o++) | ||
| 823 | { | ||
| 824 | if (v == q[o]) | ||
| 825 | { | ||
| 826 | done=1; | ||
| 827 | break; | ||
| 828 | } | ||
| 829 | } | ||
| 830 | if (done) break; | ||
| 831 | } | ||
| 832 | if (done) | ||
| 833 | s->s3->tmp.new_compression=comp; | ||
| 834 | else | ||
| 835 | comp=NULL; | ||
| 836 | } | ||
| 837 | |||
| 696 | /* TLS does not mind if there is extra stuff */ | 838 | /* TLS does not mind if there is extra stuff */ |
| 697 | if (s->version == SSL3_VERSION) | 839 | if (s->version == SSL3_VERSION) |
| 698 | { | 840 | { |
| 699 | if (p > (d+n)) | 841 | if (p < (d+n)) |
| 700 | { | 842 | { |
| 701 | /* wrong number of bytes, | 843 | /* wrong number of bytes, |
| 702 | * there could be more to follow */ | 844 | * there could be more to follow */ |
| @@ -706,15 +848,14 @@ SSL *s; | |||
| 706 | } | 848 | } |
| 707 | } | 849 | } |
| 708 | 850 | ||
| 709 | /* do nothing with compression */ | 851 | /* Given s->session->ciphers and SSL_get_ciphers, we must |
| 710 | |||
| 711 | /* Given s->session->ciphers and ssl_get_ciphers_by_id(s), we must | ||
| 712 | * pick a cipher */ | 852 | * pick a cipher */ |
| 713 | 853 | ||
| 714 | if (!s->hit) | 854 | if (!s->hit) |
| 715 | { | 855 | { |
| 856 | s->session->compress_meth=(comp == NULL)?0:comp->id; | ||
| 716 | if (s->session->ciphers != NULL) | 857 | if (s->session->ciphers != NULL) |
| 717 | sk_free(s->session->ciphers); | 858 | sk_SSL_CIPHER_free(s->session->ciphers); |
| 718 | s->session->ciphers=ciphers; | 859 | s->session->ciphers=ciphers; |
| 719 | if (ciphers == NULL) | 860 | if (ciphers == NULL) |
| 720 | { | 861 | { |
| @@ -724,7 +865,7 @@ SSL *s; | |||
| 724 | } | 865 | } |
| 725 | ciphers=NULL; | 866 | ciphers=NULL; |
| 726 | c=ssl3_choose_cipher(s,s->session->ciphers, | 867 | c=ssl3_choose_cipher(s,s->session->ciphers, |
| 727 | ssl_get_ciphers_by_id(s)); | 868 | SSL_get_ciphers(s)); |
| 728 | 869 | ||
| 729 | if (c == NULL) | 870 | if (c == NULL) |
| 730 | { | 871 | { |
| @@ -738,19 +879,19 @@ SSL *s; | |||
| 738 | { | 879 | { |
| 739 | /* Session-id reuse */ | 880 | /* Session-id reuse */ |
| 740 | #ifdef REUSE_CIPHER_BUG | 881 | #ifdef REUSE_CIPHER_BUG |
| 741 | STACK *sk; | 882 | STACK_OF(SSL_CIPHER) *sk; |
| 742 | SSL_CIPHER *nc=NULL; | 883 | SSL_CIPHER *nc=NULL; |
| 743 | SSL_CIPHER *ec=NULL; | 884 | SSL_CIPHER *ec=NULL; |
| 744 | 885 | ||
| 745 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) | 886 | if (s->options & SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG) |
| 746 | { | 887 | { |
| 747 | sk=s->session->ciphers; | 888 | sk=s->session->ciphers; |
| 748 | for (i=0; i<sk_num(sk); i++) | 889 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
| 749 | { | 890 | { |
| 750 | c=(SSL_CIPHER *)sk_value(sk,i); | 891 | c=sk_SSL_CIPHER_value(sk,i); |
| 751 | if (c->algorithms & SSL_eNULL) | 892 | if (c->algorithms & SSL_eNULL) |
| 752 | nc=c; | 893 | nc=c; |
| 753 | if (c->algorithms & SSL_EXP) | 894 | if (SSL_C_IS_EXPORT(c)) |
| 754 | ec=c; | 895 | ec=c; |
| 755 | } | 896 | } |
| 756 | if (nc != NULL) | 897 | if (nc != NULL) |
| @@ -772,7 +913,7 @@ SSL *s; | |||
| 772 | * compression - basically ignored right now | 913 | * compression - basically ignored right now |
| 773 | * ssl version is set - sslv3 | 914 | * ssl version is set - sslv3 |
| 774 | * s->session - The ssl session has been setup. | 915 | * s->session - The ssl session has been setup. |
| 775 | * s->hit - sesson reuse flag | 916 | * s->hit - session reuse flag |
| 776 | * s->tmp.new_cipher - the new cipher to use. | 917 | * s->tmp.new_cipher - the new cipher to use. |
| 777 | */ | 918 | */ |
| 778 | 919 | ||
| @@ -783,12 +924,11 @@ f_err: | |||
| 783 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 924 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 784 | } | 925 | } |
| 785 | err: | 926 | err: |
| 786 | if (ciphers != NULL) sk_free(ciphers); | 927 | if (ciphers != NULL) sk_SSL_CIPHER_free(ciphers); |
| 787 | return(ret); | 928 | return(ret); |
| 788 | } | 929 | } |
| 789 | 930 | ||
| 790 | static int ssl3_send_server_hello(s) | 931 | static int ssl3_send_server_hello(SSL *s) |
| 791 | SSL *s; | ||
| 792 | { | 932 | { |
| 793 | unsigned char *buf; | 933 | unsigned char *buf; |
| 794 | unsigned char *p,*d; | 934 | unsigned char *p,*d; |
| @@ -801,7 +941,7 @@ SSL *s; | |||
| 801 | p=s->s3->server_random; | 941 | p=s->s3->server_random; |
| 802 | Time=time(NULL); /* Time */ | 942 | Time=time(NULL); /* Time */ |
| 803 | l2n(Time,p); | 943 | l2n(Time,p); |
| 804 | RAND_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); | 944 | RAND_pseudo_bytes(p,SSL3_RANDOM_SIZE-sizeof(Time)); |
| 805 | /* Do the message type and length last */ | 945 | /* Do the message type and length last */ |
| 806 | d=p= &(buf[4]); | 946 | d=p= &(buf[4]); |
| 807 | 947 | ||
| @@ -833,7 +973,10 @@ SSL *s; | |||
| 833 | p+=i; | 973 | p+=i; |
| 834 | 974 | ||
| 835 | /* put the compression method */ | 975 | /* put the compression method */ |
| 836 | *(p++)=0; | 976 | if (s->s3->tmp.new_compression == NULL) |
| 977 | *(p++)=0; | ||
| 978 | else | ||
| 979 | *(p++)=s->s3->tmp.new_compression->id; | ||
| 837 | 980 | ||
| 838 | /* do the header */ | 981 | /* do the header */ |
| 839 | l=(p-d); | 982 | l=(p-d); |
| @@ -851,8 +994,7 @@ SSL *s; | |||
| 851 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 994 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 852 | } | 995 | } |
| 853 | 996 | ||
| 854 | static int ssl3_send_server_done(s) | 997 | static int ssl3_send_server_done(SSL *s) |
| 855 | SSL *s; | ||
| 856 | { | 998 | { |
| 857 | unsigned char *p; | 999 | unsigned char *p; |
| 858 | 1000 | ||
| @@ -876,17 +1018,17 @@ SSL *s; | |||
| 876 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1018 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 877 | } | 1019 | } |
| 878 | 1020 | ||
| 879 | static int ssl3_send_server_key_exchange(s) | 1021 | static int ssl3_send_server_key_exchange(SSL *s) |
| 880 | SSL *s; | ||
| 881 | { | 1022 | { |
| 882 | #ifndef NO_RSA | 1023 | #ifndef OPENSSL_NO_RSA |
| 883 | unsigned char *q; | 1024 | unsigned char *q; |
| 884 | int j,num; | 1025 | int j,num; |
| 885 | RSA *rsa; | 1026 | RSA *rsa; |
| 886 | unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; | 1027 | unsigned char md_buf[MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH]; |
| 1028 | unsigned int u; | ||
| 887 | #endif | 1029 | #endif |
| 888 | #ifndef NO_DH | 1030 | #ifndef OPENSSL_NO_DH |
| 889 | DH *dh,*dhp; | 1031 | DH *dh=NULL,*dhp; |
| 890 | #endif | 1032 | #endif |
| 891 | EVP_PKEY *pkey; | 1033 | EVP_PKEY *pkey; |
| 892 | unsigned char *p,*d; | 1034 | unsigned char *p,*d; |
| @@ -899,25 +1041,32 @@ SSL *s; | |||
| 899 | BUF_MEM *buf; | 1041 | BUF_MEM *buf; |
| 900 | EVP_MD_CTX md_ctx; | 1042 | EVP_MD_CTX md_ctx; |
| 901 | 1043 | ||
| 1044 | EVP_MD_CTX_init(&md_ctx); | ||
| 902 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) | 1045 | if (s->state == SSL3_ST_SW_KEY_EXCH_A) |
| 903 | { | 1046 | { |
| 904 | type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; | 1047 | type=s->s3->tmp.new_cipher->algorithms & SSL_MKEY_MASK; |
| 905 | cert=s->session->cert; | 1048 | cert=s->cert; |
| 906 | 1049 | ||
| 907 | buf=s->init_buf; | 1050 | buf=s->init_buf; |
| 908 | 1051 | ||
| 909 | r[0]=r[1]=r[2]=r[3]=NULL; | 1052 | r[0]=r[1]=r[2]=r[3]=NULL; |
| 910 | n=0; | 1053 | n=0; |
| 911 | #ifndef NO_RSA | 1054 | #ifndef OPENSSL_NO_RSA |
| 912 | if (type & SSL_kRSA) | 1055 | if (type & SSL_kRSA) |
| 913 | { | 1056 | { |
| 914 | rsa=cert->rsa_tmp; | 1057 | rsa=cert->rsa_tmp; |
| 915 | if ((rsa == NULL) && (s->ctx->default_cert->rsa_tmp_cb != NULL)) | 1058 | if ((rsa == NULL) && (s->cert->rsa_tmp_cb != NULL)) |
| 1059 | { | ||
| 1060 | rsa=s->cert->rsa_tmp_cb(s, | ||
| 1061 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), | ||
| 1062 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); | ||
| 1063 | if(rsa == NULL) | ||
| 916 | { | 1064 | { |
| 917 | rsa=s->ctx->default_cert->rsa_tmp_cb(s, | 1065 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 918 | (s->s3->tmp.new_cipher->algorithms| | 1066 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_ERROR_GENERATING_TMP_RSA_KEY); |
| 919 | SSL_NOT_EXP)?0:1); | 1067 | goto f_err; |
| 920 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | 1068 | } |
| 1069 | RSA_up_ref(rsa); | ||
| 921 | cert->rsa_tmp=rsa; | 1070 | cert->rsa_tmp=rsa; |
| 922 | } | 1071 | } |
| 923 | if (rsa == NULL) | 1072 | if (rsa == NULL) |
| @@ -932,20 +1081,28 @@ SSL *s; | |||
| 932 | } | 1081 | } |
| 933 | else | 1082 | else |
| 934 | #endif | 1083 | #endif |
| 935 | #ifndef NO_DH | 1084 | #ifndef OPENSSL_NO_DH |
| 936 | if (type & SSL_kEDH) | 1085 | if (type & SSL_kEDH) |
| 937 | { | 1086 | { |
| 938 | dhp=cert->dh_tmp; | 1087 | dhp=cert->dh_tmp; |
| 939 | if ((dhp == NULL) && (cert->dh_tmp_cb != NULL)) | 1088 | if ((dhp == NULL) && (s->cert->dh_tmp_cb != NULL)) |
| 940 | dhp=cert->dh_tmp_cb(s, | 1089 | dhp=s->cert->dh_tmp_cb(s, |
| 941 | (s->s3->tmp.new_cipher->algorithms| | 1090 | SSL_C_IS_EXPORT(s->s3->tmp.new_cipher), |
| 942 | SSL_NOT_EXP)?0:1); | 1091 | SSL_C_EXPORT_PKEYLENGTH(s->s3->tmp.new_cipher)); |
| 943 | if (dhp == NULL) | 1092 | if (dhp == NULL) |
| 944 | { | 1093 | { |
| 945 | al=SSL_AD_HANDSHAKE_FAILURE; | 1094 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 946 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); | 1095 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,SSL_R_MISSING_TMP_DH_KEY); |
| 947 | goto f_err; | 1096 | goto f_err; |
| 948 | } | 1097 | } |
| 1098 | |||
| 1099 | if (s->s3->tmp.dh != NULL) | ||
| 1100 | { | ||
| 1101 | DH_free(dh); | ||
| 1102 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, ERR_R_INTERNAL_ERROR); | ||
| 1103 | goto err; | ||
| 1104 | } | ||
| 1105 | |||
| 949 | if ((dh=DHparams_dup(dhp)) == NULL) | 1106 | if ((dh=DHparams_dup(dhp)) == NULL) |
| 950 | { | 1107 | { |
| 951 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | 1108 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); |
| @@ -953,13 +1110,16 @@ SSL *s; | |||
| 953 | } | 1110 | } |
| 954 | 1111 | ||
| 955 | s->s3->tmp.dh=dh; | 1112 | s->s3->tmp.dh=dh; |
| 956 | if (((dhp->pub_key == NULL) || | 1113 | if ((dhp->pub_key == NULL || |
| 957 | (dhp->priv_key == NULL) || | 1114 | dhp->priv_key == NULL || |
| 958 | (s->options & SSL_OP_SINGLE_DH_USE)) && | 1115 | (s->options & SSL_OP_SINGLE_DH_USE))) |
| 959 | (!DH_generate_key(dh))) | ||
| 960 | { | 1116 | { |
| 961 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_R_DH_LIB); | 1117 | if(!DH_generate_key(dh)) |
| 962 | goto err; | 1118 | { |
| 1119 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE, | ||
| 1120 | ERR_R_DH_LIB); | ||
| 1121 | goto err; | ||
| 1122 | } | ||
| 963 | } | 1123 | } |
| 964 | else | 1124 | else |
| 965 | { | 1125 | { |
| @@ -1025,40 +1185,39 @@ SSL *s; | |||
| 1025 | { | 1185 | { |
| 1026 | /* n is the length of the params, they start at &(d[4]) | 1186 | /* n is the length of the params, they start at &(d[4]) |
| 1027 | * and p points to the space at the end. */ | 1187 | * and p points to the space at the end. */ |
| 1028 | #ifndef NO_RSA | 1188 | #ifndef OPENSSL_NO_RSA |
| 1029 | if (pkey->type == EVP_PKEY_RSA) | 1189 | if (pkey->type == EVP_PKEY_RSA) |
| 1030 | { | 1190 | { |
| 1031 | q=md_buf; | 1191 | q=md_buf; |
| 1032 | j=0; | 1192 | j=0; |
| 1033 | for (num=2; num > 0; num--) | 1193 | for (num=2; num > 0; num--) |
| 1034 | { | 1194 | { |
| 1035 | EVP_DigestInit(&md_ctx,(num == 2) | 1195 | EVP_DigestInit_ex(&md_ctx,(num == 2) |
| 1036 | ?s->ctx->md5:s->ctx->sha1); | 1196 | ?s->ctx->md5:s->ctx->sha1, NULL); |
| 1037 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1197 | EVP_DigestUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1038 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1198 | EVP_DigestUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1039 | EVP_DigestUpdate(&md_ctx,&(d[4]),n); | 1199 | EVP_DigestUpdate(&md_ctx,&(d[4]),n); |
| 1040 | EVP_DigestFinal(&md_ctx,q, | 1200 | EVP_DigestFinal_ex(&md_ctx,q, |
| 1041 | (unsigned int *)&i); | 1201 | (unsigned int *)&i); |
| 1042 | q+=i; | 1202 | q+=i; |
| 1043 | j+=i; | 1203 | j+=i; |
| 1044 | } | 1204 | } |
| 1045 | i=RSA_private_encrypt(j,md_buf,&(p[2]), | 1205 | if (RSA_sign(NID_md5_sha1, md_buf, j, |
| 1046 | pkey->pkey.rsa,RSA_PKCS1_PADDING); | 1206 | &(p[2]), &u, pkey->pkey.rsa) <= 0) |
| 1047 | if (i <= 0) | ||
| 1048 | { | 1207 | { |
| 1049 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); | 1208 | SSLerr(SSL_F_SSL3_SEND_SERVER_KEY_EXCHANGE,ERR_LIB_RSA); |
| 1050 | goto err; | 1209 | goto err; |
| 1051 | } | 1210 | } |
| 1052 | s2n(i,p); | 1211 | s2n(u,p); |
| 1053 | n+=i+2; | 1212 | n+=u+2; |
| 1054 | } | 1213 | } |
| 1055 | else | 1214 | else |
| 1056 | #endif | 1215 | #endif |
| 1057 | #if !defined(NO_DSA) | 1216 | #if !defined(OPENSSL_NO_DSA) |
| 1058 | if (pkey->type == EVP_PKEY_DSA) | 1217 | if (pkey->type == EVP_PKEY_DSA) |
| 1059 | { | 1218 | { |
| 1060 | /* lets do DSS */ | 1219 | /* lets do DSS */ |
| 1061 | EVP_SignInit(&md_ctx,EVP_dss1()); | 1220 | EVP_SignInit_ex(&md_ctx,EVP_dss1(), NULL); |
| 1062 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); | 1221 | EVP_SignUpdate(&md_ctx,&(s->s3->client_random[0]),SSL3_RANDOM_SIZE); |
| 1063 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); | 1222 | EVP_SignUpdate(&md_ctx,&(s->s3->server_random[0]),SSL3_RANDOM_SIZE); |
| 1064 | EVP_SignUpdate(&md_ctx,&(d[4]),n); | 1223 | EVP_SignUpdate(&md_ctx,&(d[4]),n); |
| @@ -1090,20 +1249,21 @@ SSL *s; | |||
| 1090 | s->init_off=0; | 1249 | s->init_off=0; |
| 1091 | } | 1250 | } |
| 1092 | 1251 | ||
| 1093 | /* SSL3_ST_SW_KEY_EXCH_B */ | 1252 | s->state = SSL3_ST_SW_KEY_EXCH_B; |
| 1253 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1094 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); | 1254 | return(ssl3_do_write(s,SSL3_RT_HANDSHAKE)); |
| 1095 | f_err: | 1255 | f_err: |
| 1096 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1256 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1097 | err: | 1257 | err: |
| 1258 | EVP_MD_CTX_cleanup(&md_ctx); | ||
| 1098 | return(-1); | 1259 | return(-1); |
| 1099 | } | 1260 | } |
| 1100 | 1261 | ||
| 1101 | static int ssl3_send_certificate_request(s) | 1262 | static int ssl3_send_certificate_request(SSL *s) |
| 1102 | SSL *s; | ||
| 1103 | { | 1263 | { |
| 1104 | unsigned char *p,*d; | 1264 | unsigned char *p,*d; |
| 1105 | int i,j,nl,off,n; | 1265 | int i,j,nl,off,n; |
| 1106 | STACK *sk=NULL; | 1266 | STACK_OF(X509_NAME) *sk=NULL; |
| 1107 | X509_NAME *name; | 1267 | X509_NAME *name; |
| 1108 | BUF_MEM *buf; | 1268 | BUF_MEM *buf; |
| 1109 | 1269 | ||
| @@ -1128,9 +1288,9 @@ SSL *s; | |||
| 1128 | nl=0; | 1288 | nl=0; |
| 1129 | if (sk != NULL) | 1289 | if (sk != NULL) |
| 1130 | { | 1290 | { |
| 1131 | for (i=0; i<sk_num(sk); i++) | 1291 | for (i=0; i<sk_X509_NAME_num(sk); i++) |
| 1132 | { | 1292 | { |
| 1133 | name=(X509_NAME *)sk_value(sk,i); | 1293 | name=sk_X509_NAME_value(sk,i); |
| 1134 | j=i2d_X509_NAME(name,NULL); | 1294 | j=i2d_X509_NAME(name,NULL); |
| 1135 | if (!BUF_MEM_grow(buf,4+n+j+2)) | 1295 | if (!BUF_MEM_grow(buf,4+n+j+2)) |
| 1136 | { | 1296 | { |
| @@ -1168,6 +1328,17 @@ SSL *s; | |||
| 1168 | 1328 | ||
| 1169 | s->init_num=n+4; | 1329 | s->init_num=n+4; |
| 1170 | s->init_off=0; | 1330 | s->init_off=0; |
| 1331 | #ifdef NETSCAPE_HANG_BUG | ||
| 1332 | p=(unsigned char *)s->init_buf->data + s->init_num; | ||
| 1333 | |||
| 1334 | /* do the header */ | ||
| 1335 | *(p++)=SSL3_MT_SERVER_DONE; | ||
| 1336 | *(p++)=0; | ||
| 1337 | *(p++)=0; | ||
| 1338 | *(p++)=0; | ||
| 1339 | s->init_num += 4; | ||
| 1340 | #endif | ||
| 1341 | |||
| 1171 | } | 1342 | } |
| 1172 | 1343 | ||
| 1173 | /* SSL3_ST_SW_CERT_REQ_B */ | 1344 | /* SSL3_ST_SW_CERT_REQ_B */ |
| @@ -1176,44 +1347,44 @@ err: | |||
| 1176 | return(-1); | 1347 | return(-1); |
| 1177 | } | 1348 | } |
| 1178 | 1349 | ||
| 1179 | static int ssl3_get_client_key_exchange(s) | 1350 | static int ssl3_get_client_key_exchange(SSL *s) |
| 1180 | SSL *s; | ||
| 1181 | { | 1351 | { |
| 1182 | int i,al,ok; | 1352 | int i,al,ok; |
| 1183 | long n; | 1353 | long n; |
| 1184 | unsigned long l; | 1354 | unsigned long l; |
| 1185 | unsigned char *p; | 1355 | unsigned char *p; |
| 1356 | #ifndef OPENSSL_NO_RSA | ||
| 1186 | RSA *rsa=NULL; | 1357 | RSA *rsa=NULL; |
| 1187 | EVP_PKEY *pkey=NULL; | 1358 | EVP_PKEY *pkey=NULL; |
| 1188 | #ifndef NO_DH | 1359 | #endif |
| 1360 | #ifndef OPENSSL_NO_DH | ||
| 1189 | BIGNUM *pub=NULL; | 1361 | BIGNUM *pub=NULL; |
| 1190 | DH *dh_srvr; | 1362 | DH *dh_srvr; |
| 1191 | #endif | 1363 | #endif |
| 1364 | #ifndef OPENSSL_NO_KRB5 | ||
| 1365 | KSSL_ERR kssl_err; | ||
| 1366 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 1192 | 1367 | ||
| 1193 | n=ssl3_get_message(s, | 1368 | n=ssl3_get_message(s, |
| 1194 | SSL3_ST_SR_KEY_EXCH_A, | 1369 | SSL3_ST_SR_KEY_EXCH_A, |
| 1195 | SSL3_ST_SR_KEY_EXCH_B, | 1370 | SSL3_ST_SR_KEY_EXCH_B, |
| 1196 | SSL3_MT_CLIENT_KEY_EXCHANGE, | 1371 | SSL3_MT_CLIENT_KEY_EXCHANGE, |
| 1197 | 400, /* ???? */ | 1372 | 2048, /* ??? */ |
| 1198 | &ok); | 1373 | &ok); |
| 1199 | 1374 | ||
| 1200 | if (!ok) return((int)n); | 1375 | if (!ok) return((int)n); |
| 1201 | p=(unsigned char *)s->init_buf->data; | 1376 | p=(unsigned char *)s->init_msg; |
| 1202 | 1377 | ||
| 1203 | l=s->s3->tmp.new_cipher->algorithms; | 1378 | l=s->s3->tmp.new_cipher->algorithms; |
| 1204 | 1379 | ||
| 1205 | #ifndef NO_RSA | 1380 | #ifndef OPENSSL_NO_RSA |
| 1206 | if (l & SSL_kRSA) | 1381 | if (l & SSL_kRSA) |
| 1207 | { | 1382 | { |
| 1208 | /* FIX THIS UP EAY EAY EAY EAY */ | 1383 | /* FIX THIS UP EAY EAY EAY EAY */ |
| 1209 | if (s->s3->tmp.use_rsa_tmp) | 1384 | if (s->s3->tmp.use_rsa_tmp) |
| 1210 | { | 1385 | { |
| 1211 | if ((s->session->cert != NULL) && | 1386 | if ((s->cert != NULL) && (s->cert->rsa_tmp != NULL)) |
| 1212 | (s->session->cert->rsa_tmp != NULL)) | 1387 | rsa=s->cert->rsa_tmp; |
| 1213 | rsa=s->session->cert->rsa_tmp; | ||
| 1214 | else if ((s->ctx->default_cert != NULL) && | ||
| 1215 | (s->ctx->default_cert->rsa_tmp != NULL)) | ||
| 1216 | rsa=s->ctx->default_cert->rsa_tmp; | ||
| 1217 | /* Don't do a callback because rsa_tmp should | 1388 | /* Don't do a callback because rsa_tmp should |
| 1218 | * be sent already */ | 1389 | * be sent already */ |
| 1219 | if (rsa == NULL) | 1390 | if (rsa == NULL) |
| @@ -1258,33 +1429,53 @@ SSL *s; | |||
| 1258 | 1429 | ||
| 1259 | i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); | 1430 | i=RSA_private_decrypt((int)n,p,p,rsa,RSA_PKCS1_PADDING); |
| 1260 | 1431 | ||
| 1261 | #if 1 | 1432 | al = -1; |
| 1262 | /* If a bad decrypt, use a dud master key */ | 1433 | |
| 1263 | if ((i != SSL_MAX_MASTER_KEY_LENGTH) || | ||
| 1264 | ((p[0] != (s->version>>8)) || | ||
| 1265 | (p[1] != (s->version & 0xff)))) | ||
| 1266 | { | ||
| 1267 | p[0]=(s->version>>8); | ||
| 1268 | p[1]=(s->version & 0xff); | ||
| 1269 | RAND_bytes(&(p[2]),SSL_MAX_MASTER_KEY_LENGTH-2); | ||
| 1270 | i=SSL_MAX_MASTER_KEY_LENGTH; | ||
| 1271 | } | ||
| 1272 | #else | ||
| 1273 | if (i != SSL_MAX_MASTER_KEY_LENGTH) | 1434 | if (i != SSL_MAX_MASTER_KEY_LENGTH) |
| 1274 | { | 1435 | { |
| 1275 | al=SSL_AD_DECODE_ERROR; | 1436 | al=SSL_AD_DECODE_ERROR; |
| 1276 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); | 1437 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_RSA_DECRYPT); |
| 1277 | goto f_err; | ||
| 1278 | } | 1438 | } |
| 1279 | 1439 | ||
| 1280 | if ((p[0] != (s->version>>8)) || (p[1] != (s->version & 0xff))) | 1440 | if ((al == -1) && !((p[0] == (s->client_version>>8)) && (p[1] == (s->client_version & 0xff)))) |
| 1281 | { | 1441 | { |
| 1282 | al=SSL_AD_DECODE_ERROR; | 1442 | /* The premaster secret must contain the same version number as the |
| 1283 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); | 1443 | * ClientHello to detect version rollback attacks (strangely, the |
| 1284 | goto f_err; | 1444 | * protocol does not offer such protection for DH ciphersuites). |
| 1445 | * However, buggy clients exist that send the negotiated protocol | ||
| 1446 | * version instead if the server does not support the requested | ||
| 1447 | * protocol version. | ||
| 1448 | * If SSL_OP_TLS_ROLLBACK_BUG is set, tolerate such clients. */ | ||
| 1449 | if (!((s->options & SSL_OP_TLS_ROLLBACK_BUG) && | ||
| 1450 | (p[0] == (s->version>>8)) && (p[1] == (s->version & 0xff)))) | ||
| 1451 | { | ||
| 1452 | al=SSL_AD_DECODE_ERROR; | ||
| 1453 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_BAD_PROTOCOL_VERSION_NUMBER); | ||
| 1454 | goto f_err; | ||
| 1455 | } | ||
| 1285 | } | 1456 | } |
| 1286 | #endif | ||
| 1287 | 1457 | ||
| 1458 | if (al != -1) | ||
| 1459 | { | ||
| 1460 | #if 0 | ||
| 1461 | goto f_err; | ||
| 1462 | #else | ||
| 1463 | /* Some decryption failure -- use random value instead as countermeasure | ||
| 1464 | * against Bleichenbacher's attack on PKCS #1 v1.5 RSA padding | ||
| 1465 | * (see RFC 2246, section 7.4.7.1). | ||
| 1466 | * But note that due to length and protocol version checking, the | ||
| 1467 | * attack is impractical anyway (see section 5 in D. Bleichenbacher: | ||
| 1468 | * "Chosen Ciphertext Attacks Against Protocols Based on the RSA | ||
| 1469 | * Encryption Standard PKCS #1", CRYPTO '98, LNCS 1462, pp. 1-12). | ||
| 1470 | */ | ||
| 1471 | ERR_clear_error(); | ||
| 1472 | i = SSL_MAX_MASTER_KEY_LENGTH; | ||
| 1473 | p[0] = s->client_version >> 8; | ||
| 1474 | p[1] = s->client_version & 0xff; | ||
| 1475 | RAND_pseudo_bytes(p+2, i-2); /* should be RAND_bytes, but we cannot work around a failure */ | ||
| 1476 | #endif | ||
| 1477 | } | ||
| 1478 | |||
| 1288 | s->session->master_key_length= | 1479 | s->session->master_key_length= |
| 1289 | s->method->ssl3_enc->generate_master_secret(s, | 1480 | s->method->ssl3_enc->generate_master_secret(s, |
| 1290 | s->session->master_key, | 1481 | s->session->master_key, |
| @@ -1293,7 +1484,7 @@ SSL *s; | |||
| 1293 | } | 1484 | } |
| 1294 | else | 1485 | else |
| 1295 | #endif | 1486 | #endif |
| 1296 | #ifndef NO_DH | 1487 | #ifndef OPENSSL_NO_DH |
| 1297 | if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) | 1488 | if (l & (SSL_kEDH|SSL_kDHr|SSL_kDHd)) |
| 1298 | { | 1489 | { |
| 1299 | n2s(p,i); | 1490 | n2s(p,i); |
| @@ -1352,26 +1543,175 @@ SSL *s; | |||
| 1352 | s->session->master_key_length= | 1543 | s->session->master_key_length= |
| 1353 | s->method->ssl3_enc->generate_master_secret(s, | 1544 | s->method->ssl3_enc->generate_master_secret(s, |
| 1354 | s->session->master_key,p,i); | 1545 | s->session->master_key,p,i); |
| 1546 | memset(p,0,i); | ||
| 1355 | } | 1547 | } |
| 1356 | else | 1548 | else |
| 1357 | #endif | 1549 | #endif |
| 1550 | #ifndef OPENSSL_NO_KRB5 | ||
| 1551 | if (l & SSL_kKRB5) | ||
| 1552 | { | ||
| 1553 | krb5_error_code krb5rc; | ||
| 1554 | krb5_data enc_ticket; | ||
| 1555 | krb5_data authenticator; | ||
| 1556 | krb5_data enc_pms; | ||
| 1557 | KSSL_CTX *kssl_ctx = s->kssl_ctx; | ||
| 1558 | EVP_CIPHER_CTX ciph_ctx; | ||
| 1559 | EVP_CIPHER *enc = NULL; | ||
| 1560 | unsigned char iv[EVP_MAX_IV_LENGTH]; | ||
| 1561 | unsigned char pms[SSL_MAX_MASTER_KEY_LENGTH | ||
| 1562 | + EVP_MAX_IV_LENGTH + 1]; | ||
| 1563 | int padl, outl = sizeof(pms); | ||
| 1564 | krb5_timestamp authtime = 0; | ||
| 1565 | krb5_ticket_times ttimes; | ||
| 1566 | |||
| 1567 | EVP_CIPHER_CTX_init(&ciph_ctx); | ||
| 1568 | |||
| 1569 | if (!kssl_ctx) kssl_ctx = kssl_ctx_new(); | ||
| 1570 | |||
| 1571 | n2s(p,i); | ||
| 1572 | enc_ticket.length = i; | ||
| 1573 | enc_ticket.data = (char *)p; | ||
| 1574 | p+=enc_ticket.length; | ||
| 1575 | |||
| 1576 | n2s(p,i); | ||
| 1577 | authenticator.length = i; | ||
| 1578 | authenticator.data = (char *)p; | ||
| 1579 | p+=authenticator.length; | ||
| 1580 | |||
| 1581 | n2s(p,i); | ||
| 1582 | enc_pms.length = i; | ||
| 1583 | enc_pms.data = (char *)p; | ||
| 1584 | p+=enc_pms.length; | ||
| 1585 | |||
| 1586 | if (n != enc_ticket.length + authenticator.length + | ||
| 1587 | enc_pms.length + 6) | ||
| 1588 | { | ||
| 1589 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1590 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1591 | goto err; | ||
| 1592 | } | ||
| 1593 | |||
| 1594 | if ((krb5rc = kssl_sget_tkt(kssl_ctx, &enc_ticket, &ttimes, | ||
| 1595 | &kssl_err)) != 0) | ||
| 1596 | { | ||
| 1597 | #ifdef KSSL_DEBUG | ||
| 1598 | printf("kssl_sget_tkt rtn %d [%d]\n", | ||
| 1599 | krb5rc, kssl_err.reason); | ||
| 1600 | if (kssl_err.text) | ||
| 1601 | printf("kssl_err text= %s\n", kssl_err.text); | ||
| 1602 | #endif /* KSSL_DEBUG */ | ||
| 1603 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1604 | kssl_err.reason); | ||
| 1605 | goto err; | ||
| 1606 | } | ||
| 1607 | |||
| 1608 | /* Note: no authenticator is not considered an error, | ||
| 1609 | ** but will return authtime == 0. | ||
| 1610 | */ | ||
| 1611 | if ((krb5rc = kssl_check_authent(kssl_ctx, &authenticator, | ||
| 1612 | &authtime, &kssl_err)) != 0) | ||
| 1613 | { | ||
| 1614 | #ifdef KSSL_DEBUG | ||
| 1615 | printf("kssl_check_authent rtn %d [%d]\n", | ||
| 1616 | krb5rc, kssl_err.reason); | ||
| 1617 | if (kssl_err.text) | ||
| 1618 | printf("kssl_err text= %s\n", kssl_err.text); | ||
| 1619 | #endif /* KSSL_DEBUG */ | ||
| 1620 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, | ||
| 1621 | kssl_err.reason); | ||
| 1622 | goto err; | ||
| 1623 | } | ||
| 1624 | |||
| 1625 | if ((krb5rc = kssl_validate_times(authtime, &ttimes)) != 0) | ||
| 1626 | { | ||
| 1627 | SSLerr(SSL_F_SSL3_SEND_CLIENT_KEY_EXCHANGE, krb5rc); | ||
| 1628 | goto err; | ||
| 1629 | } | ||
| 1630 | |||
| 1631 | #ifdef KSSL_DEBUG | ||
| 1632 | kssl_ctx_show(kssl_ctx); | ||
| 1633 | #endif /* KSSL_DEBUG */ | ||
| 1634 | |||
| 1635 | enc = kssl_map_enc(kssl_ctx->enctype); | ||
| 1636 | if (enc == NULL) | ||
| 1637 | goto err; | ||
| 1638 | |||
| 1639 | memset(iv, 0, EVP_MAX_IV_LENGTH); /* per RFC 1510 */ | ||
| 1640 | |||
| 1641 | if (!EVP_DecryptInit_ex(&ciph_ctx,enc,NULL,kssl_ctx->key,iv)) | ||
| 1642 | { | ||
| 1643 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1644 | SSL_R_DECRYPTION_FAILED); | ||
| 1645 | goto err; | ||
| 1646 | } | ||
| 1647 | if (!EVP_DecryptUpdate(&ciph_ctx, pms,&outl, | ||
| 1648 | (unsigned char *)enc_pms.data, enc_pms.length)) | ||
| 1649 | { | ||
| 1650 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1651 | SSL_R_DECRYPTION_FAILED); | ||
| 1652 | goto err; | ||
| 1653 | } | ||
| 1654 | if (outl > SSL_MAX_MASTER_KEY_LENGTH) | ||
| 1655 | { | ||
| 1656 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1657 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1658 | goto err; | ||
| 1659 | } | ||
| 1660 | if (!EVP_DecryptFinal_ex(&ciph_ctx,&(pms[outl]),&padl)) | ||
| 1661 | { | ||
| 1662 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1663 | SSL_R_DECRYPTION_FAILED); | ||
| 1664 | goto err; | ||
| 1665 | } | ||
| 1666 | outl += padl; | ||
| 1667 | if (outl > SSL_MAX_MASTER_KEY_LENGTH) | ||
| 1668 | { | ||
| 1669 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, | ||
| 1670 | SSL_R_DATA_LENGTH_TOO_LONG); | ||
| 1671 | goto err; | ||
| 1672 | } | ||
| 1673 | EVP_CIPHER_CTX_cleanup(&ciph_ctx); | ||
| 1674 | |||
| 1675 | s->session->master_key_length= | ||
| 1676 | s->method->ssl3_enc->generate_master_secret(s, | ||
| 1677 | s->session->master_key, pms, outl); | ||
| 1678 | |||
| 1679 | if (kssl_ctx->client_princ) | ||
| 1680 | { | ||
| 1681 | int len = strlen(kssl_ctx->client_princ); | ||
| 1682 | if ( len < SSL_MAX_KRB5_PRINCIPAL_LENGTH ) | ||
| 1683 | { | ||
| 1684 | s->session->krb5_client_princ_len = len; | ||
| 1685 | memcpy(s->session->krb5_client_princ,kssl_ctx->client_princ,len); | ||
| 1686 | } | ||
| 1687 | } | ||
| 1688 | |||
| 1689 | |||
| 1690 | /* Was doing kssl_ctx_free() here, | ||
| 1691 | ** but it caused problems for apache. | ||
| 1692 | ** kssl_ctx = kssl_ctx_free(kssl_ctx); | ||
| 1693 | ** if (s->kssl_ctx) s->kssl_ctx = NULL; | ||
| 1694 | */ | ||
| 1695 | } | ||
| 1696 | else | ||
| 1697 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 1358 | { | 1698 | { |
| 1359 | al=SSL_AD_HANDSHAKE_FAILURE; | 1699 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1360 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE,SSL_R_UNKNOWN_CIPHER_TYPE); | 1700 | SSLerr(SSL_F_SSL3_GET_CLIENT_KEY_EXCHANGE, |
| 1701 | SSL_R_UNKNOWN_CIPHER_TYPE); | ||
| 1361 | goto f_err; | 1702 | goto f_err; |
| 1362 | } | 1703 | } |
| 1363 | 1704 | ||
| 1364 | return(1); | 1705 | return(1); |
| 1365 | f_err: | 1706 | f_err: |
| 1366 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1707 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1367 | #if !defined(NO_DH) || !defined(NO_RSA) | 1708 | #if !defined(OPENSSL_NO_DH) || !defined(OPENSSL_NO_RSA) |
| 1368 | err: | 1709 | err: |
| 1369 | #endif | 1710 | #endif |
| 1370 | return(-1); | 1711 | return(-1); |
| 1371 | } | 1712 | } |
| 1372 | 1713 | ||
| 1373 | static int ssl3_get_cert_verify(s) | 1714 | static int ssl3_get_cert_verify(SSL *s) |
| 1374 | SSL *s; | ||
| 1375 | { | 1715 | { |
| 1376 | EVP_PKEY *pkey=NULL; | 1716 | EVP_PKEY *pkey=NULL; |
| 1377 | unsigned char *p; | 1717 | unsigned char *p; |
| @@ -1436,7 +1776,7 @@ SSL *s; | |||
| 1436 | } | 1776 | } |
| 1437 | 1777 | ||
| 1438 | /* we now have a signature that we need to verify */ | 1778 | /* we now have a signature that we need to verify */ |
| 1439 | p=(unsigned char *)s->init_buf->data; | 1779 | p=(unsigned char *)s->init_msg; |
| 1440 | n2s(p,i); | 1780 | n2s(p,i); |
| 1441 | n-=2; | 1781 | n-=2; |
| 1442 | if (i > n) | 1782 | if (i > n) |
| @@ -1454,19 +1794,19 @@ SSL *s; | |||
| 1454 | goto f_err; | 1794 | goto f_err; |
| 1455 | } | 1795 | } |
| 1456 | 1796 | ||
| 1457 | #ifndef NO_RSA | 1797 | #ifndef OPENSSL_NO_RSA |
| 1458 | if (pkey->type == EVP_PKEY_RSA) | 1798 | if (pkey->type == EVP_PKEY_RSA) |
| 1459 | { | 1799 | { |
| 1460 | i=RSA_public_decrypt(i,p,p,pkey->pkey.rsa,RSA_PKCS1_PADDING); | 1800 | i=RSA_verify(NID_md5_sha1, s->s3->tmp.cert_verify_md, |
| 1801 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH, p, i, | ||
| 1802 | pkey->pkey.rsa); | ||
| 1461 | if (i < 0) | 1803 | if (i < 0) |
| 1462 | { | 1804 | { |
| 1463 | al=SSL_AD_DECRYPT_ERROR; | 1805 | al=SSL_AD_DECRYPT_ERROR; |
| 1464 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); | 1806 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_DECRYPT); |
| 1465 | goto f_err; | 1807 | goto f_err; |
| 1466 | } | 1808 | } |
| 1467 | if ((i != (MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) || | 1809 | if (i == 0) |
| 1468 | memcmp(&(s->s3->tmp.finish_md[0]),p, | ||
| 1469 | MD5_DIGEST_LENGTH+SHA_DIGEST_LENGTH)) | ||
| 1470 | { | 1810 | { |
| 1471 | al=SSL_AD_DECRYPT_ERROR; | 1811 | al=SSL_AD_DECRYPT_ERROR; |
| 1472 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); | 1812 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_BAD_RSA_SIGNATURE); |
| @@ -1475,11 +1815,11 @@ SSL *s; | |||
| 1475 | } | 1815 | } |
| 1476 | else | 1816 | else |
| 1477 | #endif | 1817 | #endif |
| 1478 | #ifndef NO_DSA | 1818 | #ifndef OPENSSL_NO_DSA |
| 1479 | if (pkey->type == EVP_PKEY_DSA) | 1819 | if (pkey->type == EVP_PKEY_DSA) |
| 1480 | { | 1820 | { |
| 1481 | j=DSA_verify(pkey->save_type, | 1821 | j=DSA_verify(pkey->save_type, |
| 1482 | &(s->s3->tmp.finish_md[MD5_DIGEST_LENGTH]), | 1822 | &(s->s3->tmp.cert_verify_md[MD5_DIGEST_LENGTH]), |
| 1483 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); | 1823 | SHA_DIGEST_LENGTH,p,i,pkey->pkey.dsa); |
| 1484 | if (j <= 0) | 1824 | if (j <= 0) |
| 1485 | { | 1825 | { |
| @@ -1492,7 +1832,7 @@ SSL *s; | |||
| 1492 | else | 1832 | else |
| 1493 | #endif | 1833 | #endif |
| 1494 | { | 1834 | { |
| 1495 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,SSL_R_INTERNAL_ERROR); | 1835 | SSLerr(SSL_F_SSL3_GET_CERT_VERIFY,ERR_R_INTERNAL_ERROR); |
| 1496 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; | 1836 | al=SSL_AD_UNSUPPORTED_CERTIFICATE; |
| 1497 | goto f_err; | 1837 | goto f_err; |
| 1498 | } | 1838 | } |
| @@ -1505,27 +1845,23 @@ f_err: | |||
| 1505 | ssl3_send_alert(s,SSL3_AL_FATAL,al); | 1845 | ssl3_send_alert(s,SSL3_AL_FATAL,al); |
| 1506 | } | 1846 | } |
| 1507 | end: | 1847 | end: |
| 1848 | EVP_PKEY_free(pkey); | ||
| 1508 | return(ret); | 1849 | return(ret); |
| 1509 | } | 1850 | } |
| 1510 | 1851 | ||
| 1511 | static int ssl3_get_client_certificate(s) | 1852 | static int ssl3_get_client_certificate(SSL *s) |
| 1512 | SSL *s; | ||
| 1513 | { | 1853 | { |
| 1514 | int i,ok,al,ret= -1; | 1854 | int i,ok,al,ret= -1; |
| 1515 | X509 *x=NULL; | 1855 | X509 *x=NULL; |
| 1516 | unsigned long l,nc,llen,n; | 1856 | unsigned long l,nc,llen,n; |
| 1517 | unsigned char *p,*d,*q; | 1857 | unsigned char *p,*d,*q; |
| 1518 | STACK *sk=NULL; | 1858 | STACK_OF(X509) *sk=NULL; |
| 1519 | 1859 | ||
| 1520 | n=ssl3_get_message(s, | 1860 | n=ssl3_get_message(s, |
| 1521 | SSL3_ST_SR_CERT_A, | 1861 | SSL3_ST_SR_CERT_A, |
| 1522 | SSL3_ST_SR_CERT_B, | 1862 | SSL3_ST_SR_CERT_B, |
| 1523 | -1, | 1863 | -1, |
| 1524 | #if defined(MSDOS) && !defined(WIN32) | 1864 | s->max_cert_list, |
| 1525 | 1024*30, /* 30k max cert list :-) */ | ||
| 1526 | #else | ||
| 1527 | 1024*100, /* 100k max cert list :-) */ | ||
| 1528 | #endif | ||
| 1529 | &ok); | 1865 | &ok); |
| 1530 | 1866 | ||
| 1531 | if (!ok) return((int)n); | 1867 | if (!ok) return((int)n); |
| @@ -1539,7 +1875,7 @@ SSL *s; | |||
| 1539 | al=SSL_AD_HANDSHAKE_FAILURE; | 1875 | al=SSL_AD_HANDSHAKE_FAILURE; |
| 1540 | goto f_err; | 1876 | goto f_err; |
| 1541 | } | 1877 | } |
| 1542 | /* If tls asked for a client cert we must return a 0 list */ | 1878 | /* If tls asked for a client cert, the client must return a 0 list */ |
| 1543 | if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) | 1879 | if ((s->version > SSL3_VERSION) && s->s3->tmp.cert_request) |
| 1544 | { | 1880 | { |
| 1545 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); | 1881 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST); |
| @@ -1556,9 +1892,9 @@ SSL *s; | |||
| 1556 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); | 1892 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_WRONG_MESSAGE_TYPE); |
| 1557 | goto f_err; | 1893 | goto f_err; |
| 1558 | } | 1894 | } |
| 1559 | d=p=(unsigned char *)s->init_buf->data; | 1895 | d=p=(unsigned char *)s->init_msg; |
| 1560 | 1896 | ||
| 1561 | if ((sk=sk_new_null()) == NULL) | 1897 | if ((sk=sk_X509_new_null()) == NULL) |
| 1562 | { | 1898 | { |
| 1563 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 1899 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 1564 | goto err; | 1900 | goto err; |
| @@ -1594,7 +1930,7 @@ SSL *s; | |||
| 1594 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); | 1930 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,SSL_R_CERT_LENGTH_MISMATCH); |
| 1595 | goto f_err; | 1931 | goto f_err; |
| 1596 | } | 1932 | } |
| 1597 | if (!sk_push(sk,(char *)x)) | 1933 | if (!sk_X509_push(sk,x)) |
| 1598 | { | 1934 | { |
| 1599 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); | 1935 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 1600 | goto err; | 1936 | goto err; |
| @@ -1603,7 +1939,7 @@ SSL *s; | |||
| 1603 | nc+=l+3; | 1939 | nc+=l+3; |
| 1604 | } | 1940 | } |
| 1605 | 1941 | ||
| 1606 | if (sk_num(sk) <= 0) | 1942 | if (sk_X509_num(sk) <= 0) |
| 1607 | { | 1943 | { |
| 1608 | /* TLS does not mind 0 certs returned */ | 1944 | /* TLS does not mind 0 certs returned */ |
| 1609 | if (s->version == SSL3_VERSION) | 1945 | if (s->version == SSL3_VERSION) |
| @@ -1632,10 +1968,29 @@ SSL *s; | |||
| 1632 | } | 1968 | } |
| 1633 | } | 1969 | } |
| 1634 | 1970 | ||
| 1635 | /* This should not be needed */ | 1971 | if (s->session->peer != NULL) /* This should not be needed */ |
| 1636 | if (s->session->peer != NULL) | ||
| 1637 | X509_free(s->session->peer); | 1972 | X509_free(s->session->peer); |
| 1638 | s->session->peer=(X509 *)sk_shift(sk); | 1973 | s->session->peer=sk_X509_shift(sk); |
| 1974 | s->session->verify_result = s->verify_result; | ||
| 1975 | |||
| 1976 | /* With the current implementation, sess_cert will always be NULL | ||
| 1977 | * when we arrive here. */ | ||
| 1978 | if (s->session->sess_cert == NULL) | ||
| 1979 | { | ||
| 1980 | s->session->sess_cert = ssl_sess_cert_new(); | ||
| 1981 | if (s->session->sess_cert == NULL) | ||
| 1982 | { | ||
| 1983 | SSLerr(SSL_F_SSL3_GET_CLIENT_CERTIFICATE, ERR_R_MALLOC_FAILURE); | ||
| 1984 | goto err; | ||
| 1985 | } | ||
| 1986 | } | ||
| 1987 | if (s->session->sess_cert->cert_chain != NULL) | ||
| 1988 | sk_X509_pop_free(s->session->sess_cert->cert_chain, X509_free); | ||
| 1989 | s->session->sess_cert->cert_chain=sk; | ||
| 1990 | /* Inconsistency alert: cert_chain does *not* include the | ||
| 1991 | * peer's own certificate, while we do include it in s3_clnt.c */ | ||
| 1992 | |||
| 1993 | sk=NULL; | ||
| 1639 | 1994 | ||
| 1640 | ret=1; | 1995 | ret=1; |
| 1641 | if (0) | 1996 | if (0) |
| @@ -1645,12 +2000,11 @@ f_err: | |||
| 1645 | } | 2000 | } |
| 1646 | err: | 2001 | err: |
| 1647 | if (x != NULL) X509_free(x); | 2002 | if (x != NULL) X509_free(x); |
| 1648 | if (sk != NULL) sk_pop_free(sk,X509_free); | 2003 | if (sk != NULL) sk_X509_pop_free(sk,X509_free); |
| 1649 | return(ret); | 2004 | return(ret); |
| 1650 | } | 2005 | } |
| 1651 | 2006 | ||
| 1652 | int ssl3_send_server_certificate(s) | 2007 | int ssl3_send_server_certificate(SSL *s) |
| 1653 | SSL *s; | ||
| 1654 | { | 2008 | { |
| 1655 | unsigned long l; | 2009 | unsigned long l; |
| 1656 | X509 *x; | 2010 | X509 *x; |
| @@ -1658,9 +2012,13 @@ SSL *s; | |||
| 1658 | if (s->state == SSL3_ST_SW_CERT_A) | 2012 | if (s->state == SSL3_ST_SW_CERT_A) |
| 1659 | { | 2013 | { |
| 1660 | x=ssl_get_server_send_cert(s); | 2014 | x=ssl_get_server_send_cert(s); |
| 1661 | if (x == NULL) | 2015 | if (x == NULL && |
| 2016 | /* VRS: allow null cert if auth == KRB5 */ | ||
| 2017 | (s->s3->tmp.new_cipher->algorithms | ||
| 2018 | & (SSL_MKEY_MASK|SSL_AUTH_MASK)) | ||
| 2019 | != (SSL_aKRB5|SSL_kKRB5)) | ||
| 1662 | { | 2020 | { |
| 1663 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,SSL_R_INTERNAL_ERROR); | 2021 | SSLerr(SSL_F_SSL3_SEND_SERVER_CERTIFICATE,ERR_R_INTERNAL_ERROR); |
| 1664 | return(0); | 2022 | return(0); |
| 1665 | } | 2023 | } |
| 1666 | 2024 | ||
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index cf8f9651b2..833f761690 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h | |||
| @@ -55,10 +55,131 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 111 | /* ==================================================================== | ||
| 112 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 113 | * | ||
| 114 | * Redistribution and use in source and binary forms, with or without | ||
| 115 | * modification, are permitted provided that the following conditions | ||
| 116 | * are met: | ||
| 117 | * | ||
| 118 | * 1. Redistributions of source code must retain the above copyright | ||
| 119 | * notice, this list of conditions and the following disclaimer. | ||
| 120 | * | ||
| 121 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 122 | * notice, this list of conditions and the following disclaimer in | ||
| 123 | * the documentation and/or other materials provided with the | ||
| 124 | * distribution. | ||
| 125 | * | ||
| 126 | * 3. All advertising materials mentioning features or use of this | ||
| 127 | * software must display the following acknowledgment: | ||
| 128 | * "This product includes software developed by the OpenSSL Project | ||
| 129 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 130 | * | ||
| 131 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 132 | * endorse or promote products derived from this software without | ||
| 133 | * prior written permission. For written permission, please contact | ||
| 134 | * openssl-core@openssl.org. | ||
| 135 | * | ||
| 136 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 137 | * nor may "OpenSSL" appear in their names without prior written | ||
| 138 | * permission of the OpenSSL Project. | ||
| 139 | * | ||
| 140 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 141 | * acknowledgment: | ||
| 142 | * "This product includes software developed by the OpenSSL Project | ||
| 143 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 144 | * | ||
| 145 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 146 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 147 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 148 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 149 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 150 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 151 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 152 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 153 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 154 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 155 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 156 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 157 | * ==================================================================== | ||
| 158 | * | ||
| 159 | * This product includes cryptographic software written by Eric Young | ||
| 160 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 161 | * Hudson (tjh@cryptsoft.com). | ||
| 162 | * | ||
| 163 | */ | ||
| 58 | 164 | ||
| 59 | #ifndef HEADER_SSL_H | 165 | #ifndef HEADER_SSL_H |
| 60 | #define HEADER_SSL_H | 166 | #define HEADER_SSL_H |
| 61 | 167 | ||
| 168 | #include <openssl/e_os2.h> | ||
| 169 | |||
| 170 | #ifndef OPENSSL_NO_COMP | ||
| 171 | #include <openssl/comp.h> | ||
| 172 | #endif | ||
| 173 | #ifndef OPENSSL_NO_BIO | ||
| 174 | #include <openssl/bio.h> | ||
| 175 | #endif | ||
| 176 | #ifndef OPENSSL_NO_X509 | ||
| 177 | #include <openssl/x509.h> | ||
| 178 | #endif | ||
| 179 | #include <openssl/kssl.h> | ||
| 180 | #include <openssl/safestack.h> | ||
| 181 | #include <openssl/symhacks.h> | ||
| 182 | |||
| 62 | #ifdef __cplusplus | 183 | #ifdef __cplusplus |
| 63 | extern "C" { | 184 | extern "C" { |
| 64 | #endif | 185 | #endif |
| @@ -81,7 +202,18 @@ extern "C" { | |||
| 81 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 | 202 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_MD5 SSL2_TXT_DES_192_EDE3_CBC_WITH_MD5 |
| 82 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA | 203 | #define SSL_TXT_DES_192_EDE3_CBC_WITH_SHA SSL2_TXT_DES_192_EDE3_CBC_WITH_SHA |
| 83 | 204 | ||
| 205 | /* VRS Additional Kerberos5 entries | ||
| 206 | */ | ||
| 207 | #define SSL_TXT_KRB5_DES_40_CBC_SHA SSL3_TXT_KRB5_DES_40_CBC_SHA | ||
| 208 | #define SSL_TXT_KRB5_DES_40_CBC_MD5 SSL3_TXT_KRB5_DES_40_CBC_MD5 | ||
| 209 | #define SSL_TXT_KRB5_DES_64_CBC_SHA SSL3_TXT_KRB5_DES_64_CBC_SHA | ||
| 210 | #define SSL_TXT_KRB5_DES_64_CBC_MD5 SSL3_TXT_KRB5_DES_64_CBC_MD5 | ||
| 211 | #define SSL_TXT_KRB5_DES_192_CBC3_SHA SSL3_TXT_KRB5_DES_192_CBC3_SHA | ||
| 212 | #define SSL_TXT_KRB5_DES_192_CBC3_MD5 SSL3_TXT_KRB5_DES_192_CBC3_MD5 | ||
| 213 | #define SSL_MAX_KRB5_PRINCIPAL_LENGTH 256 | ||
| 214 | |||
| 84 | #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 | 215 | #define SSL_MAX_SSL_SESSION_ID_LENGTH 32 |
| 216 | #define SSL_MAX_SID_CTX_LENGTH 32 | ||
| 85 | 217 | ||
| 86 | #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) | 218 | #define SSL_MIN_RSA_MODULUS_LENGTH_IN_BYTES (512/8) |
| 87 | #define SSL_MAX_KEY_ARG_LENGTH 8 | 219 | #define SSL_MAX_KEY_ARG_LENGTH 8 |
| @@ -100,6 +232,10 @@ extern "C" { | |||
| 100 | #define SSL_TXT_eNULL "eNULL" | 232 | #define SSL_TXT_eNULL "eNULL" |
| 101 | #define SSL_TXT_NULL "NULL" | 233 | #define SSL_TXT_NULL "NULL" |
| 102 | 234 | ||
| 235 | #define SSL_TXT_kKRB5 "kKRB5" | ||
| 236 | #define SSL_TXT_aKRB5 "aKRB5" | ||
| 237 | #define SSL_TXT_KRB5 "KRB5" | ||
| 238 | |||
| 103 | #define SSL_TXT_kRSA "kRSA" | 239 | #define SSL_TXT_kRSA "kRSA" |
| 104 | #define SSL_TXT_kDHr "kDHr" | 240 | #define SSL_TXT_kDHr "kDHr" |
| 105 | #define SSL_TXT_kDHd "kDHd" | 241 | #define SSL_TXT_kDHd "kDHd" |
| @@ -117,33 +253,46 @@ extern "C" { | |||
| 117 | #define SSL_TXT_RC4 "RC4" | 253 | #define SSL_TXT_RC4 "RC4" |
| 118 | #define SSL_TXT_RC2 "RC2" | 254 | #define SSL_TXT_RC2 "RC2" |
| 119 | #define SSL_TXT_IDEA "IDEA" | 255 | #define SSL_TXT_IDEA "IDEA" |
| 256 | #define SSL_TXT_AES "AESdraft" /* AES ciphersuites are not yet official (thus excluded from 'ALL') */ | ||
| 120 | #define SSL_TXT_MD5 "MD5" | 257 | #define SSL_TXT_MD5 "MD5" |
| 121 | #define SSL_TXT_SHA1 "SHA1" | 258 | #define SSL_TXT_SHA1 "SHA1" |
| 122 | #define SSL_TXT_SHA "SHA" | 259 | #define SSL_TXT_SHA "SHA" |
| 123 | #define SSL_TXT_EXP "EXP" | 260 | #define SSL_TXT_EXP "EXP" |
| 124 | #define SSL_TXT_EXPORT "EXPORT" | 261 | #define SSL_TXT_EXPORT "EXPORT" |
| 262 | #define SSL_TXT_EXP40 "EXPORT40" | ||
| 263 | #define SSL_TXT_EXP56 "EXPORT56" | ||
| 125 | #define SSL_TXT_SSLV2 "SSLv2" | 264 | #define SSL_TXT_SSLV2 "SSLv2" |
| 126 | #define SSL_TXT_SSLV3 "SSLv3" | 265 | #define SSL_TXT_SSLV3 "SSLv3" |
| 266 | #define SSL_TXT_TLSV1 "TLSv1" | ||
| 127 | #define SSL_TXT_ALL "ALL" | 267 | #define SSL_TXT_ALL "ALL" |
| 128 | 268 | ||
| 129 | /* 'DEFAULT' at the start of the cipher list insert the following string | 269 | /* The following cipher list is used by default. |
| 130 | * in addition to this being the default cipher string */ | 270 | * It also is substituted when an application-defined cipher list string |
| 131 | #ifndef NO_RSA | 271 | * starts with 'DEFAULT'. */ |
| 132 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP" | 272 | #define SSL_DEFAULT_CIPHER_LIST "ALL:!ADH:+RC4:@STRENGTH" /* low priority for RC4 */ |
| 133 | #else | ||
| 134 | #define SSL_ALLOW_ADH | ||
| 135 | #define SSL_DEFAULT_CIPHER_LIST "HIGH:MEDIUM:LOW:ADH+3DES:ADH+RC4:ADH+DES:+EXP" | ||
| 136 | #endif | ||
| 137 | 273 | ||
| 138 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ | 274 | /* Used in SSL_set_shutdown()/SSL_get_shutdown(); */ |
| 139 | #define SSL_SENT_SHUTDOWN 1 | 275 | #define SSL_SENT_SHUTDOWN 1 |
| 140 | #define SSL_RECEIVED_SHUTDOWN 2 | 276 | #define SSL_RECEIVED_SHUTDOWN 2 |
| 141 | 277 | ||
| 142 | #include "crypto.h" | 278 | #ifdef __cplusplus |
| 143 | #include "lhash.h" | 279 | } |
| 144 | #include "buffer.h" | 280 | #endif |
| 145 | #include "bio.h" | 281 | |
| 146 | #include "x509.h" | 282 | #include <openssl/crypto.h> |
| 283 | #include <openssl/lhash.h> | ||
| 284 | #include <openssl/buffer.h> | ||
| 285 | #include <openssl/bio.h> | ||
| 286 | #include <openssl/pem.h> | ||
| 287 | #include <openssl/x509.h> | ||
| 288 | |||
| 289 | #ifdef __cplusplus | ||
| 290 | extern "C" { | ||
| 291 | #endif | ||
| 292 | |||
| 293 | #if (defined(OPENSSL_NO_RSA) || defined(OPENSSL_NO_MD5)) && !defined(OPENSSL_NO_SSL2) | ||
| 294 | #define OPENSSL_NO_SSL2 | ||
| 295 | #endif | ||
| 147 | 296 | ||
| 148 | #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 | 297 | #define SSL_FILETYPE_ASN1 X509_FILETYPE_ASN1 |
| 149 | #define SSL_FILETYPE_PEM X509_FILETYPE_PEM | 298 | #define SSL_FILETYPE_PEM X509_FILETYPE_PEM |
| @@ -157,44 +306,52 @@ typedef struct ssl_st *ssl_crock_st; | |||
| 157 | typedef struct ssl_cipher_st | 306 | typedef struct ssl_cipher_st |
| 158 | { | 307 | { |
| 159 | int valid; | 308 | int valid; |
| 160 | char *name; /* text name */ | 309 | const char *name; /* text name */ |
| 161 | unsigned long id; /* id, 4 bytes, first is version */ | 310 | unsigned long id; /* id, 4 bytes, first is version */ |
| 162 | unsigned long algorithms; /* what ciphers are used */ | 311 | unsigned long algorithms; /* what ciphers are used */ |
| 312 | unsigned long algo_strength; /* strength and export flags */ | ||
| 163 | unsigned long algorithm2; /* Extra flags */ | 313 | unsigned long algorithm2; /* Extra flags */ |
| 314 | int strength_bits; /* Number of bits really used */ | ||
| 315 | int alg_bits; /* Number of bits for algorithm */ | ||
| 164 | unsigned long mask; /* used for matching */ | 316 | unsigned long mask; /* used for matching */ |
| 317 | unsigned long mask_strength; /* also used for matching */ | ||
| 165 | } SSL_CIPHER; | 318 | } SSL_CIPHER; |
| 166 | 319 | ||
| 320 | DECLARE_STACK_OF(SSL_CIPHER) | ||
| 321 | |||
| 322 | typedef struct ssl_st SSL; | ||
| 323 | typedef struct ssl_ctx_st SSL_CTX; | ||
| 324 | |||
| 167 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ | 325 | /* Used to hold functions for SSLv2 or SSLv3/TLSv1 functions */ |
| 168 | typedef struct ssl_method_st | 326 | typedef struct ssl_method_st |
| 169 | { | 327 | { |
| 170 | int version; | 328 | int version; |
| 171 | int (*ssl_new)(); | 329 | int (*ssl_new)(SSL *s); |
| 172 | void (*ssl_clear)(); | 330 | void (*ssl_clear)(SSL *s); |
| 173 | void (*ssl_free)(); | 331 | void (*ssl_free)(SSL *s); |
| 174 | int (*ssl_accept)(); | 332 | int (*ssl_accept)(SSL *s); |
| 175 | int (*ssl_connect)(); | 333 | int (*ssl_connect)(SSL *s); |
| 176 | int (*ssl_read)(); | 334 | int (*ssl_read)(SSL *s,void *buf,int len); |
| 177 | int (*ssl_peek)(); | 335 | int (*ssl_peek)(SSL *s,void *buf,int len); |
| 178 | int (*ssl_write)(); | 336 | int (*ssl_write)(SSL *s,const void *buf,int len); |
| 179 | int (*ssl_shutdown)(); | 337 | int (*ssl_shutdown)(SSL *s); |
| 180 | int (*ssl_renegotiate)(); | 338 | int (*ssl_renegotiate)(SSL *s); |
| 181 | long (*ssl_ctrl)(); | 339 | int (*ssl_renegotiate_check)(SSL *s); |
| 182 | long (*ssl_ctx_ctrl)(); | 340 | long (*ssl_ctrl)(SSL *s,int cmd,long larg,void *parg); |
| 183 | SSL_CIPHER *(*get_cipher_by_char)(); | 341 | long (*ssl_ctx_ctrl)(SSL_CTX *ctx,int cmd,long larg,void *parg); |
| 184 | int (*put_cipher_by_char)(); | 342 | SSL_CIPHER *(*get_cipher_by_char)(const unsigned char *ptr); |
| 185 | int (*ssl_pending)(); | 343 | int (*put_cipher_by_char)(const SSL_CIPHER *cipher,unsigned char *ptr); |
| 186 | int (*num_ciphers)(); | 344 | int (*ssl_pending)(SSL *s); |
| 187 | SSL_CIPHER *(*get_cipher)(); | 345 | int (*num_ciphers)(void); |
| 188 | struct ssl_method_st *(*get_ssl_method)(); | 346 | SSL_CIPHER *(*get_cipher)(unsigned ncipher); |
| 189 | long (*get_timeout)(); | 347 | struct ssl_method_st *(*get_ssl_method)(int version); |
| 348 | long (*get_timeout)(void); | ||
| 190 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ | 349 | struct ssl3_enc_method *ssl3_enc; /* Extra SSLv3/TLS stuff */ |
| 350 | int (*ssl_version)(); | ||
| 351 | long (*ssl_callback_ctrl)(SSL *s, int cb_id, void (*fp)()); | ||
| 352 | long (*ssl_ctx_callback_ctrl)(SSL_CTX *s, int cb_id, void (*fp)()); | ||
| 191 | } SSL_METHOD; | 353 | } SSL_METHOD; |
| 192 | 354 | ||
| 193 | typedef struct ssl_compression_st | ||
| 194 | { | ||
| 195 | char *stuff; | ||
| 196 | } SSL_COMPRESSION; | ||
| 197 | |||
| 198 | /* Lets make this into an ASN.1 type structure as follows | 355 | /* Lets make this into an ASN.1 type structure as follows |
| 199 | * SSL_SESSION_ID ::= SEQUENCE { | 356 | * SSL_SESSION_ID ::= SEQUENCE { |
| 200 | * version INTEGER, -- structure version number | 357 | * version INTEGER, -- structure version number |
| @@ -202,10 +359,14 @@ typedef struct ssl_compression_st | |||
| 202 | * Cipher OCTET_STRING, -- the 3 byte cipher ID | 359 | * Cipher OCTET_STRING, -- the 3 byte cipher ID |
| 203 | * Session_ID OCTET_STRING, -- the Session ID | 360 | * Session_ID OCTET_STRING, -- the Session ID |
| 204 | * Master_key OCTET_STRING, -- the master key | 361 | * Master_key OCTET_STRING, -- the master key |
| 362 | * KRB5_principal OCTET_STRING -- optional Kerberos principal | ||
| 205 | * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument | 363 | * Key_Arg [ 0 ] IMPLICIT OCTET_STRING, -- the optional Key argument |
| 206 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time | 364 | * Time [ 1 ] EXPLICIT INTEGER, -- optional Start Time |
| 207 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds | 365 | * Timeout [ 2 ] EXPLICIT INTEGER, -- optional Timeout ins seconds |
| 208 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate | 366 | * Peer [ 3 ] EXPLICIT X509, -- optional Peer Certificate |
| 367 | * Session_ID_context [ 4 ] EXPLICIT OCTET_STRING, -- the Session ID context | ||
| 368 | * Verify_result [ 5 ] EXPLICIT INTEGER -- X509_V_... code for `Peer' | ||
| 369 | * Compression [6] IMPLICIT ASN1_OBJECT -- compression OID XXXXX | ||
| 209 | * } | 370 | * } |
| 210 | * Look in ssl/ssl_asn1.c for more details | 371 | * Look in ssl/ssl_asn1.c for more details |
| 211 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). | 372 | * I'm using EXPLICIT tags so I can read the damn things using asn1parse :-). |
| @@ -223,29 +384,43 @@ typedef struct ssl_session_st | |||
| 223 | /* session_id - valid? */ | 384 | /* session_id - valid? */ |
| 224 | unsigned int session_id_length; | 385 | unsigned int session_id_length; |
| 225 | unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; | 386 | unsigned char session_id[SSL_MAX_SSL_SESSION_ID_LENGTH]; |
| 387 | /* this is used to determine whether the session is being reused in | ||
| 388 | * the appropriate context. It is up to the application to set this, | ||
| 389 | * via SSL_new */ | ||
| 390 | unsigned int sid_ctx_length; | ||
| 391 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 392 | |||
| 393 | #ifndef OPENSSL_NO_KRB5 | ||
| 394 | unsigned int krb5_client_princ_len; | ||
| 395 | unsigned char krb5_client_princ[SSL_MAX_KRB5_PRINCIPAL_LENGTH]; | ||
| 396 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 226 | 397 | ||
| 227 | int not_resumable; | 398 | int not_resumable; |
| 228 | 399 | ||
| 229 | /* The cert is the certificate used to establish this connection */ | 400 | /* The cert is the certificate used to establish this connection */ |
| 230 | struct cert_st /* CERT */ *cert; | 401 | struct sess_cert_st /* SESS_CERT */ *sess_cert; |
| 231 | 402 | ||
| 232 | /* This is the cert for the other end. On servers, it will be | 403 | /* This is the cert for the other end. |
| 233 | * the same as cert->x509 */ | 404 | * On clients, it will be the same as sess_cert->peer_key->x509 |
| 405 | * (the latter is not enough as sess_cert is not retained | ||
| 406 | * in the external representation of sessions, see ssl_asn1.c). */ | ||
| 234 | X509 *peer; | 407 | X509 *peer; |
| 408 | /* when app_verify_callback accepts a session where the peer's certificate | ||
| 409 | * is not ok, we must remember the error for session reuse: */ | ||
| 410 | long verify_result; /* only for servers */ | ||
| 235 | 411 | ||
| 236 | int references; | 412 | int references; |
| 237 | long timeout; | 413 | long timeout; |
| 238 | long time; | 414 | long time; |
| 239 | 415 | ||
| 240 | SSL_COMPRESSION *read_compression; | 416 | int compress_meth; /* Need to lookup the method */ |
| 241 | SSL_COMPRESSION *write_compression; | ||
| 242 | 417 | ||
| 243 | SSL_CIPHER *cipher; | 418 | SSL_CIPHER *cipher; |
| 244 | unsigned long cipher_id; /* when ASN.1 loaded, this | 419 | unsigned long cipher_id; /* when ASN.1 loaded, this |
| 245 | * needs to be used to load | 420 | * needs to be used to load |
| 246 | * the 'cipher' structure */ | 421 | * the 'cipher' structure */ |
| 247 | 422 | ||
| 248 | STACK /* SSL_CIPHER */ *ciphers; /* shared ciphers? */ | 423 | STACK_OF(SSL_CIPHER) *ciphers; /* shared ciphers? */ |
| 249 | 424 | ||
| 250 | CRYPTO_EX_DATA ex_data; /* application specific data */ | 425 | CRYPTO_EX_DATA ex_data; /* application specific data */ |
| 251 | 426 | ||
| @@ -262,47 +437,126 @@ typedef struct ssl_session_st | |||
| 262 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L | 437 | #define SSL_OP_MSIE_SSLV2_RSA_PADDING 0x00000040L |
| 263 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L | 438 | #define SSL_OP_SSLEAY_080_CLIENT_DH_BUG 0x00000080L |
| 264 | #define SSL_OP_TLS_D5_BUG 0x00000100L | 439 | #define SSL_OP_TLS_D5_BUG 0x00000100L |
| 265 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L | 440 | #define SSL_OP_TLS_BLOCK_PADDING_BUG 0x00000200L |
| 266 | 441 | ||
| 267 | /* If set, only use tmp_dh parameters once */ | 442 | /* If set, always create a new key when using tmp_dh parameters */ |
| 268 | #define SSL_OP_SINGLE_DH_USE 0x00100000L | 443 | #define SSL_OP_SINGLE_DH_USE 0x00100000L |
| 269 | /* Set to also use the tmp_rsa key when doing RSA operations. */ | 444 | /* Set to always use the tmp_rsa key when doing RSA operations, |
| 445 | * even when this violates protocol specs */ | ||
| 270 | #define SSL_OP_EPHEMERAL_RSA 0x00200000L | 446 | #define SSL_OP_EPHEMERAL_RSA 0x00200000L |
| 271 | 447 | /* Set on servers to choose the cipher according to the server's | |
| 448 | * preferences */ | ||
| 449 | #define SSL_OP_CIPHER_SERVER_PREFERENCE 0x00400000L | ||
| 450 | /* If set, a server will allow a client to issue a SSLv3.0 version number | ||
| 451 | * as latest version supported in the premaster secret, even when TLSv1.0 | ||
| 452 | * (version 3.1) was announced in the client hello. Normally this is | ||
| 453 | * forbidden to prevent version rollback attacks. */ | ||
| 454 | #define SSL_OP_TLS_ROLLBACK_BUG 0x00800000L | ||
| 455 | /* As server, disallow session resumption on renegotiation */ | ||
| 456 | #define SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION 0x01000000L | ||
| 457 | |||
| 458 | /* The next flag deliberately changes the ciphertest, this is a check | ||
| 459 | * for the PKCS#1 attack */ | ||
| 460 | #define SSL_OP_PKCS1_CHECK_1 0x08000000L | ||
| 461 | #define SSL_OP_PKCS1_CHECK_2 0x10000000L | ||
| 272 | #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L | 462 | #define SSL_OP_NETSCAPE_CA_DN_BUG 0x20000000L |
| 273 | #define SSL_OP_NON_EXPORT_FIRST 0x40000000L | 463 | #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x40000000L |
| 274 | #define SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG 0x80000000L | ||
| 275 | #define SSL_OP_ALL 0x000FFFFFL | 464 | #define SSL_OP_ALL 0x000FFFFFL |
| 276 | 465 | ||
| 277 | #define SSL_CTX_set_options(ctx,op) ((ctx)->options|=(op)) | ||
| 278 | #define SSL_set_options(ssl,op) ((ssl)->options|=(op)) | ||
| 279 | |||
| 280 | #define SSL_OP_NO_SSLv2 0x01000000L | 466 | #define SSL_OP_NO_SSLv2 0x01000000L |
| 281 | #define SSL_OP_NO_SSLv3 0x02000000L | 467 | #define SSL_OP_NO_SSLv3 0x02000000L |
| 282 | #define SSL_OP_NO_TLSv1 0x04000000L | 468 | #define SSL_OP_NO_TLSv1 0x04000000L |
| 283 | 469 | ||
| 284 | /* Normally you will only use these if your application wants to use | 470 | /* Allow SSL_write(..., n) to return r with 0 < r < n (i.e. report success |
| 285 | * the certificate store in other places, perhaps PKCS7 */ | 471 | * when just a single record has been written): */ |
| 286 | #define SSL_CTX_get_cert_store(ctx) ((ctx)->cert_store) | 472 | #define SSL_MODE_ENABLE_PARTIAL_WRITE 0x00000001L |
| 287 | #define SSL_CTX_set_cert_store(ctx,cs) \ | 473 | /* Make it possible to retry SSL_write() with changed buffer location |
| 288 | (X509_STORE_free((ctx)->cert_store),(ctx)->cert_store=(cs)) | 474 | * (buffer contents must stay the same!); this is not the default to avoid |
| 289 | 475 | * the misconception that non-blocking SSL_write() behaves like | |
| 476 | * non-blocking write(): */ | ||
| 477 | #define SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER 0x00000002L | ||
| 478 | /* Never bother the application with retries if the transport | ||
| 479 | * is blocking: */ | ||
| 480 | #define SSL_MODE_AUTO_RETRY 0x00000004L | ||
| 481 | |||
| 482 | /* Note: SSL[_CTX]_set_{options,mode} use |= op on the previous value, | ||
| 483 | * they cannot be used to clear bits. */ | ||
| 484 | |||
| 485 | #define SSL_CTX_set_options(ctx,op) \ | ||
| 486 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,(op),NULL) | ||
| 487 | #define SSL_CTX_get_options(ctx) \ | ||
| 488 | SSL_CTX_ctrl((ctx),SSL_CTRL_OPTIONS,0,NULL) | ||
| 489 | #define SSL_set_options(ssl,op) \ | ||
| 490 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,(op),NULL) | ||
| 491 | #define SSL_get_options(ssl) \ | ||
| 492 | SSL_ctrl((ssl),SSL_CTRL_OPTIONS,0,NULL) | ||
| 493 | |||
| 494 | #define SSL_CTX_set_mode(ctx,op) \ | ||
| 495 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,(op),NULL) | ||
| 496 | #define SSL_CTX_get_mode(ctx) \ | ||
| 497 | SSL_CTX_ctrl((ctx),SSL_CTRL_MODE,0,NULL) | ||
| 498 | #define SSL_set_mode(ssl,op) \ | ||
| 499 | SSL_ctrl((ssl),SSL_CTRL_MODE,(op),NULL) | ||
| 500 | #define SSL_get_mode(ssl) \ | ||
| 501 | SSL_ctrl((ssl),SSL_CTRL_MODE,0,NULL) | ||
| 502 | |||
| 503 | |||
| 504 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
| 505 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)); | ||
| 506 | #define SSL_CTX_set_msg_callback_arg(ctx, arg) SSL_CTX_ctrl((ctx), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
| 507 | #define SSL_set_msg_callback_arg(ssl, arg) SSL_ctrl((ssl), SSL_CTRL_SET_MSG_CALLBACK_ARG, 0, (arg)) | ||
| 508 | |||
| 509 | |||
| 510 | |||
| 511 | #if defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32) | ||
| 512 | #define SSL_MAX_CERT_LIST_DEFAULT 1024*30 /* 30k max cert list :-) */ | ||
| 513 | #else | ||
| 514 | #define SSL_MAX_CERT_LIST_DEFAULT 1024*100 /* 100k max cert list :-) */ | ||
| 515 | #endif | ||
| 290 | 516 | ||
| 291 | #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) | 517 | #define SSL_SESSION_CACHE_MAX_SIZE_DEFAULT (1024*20) |
| 292 | 518 | ||
| 293 | typedef struct ssl_ctx_st | 519 | /* This callback type is used inside SSL_CTX, SSL, and in the functions that set |
| 520 | * them. It is used to override the generation of SSL/TLS session IDs in a | ||
| 521 | * server. Return value should be zero on an error, non-zero to proceed. Also, | ||
| 522 | * callbacks should themselves check if the id they generate is unique otherwise | ||
| 523 | * the SSL handshake will fail with an error - callbacks can do this using the | ||
| 524 | * 'ssl' value they're passed by; | ||
| 525 | * SSL_has_matching_session_id(ssl, id, *id_len) | ||
| 526 | * The length value passed in is set at the maximum size the session ID can be. | ||
| 527 | * In SSLv2 this is 16 bytes, whereas SSLv3/TLSv1 it is 32 bytes. The callback | ||
| 528 | * can alter this length to be less if desired, but under SSLv2 session IDs are | ||
| 529 | * supposed to be fixed at 16 bytes so the id will be padded after the callback | ||
| 530 | * returns in this case. It is also an error for the callback to set the size to | ||
| 531 | * zero. */ | ||
| 532 | typedef int (*GEN_SESSION_CB)(const SSL *ssl, unsigned char *id, | ||
| 533 | unsigned int *id_len); | ||
| 534 | |||
| 535 | typedef struct ssl_comp_st | ||
| 536 | { | ||
| 537 | int id; | ||
| 538 | char *name; | ||
| 539 | #ifndef OPENSSL_NO_COMP | ||
| 540 | COMP_METHOD *method; | ||
| 541 | #else | ||
| 542 | char *method; | ||
| 543 | #endif | ||
| 544 | } SSL_COMP; | ||
| 545 | |||
| 546 | DECLARE_STACK_OF(SSL_COMP) | ||
| 547 | |||
| 548 | struct ssl_ctx_st | ||
| 294 | { | 549 | { |
| 295 | SSL_METHOD *method; | 550 | SSL_METHOD *method; |
| 296 | unsigned long options; | ||
| 297 | 551 | ||
| 298 | STACK /* SSL_CIPHER */ *cipher_list; | 552 | STACK_OF(SSL_CIPHER) *cipher_list; |
| 299 | /* same as above but sorted for lookup */ | 553 | /* same as above but sorted for lookup */ |
| 300 | STACK /* SSL_CIPHER */ *cipher_list_by_id; | 554 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; |
| 301 | 555 | ||
| 302 | struct x509_store_st /* X509_STORE */ *cert_store; | 556 | struct x509_store_st /* X509_STORE */ *cert_store; |
| 303 | struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSION's */ | 557 | struct lhash_st /* LHASH */ *sessions; /* a set of SSL_SESSIONs */ |
| 304 | /* Most session-ids that will be cached, default is | 558 | /* Most session-ids that will be cached, default is |
| 305 | * SSL_SESSION_CACHE_SIZE_DEFAULT. 0 is unlimited. */ | 559 | * SSL_SESSION_CACHE_MAX_SIZE_DEFAULT. 0 is unlimited. */ |
| 306 | unsigned long session_cache_size; | 560 | unsigned long session_cache_size; |
| 307 | struct ssl_session_st *session_cache_head; | 561 | struct ssl_session_st *session_cache_head; |
| 308 | struct ssl_session_st *session_cache_tail; | 562 | struct ssl_session_st *session_cache_tail; |
| @@ -325,67 +579,95 @@ typedef struct ssl_ctx_st | |||
| 325 | * SSL_SESSION_free() when it has finished using it. Otherwise, | 579 | * SSL_SESSION_free() when it has finished using it. Otherwise, |
| 326 | * on 0, it means the callback has finished with it. | 580 | * on 0, it means the callback has finished with it. |
| 327 | * If remove_session_cb is not null, it will be called when | 581 | * If remove_session_cb is not null, it will be called when |
| 328 | * a session-id is removed from the cache. Again, a return | 582 | * a session-id is removed from the cache. After the call, |
| 329 | * of 0 mens that SSLeay should not SSL_SESSION_free() since | 583 | * OpenSSL will SSL_SESSION_free() it. */ |
| 330 | * the application is doing something with it. */ | ||
| 331 | #ifndef NOPROTO | ||
| 332 | int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); | 584 | int (*new_session_cb)(struct ssl_st *ssl,SSL_SESSION *sess); |
| 333 | void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); | 585 | void (*remove_session_cb)(struct ssl_ctx_st *ctx,SSL_SESSION *sess); |
| 334 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, | 586 | SSL_SESSION *(*get_session_cb)(struct ssl_st *ssl, |
| 335 | unsigned char *data,int len,int *copy); | 587 | unsigned char *data,int len,int *copy); |
| 336 | #else | ||
| 337 | int (*new_session_cb)(); | ||
| 338 | void (*remove_session_cb)(); | ||
| 339 | SSL_SESSION *(*get_session_cb)(); | ||
| 340 | #endif | ||
| 341 | 588 | ||
| 342 | int sess_connect; /* SSL new connection - started */ | 589 | struct |
| 343 | int sess_connect_renegotiate;/* SSL renegotiatene - requested */ | 590 | { |
| 344 | int sess_connect_good; /* SSL new connection/renegotiate - finished */ | 591 | int sess_connect; /* SSL new conn - started */ |
| 345 | int sess_accept; /* SSL new accept - started */ | 592 | int sess_connect_renegotiate;/* SSL reneg - requested */ |
| 346 | int sess_accept_renegotiate;/* SSL renegotiatene - requested */ | 593 | int sess_connect_good; /* SSL new conne/reneg - finished */ |
| 347 | int sess_accept_good; /* SSL accept/renegotiate - finished */ | 594 | int sess_accept; /* SSL new accept - started */ |
| 348 | int sess_miss; /* session lookup misses */ | 595 | int sess_accept_renegotiate;/* SSL reneg - requested */ |
| 349 | int sess_timeout; /* session reuse attempt on timeouted session */ | 596 | int sess_accept_good; /* SSL accept/reneg - finished */ |
| 350 | int sess_cache_full; /* session removed due to full cache */ | 597 | int sess_miss; /* session lookup misses */ |
| 351 | int sess_hit; /* session reuse actually done */ | 598 | int sess_timeout; /* reuse attempt on timeouted session */ |
| 352 | int sess_cb_hit; /* session-id that was not in the cache was | 599 | int sess_cache_full; /* session removed due to full cache */ |
| 353 | * passed back via the callback. This | 600 | int sess_hit; /* session reuse actually done */ |
| 354 | * indicates that the application is supplying | 601 | int sess_cb_hit; /* session-id that was not |
| 355 | * session-id's from other processes - | 602 | * in the cache was |
| 356 | * spooky :-) */ | 603 | * passed back via the callback. This |
| 604 | * indicates that the application is | ||
| 605 | * supplying session-id's from other | ||
| 606 | * processes - spooky :-) */ | ||
| 607 | } stats; | ||
| 357 | 608 | ||
| 358 | int references; | 609 | int references; |
| 359 | 610 | ||
| 360 | void (*info_callback)(); | ||
| 361 | |||
| 362 | /* if defined, these override the X509_verify_cert() calls */ | 611 | /* if defined, these override the X509_verify_cert() calls */ |
| 363 | int (*app_verify_callback)(); | 612 | int (*app_verify_callback)(X509_STORE_CTX *, void *); |
| 364 | char *app_verify_arg; | 613 | void *app_verify_arg; |
| 365 | 614 | /* before OpenSSL 0.9.7, 'app_verify_arg' was ignored | |
| 366 | /* default values to use in SSL structures */ | 615 | * ('app_verify_callback' was called with just one argument) */ |
| 367 | struct cert_st /* CERT */ *default_cert; | ||
| 368 | int default_read_ahead; | ||
| 369 | int default_verify_mode; | ||
| 370 | int (*default_verify_callback)(); | ||
| 371 | 616 | ||
| 372 | /* Default password callback. */ | 617 | /* Default password callback. */ |
| 373 | int (*default_passwd_callback)(); | 618 | pem_password_cb *default_passwd_callback; |
| 619 | |||
| 620 | /* Default password callback user data. */ | ||
| 621 | void *default_passwd_callback_userdata; | ||
| 374 | 622 | ||
| 375 | /* get client cert callback */ | 623 | /* get client cert callback */ |
| 376 | int (*client_cert_cb)(/* SSL *ssl, X509 **x509, EVP_PKEY **pkey */); | 624 | int (*client_cert_cb)(SSL *ssl, X509 **x509, EVP_PKEY **pkey); |
| 377 | 625 | ||
| 378 | /* what we put in client requests */ | 626 | CRYPTO_EX_DATA ex_data; |
| 379 | STACK *client_CA; | ||
| 380 | 627 | ||
| 381 | int quiet_shutdown; | 628 | const EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ |
| 629 | const EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | ||
| 630 | const EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | ||
| 382 | 631 | ||
| 383 | CRYPTO_EX_DATA ex_data; | 632 | STACK_OF(X509) *extra_certs; |
| 633 | STACK_OF(SSL_COMP) *comp_methods; /* stack of SSL_COMP, SSLv3/TLSv1 */ | ||
| 634 | |||
| 635 | |||
| 636 | /* Default values used when no per-SSL value is defined follow */ | ||
| 637 | |||
| 638 | void (*info_callback)(const SSL *ssl,int type,int val); /* used if SSL's info_callback is NULL */ | ||
| 639 | |||
| 640 | /* what we put in client cert requests */ | ||
| 641 | STACK_OF(X509_NAME) *client_CA; | ||
| 384 | 642 | ||
| 385 | EVP_MD *rsa_md5;/* For SSLv2 - name is 'ssl2-md5' */ | 643 | |
| 386 | EVP_MD *md5; /* For SSLv3/TLSv1 'ssl3-md5' */ | 644 | /* Default values to use in SSL structures follow (these are copied by SSL_new) */ |
| 387 | EVP_MD *sha1; /* For SSLv3/TLSv1 'ssl3->sha1' */ | 645 | |
| 388 | } SSL_CTX; | 646 | unsigned long options; |
| 647 | unsigned long mode; | ||
| 648 | long max_cert_list; | ||
| 649 | |||
| 650 | struct cert_st /* CERT */ *cert; | ||
| 651 | int read_ahead; | ||
| 652 | |||
| 653 | /* callback that allows applications to peek at protocol messages */ | ||
| 654 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | ||
| 655 | void *msg_callback_arg; | ||
| 656 | |||
| 657 | int verify_mode; | ||
| 658 | int verify_depth; | ||
| 659 | unsigned int sid_ctx_length; | ||
| 660 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 661 | int (*default_verify_callback)(int ok,X509_STORE_CTX *ctx); /* called 'verify_callback' in the SSL */ | ||
| 662 | |||
| 663 | /* Default generate session ID callback. */ | ||
| 664 | GEN_SESSION_CB generate_session_id; | ||
| 665 | |||
| 666 | int purpose; /* Purpose setting */ | ||
| 667 | int trust; /* Trust setting */ | ||
| 668 | |||
| 669 | int quiet_shutdown; | ||
| 670 | }; | ||
| 389 | 671 | ||
| 390 | #define SSL_SESS_CACHE_OFF 0x0000 | 672 | #define SSL_SESS_CACHE_OFF 0x0000 |
| 391 | #define SSL_SESS_CACHE_CLIENT 0x0001 | 673 | #define SSL_SESS_CACHE_CLIENT 0x0001 |
| @@ -397,23 +679,31 @@ typedef struct ssl_ctx_st | |||
| 397 | * defined, this will still get called. */ | 679 | * defined, this will still get called. */ |
| 398 | #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 | 680 | #define SSL_SESS_CACHE_NO_INTERNAL_LOOKUP 0x0100 |
| 399 | 681 | ||
| 400 | #define SSL_CTX_sessions(ctx) ((ctx)->sessions) | 682 | struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx); |
| 401 | /* You will need to include lhash.h to access the following #define */ | 683 | #define SSL_CTX_sess_number(ctx) \ |
| 402 | #define SSL_CTX_sess_number(ctx) ((ctx)->sessions->num_items) | 684 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_NUMBER,0,NULL) |
| 403 | #define SSL_CTX_sess_connect(ctx) ((ctx)->sess_connect) | 685 | #define SSL_CTX_sess_connect(ctx) \ |
| 404 | #define SSL_CTX_sess_connect_good(ctx) ((ctx)->sess_connect_good) | 686 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT,0,NULL) |
| 405 | #define SSL_CTX_sess_accept(ctx) ((ctx)->sess_accept) | 687 | #define SSL_CTX_sess_connect_good(ctx) \ |
| 406 | #define SSL_CTX_sess_accept_renegotiate(ctx) ((ctx)->sess_accept_renegotiate) | 688 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_GOOD,0,NULL) |
| 407 | #define SSL_CTX_sess_connect_renegotiate(ctx) ((ctx)->sess_connect_renegotiate) | 689 | #define SSL_CTX_sess_connect_renegotiate(ctx) \ |
| 408 | #define SSL_CTX_sess_accept_good(ctx) ((ctx)->sess_accept_good) | 690 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CONNECT_RENEGOTIATE,0,NULL) |
| 409 | #define SSL_CTX_sess_hits(ctx) ((ctx)->sess_hit) | 691 | #define SSL_CTX_sess_accept(ctx) \ |
| 410 | #define SSL_CTX_sess_cb_hits(ctx) ((ctx)->sess_cb_hit) | 692 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT,0,NULL) |
| 411 | #define SSL_CTX_sess_misses(ctx) ((ctx)->sess_miss) | 693 | #define SSL_CTX_sess_accept_renegotiate(ctx) \ |
| 412 | #define SSL_CTX_sess_timeouts(ctx) ((ctx)->sess_timeout) | 694 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_RENEGOTIATE,0,NULL) |
| 413 | #define SSL_CTX_sess_cache_full(ctx) ((ctx)->sess_cache_full) | 695 | #define SSL_CTX_sess_accept_good(ctx) \ |
| 414 | 696 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_ACCEPT_GOOD,0,NULL) | |
| 415 | #define SSL_CTX_sess_set_cache_size(ctx,t) ((ctx)->session_cache_size=(t)) | 697 | #define SSL_CTX_sess_hits(ctx) \ |
| 416 | #define SSL_CTX_sess_get_cache_size(ctx) ((ctx)->session_cache_size) | 698 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_HIT,0,NULL) |
| 699 | #define SSL_CTX_sess_cb_hits(ctx) \ | ||
| 700 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CB_HIT,0,NULL) | ||
| 701 | #define SSL_CTX_sess_misses(ctx) \ | ||
| 702 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_MISSES,0,NULL) | ||
| 703 | #define SSL_CTX_sess_timeouts(ctx) \ | ||
| 704 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_TIMEOUTS,0,NULL) | ||
| 705 | #define SSL_CTX_sess_cache_full(ctx) \ | ||
| 706 | SSL_CTX_ctrl(ctx,SSL_CTRL_SESS_CACHE_FULL,0,NULL) | ||
| 417 | 707 | ||
| 418 | #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) | 708 | #define SSL_CTX_sess_set_new_cb(ctx,cb) ((ctx)->new_session_cb=(cb)) |
| 419 | #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) | 709 | #define SSL_CTX_sess_get_new_cb(ctx) ((ctx)->new_session_cb) |
| @@ -421,15 +711,8 @@ typedef struct ssl_ctx_st | |||
| 421 | #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) | 711 | #define SSL_CTX_sess_get_remove_cb(ctx) ((ctx)->remove_session_cb) |
| 422 | #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) | 712 | #define SSL_CTX_sess_set_get_cb(ctx,cb) ((ctx)->get_session_cb=(cb)) |
| 423 | #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) | 713 | #define SSL_CTX_sess_get_get_cb(ctx) ((ctx)->get_session_cb) |
| 424 | #define SSL_CTX_set_session_cache_mode(ctx,m) ((ctx)->session_cache_mode=(m)) | ||
| 425 | #define SSL_CTX_get_session_cache_mode(ctx) ((ctx)->session_cache_mode) | ||
| 426 | #define SSL_CTX_set_timeout(ctx,t) ((ctx)->session_timeout=(t)) | ||
| 427 | #define SSL_CTX_get_timeout(ctx) ((ctx)->session_timeout) | ||
| 428 | |||
| 429 | #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) | 714 | #define SSL_CTX_set_info_callback(ctx,cb) ((ctx)->info_callback=(cb)) |
| 430 | #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) | 715 | #define SSL_CTX_get_info_callback(ctx) ((ctx)->info_callback) |
| 431 | #define SSL_CTX_set_default_read_ahead(ctx,m) (((ctx)->default_read_ahead)=(m)) | ||
| 432 | |||
| 433 | #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) | 716 | #define SSL_CTX_set_client_cert_cb(ctx,cb) ((ctx)->client_cert_cb=(cb)) |
| 434 | #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) | 717 | #define SSL_CTX_get_client_cert_cb(ctx) ((ctx)->client_cert_cb) |
| 435 | 718 | ||
| @@ -439,18 +722,16 @@ typedef struct ssl_ctx_st | |||
| 439 | #define SSL_X509_LOOKUP 4 | 722 | #define SSL_X509_LOOKUP 4 |
| 440 | 723 | ||
| 441 | /* These will only be used when doing non-blocking IO */ | 724 | /* These will only be used when doing non-blocking IO */ |
| 442 | #define SSL_want(s) ((s)->rwstate) | 725 | #define SSL_want_nothing(s) (SSL_want(s) == SSL_NOTHING) |
| 443 | #define SSL_want_nothing(s) ((s)->rwstate == SSL_NOTHING) | 726 | #define SSL_want_read(s) (SSL_want(s) == SSL_READING) |
| 444 | #define SSL_want_read(s) ((s)->rwstate == SSL_READING) | 727 | #define SSL_want_write(s) (SSL_want(s) == SSL_WRITING) |
| 445 | #define SSL_want_write(s) ((s)->rwstate == SSL_WRITING) | 728 | #define SSL_want_x509_lookup(s) (SSL_want(s) == SSL_X509_LOOKUP) |
| 446 | #define SSL_want_x509_lookup(s) ((s)->rwstate == SSL_X509_LOOKUP) | ||
| 447 | 729 | ||
| 448 | typedef struct ssl_st | 730 | struct ssl_st |
| 449 | { | 731 | { |
| 450 | /* procol version | 732 | /* protocol version |
| 451 | * 2 for SSLv2 | 733 | * (one of SSL2_VERSION, SSL3_VERSION, TLS1_VERSION) |
| 452 | * 3 for SSLv3 | 734 | */ |
| 453 | * -3 for SSLv3 but accept SSLv2 */ | ||
| 454 | int version; | 735 | int version; |
| 455 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ | 736 | int type; /* SSL_ST_CONNECT or SSL_ST_ACCEPT */ |
| 456 | 737 | ||
| @@ -460,10 +741,10 @@ typedef struct ssl_st | |||
| 460 | * same. This is so data can be read and written to different | 741 | * same. This is so data can be read and written to different |
| 461 | * handlers */ | 742 | * handlers */ |
| 462 | 743 | ||
| 463 | #ifdef HEADER_BIO_H | 744 | #ifndef OPENSSL_NO_BIO |
| 464 | BIO *rbio; /* used by SSL_read */ | 745 | BIO *rbio; /* used by SSL_read */ |
| 465 | BIO *wbio; /* used by SSL_write */ | 746 | BIO *wbio; /* used by SSL_write */ |
| 466 | BIO *bbio; /* used during session-id reuse to concatinate | 747 | BIO *bbio; /* used during session-id reuse to concatenate |
| 467 | * messages */ | 748 | * messages */ |
| 468 | #else | 749 | #else |
| 469 | char *rbio; /* used by SSL_read */ | 750 | char *rbio; /* used by SSL_read */ |
| @@ -480,9 +761,22 @@ typedef struct ssl_st | |||
| 480 | int in_handshake; | 761 | int in_handshake; |
| 481 | int (*handshake_func)(); | 762 | int (*handshake_func)(); |
| 482 | 763 | ||
| 483 | /* int server;*/ /* are we the server side? */ | 764 | /* Imagine that here's a boolean member "init" that is |
| 484 | 765 | * switched as soon as SSL_set_{accept/connect}_state | |
| 485 | int new_session;/* 1 if we are to use a new session */ | 766 | * is called for the first time, so that "state" and |
| 767 | * "handshake_func" are properly initialized. But as | ||
| 768 | * handshake_func is == 0 until then, we use this | ||
| 769 | * test instead of an "init" member. | ||
| 770 | */ | ||
| 771 | |||
| 772 | int server; /* are we the server side? - mostly used by SSL_clear*/ | ||
| 773 | |||
| 774 | int new_session;/* 1 if we are to use a new session. | ||
| 775 | * 2 if we are a server and are inside a handshake | ||
| 776 | * (i.e. not just sending a HelloRequest) | ||
| 777 | * NB: For servers, the 'new' session may actually be a previously | ||
| 778 | * cached session or even the previous session unless | ||
| 779 | * SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION is set */ | ||
| 486 | int quiet_shutdown;/* don't send shutdown packets */ | 780 | int quiet_shutdown;/* don't send shutdown packets */ |
| 487 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 | 781 | int shutdown; /* we have shut things down, 0x01 sent, 0x02 |
| 488 | * for received */ | 782 | * for received */ |
| @@ -490,6 +784,7 @@ typedef struct ssl_st | |||
| 490 | int rstate; /* where we are when reading */ | 784 | int rstate; /* where we are when reading */ |
| 491 | 785 | ||
| 492 | BUF_MEM *init_buf; /* buffer used during init */ | 786 | BUF_MEM *init_buf; /* buffer used during init */ |
| 787 | void *init_msg; /* pointer to handshake message body, set by ssl3_get_message() */ | ||
| 493 | int init_num; /* amount read/written */ | 788 | int init_num; /* amount read/written */ |
| 494 | int init_off; /* amount read/written */ | 789 | int init_off; /* amount read/written */ |
| 495 | 790 | ||
| @@ -497,26 +792,43 @@ typedef struct ssl_st | |||
| 497 | unsigned char *packet; | 792 | unsigned char *packet; |
| 498 | unsigned int packet_length; | 793 | unsigned int packet_length; |
| 499 | 794 | ||
| 500 | struct ssl2_ctx_st *s2; /* SSLv2 variables */ | 795 | struct ssl2_state_st *s2; /* SSLv2 variables */ |
| 501 | struct ssl3_ctx_st *s3; /* SSLv3 variables */ | 796 | struct ssl3_state_st *s3; /* SSLv3 variables */ |
| 797 | |||
| 798 | int read_ahead; /* Read as many input bytes as possible | ||
| 799 | * (for non-blocking reads) */ | ||
| 800 | |||
| 801 | /* callback that allows applications to peek at protocol messages */ | ||
| 802 | void (*msg_callback)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg); | ||
| 803 | void *msg_callback_arg; | ||
| 502 | 804 | ||
| 503 | int read_ahead; /* Read as many input bytes as possible */ | ||
| 504 | int hit; /* reusing a previous session */ | 805 | int hit; /* reusing a previous session */ |
| 505 | 806 | ||
| 807 | int purpose; /* Purpose setting */ | ||
| 808 | int trust; /* Trust setting */ | ||
| 809 | |||
| 506 | /* crypto */ | 810 | /* crypto */ |
| 507 | STACK /* SSL_CIPHER */ *cipher_list; | 811 | STACK_OF(SSL_CIPHER) *cipher_list; |
| 508 | STACK /* SSL_CIPHER */ *cipher_list_by_id; | 812 | STACK_OF(SSL_CIPHER) *cipher_list_by_id; |
| 509 | 813 | ||
| 510 | /* These are the ones being used, the ones is SSL_SESSION are | 814 | /* These are the ones being used, the ones in SSL_SESSION are |
| 511 | * the ones to be 'copied' into these ones */ | 815 | * the ones to be 'copied' into these ones */ |
| 512 | 816 | ||
| 513 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ | 817 | EVP_CIPHER_CTX *enc_read_ctx; /* cryptographic state */ |
| 514 | EVP_MD *read_hash; /* used for mac generation */ | 818 | const EVP_MD *read_hash; /* used for mac generation */ |
| 515 | SSL_COMPRESSION *read_compression; /* compression */ | 819 | #ifndef OPENSSL_NO_COMP |
| 820 | COMP_CTX *expand; /* uncompress */ | ||
| 821 | #else | ||
| 822 | char *expand; | ||
| 823 | #endif | ||
| 516 | 824 | ||
| 517 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ | 825 | EVP_CIPHER_CTX *enc_write_ctx; /* cryptographic state */ |
| 518 | EVP_MD *write_hash; /* used for mac generation */ | 826 | const EVP_MD *write_hash; /* used for mac generation */ |
| 519 | SSL_COMPRESSION *write_compression; /* compression */ | 827 | #ifndef OPENSSL_NO_COMP |
| 828 | COMP_CTX *compress; /* compression */ | ||
| 829 | #else | ||
| 830 | char *compress; | ||
| 831 | #endif | ||
| 520 | 832 | ||
| 521 | /* session info */ | 833 | /* session info */ |
| 522 | 834 | ||
| @@ -524,18 +836,32 @@ typedef struct ssl_st | |||
| 524 | /* This is used to hold the server certificate used */ | 836 | /* This is used to hold the server certificate used */ |
| 525 | struct cert_st /* CERT */ *cert; | 837 | struct cert_st /* CERT */ *cert; |
| 526 | 838 | ||
| 839 | /* the session_id_context is used to ensure sessions are only reused | ||
| 840 | * in the appropriate context */ | ||
| 841 | unsigned int sid_ctx_length; | ||
| 842 | unsigned char sid_ctx[SSL_MAX_SID_CTX_LENGTH]; | ||
| 843 | |||
| 527 | /* This can also be in the session once a session is established */ | 844 | /* This can also be in the session once a session is established */ |
| 528 | SSL_SESSION *session; | 845 | SSL_SESSION *session; |
| 529 | 846 | ||
| 847 | /* Default generate session ID callback. */ | ||
| 848 | GEN_SESSION_CB generate_session_id; | ||
| 849 | |||
| 530 | /* Used in SSL2 and SSL3 */ | 850 | /* Used in SSL2 and SSL3 */ |
| 531 | int verify_mode; /* 0 don't care about verify failure. | 851 | int verify_mode; /* 0 don't care about verify failure. |
| 532 | * 1 fail if verify fails */ | 852 | * 1 fail if verify fails */ |
| 533 | int (*verify_callback)(); /* fail if callback returns 0 */ | 853 | int verify_depth; |
| 534 | void (*info_callback)(); /* optional informational callback */ | 854 | int (*verify_callback)(int ok,X509_STORE_CTX *ctx); /* fail if callback returns 0 */ |
| 855 | |||
| 856 | void (*info_callback)(const SSL *ssl,int type,int val); /* optional informational callback */ | ||
| 535 | 857 | ||
| 536 | int error; /* error bytes to be written */ | 858 | int error; /* error bytes to be written */ |
| 537 | int error_code; /* actual code */ | 859 | int error_code; /* actual code */ |
| 538 | 860 | ||
| 861 | #ifndef OPENSSL_NO_KRB5 | ||
| 862 | KSSL_CTX *kssl_ctx; /* Kerberos 5 context */ | ||
| 863 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 864 | |||
| 539 | SSL_CTX *ctx; | 865 | SSL_CTX *ctx; |
| 540 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() | 866 | /* set this flag to 1 and a sleep(1) is put into all SSL_read() |
| 541 | * and SSL_write() calls, good for nbio debuging :-) */ | 867 | * and SSL_write() calls, good for nbio debuging :-) */ |
| @@ -546,19 +872,31 @@ typedef struct ssl_st | |||
| 546 | CRYPTO_EX_DATA ex_data; | 872 | CRYPTO_EX_DATA ex_data; |
| 547 | 873 | ||
| 548 | /* for server side, keep the list of CA_dn we can use */ | 874 | /* for server side, keep the list of CA_dn we can use */ |
| 549 | STACK /* X509_NAME */ *client_CA; | 875 | STACK_OF(X509_NAME) *client_CA; |
| 550 | 876 | ||
| 551 | int references; | 877 | int references; |
| 552 | unsigned long options; | 878 | unsigned long options; /* protocol behaviour */ |
| 879 | unsigned long mode; /* API behaviour */ | ||
| 880 | long max_cert_list; | ||
| 553 | int first_packet; | 881 | int first_packet; |
| 554 | } SSL; | 882 | int client_version; /* what was passed, used for |
| 883 | * SSLv3/TLS rollback check */ | ||
| 884 | }; | ||
| 555 | 885 | ||
| 556 | #include "ssl2.h" | 886 | #ifdef __cplusplus |
| 557 | #include "ssl3.h" | 887 | } |
| 558 | #include "tls1.h" /* This is mostly sslv3 with a few tweaks */ | 888 | #endif |
| 559 | #include "ssl23.h" | ||
| 560 | 889 | ||
| 561 | /* compatablity */ | 890 | #include <openssl/ssl2.h> |
| 891 | #include <openssl/ssl3.h> | ||
| 892 | #include <openssl/tls1.h> /* This is mostly sslv3 with a few tweaks */ | ||
| 893 | #include <openssl/ssl23.h> | ||
| 894 | |||
| 895 | #ifdef __cplusplus | ||
| 896 | extern "C" { | ||
| 897 | #endif | ||
| 898 | |||
| 899 | /* compatibility */ | ||
| 562 | #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) | 900 | #define SSL_set_app_data(s,arg) (SSL_set_ex_data(s,0,(char *)arg)) |
| 563 | #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) | 901 | #define SSL_get_app_data(s) (SSL_get_ex_data(s,0)) |
| 564 | #define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) | 902 | #define SSL_SESSION_set_app_data(s,a) (SSL_SESSION_set_ex_data(s,0,(char *)a)) |
| @@ -567,7 +905,7 @@ typedef struct ssl_st | |||
| 567 | #define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) | 905 | #define SSL_CTX_set_app_data(ctx,arg) (SSL_CTX_set_ex_data(ctx,0,(char *)arg)) |
| 568 | 906 | ||
| 569 | /* The following are the possible values for ssl->state are are | 907 | /* The following are the possible values for ssl->state are are |
| 570 | * used to indicate where we are upto in the SSL connection establishment. | 908 | * used to indicate where we are up to in the SSL connection establishment. |
| 571 | * The macros that follow are about the only things you should need to use | 909 | * The macros that follow are about the only things you should need to use |
| 572 | * and even then, only when using non-blocking IO. | 910 | * and even then, only when using non-blocking IO. |
| 573 | * It can also be useful to work out where you were when the connection | 911 | * It can also be useful to work out where you were when the connection |
| @@ -609,6 +947,13 @@ typedef struct ssl_st | |||
| 609 | #define SSL_ST_READ_BODY 0xF1 | 947 | #define SSL_ST_READ_BODY 0xF1 |
| 610 | #define SSL_ST_READ_DONE 0xF2 | 948 | #define SSL_ST_READ_DONE 0xF2 |
| 611 | 949 | ||
| 950 | /* Obtain latest Finished message | ||
| 951 | * -- that we sent (SSL_get_finished) | ||
| 952 | * -- that we expected from peer (SSL_get_peer_finished). | ||
| 953 | * Returns length (0 == no Finished so far), copies up to 'count' bytes. */ | ||
| 954 | size_t SSL_get_finished(SSL *s, void *buf, size_t count); | ||
| 955 | size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count); | ||
| 956 | |||
| 612 | /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options | 957 | /* use either SSL_VERIFY_NONE or SSL_VERIFY_PEER, the last 2 options |
| 613 | * are 'ored' with SSL_VERIFY_PEER if they are desired */ | 958 | * are 'ored' with SSL_VERIFY_PEER if they are desired */ |
| 614 | #define SSL_VERIFY_NONE 0x00 | 959 | #define SSL_VERIFY_NONE 0x00 |
| @@ -616,7 +961,10 @@ typedef struct ssl_st | |||
| 616 | #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 | 961 | #define SSL_VERIFY_FAIL_IF_NO_PEER_CERT 0x02 |
| 617 | #define SSL_VERIFY_CLIENT_ONCE 0x04 | 962 | #define SSL_VERIFY_CLIENT_ONCE 0x04 |
| 618 | 963 | ||
| 619 | /* this is for backward compatablility */ | 964 | #define OpenSSL_add_ssl_algorithms() SSL_library_init() |
| 965 | #define SSLeay_add_ssl_algorithms() SSL_library_init() | ||
| 966 | |||
| 967 | /* this is for backward compatibility */ | ||
| 620 | #if 0 /* NEW_SSLEAY */ | 968 | #if 0 /* NEW_SSLEAY */ |
| 621 | #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) | 969 | #define SSL_CTX_set_default_verify(a,b,c) SSL_CTX_set_verify(a,b,c) |
| 622 | #define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) | 970 | #define SSL_set_pref_cipher(c,n) SSL_set_cipher_list(c,n) |
| @@ -624,7 +972,7 @@ typedef struct ssl_st | |||
| 624 | #define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) | 972 | #define SSL_remove_session(a,b) SSL_CTX_remove_session((a),(b)) |
| 625 | #define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) | 973 | #define SSL_flush_sessions(a,b) SSL_CTX_flush_sessions((a),(b)) |
| 626 | #endif | 974 | #endif |
| 627 | /* More backward compatablity */ | 975 | /* More backward compatibility */ |
| 628 | #define SSL_get_cipher(s) \ | 976 | #define SSL_get_cipher(s) \ |
| 629 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) | 977 | SSL_CIPHER_get_name(SSL_get_current_cipher(s)) |
| 630 | #define SSL_get_cipher_bits(s,np) \ | 978 | #define SSL_get_cipher_bits(s,np) \ |
| @@ -638,28 +986,25 @@ typedef struct ssl_st | |||
| 638 | #define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) | 986 | #define SSL_get_timeout(a) SSL_SESSION_get_timeout(a) |
| 639 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) | 987 | #define SSL_set_timeout(a,b) SSL_SESSION_set_timeout((a),(b)) |
| 640 | 988 | ||
| 641 | /* VMS linker has a 31 char name limit */ | ||
| 642 | #define SSL_CTX_set_cert_verify_callback(a,b,c) \ | ||
| 643 | SSL_CTX_set_cert_verify_cb((a),(b),(c)) | ||
| 644 | |||
| 645 | #if 1 /*SSLEAY_MACROS*/ | 989 | #if 1 /*SSLEAY_MACROS*/ |
| 646 | #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \ | 990 | #define d2i_SSL_SESSION_bio(bp,s_id) (SSL_SESSION *)ASN1_d2i_bio( \ |
| 647 | (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \ | 991 | (char *(*)())SSL_SESSION_new,(char *(*)())d2i_SSL_SESSION, \ |
| 648 | (bp),(unsigned char **)(s_id)) | 992 | (bp),(unsigned char **)(s_id)) |
| 649 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ | 993 | #define i2d_SSL_SESSION_bio(bp,s_id) ASN1_i2d_bio(i2d_SSL_SESSION, \ |
| 650 | bp,(unsigned char *)s_id) | 994 | bp,(unsigned char *)s_id) |
| 651 | #define PEM_read_SSL_SESSION(fp,x,cb) (SSL_SESSION *)PEM_ASN1_read( \ | 995 | #define PEM_read_SSL_SESSION(fp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read( \ |
| 652 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb) | 996 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,fp,(char **)x,cb,u) |
| 653 | #define PEM_read_bio_SSL_SESSION(bp,x,cb) (SSL_SESSION *)PEM_ASN1_read_bio( \ | 997 | #define PEM_read_bio_SSL_SESSION(bp,x,cb,u) (SSL_SESSION *)PEM_ASN1_read_bio( \ |
| 654 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb) | 998 | (char *(*)())d2i_SSL_SESSION,PEM_STRING_SSL_SESSION,bp,(char **)x,cb,u) |
| 655 | #define PEM_write_SSL_SESSION(fp,x) \ | 999 | #define PEM_write_SSL_SESSION(fp,x) \ |
| 656 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ | 1000 | PEM_ASN1_write((int (*)())i2d_SSL_SESSION, \ |
| 657 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL) | 1001 | PEM_STRING_SSL_SESSION,fp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 658 | #define PEM_write_bio_SSL_SESSION(bp,x) \ | 1002 | #define PEM_write_bio_SSL_SESSION(bp,x) \ |
| 659 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ | 1003 | PEM_ASN1_write_bio((int (*)())i2d_SSL_SESSION, \ |
| 660 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL) | 1004 | PEM_STRING_SSL_SESSION,bp, (char *)x, NULL,NULL,0,NULL,NULL) |
| 661 | #endif | 1005 | #endif |
| 662 | 1006 | ||
| 1007 | #define SSL_AD_REASON_OFFSET 1000 | ||
| 663 | /* These alert types are for SSLv3 and TLSv1 */ | 1008 | /* These alert types are for SSLv3 and TLSv1 */ |
| 664 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY | 1009 | #define SSL_AD_CLOSE_NOTIFY SSL3_AD_CLOSE_NOTIFY |
| 665 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ | 1010 | #define SSL_AD_UNEXPECTED_MESSAGE SSL3_AD_UNEXPECTED_MESSAGE /* fatal */ |
| @@ -679,11 +1024,11 @@ typedef struct ssl_st | |||
| 679 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ | 1024 | #define SSL_AD_ACCESS_DENIED TLS1_AD_ACCESS_DENIED /* fatal */ |
| 680 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ | 1025 | #define SSL_AD_DECODE_ERROR TLS1_AD_DECODE_ERROR /* fatal */ |
| 681 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR | 1026 | #define SSL_AD_DECRYPT_ERROR TLS1_AD_DECRYPT_ERROR |
| 682 | #define SSL_AD_EXPORT_RESTRICION TLS1_AD_EXPORT_RESTRICION/* fatal */ | 1027 | #define SSL_AD_EXPORT_RESTRICTION TLS1_AD_EXPORT_RESTRICTION/* fatal */ |
| 683 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ | 1028 | #define SSL_AD_PROTOCOL_VERSION TLS1_AD_PROTOCOL_VERSION /* fatal */ |
| 684 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ | 1029 | #define SSL_AD_INSUFFICIENT_SECURITY TLS1_AD_INSUFFICIENT_SECURITY/* fatal */ |
| 685 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ | 1030 | #define SSL_AD_INTERNAL_ERROR TLS1_AD_INTERNAL_ERROR /* fatal */ |
| 686 | #define SSL_AD_USER_CANCLED TLS1_AD_USER_CANCLED | 1031 | #define SSL_AD_USER_CANCELLED TLS1_AD_USER_CANCELLED |
| 687 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION | 1032 | #define SSL_AD_NO_RENEGOTIATION TLS1_AD_NO_RENEGOTIATION |
| 688 | 1033 | ||
| 689 | #define SSL_ERROR_NONE 0 | 1034 | #define SSL_ERROR_NONE 0 |
| @@ -691,21 +1036,53 @@ typedef struct ssl_st | |||
| 691 | #define SSL_ERROR_WANT_READ 2 | 1036 | #define SSL_ERROR_WANT_READ 2 |
| 692 | #define SSL_ERROR_WANT_WRITE 3 | 1037 | #define SSL_ERROR_WANT_WRITE 3 |
| 693 | #define SSL_ERROR_WANT_X509_LOOKUP 4 | 1038 | #define SSL_ERROR_WANT_X509_LOOKUP 4 |
| 694 | #define SSL_ERROR_SYSCALL 5 /* look at errno */ | 1039 | #define SSL_ERROR_SYSCALL 5 /* look at error stack/return value/errno */ |
| 695 | #define SSL_ERROR_ZERO_RETURN 6 | 1040 | #define SSL_ERROR_ZERO_RETURN 6 |
| 696 | #define SSL_ERROR_WANT_CONNECT 7 | 1041 | #define SSL_ERROR_WANT_CONNECT 7 |
| 1042 | #define SSL_ERROR_WANT_ACCEPT 8 | ||
| 697 | 1043 | ||
| 698 | #define SSL_CTRL_NEED_TMP_RSA 1 | 1044 | #define SSL_CTRL_NEED_TMP_RSA 1 |
| 699 | #define SSL_CTRL_SET_TMP_RSA 2 | 1045 | #define SSL_CTRL_SET_TMP_RSA 2 |
| 700 | #define SSL_CTRL_SET_TMP_DH 3 | 1046 | #define SSL_CTRL_SET_TMP_DH 3 |
| 701 | #define SSL_CTRL_SET_TMP_RSA_CB 4 | 1047 | #define SSL_CTRL_SET_TMP_RSA_CB 4 |
| 702 | #define SSL_CTRL_SET_TMP_DH_CB 5 | 1048 | #define SSL_CTRL_SET_TMP_DH_CB 5 |
| 703 | /* Add these ones */ | 1049 | |
| 704 | #define SSL_CTRL_GET_SESSION_REUSED 6 | 1050 | #define SSL_CTRL_GET_SESSION_REUSED 6 |
| 705 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7 | 1051 | #define SSL_CTRL_GET_CLIENT_CERT_REQUEST 7 |
| 706 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8 | 1052 | #define SSL_CTRL_GET_NUM_RENEGOTIATIONS 8 |
| 707 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9 | 1053 | #define SSL_CTRL_CLEAR_NUM_RENEGOTIATIONS 9 |
| 708 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10 | 1054 | #define SSL_CTRL_GET_TOTAL_RENEGOTIATIONS 10 |
| 1055 | #define SSL_CTRL_GET_FLAGS 11 | ||
| 1056 | #define SSL_CTRL_EXTRA_CHAIN_CERT 12 | ||
| 1057 | |||
| 1058 | #define SSL_CTRL_SET_MSG_CALLBACK 13 | ||
| 1059 | #define SSL_CTRL_SET_MSG_CALLBACK_ARG 14 | ||
| 1060 | |||
| 1061 | /* Stats */ | ||
| 1062 | #define SSL_CTRL_SESS_NUMBER 20 | ||
| 1063 | #define SSL_CTRL_SESS_CONNECT 21 | ||
| 1064 | #define SSL_CTRL_SESS_CONNECT_GOOD 22 | ||
| 1065 | #define SSL_CTRL_SESS_CONNECT_RENEGOTIATE 23 | ||
| 1066 | #define SSL_CTRL_SESS_ACCEPT 24 | ||
| 1067 | #define SSL_CTRL_SESS_ACCEPT_GOOD 25 | ||
| 1068 | #define SSL_CTRL_SESS_ACCEPT_RENEGOTIATE 26 | ||
| 1069 | #define SSL_CTRL_SESS_HIT 27 | ||
| 1070 | #define SSL_CTRL_SESS_CB_HIT 28 | ||
| 1071 | #define SSL_CTRL_SESS_MISSES 29 | ||
| 1072 | #define SSL_CTRL_SESS_TIMEOUTS 30 | ||
| 1073 | #define SSL_CTRL_SESS_CACHE_FULL 31 | ||
| 1074 | #define SSL_CTRL_OPTIONS 32 | ||
| 1075 | #define SSL_CTRL_MODE 33 | ||
| 1076 | |||
| 1077 | #define SSL_CTRL_GET_READ_AHEAD 40 | ||
| 1078 | #define SSL_CTRL_SET_READ_AHEAD 41 | ||
| 1079 | #define SSL_CTRL_SET_SESS_CACHE_SIZE 42 | ||
| 1080 | #define SSL_CTRL_GET_SESS_CACHE_SIZE 43 | ||
| 1081 | #define SSL_CTRL_SET_SESS_CACHE_MODE 44 | ||
| 1082 | #define SSL_CTRL_GET_SESS_CACHE_MODE 45 | ||
| 1083 | |||
| 1084 | #define SSL_CTRL_GET_MAX_CERT_LIST 50 | ||
| 1085 | #define SSL_CTRL_SET_MAX_CERT_LIST 51 | ||
| 709 | 1086 | ||
| 710 | #define SSL_session_reused(ssl) \ | 1087 | #define SSL_session_reused(ssl) \ |
| 711 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) | 1088 | SSL_ctrl((ssl),SSL_CTRL_GET_SESSION_REUSED,0,NULL) |
| @@ -723,18 +1100,17 @@ typedef struct ssl_st | |||
| 723 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ | 1100 | #define SSL_CTX_set_tmp_dh(ctx,dh) \ |
| 724 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) | 1101 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 725 | 1102 | ||
| 726 | /* For the next 2, the callbacks are | 1103 | #define SSL_need_tmp_RSA(ssl) \ |
| 727 | * RSA *tmp_rsa_cb(int export) | 1104 | SSL_ctrl(ssl,SSL_CTRL_NEED_TMP_RSA,0,NULL) |
| 728 | * DH *tmp_dh_cb(int export) | 1105 | #define SSL_set_tmp_rsa(ssl,rsa) \ |
| 729 | */ | 1106 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_RSA,0,(char *)rsa) |
| 730 | #define SSL_CTX_set_tmp_rsa_callback(ctx,cb) \ | 1107 | #define SSL_set_tmp_dh(ssl,dh) \ |
| 731 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,0,(char *)cb) | 1108 | SSL_ctrl(ssl,SSL_CTRL_SET_TMP_DH,0,(char *)dh) |
| 732 | #define SSL_CTX_set_tmp_dh_callback(ctx,dh) \ | ||
| 733 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,0,(char *)dh) | ||
| 734 | 1109 | ||
| 735 | #ifndef NOPROTO | 1110 | #define SSL_CTX_add_extra_chain_cert(ctx,x509) \ |
| 1111 | SSL_CTX_ctrl(ctx,SSL_CTRL_EXTRA_CHAIN_CERT,0,(char *)x509) | ||
| 736 | 1112 | ||
| 737 | #ifdef HEADER_BIO_H | 1113 | #ifndef OPENSSL_NO_BIO |
| 738 | BIO_METHOD *BIO_f_ssl(void); | 1114 | BIO_METHOD *BIO_f_ssl(void); |
| 739 | BIO *BIO_new_ssl(SSL_CTX *ctx,int client); | 1115 | BIO *BIO_new_ssl(SSL_CTX *ctx,int client); |
| 740 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); | 1116 | BIO *BIO_new_ssl_connect(SSL_CTX *ctx); |
| @@ -744,60 +1120,84 @@ void BIO_ssl_shutdown(BIO *ssl_bio); | |||
| 744 | 1120 | ||
| 745 | #endif | 1121 | #endif |
| 746 | 1122 | ||
| 747 | int SSL_CTX_set_cipher_list(SSL_CTX *,char *str); | 1123 | int SSL_CTX_set_cipher_list(SSL_CTX *,const char *str); |
| 748 | SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); | 1124 | SSL_CTX *SSL_CTX_new(SSL_METHOD *meth); |
| 749 | void SSL_CTX_free(SSL_CTX *); | 1125 | void SSL_CTX_free(SSL_CTX *); |
| 750 | void SSL_clear(SSL *s); | 1126 | long SSL_CTX_set_timeout(SSL_CTX *ctx,long t); |
| 1127 | long SSL_CTX_get_timeout(SSL_CTX *ctx); | ||
| 1128 | X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *); | ||
| 1129 | void SSL_CTX_set_cert_store(SSL_CTX *,X509_STORE *); | ||
| 1130 | int SSL_want(SSL *s); | ||
| 1131 | int SSL_clear(SSL *s); | ||
| 1132 | |||
| 751 | void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); | 1133 | void SSL_CTX_flush_sessions(SSL_CTX *ctx,long tm); |
| 752 | 1134 | ||
| 753 | SSL_CIPHER *SSL_get_current_cipher(SSL *s); | 1135 | SSL_CIPHER *SSL_get_current_cipher(SSL *s); |
| 754 | int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); | 1136 | int SSL_CIPHER_get_bits(SSL_CIPHER *c,int *alg_bits); |
| 755 | char * SSL_CIPHER_get_version(SSL_CIPHER *c); | 1137 | char * SSL_CIPHER_get_version(SSL_CIPHER *c); |
| 756 | char * SSL_CIPHER_get_name(SSL_CIPHER *c); | 1138 | const char * SSL_CIPHER_get_name(SSL_CIPHER *c); |
| 757 | 1139 | ||
| 758 | int SSL_get_fd(SSL *s); | 1140 | int SSL_get_fd(SSL *s); |
| 759 | char * SSL_get_cipher_list(SSL *s,int n); | 1141 | int SSL_get_rfd(SSL *s); |
| 1142 | int SSL_get_wfd(SSL *s); | ||
| 1143 | const char * SSL_get_cipher_list(SSL *s,int n); | ||
| 760 | char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); | 1144 | char * SSL_get_shared_ciphers(SSL *s, char *buf, int len); |
| 761 | int SSL_get_read_ahead(SSL * s); | 1145 | int SSL_get_read_ahead(SSL * s); |
| 762 | int SSL_pending(SSL *s); | 1146 | int SSL_pending(SSL *s); |
| 763 | #ifndef NO_SOCK | 1147 | #ifndef OPENSSL_NO_SOCK |
| 764 | int SSL_set_fd(SSL *s, int fd); | 1148 | int SSL_set_fd(SSL *s, int fd); |
| 765 | int SSL_set_rfd(SSL *s, int fd); | 1149 | int SSL_set_rfd(SSL *s, int fd); |
| 766 | int SSL_set_wfd(SSL *s, int fd); | 1150 | int SSL_set_wfd(SSL *s, int fd); |
| 767 | #endif | 1151 | #endif |
| 768 | #ifdef HEADER_BIO_H | 1152 | #ifndef OPENSSL_NO_BIO |
| 769 | void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); | 1153 | void SSL_set_bio(SSL *s, BIO *rbio,BIO *wbio); |
| 770 | BIO * SSL_get_rbio(SSL *s); | 1154 | BIO * SSL_get_rbio(SSL *s); |
| 771 | BIO * SSL_get_wbio(SSL *s); | 1155 | BIO * SSL_get_wbio(SSL *s); |
| 772 | #endif | 1156 | #endif |
| 773 | int SSL_set_cipher_list(SSL *s, char *str); | 1157 | int SSL_set_cipher_list(SSL *s, const char *str); |
| 774 | void SSL_set_read_ahead(SSL *s, int yes); | 1158 | void SSL_set_read_ahead(SSL *s, int yes); |
| 775 | int SSL_get_verify_mode(SSL *s); | 1159 | int SSL_get_verify_mode(SSL *s); |
| 776 | int (*SSL_get_verify_callback(SSL *s))(); | 1160 | int SSL_get_verify_depth(SSL *s); |
| 777 | void SSL_set_verify(SSL *s, int mode, int (*callback) ()); | 1161 | int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *); |
| 1162 | void SSL_set_verify(SSL *s, int mode, | ||
| 1163 | int (*callback)(int ok,X509_STORE_CTX *ctx)); | ||
| 1164 | void SSL_set_verify_depth(SSL *s, int depth); | ||
| 1165 | #ifndef OPENSSL_NO_RSA | ||
| 778 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); | 1166 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa); |
| 1167 | #endif | ||
| 779 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); | 1168 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len); |
| 780 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); | 1169 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey); |
| 781 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); | 1170 | int SSL_use_PrivateKey_ASN1(int pk,SSL *ssl, unsigned char *d, long len); |
| 782 | int SSL_use_certificate(SSL *ssl, X509 *x); | 1171 | int SSL_use_certificate(SSL *ssl, X509 *x); |
| 783 | int SSL_use_certificate_ASN1(SSL *ssl, int len, unsigned char *d); | 1172 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len); |
| 784 | 1173 | ||
| 785 | #ifndef NO_STDIO | 1174 | #ifndef OPENSSL_NO_STDIO |
| 786 | int SSL_use_RSAPrivateKey_file(SSL *ssl, char *file, int type); | 1175 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type); |
| 787 | int SSL_use_PrivateKey_file(SSL *ssl, char *file, int type); | 1176 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type); |
| 788 | int SSL_use_certificate_file(SSL *ssl, char *file, int type); | 1177 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type); |
| 789 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, char *file, int type); | 1178 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type); |
| 790 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, char *file, int type); | 1179 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type); |
| 791 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, char *file, int type); | 1180 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type); |
| 792 | STACK * SSL_load_client_CA_file(char *file); | 1181 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file); /* PEM type */ |
| 1182 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file); | ||
| 1183 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
| 1184 | const char *file); | ||
| 1185 | #ifndef OPENSSL_SYS_WIN32 | ||
| 1186 | #ifndef OPENSSL_SYS_VMS | ||
| 1187 | #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! [was: #ifndef MAC_OS_pre_X] */ | ||
| 1188 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stackCAs, | ||
| 1189 | const char *dir); | ||
| 1190 | #endif | ||
| 1191 | #endif | ||
| 1192 | #endif | ||
| 1193 | |||
| 793 | #endif | 1194 | #endif |
| 794 | 1195 | ||
| 795 | void ERR_load_SSL_strings(void ); | ||
| 796 | void SSL_load_error_strings(void ); | 1196 | void SSL_load_error_strings(void ); |
| 797 | char * SSL_state_string(SSL *s); | 1197 | const char *SSL_state_string(const SSL *s); |
| 798 | char * SSL_rstate_string(SSL *s); | 1198 | const char *SSL_rstate_string(const SSL *s); |
| 799 | char * SSL_state_string_long(SSL *s); | 1199 | const char *SSL_state_string_long(const SSL *s); |
| 800 | char * SSL_rstate_string_long(SSL *s); | 1200 | const char *SSL_rstate_string_long(const SSL *s); |
| 801 | long SSL_SESSION_get_time(SSL_SESSION *s); | 1201 | long SSL_SESSION_get_time(SSL_SESSION *s); |
| 802 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); | 1202 | long SSL_SESSION_set_time(SSL_SESSION *s, long t); |
| 803 | long SSL_SESSION_get_timeout(SSL_SESSION *s); | 1203 | long SSL_SESSION_get_timeout(SSL_SESSION *s); |
| @@ -807,10 +1207,10 @@ void SSL_copy_session_id(SSL *to,SSL *from); | |||
| 807 | SSL_SESSION *SSL_SESSION_new(void); | 1207 | SSL_SESSION *SSL_SESSION_new(void); |
| 808 | unsigned long SSL_SESSION_hash(SSL_SESSION *a); | 1208 | unsigned long SSL_SESSION_hash(SSL_SESSION *a); |
| 809 | int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); | 1209 | int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b); |
| 810 | #ifndef NO_FP_API | 1210 | #ifndef OPENSSL_NO_FP_API |
| 811 | int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); | 1211 | int SSL_SESSION_print_fp(FILE *fp,SSL_SESSION *ses); |
| 812 | #endif | 1212 | #endif |
| 813 | #ifdef HEADER_BIO_H | 1213 | #ifndef OPENSSL_NO_BIO |
| 814 | int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); | 1214 | int SSL_SESSION_print(BIO *fp,SSL_SESSION *ses); |
| 815 | #endif | 1215 | #endif |
| 816 | void SSL_SESSION_free(SSL_SESSION *ses); | 1216 | void SSL_SESSION_free(SSL_SESSION *ses); |
| @@ -818,19 +1218,28 @@ int i2d_SSL_SESSION(SSL_SESSION *in,unsigned char **pp); | |||
| 818 | int SSL_set_session(SSL *to, SSL_SESSION *session); | 1218 | int SSL_set_session(SSL *to, SSL_SESSION *session); |
| 819 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); | 1219 | int SSL_CTX_add_session(SSL_CTX *s, SSL_SESSION *c); |
| 820 | int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); | 1220 | int SSL_CTX_remove_session(SSL_CTX *,SSL_SESSION *c); |
| 1221 | int SSL_CTX_set_generate_session_id(SSL_CTX *, GEN_SESSION_CB); | ||
| 1222 | int SSL_set_generate_session_id(SSL *, GEN_SESSION_CB); | ||
| 1223 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
| 1224 | unsigned int id_len); | ||
| 821 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); | 1225 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a,unsigned char **pp,long length); |
| 822 | 1226 | ||
| 823 | #ifdef HEADER_X509_H | 1227 | #ifdef HEADER_X509_H |
| 824 | X509 * SSL_get_peer_certificate(SSL *s); | 1228 | X509 * SSL_get_peer_certificate(SSL *s); |
| 825 | #endif | 1229 | #endif |
| 826 | 1230 | ||
| 827 | STACK * SSL_get_peer_cert_chain(SSL *s); | 1231 | STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s); |
| 828 | 1232 | ||
| 829 | int SSL_CTX_get_verify_mode(SSL_CTX *ctx); | 1233 | int SSL_CTX_get_verify_mode(SSL_CTX *ctx); |
| 830 | int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(); | 1234 | int SSL_CTX_get_verify_depth(SSL_CTX *ctx); |
| 831 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*callback)()); | 1235 | int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *); |
| 832 | void SSL_CTX_set_cert_verify_cb(SSL_CTX *ctx, int (*cb)(),char *arg); | 1236 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode, |
| 1237 | int (*callback)(int, X509_STORE_CTX *)); | ||
| 1238 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth); | ||
| 1239 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg); | ||
| 1240 | #ifndef OPENSSL_NO_RSA | ||
| 833 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); | 1241 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa); |
| 1242 | #endif | ||
| 834 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); | 1243 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len); |
| 835 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); | 1244 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey); |
| 836 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | 1245 | int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, |
| @@ -838,24 +1247,37 @@ int SSL_CTX_use_PrivateKey_ASN1(int pk,SSL_CTX *ctx, | |||
| 838 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); | 1247 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x); |
| 839 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); | 1248 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d); |
| 840 | 1249 | ||
| 841 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx,int (*cb)()); | 1250 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb); |
| 1251 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx, void *u); | ||
| 842 | 1252 | ||
| 843 | int SSL_CTX_check_private_key(SSL_CTX *ctx); | 1253 | int SSL_CTX_check_private_key(SSL_CTX *ctx); |
| 844 | int SSL_check_private_key(SSL *ctx); | 1254 | int SSL_check_private_key(SSL *ctx); |
| 845 | 1255 | ||
| 1256 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, | ||
| 1257 | unsigned int sid_ctx_len); | ||
| 1258 | |||
| 846 | SSL * SSL_new(SSL_CTX *ctx); | 1259 | SSL * SSL_new(SSL_CTX *ctx); |
| 847 | void SSL_clear(SSL *s); | 1260 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, |
| 1261 | unsigned int sid_ctx_len); | ||
| 1262 | |||
| 1263 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose); | ||
| 1264 | int SSL_set_purpose(SSL *s, int purpose); | ||
| 1265 | int SSL_CTX_set_trust(SSL_CTX *s, int trust); | ||
| 1266 | int SSL_set_trust(SSL *s, int trust); | ||
| 1267 | |||
| 848 | void SSL_free(SSL *ssl); | 1268 | void SSL_free(SSL *ssl); |
| 849 | int SSL_accept(SSL *ssl); | 1269 | int SSL_accept(SSL *ssl); |
| 850 | int SSL_connect(SSL *ssl); | 1270 | int SSL_connect(SSL *ssl); |
| 851 | int SSL_read(SSL *ssl,char *buf,int num); | 1271 | int SSL_read(SSL *ssl,void *buf,int num); |
| 852 | int SSL_peek(SSL *ssl,char *buf,int num); | 1272 | int SSL_peek(SSL *ssl,void *buf,int num); |
| 853 | int SSL_write(SSL *ssl,char *buf,int num); | 1273 | int SSL_write(SSL *ssl,const void *buf,int num); |
| 854 | long SSL_ctrl(SSL *ssl,int cmd, long larg, char *parg); | 1274 | long SSL_ctrl(SSL *ssl,int cmd, long larg, void *parg); |
| 855 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, char *parg); | 1275 | long SSL_callback_ctrl(SSL *, int, void (*)()); |
| 1276 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd, long larg, void *parg); | ||
| 1277 | long SSL_CTX_callback_ctrl(SSL_CTX *, int, void (*)()); | ||
| 856 | 1278 | ||
| 857 | int SSL_get_error(SSL *s,int ret_code); | 1279 | int SSL_get_error(SSL *s,int ret_code); |
| 858 | char * SSL_get_version(SSL *s); | 1280 | const char *SSL_get_version(SSL *s); |
| 859 | 1281 | ||
| 860 | /* This sets the 'default' SSL version that SSL_new() will create */ | 1282 | /* This sets the 'default' SSL version that SSL_new() will create */ |
| 861 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); | 1283 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth); |
| @@ -876,23 +1298,24 @@ SSL_METHOD *TLSv1_method(void); /* TLSv1.0 */ | |||
| 876 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ | 1298 | SSL_METHOD *TLSv1_server_method(void); /* TLSv1.0 */ |
| 877 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ | 1299 | SSL_METHOD *TLSv1_client_method(void); /* TLSv1.0 */ |
| 878 | 1300 | ||
| 879 | STACK *SSL_get_ciphers(SSL *s); | 1301 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s); |
| 880 | 1302 | ||
| 881 | int SSL_do_handshake(SSL *s); | 1303 | int SSL_do_handshake(SSL *s); |
| 882 | int SSL_renegotiate(SSL *s); | 1304 | int SSL_renegotiate(SSL *s); |
| 1305 | int SSL_renegotiate_pending(SSL *s); | ||
| 883 | int SSL_shutdown(SSL *s); | 1306 | int SSL_shutdown(SSL *s); |
| 884 | 1307 | ||
| 885 | SSL_METHOD *SSL_get_ssl_method(SSL *s); | 1308 | SSL_METHOD *SSL_get_ssl_method(SSL *s); |
| 886 | int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); | 1309 | int SSL_set_ssl_method(SSL *s,SSL_METHOD *method); |
| 887 | char *SSL_alert_type_string_long(int value); | 1310 | const char *SSL_alert_type_string_long(int value); |
| 888 | char *SSL_alert_type_string(int value); | 1311 | const char *SSL_alert_type_string(int value); |
| 889 | char *SSL_alert_desc_string_long(int value); | 1312 | const char *SSL_alert_desc_string_long(int value); |
| 890 | char *SSL_alert_desc_string(int value); | 1313 | const char *SSL_alert_desc_string(int value); |
| 891 | 1314 | ||
| 892 | void SSL_set_client_CA_list(SSL *s, STACK *list); | 1315 | void SSL_set_client_CA_list(SSL *s, STACK_OF(X509_NAME) *list); |
| 893 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK *list); | 1316 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx, STACK_OF(X509_NAME) *list); |
| 894 | STACK *SSL_get_client_CA_list(SSL *s); | 1317 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s); |
| 895 | STACK *SSL_CTX_get_client_CA_list(SSL_CTX *s); | 1318 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *s); |
| 896 | int SSL_add_client_CA(SSL *ssl,X509 *x); | 1319 | int SSL_add_client_CA(SSL *ssl,X509 *x); |
| 897 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); | 1320 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x); |
| 898 | 1321 | ||
| @@ -901,10 +1324,10 @@ void SSL_set_accept_state(SSL *s); | |||
| 901 | 1324 | ||
| 902 | long SSL_get_default_timeout(SSL *s); | 1325 | long SSL_get_default_timeout(SSL *s); |
| 903 | 1326 | ||
| 904 | void SSLeay_add_ssl_algorithms(void ); | 1327 | int SSL_library_init(void ); |
| 905 | 1328 | ||
| 906 | char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); | 1329 | char *SSL_CIPHER_description(SSL_CIPHER *,char *buf,int size); |
| 907 | STACK *SSL_dup_CA_list(STACK *sk); | 1330 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk); |
| 908 | 1331 | ||
| 909 | SSL *SSL_dup(SSL *ssl); | 1332 | SSL *SSL_dup(SSL *ssl); |
| 910 | 1333 | ||
| @@ -919,242 +1342,92 @@ void SSL_set_shutdown(SSL *ssl,int mode); | |||
| 919 | int SSL_get_shutdown(SSL *ssl); | 1342 | int SSL_get_shutdown(SSL *ssl); |
| 920 | int SSL_version(SSL *ssl); | 1343 | int SSL_version(SSL *ssl); |
| 921 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); | 1344 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx); |
| 922 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx,char *CAfile,char *CApath); | 1345 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 1346 | const char *CApath); | ||
| 1347 | #define SSL_get0_session SSL_get_session /* just peek at pointer */ | ||
| 923 | SSL_SESSION *SSL_get_session(SSL *ssl); | 1348 | SSL_SESSION *SSL_get_session(SSL *ssl); |
| 1349 | SSL_SESSION *SSL_get1_session(SSL *ssl); /* obtain a reference count */ | ||
| 924 | SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); | 1350 | SSL_CTX *SSL_get_SSL_CTX(SSL *ssl); |
| 925 | void SSL_set_info_callback(SSL *ssl,void (*cb)()); | 1351 | void SSL_set_info_callback(SSL *ssl, |
| 926 | void (*SSL_get_info_callback(SSL *ssl))(); | 1352 | void (*cb)(const SSL *ssl,int type,int val)); |
| 1353 | void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val); | ||
| 927 | int SSL_state(SSL *ssl); | 1354 | int SSL_state(SSL *ssl); |
| 928 | 1355 | ||
| 929 | void SSL_set_verify_result(SSL *ssl,long v); | 1356 | void SSL_set_verify_result(SSL *ssl,long v); |
| 930 | long SSL_get_verify_result(SSL *ssl); | 1357 | long SSL_get_verify_result(SSL *ssl); |
| 931 | 1358 | ||
| 932 | int SSL_set_ex_data(SSL *ssl,int idx,char *data); | 1359 | int SSL_set_ex_data(SSL *ssl,int idx,void *data); |
| 933 | char *SSL_get_ex_data(SSL *ssl,int idx); | 1360 | void *SSL_get_ex_data(SSL *ssl,int idx); |
| 934 | int SSL_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 1361 | int SSL_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 935 | int (*dup_func)(), void (*free_func)()); | 1362 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 936 | 1363 | ||
| 937 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,char *data); | 1364 | int SSL_SESSION_set_ex_data(SSL_SESSION *ss,int idx,void *data); |
| 938 | char *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); | 1365 | void *SSL_SESSION_get_ex_data(SSL_SESSION *ss,int idx); |
| 939 | int SSL_SESSION_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 1366 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 940 | int (*dup_func)(), void (*free_func)()); | 1367 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 941 | 1368 | ||
| 942 | int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,char *data); | 1369 | int SSL_CTX_set_ex_data(SSL_CTX *ssl,int idx,void *data); |
| 943 | char *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); | 1370 | void *SSL_CTX_get_ex_data(SSL_CTX *ssl,int idx); |
| 944 | int SSL_CTX_get_ex_new_index(long argl, char *argp, int (*new_func)(), | 1371 | int SSL_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 945 | int (*dup_func)(), void (*free_func)()); | 1372 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); |
| 946 | 1373 | ||
| 947 | #else | 1374 | int SSL_get_ex_data_X509_STORE_CTX_idx(void ); |
| 948 | 1375 | ||
| 949 | BIO_METHOD *BIO_f_ssl(); | 1376 | #define SSL_CTX_sess_set_cache_size(ctx,t) \ |
| 950 | BIO *BIO_new_ssl(); | 1377 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_SIZE,t,NULL) |
| 951 | BIO *BIO_new_ssl_connect(); | 1378 | #define SSL_CTX_sess_get_cache_size(ctx) \ |
| 952 | BIO *BIO_new_buffer_ssl_connect(); | 1379 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_SIZE,0,NULL) |
| 953 | int BIO_ssl_copy_session_id(); | 1380 | #define SSL_CTX_set_session_cache_mode(ctx,m) \ |
| 954 | void BIO_ssl_shutdown(); | 1381 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_SESS_CACHE_MODE,m,NULL) |
| 955 | 1382 | #define SSL_CTX_get_session_cache_mode(ctx) \ | |
| 956 | int SSL_CTX_set_cipher_list(); | 1383 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_SESS_CACHE_MODE,0,NULL) |
| 957 | SSL_CTX *SSL_CTX_new(); | 1384 | |
| 958 | void SSL_CTX_free(); | 1385 | #define SSL_CTX_get_default_read_ahead(ctx) SSL_CTX_get_read_ahead(ctx) |
| 959 | void SSL_clear(); | 1386 | #define SSL_CTX_set_default_read_ahead(ctx,m) SSL_CTX_set_read_ahead(ctx,m) |
| 960 | void SSL_CTX_flush_sessions(); | 1387 | #define SSL_CTX_get_read_ahead(ctx) \ |
| 961 | 1388 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_READ_AHEAD,0,NULL) | |
| 962 | SSL_CIPHER *SSL_get_current_cipher(); | 1389 | #define SSL_CTX_set_read_ahead(ctx,m) \ |
| 963 | int SSL_CIPHER_get_bits(); | 1390 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_READ_AHEAD,m,NULL) |
| 964 | char * SSL_CIPHER_get_version(); | 1391 | #define SSL_CTX_get_max_cert_list(ctx) \ |
| 965 | char * SSL_CIPHER_get_name(); | 1392 | SSL_CTX_ctrl(ctx,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) |
| 966 | 1393 | #define SSL_CTX_set_max_cert_list(ctx,m) \ | |
| 967 | int SSL_get_fd(); | 1394 | SSL_CTX_ctrl(ctx,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) |
| 968 | char * SSL_get_cipher_list(); | 1395 | #define SSL_get_max_cert_list(ssl) \ |
| 969 | char * SSL_get_shared_ciphers(); | 1396 | SSL_ctrl(ssl,SSL_CTRL_GET_MAX_CERT_LIST,0,NULL) |
| 970 | int SSL_get_read_ahead(); | 1397 | #define SSL_set_max_cert_list(ssl,m) \ |
| 971 | int SSL_pending(); | 1398 | SSL_ctrl(ssl,SSL_CTRL_SET_MAX_CERT_LIST,m,NULL) |
| 972 | #ifndef NO_SOCK | 1399 | |
| 973 | int SSL_set_fd(); | 1400 | /* NB: the keylength is only applicable when is_export is true */ |
| 974 | int SSL_set_rfd(); | 1401 | #ifndef OPENSSL_NO_RSA |
| 975 | int SSL_set_wfd(); | 1402 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx, |
| 976 | #endif | 1403 | RSA *(*cb)(SSL *ssl,int is_export, |
| 977 | #ifdef HEADER_BIO_H | 1404 | int keylength)); |
| 978 | void SSL_set_bio(); | 1405 | |
| 979 | BIO * SSL_get_rbio(); | 1406 | void SSL_set_tmp_rsa_callback(SSL *ssl, |
| 980 | BIO * SSL_get_wbio(); | 1407 | RSA *(*cb)(SSL *ssl,int is_export, |
| 981 | #endif | 1408 | int keylength)); |
| 982 | int SSL_set_cipher_list(); | ||
| 983 | void SSL_set_read_ahead(); | ||
| 984 | int SSL_get_verify_mode(); | ||
| 985 | |||
| 986 | void SSL_set_verify(); | ||
| 987 | int SSL_use_RSAPrivateKey(); | ||
| 988 | int SSL_use_RSAPrivateKey_ASN1(); | ||
| 989 | int SSL_use_PrivateKey(); | ||
| 990 | int SSL_use_PrivateKey_ASN1(); | ||
| 991 | int SSL_use_certificate(); | ||
| 992 | int SSL_use_certificate_ASN1(); | ||
| 993 | |||
| 994 | #ifndef NO_STDIO | ||
| 995 | int SSL_use_RSAPrivateKey_file(); | ||
| 996 | int SSL_use_PrivateKey_file(); | ||
| 997 | int SSL_use_certificate_file(); | ||
| 998 | int SSL_CTX_use_RSAPrivateKey_file(); | ||
| 999 | int SSL_CTX_use_PrivateKey_file(); | ||
| 1000 | int SSL_CTX_use_certificate_file(); | ||
| 1001 | STACK * SSL_load_client_CA_file(); | ||
| 1002 | #endif | ||
| 1003 | |||
| 1004 | void ERR_load_SSL_strings(); | ||
| 1005 | void SSL_load_error_strings(); | ||
| 1006 | char * SSL_state_string(); | ||
| 1007 | char * SSL_rstate_string(); | ||
| 1008 | char * SSL_state_string_long(); | ||
| 1009 | char * SSL_rstate_string_long(); | ||
| 1010 | long SSL_SESSION_get_time(); | ||
| 1011 | long SSL_SESSION_set_time(); | ||
| 1012 | long SSL_SESSION_get_timeout(); | ||
| 1013 | long SSL_SESSION_set_timeout(); | ||
| 1014 | void SSL_copy_session_id(); | ||
| 1015 | |||
| 1016 | SSL_SESSION *SSL_SESSION_new(); | ||
| 1017 | unsigned long SSL_SESSION_hash(); | ||
| 1018 | int SSL_SESSION_cmp(); | ||
| 1019 | #ifndef NO_FP_API | ||
| 1020 | int SSL_SESSION_print_fp(); | ||
| 1021 | #endif | ||
| 1022 | #ifdef HEADER_BIO_H | ||
| 1023 | int SSL_SESSION_print(); | ||
| 1024 | #endif | ||
| 1025 | void SSL_SESSION_free(); | ||
| 1026 | int i2d_SSL_SESSION(); | ||
| 1027 | int SSL_set_session(); | ||
| 1028 | int SSL_CTX_add_session(); | ||
| 1029 | int SSL_CTX_remove_session(); | ||
| 1030 | SSL_SESSION *d2i_SSL_SESSION(); | ||
| 1031 | |||
| 1032 | #ifdef HEADER_X509_H | ||
| 1033 | X509 * SSL_get_peer_certificate(); | ||
| 1034 | #endif | 1409 | #endif |
| 1035 | 1410 | #ifndef OPENSSL_NO_DH | |
| 1036 | STACK * SSL_get_peer_cert_chain(); | 1411 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx, |
| 1037 | 1412 | DH *(*dh)(SSL *ssl,int is_export, | |
| 1038 | int SSL_CTX_get_verify_mode(); | 1413 | int keylength)); |
| 1039 | int (*SSL_CTX_get_verify_callback())(); | 1414 | void SSL_set_tmp_dh_callback(SSL *ssl, |
| 1040 | void SSL_CTX_set_verify(); | 1415 | DH *(*dh)(SSL *ssl,int is_export, |
| 1041 | void SSL_CTX_set_cert_verify_cb(); | 1416 | int keylength)); |
| 1042 | int SSL_CTX_use_RSAPrivateKey(); | ||
| 1043 | int SSL_CTX_use_RSAPrivateKey_ASN1(); | ||
| 1044 | int SSL_CTX_use_PrivateKey(); | ||
| 1045 | int SSL_CTX_use_PrivateKey_ASN1(); | ||
| 1046 | int SSL_CTX_use_certificate(); | ||
| 1047 | int SSL_CTX_use_certificate_ASN1(); | ||
| 1048 | |||
| 1049 | void SSL_CTX_set_default_passwd_cb(); | ||
| 1050 | |||
| 1051 | int SSL_CTX_check_private_key(); | ||
| 1052 | int SSL_check_private_key(); | ||
| 1053 | |||
| 1054 | SSL * SSL_new(); | ||
| 1055 | void SSL_clear(); | ||
| 1056 | void SSL_free(); | ||
| 1057 | int SSL_accept(); | ||
| 1058 | int SSL_connect(); | ||
| 1059 | int SSL_read(); | ||
| 1060 | int SSL_peek(); | ||
| 1061 | int SSL_write(); | ||
| 1062 | long SSL_ctrl(); | ||
| 1063 | long SSL_CTX_ctrl(); | ||
| 1064 | |||
| 1065 | int SSL_get_error(); | ||
| 1066 | char * SSL_get_version(); | ||
| 1067 | |||
| 1068 | int SSL_CTX_set_ssl_version(); | ||
| 1069 | |||
| 1070 | SSL_METHOD *SSLv2_method(); | ||
| 1071 | SSL_METHOD *SSLv2_server_method(); | ||
| 1072 | SSL_METHOD *SSLv2_client_method(); | ||
| 1073 | |||
| 1074 | SSL_METHOD *SSLv3_method(); | ||
| 1075 | SSL_METHOD *SSLv3_server_method(); | ||
| 1076 | SSL_METHOD *SSLv3_client_method(); | ||
| 1077 | |||
| 1078 | SSL_METHOD *SSLv23_method(); | ||
| 1079 | SSL_METHOD *SSLv23_server_method(); | ||
| 1080 | SSL_METHOD *SSLv23_client_method(); | ||
| 1081 | |||
| 1082 | SSL_METHOD *TLSv1_method(); | ||
| 1083 | SSL_METHOD *TLSv1_server_method(); | ||
| 1084 | SSL_METHOD *TLSv1_client_method(); | ||
| 1085 | |||
| 1086 | STACK *SSL_get_ciphers(); | ||
| 1087 | |||
| 1088 | int SSL_do_handshake(); | ||
| 1089 | int SSL_renegotiate(); | ||
| 1090 | int SSL_shutdown(); | ||
| 1091 | |||
| 1092 | SSL_METHOD *SSL_get_ssl_method(); | ||
| 1093 | int SSL_set_ssl_method(); | ||
| 1094 | char *SSL_alert_type_string_long(); | ||
| 1095 | char *SSL_alert_type_string(); | ||
| 1096 | char *SSL_alert_desc_string_long(); | ||
| 1097 | char *SSL_alert_desc_string(); | ||
| 1098 | |||
| 1099 | void SSL_set_client_CA_list(); | ||
| 1100 | void SSL_CTX_set_client_CA_list(); | ||
| 1101 | STACK *SSL_get_client_CA_list(); | ||
| 1102 | STACK *SSL_CTX_get_client_CA_list(); | ||
| 1103 | int SSL_add_client_CA(); | ||
| 1104 | int SSL_CTX_add_client_CA(); | ||
| 1105 | |||
| 1106 | void SSL_set_connect_state(); | ||
| 1107 | void SSL_set_accept_state(); | ||
| 1108 | |||
| 1109 | long SSL_get_default_timeout(); | ||
| 1110 | |||
| 1111 | void SSLeay_add_ssl_algorithms(); | ||
| 1112 | |||
| 1113 | char *SSL_CIPHER_description(); | ||
| 1114 | STACK *SSL_dup_CA_list(); | ||
| 1115 | |||
| 1116 | SSL *SSL_dup(); | ||
| 1117 | |||
| 1118 | X509 *SSL_get_certificate(); | ||
| 1119 | /* EVP * */ struct evp_pkey_st *SSL_get_privatekey(); | ||
| 1120 | |||
| 1121 | #ifdef this_is_for_mk1mf_pl | ||
| 1122 | EVP *SSL_get_privatekey(); | ||
| 1123 | |||
| 1124 | void SSL_CTX_set_quiet_shutdown(); | ||
| 1125 | int SSL_CTX_get_quiet_shutdown(); | ||
| 1126 | void SSL_set_quiet_shutdown(); | ||
| 1127 | int SSL_get_quiet_shutdown(); | ||
| 1128 | void SSL_set_shutdown(); | ||
| 1129 | int SSL_get_shutdown(); | ||
| 1130 | int SSL_version(); | ||
| 1131 | int SSL_CTX_set_default_verify_paths(); | ||
| 1132 | int SSL_CTX_load_verify_locations(); | ||
| 1133 | SSL_SESSION *SSL_get_session(); | ||
| 1134 | SSL_CTX *SSL_get_SSL_CTX(); | ||
| 1135 | void SSL_set_info_callback(); | ||
| 1136 | int (*SSL_get_info_callback())(); | ||
| 1137 | int SSL_state(); | ||
| 1138 | void SSL_set_verify_result(); | ||
| 1139 | long SSL_get_verify_result(); | ||
| 1140 | |||
| 1141 | int SSL_set_ex_data(); | ||
| 1142 | char *SSL_get_ex_data(); | ||
| 1143 | int SSL_get_ex_new_index(); | ||
| 1144 | |||
| 1145 | int SSL_SESSION_set_ex_data(); | ||
| 1146 | char *SSL_SESSION_get_ex_data(); | ||
| 1147 | int SSL_SESSION_get_ex_new_index(); | ||
| 1148 | |||
| 1149 | int SSL_CTX_set_ex_data(); | ||
| 1150 | char *SSL_CTX_get_ex_data(); | ||
| 1151 | int SSL_CTX_get_ex_new_index(); | ||
| 1152 | |||
| 1153 | #endif | 1417 | #endif |
| 1154 | 1418 | ||
| 1419 | #ifndef OPENSSL_NO_COMP | ||
| 1420 | int SSL_COMP_add_compression_method(int id,COMP_METHOD *cm); | ||
| 1421 | #else | ||
| 1422 | int SSL_COMP_add_compression_method(int id,char *cm); | ||
| 1155 | #endif | 1423 | #endif |
| 1156 | 1424 | ||
| 1157 | /* BEGIN ERROR CODES */ | 1425 | /* BEGIN ERROR CODES */ |
| 1426 | /* The following lines are auto generated by the script mkerr.pl. Any changes | ||
| 1427 | * made after this point may be overwritten when the script is next run. | ||
| 1428 | */ | ||
| 1429 | void ERR_load_SSL_strings(void); | ||
| 1430 | |||
| 1158 | /* Error codes for the SSL functions. */ | 1431 | /* Error codes for the SSL functions. */ |
| 1159 | 1432 | ||
| 1160 | /* Function codes. */ | 1433 | /* Function codes. */ |
| @@ -1178,21 +1451,27 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1178 | #define SSL_F_SSL23_CONNECT 117 | 1451 | #define SSL_F_SSL23_CONNECT 117 |
| 1179 | #define SSL_F_SSL23_GET_CLIENT_HELLO 118 | 1452 | #define SSL_F_SSL23_GET_CLIENT_HELLO 118 |
| 1180 | #define SSL_F_SSL23_GET_SERVER_HELLO 119 | 1453 | #define SSL_F_SSL23_GET_SERVER_HELLO 119 |
| 1454 | #define SSL_F_SSL23_PEEK 237 | ||
| 1181 | #define SSL_F_SSL23_READ 120 | 1455 | #define SSL_F_SSL23_READ 120 |
| 1182 | #define SSL_F_SSL23_WRITE 121 | 1456 | #define SSL_F_SSL23_WRITE 121 |
| 1183 | #define SSL_F_SSL2_ACCEPT 122 | 1457 | #define SSL_F_SSL2_ACCEPT 122 |
| 1184 | #define SSL_F_SSL2_CONNECT 123 | 1458 | #define SSL_F_SSL2_CONNECT 123 |
| 1185 | #define SSL_F_SSL2_ENC_INIT 124 | 1459 | #define SSL_F_SSL2_ENC_INIT 124 |
| 1460 | #define SSL_F_SSL2_PEEK 234 | ||
| 1186 | #define SSL_F_SSL2_READ 125 | 1461 | #define SSL_F_SSL2_READ 125 |
| 1462 | #define SSL_F_SSL2_READ_INTERNAL 236 | ||
| 1187 | #define SSL_F_SSL2_SET_CERTIFICATE 126 | 1463 | #define SSL_F_SSL2_SET_CERTIFICATE 126 |
| 1188 | #define SSL_F_SSL2_WRITE 127 | 1464 | #define SSL_F_SSL2_WRITE 127 |
| 1189 | #define SSL_F_SSL3_ACCEPT 128 | 1465 | #define SSL_F_SSL3_ACCEPT 128 |
| 1466 | #define SSL_F_SSL3_CALLBACK_CTRL 233 | ||
| 1190 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 | 1467 | #define SSL_F_SSL3_CHANGE_CIPHER_STATE 129 |
| 1191 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 | 1468 | #define SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM 130 |
| 1192 | #define SSL_F_SSL3_CLIENT_HELLO 131 | 1469 | #define SSL_F_SSL3_CLIENT_HELLO 131 |
| 1193 | #define SSL_F_SSL3_CONNECT 132 | 1470 | #define SSL_F_SSL3_CONNECT 132 |
| 1471 | #define SSL_F_SSL3_CTRL 213 | ||
| 1194 | #define SSL_F_SSL3_CTX_CTRL 133 | 1472 | #define SSL_F_SSL3_CTX_CTRL 133 |
| 1195 | #define SSL_F_SSL3_ENC 134 | 1473 | #define SSL_F_SSL3_ENC 134 |
| 1474 | #define SSL_F_SSL3_GENERATE_KEY_BLOCK 238 | ||
| 1196 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 | 1475 | #define SSL_F_SSL3_GET_CERTIFICATE_REQUEST 135 |
| 1197 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 | 1476 | #define SSL_F_SSL3_GET_CERT_VERIFY 136 |
| 1198 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 | 1477 | #define SSL_F_SSL3_GET_CLIENT_CERTIFICATE 137 |
| @@ -1206,6 +1485,7 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1206 | #define SSL_F_SSL3_GET_SERVER_DONE 145 | 1485 | #define SSL_F_SSL3_GET_SERVER_DONE 145 |
| 1207 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 | 1486 | #define SSL_F_SSL3_GET_SERVER_HELLO 146 |
| 1208 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 | 1487 | #define SSL_F_SSL3_OUTPUT_CERT_CHAIN 147 |
| 1488 | #define SSL_F_SSL3_PEEK 235 | ||
| 1209 | #define SSL_F_SSL3_READ_BYTES 148 | 1489 | #define SSL_F_SSL3_READ_BYTES 148 |
| 1210 | #define SSL_F_SSL3_READ_N 149 | 1490 | #define SSL_F_SSL3_READ_N 149 |
| 1211 | #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 | 1491 | #define SSL_F_SSL3_SEND_CERTIFICATE_REQUEST 150 |
| @@ -1218,63 +1498,85 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1218 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 | 1498 | #define SSL_F_SSL3_SETUP_KEY_BLOCK 157 |
| 1219 | #define SSL_F_SSL3_WRITE_BYTES 158 | 1499 | #define SSL_F_SSL3_WRITE_BYTES 158 |
| 1220 | #define SSL_F_SSL3_WRITE_PENDING 159 | 1500 | #define SSL_F_SSL3_WRITE_PENDING 159 |
| 1501 | #define SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK 215 | ||
| 1502 | #define SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK 216 | ||
| 1221 | #define SSL_F_SSL_BAD_METHOD 160 | 1503 | #define SSL_F_SSL_BAD_METHOD 160 |
| 1222 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 | 1504 | #define SSL_F_SSL_BYTES_TO_CIPHER_LIST 161 |
| 1505 | #define SSL_F_SSL_CERT_DUP 221 | ||
| 1506 | #define SSL_F_SSL_CERT_INST 222 | ||
| 1507 | #define SSL_F_SSL_CERT_INSTANTIATE 214 | ||
| 1223 | #define SSL_F_SSL_CERT_NEW 162 | 1508 | #define SSL_F_SSL_CERT_NEW 162 |
| 1224 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 | 1509 | #define SSL_F_SSL_CHECK_PRIVATE_KEY 163 |
| 1225 | #define SSL_F_SSL_CREATE_CIPHER_LIST 164 | 1510 | #define SSL_F_SSL_CIPHER_PROCESS_RULESTR 230 |
| 1226 | #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 165 | 1511 | #define SSL_F_SSL_CIPHER_STRENGTH_SORT 231 |
| 1227 | #define SSL_F_SSL_CTX_NEW 166 | 1512 | #define SSL_F_SSL_CLEAR 164 |
| 1228 | #define SSL_F_SSL_CTX_SET_SSL_VERSION 167 | 1513 | #define SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD 165 |
| 1229 | #define SSL_F_SSL_CTX_USE_CERTIFICATE 168 | 1514 | #define SSL_F_SSL_CREATE_CIPHER_LIST 166 |
| 1230 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 169 | 1515 | #define SSL_F_SSL_CTRL 232 |
| 1231 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 170 | 1516 | #define SSL_F_SSL_CTX_CHECK_PRIVATE_KEY 168 |
| 1232 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 171 | 1517 | #define SSL_F_SSL_CTX_NEW 169 |
| 1233 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 172 | 1518 | #define SSL_F_SSL_CTX_SET_PURPOSE 226 |
| 1234 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 173 | 1519 | #define SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT 219 |
| 1235 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 174 | 1520 | #define SSL_F_SSL_CTX_SET_SSL_VERSION 170 |
| 1236 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 175 | 1521 | #define SSL_F_SSL_CTX_SET_TRUST 229 |
| 1237 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 176 | 1522 | #define SSL_F_SSL_CTX_USE_CERTIFICATE 171 |
| 1238 | #define SSL_F_SSL_DO_HANDSHAKE 177 | 1523 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1 172 |
| 1239 | #define SSL_F_SSL_GET_NEW_SESSION 178 | 1524 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE 220 |
| 1240 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 179 | 1525 | #define SSL_F_SSL_CTX_USE_CERTIFICATE_FILE 173 |
| 1241 | #define SSL_F_SSL_GET_SIGN_PKEY 180 | 1526 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY 174 |
| 1242 | #define SSL_F_SSL_INIT_WBIO_BUFFER 181 | 1527 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1 175 |
| 1243 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 182 | 1528 | #define SSL_F_SSL_CTX_USE_PRIVATEKEY_FILE 176 |
| 1244 | #define SSL_F_SSL_NEW 183 | 1529 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY 177 |
| 1245 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 184 | 1530 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_ASN1 178 |
| 1246 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 185 | 1531 | #define SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE 179 |
| 1247 | #define SSL_F_SSL_SESSION_NEW 186 | 1532 | #define SSL_F_SSL_DO_HANDSHAKE 180 |
| 1248 | #define SSL_F_SSL_SESSION_PRINT_FP 187 | 1533 | #define SSL_F_SSL_GET_NEW_SESSION 181 |
| 1249 | #define SSL_F_SSL_SET_CERT 188 | 1534 | #define SSL_F_SSL_GET_PREV_SESSION 217 |
| 1250 | #define SSL_F_SSL_SET_FD 189 | 1535 | #define SSL_F_SSL_GET_SERVER_SEND_CERT 182 |
| 1251 | #define SSL_F_SSL_SET_PKEY 190 | 1536 | #define SSL_F_SSL_GET_SIGN_PKEY 183 |
| 1252 | #define SSL_F_SSL_SET_RFD 191 | 1537 | #define SSL_F_SSL_INIT_WBIO_BUFFER 184 |
| 1253 | #define SSL_F_SSL_SET_SESSION 192 | 1538 | #define SSL_F_SSL_LOAD_CLIENT_CA_FILE 185 |
| 1254 | #define SSL_F_SSL_SET_WFD 193 | 1539 | #define SSL_F_SSL_NEW 186 |
| 1255 | #define SSL_F_SSL_UNDEFINED_FUNCTION 194 | 1540 | #define SSL_F_SSL_READ 223 |
| 1256 | #define SSL_F_SSL_USE_CERTIFICATE 195 | 1541 | #define SSL_F_SSL_RSA_PRIVATE_DECRYPT 187 |
| 1257 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 196 | 1542 | #define SSL_F_SSL_RSA_PUBLIC_ENCRYPT 188 |
| 1258 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 197 | 1543 | #define SSL_F_SSL_SESSION_NEW 189 |
| 1259 | #define SSL_F_SSL_USE_PRIVATEKEY 198 | 1544 | #define SSL_F_SSL_SESSION_PRINT_FP 190 |
| 1260 | #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 199 | 1545 | #define SSL_F_SSL_SESS_CERT_NEW 225 |
| 1261 | #define SSL_F_SSL_USE_PRIVATEKEY_FILE 200 | 1546 | #define SSL_F_SSL_SET_CERT 191 |
| 1262 | #define SSL_F_SSL_USE_RSAPRIVATEKEY 201 | 1547 | #define SSL_F_SSL_SET_FD 192 |
| 1263 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 202 | 1548 | #define SSL_F_SSL_SET_PKEY 193 |
| 1264 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 203 | 1549 | #define SSL_F_SSL_SET_PURPOSE 227 |
| 1265 | #define SSL_F_SSL_WRITE 204 | 1550 | #define SSL_F_SSL_SET_RFD 194 |
| 1266 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE 205 | 1551 | #define SSL_F_SSL_SET_SESSION 195 |
| 1267 | #define SSL_F_TLS1_ENC 206 | 1552 | #define SSL_F_SSL_SET_SESSION_ID_CONTEXT 218 |
| 1268 | #define SSL_F_TLS1_SETUP_KEY_BLOCK 207 | 1553 | #define SSL_F_SSL_SET_TRUST 228 |
| 1269 | #define SSL_F_WRITE_PENDING 208 | 1554 | #define SSL_F_SSL_SET_WFD 196 |
| 1555 | #define SSL_F_SSL_SHUTDOWN 224 | ||
| 1556 | #define SSL_F_SSL_UNDEFINED_FUNCTION 197 | ||
| 1557 | #define SSL_F_SSL_USE_CERTIFICATE 198 | ||
| 1558 | #define SSL_F_SSL_USE_CERTIFICATE_ASN1 199 | ||
| 1559 | #define SSL_F_SSL_USE_CERTIFICATE_FILE 200 | ||
| 1560 | #define SSL_F_SSL_USE_PRIVATEKEY 201 | ||
| 1561 | #define SSL_F_SSL_USE_PRIVATEKEY_ASN1 202 | ||
| 1562 | #define SSL_F_SSL_USE_PRIVATEKEY_FILE 203 | ||
| 1563 | #define SSL_F_SSL_USE_RSAPRIVATEKEY 204 | ||
| 1564 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1 205 | ||
| 1565 | #define SSL_F_SSL_USE_RSAPRIVATEKEY_FILE 206 | ||
| 1566 | #define SSL_F_SSL_VERIFY_CERT_CHAIN 207 | ||
| 1567 | #define SSL_F_SSL_WRITE 208 | ||
| 1568 | #define SSL_F_TLS1_CHANGE_CIPHER_STATE 209 | ||
| 1569 | #define SSL_F_TLS1_ENC 210 | ||
| 1570 | #define SSL_F_TLS1_SETUP_KEY_BLOCK 211 | ||
| 1571 | #define SSL_F_WRITE_PENDING 212 | ||
| 1270 | 1572 | ||
| 1271 | /* Reason codes. */ | 1573 | /* Reason codes. */ |
| 1272 | #define SSL_R_APP_DATA_IN_HANDSHAKE 100 | 1574 | #define SSL_R_APP_DATA_IN_HANDSHAKE 100 |
| 1575 | #define SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT 272 | ||
| 1273 | #define SSL_R_BAD_ALERT_RECORD 101 | 1576 | #define SSL_R_BAD_ALERT_RECORD 101 |
| 1274 | #define SSL_R_BAD_AUTHENTICATION_TYPE 102 | 1577 | #define SSL_R_BAD_AUTHENTICATION_TYPE 102 |
| 1275 | #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 | 1578 | #define SSL_R_BAD_CHANGE_CIPHER_SPEC 103 |
| 1276 | #define SSL_R_BAD_CHECKSUM 104 | 1579 | #define SSL_R_BAD_CHECKSUM 104 |
| 1277 | #define SSL_R_BAD_CLIENT_REQUEST 105 | ||
| 1278 | #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 | 1580 | #define SSL_R_BAD_DATA_RETURNED_BY_CALLBACK 106 |
| 1279 | #define SSL_R_BAD_DECOMPRESSION 107 | 1581 | #define SSL_R_BAD_DECOMPRESSION 107 |
| 1280 | #define SSL_R_BAD_DH_G_LENGTH 108 | 1582 | #define SSL_R_BAD_DH_G_LENGTH 108 |
| @@ -1282,6 +1584,8 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1282 | #define SSL_R_BAD_DH_P_LENGTH 110 | 1584 | #define SSL_R_BAD_DH_P_LENGTH 110 |
| 1283 | #define SSL_R_BAD_DIGEST_LENGTH 111 | 1585 | #define SSL_R_BAD_DIGEST_LENGTH 111 |
| 1284 | #define SSL_R_BAD_DSA_SIGNATURE 112 | 1586 | #define SSL_R_BAD_DSA_SIGNATURE 112 |
| 1587 | #define SSL_R_BAD_HELLO_REQUEST 105 | ||
| 1588 | #define SSL_R_BAD_LENGTH 271 | ||
| 1285 | #define SSL_R_BAD_MAC_DECODE 113 | 1589 | #define SSL_R_BAD_MAC_DECODE 113 |
| 1286 | #define SSL_R_BAD_MESSAGE_TYPE 114 | 1590 | #define SSL_R_BAD_MESSAGE_TYPE 114 |
| 1287 | #define SSL_R_BAD_PACKET_LENGTH 115 | 1591 | #define SSL_R_BAD_PACKET_LENGTH 115 |
| @@ -1311,83 +1615,108 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1311 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 | 1615 | #define SSL_R_CIPHER_TABLE_SRC_ERROR 139 |
| 1312 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 | 1616 | #define SSL_R_COMPRESSED_LENGTH_TOO_LONG 140 |
| 1313 | #define SSL_R_COMPRESSION_FAILURE 141 | 1617 | #define SSL_R_COMPRESSION_FAILURE 141 |
| 1314 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 142 | 1618 | #define SSL_R_COMPRESSION_LIBRARY_ERROR 142 |
| 1315 | #define SSL_R_CONNECTION_TYPE_NOT_SET 143 | 1619 | #define SSL_R_CONNECTION_ID_IS_DIFFERENT 143 |
| 1316 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 144 | 1620 | #define SSL_R_CONNECTION_TYPE_NOT_SET 144 |
| 1317 | #define SSL_R_DATA_LENGTH_TOO_LONG 145 | 1621 | #define SSL_R_DATA_BETWEEN_CCS_AND_FINISHED 145 |
| 1318 | #define SSL_R_DECRYPTION_FAILED 146 | 1622 | #define SSL_R_DATA_LENGTH_TOO_LONG 146 |
| 1319 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 147 | 1623 | #define SSL_R_DECRYPTION_FAILED 147 |
| 1320 | #define SSL_R_DIGEST_CHECK_FAILED 148 | 1624 | #define SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC 1109 |
| 1321 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 149 | 1625 | #define SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG 148 |
| 1322 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 150 | 1626 | #define SSL_R_DIGEST_CHECK_FAILED 149 |
| 1323 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 151 | 1627 | #define SSL_R_ENCRYPTED_LENGTH_TOO_LONG 150 |
| 1324 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 152 | 1628 | #define SSL_R_ERROR_GENERATING_TMP_RSA_KEY 1092 |
| 1325 | #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 153 | 1629 | #define SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST 151 |
| 1326 | #define SSL_R_HTTPS_PROXY_REQUEST 154 | 1630 | #define SSL_R_EXCESSIVE_MESSAGE_SIZE 152 |
| 1327 | #define SSL_R_HTTP_REQUEST 155 | 1631 | #define SSL_R_EXTRA_DATA_IN_MESSAGE 153 |
| 1328 | #define SSL_R_INTERNAL_ERROR 156 | 1632 | #define SSL_R_GOT_A_FIN_BEFORE_A_CCS 154 |
| 1329 | #define SSL_R_INVALID_CHALLENGE_LENGTH 157 | 1633 | #define SSL_R_HTTPS_PROXY_REQUEST 155 |
| 1330 | #define SSL_R_LENGTH_MISMATCH 158 | 1634 | #define SSL_R_HTTP_REQUEST 156 |
| 1331 | #define SSL_R_LENGTH_TOO_SHORT 159 | 1635 | #define SSL_R_ILLEGAL_PADDING 1110 |
| 1332 | #define SSL_R_LIBRARY_HAS_NO_CIPHERS 160 | 1636 | #define SSL_R_INVALID_CHALLENGE_LENGTH 158 |
| 1333 | #define SSL_R_MISSING_DH_DSA_CERT 161 | 1637 | #define SSL_R_INVALID_COMMAND 280 |
| 1334 | #define SSL_R_MISSING_DH_KEY 162 | 1638 | #define SSL_R_INVALID_PURPOSE 278 |
| 1335 | #define SSL_R_MISSING_DH_RSA_CERT 163 | 1639 | #define SSL_R_INVALID_TRUST 279 |
| 1336 | #define SSL_R_MISSING_DSA_SIGNING_CERT 164 | 1640 | #define SSL_R_KRB5 1104 |
| 1337 | #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 165 | 1641 | #define SSL_R_KRB5_C_CC_PRINC 1094 |
| 1338 | #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 166 | 1642 | #define SSL_R_KRB5_C_GET_CRED 1095 |
| 1339 | #define SSL_R_MISSING_RSA_CERTIFICATE 167 | 1643 | #define SSL_R_KRB5_C_INIT 1096 |
| 1340 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 168 | 1644 | #define SSL_R_KRB5_C_MK_REQ 1097 |
| 1341 | #define SSL_R_MISSING_RSA_SIGNING_CERT 169 | 1645 | #define SSL_R_KRB5_S_BAD_TICKET 1098 |
| 1342 | #define SSL_R_MISSING_TMP_DH_KEY 170 | 1646 | #define SSL_R_KRB5_S_INIT 1099 |
| 1343 | #define SSL_R_MISSING_TMP_RSA_KEY 171 | 1647 | #define SSL_R_KRB5_S_RD_REQ 1108 |
| 1344 | #define SSL_R_MISSING_TMP_RSA_PKEY 172 | 1648 | #define SSL_R_KRB5_S_TKT_EXPIRED 1105 |
| 1345 | #define SSL_R_MISSING_VERIFY_MESSAGE 173 | 1649 | #define SSL_R_KRB5_S_TKT_NYV 1106 |
| 1346 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 174 | 1650 | #define SSL_R_KRB5_S_TKT_SKEW 1107 |
| 1347 | #define SSL_R_NO_CERTIFICATES_RETURNED 175 | 1651 | #define SSL_R_LENGTH_MISMATCH 159 |
| 1348 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 176 | 1652 | #define SSL_R_LENGTH_TOO_SHORT 160 |
| 1349 | #define SSL_R_NO_CERTIFICATE_RETURNED 177 | 1653 | #define SSL_R_LIBRARY_BUG 274 |
| 1350 | #define SSL_R_NO_CERTIFICATE_SET 178 | 1654 | #define SSL_R_LIBRARY_HAS_NO_CIPHERS 161 |
| 1351 | #define SSL_R_NO_CERTIFICATE_SPECIFIED 179 | 1655 | #define SSL_R_MESSAGE_TOO_LONG 1111 |
| 1352 | #define SSL_R_NO_CIPHERS_AVAILABLE 180 | 1656 | #define SSL_R_MISSING_DH_DSA_CERT 162 |
| 1353 | #define SSL_R_NO_CIPHERS_PASSED 181 | 1657 | #define SSL_R_MISSING_DH_KEY 163 |
| 1354 | #define SSL_R_NO_CIPHERS_SPECIFIED 182 | 1658 | #define SSL_R_MISSING_DH_RSA_CERT 164 |
| 1355 | #define SSL_R_NO_CIPHER_LIST 183 | 1659 | #define SSL_R_MISSING_DSA_SIGNING_CERT 165 |
| 1356 | #define SSL_R_NO_CIPHER_MATCH 184 | 1660 | #define SSL_R_MISSING_EXPORT_TMP_DH_KEY 166 |
| 1357 | #define SSL_R_NO_CLIENT_CERT_RECEIVED 185 | 1661 | #define SSL_R_MISSING_EXPORT_TMP_RSA_KEY 167 |
| 1358 | #define SSL_R_NO_COMPRESSION_SPECIFIED 186 | 1662 | #define SSL_R_MISSING_RSA_CERTIFICATE 168 |
| 1359 | #define SSL_R_NO_PRIVATEKEY 187 | 1663 | #define SSL_R_MISSING_RSA_ENCRYPTING_CERT 169 |
| 1360 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 188 | 1664 | #define SSL_R_MISSING_RSA_SIGNING_CERT 170 |
| 1361 | #define SSL_R_NO_PROTOCOLS_AVAILABLE 189 | 1665 | #define SSL_R_MISSING_TMP_DH_KEY 171 |
| 1362 | #define SSL_R_NO_PUBLICKEY 190 | 1666 | #define SSL_R_MISSING_TMP_RSA_KEY 172 |
| 1363 | #define SSL_R_NO_SHARED_CIPHER 191 | 1667 | #define SSL_R_MISSING_TMP_RSA_PKEY 173 |
| 1364 | #define SSL_R_NULL_SSL_CTX 192 | 1668 | #define SSL_R_MISSING_VERIFY_MESSAGE 174 |
| 1365 | #define SSL_R_NULL_SSL_METHOD_PASSED 193 | 1669 | #define SSL_R_NON_SSLV2_INITIAL_PACKET 175 |
| 1366 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 194 | 1670 | #define SSL_R_NO_CERTIFICATES_RETURNED 176 |
| 1367 | #define SSL_R_PACKET_LENGTH_TOO_LONG 195 | 1671 | #define SSL_R_NO_CERTIFICATE_ASSIGNED 177 |
| 1368 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 196 | 1672 | #define SSL_R_NO_CERTIFICATE_RETURNED 178 |
| 1369 | #define SSL_R_PEER_ERROR 197 | 1673 | #define SSL_R_NO_CERTIFICATE_SET 179 |
| 1370 | #define SSL_R_PEER_ERROR_CERTIFICATE 198 | 1674 | #define SSL_R_NO_CERTIFICATE_SPECIFIED 180 |
| 1371 | #define SSL_R_PEER_ERROR_NO_CERTIFICATE 199 | 1675 | #define SSL_R_NO_CIPHERS_AVAILABLE 181 |
| 1372 | #define SSL_R_PEER_ERROR_NO_CIPHER 200 | 1676 | #define SSL_R_NO_CIPHERS_PASSED 182 |
| 1373 | #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 201 | 1677 | #define SSL_R_NO_CIPHERS_SPECIFIED 183 |
| 1374 | #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 202 | 1678 | #define SSL_R_NO_CIPHER_LIST 184 |
| 1375 | #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 203 | 1679 | #define SSL_R_NO_CIPHER_MATCH 185 |
| 1376 | #define SSL_R_PROTOCOL_IS_SHUTDOWN 204 | 1680 | #define SSL_R_NO_CLIENT_CERT_RECEIVED 186 |
| 1377 | #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 205 | 1681 | #define SSL_R_NO_COMPRESSION_SPECIFIED 187 |
| 1378 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 206 | 1682 | #define SSL_R_NO_METHOD_SPECIFIED 188 |
| 1379 | #define SSL_R_PUBLIC_KEY_NOT_RSA 207 | 1683 | #define SSL_R_NO_PRIVATEKEY 189 |
| 1380 | #define SSL_R_READ_BIO_NOT_SET 208 | 1684 | #define SSL_R_NO_PRIVATE_KEY_ASSIGNED 190 |
| 1381 | #define SSL_R_READ_WRONG_PACKET_TYPE 209 | 1685 | #define SSL_R_NO_PROTOCOLS_AVAILABLE 191 |
| 1382 | #define SSL_R_RECORD_LENGTH_MISMATCH 210 | 1686 | #define SSL_R_NO_PUBLICKEY 192 |
| 1383 | #define SSL_R_RECORD_TOO_LARGE 211 | 1687 | #define SSL_R_NO_SHARED_CIPHER 193 |
| 1384 | #define SSL_R_REQUIRED_CIPHER_MISSING 212 | 1688 | #define SSL_R_NO_VERIFY_CALLBACK 194 |
| 1385 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 213 | 1689 | #define SSL_R_NULL_SSL_CTX 195 |
| 1386 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 214 | 1690 | #define SSL_R_NULL_SSL_METHOD_PASSED 196 |
| 1387 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 215 | 1691 | #define SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED 197 |
| 1388 | #define SSL_R_SHORT_READ 216 | 1692 | #define SSL_R_PACKET_LENGTH_TOO_LONG 198 |
| 1389 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 217 | 1693 | #define SSL_R_PATH_TOO_LONG 270 |
| 1390 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 218 | 1694 | #define SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE 199 |
| 1695 | #define SSL_R_PEER_ERROR 200 | ||
| 1696 | #define SSL_R_PEER_ERROR_CERTIFICATE 201 | ||
| 1697 | #define SSL_R_PEER_ERROR_NO_CERTIFICATE 202 | ||
| 1698 | #define SSL_R_PEER_ERROR_NO_CIPHER 203 | ||
| 1699 | #define SSL_R_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 204 | ||
| 1700 | #define SSL_R_PRE_MAC_LENGTH_TOO_LONG 205 | ||
| 1701 | #define SSL_R_PROBLEMS_MAPPING_CIPHER_FUNCTIONS 206 | ||
| 1702 | #define SSL_R_PROTOCOL_IS_SHUTDOWN 207 | ||
| 1703 | #define SSL_R_PUBLIC_KEY_ENCRYPT_ERROR 208 | ||
| 1704 | #define SSL_R_PUBLIC_KEY_IS_NOT_RSA 209 | ||
| 1705 | #define SSL_R_PUBLIC_KEY_NOT_RSA 210 | ||
| 1706 | #define SSL_R_READ_BIO_NOT_SET 211 | ||
| 1707 | #define SSL_R_READ_WRONG_PACKET_TYPE 212 | ||
| 1708 | #define SSL_R_RECORD_LENGTH_MISMATCH 213 | ||
| 1709 | #define SSL_R_RECORD_TOO_LARGE 214 | ||
| 1710 | #define SSL_R_RECORD_TOO_SMALL 1093 | ||
| 1711 | #define SSL_R_REQUIRED_CIPHER_MISSING 215 | ||
| 1712 | #define SSL_R_REUSE_CERT_LENGTH_NOT_ZERO 216 | ||
| 1713 | #define SSL_R_REUSE_CERT_TYPE_NOT_ZERO 217 | ||
| 1714 | #define SSL_R_REUSE_CIPHER_LIST_NOT_ZERO 218 | ||
| 1715 | #define SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED 277 | ||
| 1716 | #define SSL_R_SHORT_READ 219 | ||
| 1717 | #define SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE 220 | ||
| 1718 | #define SSL_R_SSL23_DOING_SESSION_ID_REUSE 221 | ||
| 1719 | #define SSL_R_SSL3_SESSION_ID_TOO_SHORT 222 | ||
| 1391 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 | 1720 | #define SSL_R_SSLV3_ALERT_BAD_CERTIFICATE 1042 |
| 1392 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 | 1721 | #define SSL_R_SSLV3_ALERT_BAD_RECORD_MAC 1020 |
| 1393 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 | 1722 | #define SSL_R_SSLV3_ALERT_CERTIFICATE_EXPIRED 1045 |
| @@ -1397,57 +1726,75 @@ int SSL_CTX_get_ex_new_index(); | |||
| 1397 | #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 | 1726 | #define SSL_R_SSLV3_ALERT_HANDSHAKE_FAILURE 1040 |
| 1398 | #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 | 1727 | #define SSL_R_SSLV3_ALERT_ILLEGAL_PARAMETER 1047 |
| 1399 | #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 | 1728 | #define SSL_R_SSLV3_ALERT_NO_CERTIFICATE 1041 |
| 1400 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 219 | 1729 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_CERTIFICATE 223 |
| 1401 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 220 | 1730 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CERTIFICATE 224 |
| 1402 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 221 | 1731 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_NO_CIPHER 225 |
| 1403 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 222 | 1732 | #define SSL_R_SSLV3_ALERT_PEER_ERROR_UNSUPPORTED_CERTIFICATE_TYPE 226 |
| 1404 | #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 | 1733 | #define SSL_R_SSLV3_ALERT_UNEXPECTED_MESSAGE 1010 |
| 1405 | #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 223 | 1734 | #define SSL_R_SSLV3_ALERT_UNKNOWN_REMOTE_ERROR_TYPE 227 |
| 1406 | #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 | 1735 | #define SSL_R_SSLV3_ALERT_UNSUPPORTED_CERTIFICATE 1043 |
| 1407 | #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 224 | 1736 | #define SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION 228 |
| 1408 | #define SSL_R_SSL_HANDSHAKE_FAILURE 225 | 1737 | #define SSL_R_SSL_HANDSHAKE_FAILURE 229 |
| 1409 | #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 226 | 1738 | #define SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS 230 |
| 1410 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 227 | 1739 | #define SSL_R_SSL_SESSION_ID_CALLBACK_FAILED 1102 |
| 1411 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 228 | 1740 | #define SSL_R_SSL_SESSION_ID_CONFLICT 1103 |
| 1412 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 229 | 1741 | #define SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG 273 |
| 1413 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 230 | 1742 | #define SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH 1101 |
| 1414 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 231 | 1743 | #define SSL_R_SSL_SESSION_ID_IS_DIFFERENT 231 |
| 1415 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 232 | 1744 | #define SSL_R_TLSV1_ALERT_ACCESS_DENIED 1049 |
| 1416 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 233 | 1745 | #define SSL_R_TLSV1_ALERT_DECODE_ERROR 1050 |
| 1417 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 234 | 1746 | #define SSL_R_TLSV1_ALERT_DECRYPTION_FAILED 1021 |
| 1418 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 235 | 1747 | #define SSL_R_TLSV1_ALERT_DECRYPT_ERROR 1051 |
| 1419 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 236 | 1748 | #define SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION 1060 |
| 1420 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 237 | 1749 | #define SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY 1071 |
| 1421 | #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 238 | 1750 | #define SSL_R_TLSV1_ALERT_INTERNAL_ERROR 1080 |
| 1422 | #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 239 | 1751 | #define SSL_R_TLSV1_ALERT_NO_RENEGOTIATION 1100 |
| 1423 | #define SSL_R_UNEXPECTED_MESSAGE 240 | 1752 | #define SSL_R_TLSV1_ALERT_PROTOCOL_VERSION 1070 |
| 1424 | #define SSL_R_UNEXPECTED_RECORD 241 | 1753 | #define SSL_R_TLSV1_ALERT_RECORD_OVERFLOW 1022 |
| 1425 | #define SSL_R_UNKNOWN_ALERT_TYPE 242 | 1754 | #define SSL_R_TLSV1_ALERT_UNKNOWN_CA 1048 |
| 1426 | #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 243 | 1755 | #define SSL_R_TLSV1_ALERT_USER_CANCELLED 1090 |
| 1427 | #define SSL_R_UNKNOWN_CIPHER_RETURNED 244 | 1756 | #define SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER 232 |
| 1428 | #define SSL_R_UNKNOWN_CIPHER_TYPE 245 | 1757 | #define SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST 233 |
| 1429 | #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 246 | 1758 | #define SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG 234 |
| 1430 | #define SSL_R_UNKNOWN_PKEY_TYPE 247 | 1759 | #define SSL_R_TRIED_TO_USE_UNSUPPORTED_CIPHER 235 |
| 1431 | #define SSL_R_UNKNOWN_PROTOCOL 248 | 1760 | #define SSL_R_UNABLE_TO_DECODE_DH_CERTS 236 |
| 1432 | #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 249 | 1761 | #define SSL_R_UNABLE_TO_EXTRACT_PUBLIC_KEY 237 |
| 1433 | #define SSL_R_UNKNOWN_SSL_VERSION 250 | 1762 | #define SSL_R_UNABLE_TO_FIND_DH_PARAMETERS 238 |
| 1434 | #define SSL_R_UNKNOWN_STATE 251 | 1763 | #define SSL_R_UNABLE_TO_FIND_PUBLIC_KEY_PARAMETERS 239 |
| 1435 | #define SSL_R_UNSUPPORTED_CIPHER 252 | 1764 | #define SSL_R_UNABLE_TO_FIND_SSL_METHOD 240 |
| 1436 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 253 | 1765 | #define SSL_R_UNABLE_TO_LOAD_SSL2_MD5_ROUTINES 241 |
| 1437 | #define SSL_R_UNSUPPORTED_PROTOCOL 254 | 1766 | #define SSL_R_UNABLE_TO_LOAD_SSL3_MD5_ROUTINES 242 |
| 1438 | #define SSL_R_UNSUPPORTED_SSL_VERSION 255 | 1767 | #define SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES 243 |
| 1439 | #define SSL_R_WRITE_BIO_NOT_SET 256 | 1768 | #define SSL_R_UNEXPECTED_MESSAGE 244 |
| 1440 | #define SSL_R_WRONG_CIPHER_RETURNED 257 | 1769 | #define SSL_R_UNEXPECTED_RECORD 245 |
| 1441 | #define SSL_R_WRONG_MESSAGE_TYPE 258 | 1770 | #define SSL_R_UNINITIALIZED 276 |
| 1442 | #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 259 | 1771 | #define SSL_R_UNKNOWN_ALERT_TYPE 246 |
| 1443 | #define SSL_R_WRONG_SIGNATURE_LENGTH 260 | 1772 | #define SSL_R_UNKNOWN_CERTIFICATE_TYPE 247 |
| 1444 | #define SSL_R_WRONG_SIGNATURE_SIZE 261 | 1773 | #define SSL_R_UNKNOWN_CIPHER_RETURNED 248 |
| 1445 | #define SSL_R_WRONG_SSL_VERSION 262 | 1774 | #define SSL_R_UNKNOWN_CIPHER_TYPE 249 |
| 1446 | #define SSL_R_WRONG_VERSION_NUMBER 263 | 1775 | #define SSL_R_UNKNOWN_KEY_EXCHANGE_TYPE 250 |
| 1447 | #define SSL_R_X509_LIB 264 | 1776 | #define SSL_R_UNKNOWN_PKEY_TYPE 251 |
| 1448 | 1777 | #define SSL_R_UNKNOWN_PROTOCOL 252 | |
| 1778 | #define SSL_R_UNKNOWN_REMOTE_ERROR_TYPE 253 | ||
| 1779 | #define SSL_R_UNKNOWN_SSL_VERSION 254 | ||
| 1780 | #define SSL_R_UNKNOWN_STATE 255 | ||
| 1781 | #define SSL_R_UNSUPPORTED_CIPHER 256 | ||
| 1782 | #define SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM 257 | ||
| 1783 | #define SSL_R_UNSUPPORTED_OPTION 1091 | ||
| 1784 | #define SSL_R_UNSUPPORTED_PROTOCOL 258 | ||
| 1785 | #define SSL_R_UNSUPPORTED_SSL_VERSION 259 | ||
| 1786 | #define SSL_R_WRITE_BIO_NOT_SET 260 | ||
| 1787 | #define SSL_R_WRONG_CIPHER_RETURNED 261 | ||
| 1788 | #define SSL_R_WRONG_MESSAGE_TYPE 262 | ||
| 1789 | #define SSL_R_WRONG_NUMBER_OF_KEY_BITS 263 | ||
| 1790 | #define SSL_R_WRONG_SIGNATURE_LENGTH 264 | ||
| 1791 | #define SSL_R_WRONG_SIGNATURE_SIZE 265 | ||
| 1792 | #define SSL_R_WRONG_SSL_VERSION 266 | ||
| 1793 | #define SSL_R_WRONG_VERSION_NUMBER 267 | ||
| 1794 | #define SSL_R_X509_LIB 268 | ||
| 1795 | #define SSL_R_X509_VERIFICATION_SETUP_PROBLEMS 269 | ||
| 1796 | |||
| 1449 | #ifdef __cplusplus | 1797 | #ifdef __cplusplus |
| 1450 | } | 1798 | } |
| 1451 | #endif | 1799 | #endif |
| 1452 | #endif | 1800 | #endif |
| 1453 | |||
diff --git a/src/lib/libssl/ssl2.h b/src/lib/libssl/ssl2.h index 3dc94e520b..99a52ea0dd 100644 --- a/src/lib/libssl/ssl2.h +++ b/src/lib/libssl/ssl2.h | |||
| @@ -67,8 +67,8 @@ extern "C" { | |||
| 67 | #define SSL2_VERSION 0x0002 | 67 | #define SSL2_VERSION 0x0002 |
| 68 | #define SSL2_VERSION_MAJOR 0x00 | 68 | #define SSL2_VERSION_MAJOR 0x00 |
| 69 | #define SSL2_VERSION_MINOR 0x02 | 69 | #define SSL2_VERSION_MINOR 0x02 |
| 70 | #define SSL2_CLIENT_VERSION 0x0002 | 70 | /* #define SSL2_CLIENT_VERSION 0x0002 */ |
| 71 | #define SSL2_SERVER_VERSION 0x0002 | 71 | /* #define SSL2_SERVER_VERSION 0x0002 */ |
| 72 | 72 | ||
| 73 | /* Protocol Message Codes */ | 73 | /* Protocol Message Codes */ |
| 74 | #define SSL2_MT_ERROR 0 | 74 | #define SSL2_MT_ERROR 0 |
| @@ -133,8 +133,12 @@ extern "C" { | |||
| 133 | 133 | ||
| 134 | /* Upper/Lower Bounds */ | 134 | /* Upper/Lower Bounds */ |
| 135 | #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 | 135 | #define SSL2_MAX_MASTER_KEY_LENGTH_IN_BITS 256 |
| 136 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER (unsigned int)32767 | 136 | #ifdef OPENSSL_SYS_MPE |
| 137 | #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /**/ | 137 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 29998u |
| 138 | #else | ||
| 139 | #define SSL2_MAX_RECORD_LENGTH_2_BYTE_HEADER 32767u /* 2^15-1 */ | ||
| 140 | #endif | ||
| 141 | #define SSL2_MAX_RECORD_LENGTH_3_BYTE_HEADER 16383 /* 2^14-1 */ | ||
| 138 | 142 | ||
| 139 | #define SSL2_CHALLENGE_LENGTH 16 | 143 | #define SSL2_CHALLENGE_LENGTH 16 |
| 140 | /*#define SSL2_CHALLENGE_LENGTH 32 */ | 144 | /*#define SSL2_CHALLENGE_LENGTH 32 */ |
| @@ -151,7 +155,7 @@ extern "C" { | |||
| 151 | #define CERT char | 155 | #define CERT char |
| 152 | #endif | 156 | #endif |
| 153 | 157 | ||
| 154 | typedef struct ssl2_ctx_st | 158 | typedef struct ssl2_state_st |
| 155 | { | 159 | { |
| 156 | int three_byte_header; | 160 | int three_byte_header; |
| 157 | int clear_text; /* clear text */ | 161 | int clear_text; /* clear text */ |
| @@ -162,7 +166,7 @@ typedef struct ssl2_ctx_st | |||
| 162 | * args were passwd */ | 166 | * args were passwd */ |
| 163 | unsigned int wnum; /* number of bytes sent so far */ | 167 | unsigned int wnum; /* number of bytes sent so far */ |
| 164 | int wpend_tot; | 168 | int wpend_tot; |
| 165 | char *wpend_buf; | 169 | const unsigned char *wpend_buf; |
| 166 | 170 | ||
| 167 | int wpend_off; /* offset to data to write */ | 171 | int wpend_off; /* offset to data to write */ |
| 168 | int wpend_len; /* number of bytes passwd to write */ | 172 | int wpend_len; /* number of bytes passwd to write */ |
| @@ -185,7 +189,6 @@ typedef struct ssl2_ctx_st | |||
| 185 | unsigned char *ract_data; | 189 | unsigned char *ract_data; |
| 186 | unsigned char *wact_data; | 190 | unsigned char *wact_data; |
| 187 | unsigned char *mac_data; | 191 | unsigned char *mac_data; |
| 188 | unsigned char *pad_data; | ||
| 189 | 192 | ||
| 190 | unsigned char *read_key; | 193 | unsigned char *read_key; |
| 191 | unsigned char *write_key; | 194 | unsigned char *write_key; |
| @@ -205,16 +208,16 @@ typedef struct ssl2_ctx_st | |||
| 205 | unsigned int conn_id_length; | 208 | unsigned int conn_id_length; |
| 206 | unsigned int cert_type; | 209 | unsigned int cert_type; |
| 207 | unsigned int cert_length; | 210 | unsigned int cert_length; |
| 208 | int csl; | 211 | unsigned int csl; |
| 209 | int clear; | 212 | unsigned int clear; |
| 210 | unsigned int enc; | 213 | unsigned int enc; |
| 211 | unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; | 214 | unsigned char ccl[SSL2_MAX_CERT_CHALLENGE_LENGTH]; |
| 212 | int cipher_spec_length; | 215 | unsigned int cipher_spec_length; |
| 213 | unsigned int session_id_length; | 216 | unsigned int session_id_length; |
| 214 | unsigned int clen; | 217 | unsigned int clen; |
| 215 | unsigned int rlen; | 218 | unsigned int rlen; |
| 216 | } tmp; | 219 | } tmp; |
| 217 | } SSL2_CTX; | 220 | } SSL2_STATE; |
| 218 | 221 | ||
| 219 | /* SSLv2 */ | 222 | /* SSLv2 */ |
| 220 | /* client */ | 223 | /* client */ |
diff --git a/src/lib/libssl/ssl3.h b/src/lib/libssl/ssl3.h index 95772eef60..8fd6951d77 100644 --- a/src/lib/libssl/ssl3.h +++ b/src/lib/libssl/ssl3.h | |||
| @@ -55,11 +55,69 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #ifndef HEADER_SSL3_H | 112 | #ifndef HEADER_SSL3_H |
| 60 | #define HEADER_SSL3_H | 113 | #define HEADER_SSL3_H |
| 61 | 114 | ||
| 62 | #include "buffer.h" | 115 | #ifndef OPENSSL_NO_COMP |
| 116 | #include <openssl/comp.h> | ||
| 117 | #endif | ||
| 118 | #include <openssl/buffer.h> | ||
| 119 | #include <openssl/evp.h> | ||
| 120 | #include <openssl/ssl.h> | ||
| 63 | 121 | ||
| 64 | #ifdef __cplusplus | 122 | #ifdef __cplusplus |
| 65 | extern "C" { | 123 | extern "C" { |
| @@ -100,6 +158,22 @@ extern "C" { | |||
| 100 | #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D | 158 | #define SSL3_CK_FZA_DMS_FZA_SHA 0x0300001D |
| 101 | #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E | 159 | #define SSL3_CK_FZA_DMS_RC4_SHA 0x0300001E |
| 102 | 160 | ||
| 161 | /* VRS Additional Kerberos5 entries | ||
| 162 | */ | ||
| 163 | #define SSL3_CK_KRB5_DES_40_CBC_SHA 0x03000021 | ||
| 164 | #define SSL3_CK_KRB5_DES_40_CBC_MD5 0x03000022 | ||
| 165 | #define SSL3_CK_KRB5_DES_64_CBC_SHA 0x03000023 | ||
| 166 | #define SSL3_CK_KRB5_DES_64_CBC_MD5 0x03000024 | ||
| 167 | #define SSL3_CK_KRB5_DES_192_CBC3_SHA 0x03000025 | ||
| 168 | #define SSL3_CK_KRB5_DES_192_CBC3_MD5 0x03000026 | ||
| 169 | |||
| 170 | #define SSL3_TXT_KRB5_DES_40_CBC_SHA "EXP-KRB5-DES-CBC-SHA" | ||
| 171 | #define SSL3_TXT_KRB5_DES_40_CBC_MD5 "EXP-KRB5-DES-CBC-MD5" | ||
| 172 | #define SSL3_TXT_KRB5_DES_64_CBC_SHA "KRB5-DES-CBC-SHA" | ||
| 173 | #define SSL3_TXT_KRB5_DES_64_CBC_MD5 "KRB5-DES-CBC-MD5" | ||
| 174 | #define SSL3_TXT_KRB5_DES_192_CBC3_SHA "KRB5-DES-CBC3-SHA" | ||
| 175 | #define SSL3_TXT_KRB5_DES_192_CBC3_MD5 "KRB5-DES-CBC3-MD5" | ||
| 176 | |||
| 103 | #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" | 177 | #define SSL3_TXT_RSA_NULL_MD5 "NULL-MD5" |
| 104 | #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" | 178 | #define SSL3_TXT_RSA_NULL_SHA "NULL-SHA" |
| 105 | #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" | 179 | #define SSL3_TXT_RSA_RC4_40_MD5 "EXP-RC4-MD5" |
| @@ -144,7 +218,8 @@ extern "C" { | |||
| 144 | #define SSL3_RT_HEADER_LENGTH 5 | 218 | #define SSL3_RT_HEADER_LENGTH 5 |
| 145 | 219 | ||
| 146 | /* Due to MS stuffing up, this can change.... */ | 220 | /* Due to MS stuffing up, this can change.... */ |
| 147 | #if defined(WIN16) || (defined(MSDOS) && !defined(WIN32)) | 221 | #if defined(OPENSSL_SYS_WIN16) || \ |
| 222 | (defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_WIN32)) | ||
| 148 | #define SSL3_RT_MAX_EXTRA (14000) | 223 | #define SSL3_RT_MAX_EXTRA (14000) |
| 149 | #else | 224 | #else |
| 150 | #define SSL3_RT_MAX_EXTRA (16384) | 225 | #define SSL3_RT_MAX_EXTRA (16384) |
| @@ -156,24 +231,8 @@ extern "C" { | |||
| 156 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) | 231 | #define SSL3_RT_MAX_PACKET_SIZE (SSL3_RT_MAX_ENCRYPTED_LENGTH+SSL3_RT_HEADER_LENGTH) |
| 157 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) | 232 | #define SSL3_RT_MAX_DATA_SIZE (1024*1024) |
| 158 | 233 | ||
| 159 | /* the states that a SSL3_RECORD can be in | 234 | #define SSL3_MD_CLIENT_FINISHED_CONST "\x43\x4C\x4E\x54" |
| 160 | * For SSL_read it goes | 235 | #define SSL3_MD_SERVER_FINISHED_CONST "\x53\x52\x56\x52" |
| 161 | * rbuf->ENCODED -> read | ||
| 162 | * ENCODED -> we need to decode everything - call decode_record | ||
| 163 | */ | ||
| 164 | |||
| 165 | #define SSL3_RS_BLANK 1 | ||
| 166 | #define SSL3_RS_DATA | ||
| 167 | |||
| 168 | #define SSL3_RS_ENCODED 2 | ||
| 169 | #define SSL3_RS_READ_MORE 3 | ||
| 170 | #define SSL3_RS_WRITE_MORE | ||
| 171 | #define SSL3_RS_PLAIN 3 | ||
| 172 | #define SSL3_RS_PART_READ 4 | ||
| 173 | #define SSL3_RS_PART_WRITE 5 | ||
| 174 | |||
| 175 | #define SSL3_MD_CLIENT_FINISHED_CONST {0x43,0x4C,0x4E,0x54} | ||
| 176 | #define SSL3_MD_SERVER_FINISHED_CONST {0x53,0x52,0x56,0x52} | ||
| 177 | 236 | ||
| 178 | #define SSL3_VERSION 0x0300 | 237 | #define SSL3_VERSION 0x0300 |
| 179 | #define SSL3_VERSION_MAJOR 0x03 | 238 | #define SSL3_VERSION_MAJOR 0x03 |
| @@ -202,28 +261,23 @@ extern "C" { | |||
| 202 | 261 | ||
| 203 | typedef struct ssl3_record_st | 262 | typedef struct ssl3_record_st |
| 204 | { | 263 | { |
| 205 | /*r */ int type; /* type of record */ | 264 | /*r */ int type; /* type of record */ |
| 206 | /* */ /*int state;*/ /* any data in it? */ | 265 | /*rw*/ unsigned int length; /* How many bytes available */ |
| 207 | /*rw*/ unsigned int length; /* How many bytes available */ | 266 | /*r */ unsigned int off; /* read/write offset into 'buf' */ |
| 208 | /*r */ unsigned int off; /* read/write offset into 'buf' */ | 267 | /*rw*/ unsigned char *data; /* pointer to the record data */ |
| 209 | /*rw*/ unsigned char *data; /* pointer to the record data */ | 268 | /*rw*/ unsigned char *input; /* where the decode bytes are */ |
| 210 | /*rw*/ unsigned char *input; /* where the decode bytes are */ | 269 | /*r */ unsigned char *comp; /* only used with decompression - malloc()ed */ |
| 211 | /*rw*/ unsigned char *comp; /* only used with decompression */ | ||
| 212 | } SSL3_RECORD; | 270 | } SSL3_RECORD; |
| 213 | 271 | ||
| 214 | typedef struct ssl3_buffer_st | 272 | typedef struct ssl3_buffer_st |
| 215 | { | 273 | { |
| 216 | /*r */ int total; /* used in non-blocking writes */ | 274 | unsigned char *buf; /* at least SSL3_RT_MAX_PACKET_SIZE bytes, |
| 217 | /*r */ int wanted; /* how many more bytes we need */ | 275 | * see ssl3_setup_buffers() */ |
| 218 | /*rw*/ int left; /* how many bytes left */ | 276 | size_t len; /* buffer size */ |
| 219 | /*rw*/ int offset; /* where to 'copy from' */ | 277 | int offset; /* where to 'copy from' */ |
| 220 | /*rw*/ unsigned char *buf; /* SSL3_RT_MAX_PACKET_SIZE bytes */ | 278 | int left; /* how many bytes left */ |
| 221 | } SSL3_BUFFER; | 279 | } SSL3_BUFFER; |
| 222 | 280 | ||
| 223 | typedef struct ssl3_compression_st { | ||
| 224 | int nothing; | ||
| 225 | } SSL3_COMPRESSION; | ||
| 226 | |||
| 227 | #define SSL3_CT_RSA_SIGN 1 | 281 | #define SSL3_CT_RSA_SIGN 1 |
| 228 | #define SSL3_CT_DSS_SIGN 2 | 282 | #define SSL3_CT_DSS_SIGN 2 |
| 229 | #define SSL3_CT_RSA_FIXED_DH 3 | 283 | #define SSL3_CT_RSA_FIXED_DH 3 |
| @@ -236,36 +290,9 @@ typedef struct ssl3_compression_st { | |||
| 236 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 | 290 | #define SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS 0x0001 |
| 237 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 | 291 | #define SSL3_FLAGS_DELAY_CLIENT_FINISHED 0x0002 |
| 238 | #define SSL3_FLAGS_POP_BUFFER 0x0004 | 292 | #define SSL3_FLAGS_POP_BUFFER 0x0004 |
| 239 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 | 293 | #define TLS1_FLAGS_TLS_PADDING_BUG 0x0008 |
| 240 | |||
| 241 | #if 0 | ||
| 242 | #define AD_CLOSE_NOTIFY 0 | ||
| 243 | #define AD_UNEXPECTED_MESSAGE 1 | ||
| 244 | #define AD_BAD_RECORD_MAC 2 | ||
| 245 | #define AD_DECRYPTION_FAILED 3 | ||
| 246 | #define AD_RECORD_OVERFLOW 4 | ||
| 247 | #define AD_DECOMPRESSION_FAILURE 5 /* fatal */ | ||
| 248 | #define AD_HANDSHAKE_FAILURE 6 /* fatal */ | ||
| 249 | #define AD_NO_CERTIFICATE 7 /* Not under TLS */ | ||
| 250 | #define AD_BAD_CERTIFICATE 8 | ||
| 251 | #define AD_UNSUPPORTED_CERTIFICATE 9 | ||
| 252 | #define AD_CERTIFICATE_REVOKED 10 | ||
| 253 | #define AD_CERTIFICATE_EXPIRED 11 | ||
| 254 | #define AD_CERTIFICATE_UNKNOWN 12 | ||
| 255 | #define AD_ILLEGAL_PARAMETER 13 /* fatal */ | ||
| 256 | #define AD_UNKNOWN_CA 14 /* fatal */ | ||
| 257 | #define AD_ACCESS_DENIED 15 /* fatal */ | ||
| 258 | #define AD_DECODE_ERROR 16 /* fatal */ | ||
| 259 | #define AD_DECRYPT_ERROR 17 | ||
| 260 | #define AD_EXPORT_RESTRICION 18 /* fatal */ | ||
| 261 | #define AD_PROTOCOL_VERSION 19 /* fatal */ | ||
| 262 | #define AD_INSUFFICIENT_SECURITY 20 /* fatal */ | ||
| 263 | #define AD_INTERNAL_ERROR 21 /* fatal */ | ||
| 264 | #define AD_USER_CANCLED 22 | ||
| 265 | #define AD_NO_RENEGOTIATION 23 | ||
| 266 | #endif | ||
| 267 | 294 | ||
| 268 | typedef struct ssl3_ctx_st | 295 | typedef struct ssl3_state_st |
| 269 | { | 296 | { |
| 270 | long flags; | 297 | long flags; |
| 271 | int delay_buf_pop_ret; | 298 | int delay_buf_pop_ret; |
| @@ -278,19 +305,29 @@ typedef struct ssl3_ctx_st | |||
| 278 | unsigned char server_random[SSL3_RANDOM_SIZE]; | 305 | unsigned char server_random[SSL3_RANDOM_SIZE]; |
| 279 | unsigned char client_random[SSL3_RANDOM_SIZE]; | 306 | unsigned char client_random[SSL3_RANDOM_SIZE]; |
| 280 | 307 | ||
| 308 | /* flags for countermeasure against known-IV weakness */ | ||
| 309 | int need_empty_fragments; | ||
| 310 | int empty_fragment_done; | ||
| 311 | |||
| 281 | SSL3_BUFFER rbuf; /* read IO goes into here */ | 312 | SSL3_BUFFER rbuf; /* read IO goes into here */ |
| 282 | SSL3_BUFFER wbuf; /* write IO goes into here */ | 313 | SSL3_BUFFER wbuf; /* write IO goes into here */ |
| 314 | |||
| 283 | SSL3_RECORD rrec; /* each decoded record goes in here */ | 315 | SSL3_RECORD rrec; /* each decoded record goes in here */ |
| 284 | SSL3_RECORD wrec; /* goes out from here */ | 316 | SSL3_RECORD wrec; /* goes out from here */ |
| 285 | /* Used by ssl3_read_n to point | 317 | |
| 286 | * to input data packet */ | 318 | /* storage for Alert/Handshake protocol data received but not |
| 319 | * yet processed by ssl3_read_bytes: */ | ||
| 320 | unsigned char alert_fragment[2]; | ||
| 321 | unsigned int alert_fragment_len; | ||
| 322 | unsigned char handshake_fragment[4]; | ||
| 323 | unsigned int handshake_fragment_len; | ||
| 287 | 324 | ||
| 288 | /* partial write - check the numbers match */ | 325 | /* partial write - check the numbers match */ |
| 289 | unsigned int wnum; /* number of bytes sent so far */ | 326 | unsigned int wnum; /* number of bytes sent so far */ |
| 290 | int wpend_tot; /* number bytes written */ | 327 | int wpend_tot; /* number bytes written */ |
| 291 | int wpend_type; | 328 | int wpend_type; |
| 292 | int wpend_ret; /* number of bytes submitted */ | 329 | int wpend_ret; /* number of bytes submitted */ |
| 293 | char *wpend_buf; | 330 | const unsigned char *wpend_buf; |
| 294 | 331 | ||
| 295 | /* used during startup, digest all incoming/outgoing packets */ | 332 | /* used during startup, digest all incoming/outgoing packets */ |
| 296 | EVP_MD_CTX finish_dgst1; | 333 | EVP_MD_CTX finish_dgst1; |
| @@ -302,10 +339,10 @@ typedef struct ssl3_ctx_st | |||
| 302 | 339 | ||
| 303 | int warn_alert; | 340 | int warn_alert; |
| 304 | int fatal_alert; | 341 | int fatal_alert; |
| 305 | /* we alow one fatal and one warning alert to be outstanding, | 342 | /* we allow one fatal and one warning alert to be outstanding, |
| 306 | * send close alert via the warning alert */ | 343 | * send close alert via the warning alert */ |
| 307 | int alert_dispatch; | 344 | int alert_dispatch; |
| 308 | char send_alert[2]; | 345 | unsigned char send_alert[2]; |
| 309 | 346 | ||
| 310 | /* This flag is set when we should renegotiate ASAP, basically when | 347 | /* This flag is set when we should renegotiate ASAP, basically when |
| 311 | * there is no more data in the read or write buffers */ | 348 | * there is no more data in the read or write buffers */ |
| @@ -316,16 +353,23 @@ typedef struct ssl3_ctx_st | |||
| 316 | int in_read_app_data; | 353 | int in_read_app_data; |
| 317 | 354 | ||
| 318 | struct { | 355 | struct { |
| 319 | /* Actually only needs to be 16+20 for SSLv3 and 12 for TLS */ | 356 | /* actually only needs to be 16+20 */ |
| 357 | unsigned char cert_verify_md[EVP_MAX_MD_SIZE*2]; | ||
| 358 | |||
| 359 | /* actually only need to be 16+20 for SSLv3 and 12 for TLS */ | ||
| 320 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; | 360 | unsigned char finish_md[EVP_MAX_MD_SIZE*2]; |
| 361 | int finish_md_len; | ||
| 362 | unsigned char peer_finish_md[EVP_MAX_MD_SIZE*2]; | ||
| 363 | int peer_finish_md_len; | ||
| 321 | 364 | ||
| 322 | unsigned long message_size; | 365 | unsigned long message_size; |
| 323 | int message_type; | 366 | int message_type; |
| 324 | 367 | ||
| 325 | /* used to hold the new cipher we are going to use */ | 368 | /* used to hold the new cipher we are going to use */ |
| 326 | SSL_CIPHER *new_cipher; | 369 | SSL_CIPHER *new_cipher; |
| 370 | #ifndef OPENSSL_NO_DH | ||
| 327 | DH *dh; | 371 | DH *dh; |
| 328 | 372 | #endif | |
| 329 | /* used when SSL_ST_FLUSH_DATA is entered */ | 373 | /* used when SSL_ST_FLUSH_DATA is entered */ |
| 330 | int next_state; | 374 | int next_state; |
| 331 | 375 | ||
| @@ -335,19 +379,24 @@ typedef struct ssl3_ctx_st | |||
| 335 | int cert_req; | 379 | int cert_req; |
| 336 | int ctype_num; | 380 | int ctype_num; |
| 337 | char ctype[SSL3_CT_NUMBER]; | 381 | char ctype[SSL3_CT_NUMBER]; |
| 338 | STACK *ca_names; | 382 | STACK_OF(X509_NAME) *ca_names; |
| 339 | 383 | ||
| 340 | int use_rsa_tmp; | 384 | int use_rsa_tmp; |
| 341 | 385 | ||
| 342 | int key_block_length; | 386 | int key_block_length; |
| 343 | unsigned char *key_block; | 387 | unsigned char *key_block; |
| 344 | 388 | ||
| 345 | EVP_CIPHER *new_sym_enc; | 389 | const EVP_CIPHER *new_sym_enc; |
| 346 | EVP_MD *new_hash; | 390 | const EVP_MD *new_hash; |
| 347 | SSL_COMPRESSION *new_compression; | 391 | #ifndef OPENSSL_NO_COMP |
| 392 | const SSL_COMP *new_compression; | ||
| 393 | #else | ||
| 394 | char *new_compression; | ||
| 395 | #endif | ||
| 348 | int cert_request; | 396 | int cert_request; |
| 349 | } tmp; | 397 | } tmp; |
| 350 | } SSL3_CTX; | 398 | |
| 399 | } SSL3_STATE; | ||
| 351 | 400 | ||
| 352 | /* SSLv3 */ | 401 | /* SSLv3 */ |
| 353 | /*client */ | 402 | /*client */ |
| @@ -425,7 +474,7 @@ typedef struct ssl3_ctx_st | |||
| 425 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) | 474 | #define SSL3_ST_SW_FINISHED_A (0x1E0|SSL_ST_ACCEPT) |
| 426 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) | 475 | #define SSL3_ST_SW_FINISHED_B (0x1E1|SSL_ST_ACCEPT) |
| 427 | 476 | ||
| 428 | #define SSL3_MT_CLIENT_REQUEST 0 | 477 | #define SSL3_MT_HELLO_REQUEST 0 |
| 429 | #define SSL3_MT_CLIENT_HELLO 1 | 478 | #define SSL3_MT_CLIENT_HELLO 1 |
| 430 | #define SSL3_MT_SERVER_HELLO 2 | 479 | #define SSL3_MT_SERVER_HELLO 2 |
| 431 | #define SSL3_MT_CERTIFICATE 11 | 480 | #define SSL3_MT_CERTIFICATE 11 |
diff --git a/src/lib/libssl/ssl_algs.c b/src/lib/libssl/ssl_algs.c index 65f3a59386..3d1299ee7b 100644 --- a/src/lib/libssl/ssl_algs.c +++ b/src/lib/libssl/ssl_algs.c | |||
| @@ -57,46 +57,55 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "objects.h" | 60 | #include <openssl/objects.h> |
| 61 | #include "lhash.h" | 61 | #include <openssl/lhash.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | void SSLeay_add_ssl_algorithms() | 64 | int SSL_library_init(void) |
| 65 | { | 65 | { |
| 66 | #ifndef NO_DES | 66 | |
| 67 | #ifndef OPENSSL_NO_DES | ||
| 67 | EVP_add_cipher(EVP_des_cbc()); | 68 | EVP_add_cipher(EVP_des_cbc()); |
| 68 | EVP_add_cipher(EVP_des_ede3_cbc()); | 69 | EVP_add_cipher(EVP_des_ede3_cbc()); |
| 69 | #endif | 70 | #endif |
| 70 | #ifndef NO_IDEA | 71 | #ifndef OPENSSL_NO_IDEA |
| 71 | EVP_add_cipher(EVP_idea_cbc()); | 72 | EVP_add_cipher(EVP_idea_cbc()); |
| 72 | #endif | 73 | #endif |
| 73 | #ifndef NO_RC4 | 74 | #ifndef OPENSSL_NO_RC4 |
| 74 | EVP_add_cipher(EVP_rc4()); | 75 | EVP_add_cipher(EVP_rc4()); |
| 75 | #endif | ||
| 76 | #ifndef NO_RC2 | ||
| 77 | EVP_add_cipher(EVP_rc2_cbc()); | ||
| 78 | #endif | 76 | #endif |
| 79 | 77 | #ifndef OPENSSL_NO_RC2 | |
| 80 | #ifndef NO_MD2 | 78 | EVP_add_cipher(EVP_rc2_cbc()); |
| 81 | EVP_add_digest(EVP_md2()); | ||
| 82 | #endif | 79 | #endif |
| 83 | #ifndef NO_MD5 | 80 | #ifndef OPENSSL_NO_AES |
| 81 | EVP_add_cipher(EVP_aes_128_cbc()); | ||
| 82 | EVP_add_cipher(EVP_aes_192_cbc()); | ||
| 83 | EVP_add_cipher(EVP_aes_256_cbc()); | ||
| 84 | #endif | ||
| 85 | #ifndef OPENSSL_NO_MD2 | ||
| 86 | EVP_add_digest(EVP_md2()); | ||
| 87 | #endif | ||
| 88 | #ifndef OPENSSL_NO_MD5 | ||
| 84 | EVP_add_digest(EVP_md5()); | 89 | EVP_add_digest(EVP_md5()); |
| 85 | EVP_add_alias(SN_md5,"ssl2-md5"); | 90 | EVP_add_digest_alias(SN_md5,"ssl2-md5"); |
| 86 | EVP_add_alias(SN_md5,"ssl3-md5"); | 91 | EVP_add_digest_alias(SN_md5,"ssl3-md5"); |
| 87 | #endif | 92 | #endif |
| 88 | #ifndef NO_SHA1 | 93 | #ifndef OPENSSL_NO_SHA |
| 89 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ | 94 | EVP_add_digest(EVP_sha1()); /* RSA with sha1 */ |
| 90 | EVP_add_alias(SN_sha1,"ssl3-sha1"); | 95 | EVP_add_digest_alias(SN_sha1,"ssl3-sha1"); |
| 96 | EVP_add_digest_alias(SN_sha1WithRSAEncryption,SN_sha1WithRSA); | ||
| 91 | #endif | 97 | #endif |
| 92 | #if !defined(NO_SHA1) && !defined(NO_DSA) | 98 | #if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_DSA) |
| 93 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ | 99 | EVP_add_digest(EVP_dss1()); /* DSA with sha1 */ |
| 100 | EVP_add_digest_alias(SN_dsaWithSHA1,SN_dsaWithSHA1_2); | ||
| 101 | EVP_add_digest_alias(SN_dsaWithSHA1,"DSS1"); | ||
| 102 | EVP_add_digest_alias(SN_dsaWithSHA1,"dss1"); | ||
| 94 | #endif | 103 | #endif |
| 95 | |||
| 96 | /* If you want support for phased out ciphers, add the following */ | 104 | /* If you want support for phased out ciphers, add the following */ |
| 97 | #if 0 | 105 | #if 0 |
| 98 | EVP_add_digest(EVP_sha()); | 106 | EVP_add_digest(EVP_sha()); |
| 99 | EVP_add_digest(EVP_dss()); | 107 | EVP_add_digest(EVP_dss()); |
| 100 | #endif | 108 | #endif |
| 109 | return(1); | ||
| 101 | } | 110 | } |
| 102 | 111 | ||
diff --git a/src/lib/libssl/ssl_asn1.c b/src/lib/libssl/ssl_asn1.c index 116a83de64..c5eeeb6bc5 100644 --- a/src/lib/libssl/ssl_asn1.c +++ b/src/lib/libssl/ssl_asn1.c | |||
| @@ -58,8 +58,9 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include "asn1_mac.h" | 61 | #include <openssl/asn1_mac.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include <openssl/x509.h> | ||
| 63 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 64 | 65 | ||
| 65 | typedef struct ssl_session_asn1_st | 66 | typedef struct ssl_session_asn1_st |
| @@ -69,24 +70,22 @@ typedef struct ssl_session_asn1_st | |||
| 69 | ASN1_OCTET_STRING cipher; | 70 | ASN1_OCTET_STRING cipher; |
| 70 | ASN1_OCTET_STRING master_key; | 71 | ASN1_OCTET_STRING master_key; |
| 71 | ASN1_OCTET_STRING session_id; | 72 | ASN1_OCTET_STRING session_id; |
| 73 | ASN1_OCTET_STRING session_id_context; | ||
| 72 | ASN1_OCTET_STRING key_arg; | 74 | ASN1_OCTET_STRING key_arg; |
| 75 | #ifndef OPENSSL_NO_KRB5 | ||
| 76 | ASN1_OCTET_STRING krb5_princ; | ||
| 77 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 73 | ASN1_INTEGER time; | 78 | ASN1_INTEGER time; |
| 74 | ASN1_INTEGER timeout; | 79 | ASN1_INTEGER timeout; |
| 80 | ASN1_INTEGER verify_result; | ||
| 75 | } SSL_SESSION_ASN1; | 81 | } SSL_SESSION_ASN1; |
| 76 | 82 | ||
| 77 | /* | 83 | int i2d_SSL_SESSION(SSL_SESSION *in, unsigned char **pp) |
| 78 | * SSLerr(SSL_F_I2D_SSL_SESSION,SSL_R_CIPHER_CODE_WRONG_LENGTH); | ||
| 79 | * SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_UNSUPPORTED_CIPHER); | ||
| 80 | */ | ||
| 81 | |||
| 82 | int i2d_SSL_SESSION(in,pp) | ||
| 83 | SSL_SESSION *in; | ||
| 84 | unsigned char **pp; | ||
| 85 | { | 84 | { |
| 86 | #define LSIZE2 (sizeof(long)*2) | 85 | #define LSIZE2 (sizeof(long)*2) |
| 87 | int v1=0,v2=0,v3=0; | 86 | int v1=0,v2=0,v3=0,v4=0,v5=0; |
| 88 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; | 87 | unsigned char buf[4],ibuf1[LSIZE2],ibuf2[LSIZE2]; |
| 89 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2]; | 88 | unsigned char ibuf3[LSIZE2],ibuf4[LSIZE2],ibuf5[LSIZE2]; |
| 90 | long l; | 89 | long l; |
| 91 | SSL_SESSION_ASN1 a; | 90 | SSL_SESSION_ASN1 a; |
| 92 | M_ASN1_I2D_vars(in); | 91 | M_ASN1_I2D_vars(in); |
| @@ -95,8 +94,8 @@ unsigned char **pp; | |||
| 95 | return(0); | 94 | return(0); |
| 96 | 95 | ||
| 97 | /* Note that I cheat in the following 2 assignments. I know | 96 | /* Note that I cheat in the following 2 assignments. I know |
| 98 | * that if the ASN1_INTERGER passed to ASN1_INTEGER_set | 97 | * that if the ASN1_INTEGER passed to ASN1_INTEGER_set |
| 99 | * is > sizeof(long)+1, the buffer will not be re-Malloc()ed. | 98 | * is > sizeof(long)+1, the buffer will not be re-OPENSSL_malloc()ed. |
| 100 | * This is a bit evil but makes things simple, no dynamic allocation | 99 | * This is a bit evil but makes things simple, no dynamic allocation |
| 101 | * to clean up :-) */ | 100 | * to clean up :-) */ |
| 102 | a.version.length=LSIZE2; | 101 | a.version.length=LSIZE2; |
| @@ -138,10 +137,23 @@ unsigned char **pp; | |||
| 138 | a.session_id.type=V_ASN1_OCTET_STRING; | 137 | a.session_id.type=V_ASN1_OCTET_STRING; |
| 139 | a.session_id.data=in->session_id; | 138 | a.session_id.data=in->session_id; |
| 140 | 139 | ||
| 140 | a.session_id_context.length=in->sid_ctx_length; | ||
| 141 | a.session_id_context.type=V_ASN1_OCTET_STRING; | ||
| 142 | a.session_id_context.data=in->sid_ctx; | ||
| 143 | |||
| 141 | a.key_arg.length=in->key_arg_length; | 144 | a.key_arg.length=in->key_arg_length; |
| 142 | a.key_arg.type=V_ASN1_OCTET_STRING; | 145 | a.key_arg.type=V_ASN1_OCTET_STRING; |
| 143 | a.key_arg.data=in->key_arg; | 146 | a.key_arg.data=in->key_arg; |
| 144 | 147 | ||
| 148 | #ifndef OPENSSL_NO_KRB5 | ||
| 149 | if (in->krb5_client_princ_len) | ||
| 150 | { | ||
| 151 | a.krb5_princ.length=in->krb5_client_princ_len; | ||
| 152 | a.krb5_princ.type=V_ASN1_OCTET_STRING; | ||
| 153 | a.krb5_princ.data=in->krb5_client_princ; | ||
| 154 | } | ||
| 155 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 156 | |||
| 145 | if (in->time != 0L) | 157 | if (in->time != 0L) |
| 146 | { | 158 | { |
| 147 | a.time.length=LSIZE2; | 159 | a.time.length=LSIZE2; |
| @@ -158,11 +170,24 @@ unsigned char **pp; | |||
| 158 | ASN1_INTEGER_set(&(a.timeout),in->timeout); | 170 | ASN1_INTEGER_set(&(a.timeout),in->timeout); |
| 159 | } | 171 | } |
| 160 | 172 | ||
| 173 | if (in->verify_result != X509_V_OK) | ||
| 174 | { | ||
| 175 | a.verify_result.length=LSIZE2; | ||
| 176 | a.verify_result.type=V_ASN1_INTEGER; | ||
| 177 | a.verify_result.data=ibuf5; | ||
| 178 | ASN1_INTEGER_set(&a.verify_result,in->verify_result); | ||
| 179 | } | ||
| 180 | |||
| 181 | |||
| 161 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); | 182 | M_ASN1_I2D_len(&(a.version), i2d_ASN1_INTEGER); |
| 162 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); | 183 | M_ASN1_I2D_len(&(a.ssl_version), i2d_ASN1_INTEGER); |
| 163 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); | 184 | M_ASN1_I2D_len(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| 164 | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); | 185 | M_ASN1_I2D_len(&(a.session_id), i2d_ASN1_OCTET_STRING); |
| 165 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); | 186 | M_ASN1_I2D_len(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 187 | #ifndef OPENSSL_NO_KRB5 | ||
| 188 | if (in->krb5_client_princ_len) | ||
| 189 | M_ASN1_I2D_len(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
| 190 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 166 | if (in->key_arg_length > 0) | 191 | if (in->key_arg_length > 0) |
| 167 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); | 192 | M_ASN1_I2D_len_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING); |
| 168 | if (in->time != 0L) | 193 | if (in->time != 0L) |
| @@ -171,6 +196,9 @@ unsigned char **pp; | |||
| 171 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 196 | M_ASN1_I2D_len_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); |
| 172 | if (in->peer != NULL) | 197 | if (in->peer != NULL) |
| 173 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); | 198 | M_ASN1_I2D_len_EXP_opt(in->peer,i2d_X509,3,v3); |
| 199 | M_ASN1_I2D_len_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4,v4); | ||
| 200 | if (in->verify_result != X509_V_OK) | ||
| 201 | M_ASN1_I2D_len_EXP_opt(&(a.verify_result),i2d_ASN1_INTEGER,5,v5); | ||
| 174 | 202 | ||
| 175 | M_ASN1_I2D_seq_total(); | 203 | M_ASN1_I2D_seq_total(); |
| 176 | 204 | ||
| @@ -179,6 +207,10 @@ unsigned char **pp; | |||
| 179 | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); | 207 | M_ASN1_I2D_put(&(a.cipher), i2d_ASN1_OCTET_STRING); |
| 180 | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); | 208 | M_ASN1_I2D_put(&(a.session_id), i2d_ASN1_OCTET_STRING); |
| 181 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); | 209 | M_ASN1_I2D_put(&(a.master_key), i2d_ASN1_OCTET_STRING); |
| 210 | #ifndef OPENSSL_NO_KRB5 | ||
| 211 | if (in->krb5_client_princ_len) | ||
| 212 | M_ASN1_I2D_put(&(a.krb5_princ), i2d_ASN1_OCTET_STRING); | ||
| 213 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 182 | if (in->key_arg_length > 0) | 214 | if (in->key_arg_length > 0) |
| 183 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); | 215 | M_ASN1_I2D_put_IMP_opt(&(a.key_arg),i2d_ASN1_OCTET_STRING,0); |
| 184 | if (in->time != 0L) | 216 | if (in->time != 0L) |
| @@ -187,14 +219,15 @@ unsigned char **pp; | |||
| 187 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); | 219 | M_ASN1_I2D_put_EXP_opt(&(a.timeout),i2d_ASN1_INTEGER,2,v2); |
| 188 | if (in->peer != NULL) | 220 | if (in->peer != NULL) |
| 189 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); | 221 | M_ASN1_I2D_put_EXP_opt(in->peer,i2d_X509,3,v3); |
| 190 | 222 | M_ASN1_I2D_put_EXP_opt(&a.session_id_context,i2d_ASN1_OCTET_STRING,4, | |
| 223 | v4); | ||
| 224 | if (in->verify_result != X509_V_OK) | ||
| 225 | M_ASN1_I2D_put_EXP_opt(&a.verify_result,i2d_ASN1_INTEGER,5,v5); | ||
| 191 | M_ASN1_I2D_finish(); | 226 | M_ASN1_I2D_finish(); |
| 192 | } | 227 | } |
| 193 | 228 | ||
| 194 | SSL_SESSION *d2i_SSL_SESSION(a,pp,length) | 229 | SSL_SESSION *d2i_SSL_SESSION(SSL_SESSION **a, unsigned char **pp, |
| 195 | SSL_SESSION **a; | 230 | long length) |
| 196 | unsigned char **pp; | ||
| 197 | long length; | ||
| 198 | { | 231 | { |
| 199 | int version,ssl_version=0,i; | 232 | int version,ssl_version=0,i; |
| 200 | long id; | 233 | long id; |
| @@ -211,13 +244,13 @@ long length; | |||
| 211 | ai.data=NULL; ai.length=0; | 244 | ai.data=NULL; ai.length=0; |
| 212 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 245 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); |
| 213 | version=(int)ASN1_INTEGER_get(aip); | 246 | version=(int)ASN1_INTEGER_get(aip); |
| 214 | if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } | 247 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 215 | 248 | ||
| 216 | /* we don't care about the version right now :-) */ | 249 | /* we don't care about the version right now :-) */ |
| 217 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); | 250 | M_ASN1_D2I_get(aip,d2i_ASN1_INTEGER); |
| 218 | ssl_version=(int)ASN1_INTEGER_get(aip); | 251 | ssl_version=(int)ASN1_INTEGER_get(aip); |
| 219 | ret->ssl_version=ssl_version; | 252 | ret->ssl_version=ssl_version; |
| 220 | if (ai.data != NULL) { Free(ai.data); ai.data=NULL; ai.length=0; } | 253 | if (ai.data != NULL) { OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; } |
| 221 | 254 | ||
| 222 | os.data=NULL; os.length=0; | 255 | os.data=NULL; os.length=0; |
| 223 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); | 256 | M_ASN1_D2I_get(osp,d2i_ASN1_OCTET_STRING); |
| @@ -273,20 +306,39 @@ long length; | |||
| 273 | memcpy(ret->master_key,os.data,ret->master_key_length); | 306 | memcpy(ret->master_key,os.data,ret->master_key_length); |
| 274 | 307 | ||
| 275 | os.length=0; | 308 | os.length=0; |
| 309 | |||
| 310 | #ifndef OPENSSL_NO_KRB5 | ||
| 311 | os.length=0; | ||
| 312 | M_ASN1_D2I_get_opt(osp,d2i_ASN1_OCTET_STRING,V_ASN1_OCTET_STRING); | ||
| 313 | if (os.data) | ||
| 314 | { | ||
| 315 | if (os.length > SSL_MAX_KRB5_PRINCIPAL_LENGTH) | ||
| 316 | ret->krb5_client_princ_len=0; | ||
| 317 | else | ||
| 318 | ret->krb5_client_princ_len=os.length; | ||
| 319 | memcpy(ret->krb5_client_princ,os.data,ret->krb5_client_princ_len); | ||
| 320 | OPENSSL_free(os.data); | ||
| 321 | os.data = NULL; | ||
| 322 | os.length = 0; | ||
| 323 | } | ||
| 324 | else | ||
| 325 | ret->krb5_client_princ_len=0; | ||
| 326 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 327 | |||
| 276 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); | 328 | M_ASN1_D2I_get_IMP_opt(osp,d2i_ASN1_OCTET_STRING,0,V_ASN1_OCTET_STRING); |
| 277 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) | 329 | if (os.length > SSL_MAX_KEY_ARG_LENGTH) |
| 278 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; | 330 | ret->key_arg_length=SSL_MAX_KEY_ARG_LENGTH; |
| 279 | else | 331 | else |
| 280 | ret->key_arg_length=os.length; | 332 | ret->key_arg_length=os.length; |
| 281 | memcpy(ret->key_arg,os.data,ret->key_arg_length); | 333 | memcpy(ret->key_arg,os.data,ret->key_arg_length); |
| 282 | if (os.data != NULL) Free(os.data); | 334 | if (os.data != NULL) OPENSSL_free(os.data); |
| 283 | 335 | ||
| 284 | ai.length=0; | 336 | ai.length=0; |
| 285 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); | 337 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,1); |
| 286 | if (ai.data != NULL) | 338 | if (ai.data != NULL) |
| 287 | { | 339 | { |
| 288 | ret->time=ASN1_INTEGER_get(aip); | 340 | ret->time=ASN1_INTEGER_get(aip); |
| 289 | Free(ai.data); ai.data=NULL; ai.length=0; | 341 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; |
| 290 | } | 342 | } |
| 291 | else | 343 | else |
| 292 | ret->time=time(NULL); | 344 | ret->time=time(NULL); |
| @@ -296,7 +348,7 @@ long length; | |||
| 296 | if (ai.data != NULL) | 348 | if (ai.data != NULL) |
| 297 | { | 349 | { |
| 298 | ret->timeout=ASN1_INTEGER_get(aip); | 350 | ret->timeout=ASN1_INTEGER_get(aip); |
| 299 | Free(ai.data); ai.data=NULL; ai.length=0; | 351 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; |
| 300 | } | 352 | } |
| 301 | else | 353 | else |
| 302 | ret->timeout=3; | 354 | ret->timeout=3; |
| @@ -308,6 +360,30 @@ long length; | |||
| 308 | } | 360 | } |
| 309 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); | 361 | M_ASN1_D2I_get_EXP_opt(ret->peer,d2i_X509,3); |
| 310 | 362 | ||
| 363 | os.length=0; | ||
| 364 | os.data=NULL; | ||
| 365 | M_ASN1_D2I_get_EXP_opt(osp,d2i_ASN1_OCTET_STRING,4); | ||
| 366 | |||
| 367 | if(os.data != NULL) | ||
| 368 | { | ||
| 369 | if (os.length > SSL_MAX_SID_CTX_LENGTH) | ||
| 370 | SSLerr(SSL_F_D2I_SSL_SESSION,SSL_R_BAD_LENGTH); | ||
| 371 | ret->sid_ctx_length=os.length; | ||
| 372 | memcpy(ret->sid_ctx,os.data,os.length); | ||
| 373 | OPENSSL_free(os.data); os.data=NULL; os.length=0; | ||
| 374 | } | ||
| 375 | else | ||
| 376 | ret->sid_ctx_length=0; | ||
| 377 | |||
| 378 | ai.length=0; | ||
| 379 | M_ASN1_D2I_get_EXP_opt(aip,d2i_ASN1_INTEGER,5); | ||
| 380 | if (ai.data != NULL) | ||
| 381 | { | ||
| 382 | ret->verify_result=ASN1_INTEGER_get(aip); | ||
| 383 | OPENSSL_free(ai.data); ai.data=NULL; ai.length=0; | ||
| 384 | } | ||
| 385 | else | ||
| 386 | ret->verify_result=X509_V_OK; | ||
| 387 | |||
| 311 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); | 388 | M_ASN1_D2I_Finish(a,SSL_SESSION_free,SSL_F_D2I_SSL_SESSION); |
| 312 | } | 389 | } |
| 313 | |||
diff --git a/src/lib/libssl/ssl_cert.c b/src/lib/libssl/ssl_cert.c index c1cb86e1b7..3d31bbf05f 100644 --- a/src/lib/libssl/ssl_cert.c +++ b/src/lib/libssl/ssl_cert.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* ssl/ssl_cert.c */ | 1 | /*! \file ssl/ssl_cert.c */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -55,32 +55,113 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@OpenSSL.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | */ | ||
| 58 | 106 | ||
| 59 | #include <stdio.h> | 107 | #include <stdio.h> |
| 60 | #include "objects.h" | 108 | |
| 61 | #include "bio.h" | 109 | #include "e_os.h" |
| 62 | #include "pem.h" | 110 | #ifndef NO_SYS_TYPES_H |
| 111 | # include <sys/types.h> | ||
| 112 | #endif | ||
| 113 | |||
| 114 | #if !defined(OPENSSL_SYS_WIN32) && !defined(OPENSSL_SYS_VMS) && !defined(NeXT) && !defined(MAC_OS_pre_X) | ||
| 115 | #include <dirent.h> | ||
| 116 | #endif | ||
| 117 | |||
| 118 | #if defined(WIN32) | ||
| 119 | #include <windows.h> | ||
| 120 | #endif | ||
| 121 | |||
| 122 | #ifdef NeXT | ||
| 123 | #include <sys/dir.h> | ||
| 124 | #define dirent direct | ||
| 125 | #endif | ||
| 126 | |||
| 127 | #include <openssl/objects.h> | ||
| 128 | #include <openssl/bio.h> | ||
| 129 | #include <openssl/pem.h> | ||
| 130 | #include <openssl/x509v3.h> | ||
| 63 | #include "ssl_locl.h" | 131 | #include "ssl_locl.h" |
| 64 | 132 | ||
| 65 | CERT *ssl_cert_new() | 133 | int SSL_get_ex_data_X509_STORE_CTX_idx(void) |
| 134 | { | ||
| 135 | static volatile int ssl_x509_store_ctx_idx= -1; | ||
| 136 | |||
| 137 | if (ssl_x509_store_ctx_idx < 0) | ||
| 138 | { | ||
| 139 | /* any write lock will do; usually this branch | ||
| 140 | * will only be taken once anyway */ | ||
| 141 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 142 | |||
| 143 | if (ssl_x509_store_ctx_idx < 0) | ||
| 144 | { | ||
| 145 | ssl_x509_store_ctx_idx=X509_STORE_CTX_get_ex_new_index( | ||
| 146 | 0,"SSL for verify callback",NULL,NULL,NULL); | ||
| 147 | } | ||
| 148 | |||
| 149 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 150 | } | ||
| 151 | return ssl_x509_store_ctx_idx; | ||
| 152 | } | ||
| 153 | |||
| 154 | CERT *ssl_cert_new(void) | ||
| 66 | { | 155 | { |
| 67 | CERT *ret; | 156 | CERT *ret; |
| 68 | 157 | ||
| 69 | ret=(CERT *)Malloc(sizeof(CERT)); | 158 | ret=(CERT *)OPENSSL_malloc(sizeof(CERT)); |
| 70 | if (ret == NULL) | 159 | if (ret == NULL) |
| 71 | { | 160 | { |
| 72 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); | 161 | SSLerr(SSL_F_SSL_CERT_NEW,ERR_R_MALLOC_FAILURE); |
| 73 | return(NULL); | 162 | return(NULL); |
| 74 | } | 163 | } |
| 75 | memset(ret,0,sizeof(CERT)); | 164 | memset(ret,0,sizeof(CERT)); |
| 76 | /* | ||
| 77 | ret->valid=0; | ||
| 78 | ret->mask=0; | ||
| 79 | ret->export_mask=0; | ||
| 80 | ret->cert_type=0; | ||
| 81 | ret->key->x509=NULL; | ||
| 82 | ret->key->publickey=NULL; | ||
| 83 | ret->key->privatekey=NULL; */ | ||
| 84 | 165 | ||
| 85 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); | 166 | ret->key= &(ret->pkeys[SSL_PKEY_RSA_ENC]); |
| 86 | ret->references=1; | 167 | ret->references=1; |
| @@ -88,11 +169,151 @@ CERT *ssl_cert_new() | |||
| 88 | return(ret); | 169 | return(ret); |
| 89 | } | 170 | } |
| 90 | 171 | ||
| 91 | void ssl_cert_free(c) | 172 | CERT *ssl_cert_dup(CERT *cert) |
| 92 | CERT *c; | ||
| 93 | { | 173 | { |
| 174 | CERT *ret; | ||
| 94 | int i; | 175 | int i; |
| 95 | 176 | ||
| 177 | ret = (CERT *)OPENSSL_malloc(sizeof(CERT)); | ||
| 178 | if (ret == NULL) | ||
| 179 | { | ||
| 180 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_MALLOC_FAILURE); | ||
| 181 | return(NULL); | ||
| 182 | } | ||
| 183 | |||
| 184 | memset(ret, 0, sizeof(CERT)); | ||
| 185 | |||
| 186 | ret->key = &ret->pkeys[cert->key - &cert->pkeys[0]]; | ||
| 187 | /* or ret->key = ret->pkeys + (cert->key - cert->pkeys), | ||
| 188 | * if you find that more readable */ | ||
| 189 | |||
| 190 | ret->valid = cert->valid; | ||
| 191 | ret->mask = cert->mask; | ||
| 192 | ret->export_mask = cert->export_mask; | ||
| 193 | |||
| 194 | #ifndef OPENSSL_NO_RSA | ||
| 195 | if (cert->rsa_tmp != NULL) | ||
| 196 | { | ||
| 197 | RSA_up_ref(cert->rsa_tmp); | ||
| 198 | ret->rsa_tmp = cert->rsa_tmp; | ||
| 199 | } | ||
| 200 | ret->rsa_tmp_cb = cert->rsa_tmp_cb; | ||
| 201 | #endif | ||
| 202 | |||
| 203 | #ifndef OPENSSL_NO_DH | ||
| 204 | if (cert->dh_tmp != NULL) | ||
| 205 | { | ||
| 206 | /* DH parameters don't have a reference count */ | ||
| 207 | ret->dh_tmp = DHparams_dup(cert->dh_tmp); | ||
| 208 | if (ret->dh_tmp == NULL) | ||
| 209 | { | ||
| 210 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_DH_LIB); | ||
| 211 | goto err; | ||
| 212 | } | ||
| 213 | if (cert->dh_tmp->priv_key) | ||
| 214 | { | ||
| 215 | BIGNUM *b = BN_dup(cert->dh_tmp->priv_key); | ||
| 216 | if (!b) | ||
| 217 | { | ||
| 218 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
| 219 | goto err; | ||
| 220 | } | ||
| 221 | ret->dh_tmp->priv_key = b; | ||
| 222 | } | ||
| 223 | if (cert->dh_tmp->pub_key) | ||
| 224 | { | ||
| 225 | BIGNUM *b = BN_dup(cert->dh_tmp->pub_key); | ||
| 226 | if (!b) | ||
| 227 | { | ||
| 228 | SSLerr(SSL_F_SSL_CERT_DUP, ERR_R_BN_LIB); | ||
| 229 | goto err; | ||
| 230 | } | ||
| 231 | ret->dh_tmp->pub_key = b; | ||
| 232 | } | ||
| 233 | } | ||
| 234 | ret->dh_tmp_cb = cert->dh_tmp_cb; | ||
| 235 | #endif | ||
| 236 | |||
| 237 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
| 238 | { | ||
| 239 | if (cert->pkeys[i].x509 != NULL) | ||
| 240 | { | ||
| 241 | ret->pkeys[i].x509 = cert->pkeys[i].x509; | ||
| 242 | CRYPTO_add(&ret->pkeys[i].x509->references, 1, | ||
| 243 | CRYPTO_LOCK_X509); | ||
| 244 | } | ||
| 245 | |||
| 246 | if (cert->pkeys[i].privatekey != NULL) | ||
| 247 | { | ||
| 248 | ret->pkeys[i].privatekey = cert->pkeys[i].privatekey; | ||
| 249 | CRYPTO_add(&ret->pkeys[i].privatekey->references, 1, | ||
| 250 | CRYPTO_LOCK_EVP_PKEY); | ||
| 251 | |||
| 252 | switch(i) | ||
| 253 | { | ||
| 254 | /* If there was anything special to do for | ||
| 255 | * certain types of keys, we'd do it here. | ||
| 256 | * (Nothing at the moment, I think.) */ | ||
| 257 | |||
| 258 | case SSL_PKEY_RSA_ENC: | ||
| 259 | case SSL_PKEY_RSA_SIGN: | ||
| 260 | /* We have an RSA key. */ | ||
| 261 | break; | ||
| 262 | |||
| 263 | case SSL_PKEY_DSA_SIGN: | ||
| 264 | /* We have a DSA key. */ | ||
| 265 | break; | ||
| 266 | |||
| 267 | case SSL_PKEY_DH_RSA: | ||
| 268 | case SSL_PKEY_DH_DSA: | ||
| 269 | /* We have a DH key. */ | ||
| 270 | break; | ||
| 271 | |||
| 272 | default: | ||
| 273 | /* Can't happen. */ | ||
| 274 | SSLerr(SSL_F_SSL_CERT_DUP, SSL_R_LIBRARY_BUG); | ||
| 275 | } | ||
| 276 | } | ||
| 277 | } | ||
| 278 | |||
| 279 | /* ret->extra_certs *should* exist, but currently the own certificate | ||
| 280 | * chain is held inside SSL_CTX */ | ||
| 281 | |||
| 282 | ret->references=1; | ||
| 283 | |||
| 284 | return(ret); | ||
| 285 | |||
| 286 | #ifndef OPENSSL_NO_DH /* avoid 'unreferenced label' warning if OPENSSL_NO_DH is defined */ | ||
| 287 | err: | ||
| 288 | #endif | ||
| 289 | #ifndef OPENSSL_NO_RSA | ||
| 290 | if (ret->rsa_tmp != NULL) | ||
| 291 | RSA_free(ret->rsa_tmp); | ||
| 292 | #endif | ||
| 293 | #ifndef OPENSSL_NO_DH | ||
| 294 | if (ret->dh_tmp != NULL) | ||
| 295 | DH_free(ret->dh_tmp); | ||
| 296 | #endif | ||
| 297 | |||
| 298 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
| 299 | { | ||
| 300 | if (ret->pkeys[i].x509 != NULL) | ||
| 301 | X509_free(ret->pkeys[i].x509); | ||
| 302 | if (ret->pkeys[i].privatekey != NULL) | ||
| 303 | EVP_PKEY_free(ret->pkeys[i].privatekey); | ||
| 304 | } | ||
| 305 | |||
| 306 | return NULL; | ||
| 307 | } | ||
| 308 | |||
| 309 | |||
| 310 | void ssl_cert_free(CERT *c) | ||
| 311 | { | ||
| 312 | int i; | ||
| 313 | |||
| 314 | if(c == NULL) | ||
| 315 | return; | ||
| 316 | |||
| 96 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); | 317 | i=CRYPTO_add(&c->references,-1,CRYPTO_LOCK_SSL_CERT); |
| 97 | #ifdef REF_PRINT | 318 | #ifdef REF_PRINT |
| 98 | REF_PRINT("CERT",c); | 319 | REF_PRINT("CERT",c); |
| @@ -106,10 +327,10 @@ CERT *c; | |||
| 106 | } | 327 | } |
| 107 | #endif | 328 | #endif |
| 108 | 329 | ||
| 109 | #ifndef NO_RSA | 330 | #ifndef OPENSSL_NO_RSA |
| 110 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); | 331 | if (c->rsa_tmp) RSA_free(c->rsa_tmp); |
| 111 | #endif | 332 | #endif |
| 112 | #ifndef NO_DH | 333 | #ifndef OPENSSL_NO_DH |
| 113 | if (c->dh_tmp) DH_free(c->dh_tmp); | 334 | if (c->dh_tmp) DH_free(c->dh_tmp); |
| 114 | #endif | 335 | #endif |
| 115 | 336 | ||
| @@ -124,97 +345,209 @@ CERT *c; | |||
| 124 | EVP_PKEY_free(c->pkeys[i].publickey); | 345 | EVP_PKEY_free(c->pkeys[i].publickey); |
| 125 | #endif | 346 | #endif |
| 126 | } | 347 | } |
| 127 | if (c->cert_chain != NULL) | 348 | OPENSSL_free(c); |
| 128 | sk_pop_free(c->cert_chain,X509_free); | ||
| 129 | Free(c); | ||
| 130 | } | 349 | } |
| 131 | 350 | ||
| 132 | int ssl_set_cert_type(c, type) | 351 | int ssl_cert_inst(CERT **o) |
| 133 | CERT *c; | ||
| 134 | int type; | ||
| 135 | { | 352 | { |
| 136 | c->cert_type=type; | 353 | /* Create a CERT if there isn't already one |
| 354 | * (which cannot really happen, as it is initially created in | ||
| 355 | * SSL_CTX_new; but the earlier code usually allows for that one | ||
| 356 | * being non-existant, so we follow that behaviour, as it might | ||
| 357 | * turn out that there actually is a reason for it -- but I'm | ||
| 358 | * not sure that *all* of the existing code could cope with | ||
| 359 | * s->cert being NULL, otherwise we could do without the | ||
| 360 | * initialization in SSL_CTX_new). | ||
| 361 | */ | ||
| 362 | |||
| 363 | if (o == NULL) | ||
| 364 | { | ||
| 365 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_PASSED_NULL_PARAMETER); | ||
| 366 | return(0); | ||
| 367 | } | ||
| 368 | if (*o == NULL) | ||
| 369 | { | ||
| 370 | if ((*o = ssl_cert_new()) == NULL) | ||
| 371 | { | ||
| 372 | SSLerr(SSL_F_SSL_CERT_INST, ERR_R_MALLOC_FAILURE); | ||
| 373 | return(0); | ||
| 374 | } | ||
| 375 | } | ||
| 137 | return(1); | 376 | return(1); |
| 138 | } | 377 | } |
| 139 | 378 | ||
| 140 | int ssl_verify_cert_chain(s,sk) | 379 | |
| 141 | SSL *s; | 380 | SESS_CERT *ssl_sess_cert_new(void) |
| 142 | STACK *sk; | 381 | { |
| 382 | SESS_CERT *ret; | ||
| 383 | |||
| 384 | ret = OPENSSL_malloc(sizeof *ret); | ||
| 385 | if (ret == NULL) | ||
| 386 | { | ||
| 387 | SSLerr(SSL_F_SSL_SESS_CERT_NEW, ERR_R_MALLOC_FAILURE); | ||
| 388 | return NULL; | ||
| 389 | } | ||
| 390 | |||
| 391 | memset(ret, 0 ,sizeof *ret); | ||
| 392 | ret->peer_key = &(ret->peer_pkeys[SSL_PKEY_RSA_ENC]); | ||
| 393 | ret->references = 1; | ||
| 394 | |||
| 395 | return ret; | ||
| 396 | } | ||
| 397 | |||
| 398 | void ssl_sess_cert_free(SESS_CERT *sc) | ||
| 399 | { | ||
| 400 | int i; | ||
| 401 | |||
| 402 | if (sc == NULL) | ||
| 403 | return; | ||
| 404 | |||
| 405 | i = CRYPTO_add(&sc->references, -1, CRYPTO_LOCK_SSL_SESS_CERT); | ||
| 406 | #ifdef REF_PRINT | ||
| 407 | REF_PRINT("SESS_CERT", sc); | ||
| 408 | #endif | ||
| 409 | if (i > 0) | ||
| 410 | return; | ||
| 411 | #ifdef REF_CHECK | ||
| 412 | if (i < 0) | ||
| 413 | { | ||
| 414 | fprintf(stderr,"ssl_sess_cert_free, bad reference count\n"); | ||
| 415 | abort(); /* ok */ | ||
| 416 | } | ||
| 417 | #endif | ||
| 418 | |||
| 419 | /* i == 0 */ | ||
| 420 | if (sc->cert_chain != NULL) | ||
| 421 | sk_X509_pop_free(sc->cert_chain, X509_free); | ||
| 422 | for (i = 0; i < SSL_PKEY_NUM; i++) | ||
| 423 | { | ||
| 424 | if (sc->peer_pkeys[i].x509 != NULL) | ||
| 425 | X509_free(sc->peer_pkeys[i].x509); | ||
| 426 | #if 0 /* We don't have the peer's private key. These lines are just | ||
| 427 | * here as a reminder that we're still using a not-quite-appropriate | ||
| 428 | * data structure. */ | ||
| 429 | if (sc->peer_pkeys[i].privatekey != NULL) | ||
| 430 | EVP_PKEY_free(sc->peer_pkeys[i].privatekey); | ||
| 431 | #endif | ||
| 432 | } | ||
| 433 | |||
| 434 | #ifndef OPENSSL_NO_RSA | ||
| 435 | if (sc->peer_rsa_tmp != NULL) | ||
| 436 | RSA_free(sc->peer_rsa_tmp); | ||
| 437 | #endif | ||
| 438 | #ifndef OPENSSL_NO_DH | ||
| 439 | if (sc->peer_dh_tmp != NULL) | ||
| 440 | DH_free(sc->peer_dh_tmp); | ||
| 441 | #endif | ||
| 442 | |||
| 443 | OPENSSL_free(sc); | ||
| 444 | } | ||
| 445 | |||
| 446 | int ssl_set_peer_cert_type(SESS_CERT *sc,int type) | ||
| 447 | { | ||
| 448 | sc->peer_cert_type = type; | ||
| 449 | return(1); | ||
| 450 | } | ||
| 451 | |||
| 452 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk) | ||
| 143 | { | 453 | { |
| 144 | X509 *x; | 454 | X509 *x; |
| 145 | int i; | 455 | int i; |
| 146 | X509_STORE_CTX ctx; | 456 | X509_STORE_CTX ctx; |
| 147 | 457 | ||
| 148 | if ((sk == NULL) || (sk_num(sk) == 0)) | 458 | if ((sk == NULL) || (sk_X509_num(sk) == 0)) |
| 149 | return(0); | 459 | return(0); |
| 150 | 460 | ||
| 151 | x=(X509 *)sk_value(sk,0); | 461 | x=sk_X509_value(sk,0); |
| 152 | X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk); | 462 | if(!X509_STORE_CTX_init(&ctx,s->ctx->cert_store,x,sk)) |
| 153 | X509_STORE_CTX_set_app_data(&ctx,(char *)s); | 463 | { |
| 464 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,ERR_R_X509_LIB); | ||
| 465 | return(0); | ||
| 466 | } | ||
| 467 | if (SSL_get_verify_depth(s) >= 0) | ||
| 468 | X509_STORE_CTX_set_depth(&ctx, SSL_get_verify_depth(s)); | ||
| 469 | X509_STORE_CTX_set_ex_data(&ctx,SSL_get_ex_data_X509_STORE_CTX_idx(),s); | ||
| 470 | |||
| 471 | /* We need to set the verify purpose. The purpose can be determined by | ||
| 472 | * the context: if its a server it will verify SSL client certificates | ||
| 473 | * or vice versa. | ||
| 474 | */ | ||
| 475 | if (s->server) | ||
| 476 | i = X509_PURPOSE_SSL_CLIENT; | ||
| 477 | else | ||
| 478 | i = X509_PURPOSE_SSL_SERVER; | ||
| 479 | |||
| 480 | X509_STORE_CTX_purpose_inherit(&ctx, i, s->purpose, s->trust); | ||
| 481 | |||
| 482 | if (s->verify_callback) | ||
| 483 | X509_STORE_CTX_set_verify_cb(&ctx, s->verify_callback); | ||
| 154 | 484 | ||
| 155 | if (s->ctx->app_verify_callback != NULL) | 485 | if (s->ctx->app_verify_callback != NULL) |
| 156 | i=s->ctx->app_verify_callback(&ctx); | 486 | #if 1 /* new with OpenSSL 0.9.7 */ |
| 487 | i=s->ctx->app_verify_callback(&ctx, s->ctx->app_verify_arg); | ||
| 488 | #else | ||
| 489 | i=s->ctx->app_verify_callback(&ctx); /* should pass app_verify_arg */ | ||
| 490 | #endif | ||
| 157 | else | 491 | else |
| 492 | { | ||
| 493 | #ifndef OPENSSL_NO_X509_VERIFY | ||
| 158 | i=X509_verify_cert(&ctx); | 494 | i=X509_verify_cert(&ctx); |
| 495 | #else | ||
| 496 | i=0; | ||
| 497 | ctx.error=X509_V_ERR_APPLICATION_VERIFICATION; | ||
| 498 | SSLerr(SSL_F_SSL_VERIFY_CERT_CHAIN,SSL_R_NO_VERIFY_CALLBACK); | ||
| 499 | #endif | ||
| 500 | } | ||
| 159 | 501 | ||
| 160 | X509_STORE_CTX_cleanup(&ctx); | ||
| 161 | s->verify_result=ctx.error; | 502 | s->verify_result=ctx.error; |
| 503 | X509_STORE_CTX_cleanup(&ctx); | ||
| 162 | 504 | ||
| 163 | return(i); | 505 | return(i); |
| 164 | } | 506 | } |
| 165 | 507 | ||
| 166 | static void set_client_CA_list(ca_list,list) | 508 | static void set_client_CA_list(STACK_OF(X509_NAME) **ca_list,STACK_OF(X509_NAME) *list) |
| 167 | STACK **ca_list; | ||
| 168 | STACK *list; | ||
| 169 | { | 509 | { |
| 170 | if (*ca_list != NULL) | 510 | if (*ca_list != NULL) |
| 171 | sk_pop_free(*ca_list,X509_NAME_free); | 511 | sk_X509_NAME_pop_free(*ca_list,X509_NAME_free); |
| 172 | 512 | ||
| 173 | *ca_list=list; | 513 | *ca_list=list; |
| 174 | } | 514 | } |
| 175 | 515 | ||
| 176 | STACK *SSL_dup_CA_list(sk) | 516 | STACK_OF(X509_NAME) *SSL_dup_CA_list(STACK_OF(X509_NAME) *sk) |
| 177 | STACK *sk; | ||
| 178 | { | 517 | { |
| 179 | int i; | 518 | int i; |
| 180 | STACK *ret; | 519 | STACK_OF(X509_NAME) *ret; |
| 181 | X509_NAME *name; | 520 | X509_NAME *name; |
| 182 | 521 | ||
| 183 | ret=sk_new_null(); | 522 | ret=sk_X509_NAME_new_null(); |
| 184 | for (i=0; i<sk_num(sk); i++) | 523 | for (i=0; i<sk_X509_NAME_num(sk); i++) |
| 185 | { | 524 | { |
| 186 | name=X509_NAME_dup((X509_NAME *)sk_value(sk,i)); | 525 | name=X509_NAME_dup(sk_X509_NAME_value(sk,i)); |
| 187 | if ((name == NULL) || !sk_push(ret,(char *)name)) | 526 | if ((name == NULL) || !sk_X509_NAME_push(ret,name)) |
| 188 | { | 527 | { |
| 189 | sk_pop_free(ret,X509_NAME_free); | 528 | sk_X509_NAME_pop_free(ret,X509_NAME_free); |
| 190 | return(NULL); | 529 | return(NULL); |
| 191 | } | 530 | } |
| 192 | } | 531 | } |
| 193 | return(ret); | 532 | return(ret); |
| 194 | } | 533 | } |
| 195 | 534 | ||
| 196 | void SSL_set_client_CA_list(s,list) | 535 | void SSL_set_client_CA_list(SSL *s,STACK_OF(X509_NAME) *list) |
| 197 | SSL *s; | ||
| 198 | STACK *list; | ||
| 199 | { | 536 | { |
| 200 | set_client_CA_list(&(s->client_CA),list); | 537 | set_client_CA_list(&(s->client_CA),list); |
| 201 | } | 538 | } |
| 202 | 539 | ||
| 203 | void SSL_CTX_set_client_CA_list(ctx,list) | 540 | void SSL_CTX_set_client_CA_list(SSL_CTX *ctx,STACK_OF(X509_NAME) *list) |
| 204 | SSL_CTX *ctx; | ||
| 205 | STACK *list; | ||
| 206 | { | 541 | { |
| 207 | set_client_CA_list(&(ctx->client_CA),list); | 542 | set_client_CA_list(&(ctx->client_CA),list); |
| 208 | } | 543 | } |
| 209 | 544 | ||
| 210 | STACK *SSL_CTX_get_client_CA_list(ctx) | 545 | STACK_OF(X509_NAME) *SSL_CTX_get_client_CA_list(SSL_CTX *ctx) |
| 211 | SSL_CTX *ctx; | ||
| 212 | { | 546 | { |
| 213 | return(ctx->client_CA); | 547 | return(ctx->client_CA); |
| 214 | } | 548 | } |
| 215 | 549 | ||
| 216 | STACK *SSL_get_client_CA_list(s) | 550 | STACK_OF(X509_NAME) *SSL_get_client_CA_list(SSL *s) |
| 217 | SSL *s; | ||
| 218 | { | 551 | { |
| 219 | if (s->type == SSL_ST_CONNECT) | 552 | if (s->type == SSL_ST_CONNECT) |
| 220 | { /* we are in the client */ | 553 | { /* we are in the client */ |
| @@ -233,20 +566,18 @@ SSL *s; | |||
| 233 | } | 566 | } |
| 234 | } | 567 | } |
| 235 | 568 | ||
| 236 | static int add_client_CA(sk,x) | 569 | static int add_client_CA(STACK_OF(X509_NAME) **sk,X509 *x) |
| 237 | STACK **sk; | ||
| 238 | X509 *x; | ||
| 239 | { | 570 | { |
| 240 | X509_NAME *name; | 571 | X509_NAME *name; |
| 241 | 572 | ||
| 242 | if (x == NULL) return(0); | 573 | if (x == NULL) return(0); |
| 243 | if ((*sk == NULL) && ((*sk=sk_new_null()) == NULL)) | 574 | if ((*sk == NULL) && ((*sk=sk_X509_NAME_new_null()) == NULL)) |
| 244 | return(0); | 575 | return(0); |
| 245 | 576 | ||
| 246 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) | 577 | if ((name=X509_NAME_dup(X509_get_subject_name(x))) == NULL) |
| 247 | return(0); | 578 | return(0); |
| 248 | 579 | ||
| 249 | if (!sk_push(*sk,(char *)name)) | 580 | if (!sk_X509_NAME_push(*sk,name)) |
| 250 | { | 581 | { |
| 251 | X509_NAME_free(name); | 582 | X509_NAME_free(name); |
| 252 | return(0); | 583 | return(0); |
| @@ -254,37 +585,39 @@ X509 *x; | |||
| 254 | return(1); | 585 | return(1); |
| 255 | } | 586 | } |
| 256 | 587 | ||
| 257 | int SSL_add_client_CA(ssl,x) | 588 | int SSL_add_client_CA(SSL *ssl,X509 *x) |
| 258 | SSL *ssl; | ||
| 259 | X509 *x; | ||
| 260 | { | 589 | { |
| 261 | return(add_client_CA(&(ssl->client_CA),x)); | 590 | return(add_client_CA(&(ssl->client_CA),x)); |
| 262 | } | 591 | } |
| 263 | 592 | ||
| 264 | int SSL_CTX_add_client_CA(ctx,x) | 593 | int SSL_CTX_add_client_CA(SSL_CTX *ctx,X509 *x) |
| 265 | SSL_CTX *ctx; | ||
| 266 | X509 *x; | ||
| 267 | { | 594 | { |
| 268 | return(add_client_CA(&(ctx->client_CA),x)); | 595 | return(add_client_CA(&(ctx->client_CA),x)); |
| 269 | } | 596 | } |
| 270 | 597 | ||
| 271 | static int name_cmp(a,b) | 598 | static int xname_cmp(const X509_NAME * const *a, const X509_NAME * const *b) |
| 272 | X509_NAME **a,**b; | ||
| 273 | { | 599 | { |
| 274 | return(X509_NAME_cmp(*a,*b)); | 600 | return(X509_NAME_cmp(*a,*b)); |
| 275 | } | 601 | } |
| 276 | 602 | ||
| 277 | #ifndef NO_STDIO | 603 | #ifndef OPENSSL_NO_STDIO |
| 278 | STACK *SSL_load_client_CA_file(file) | 604 | /*! |
| 279 | char *file; | 605 | * Load CA certs from a file into a ::STACK. Note that it is somewhat misnamed; |
| 606 | * it doesn't really have anything to do with clients (except that a common use | ||
| 607 | * for a stack of CAs is to send it to the client). Actually, it doesn't have | ||
| 608 | * much to do with CAs, either, since it will load any old cert. | ||
| 609 | * \param file the file containing one or more certs. | ||
| 610 | * \return a ::STACK containing the certs. | ||
| 611 | */ | ||
| 612 | STACK_OF(X509_NAME) *SSL_load_client_CA_file(const char *file) | ||
| 280 | { | 613 | { |
| 281 | BIO *in; | 614 | BIO *in; |
| 282 | X509 *x=NULL; | 615 | X509 *x=NULL; |
| 283 | X509_NAME *xn=NULL; | 616 | X509_NAME *xn=NULL; |
| 284 | STACK *ret,*sk; | 617 | STACK_OF(X509_NAME) *ret,*sk; |
| 285 | 618 | ||
| 286 | ret=sk_new(NULL); | 619 | ret=sk_X509_NAME_new_null(); |
| 287 | sk=sk_new(name_cmp); | 620 | sk=sk_X509_NAME_new(xname_cmp); |
| 288 | 621 | ||
| 289 | in=BIO_new(BIO_s_file_internal()); | 622 | in=BIO_new(BIO_s_file_internal()); |
| 290 | 623 | ||
| @@ -299,31 +632,201 @@ char *file; | |||
| 299 | 632 | ||
| 300 | for (;;) | 633 | for (;;) |
| 301 | { | 634 | { |
| 302 | if (PEM_read_bio_X509(in,&x,NULL) == NULL) | 635 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) |
| 303 | break; | 636 | break; |
| 304 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | 637 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; |
| 305 | /* check for duplicates */ | 638 | /* check for duplicates */ |
| 306 | xn=X509_NAME_dup(xn); | 639 | xn=X509_NAME_dup(xn); |
| 307 | if (xn == NULL) goto err; | 640 | if (xn == NULL) goto err; |
| 308 | if (sk_find(sk,(char *)xn) >= 0) | 641 | if (sk_X509_NAME_find(sk,xn) >= 0) |
| 309 | X509_NAME_free(xn); | 642 | X509_NAME_free(xn); |
| 310 | else | 643 | else |
| 311 | { | 644 | { |
| 312 | sk_push(sk,(char *)xn); | 645 | sk_X509_NAME_push(sk,xn); |
| 313 | sk_push(ret,(char *)xn); | 646 | sk_X509_NAME_push(ret,xn); |
| 314 | } | 647 | } |
| 315 | } | 648 | } |
| 316 | 649 | ||
| 317 | if (0) | 650 | if (0) |
| 318 | { | 651 | { |
| 319 | err: | 652 | err: |
| 320 | if (ret != NULL) sk_pop_free(ret,X509_NAME_free); | 653 | if (ret != NULL) sk_X509_NAME_pop_free(ret,X509_NAME_free); |
| 321 | ret=NULL; | 654 | ret=NULL; |
| 322 | } | 655 | } |
| 323 | if (sk != NULL) sk_free(sk); | 656 | if (sk != NULL) sk_X509_NAME_free(sk); |
| 324 | if (in != NULL) BIO_free(in); | 657 | if (in != NULL) BIO_free(in); |
| 325 | if (x != NULL) X509_free(x); | 658 | if (x != NULL) X509_free(x); |
| 326 | return(ret); | 659 | return(ret); |
| 327 | } | 660 | } |
| 328 | #endif | 661 | #endif |
| 329 | 662 | ||
| 663 | /*! | ||
| 664 | * Add a file of certs to a stack. | ||
| 665 | * \param stack the stack to add to. | ||
| 666 | * \param file the file to add from. All certs in this file that are not | ||
| 667 | * already in the stack will be added. | ||
| 668 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
| 669 | * certs may have been added to \c stack. | ||
| 670 | */ | ||
| 671 | |||
| 672 | int SSL_add_file_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 673 | const char *file) | ||
| 674 | { | ||
| 675 | BIO *in; | ||
| 676 | X509 *x=NULL; | ||
| 677 | X509_NAME *xn=NULL; | ||
| 678 | int ret=1; | ||
| 679 | int (*oldcmp)(const X509_NAME * const *a, const X509_NAME * const *b); | ||
| 680 | |||
| 681 | oldcmp=sk_X509_NAME_set_cmp_func(stack,xname_cmp); | ||
| 682 | |||
| 683 | in=BIO_new(BIO_s_file_internal()); | ||
| 684 | |||
| 685 | if (in == NULL) | ||
| 686 | { | ||
| 687 | SSLerr(SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,ERR_R_MALLOC_FAILURE); | ||
| 688 | goto err; | ||
| 689 | } | ||
| 690 | |||
| 691 | if (!BIO_read_filename(in,file)) | ||
| 692 | goto err; | ||
| 693 | |||
| 694 | for (;;) | ||
| 695 | { | ||
| 696 | if (PEM_read_bio_X509(in,&x,NULL,NULL) == NULL) | ||
| 697 | break; | ||
| 698 | if ((xn=X509_get_subject_name(x)) == NULL) goto err; | ||
| 699 | xn=X509_NAME_dup(xn); | ||
| 700 | if (xn == NULL) goto err; | ||
| 701 | if (sk_X509_NAME_find(stack,xn) >= 0) | ||
| 702 | X509_NAME_free(xn); | ||
| 703 | else | ||
| 704 | sk_X509_NAME_push(stack,xn); | ||
| 705 | } | ||
| 706 | |||
| 707 | if (0) | ||
| 708 | { | ||
| 709 | err: | ||
| 710 | ret=0; | ||
| 711 | } | ||
| 712 | if(in != NULL) | ||
| 713 | BIO_free(in); | ||
| 714 | if(x != NULL) | ||
| 715 | X509_free(x); | ||
| 716 | |||
| 717 | sk_X509_NAME_set_cmp_func(stack,oldcmp); | ||
| 718 | |||
| 719 | return ret; | ||
| 720 | } | ||
| 721 | |||
| 722 | /*! | ||
| 723 | * Add a directory of certs to a stack. | ||
| 724 | * \param stack the stack to append to. | ||
| 725 | * \param dir the directory to append from. All files in this directory will be | ||
| 726 | * examined as potential certs. Any that are acceptable to | ||
| 727 | * SSL_add_dir_cert_subjects_to_stack() that are not already in the stack will be | ||
| 728 | * included. | ||
| 729 | * \return 1 for success, 0 for failure. Note that in the case of failure some | ||
| 730 | * certs may have been added to \c stack. | ||
| 731 | */ | ||
| 732 | |||
| 733 | #ifndef OPENSSL_SYS_WIN32 | ||
| 734 | #ifndef OPENSSL_SYS_VMS /* XXXX This may be fixed in the future */ | ||
| 735 | #ifndef OPENSSL_SYS_MACINTOSH_CLASSIC /* XXXXX: Better scheme needed! */ | ||
| 736 | |||
| 737 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 738 | const char *dir) | ||
| 739 | { | ||
| 740 | DIR *d; | ||
| 741 | struct dirent *dstruct; | ||
| 742 | int ret = 0; | ||
| 743 | |||
| 744 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
| 745 | d = opendir(dir); | ||
| 746 | |||
| 747 | /* Note that a side effect is that the CAs will be sorted by name */ | ||
| 748 | if(!d) | ||
| 749 | { | ||
| 750 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | ||
| 751 | ERR_add_error_data(3, "opendir('", dir, "')"); | ||
| 752 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
| 753 | goto err; | ||
| 754 | } | ||
| 755 | |||
| 756 | while((dstruct=readdir(d))) | ||
| 757 | { | ||
| 758 | char buf[1024]; | ||
| 759 | int r; | ||
| 760 | |||
| 761 | if(strlen(dir)+strlen(dstruct->d_name)+2 > sizeof buf) | ||
| 762 | { | ||
| 763 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 764 | goto err; | ||
| 765 | } | ||
| 766 | |||
| 767 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,dstruct->d_name); | ||
| 768 | if (r <= 0 || r >= sizeof buf) | ||
| 769 | goto err; | ||
| 770 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | ||
| 771 | goto err; | ||
| 772 | } | ||
| 773 | ret = 1; | ||
| 774 | |||
| 775 | err: | ||
| 776 | if (d) closedir(d); | ||
| 777 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
| 778 | return ret; | ||
| 779 | } | ||
| 780 | |||
| 781 | #endif | ||
| 782 | #endif | ||
| 783 | |||
| 784 | #else | ||
| 785 | |||
| 786 | int SSL_add_dir_cert_subjects_to_stack(STACK_OF(X509_NAME) *stack, | ||
| 787 | const char *dir) | ||
| 788 | { | ||
| 789 | WIN32_FIND_DATA FindFileData; | ||
| 790 | HANDLE hFind; | ||
| 791 | int ret = 0; | ||
| 792 | |||
| 793 | CRYPTO_w_lock(CRYPTO_LOCK_READDIR); | ||
| 794 | |||
| 795 | hFind = FindFirstFile(dir, &FindFileData); | ||
| 796 | /* Note that a side effect is that the CAs will be sorted by name */ | ||
| 797 | if(hFind == INVALID_HANDLE_VALUE) | ||
| 798 | { | ||
| 799 | SYSerr(SYS_F_OPENDIR, get_last_sys_error()); | ||
| 800 | ERR_add_error_data(3, "opendir('", dir, "')"); | ||
| 801 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK, ERR_R_SYS_LIB); | ||
| 802 | goto err_noclose; | ||
| 803 | } | ||
| 804 | |||
| 805 | do | ||
| 806 | { | ||
| 807 | char buf[1024]; | ||
| 808 | int r; | ||
| 809 | |||
| 810 | if(strlen(dir)+strlen(FindFileData.cFileName)+2 > sizeof buf) | ||
| 811 | { | ||
| 812 | SSLerr(SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,SSL_R_PATH_TOO_LONG); | ||
| 813 | goto err; | ||
| 814 | } | ||
| 815 | |||
| 816 | r = BIO_snprintf(buf,sizeof buf,"%s/%s",dir,FindFileData.cFileName); | ||
| 817 | if (r <= 0 || r >= sizeof buf) | ||
| 818 | goto err; | ||
| 819 | if(!SSL_add_file_cert_subjects_to_stack(stack,buf)) | ||
| 820 | goto err; | ||
| 821 | } | ||
| 822 | while (FindNextFile(hFind, &FindFileData) != FALSE); | ||
| 823 | ret = 1; | ||
| 824 | |||
| 825 | err: | ||
| 826 | FindClose(hFind); | ||
| 827 | err_noclose: | ||
| 828 | CRYPTO_w_unlock(CRYPTO_LOCK_READDIR); | ||
| 829 | return ret; | ||
| 830 | } | ||
| 831 | |||
| 832 | #endif | ||
diff --git a/src/lib/libssl/ssl_ciph.c b/src/lib/libssl/ssl_ciph.c index 820994408b..cdd8dde128 100644 --- a/src/lib/libssl/ssl_ciph.c +++ b/src/lib/libssl/ssl_ciph.c | |||
| @@ -57,7 +57,8 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "objects.h" | 60 | #include <openssl/objects.h> |
| 61 | #include <openssl/comp.h> | ||
| 61 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 62 | 63 | ||
| 63 | #define SSL_ENC_DES_IDX 0 | 64 | #define SSL_ENC_DES_IDX 0 |
| @@ -67,37 +68,28 @@ | |||
| 67 | #define SSL_ENC_IDEA_IDX 4 | 68 | #define SSL_ENC_IDEA_IDX 4 |
| 68 | #define SSL_ENC_eFZA_IDX 5 | 69 | #define SSL_ENC_eFZA_IDX 5 |
| 69 | #define SSL_ENC_NULL_IDX 6 | 70 | #define SSL_ENC_NULL_IDX 6 |
| 70 | #define SSL_ENC_NUM_IDX 7 | 71 | #define SSL_ENC_AES128_IDX 7 |
| 72 | #define SSL_ENC_AES256_IDX 8 | ||
| 73 | #define SSL_ENC_NUM_IDX 9 | ||
| 71 | 74 | ||
| 72 | static EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ | 75 | static const EVP_CIPHER *ssl_cipher_methods[SSL_ENC_NUM_IDX]={ |
| 73 | NULL,NULL,NULL,NULL,NULL,NULL, | 76 | NULL,NULL,NULL,NULL,NULL,NULL, |
| 74 | }; | 77 | }; |
| 75 | 78 | ||
| 79 | static STACK_OF(SSL_COMP) *ssl_comp_methods=NULL; | ||
| 80 | |||
| 76 | #define SSL_MD_MD5_IDX 0 | 81 | #define SSL_MD_MD5_IDX 0 |
| 77 | #define SSL_MD_SHA1_IDX 1 | 82 | #define SSL_MD_SHA1_IDX 1 |
| 78 | #define SSL_MD_NUM_IDX 2 | 83 | #define SSL_MD_NUM_IDX 2 |
| 79 | static EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ | 84 | static const EVP_MD *ssl_digest_methods[SSL_MD_NUM_IDX]={ |
| 80 | NULL,NULL, | 85 | NULL,NULL, |
| 81 | }; | 86 | }; |
| 82 | 87 | ||
| 83 | typedef struct cipher_sort_st | ||
| 84 | { | ||
| 85 | SSL_CIPHER *cipher; | ||
| 86 | int pref; | ||
| 87 | } CIPHER_SORT; | ||
| 88 | |||
| 89 | #define CIPHER_ADD 1 | 88 | #define CIPHER_ADD 1 |
| 90 | #define CIPHER_KILL 2 | 89 | #define CIPHER_KILL 2 |
| 91 | #define CIPHER_DEL 3 | 90 | #define CIPHER_DEL 3 |
| 92 | #define CIPHER_ORD 4 | 91 | #define CIPHER_ORD 4 |
| 93 | 92 | #define CIPHER_SPECIAL 5 | |
| 94 | typedef struct cipher_choice_st | ||
| 95 | { | ||
| 96 | int type; | ||
| 97 | unsigned long algorithms; | ||
| 98 | unsigned long mask; | ||
| 99 | long top; | ||
| 100 | } CIPHER_CHOICE; | ||
| 101 | 93 | ||
| 102 | typedef struct cipher_order_st | 94 | typedef struct cipher_order_st |
| 103 | { | 95 | { |
| @@ -107,59 +99,62 @@ typedef struct cipher_order_st | |||
| 107 | struct cipher_order_st *next,*prev; | 99 | struct cipher_order_st *next,*prev; |
| 108 | } CIPHER_ORDER; | 100 | } CIPHER_ORDER; |
| 109 | 101 | ||
| 110 | static SSL_CIPHER cipher_aliases[]={ | 102 | static const SSL_CIPHER cipher_aliases[]={ |
| 111 | {0,SSL_TXT_ALL, 0,SSL_ALL, 0,SSL_ALL}, /* must be first */ | 103 | /* Don't include eNULL unless specifically enabled. |
| 112 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,SSL_MKEY_MASK}, | 104 | * Similarly, don't include AES in ALL because these ciphers are not yet official. */ |
| 113 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,SSL_MKEY_MASK}, | 105 | {0,SSL_TXT_ALL, 0,SSL_ALL & ~SSL_eNULL & ~SSL_AES, SSL_ALL ,0,0,0,SSL_ALL,SSL_ALL}, /* must be first */ |
| 114 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,SSL_MKEY_MASK}, | 106 | {0,SSL_TXT_kKRB5,0,SSL_kKRB5,0,0,0,0,SSL_MKEY_MASK,0}, /* VRS Kerberos5 */ |
| 115 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,SSL_MKEY_MASK}, | 107 | {0,SSL_TXT_kRSA,0,SSL_kRSA, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 116 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,SSL_MKEY_MASK}, | 108 | {0,SSL_TXT_kDHr,0,SSL_kDHr, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 117 | {0,SSL_TXT_DH, 0,SSL_DH, 0,SSL_MKEY_MASK}, | 109 | {0,SSL_TXT_kDHd,0,SSL_kDHd, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 118 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,SSL_MKEY_MASK|SSL_AUTH_MASK}, | 110 | {0,SSL_TXT_kEDH,0,SSL_kEDH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 119 | 111 | {0,SSL_TXT_kFZA,0,SSL_kFZA, 0,0,0,0,SSL_MKEY_MASK,0}, | |
| 120 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,SSL_AUTH_MASK}, | 112 | {0,SSL_TXT_DH, 0,SSL_DH, 0,0,0,0,SSL_MKEY_MASK,0}, |
| 121 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,SSL_AUTH_MASK}, | 113 | {0,SSL_TXT_EDH, 0,SSL_EDH, 0,0,0,0,SSL_MKEY_MASK|SSL_AUTH_MASK,0}, |
| 122 | {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,SSL_AUTH_MASK}, | 114 | |
| 123 | {0,SSL_TXT_aNULL,0,SSL_aNULL,0,SSL_AUTH_MASK}, | 115 | {0,SSL_TXT_aKRB5,0,SSL_aKRB5,0,0,0,0,SSL_AUTH_MASK,0}, /* VRS Kerberos5 */ |
| 124 | {0,SSL_TXT_aDH, 0,SSL_aDH, 0,SSL_AUTH_MASK}, | 116 | {0,SSL_TXT_aRSA,0,SSL_aRSA, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 125 | {0,SSL_TXT_DSS, 0,SSL_DSS, 0,SSL_AUTH_MASK}, | 117 | {0,SSL_TXT_aDSS,0,SSL_aDSS, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 126 | 118 | {0,SSL_TXT_aFZA,0,SSL_aFZA, 0,0,0,0,SSL_AUTH_MASK,0}, | |
| 127 | {0,SSL_TXT_DES, 0,SSL_DES, 0,SSL_ENC_MASK}, | 119 | {0,SSL_TXT_aNULL,0,SSL_aNULL,0,0,0,0,SSL_AUTH_MASK,0}, |
| 128 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,SSL_ENC_MASK}, | 120 | {0,SSL_TXT_aDH, 0,SSL_aDH, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 129 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,SSL_ENC_MASK}, | 121 | {0,SSL_TXT_DSS, 0,SSL_DSS, 0,0,0,0,SSL_AUTH_MASK,0}, |
| 130 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,SSL_ENC_MASK}, | 122 | |
| 131 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,SSL_ENC_MASK}, | 123 | {0,SSL_TXT_DES, 0,SSL_DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 132 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,SSL_ENC_MASK}, | 124 | {0,SSL_TXT_3DES,0,SSL_3DES, 0,0,0,0,SSL_ENC_MASK,0}, |
| 133 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,SSL_ENC_MASK}, | 125 | {0,SSL_TXT_RC4, 0,SSL_RC4, 0,0,0,0,SSL_ENC_MASK,0}, |
| 134 | 126 | {0,SSL_TXT_RC2, 0,SSL_RC2, 0,0,0,0,SSL_ENC_MASK,0}, | |
| 135 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,SSL_MAC_MASK}, | 127 | {0,SSL_TXT_IDEA,0,SSL_IDEA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 136 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,SSL_MAC_MASK}, | 128 | {0,SSL_TXT_eNULL,0,SSL_eNULL,0,0,0,0,SSL_ENC_MASK,0}, |
| 137 | {0,SSL_TXT_SHA, 0,SSL_SHA, 0,SSL_MAC_MASK}, | 129 | {0,SSL_TXT_eFZA,0,SSL_eFZA, 0,0,0,0,SSL_ENC_MASK,0}, |
| 138 | 130 | {0,SSL_TXT_AES, 0,SSL_AES, 0,0,0,0,SSL_ENC_MASK,0}, | |
| 139 | {0,SSL_TXT_NULL,0,SSL_NULL, 0,SSL_ENC_MASK}, | 131 | |
| 140 | {0,SSL_TXT_RSA, 0,SSL_RSA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, | 132 | {0,SSL_TXT_MD5, 0,SSL_MD5, 0,0,0,0,SSL_MAC_MASK,0}, |
| 141 | {0,SSL_TXT_ADH, 0,SSL_ADH, 0,SSL_AUTH_MASK|SSL_MKEY_MASK}, | 133 | {0,SSL_TXT_SHA1,0,SSL_SHA1, 0,0,0,0,SSL_MAC_MASK,0}, |
| 142 | {0,SSL_TXT_FZA, 0,SSL_FZA, 0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK}, | 134 | {0,SSL_TXT_SHA, 0,SSL_SHA, 0,0,0,0,SSL_MAC_MASK,0}, |
| 143 | 135 | ||
| 144 | {0,SSL_TXT_EXP, 0,SSL_EXP, 0,SSL_EXP_MASK}, | 136 | {0,SSL_TXT_NULL,0,SSL_NULL, 0,0,0,0,SSL_ENC_MASK,0}, |
| 145 | {0,SSL_TXT_EXPORT,0,SSL_EXPORT,0,SSL_EXP_MASK}, | 137 | {0,SSL_TXT_KRB5,0,SSL_KRB5, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
| 146 | {0,SSL_TXT_SSLV2,0,SSL_SSLV2,0,SSL_SSL_MASK}, | 138 | {0,SSL_TXT_RSA, 0,SSL_RSA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
| 147 | {0,SSL_TXT_SSLV3,0,SSL_SSLV3,0,SSL_SSL_MASK}, | 139 | {0,SSL_TXT_ADH, 0,SSL_ADH, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK,0}, |
| 148 | {0,SSL_TXT_LOW, 0,SSL_LOW,0,SSL_STRONG_MASK}, | 140 | {0,SSL_TXT_FZA, 0,SSL_FZA, 0,0,0,0,SSL_AUTH_MASK|SSL_MKEY_MASK|SSL_ENC_MASK,0}, |
| 149 | {0,SSL_TXT_MEDIUM,0,SSL_MEDIUM,0,SSL_STRONG_MASK}, | 141 | |
| 150 | {0,SSL_TXT_HIGH, 0,SSL_HIGH,0,SSL_STRONG_MASK}, | 142 | {0,SSL_TXT_SSLV2, 0,SSL_SSLV2, 0,0,0,0,SSL_SSL_MASK,0}, |
| 143 | {0,SSL_TXT_SSLV3, 0,SSL_SSLV3, 0,0,0,0,SSL_SSL_MASK,0}, | ||
| 144 | {0,SSL_TXT_TLSV1, 0,SSL_TLSV1, 0,0,0,0,SSL_SSL_MASK,0}, | ||
| 145 | |||
| 146 | {0,SSL_TXT_EXP ,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, | ||
| 147 | {0,SSL_TXT_EXPORT,0, 0,SSL_EXPORT, 0,0,0,0,SSL_EXP_MASK}, | ||
| 148 | {0,SSL_TXT_EXP40, 0, 0, SSL_EXP40, 0,0,0,0,SSL_STRONG_MASK}, | ||
| 149 | {0,SSL_TXT_EXP56, 0, 0, SSL_EXP56, 0,0,0,0,SSL_STRONG_MASK}, | ||
| 150 | {0,SSL_TXT_LOW, 0, 0, SSL_LOW, 0,0,0,0,SSL_STRONG_MASK}, | ||
| 151 | {0,SSL_TXT_MEDIUM,0, 0,SSL_MEDIUM, 0,0,0,0,SSL_STRONG_MASK}, | ||
| 152 | {0,SSL_TXT_HIGH, 0, 0, SSL_HIGH, 0,0,0,0,SSL_STRONG_MASK}, | ||
| 151 | }; | 153 | }; |
| 152 | 154 | ||
| 153 | static int init_ciphers=1; | 155 | static int init_ciphers=1; |
| 154 | static void load_ciphers(); | ||
| 155 | |||
| 156 | static int cmp_by_name(a,b) | ||
| 157 | SSL_CIPHER **a,**b; | ||
| 158 | { | ||
| 159 | return(strcmp((*a)->name,(*b)->name)); | ||
| 160 | } | ||
| 161 | 156 | ||
| 162 | static void load_ciphers() | 157 | static void load_ciphers(void) |
| 163 | { | 158 | { |
| 164 | init_ciphers=0; | 159 | init_ciphers=0; |
| 165 | ssl_cipher_methods[SSL_ENC_DES_IDX]= | 160 | ssl_cipher_methods[SSL_ENC_DES_IDX]= |
| @@ -172,6 +167,10 @@ static void load_ciphers() | |||
| 172 | EVP_get_cipherbyname(SN_rc2_cbc); | 167 | EVP_get_cipherbyname(SN_rc2_cbc); |
| 173 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= | 168 | ssl_cipher_methods[SSL_ENC_IDEA_IDX]= |
| 174 | EVP_get_cipherbyname(SN_idea_cbc); | 169 | EVP_get_cipherbyname(SN_idea_cbc); |
| 170 | ssl_cipher_methods[SSL_ENC_AES128_IDX]= | ||
| 171 | EVP_get_cipherbyname(SN_aes_128_cbc); | ||
| 172 | ssl_cipher_methods[SSL_ENC_AES256_IDX]= | ||
| 173 | EVP_get_cipherbyname(SN_aes_256_cbc); | ||
| 175 | 174 | ||
| 176 | ssl_digest_methods[SSL_MD_MD5_IDX]= | 175 | ssl_digest_methods[SSL_MD_MD5_IDX]= |
| 177 | EVP_get_digestbyname(SN_md5); | 176 | EVP_get_digestbyname(SN_md5); |
| @@ -179,14 +178,38 @@ static void load_ciphers() | |||
| 179 | EVP_get_digestbyname(SN_sha1); | 178 | EVP_get_digestbyname(SN_sha1); |
| 180 | } | 179 | } |
| 181 | 180 | ||
| 182 | int ssl_cipher_get_evp(c,enc,md) | 181 | int ssl_cipher_get_evp(SSL_SESSION *s, const EVP_CIPHER **enc, |
| 183 | SSL_CIPHER *c; | 182 | const EVP_MD **md, SSL_COMP **comp) |
| 184 | EVP_CIPHER **enc; | ||
| 185 | EVP_MD **md; | ||
| 186 | { | 183 | { |
| 187 | int i; | 184 | int i; |
| 185 | SSL_CIPHER *c; | ||
| 188 | 186 | ||
| 187 | c=s->cipher; | ||
| 189 | if (c == NULL) return(0); | 188 | if (c == NULL) return(0); |
| 189 | if (comp != NULL) | ||
| 190 | { | ||
| 191 | SSL_COMP ctmp; | ||
| 192 | |||
| 193 | if (s->compress_meth == 0) | ||
| 194 | *comp=NULL; | ||
| 195 | else if (ssl_comp_methods == NULL) | ||
| 196 | { | ||
| 197 | /* bad */ | ||
| 198 | *comp=NULL; | ||
| 199 | } | ||
| 200 | else | ||
| 201 | { | ||
| 202 | |||
| 203 | ctmp.id=s->compress_meth; | ||
| 204 | i=sk_SSL_COMP_find(ssl_comp_methods,&ctmp); | ||
| 205 | if (i >= 0) | ||
| 206 | *comp=sk_SSL_COMP_value(ssl_comp_methods,i); | ||
| 207 | else | ||
| 208 | *comp=NULL; | ||
| 209 | } | ||
| 210 | } | ||
| 211 | |||
| 212 | if ((enc == NULL) || (md == NULL)) return(0); | ||
| 190 | 213 | ||
| 191 | switch (c->algorithms & SSL_ENC_MASK) | 214 | switch (c->algorithms & SSL_ENC_MASK) |
| 192 | { | 215 | { |
| @@ -208,6 +231,13 @@ EVP_MD **md; | |||
| 208 | case SSL_eNULL: | 231 | case SSL_eNULL: |
| 209 | i=SSL_ENC_NULL_IDX; | 232 | i=SSL_ENC_NULL_IDX; |
| 210 | break; | 233 | break; |
| 234 | case SSL_AES: | ||
| 235 | switch(c->alg_bits) | ||
| 236 | { | ||
| 237 | case 128: i=SSL_ENC_AES128_IDX; break; | ||
| 238 | case 256: i=SSL_ENC_AES256_IDX; break; | ||
| 239 | default: i=-1; break; | ||
| 240 | } | ||
| 211 | break; | 241 | break; |
| 212 | default: | 242 | default: |
| 213 | i= -1; | 243 | i= -1; |
| @@ -250,8 +280,8 @@ EVP_MD **md; | |||
| 250 | #define ITEM_SEP(a) \ | 280 | #define ITEM_SEP(a) \ |
| 251 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) | 281 | (((a) == ':') || ((a) == ' ') || ((a) == ';') || ((a) == ',')) |
| 252 | 282 | ||
| 253 | static void ll_append_tail(head,curr,tail) | 283 | static void ll_append_tail(CIPHER_ORDER **head, CIPHER_ORDER *curr, |
| 254 | CIPHER_ORDER **head,*curr,**tail; | 284 | CIPHER_ORDER **tail) |
| 255 | { | 285 | { |
| 256 | if (curr == *tail) return; | 286 | if (curr == *tail) return; |
| 257 | if (curr == *head) | 287 | if (curr == *head) |
| @@ -266,181 +296,359 @@ CIPHER_ORDER **head,*curr,**tail; | |||
| 266 | *tail=curr; | 296 | *tail=curr; |
| 267 | } | 297 | } |
| 268 | 298 | ||
| 269 | STACK *ssl_create_cipher_list(ssl_method,cipher_list,cipher_list_by_id,str) | 299 | static unsigned long ssl_cipher_get_disabled(void) |
| 270 | SSL_METHOD *ssl_method; | ||
| 271 | STACK **cipher_list,**cipher_list_by_id; | ||
| 272 | char *str; | ||
| 273 | { | 300 | { |
| 274 | SSL_CIPHER *c; | 301 | unsigned long mask; |
| 275 | char *l; | ||
| 276 | STACK *ret=NULL,*ok=NULL; | ||
| 277 | #define CL_BUF 40 | ||
| 278 | char buf[CL_BUF]; | ||
| 279 | char *tmp_str=NULL; | ||
| 280 | unsigned long mask,algorithms,ma; | ||
| 281 | char *start; | ||
| 282 | int i,j,k,num=0,ch,multi; | ||
| 283 | unsigned long al; | ||
| 284 | STACK *ca_list=NULL; | ||
| 285 | int current_x,num_x; | ||
| 286 | CIPHER_CHOICE *ops=NULL; | ||
| 287 | CIPHER_ORDER *list=NULL,*head=NULL,*tail=NULL,*curr,*tail2,*curr2; | ||
| 288 | int list_num; | ||
| 289 | int type; | ||
| 290 | SSL_CIPHER c_tmp,*cp; | ||
| 291 | |||
| 292 | if (str == NULL) return(NULL); | ||
| 293 | |||
| 294 | if (strncmp(str,"DEFAULT",7) == 0) | ||
| 295 | { | ||
| 296 | i=strlen(str)+2+strlen(SSL_DEFAULT_CIPHER_LIST); | ||
| 297 | if ((tmp_str=Malloc(i)) == NULL) | ||
| 298 | { | ||
| 299 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 300 | goto err; | ||
| 301 | } | ||
| 302 | strcpy(tmp_str,SSL_DEFAULT_CIPHER_LIST); | ||
| 303 | strcat(tmp_str,":"); | ||
| 304 | strcat(tmp_str,&(str[7])); | ||
| 305 | str=tmp_str; | ||
| 306 | } | ||
| 307 | if (init_ciphers) load_ciphers(); | ||
| 308 | |||
| 309 | num=ssl_method->num_ciphers(); | ||
| 310 | |||
| 311 | if ((ret=(STACK *)sk_new(NULL)) == NULL) goto err; | ||
| 312 | if ((ca_list=(STACK *)sk_new(cmp_by_name)) == NULL) goto err; | ||
| 313 | 302 | ||
| 314 | mask =SSL_kFZA; | 303 | mask = SSL_kFZA; |
| 315 | #ifdef NO_RSA | 304 | #ifdef OPENSSL_NO_RSA |
| 316 | mask|=SSL_aRSA|SSL_kRSA; | 305 | mask |= SSL_aRSA|SSL_kRSA; |
| 317 | #endif | 306 | #endif |
| 318 | #ifdef NO_DSA | 307 | #ifdef OPENSSL_NO_DSA |
| 319 | mask|=SSL_aDSS; | 308 | mask |= SSL_aDSS; |
| 320 | #endif | 309 | #endif |
| 321 | #ifdef NO_DH | 310 | #ifdef OPENSSL_NO_DH |
| 322 | mask|=SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; | 311 | mask |= SSL_kDHr|SSL_kDHd|SSL_kEDH|SSL_aDH; |
| 312 | #endif | ||
| 313 | #ifdef OPENSSL_NO_KRB5 | ||
| 314 | mask |= SSL_kKRB5|SSL_aKRB5; | ||
| 323 | #endif | 315 | #endif |
| 324 | 316 | ||
| 325 | #ifndef SSL_ALLOW_ENULL | 317 | #ifdef SSL_FORBID_ENULL |
| 326 | mask|=SSL_eNULL; | 318 | mask |= SSL_eNULL; |
| 327 | #endif | 319 | #endif |
| 328 | 320 | ||
| 329 | mask|=(ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL)?SSL_DES :0; | 321 | mask |= (ssl_cipher_methods[SSL_ENC_DES_IDX ] == NULL) ? SSL_DES :0; |
| 330 | mask|=(ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL)?SSL_3DES:0; | 322 | mask |= (ssl_cipher_methods[SSL_ENC_3DES_IDX] == NULL) ? SSL_3DES:0; |
| 331 | mask|=(ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL)?SSL_RC4 :0; | 323 | mask |= (ssl_cipher_methods[SSL_ENC_RC4_IDX ] == NULL) ? SSL_RC4 :0; |
| 332 | mask|=(ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL)?SSL_RC2 :0; | 324 | mask |= (ssl_cipher_methods[SSL_ENC_RC2_IDX ] == NULL) ? SSL_RC2 :0; |
| 333 | mask|=(ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL)?SSL_IDEA:0; | 325 | mask |= (ssl_cipher_methods[SSL_ENC_IDEA_IDX] == NULL) ? SSL_IDEA:0; |
| 334 | mask|=(ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL)?SSL_eFZA:0; | 326 | mask |= (ssl_cipher_methods[SSL_ENC_eFZA_IDX] == NULL) ? SSL_eFZA:0; |
| 327 | mask |= (ssl_cipher_methods[SSL_ENC_AES128_IDX] == NULL) ? SSL_AES:0; | ||
| 335 | 328 | ||
| 336 | mask|=(ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL)?SSL_MD5 :0; | 329 | mask |= (ssl_digest_methods[SSL_MD_MD5_IDX ] == NULL) ? SSL_MD5 :0; |
| 337 | mask|=(ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL)?SSL_SHA1:0; | 330 | mask |= (ssl_digest_methods[SSL_MD_SHA1_IDX] == NULL) ? SSL_SHA1:0; |
| 338 | 331 | ||
| 339 | if ((list=(CIPHER_ORDER *)Malloc(sizeof(CIPHER_ORDER)*num)) == NULL) | 332 | return(mask); |
| 340 | goto err; | 333 | } |
| 334 | |||
| 335 | static void ssl_cipher_collect_ciphers(const SSL_METHOD *ssl_method, | ||
| 336 | int num_of_ciphers, unsigned long mask, CIPHER_ORDER *list, | ||
| 337 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) | ||
| 338 | { | ||
| 339 | int i, list_num; | ||
| 340 | SSL_CIPHER *c; | ||
| 341 | |||
| 342 | /* | ||
| 343 | * We have num_of_ciphers descriptions compiled in, depending on the | ||
| 344 | * method selected (SSLv2 and/or SSLv3, TLSv1 etc). | ||
| 345 | * These will later be sorted in a linked list with at most num | ||
| 346 | * entries. | ||
| 347 | */ | ||
| 341 | 348 | ||
| 342 | /* Get the initial list of ciphers */ | 349 | /* Get the initial list of ciphers */ |
| 343 | list_num=0; | 350 | list_num = 0; /* actual count of ciphers */ |
| 344 | for (i=0; i<num; i++) | 351 | for (i = 0; i < num_of_ciphers; i++) |
| 345 | { | 352 | { |
| 346 | c=ssl_method->get_cipher((unsigned int)i); | 353 | c = ssl_method->get_cipher(i); |
| 347 | /* drop those that use any of that is not available */ | 354 | /* drop those that use any of that is not available */ |
| 348 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) | 355 | if ((c != NULL) && c->valid && !(c->algorithms & mask)) |
| 349 | { | 356 | { |
| 350 | list[list_num].cipher=c; | 357 | list[list_num].cipher = c; |
| 351 | list[list_num].next=NULL; | 358 | list[list_num].next = NULL; |
| 352 | list[list_num].prev=NULL; | 359 | list[list_num].prev = NULL; |
| 353 | list[list_num].active=0; | 360 | list[list_num].active = 0; |
| 354 | list_num++; | 361 | list_num++; |
| 362 | #ifdef KSSL_DEBUG | ||
| 363 | printf("\t%d: %s %lx %lx\n",i,c->name,c->id,c->algorithms); | ||
| 364 | #endif /* KSSL_DEBUG */ | ||
| 365 | /* | ||
| 355 | if (!sk_push(ca_list,(char *)c)) goto err; | 366 | if (!sk_push(ca_list,(char *)c)) goto err; |
| 367 | */ | ||
| 356 | } | 368 | } |
| 357 | } | 369 | } |
| 358 | 370 | ||
| 359 | for (i=1; i<list_num-1; i++) | 371 | /* |
| 372 | * Prepare linked list from list entries | ||
| 373 | */ | ||
| 374 | for (i = 1; i < list_num - 1; i++) | ||
| 360 | { | 375 | { |
| 361 | list[i].prev= &(list[i-1]); | 376 | list[i].prev = &(list[i-1]); |
| 362 | list[i].next= &(list[i+1]); | 377 | list[i].next = &(list[i+1]); |
| 363 | } | 378 | } |
| 364 | if (list_num > 0) | 379 | if (list_num > 0) |
| 365 | { | 380 | { |
| 366 | head= &(list[0]); | 381 | (*head_p) = &(list[0]); |
| 367 | head->prev=NULL; | 382 | (*head_p)->prev = NULL; |
| 368 | head->next= &(list[1]); | 383 | (*head_p)->next = &(list[1]); |
| 369 | tail= &(list[list_num-1]); | 384 | (*tail_p) = &(list[list_num - 1]); |
| 370 | tail->prev= &(list[list_num-2]); | 385 | (*tail_p)->prev = &(list[list_num - 2]); |
| 371 | tail->next=NULL; | 386 | (*tail_p)->next = NULL; |
| 372 | } | 387 | } |
| 388 | } | ||
| 373 | 389 | ||
| 374 | /* special case */ | 390 | static void ssl_cipher_collect_aliases(SSL_CIPHER **ca_list, |
| 375 | cipher_aliases[0].algorithms= ~mask; | 391 | int num_of_group_aliases, unsigned long mask, |
| 392 | CIPHER_ORDER *head) | ||
| 393 | { | ||
| 394 | CIPHER_ORDER *ciph_curr; | ||
| 395 | SSL_CIPHER **ca_curr; | ||
| 396 | int i; | ||
| 376 | 397 | ||
| 377 | /* get the aliases */ | 398 | /* |
| 378 | k=sizeof(cipher_aliases)/sizeof(SSL_CIPHER); | 399 | * First, add the real ciphers as already collected |
| 379 | for (j=0; j<k; j++) | 400 | */ |
| 401 | ciph_curr = head; | ||
| 402 | ca_curr = ca_list; | ||
| 403 | while (ciph_curr != NULL) | ||
| 380 | { | 404 | { |
| 381 | al=cipher_aliases[j].algorithms; | 405 | *ca_curr = ciph_curr->cipher; |
| 382 | /* Drop those that are not relevent */ | 406 | ca_curr++; |
| 383 | if ((al & mask) == al) continue; | 407 | ciph_curr = ciph_curr->next; |
| 384 | if (!sk_push(ca_list,(char *)&(cipher_aliases[j]))) goto err; | ||
| 385 | } | 408 | } |
| 386 | 409 | ||
| 387 | /* ca_list now holds a 'stack' of SSL_CIPHERS, some real, some | 410 | /* |
| 388 | * 'aliases' */ | 411 | * Now we add the available ones from the cipher_aliases[] table. |
| 412 | * They represent either an algorithm, that must be fully | ||
| 413 | * supported (not match any bit in mask) or represent a cipher | ||
| 414 | * strength value (will be added in any case because algorithms=0). | ||
| 415 | */ | ||
| 416 | for (i = 0; i < num_of_group_aliases; i++) | ||
| 417 | { | ||
| 418 | if ((i == 0) || /* always fetch "ALL" */ | ||
| 419 | !(cipher_aliases[i].algorithms & mask)) | ||
| 420 | { | ||
| 421 | *ca_curr = (SSL_CIPHER *)(cipher_aliases + i); | ||
| 422 | ca_curr++; | ||
| 423 | } | ||
| 424 | } | ||
| 389 | 425 | ||
| 390 | /* how many parameters are there? */ | 426 | *ca_curr = NULL; /* end of list */ |
| 391 | num=1; | 427 | } |
| 392 | for (l=str; *l; l++) | 428 | |
| 393 | if (ITEM_SEP(*l)) | 429 | static void ssl_cipher_apply_rule(unsigned long algorithms, unsigned long mask, |
| 394 | num++; | 430 | unsigned long algo_strength, unsigned long mask_strength, |
| 395 | ops=(CIPHER_CHOICE *)Malloc(sizeof(CIPHER_CHOICE)*num); | 431 | int rule, int strength_bits, CIPHER_ORDER *list, |
| 396 | if (ops == NULL) goto err; | 432 | CIPHER_ORDER **head_p, CIPHER_ORDER **tail_p) |
| 397 | memset(ops,0,sizeof(CIPHER_CHOICE)*num); | 433 | { |
| 434 | CIPHER_ORDER *head, *tail, *curr, *curr2, *tail2; | ||
| 435 | SSL_CIPHER *cp; | ||
| 436 | unsigned long ma, ma_s; | ||
| 398 | 437 | ||
| 399 | /* we now parse the input string and create our operations */ | 438 | #ifdef CIPHER_DEBUG |
| 400 | l=str; | 439 | printf("Applying rule %d with %08lx %08lx %08lx %08lx (%d)\n", |
| 401 | i=0; | 440 | rule, algorithms, mask, algo_strength, mask_strength, |
| 402 | current_x=0; | 441 | strength_bits); |
| 442 | #endif | ||
| 403 | 443 | ||
| 444 | curr = head = *head_p; | ||
| 445 | curr2 = head; | ||
| 446 | tail2 = tail = *tail_p; | ||
| 404 | for (;;) | 447 | for (;;) |
| 405 | { | 448 | { |
| 406 | ch= *l; | 449 | if ((curr == NULL) || (curr == tail2)) break; |
| 450 | curr = curr2; | ||
| 451 | curr2 = curr->next; | ||
| 452 | |||
| 453 | cp = curr->cipher; | ||
| 454 | |||
| 455 | /* | ||
| 456 | * Selection criteria is either the number of strength_bits | ||
| 457 | * or the algorithm used. | ||
| 458 | */ | ||
| 459 | if (strength_bits == -1) | ||
| 460 | { | ||
| 461 | ma = mask & cp->algorithms; | ||
| 462 | ma_s = mask_strength & cp->algo_strength; | ||
| 463 | |||
| 464 | #ifdef CIPHER_DEBUG | ||
| 465 | printf("\nName: %s:\nAlgo = %08lx Algo_strength = %08lx\nMask = %08lx Mask_strength %08lx\n", cp->name, cp->algorithms, cp->algo_strength, mask, mask_strength); | ||
| 466 | printf("ma = %08lx ma_s %08lx, ma&algo=%08lx, ma_s&algos=%08lx\n", ma, ma_s, ma&algorithms, ma_s&algo_strength); | ||
| 467 | #endif | ||
| 468 | /* | ||
| 469 | * Select: if none of the mask bit was met from the | ||
| 470 | * cipher or not all of the bits were met, the | ||
| 471 | * selection does not apply. | ||
| 472 | */ | ||
| 473 | if (((ma == 0) && (ma_s == 0)) || | ||
| 474 | ((ma & algorithms) != ma) || | ||
| 475 | ((ma_s & algo_strength) != ma_s)) | ||
| 476 | continue; /* does not apply */ | ||
| 477 | } | ||
| 478 | else if (strength_bits != cp->strength_bits) | ||
| 479 | continue; /* does not apply */ | ||
| 480 | |||
| 481 | #ifdef CIPHER_DEBUG | ||
| 482 | printf("Action = %d\n", rule); | ||
| 483 | #endif | ||
| 484 | |||
| 485 | /* add the cipher if it has not been added yet. */ | ||
| 486 | if (rule == CIPHER_ADD) | ||
| 487 | { | ||
| 488 | if (!curr->active) | ||
| 489 | { | ||
| 490 | ll_append_tail(&head, curr, &tail); | ||
| 491 | curr->active = 1; | ||
| 492 | } | ||
| 493 | } | ||
| 494 | /* Move the added cipher to this location */ | ||
| 495 | else if (rule == CIPHER_ORD) | ||
| 496 | { | ||
| 497 | if (curr->active) | ||
| 498 | { | ||
| 499 | ll_append_tail(&head, curr, &tail); | ||
| 500 | } | ||
| 501 | } | ||
| 502 | else if (rule == CIPHER_DEL) | ||
| 503 | curr->active = 0; | ||
| 504 | else if (rule == CIPHER_KILL) | ||
| 505 | { | ||
| 506 | if (head == curr) | ||
| 507 | head = curr->next; | ||
| 508 | else | ||
| 509 | curr->prev->next = curr->next; | ||
| 510 | if (tail == curr) | ||
| 511 | tail = curr->prev; | ||
| 512 | curr->active = 0; | ||
| 513 | if (curr->next != NULL) | ||
| 514 | curr->next->prev = curr->prev; | ||
| 515 | if (curr->prev != NULL) | ||
| 516 | curr->prev->next = curr->next; | ||
| 517 | curr->next = NULL; | ||
| 518 | curr->prev = NULL; | ||
| 519 | } | ||
| 520 | } | ||
| 521 | |||
| 522 | *head_p = head; | ||
| 523 | *tail_p = tail; | ||
| 524 | } | ||
| 525 | |||
| 526 | static int ssl_cipher_strength_sort(CIPHER_ORDER *list, CIPHER_ORDER **head_p, | ||
| 527 | CIPHER_ORDER **tail_p) | ||
| 528 | { | ||
| 529 | int max_strength_bits, i, *number_uses; | ||
| 530 | CIPHER_ORDER *curr; | ||
| 531 | |||
| 532 | /* | ||
| 533 | * This routine sorts the ciphers with descending strength. The sorting | ||
| 534 | * must keep the pre-sorted sequence, so we apply the normal sorting | ||
| 535 | * routine as '+' movement to the end of the list. | ||
| 536 | */ | ||
| 537 | max_strength_bits = 0; | ||
| 538 | curr = *head_p; | ||
| 539 | while (curr != NULL) | ||
| 540 | { | ||
| 541 | if (curr->active && | ||
| 542 | (curr->cipher->strength_bits > max_strength_bits)) | ||
| 543 | max_strength_bits = curr->cipher->strength_bits; | ||
| 544 | curr = curr->next; | ||
| 545 | } | ||
| 407 | 546 | ||
| 408 | if (ch == '\0') break; | 547 | number_uses = OPENSSL_malloc((max_strength_bits + 1) * sizeof(int)); |
| 548 | if (!number_uses) | ||
| 549 | { | ||
| 550 | SSLerr(SSL_F_SSL_CIPHER_STRENGTH_SORT,ERR_R_MALLOC_FAILURE); | ||
| 551 | return(0); | ||
| 552 | } | ||
| 553 | memset(number_uses, 0, (max_strength_bits + 1) * sizeof(int)); | ||
| 554 | |||
| 555 | /* | ||
| 556 | * Now find the strength_bits values actually used | ||
| 557 | */ | ||
| 558 | curr = *head_p; | ||
| 559 | while (curr != NULL) | ||
| 560 | { | ||
| 561 | if (curr->active) | ||
| 562 | number_uses[curr->cipher->strength_bits]++; | ||
| 563 | curr = curr->next; | ||
| 564 | } | ||
| 565 | /* | ||
| 566 | * Go through the list of used strength_bits values in descending | ||
| 567 | * order. | ||
| 568 | */ | ||
| 569 | for (i = max_strength_bits; i >= 0; i--) | ||
| 570 | if (number_uses[i] > 0) | ||
| 571 | ssl_cipher_apply_rule(0, 0, 0, 0, CIPHER_ORD, i, | ||
| 572 | list, head_p, tail_p); | ||
| 573 | |||
| 574 | OPENSSL_free(number_uses); | ||
| 575 | return(1); | ||
| 576 | } | ||
| 577 | |||
| 578 | static int ssl_cipher_process_rulestr(const char *rule_str, | ||
| 579 | CIPHER_ORDER *list, CIPHER_ORDER **head_p, | ||
| 580 | CIPHER_ORDER **tail_p, SSL_CIPHER **ca_list) | ||
| 581 | { | ||
| 582 | unsigned long algorithms, mask, algo_strength, mask_strength; | ||
| 583 | const char *l, *start, *buf; | ||
| 584 | int j, multi, found, rule, retval, ok, buflen; | ||
| 585 | char ch; | ||
| 586 | |||
| 587 | retval = 1; | ||
| 588 | l = rule_str; | ||
| 589 | for (;;) | ||
| 590 | { | ||
| 591 | ch = *l; | ||
| 409 | 592 | ||
| 593 | if (ch == '\0') | ||
| 594 | break; /* done */ | ||
| 410 | if (ch == '-') | 595 | if (ch == '-') |
| 411 | { j=CIPHER_DEL; l++; } | 596 | { rule = CIPHER_DEL; l++; } |
| 412 | else if (ch == '+') | 597 | else if (ch == '+') |
| 413 | { j=CIPHER_ORD; l++; } | 598 | { rule = CIPHER_ORD; l++; } |
| 414 | else if (ch == '!') | 599 | else if (ch == '!') |
| 415 | { j=CIPHER_KILL; l++; } | 600 | { rule = CIPHER_KILL; l++; } |
| 416 | else | 601 | else if (ch == '@') |
| 417 | { j=CIPHER_ADD; } | 602 | { rule = CIPHER_SPECIAL; l++; } |
| 603 | else | ||
| 604 | { rule = CIPHER_ADD; } | ||
| 418 | 605 | ||
| 419 | if (ITEM_SEP(ch)) | 606 | if (ITEM_SEP(ch)) |
| 420 | { | 607 | { |
| 421 | l++; | 608 | l++; |
| 422 | continue; | 609 | continue; |
| 423 | } | 610 | } |
| 424 | ops[current_x].type=j; | 611 | |
| 425 | ops[current_x].algorithms=0; | 612 | algorithms = mask = algo_strength = mask_strength = 0; |
| 426 | ops[current_x].mask=0; | ||
| 427 | 613 | ||
| 428 | start=l; | 614 | start=l; |
| 429 | for (;;) | 615 | for (;;) |
| 430 | { | 616 | { |
| 431 | ch= *l; | 617 | ch = *l; |
| 432 | i=0; | 618 | buf = l; |
| 619 | buflen = 0; | ||
| 620 | #ifndef CHARSET_EBCDIC | ||
| 433 | while ( ((ch >= 'A') && (ch <= 'Z')) || | 621 | while ( ((ch >= 'A') && (ch <= 'Z')) || |
| 434 | ((ch >= '0') && (ch <= '9')) || | 622 | ((ch >= '0') && (ch <= '9')) || |
| 435 | ((ch >= 'a') && (ch <= 'z')) || | 623 | ((ch >= 'a') && (ch <= 'z')) || |
| 436 | (ch == '-')) | 624 | (ch == '-')) |
| 625 | #else | ||
| 626 | while ( isalnum(ch) || (ch == '-')) | ||
| 627 | #endif | ||
| 437 | { | 628 | { |
| 438 | buf[i]=ch; | 629 | ch = *(++l); |
| 439 | ch= *(++l); | 630 | buflen++; |
| 440 | i++; | ||
| 441 | if (i >= (CL_BUF-2)) break; | ||
| 442 | } | 631 | } |
| 443 | buf[i]='\0'; | 632 | |
| 633 | if (buflen == 0) | ||
| 634 | { | ||
| 635 | /* | ||
| 636 | * We hit something we cannot deal with, | ||
| 637 | * it is no command or separator nor | ||
| 638 | * alphanumeric, so we call this an error. | ||
| 639 | */ | ||
| 640 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
| 641 | SSL_R_INVALID_COMMAND); | ||
| 642 | retval = found = 0; | ||
| 643 | l++; | ||
| 644 | break; | ||
| 645 | } | ||
| 646 | |||
| 647 | if (rule == CIPHER_SPECIAL) | ||
| 648 | { | ||
| 649 | found = 0; /* unused -- avoid compiler warning */ | ||
| 650 | break; /* special treatment */ | ||
| 651 | } | ||
| 444 | 652 | ||
| 445 | /* check for multi-part specification */ | 653 | /* check for multi-part specification */ |
| 446 | if (ch == '+') | 654 | if (ch == '+') |
| @@ -451,151 +659,262 @@ char *str; | |||
| 451 | else | 659 | else |
| 452 | multi=0; | 660 | multi=0; |
| 453 | 661 | ||
| 454 | c_tmp.name=buf; | 662 | /* |
| 455 | j=sk_find(ca_list,(char *)&c_tmp); | 663 | * Now search for the cipher alias in the ca_list. Be careful |
| 456 | if (j < 0) | 664 | * with the strncmp, because the "buflen" limitation |
| 457 | goto end_loop; | 665 | * will make the rule "ADH:SOME" and the cipher |
| 666 | * "ADH-MY-CIPHER" look like a match for buflen=3. | ||
| 667 | * So additionally check whether the cipher name found | ||
| 668 | * has the correct length. We can save a strlen() call: | ||
| 669 | * just checking for the '\0' at the right place is | ||
| 670 | * sufficient, we have to strncmp() anyway. | ||
| 671 | */ | ||
| 672 | j = found = 0; | ||
| 673 | while (ca_list[j]) | ||
| 674 | { | ||
| 675 | if ((ca_list[j]->name[buflen] == '\0') && | ||
| 676 | !strncmp(buf, ca_list[j]->name, buflen)) | ||
| 677 | { | ||
| 678 | found = 1; | ||
| 679 | break; | ||
| 680 | } | ||
| 681 | else | ||
| 682 | j++; | ||
| 683 | } | ||
| 684 | if (!found) | ||
| 685 | break; /* ignore this entry */ | ||
| 686 | |||
| 687 | algorithms |= ca_list[j]->algorithms; | ||
| 688 | mask |= ca_list[j]->mask; | ||
| 689 | algo_strength |= ca_list[j]->algo_strength; | ||
| 690 | mask_strength |= ca_list[j]->mask_strength; | ||
| 458 | 691 | ||
| 459 | cp=(SSL_CIPHER *)sk_value(ca_list,j); | ||
| 460 | ops[current_x].algorithms|=cp->algorithms; | ||
| 461 | /* We add the SSL_SSL_MASK so we can match the | ||
| 462 | * SSLv2 and SSLv3 versions of RC4-MD5 */ | ||
| 463 | ops[current_x].mask|=cp->mask; | ||
| 464 | if (!multi) break; | 692 | if (!multi) break; |
| 465 | } | 693 | } |
| 466 | current_x++; | 694 | |
| 467 | if (ch == '\0') break; | 695 | /* |
| 468 | end_loop: | 696 | * Ok, we have the rule, now apply it |
| 469 | /* Make sure we scan until the next valid start point */ | 697 | */ |
| 470 | while ((*l != '\0') && ITEM_SEP(*l)) | 698 | if (rule == CIPHER_SPECIAL) |
| 471 | l++; | 699 | { /* special command */ |
| 700 | ok = 0; | ||
| 701 | if ((buflen == 8) && | ||
| 702 | !strncmp(buf, "STRENGTH", 8)) | ||
| 703 | ok = ssl_cipher_strength_sort(list, | ||
| 704 | head_p, tail_p); | ||
| 705 | else | ||
| 706 | SSLerr(SSL_F_SSL_CIPHER_PROCESS_RULESTR, | ||
| 707 | SSL_R_INVALID_COMMAND); | ||
| 708 | if (ok == 0) | ||
| 709 | retval = 0; | ||
| 710 | /* | ||
| 711 | * We do not support any "multi" options | ||
| 712 | * together with "@", so throw away the | ||
| 713 | * rest of the command, if any left, until | ||
| 714 | * end or ':' is found. | ||
| 715 | */ | ||
| 716 | while ((*l != '\0') && ITEM_SEP(*l)) | ||
| 717 | l++; | ||
| 718 | } | ||
| 719 | else if (found) | ||
| 720 | { | ||
| 721 | ssl_cipher_apply_rule(algorithms, mask, | ||
| 722 | algo_strength, mask_strength, rule, -1, | ||
| 723 | list, head_p, tail_p); | ||
| 724 | } | ||
| 725 | else | ||
| 726 | { | ||
| 727 | while ((*l != '\0') && ITEM_SEP(*l)) | ||
| 728 | l++; | ||
| 729 | } | ||
| 730 | if (*l == '\0') break; /* done */ | ||
| 472 | } | 731 | } |
| 473 | 732 | ||
| 474 | num_x=current_x; | 733 | return(retval); |
| 475 | current_x=0; | 734 | } |
| 735 | |||
| 736 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *ssl_method, | ||
| 737 | STACK_OF(SSL_CIPHER) **cipher_list, | ||
| 738 | STACK_OF(SSL_CIPHER) **cipher_list_by_id, | ||
| 739 | const char *rule_str) | ||
| 740 | { | ||
| 741 | int ok, num_of_ciphers, num_of_alias_max, num_of_group_aliases; | ||
| 742 | unsigned long disabled_mask; | ||
| 743 | STACK_OF(SSL_CIPHER) *cipherstack; | ||
| 744 | const char *rule_p; | ||
| 745 | CIPHER_ORDER *list = NULL, *head = NULL, *tail = NULL, *curr; | ||
| 746 | SSL_CIPHER **ca_list = NULL; | ||
| 747 | |||
| 748 | /* | ||
| 749 | * Return with error if nothing to do. | ||
| 750 | */ | ||
| 751 | if (rule_str == NULL) return(NULL); | ||
| 752 | |||
| 753 | if (init_ciphers) load_ciphers(); | ||
| 476 | 754 | ||
| 477 | /* We will now process the list of ciphers, once for each category, to | 755 | /* |
| 478 | * decide what we should do with it. */ | 756 | * To reduce the work to do we only want to process the compiled |
| 479 | for (j=0; j<num_x; j++) | 757 | * in algorithms, so we first get the mask of disabled ciphers. |
| 758 | */ | ||
| 759 | disabled_mask = ssl_cipher_get_disabled(); | ||
| 760 | |||
| 761 | /* | ||
| 762 | * Now we have to collect the available ciphers from the compiled | ||
| 763 | * in ciphers. We cannot get more than the number compiled in, so | ||
| 764 | * it is used for allocation. | ||
| 765 | */ | ||
| 766 | num_of_ciphers = ssl_method->num_ciphers(); | ||
| 767 | #ifdef KSSL_DEBUG | ||
| 768 | printf("ssl_create_cipher_list() for %d ciphers\n", num_of_ciphers); | ||
| 769 | #endif /* KSSL_DEBUG */ | ||
| 770 | list = (CIPHER_ORDER *)OPENSSL_malloc(sizeof(CIPHER_ORDER) * num_of_ciphers); | ||
| 771 | if (list == NULL) | ||
| 480 | { | 772 | { |
| 481 | algorithms=ops[j].algorithms; | 773 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 482 | type=ops[j].type; | 774 | return(NULL); /* Failure */ |
| 483 | mask=ops[j].mask; | 775 | } |
| 484 | 776 | ||
| 485 | curr=head; | 777 | ssl_cipher_collect_ciphers(ssl_method, num_of_ciphers, disabled_mask, |
| 486 | curr2=head; | 778 | list, &head, &tail); |
| 487 | tail2=tail; | 779 | |
| 488 | for (;;) | 780 | /* |
| 489 | { | 781 | * We also need cipher aliases for selecting based on the rule_str. |
| 490 | if ((curr == NULL) || (curr == tail2)) break; | 782 | * There might be two types of entries in the rule_str: 1) names |
| 491 | curr=curr2; | 783 | * of ciphers themselves 2) aliases for groups of ciphers. |
| 492 | curr2=curr->next; | 784 | * For 1) we need the available ciphers and for 2) the cipher |
| 785 | * groups of cipher_aliases added together in one list (otherwise | ||
| 786 | * we would be happy with just the cipher_aliases table). | ||
| 787 | */ | ||
| 788 | num_of_group_aliases = sizeof(cipher_aliases) / sizeof(SSL_CIPHER); | ||
| 789 | num_of_alias_max = num_of_ciphers + num_of_group_aliases + 1; | ||
| 790 | ca_list = | ||
| 791 | (SSL_CIPHER **)OPENSSL_malloc(sizeof(SSL_CIPHER *) * num_of_alias_max); | ||
| 792 | if (ca_list == NULL) | ||
| 793 | { | ||
| 794 | OPENSSL_free(list); | ||
| 795 | SSLerr(SSL_F_SSL_CREATE_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | ||
| 796 | return(NULL); /* Failure */ | ||
| 797 | } | ||
| 798 | ssl_cipher_collect_aliases(ca_list, num_of_group_aliases, disabled_mask, | ||
| 799 | head); | ||
| 800 | |||
| 801 | /* | ||
| 802 | * If the rule_string begins with DEFAULT, apply the default rule | ||
| 803 | * before using the (possibly available) additional rules. | ||
| 804 | */ | ||
| 805 | ok = 1; | ||
| 806 | rule_p = rule_str; | ||
| 807 | if (strncmp(rule_str,"DEFAULT",7) == 0) | ||
| 808 | { | ||
| 809 | ok = ssl_cipher_process_rulestr(SSL_DEFAULT_CIPHER_LIST, | ||
| 810 | list, &head, &tail, ca_list); | ||
| 811 | rule_p += 7; | ||
| 812 | if (*rule_p == ':') | ||
| 813 | rule_p++; | ||
| 814 | } | ||
| 493 | 815 | ||
| 494 | cp=curr->cipher; | 816 | if (ok && (strlen(rule_p) > 0)) |
| 495 | ma=mask & cp->algorithms; | 817 | ok = ssl_cipher_process_rulestr(rule_p, list, &head, &tail, |
| 496 | if ((ma == 0) || ((ma & algorithms) != ma)) | 818 | ca_list); |
| 497 | { | ||
| 498 | /* does not apply */ | ||
| 499 | continue; | ||
| 500 | } | ||
| 501 | 819 | ||
| 502 | /* add the cipher if it has not been added yet. */ | 820 | OPENSSL_free(ca_list); /* Not needed anymore */ |
| 503 | if (type == CIPHER_ADD) | 821 | |
| 504 | { | 822 | if (!ok) |
| 505 | if (!curr->active) | 823 | { /* Rule processing failure */ |
| 506 | { | 824 | OPENSSL_free(list); |
| 507 | ll_append_tail(&head,curr,&tail); | 825 | return(NULL); |
| 508 | curr->active=1; | 826 | } |
| 509 | } | 827 | /* |
| 510 | } | 828 | * Allocate new "cipherstack" for the result, return with error |
| 511 | /* Move the added cipher to this location */ | 829 | * if we cannot get one. |
| 512 | else if (type == CIPHER_ORD) | 830 | */ |
| 513 | { | 831 | if ((cipherstack = sk_SSL_CIPHER_new_null()) == NULL) |
| 514 | if (curr->active) | 832 | { |
| 515 | { | 833 | OPENSSL_free(list); |
| 516 | ll_append_tail(&head,curr,&tail); | 834 | return(NULL); |
| 517 | } | ||
| 518 | } | ||
| 519 | else if (type == CIPHER_DEL) | ||
| 520 | curr->active=0; | ||
| 521 | if (type == CIPHER_KILL) | ||
| 522 | { | ||
| 523 | if (head == curr) | ||
| 524 | head=curr->next; | ||
| 525 | else | ||
| 526 | curr->prev->next=curr->next; | ||
| 527 | if (tail == curr) | ||
| 528 | tail=curr->prev; | ||
| 529 | curr->active=0; | ||
| 530 | if (curr->next != NULL) | ||
| 531 | curr->next->prev=curr->prev; | ||
| 532 | if (curr->prev != NULL) | ||
| 533 | curr->prev->next=curr->next; | ||
| 534 | curr->next=NULL; | ||
| 535 | curr->prev=NULL; | ||
| 536 | } | ||
| 537 | } | ||
| 538 | } | 835 | } |
| 539 | 836 | ||
| 540 | for (curr=head; curr != NULL; curr=curr->next) | 837 | /* |
| 838 | * The cipher selection for the list is done. The ciphers are added | ||
| 839 | * to the resulting precedence to the STACK_OF(SSL_CIPHER). | ||
| 840 | */ | ||
| 841 | for (curr = head; curr != NULL; curr = curr->next) | ||
| 541 | { | 842 | { |
| 542 | if (curr->active) | 843 | if (curr->active) |
| 543 | { | 844 | { |
| 544 | sk_push(ret,(char *)curr->cipher); | 845 | sk_SSL_CIPHER_push(cipherstack, curr->cipher); |
| 545 | #ifdef CIPHER_DEBUG | 846 | #ifdef CIPHER_DEBUG |
| 546 | printf("<%s>\n",curr->cipher->name); | 847 | printf("<%s>\n",curr->cipher->name); |
| 547 | #endif | 848 | #endif |
| 548 | } | 849 | } |
| 549 | } | 850 | } |
| 550 | 851 | OPENSSL_free(list); /* Not needed any longer */ | |
| 852 | |||
| 853 | /* | ||
| 854 | * The following passage is a little bit odd. If pointer variables | ||
| 855 | * were supplied to hold STACK_OF(SSL_CIPHER) return information, | ||
| 856 | * the old memory pointed to is free()ed. Then, however, the | ||
| 857 | * cipher_list entry will be assigned just a copy of the returned | ||
| 858 | * cipher stack. For cipher_list_by_id a copy of the cipher stack | ||
| 859 | * will be created. See next comment... | ||
| 860 | */ | ||
| 551 | if (cipher_list != NULL) | 861 | if (cipher_list != NULL) |
| 552 | { | 862 | { |
| 553 | if (*cipher_list != NULL) | 863 | if (*cipher_list != NULL) |
| 554 | sk_free(*cipher_list); | 864 | sk_SSL_CIPHER_free(*cipher_list); |
| 555 | *cipher_list=ret; | 865 | *cipher_list = cipherstack; |
| 556 | } | 866 | } |
| 557 | 867 | ||
| 558 | if (cipher_list_by_id != NULL) | 868 | if (cipher_list_by_id != NULL) |
| 559 | { | 869 | { |
| 560 | if (*cipher_list_by_id != NULL) | 870 | if (*cipher_list_by_id != NULL) |
| 561 | sk_free(*cipher_list_by_id); | 871 | sk_SSL_CIPHER_free(*cipher_list_by_id); |
| 562 | *cipher_list_by_id=sk_dup(ret); | 872 | *cipher_list_by_id = sk_SSL_CIPHER_dup(cipherstack); |
| 563 | } | 873 | } |
| 564 | 874 | ||
| 875 | /* | ||
| 876 | * Now it is getting really strange. If something failed during | ||
| 877 | * the previous pointer assignment or if one of the pointers was | ||
| 878 | * not requested, the error condition is met. That might be | ||
| 879 | * discussable. The strange thing is however that in this case | ||
| 880 | * the memory "ret" pointed to is "free()ed" and hence the pointer | ||
| 881 | * cipher_list becomes wild. The memory reserved for | ||
| 882 | * cipher_list_by_id however is not "free()ed" and stays intact. | ||
| 883 | */ | ||
| 565 | if ( (cipher_list_by_id == NULL) || | 884 | if ( (cipher_list_by_id == NULL) || |
| 566 | (*cipher_list_by_id == NULL) || | 885 | (*cipher_list_by_id == NULL) || |
| 567 | (cipher_list == NULL) || | 886 | (cipher_list == NULL) || |
| 568 | (*cipher_list == NULL)) | 887 | (*cipher_list == NULL)) |
| 569 | goto err; | 888 | { |
| 570 | sk_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); | 889 | sk_SSL_CIPHER_free(cipherstack); |
| 571 | 890 | return(NULL); | |
| 572 | ok=ret; | 891 | } |
| 573 | ret=NULL; | 892 | |
| 574 | err: | 893 | sk_SSL_CIPHER_set_cmp_func(*cipher_list_by_id,ssl_cipher_ptr_id_cmp); |
| 575 | if (tmp_str) Free(tmp_str); | 894 | |
| 576 | if (ops != NULL) Free(ops); | 895 | return(cipherstack); |
| 577 | if (ret != NULL) sk_free(ret); | ||
| 578 | if (ca_list != NULL) sk_free(ca_list); | ||
| 579 | if (list != NULL) Free(list); | ||
| 580 | return(ok); | ||
| 581 | } | 896 | } |
| 582 | 897 | ||
| 583 | char *SSL_CIPHER_description(cipher,buf,len) | 898 | char *SSL_CIPHER_description(SSL_CIPHER *cipher, char *buf, int len) |
| 584 | SSL_CIPHER *cipher; | ||
| 585 | char *buf; | ||
| 586 | int len; | ||
| 587 | { | 899 | { |
| 588 | int export; | 900 | int is_export,pkl,kl; |
| 589 | char *ver,*exp; | 901 | char *ver,*exp; |
| 590 | char *kx,*au,*enc,*mac; | 902 | char *kx,*au,*enc,*mac; |
| 591 | unsigned long alg,alg2; | 903 | unsigned long alg,alg2,alg_s; |
| 904 | #ifdef KSSL_DEBUG | ||
| 905 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s AL=%lx\n"; | ||
| 906 | #else | ||
| 592 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; | 907 | static char *format="%-23s %s Kx=%-8s Au=%-4s Enc=%-9s Mac=%-4s%s\n"; |
| 593 | 908 | #endif /* KSSL_DEBUG */ | |
| 909 | |||
| 594 | alg=cipher->algorithms; | 910 | alg=cipher->algorithms; |
| 911 | alg_s=cipher->algo_strength; | ||
| 595 | alg2=cipher->algorithm2; | 912 | alg2=cipher->algorithm2; |
| 596 | 913 | ||
| 597 | export=(alg&SSL_EXP)?1:0; | 914 | is_export=SSL_C_IS_EXPORT(cipher); |
| 598 | exp=(export)?" export":""; | 915 | pkl=SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 916 | kl=SSL_C_EXPORT_KEYLENGTH(cipher); | ||
| 917 | exp=is_export?" export":""; | ||
| 599 | 918 | ||
| 600 | if (alg & SSL_SSLV2) | 919 | if (alg & SSL_SSLV2) |
| 601 | ver="SSLv2"; | 920 | ver="SSLv2"; |
| @@ -607,7 +926,7 @@ int len; | |||
| 607 | switch (alg&SSL_MKEY_MASK) | 926 | switch (alg&SSL_MKEY_MASK) |
| 608 | { | 927 | { |
| 609 | case SSL_kRSA: | 928 | case SSL_kRSA: |
| 610 | kx=(export)?"RSA(512)":"RSA"; | 929 | kx=is_export?(pkl == 512 ? "RSA(512)" : "RSA(1024)"):"RSA"; |
| 611 | break; | 930 | break; |
| 612 | case SSL_kDHr: | 931 | case SSL_kDHr: |
| 613 | kx="DH/RSA"; | 932 | kx="DH/RSA"; |
| @@ -615,11 +934,15 @@ int len; | |||
| 615 | case SSL_kDHd: | 934 | case SSL_kDHd: |
| 616 | kx="DH/DSS"; | 935 | kx="DH/DSS"; |
| 617 | break; | 936 | break; |
| 937 | case SSL_kKRB5: /* VRS */ | ||
| 938 | case SSL_KRB5: /* VRS */ | ||
| 939 | kx="KRB5"; | ||
| 940 | break; | ||
| 618 | case SSL_kFZA: | 941 | case SSL_kFZA: |
| 619 | kx="Fortezza"; | 942 | kx="Fortezza"; |
| 620 | break; | 943 | break; |
| 621 | case SSL_kEDH: | 944 | case SSL_kEDH: |
| 622 | kx=(export)?"DH(512)":"DH"; | 945 | kx=is_export?(pkl == 512 ? "DH(512)" : "DH(1024)"):"DH"; |
| 623 | break; | 946 | break; |
| 624 | default: | 947 | default: |
| 625 | kx="unknown"; | 948 | kx="unknown"; |
| @@ -636,6 +959,10 @@ int len; | |||
| 636 | case SSL_aDH: | 959 | case SSL_aDH: |
| 637 | au="DH"; | 960 | au="DH"; |
| 638 | break; | 961 | break; |
| 962 | case SSL_aKRB5: /* VRS */ | ||
| 963 | case SSL_KRB5: /* VRS */ | ||
| 964 | au="KRB5"; | ||
| 965 | break; | ||
| 639 | case SSL_aFZA: | 966 | case SSL_aFZA: |
| 640 | case SSL_aNULL: | 967 | case SSL_aNULL: |
| 641 | au="None"; | 968 | au="None"; |
| @@ -648,16 +975,17 @@ int len; | |||
| 648 | switch (alg&SSL_ENC_MASK) | 975 | switch (alg&SSL_ENC_MASK) |
| 649 | { | 976 | { |
| 650 | case SSL_DES: | 977 | case SSL_DES: |
| 651 | enc=export?"DES(40)":"DES(56)"; | 978 | enc=(is_export && kl == 5)?"DES(40)":"DES(56)"; |
| 652 | break; | 979 | break; |
| 653 | case SSL_3DES: | 980 | case SSL_3DES: |
| 654 | enc="3DES(168)"; | 981 | enc="3DES(168)"; |
| 655 | break; | 982 | break; |
| 656 | case SSL_RC4: | 983 | case SSL_RC4: |
| 657 | enc=export?"RC4(40)":((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | 984 | enc=is_export?(kl == 5 ? "RC4(40)" : "RC4(56)") |
| 985 | :((alg2&SSL2_CF_8_BYTE_ENC)?"RC4(64)":"RC4(128)"); | ||
| 658 | break; | 986 | break; |
| 659 | case SSL_RC2: | 987 | case SSL_RC2: |
| 660 | enc=export?"RC2(40)":"RC2(128)"; | 988 | enc=is_export?(kl == 5 ? "RC2(40)" : "RC2(56)"):"RC2(128)"; |
| 661 | break; | 989 | break; |
| 662 | case SSL_IDEA: | 990 | case SSL_IDEA: |
| 663 | enc="IDEA(128)"; | 991 | enc="IDEA(128)"; |
| @@ -668,6 +996,15 @@ int len; | |||
| 668 | case SSL_eNULL: | 996 | case SSL_eNULL: |
| 669 | enc="None"; | 997 | enc="None"; |
| 670 | break; | 998 | break; |
| 999 | case SSL_AES: | ||
| 1000 | switch(cipher->strength_bits) | ||
| 1001 | { | ||
| 1002 | case 128: enc="AESdraft(128)"; break; | ||
| 1003 | case 192: enc="AESdraft(192)"; break; | ||
| 1004 | case 256: enc="AESdraft(256)"; break; | ||
| 1005 | default: enc="AESdraft(?""?""?)"; break; | ||
| 1006 | } | ||
| 1007 | break; | ||
| 671 | default: | 1008 | default: |
| 672 | enc="unknown"; | 1009 | enc="unknown"; |
| 673 | break; | 1010 | break; |
| @@ -688,18 +1025,22 @@ int len; | |||
| 688 | 1025 | ||
| 689 | if (buf == NULL) | 1026 | if (buf == NULL) |
| 690 | { | 1027 | { |
| 691 | buf=Malloc(128); | 1028 | len=128; |
| 692 | if (buf == NULL) return("Malloc Error"); | 1029 | buf=OPENSSL_malloc(len); |
| 1030 | if (buf == NULL) return("OPENSSL_malloc Error"); | ||
| 693 | } | 1031 | } |
| 694 | else if (len < 128) | 1032 | else if (len < 128) |
| 695 | return("Buffer too small"); | 1033 | return("Buffer too small"); |
| 696 | 1034 | ||
| 697 | sprintf(buf,format,cipher->name,ver,kx,au,enc,mac,exp); | 1035 | #ifdef KSSL_DEBUG |
| 1036 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp,alg); | ||
| 1037 | #else | ||
| 1038 | BIO_snprintf(buf,len,format,cipher->name,ver,kx,au,enc,mac,exp); | ||
| 1039 | #endif /* KSSL_DEBUG */ | ||
| 698 | return(buf); | 1040 | return(buf); |
| 699 | } | 1041 | } |
| 700 | 1042 | ||
| 701 | char *SSL_CIPHER_get_version(c) | 1043 | char *SSL_CIPHER_get_version(SSL_CIPHER *c) |
| 702 | SSL_CIPHER *c; | ||
| 703 | { | 1044 | { |
| 704 | int i; | 1045 | int i; |
| 705 | 1046 | ||
| @@ -714,45 +1055,78 @@ SSL_CIPHER *c; | |||
| 714 | } | 1055 | } |
| 715 | 1056 | ||
| 716 | /* return the actual cipher being used */ | 1057 | /* return the actual cipher being used */ |
| 717 | char *SSL_CIPHER_get_name(c) | 1058 | const char *SSL_CIPHER_get_name(SSL_CIPHER *c) |
| 718 | SSL_CIPHER *c; | ||
| 719 | { | 1059 | { |
| 720 | if (c != NULL) | 1060 | if (c != NULL) |
| 721 | return(c->name); | 1061 | return(c->name); |
| 722 | return("(NONE)"); | 1062 | return("(NONE)"); |
| 723 | } | 1063 | } |
| 724 | 1064 | ||
| 725 | /* number of bits for symetric cipher */ | 1065 | /* number of bits for symmetric cipher */ |
| 726 | int SSL_CIPHER_get_bits(c,alg_bits) | 1066 | int SSL_CIPHER_get_bits(SSL_CIPHER *c, int *alg_bits) |
| 727 | SSL_CIPHER *c; | ||
| 728 | int *alg_bits; | ||
| 729 | { | 1067 | { |
| 730 | int ret=0,a=0; | 1068 | int ret=0; |
| 731 | EVP_CIPHER *enc; | ||
| 732 | EVP_MD *md; | ||
| 733 | 1069 | ||
| 734 | if (c != NULL) | 1070 | if (c != NULL) |
| 735 | { | 1071 | { |
| 736 | if (!ssl_cipher_get_evp(c,&enc,&md)) | 1072 | if (alg_bits != NULL) *alg_bits = c->alg_bits; |
| 737 | return(0); | 1073 | ret = c->strength_bits; |
| 1074 | } | ||
| 1075 | return(ret); | ||
| 1076 | } | ||
| 738 | 1077 | ||
| 739 | a=EVP_CIPHER_key_length(enc)*8; | 1078 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n) |
| 1079 | { | ||
| 1080 | SSL_COMP *ctmp; | ||
| 1081 | int i,nn; | ||
| 740 | 1082 | ||
| 741 | if (c->algorithms & SSL_EXP) | 1083 | if ((n == 0) || (sk == NULL)) return(NULL); |
| 742 | { | 1084 | nn=sk_SSL_COMP_num(sk); |
| 743 | ret=40; | 1085 | for (i=0; i<nn; i++) |
| 744 | } | 1086 | { |
| 745 | else | 1087 | ctmp=sk_SSL_COMP_value(sk,i); |
| 746 | { | 1088 | if (ctmp->id == n) |
| 747 | if (c->algorithm2 & SSL2_CF_8_BYTE_ENC) | 1089 | return(ctmp); |
| 748 | ret=64; | ||
| 749 | else | ||
| 750 | ret=a; | ||
| 751 | } | ||
| 752 | } | 1090 | } |
| 1091 | return(NULL); | ||
| 1092 | } | ||
| 753 | 1093 | ||
| 754 | if (alg_bits != NULL) *alg_bits=a; | 1094 | static int sk_comp_cmp(const SSL_COMP * const *a, |
| 755 | 1095 | const SSL_COMP * const *b) | |
| 756 | return(ret); | 1096 | { |
| 1097 | return((*a)->id-(*b)->id); | ||
| 757 | } | 1098 | } |
| 758 | 1099 | ||
| 1100 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void) | ||
| 1101 | { | ||
| 1102 | return(ssl_comp_methods); | ||
| 1103 | } | ||
| 1104 | |||
| 1105 | int SSL_COMP_add_compression_method(int id, COMP_METHOD *cm) | ||
| 1106 | { | ||
| 1107 | SSL_COMP *comp; | ||
| 1108 | STACK_OF(SSL_COMP) *sk; | ||
| 1109 | |||
| 1110 | if (cm == NULL || cm->type == NID_undef) | ||
| 1111 | return 1; | ||
| 1112 | |||
| 1113 | MemCheck_off(); | ||
| 1114 | comp=(SSL_COMP *)OPENSSL_malloc(sizeof(SSL_COMP)); | ||
| 1115 | comp->id=id; | ||
| 1116 | comp->method=cm; | ||
| 1117 | if (ssl_comp_methods == NULL) | ||
| 1118 | sk=ssl_comp_methods=sk_SSL_COMP_new(sk_comp_cmp); | ||
| 1119 | else | ||
| 1120 | sk=ssl_comp_methods; | ||
| 1121 | if ((sk == NULL) || !sk_SSL_COMP_push(sk,comp)) | ||
| 1122 | { | ||
| 1123 | MemCheck_on(); | ||
| 1124 | SSLerr(SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,ERR_R_MALLOC_FAILURE); | ||
| 1125 | return(0); | ||
| 1126 | } | ||
| 1127 | else | ||
| 1128 | { | ||
| 1129 | MemCheck_on(); | ||
| 1130 | return(1); | ||
| 1131 | } | ||
| 1132 | } | ||
diff --git a/src/lib/libssl/ssl_err.c b/src/lib/libssl/ssl_err.c index bcbb98591f..c32c4ef6e9 100644 --- a/src/lib/libssl/ssl_err.c +++ b/src/lib/libssl/ssl_err.c | |||
| @@ -1,66 +1,69 @@ | |||
| 1 | /* lib/ssl/ssl_err.c */ | 1 | /* ssl/ssl_err.c */ |
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* ==================================================================== |
| 3 | * All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| 5 | * This package is an SSL implementation written | ||
| 6 | * by Eric Young (eay@cryptsoft.com). | ||
| 7 | * The implementation was written so as to conform with Netscapes SSL. | ||
| 8 | * | ||
| 9 | * This library is free for commercial and non-commercial use as long as | ||
| 10 | * the following conditions are aheared to. The following conditions | ||
| 11 | * apply to all code found in this distribution, be it the RC4, RSA, | ||
| 12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | ||
| 13 | * included with this distribution is covered by the same copyright terms | ||
| 14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | ||
| 15 | * | ||
| 16 | * Copyright remains Eric Young's, and as such any Copyright notices in | ||
| 17 | * the code are not to be removed. | ||
| 18 | * If this package is used in a product, Eric Young should be given attribution | ||
| 19 | * as the author of the parts of the library used. | ||
| 20 | * This can be in the form of a textual message at program startup or | ||
| 21 | * in documentation (online or textual) provided with the package. | ||
| 22 | * | ||
| 23 | * Redistribution and use in source and binary forms, with or without | 5 | * Redistribution and use in source and binary forms, with or without |
| 24 | * modification, are permitted provided that the following conditions | 6 | * modification, are permitted provided that the following conditions |
| 25 | * are met: | 7 | * are met: |
| 26 | * 1. Redistributions of source code must retain the copyright | 8 | * |
| 27 | * notice, this list of conditions and the following disclaimer. | 9 | * 1. Redistributions of source code must retain the above copyright |
| 10 | * notice, this list of conditions and the following disclaimer. | ||
| 11 | * | ||
| 28 | * 2. Redistributions in binary form must reproduce the above copyright | 12 | * 2. Redistributions in binary form must reproduce the above copyright |
| 29 | * notice, this list of conditions and the following disclaimer in the | 13 | * notice, this list of conditions and the following disclaimer in |
| 30 | * documentation and/or other materials provided with the distribution. | 14 | * the documentation and/or other materials provided with the |
| 31 | * 3. All advertising materials mentioning features or use of this software | 15 | * distribution. |
| 32 | * must display the following acknowledgement: | 16 | * |
| 33 | * "This product includes cryptographic software written by | 17 | * 3. All advertising materials mentioning features or use of this |
| 34 | * Eric Young (eay@cryptsoft.com)" | 18 | * software must display the following acknowledgment: |
| 35 | * The word 'cryptographic' can be left out if the rouines from the library | 19 | * "This product includes software developed by the OpenSSL Project |
| 36 | * being used are not cryptographic related :-). | 20 | * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" |
| 37 | * 4. If you include any Windows specific code (or a derivative thereof) from | 21 | * |
| 38 | * the apps directory (application code) you must include an acknowledgement: | 22 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to |
| 39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | 23 | * endorse or promote products derived from this software without |
| 40 | * | 24 | * prior written permission. For written permission, please contact |
| 41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | 25 | * openssl-core@OpenSSL.org. |
| 42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | 26 | * |
| 43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | 27 | * 5. Products derived from this software may not be called "OpenSSL" |
| 44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | 28 | * nor may "OpenSSL" appear in their names without prior written |
| 45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | 29 | * permission of the OpenSSL Project. |
| 46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | 30 | * |
| 47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | 31 | * 6. Redistributions of any form whatsoever must retain the following |
| 48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | 32 | * acknowledgment: |
| 49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | 33 | * "This product includes software developed by the OpenSSL Project |
| 50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | 34 | * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" |
| 51 | * SUCH DAMAGE. | 35 | * |
| 52 | * | 36 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY |
| 53 | * The licence and distribution terms for any publically available version or | 37 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE |
| 54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | 38 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR |
| 55 | * copied and put under another distribution licence | 39 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR |
| 56 | * [including the GNU Public Licence.] | 40 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
| 41 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 42 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 43 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 44 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 45 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 46 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 47 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 48 | * ==================================================================== | ||
| 49 | * | ||
| 50 | * This product includes cryptographic software written by Eric Young | ||
| 51 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 52 | * Hudson (tjh@cryptsoft.com). | ||
| 53 | * | ||
| 57 | */ | 54 | */ |
| 55 | |||
| 56 | /* NOTE: this file was auto generated by the mkerr.pl script: any changes | ||
| 57 | * made to it will be overwritten when the script next updates this file, | ||
| 58 | * only reason strings will be preserved. | ||
| 59 | */ | ||
| 60 | |||
| 58 | #include <stdio.h> | 61 | #include <stdio.h> |
| 59 | #include "err.h" | 62 | #include <openssl/err.h> |
| 60 | #include "ssl.h" | 63 | #include <openssl/ssl.h> |
| 61 | 64 | ||
| 62 | /* BEGIN ERROR CODES */ | 65 | /* BEGIN ERROR CODES */ |
| 63 | #ifndef NO_ERR | 66 | #ifndef OPENSSL_NO_ERR |
| 64 | static ERR_STRING_DATA SSL_str_functs[]= | 67 | static ERR_STRING_DATA SSL_str_functs[]= |
| 65 | { | 68 | { |
| 66 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, | 69 | {ERR_PACK(0,SSL_F_CLIENT_CERTIFICATE,0), "CLIENT_CERTIFICATE"}, |
| @@ -83,21 +86,27 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 83 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, | 86 | {ERR_PACK(0,SSL_F_SSL23_CONNECT,0), "SSL23_CONNECT"}, |
| 84 | {ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, | 87 | {ERR_PACK(0,SSL_F_SSL23_GET_CLIENT_HELLO,0), "SSL23_GET_CLIENT_HELLO"}, |
| 85 | {ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, | 88 | {ERR_PACK(0,SSL_F_SSL23_GET_SERVER_HELLO,0), "SSL23_GET_SERVER_HELLO"}, |
| 89 | {ERR_PACK(0,SSL_F_SSL23_PEEK,0), "SSL23_PEEK"}, | ||
| 86 | {ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, | 90 | {ERR_PACK(0,SSL_F_SSL23_READ,0), "SSL23_READ"}, |
| 87 | {ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, | 91 | {ERR_PACK(0,SSL_F_SSL23_WRITE,0), "SSL23_WRITE"}, |
| 88 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, | 92 | {ERR_PACK(0,SSL_F_SSL2_ACCEPT,0), "SSL2_ACCEPT"}, |
| 89 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, | 93 | {ERR_PACK(0,SSL_F_SSL2_CONNECT,0), "SSL2_CONNECT"}, |
| 90 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, | 94 | {ERR_PACK(0,SSL_F_SSL2_ENC_INIT,0), "SSL2_ENC_INIT"}, |
| 95 | {ERR_PACK(0,SSL_F_SSL2_PEEK,0), "SSL2_PEEK"}, | ||
| 91 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, | 96 | {ERR_PACK(0,SSL_F_SSL2_READ,0), "SSL2_READ"}, |
| 97 | {ERR_PACK(0,SSL_F_SSL2_READ_INTERNAL,0), "SSL2_READ_INTERNAL"}, | ||
| 92 | {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, | 98 | {ERR_PACK(0,SSL_F_SSL2_SET_CERTIFICATE,0), "SSL2_SET_CERTIFICATE"}, |
| 93 | {ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, | 99 | {ERR_PACK(0,SSL_F_SSL2_WRITE,0), "SSL2_WRITE"}, |
| 94 | {ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, | 100 | {ERR_PACK(0,SSL_F_SSL3_ACCEPT,0), "SSL3_ACCEPT"}, |
| 101 | {ERR_PACK(0,SSL_F_SSL3_CALLBACK_CTRL,0), "SSL3_CALLBACK_CTRL"}, | ||
| 95 | {ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, | 102 | {ERR_PACK(0,SSL_F_SSL3_CHANGE_CIPHER_STATE,0), "SSL3_CHANGE_CIPHER_STATE"}, |
| 96 | {ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, | 103 | {ERR_PACK(0,SSL_F_SSL3_CHECK_CERT_AND_ALGORITHM,0), "SSL3_CHECK_CERT_AND_ALGORITHM"}, |
| 97 | {ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, | 104 | {ERR_PACK(0,SSL_F_SSL3_CLIENT_HELLO,0), "SSL3_CLIENT_HELLO"}, |
| 98 | {ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, | 105 | {ERR_PACK(0,SSL_F_SSL3_CONNECT,0), "SSL3_CONNECT"}, |
| 106 | {ERR_PACK(0,SSL_F_SSL3_CTRL,0), "SSL3_CTRL"}, | ||
| 99 | {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, | 107 | {ERR_PACK(0,SSL_F_SSL3_CTX_CTRL,0), "SSL3_CTX_CTRL"}, |
| 100 | {ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, | 108 | {ERR_PACK(0,SSL_F_SSL3_ENC,0), "SSL3_ENC"}, |
| 109 | {ERR_PACK(0,SSL_F_SSL3_GENERATE_KEY_BLOCK,0), "SSL3_GENERATE_KEY_BLOCK"}, | ||
| 101 | {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, | 110 | {ERR_PACK(0,SSL_F_SSL3_GET_CERTIFICATE_REQUEST,0), "SSL3_GET_CERTIFICATE_REQUEST"}, |
| 102 | {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, | 111 | {ERR_PACK(0,SSL_F_SSL3_GET_CERT_VERIFY,0), "SSL3_GET_CERT_VERIFY"}, |
| 103 | {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, | 112 | {ERR_PACK(0,SSL_F_SSL3_GET_CLIENT_CERTIFICATE,0), "SSL3_GET_CLIENT_CERTIFICATE"}, |
| @@ -111,6 +120,7 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 111 | {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, | 120 | {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_DONE,0), "SSL3_GET_SERVER_DONE"}, |
| 112 | {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, | 121 | {ERR_PACK(0,SSL_F_SSL3_GET_SERVER_HELLO,0), "SSL3_GET_SERVER_HELLO"}, |
| 113 | {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, | 122 | {ERR_PACK(0,SSL_F_SSL3_OUTPUT_CERT_CHAIN,0), "SSL3_OUTPUT_CERT_CHAIN"}, |
| 123 | {ERR_PACK(0,SSL_F_SSL3_PEEK,0), "SSL3_PEEK"}, | ||
| 114 | {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, | 124 | {ERR_PACK(0,SSL_F_SSL3_READ_BYTES,0), "SSL3_READ_BYTES"}, |
| 115 | {ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, | 125 | {ERR_PACK(0,SSL_F_SSL3_READ_N,0), "SSL3_READ_N"}, |
| 116 | {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, | 126 | {ERR_PACK(0,SSL_F_SSL3_SEND_CERTIFICATE_REQUEST,0), "SSL3_SEND_CERTIFICATE_REQUEST"}, |
| @@ -123,16 +133,30 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 123 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, | 133 | {ERR_PACK(0,SSL_F_SSL3_SETUP_KEY_BLOCK,0), "SSL3_SETUP_KEY_BLOCK"}, |
| 124 | {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, | 134 | {ERR_PACK(0,SSL_F_SSL3_WRITE_BYTES,0), "SSL3_WRITE_BYTES"}, |
| 125 | {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, | 135 | {ERR_PACK(0,SSL_F_SSL3_WRITE_PENDING,0), "SSL3_WRITE_PENDING"}, |
| 136 | {ERR_PACK(0,SSL_F_SSL_ADD_DIR_CERT_SUBJECTS_TO_STACK,0), "SSL_add_dir_cert_subjects_to_stack"}, | ||
| 137 | {ERR_PACK(0,SSL_F_SSL_ADD_FILE_CERT_SUBJECTS_TO_STACK,0), "SSL_add_file_cert_subjects_to_stack"}, | ||
| 126 | {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, | 138 | {ERR_PACK(0,SSL_F_SSL_BAD_METHOD,0), "SSL_BAD_METHOD"}, |
| 127 | {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, | 139 | {ERR_PACK(0,SSL_F_SSL_BYTES_TO_CIPHER_LIST,0), "SSL_BYTES_TO_CIPHER_LIST"}, |
| 140 | {ERR_PACK(0,SSL_F_SSL_CERT_DUP,0), "SSL_CERT_DUP"}, | ||
| 141 | {ERR_PACK(0,SSL_F_SSL_CERT_INST,0), "SSL_CERT_INST"}, | ||
| 142 | {ERR_PACK(0,SSL_F_SSL_CERT_INSTANTIATE,0), "SSL_CERT_INSTANTIATE"}, | ||
| 128 | {ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, | 143 | {ERR_PACK(0,SSL_F_SSL_CERT_NEW,0), "SSL_CERT_NEW"}, |
| 129 | {ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, | 144 | {ERR_PACK(0,SSL_F_SSL_CHECK_PRIVATE_KEY,0), "SSL_check_private_key"}, |
| 145 | {ERR_PACK(0,SSL_F_SSL_CIPHER_PROCESS_RULESTR,0), "SSL_CIPHER_PROCESS_RULESTR"}, | ||
| 146 | {ERR_PACK(0,SSL_F_SSL_CIPHER_STRENGTH_SORT,0), "SSL_CIPHER_STRENGTH_SORT"}, | ||
| 147 | {ERR_PACK(0,SSL_F_SSL_CLEAR,0), "SSL_clear"}, | ||
| 148 | {ERR_PACK(0,SSL_F_SSL_COMP_ADD_COMPRESSION_METHOD,0), "SSL_COMP_add_compression_method"}, | ||
| 130 | {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, | 149 | {ERR_PACK(0,SSL_F_SSL_CREATE_CIPHER_LIST,0), "SSL_CREATE_CIPHER_LIST"}, |
| 150 | {ERR_PACK(0,SSL_F_SSL_CTRL,0), "SSL_ctrl"}, | ||
| 131 | {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, | 151 | {ERR_PACK(0,SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,0), "SSL_CTX_check_private_key"}, |
| 132 | {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, | 152 | {ERR_PACK(0,SSL_F_SSL_CTX_NEW,0), "SSL_CTX_new"}, |
| 153 | {ERR_PACK(0,SSL_F_SSL_CTX_SET_PURPOSE,0), "SSL_CTX_set_purpose"}, | ||
| 154 | {ERR_PACK(0,SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,0), "SSL_CTX_set_session_id_context"}, | ||
| 133 | {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, | 155 | {ERR_PACK(0,SSL_F_SSL_CTX_SET_SSL_VERSION,0), "SSL_CTX_set_ssl_version"}, |
| 156 | {ERR_PACK(0,SSL_F_SSL_CTX_SET_TRUST,0), "SSL_CTX_set_trust"}, | ||
| 134 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, | 157 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE,0), "SSL_CTX_use_certificate"}, |
| 135 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, | 158 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_ASN1,0), "SSL_CTX_use_certificate_ASN1"}, |
| 159 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,0), "SSL_CTX_use_certificate_chain_file"}, | ||
| 136 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, | 160 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_CERTIFICATE_FILE,0), "SSL_CTX_use_certificate_file"}, |
| 137 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, | 161 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY,0), "SSL_CTX_use_PrivateKey"}, |
| 138 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, | 162 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_PRIVATEKEY_ASN1,0), "SSL_CTX_use_PrivateKey_ASN1"}, |
| @@ -142,21 +166,28 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 142 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, | 166 | {ERR_PACK(0,SSL_F_SSL_CTX_USE_RSAPRIVATEKEY_FILE,0), "SSL_CTX_use_RSAPrivateKey_file"}, |
| 143 | {ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, | 167 | {ERR_PACK(0,SSL_F_SSL_DO_HANDSHAKE,0), "SSL_do_handshake"}, |
| 144 | {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, | 168 | {ERR_PACK(0,SSL_F_SSL_GET_NEW_SESSION,0), "SSL_GET_NEW_SESSION"}, |
| 169 | {ERR_PACK(0,SSL_F_SSL_GET_PREV_SESSION,0), "SSL_GET_PREV_SESSION"}, | ||
| 145 | {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, | 170 | {ERR_PACK(0,SSL_F_SSL_GET_SERVER_SEND_CERT,0), "SSL_GET_SERVER_SEND_CERT"}, |
| 146 | {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, | 171 | {ERR_PACK(0,SSL_F_SSL_GET_SIGN_PKEY,0), "SSL_GET_SIGN_PKEY"}, |
| 147 | {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, | 172 | {ERR_PACK(0,SSL_F_SSL_INIT_WBIO_BUFFER,0), "SSL_INIT_WBIO_BUFFER"}, |
| 148 | {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, | 173 | {ERR_PACK(0,SSL_F_SSL_LOAD_CLIENT_CA_FILE,0), "SSL_load_client_CA_file"}, |
| 149 | {ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, | 174 | {ERR_PACK(0,SSL_F_SSL_NEW,0), "SSL_new"}, |
| 175 | {ERR_PACK(0,SSL_F_SSL_READ,0), "SSL_read"}, | ||
| 150 | {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, | 176 | {ERR_PACK(0,SSL_F_SSL_RSA_PRIVATE_DECRYPT,0), "SSL_RSA_PRIVATE_DECRYPT"}, |
| 151 | {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, | 177 | {ERR_PACK(0,SSL_F_SSL_RSA_PUBLIC_ENCRYPT,0), "SSL_RSA_PUBLIC_ENCRYPT"}, |
| 152 | {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, | 178 | {ERR_PACK(0,SSL_F_SSL_SESSION_NEW,0), "SSL_SESSION_new"}, |
| 153 | {ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, | 179 | {ERR_PACK(0,SSL_F_SSL_SESSION_PRINT_FP,0), "SSL_SESSION_print_fp"}, |
| 180 | {ERR_PACK(0,SSL_F_SSL_SESS_CERT_NEW,0), "SSL_SESS_CERT_NEW"}, | ||
| 154 | {ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"}, | 181 | {ERR_PACK(0,SSL_F_SSL_SET_CERT,0), "SSL_SET_CERT"}, |
| 155 | {ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, | 182 | {ERR_PACK(0,SSL_F_SSL_SET_FD,0), "SSL_set_fd"}, |
| 156 | {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, | 183 | {ERR_PACK(0,SSL_F_SSL_SET_PKEY,0), "SSL_SET_PKEY"}, |
| 184 | {ERR_PACK(0,SSL_F_SSL_SET_PURPOSE,0), "SSL_set_purpose"}, | ||
| 157 | {ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, | 185 | {ERR_PACK(0,SSL_F_SSL_SET_RFD,0), "SSL_set_rfd"}, |
| 158 | {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, | 186 | {ERR_PACK(0,SSL_F_SSL_SET_SESSION,0), "SSL_set_session"}, |
| 187 | {ERR_PACK(0,SSL_F_SSL_SET_SESSION_ID_CONTEXT,0), "SSL_set_session_id_context"}, | ||
| 188 | {ERR_PACK(0,SSL_F_SSL_SET_TRUST,0), "SSL_set_trust"}, | ||
| 159 | {ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, | 189 | {ERR_PACK(0,SSL_F_SSL_SET_WFD,0), "SSL_set_wfd"}, |
| 190 | {ERR_PACK(0,SSL_F_SSL_SHUTDOWN,0), "SSL_shutdown"}, | ||
| 160 | {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, | 191 | {ERR_PACK(0,SSL_F_SSL_UNDEFINED_FUNCTION,0), "SSL_UNDEFINED_FUNCTION"}, |
| 161 | {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, | 192 | {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE,0), "SSL_use_certificate"}, |
| 162 | {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, | 193 | {ERR_PACK(0,SSL_F_SSL_USE_CERTIFICATE_ASN1,0), "SSL_use_certificate_ASN1"}, |
| @@ -167,22 +198,23 @@ static ERR_STRING_DATA SSL_str_functs[]= | |||
| 167 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, | 198 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY,0), "SSL_use_RSAPrivateKey"}, |
| 168 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, | 199 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_ASN1,0), "SSL_use_RSAPrivateKey_ASN1"}, |
| 169 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, | 200 | {ERR_PACK(0,SSL_F_SSL_USE_RSAPRIVATEKEY_FILE,0), "SSL_use_RSAPrivateKey_file"}, |
| 201 | {ERR_PACK(0,SSL_F_SSL_VERIFY_CERT_CHAIN,0), "SSL_VERIFY_CERT_CHAIN"}, | ||
| 170 | {ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, | 202 | {ERR_PACK(0,SSL_F_SSL_WRITE,0), "SSL_write"}, |
| 171 | {ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"}, | 203 | {ERR_PACK(0,SSL_F_TLS1_CHANGE_CIPHER_STATE,0), "TLS1_CHANGE_CIPHER_STATE"}, |
| 172 | {ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"}, | 204 | {ERR_PACK(0,SSL_F_TLS1_ENC,0), "TLS1_ENC"}, |
| 173 | {ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"}, | 205 | {ERR_PACK(0,SSL_F_TLS1_SETUP_KEY_BLOCK,0), "TLS1_SETUP_KEY_BLOCK"}, |
| 174 | {ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, | 206 | {ERR_PACK(0,SSL_F_WRITE_PENDING,0), "WRITE_PENDING"}, |
| 175 | {0,NULL}, | 207 | {0,NULL} |
| 176 | }; | 208 | }; |
| 177 | 209 | ||
| 178 | static ERR_STRING_DATA SSL_str_reasons[]= | 210 | static ERR_STRING_DATA SSL_str_reasons[]= |
| 179 | { | 211 | { |
| 180 | {SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, | 212 | {SSL_R_APP_DATA_IN_HANDSHAKE ,"app data in handshake"}, |
| 213 | {SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT,"attempt to reuse session in different context"}, | ||
| 181 | {SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, | 214 | {SSL_R_BAD_ALERT_RECORD ,"bad alert record"}, |
| 182 | {SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, | 215 | {SSL_R_BAD_AUTHENTICATION_TYPE ,"bad authentication type"}, |
| 183 | {SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, | 216 | {SSL_R_BAD_CHANGE_CIPHER_SPEC ,"bad change cipher spec"}, |
| 184 | {SSL_R_BAD_CHECKSUM ,"bad checksum"}, | 217 | {SSL_R_BAD_CHECKSUM ,"bad checksum"}, |
| 185 | {SSL_R_BAD_CLIENT_REQUEST ,"bad client request"}, | ||
| 186 | {SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, | 218 | {SSL_R_BAD_DATA_RETURNED_BY_CALLBACK ,"bad data returned by callback"}, |
| 187 | {SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, | 219 | {SSL_R_BAD_DECOMPRESSION ,"bad decompression"}, |
| 188 | {SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, | 220 | {SSL_R_BAD_DH_G_LENGTH ,"bad dh g length"}, |
| @@ -190,6 +222,8 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 190 | {SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, | 222 | {SSL_R_BAD_DH_P_LENGTH ,"bad dh p length"}, |
| 191 | {SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, | 223 | {SSL_R_BAD_DIGEST_LENGTH ,"bad digest length"}, |
| 192 | {SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, | 224 | {SSL_R_BAD_DSA_SIGNATURE ,"bad dsa signature"}, |
| 225 | {SSL_R_BAD_HELLO_REQUEST ,"bad hello request"}, | ||
| 226 | {SSL_R_BAD_LENGTH ,"bad length"}, | ||
| 193 | {SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, | 227 | {SSL_R_BAD_MAC_DECODE ,"bad mac decode"}, |
| 194 | {SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, | 228 | {SSL_R_BAD_MESSAGE_TYPE ,"bad message type"}, |
| 195 | {SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, | 229 | {SSL_R_BAD_PACKET_LENGTH ,"bad packet length"}, |
| @@ -219,25 +253,44 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 219 | {SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, | 253 | {SSL_R_CIPHER_TABLE_SRC_ERROR ,"cipher table src error"}, |
| 220 | {SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, | 254 | {SSL_R_COMPRESSED_LENGTH_TOO_LONG ,"compressed length too long"}, |
| 221 | {SSL_R_COMPRESSION_FAILURE ,"compression failure"}, | 255 | {SSL_R_COMPRESSION_FAILURE ,"compression failure"}, |
| 256 | {SSL_R_COMPRESSION_LIBRARY_ERROR ,"compression library error"}, | ||
| 222 | {SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, | 257 | {SSL_R_CONNECTION_ID_IS_DIFFERENT ,"connection id is different"}, |
| 223 | {SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"}, | 258 | {SSL_R_CONNECTION_TYPE_NOT_SET ,"connection type not set"}, |
| 224 | {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, | 259 | {SSL_R_DATA_BETWEEN_CCS_AND_FINISHED ,"data between ccs and finished"}, |
| 225 | {SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, | 260 | {SSL_R_DATA_LENGTH_TOO_LONG ,"data length too long"}, |
| 226 | {SSL_R_DECRYPTION_FAILED ,"decryption failed"}, | 261 | {SSL_R_DECRYPTION_FAILED ,"decryption failed"}, |
| 262 | {SSL_R_DECRYPTION_FAILED_OR_BAD_RECORD_MAC,"decryption failed or bad record mac"}, | ||
| 227 | {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, | 263 | {SSL_R_DH_PUBLIC_VALUE_LENGTH_IS_WRONG ,"dh public value length is wrong"}, |
| 228 | {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, | 264 | {SSL_R_DIGEST_CHECK_FAILED ,"digest check failed"}, |
| 229 | {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, | 265 | {SSL_R_ENCRYPTED_LENGTH_TOO_LONG ,"encrypted length too long"}, |
| 266 | {SSL_R_ERROR_GENERATING_TMP_RSA_KEY ,"error generating tmp rsa key"}, | ||
| 230 | {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, | 267 | {SSL_R_ERROR_IN_RECEIVED_CIPHER_LIST ,"error in received cipher list"}, |
| 231 | {SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, | 268 | {SSL_R_EXCESSIVE_MESSAGE_SIZE ,"excessive message size"}, |
| 232 | {SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, | 269 | {SSL_R_EXTRA_DATA_IN_MESSAGE ,"extra data in message"}, |
| 233 | {SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, | 270 | {SSL_R_GOT_A_FIN_BEFORE_A_CCS ,"got a fin before a ccs"}, |
| 234 | {SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, | 271 | {SSL_R_HTTPS_PROXY_REQUEST ,"https proxy request"}, |
| 235 | {SSL_R_HTTP_REQUEST ,"http request"}, | 272 | {SSL_R_HTTP_REQUEST ,"http request"}, |
| 236 | {SSL_R_INTERNAL_ERROR ,"internal error"}, | 273 | {SSL_R_ILLEGAL_PADDING ,"illegal padding"}, |
| 237 | {SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, | 274 | {SSL_R_INVALID_CHALLENGE_LENGTH ,"invalid challenge length"}, |
| 275 | {SSL_R_INVALID_COMMAND ,"invalid command"}, | ||
| 276 | {SSL_R_INVALID_PURPOSE ,"invalid purpose"}, | ||
| 277 | {SSL_R_INVALID_TRUST ,"invalid trust"}, | ||
| 278 | {SSL_R_KRB5 ,"krb5"}, | ||
| 279 | {SSL_R_KRB5_C_CC_PRINC ,"krb5 client cc principal (no tkt?)"}, | ||
| 280 | {SSL_R_KRB5_C_GET_CRED ,"krb5 client get cred"}, | ||
| 281 | {SSL_R_KRB5_C_INIT ,"krb5 client init"}, | ||
| 282 | {SSL_R_KRB5_C_MK_REQ ,"krb5 client mk_req (expired tkt?)"}, | ||
| 283 | {SSL_R_KRB5_S_BAD_TICKET ,"krb5 server bad ticket"}, | ||
| 284 | {SSL_R_KRB5_S_INIT ,"krb5 server init"}, | ||
| 285 | {SSL_R_KRB5_S_RD_REQ ,"krb5 server rd_req (keytab perms?)"}, | ||
| 286 | {SSL_R_KRB5_S_TKT_EXPIRED ,"krb5 server tkt expired"}, | ||
| 287 | {SSL_R_KRB5_S_TKT_NYV ,"krb5 server tkt not yet valid"}, | ||
| 288 | {SSL_R_KRB5_S_TKT_SKEW ,"krb5 server tkt skew"}, | ||
| 238 | {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, | 289 | {SSL_R_LENGTH_MISMATCH ,"length mismatch"}, |
| 239 | {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, | 290 | {SSL_R_LENGTH_TOO_SHORT ,"length too short"}, |
| 291 | {SSL_R_LIBRARY_BUG ,"library bug"}, | ||
| 240 | {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, | 292 | {SSL_R_LIBRARY_HAS_NO_CIPHERS ,"library has no ciphers"}, |
| 293 | {SSL_R_MESSAGE_TOO_LONG ,"message too long"}, | ||
| 241 | {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, | 294 | {SSL_R_MISSING_DH_DSA_CERT ,"missing dh dsa cert"}, |
| 242 | {SSL_R_MISSING_DH_KEY ,"missing dh key"}, | 295 | {SSL_R_MISSING_DH_KEY ,"missing dh key"}, |
| 243 | {SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, | 296 | {SSL_R_MISSING_DH_RSA_CERT ,"missing dh rsa cert"}, |
| @@ -264,15 +317,18 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 264 | {SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, | 317 | {SSL_R_NO_CIPHER_MATCH ,"no cipher match"}, |
| 265 | {SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, | 318 | {SSL_R_NO_CLIENT_CERT_RECEIVED ,"no client cert received"}, |
| 266 | {SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, | 319 | {SSL_R_NO_COMPRESSION_SPECIFIED ,"no compression specified"}, |
| 320 | {SSL_R_NO_METHOD_SPECIFIED ,"no method specified"}, | ||
| 267 | {SSL_R_NO_PRIVATEKEY ,"no privatekey"}, | 321 | {SSL_R_NO_PRIVATEKEY ,"no privatekey"}, |
| 268 | {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, | 322 | {SSL_R_NO_PRIVATE_KEY_ASSIGNED ,"no private key assigned"}, |
| 269 | {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, | 323 | {SSL_R_NO_PROTOCOLS_AVAILABLE ,"no protocols available"}, |
| 270 | {SSL_R_NO_PUBLICKEY ,"no publickey"}, | 324 | {SSL_R_NO_PUBLICKEY ,"no publickey"}, |
| 271 | {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, | 325 | {SSL_R_NO_SHARED_CIPHER ,"no shared cipher"}, |
| 326 | {SSL_R_NO_VERIFY_CALLBACK ,"no verify callback"}, | ||
| 272 | {SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, | 327 | {SSL_R_NULL_SSL_CTX ,"null ssl ctx"}, |
| 273 | {SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, | 328 | {SSL_R_NULL_SSL_METHOD_PASSED ,"null ssl method passed"}, |
| 274 | {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, | 329 | {SSL_R_OLD_SESSION_CIPHER_NOT_RETURNED ,"old session cipher not returned"}, |
| 275 | {SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, | 330 | {SSL_R_PACKET_LENGTH_TOO_LONG ,"packet length too long"}, |
| 331 | {SSL_R_PATH_TOO_LONG ,"path too long"}, | ||
| 276 | {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, | 332 | {SSL_R_PEER_DID_NOT_RETURN_A_CERTIFICATE ,"peer did not return a certificate"}, |
| 277 | {SSL_R_PEER_ERROR ,"peer error"}, | 333 | {SSL_R_PEER_ERROR ,"peer error"}, |
| 278 | {SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, | 334 | {SSL_R_PEER_ERROR_CERTIFICATE ,"peer error certificate"}, |
| @@ -289,12 +345,15 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 289 | {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, | 345 | {SSL_R_READ_WRONG_PACKET_TYPE ,"read wrong packet type"}, |
| 290 | {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, | 346 | {SSL_R_RECORD_LENGTH_MISMATCH ,"record length mismatch"}, |
| 291 | {SSL_R_RECORD_TOO_LARGE ,"record too large"}, | 347 | {SSL_R_RECORD_TOO_LARGE ,"record too large"}, |
| 348 | {SSL_R_RECORD_TOO_SMALL ,"record too small"}, | ||
| 292 | {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, | 349 | {SSL_R_REQUIRED_CIPHER_MISSING ,"required cipher missing"}, |
| 293 | {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, | 350 | {SSL_R_REUSE_CERT_LENGTH_NOT_ZERO ,"reuse cert length not zero"}, |
| 294 | {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, | 351 | {SSL_R_REUSE_CERT_TYPE_NOT_ZERO ,"reuse cert type not zero"}, |
| 295 | {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, | 352 | {SSL_R_REUSE_CIPHER_LIST_NOT_ZERO ,"reuse cipher list not zero"}, |
| 353 | {SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED ,"session id context uninitialized"}, | ||
| 296 | {SSL_R_SHORT_READ ,"short read"}, | 354 | {SSL_R_SHORT_READ ,"short read"}, |
| 297 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, | 355 | {SSL_R_SIGNATURE_FOR_NON_SIGNING_CERTIFICATE,"signature for non signing certificate"}, |
| 356 | {SSL_R_SSL23_DOING_SESSION_ID_REUSE ,"ssl23 doing session id reuse"}, | ||
| 298 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, | 357 | {SSL_R_SSL3_SESSION_ID_TOO_SHORT ,"ssl3 session id too short"}, |
| 299 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, | 358 | {SSL_R_SSLV3_ALERT_BAD_CERTIFICATE ,"sslv3 alert bad certificate"}, |
| 300 | {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, | 359 | {SSL_R_SSLV3_ALERT_BAD_RECORD_MAC ,"sslv3 alert bad record mac"}, |
| @@ -315,7 +374,23 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 315 | {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, | 374 | {SSL_R_SSL_CTX_HAS_NO_DEFAULT_SSL_VERSION,"ssl ctx has no default ssl version"}, |
| 316 | {SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, | 375 | {SSL_R_SSL_HANDSHAKE_FAILURE ,"ssl handshake failure"}, |
| 317 | {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, | 376 | {SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS ,"ssl library has no ciphers"}, |
| 377 | {SSL_R_SSL_SESSION_ID_CALLBACK_FAILED ,"ssl session id callback failed"}, | ||
| 378 | {SSL_R_SSL_SESSION_ID_CONFLICT ,"ssl session id conflict"}, | ||
| 379 | {SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG ,"ssl session id context too long"}, | ||
| 380 | {SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH ,"ssl session id has bad length"}, | ||
| 318 | {SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, | 381 | {SSL_R_SSL_SESSION_ID_IS_DIFFERENT ,"ssl session id is different"}, |
| 382 | {SSL_R_TLSV1_ALERT_ACCESS_DENIED ,"tlsv1 alert access denied"}, | ||
| 383 | {SSL_R_TLSV1_ALERT_DECODE_ERROR ,"tlsv1 alert decode error"}, | ||
| 384 | {SSL_R_TLSV1_ALERT_DECRYPTION_FAILED ,"tlsv1 alert decryption failed"}, | ||
| 385 | {SSL_R_TLSV1_ALERT_DECRYPT_ERROR ,"tlsv1 alert decrypt error"}, | ||
| 386 | {SSL_R_TLSV1_ALERT_EXPORT_RESTRICTION ,"tlsv1 alert export restriction"}, | ||
| 387 | {SSL_R_TLSV1_ALERT_INSUFFICIENT_SECURITY ,"tlsv1 alert insufficient security"}, | ||
| 388 | {SSL_R_TLSV1_ALERT_INTERNAL_ERROR ,"tlsv1 alert internal error"}, | ||
| 389 | {SSL_R_TLSV1_ALERT_NO_RENEGOTIATION ,"tlsv1 alert no renegotiation"}, | ||
| 390 | {SSL_R_TLSV1_ALERT_PROTOCOL_VERSION ,"tlsv1 alert protocol version"}, | ||
| 391 | {SSL_R_TLSV1_ALERT_RECORD_OVERFLOW ,"tlsv1 alert record overflow"}, | ||
| 392 | {SSL_R_TLSV1_ALERT_UNKNOWN_CA ,"tlsv1 alert unknown ca"}, | ||
| 393 | {SSL_R_TLSV1_ALERT_USER_CANCELLED ,"tlsv1 alert user cancelled"}, | ||
| 319 | {SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"}, | 394 | {SSL_R_TLS_CLIENT_CERT_REQ_WITH_ANON_CIPHER,"tls client cert req with anon cipher"}, |
| 320 | {SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"}, | 395 | {SSL_R_TLS_PEER_DID_NOT_RESPOND_WITH_CERTIFICATE_LIST,"tls peer did not respond with certificate list"}, |
| 321 | {SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"}, | 396 | {SSL_R_TLS_RSA_ENCRYPTED_VALUE_LENGTH_IS_WRONG,"tls rsa encrypted value length is wrong"}, |
| @@ -330,6 +405,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 330 | {SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"}, | 405 | {SSL_R_UNABLE_TO_LOAD_SSL3_SHA1_ROUTINES ,"unable to load ssl3 sha1 routines"}, |
| 331 | {SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, | 406 | {SSL_R_UNEXPECTED_MESSAGE ,"unexpected message"}, |
| 332 | {SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, | 407 | {SSL_R_UNEXPECTED_RECORD ,"unexpected record"}, |
| 408 | {SSL_R_UNINITIALIZED ,"uninitialized"}, | ||
| 333 | {SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, | 409 | {SSL_R_UNKNOWN_ALERT_TYPE ,"unknown alert type"}, |
| 334 | {SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, | 410 | {SSL_R_UNKNOWN_CERTIFICATE_TYPE ,"unknown certificate type"}, |
| 335 | {SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, | 411 | {SSL_R_UNKNOWN_CIPHER_RETURNED ,"unknown cipher returned"}, |
| @@ -342,6 +418,7 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 342 | {SSL_R_UNKNOWN_STATE ,"unknown state"}, | 418 | {SSL_R_UNKNOWN_STATE ,"unknown state"}, |
| 343 | {SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, | 419 | {SSL_R_UNSUPPORTED_CIPHER ,"unsupported cipher"}, |
| 344 | {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, | 420 | {SSL_R_UNSUPPORTED_COMPRESSION_ALGORITHM ,"unsupported compression algorithm"}, |
| 421 | {SSL_R_UNSUPPORTED_OPTION ,"unsupported option"}, | ||
| 345 | {SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"}, | 422 | {SSL_R_UNSUPPORTED_PROTOCOL ,"unsupported protocol"}, |
| 346 | {SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, | 423 | {SSL_R_UNSUPPORTED_SSL_VERSION ,"unsupported ssl version"}, |
| 347 | {SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, | 424 | {SSL_R_WRITE_BIO_NOT_SET ,"write bio not set"}, |
| @@ -353,19 +430,20 @@ static ERR_STRING_DATA SSL_str_reasons[]= | |||
| 353 | {SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"}, | 430 | {SSL_R_WRONG_SSL_VERSION ,"wrong ssl version"}, |
| 354 | {SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"}, | 431 | {SSL_R_WRONG_VERSION_NUMBER ,"wrong version number"}, |
| 355 | {SSL_R_X509_LIB ,"x509 lib"}, | 432 | {SSL_R_X509_LIB ,"x509 lib"}, |
| 356 | {0,NULL}, | 433 | {SSL_R_X509_VERIFICATION_SETUP_PROBLEMS ,"x509 verification setup problems"}, |
| 434 | {0,NULL} | ||
| 357 | }; | 435 | }; |
| 358 | 436 | ||
| 359 | #endif | 437 | #endif |
| 360 | 438 | ||
| 361 | void ERR_load_SSL_strings() | 439 | void ERR_load_SSL_strings(void) |
| 362 | { | 440 | { |
| 363 | static int init=1; | 441 | static int init=1; |
| 364 | 442 | ||
| 365 | if (init); | 443 | if (init) |
| 366 | {; | 444 | { |
| 367 | init=0; | 445 | init=0; |
| 368 | #ifndef NO_ERR | 446 | #ifndef OPENSSL_NO_ERR |
| 369 | ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); | 447 | ERR_load_strings(ERR_LIB_SSL,SSL_str_functs); |
| 370 | ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); | 448 | ERR_load_strings(ERR_LIB_SSL,SSL_str_reasons); |
| 371 | #endif | 449 | #endif |
diff --git a/src/lib/libssl/ssl_err2.c b/src/lib/libssl/ssl_err2.c index 0b91f7b8d2..ea95a5f983 100644 --- a/src/lib/libssl/ssl_err2.c +++ b/src/lib/libssl/ssl_err2.c | |||
| @@ -57,12 +57,12 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "err.h" | 60 | #include <openssl/err.h> |
| 61 | #include "ssl.h" | 61 | #include <openssl/ssl.h> |
| 62 | 62 | ||
| 63 | void SSL_load_error_strings() | 63 | void SSL_load_error_strings(void) |
| 64 | { | 64 | { |
| 65 | #ifndef NO_ERR | 65 | #ifndef OPENSSL_NO_ERR |
| 66 | ERR_load_crypto_strings(); | 66 | ERR_load_crypto_strings(); |
| 67 | ERR_load_SSL_strings(); | 67 | ERR_load_SSL_strings(); |
| 68 | #endif | 68 | #endif |
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index f562ec6b14..df307a80c5 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c | |||
| @@ -1,4 +1,6 @@ | |||
| 1 | /* ssl/ssl_lib.c */ | 1 | /*! \file ssl/ssl_lib.c |
| 2 | * \brief Version independent SSL functions. | ||
| 3 | */ | ||
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 4 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 5 | * All rights reserved. |
| 4 | * | 6 | * |
| @@ -55,52 +57,126 @@ | |||
| 55 | * copied and put under another distribution licence | 57 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 58 | * [including the GNU Public Licence.] |
| 57 | */ | 59 | */ |
| 60 | /* ==================================================================== | ||
| 61 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 62 | * | ||
| 63 | * Redistribution and use in source and binary forms, with or without | ||
| 64 | * modification, are permitted provided that the following conditions | ||
| 65 | * are met: | ||
| 66 | * | ||
| 67 | * 1. Redistributions of source code must retain the above copyright | ||
| 68 | * notice, this list of conditions and the following disclaimer. | ||
| 69 | * | ||
| 70 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 71 | * notice, this list of conditions and the following disclaimer in | ||
| 72 | * the documentation and/or other materials provided with the | ||
| 73 | * distribution. | ||
| 74 | * | ||
| 75 | * 3. All advertising materials mentioning features or use of this | ||
| 76 | * software must display the following acknowledgment: | ||
| 77 | * "This product includes software developed by the OpenSSL Project | ||
| 78 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 79 | * | ||
| 80 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 81 | * endorse or promote products derived from this software without | ||
| 82 | * prior written permission. For written permission, please contact | ||
| 83 | * openssl-core@openssl.org. | ||
| 84 | * | ||
| 85 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 86 | * nor may "OpenSSL" appear in their names without prior written | ||
| 87 | * permission of the OpenSSL Project. | ||
| 88 | * | ||
| 89 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 90 | * acknowledgment: | ||
| 91 | * "This product includes software developed by the OpenSSL Project | ||
| 92 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 93 | * | ||
| 94 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 95 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 96 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 97 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 98 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 99 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 100 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 101 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 102 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 103 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 104 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 105 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 106 | * ==================================================================== | ||
| 107 | * | ||
| 108 | * This product includes cryptographic software written by Eric Young | ||
| 109 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 110 | * Hudson (tjh@cryptsoft.com). | ||
| 111 | * | ||
| 112 | */ | ||
| 58 | 113 | ||
| 114 | |||
| 115 | #ifdef REF_CHECK | ||
| 116 | # include <assert.h> | ||
| 117 | #endif | ||
| 59 | #include <stdio.h> | 118 | #include <stdio.h> |
| 60 | #include "objects.h" | 119 | #include <openssl/objects.h> |
| 61 | #include "lhash.h" | 120 | #include <openssl/lhash.h> |
| 121 | #include <openssl/x509v3.h> | ||
| 62 | #include "ssl_locl.h" | 122 | #include "ssl_locl.h" |
| 123 | #include "kssl_lcl.h" | ||
| 63 | 124 | ||
| 64 | char *SSL_version_str="SSLeay 0.9.0b 29-Jun-1998"; | 125 | const char *SSL_version_str=OPENSSL_VERSION_TEXT; |
| 65 | |||
| 66 | static STACK *ssl_meth=NULL; | ||
| 67 | static STACK *ssl_ctx_meth=NULL; | ||
| 68 | static int ssl_meth_num=0; | ||
| 69 | static int ssl_ctx_meth_num=0; | ||
| 70 | 126 | ||
| 71 | SSL3_ENC_METHOD ssl3_undef_enc_method={ | 127 | OPENSSL_GLOBAL SSL3_ENC_METHOD ssl3_undef_enc_method={ |
| 72 | ssl_undefined_function, | 128 | /* evil casts, but these functions are only called if there's a library bug */ |
| 73 | ssl_undefined_function, | 129 | (int (*)(SSL *,int))ssl_undefined_function, |
| 74 | ssl_undefined_function, | 130 | (int (*)(SSL *, unsigned char *, int))ssl_undefined_function, |
| 75 | ssl_undefined_function, | ||
| 76 | ssl_undefined_function, | ||
| 77 | ssl_undefined_function, | 131 | ssl_undefined_function, |
| 132 | (int (*)(SSL *, unsigned char *, unsigned char *, int))ssl_undefined_function, | ||
| 133 | (int (*)(SSL*, int))ssl_undefined_function, | ||
| 134 | (int (*)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char*, int, unsigned char *))ssl_undefined_function | ||
| 78 | }; | 135 | }; |
| 79 | 136 | ||
| 80 | void SSL_clear(s) | 137 | int SSL_clear(SSL *s) |
| 81 | SSL *s; | ||
| 82 | { | 138 | { |
| 83 | int state; | ||
| 84 | 139 | ||
| 85 | if (s->method == NULL) return; | 140 | if (s->method == NULL) |
| 141 | { | ||
| 142 | SSLerr(SSL_F_SSL_CLEAR,SSL_R_NO_METHOD_SPECIFIED); | ||
| 143 | return(0); | ||
| 144 | } | ||
| 145 | |||
| 146 | if (ssl_clear_bad_session(s)) | ||
| 147 | { | ||
| 148 | SSL_SESSION_free(s->session); | ||
| 149 | s->session=NULL; | ||
| 150 | } | ||
| 86 | 151 | ||
| 87 | s->error=0; | 152 | s->error=0; |
| 88 | s->hit=0; | 153 | s->hit=0; |
| 154 | s->shutdown=0; | ||
| 89 | 155 | ||
| 156 | #if 0 /* Disabled since version 1.10 of this file (early return not | ||
| 157 | * needed because SSL_clear is not called when doing renegotiation) */ | ||
| 90 | /* This is set if we are doing dynamic renegotiation so keep | 158 | /* This is set if we are doing dynamic renegotiation so keep |
| 91 | * the old cipher. It is sort of a SSL_clear_lite :-) */ | 159 | * the old cipher. It is sort of a SSL_clear_lite :-) */ |
| 92 | if (s->new_session) return; | 160 | if (s->new_session) return(1); |
| 161 | #else | ||
| 162 | if (s->new_session) | ||
| 163 | { | ||
| 164 | SSLerr(SSL_F_SSL_CLEAR,ERR_R_INTERNAL_ERROR); | ||
| 165 | return 0; | ||
| 166 | } | ||
| 167 | #endif | ||
| 93 | 168 | ||
| 94 | state=s->state; /* Keep to check if we throw away the session-id */ | ||
| 95 | s->type=0; | 169 | s->type=0; |
| 96 | 170 | ||
| 171 | s->state=SSL_ST_BEFORE|((s->server)?SSL_ST_ACCEPT:SSL_ST_CONNECT); | ||
| 172 | |||
| 97 | s->version=s->method->version; | 173 | s->version=s->method->version; |
| 174 | s->client_version=s->version; | ||
| 98 | s->rwstate=SSL_NOTHING; | 175 | s->rwstate=SSL_NOTHING; |
| 99 | s->state=SSL_ST_BEFORE; | ||
| 100 | s->rstate=SSL_ST_READ_HEADER; | 176 | s->rstate=SSL_ST_READ_HEADER; |
| 101 | s->read_ahead=s->ctx->default_read_ahead; | 177 | #if 0 |
| 102 | 178 | s->read_ahead=s->ctx->read_ahead; | |
| 103 | /* s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); */ | 179 | #endif |
| 104 | 180 | ||
| 105 | if (s->init_buf != NULL) | 181 | if (s->init_buf != NULL) |
| 106 | { | 182 | { |
| @@ -110,30 +186,34 @@ SSL *s; | |||
| 110 | 186 | ||
| 111 | ssl_clear_cipher_ctx(s); | 187 | ssl_clear_cipher_ctx(s); |
| 112 | 188 | ||
| 113 | if (ssl_clear_bad_session(s)) | ||
| 114 | { | ||
| 115 | SSL_SESSION_free(s->session); | ||
| 116 | s->session=NULL; | ||
| 117 | } | ||
| 118 | |||
| 119 | s->shutdown=(SSL_SENT_SHUTDOWN|SSL_RECEIVED_SHUTDOWN); | ||
| 120 | s->first_packet=0; | 189 | s->first_packet=0; |
| 121 | 190 | ||
| 122 | s->method->ssl_clear(s); | 191 | #if 1 |
| 192 | /* Check to see if we were changed into a different method, if | ||
| 193 | * so, revert back if we are not doing session-id reuse. */ | ||
| 194 | if (!s->in_handshake && (s->session == NULL) && (s->method != s->ctx->method)) | ||
| 195 | { | ||
| 196 | s->method->ssl_free(s); | ||
| 197 | s->method=s->ctx->method; | ||
| 198 | if (!s->method->ssl_new(s)) | ||
| 199 | return(0); | ||
| 200 | } | ||
| 201 | else | ||
| 202 | #endif | ||
| 203 | s->method->ssl_clear(s); | ||
| 204 | return(1); | ||
| 123 | } | 205 | } |
| 124 | 206 | ||
| 125 | /* Used to change an SSL_CTXs default SSL method type */ | 207 | /** Used to change an SSL_CTXs default SSL method type */ |
| 126 | int SSL_CTX_set_ssl_version(ctx,meth) | 208 | int SSL_CTX_set_ssl_version(SSL_CTX *ctx,SSL_METHOD *meth) |
| 127 | SSL_CTX *ctx; | ||
| 128 | SSL_METHOD *meth; | ||
| 129 | { | 209 | { |
| 130 | STACK *sk; | 210 | STACK_OF(SSL_CIPHER) *sk; |
| 131 | 211 | ||
| 132 | ctx->method=meth; | 212 | ctx->method=meth; |
| 133 | 213 | ||
| 134 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), | 214 | sk=ssl_create_cipher_list(ctx->method,&(ctx->cipher_list), |
| 135 | &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); | 215 | &(ctx->cipher_list_by_id),SSL_DEFAULT_CIPHER_LIST); |
| 136 | if ((sk == NULL) || (sk_num(sk) <= 0)) | 216 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= 0)) |
| 137 | { | 217 | { |
| 138 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); | 218 | SSLerr(SSL_F_SSL_CTX_SET_SSL_VERSION,SSL_R_SSL_LIBRARY_HAS_NO_CIPHERS); |
| 139 | return(0); | 219 | return(0); |
| @@ -141,8 +221,7 @@ SSL_METHOD *meth; | |||
| 141 | return(1); | 221 | return(1); |
| 142 | } | 222 | } |
| 143 | 223 | ||
| 144 | SSL *SSL_new(ctx) | 224 | SSL *SSL_new(SSL_CTX *ctx) |
| 145 | SSL_CTX *ctx; | ||
| 146 | { | 225 | { |
| 147 | SSL *s; | 226 | SSL *s; |
| 148 | 227 | ||
| @@ -157,20 +236,50 @@ SSL_CTX *ctx; | |||
| 157 | return(NULL); | 236 | return(NULL); |
| 158 | } | 237 | } |
| 159 | 238 | ||
| 160 | s=(SSL *)Malloc(sizeof(SSL)); | 239 | s=(SSL *)OPENSSL_malloc(sizeof(SSL)); |
| 161 | if (s == NULL) goto err; | 240 | if (s == NULL) goto err; |
| 162 | memset(s,0,sizeof(SSL)); | 241 | memset(s,0,sizeof(SSL)); |
| 163 | 242 | ||
| 164 | if (ctx->default_cert != NULL) | 243 | #ifndef OPENSSL_NO_KRB5 |
| 165 | { | 244 | s->kssl_ctx = kssl_ctx_new(); |
| 166 | CRYPTO_add(&ctx->default_cert->references,1, | 245 | #endif /* OPENSSL_NO_KRB5 */ |
| 167 | CRYPTO_LOCK_SSL_CERT); | 246 | |
| 168 | s->cert=ctx->default_cert; | 247 | s->options=ctx->options; |
| 248 | s->mode=ctx->mode; | ||
| 249 | s->max_cert_list=ctx->max_cert_list; | ||
| 250 | |||
| 251 | if (ctx->cert != NULL) | ||
| 252 | { | ||
| 253 | /* Earlier library versions used to copy the pointer to | ||
| 254 | * the CERT, not its contents; only when setting new | ||
| 255 | * parameters for the per-SSL copy, ssl_cert_new would be | ||
| 256 | * called (and the direct reference to the per-SSL_CTX | ||
| 257 | * settings would be lost, but those still were indirectly | ||
| 258 | * accessed for various purposes, and for that reason they | ||
| 259 | * used to be known as s->ctx->default_cert). | ||
| 260 | * Now we don't look at the SSL_CTX's CERT after having | ||
| 261 | * duplicated it once. */ | ||
| 262 | |||
| 263 | s->cert = ssl_cert_dup(ctx->cert); | ||
| 264 | if (s->cert == NULL) | ||
| 265 | goto err; | ||
| 169 | } | 266 | } |
| 170 | else | 267 | else |
| 171 | s->cert=NULL; | 268 | s->cert=NULL; /* Cannot really happen (see SSL_CTX_new) */ |
| 172 | s->verify_mode=ctx->default_verify_mode; | 269 | |
| 270 | s->read_ahead=ctx->read_ahead; | ||
| 271 | s->msg_callback=ctx->msg_callback; | ||
| 272 | s->msg_callback_arg=ctx->msg_callback_arg; | ||
| 273 | s->verify_mode=ctx->verify_mode; | ||
| 274 | s->verify_depth=ctx->verify_depth; | ||
| 275 | s->sid_ctx_length=ctx->sid_ctx_length; | ||
| 276 | memcpy(&s->sid_ctx,&ctx->sid_ctx,sizeof(s->sid_ctx)); | ||
| 173 | s->verify_callback=ctx->default_verify_callback; | 277 | s->verify_callback=ctx->default_verify_callback; |
| 278 | s->generate_session_id=ctx->generate_session_id; | ||
| 279 | s->purpose = ctx->purpose; | ||
| 280 | s->trust = ctx->trust; | ||
| 281 | s->quiet_shutdown=ctx->quiet_shutdown; | ||
| 282 | |||
| 174 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); | 283 | CRYPTO_add(&ctx->references,1,CRYPTO_LOCK_SSL_CTX); |
| 175 | s->ctx=ctx; | 284 | s->ctx=ctx; |
| 176 | 285 | ||
| @@ -179,30 +288,130 @@ SSL_CTX *ctx; | |||
| 179 | s->method=ctx->method; | 288 | s->method=ctx->method; |
| 180 | 289 | ||
| 181 | if (!s->method->ssl_new(s)) | 290 | if (!s->method->ssl_new(s)) |
| 182 | { | ||
| 183 | SSL_CTX_free(ctx); | ||
| 184 | Free(s); | ||
| 185 | goto err; | 291 | goto err; |
| 186 | } | ||
| 187 | 292 | ||
| 188 | s->quiet_shutdown=ctx->quiet_shutdown; | ||
| 189 | s->references=1; | 293 | s->references=1; |
| 190 | s->options=ctx->options; | 294 | s->server=(ctx->method->ssl_accept == ssl_undefined_function)?0:1; |
| 295 | |||
| 191 | SSL_clear(s); | 296 | SSL_clear(s); |
| 192 | 297 | ||
| 193 | CRYPTO_new_ex_data(ssl_meth,(char *)s,&s->ex_data); | 298 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 194 | 299 | ||
| 195 | return(s); | 300 | return(s); |
| 196 | err: | 301 | err: |
| 302 | if (s != NULL) | ||
| 303 | { | ||
| 304 | if (s->cert != NULL) | ||
| 305 | ssl_cert_free(s->cert); | ||
| 306 | if (s->ctx != NULL) | ||
| 307 | SSL_CTX_free(s->ctx); /* decrement reference count */ | ||
| 308 | OPENSSL_free(s); | ||
| 309 | } | ||
| 197 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); | 310 | SSLerr(SSL_F_SSL_NEW,ERR_R_MALLOC_FAILURE); |
| 198 | return(NULL); | 311 | return(NULL); |
| 199 | } | 312 | } |
| 200 | 313 | ||
| 201 | void SSL_free(s) | 314 | int SSL_CTX_set_session_id_context(SSL_CTX *ctx,const unsigned char *sid_ctx, |
| 202 | SSL *s; | 315 | unsigned int sid_ctx_len) |
| 316 | { | ||
| 317 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | ||
| 318 | { | ||
| 319 | SSLerr(SSL_F_SSL_CTX_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
| 320 | return 0; | ||
| 321 | } | ||
| 322 | ctx->sid_ctx_length=sid_ctx_len; | ||
| 323 | memcpy(ctx->sid_ctx,sid_ctx,sid_ctx_len); | ||
| 324 | |||
| 325 | return 1; | ||
| 326 | } | ||
| 327 | |||
| 328 | int SSL_set_session_id_context(SSL *ssl,const unsigned char *sid_ctx, | ||
| 329 | unsigned int sid_ctx_len) | ||
| 330 | { | ||
| 331 | if(sid_ctx_len > SSL_MAX_SID_CTX_LENGTH) | ||
| 332 | { | ||
| 333 | SSLerr(SSL_F_SSL_SET_SESSION_ID_CONTEXT,SSL_R_SSL_SESSION_ID_CONTEXT_TOO_LONG); | ||
| 334 | return 0; | ||
| 335 | } | ||
| 336 | ssl->sid_ctx_length=sid_ctx_len; | ||
| 337 | memcpy(ssl->sid_ctx,sid_ctx,sid_ctx_len); | ||
| 338 | |||
| 339 | return 1; | ||
| 340 | } | ||
| 341 | |||
| 342 | int SSL_CTX_set_generate_session_id(SSL_CTX *ctx, GEN_SESSION_CB cb) | ||
| 343 | { | ||
| 344 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 345 | ctx->generate_session_id = cb; | ||
| 346 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 347 | return 1; | ||
| 348 | } | ||
| 349 | |||
| 350 | int SSL_set_generate_session_id(SSL *ssl, GEN_SESSION_CB cb) | ||
| 351 | { | ||
| 352 | CRYPTO_w_lock(CRYPTO_LOCK_SSL); | ||
| 353 | ssl->generate_session_id = cb; | ||
| 354 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL); | ||
| 355 | return 1; | ||
| 356 | } | ||
| 357 | |||
| 358 | int SSL_has_matching_session_id(const SSL *ssl, const unsigned char *id, | ||
| 359 | unsigned int id_len) | ||
| 360 | { | ||
| 361 | /* A quick examination of SSL_SESSION_hash and SSL_SESSION_cmp shows how | ||
| 362 | * we can "construct" a session to give us the desired check - ie. to | ||
| 363 | * find if there's a session in the hash table that would conflict with | ||
| 364 | * any new session built out of this id/id_len and the ssl_version in | ||
| 365 | * use by this SSL. */ | ||
| 366 | SSL_SESSION r, *p; | ||
| 367 | r.ssl_version = ssl->version; | ||
| 368 | r.session_id_length = id_len; | ||
| 369 | memcpy(r.session_id, id, id_len); | ||
| 370 | /* NB: SSLv2 always uses a fixed 16-byte session ID, so even if a | ||
| 371 | * callback is calling us to check the uniqueness of a shorter ID, it | ||
| 372 | * must be compared as a padded-out ID because that is what it will be | ||
| 373 | * converted to when the callback has finished choosing it. */ | ||
| 374 | if((r.ssl_version == SSL2_VERSION) && | ||
| 375 | (id_len < SSL2_SSL_SESSION_ID_LENGTH)) | ||
| 376 | { | ||
| 377 | memset(r.session_id + id_len, 0, | ||
| 378 | SSL2_SSL_SESSION_ID_LENGTH - id_len); | ||
| 379 | r.session_id_length = SSL2_SSL_SESSION_ID_LENGTH; | ||
| 380 | } | ||
| 381 | |||
| 382 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | ||
| 383 | p = (SSL_SESSION *)lh_retrieve(ssl->ctx->sessions, &r); | ||
| 384 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 385 | return (p != NULL); | ||
| 386 | } | ||
| 387 | |||
| 388 | int SSL_CTX_set_purpose(SSL_CTX *s, int purpose) | ||
| 389 | { | ||
| 390 | return X509_PURPOSE_set(&s->purpose, purpose); | ||
| 391 | } | ||
| 392 | |||
| 393 | int SSL_set_purpose(SSL *s, int purpose) | ||
| 394 | { | ||
| 395 | return X509_PURPOSE_set(&s->purpose, purpose); | ||
| 396 | } | ||
| 397 | |||
| 398 | int SSL_CTX_set_trust(SSL_CTX *s, int trust) | ||
| 399 | { | ||
| 400 | return X509_TRUST_set(&s->trust, trust); | ||
| 401 | } | ||
| 402 | |||
| 403 | int SSL_set_trust(SSL *s, int trust) | ||
| 404 | { | ||
| 405 | return X509_TRUST_set(&s->trust, trust); | ||
| 406 | } | ||
| 407 | |||
| 408 | void SSL_free(SSL *s) | ||
| 203 | { | 409 | { |
| 204 | int i; | 410 | int i; |
| 205 | 411 | ||
| 412 | if(s == NULL) | ||
| 413 | return; | ||
| 414 | |||
| 206 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); | 415 | i=CRYPTO_add(&s->references,-1,CRYPTO_LOCK_SSL); |
| 207 | #ifdef REF_PRINT | 416 | #ifdef REF_PRINT |
| 208 | REF_PRINT("SSL",s); | 417 | REF_PRINT("SSL",s); |
| @@ -216,7 +425,7 @@ SSL *s; | |||
| 216 | } | 425 | } |
| 217 | #endif | 426 | #endif |
| 218 | 427 | ||
| 219 | CRYPTO_free_ex_data(ssl_meth,(char *)s,&s->ex_data); | 428 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL, s, &s->ex_data); |
| 220 | 429 | ||
| 221 | if (s->bbio != NULL) | 430 | if (s->bbio != NULL) |
| 222 | { | 431 | { |
| @@ -236,8 +445,8 @@ SSL *s; | |||
| 236 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); | 445 | if (s->init_buf != NULL) BUF_MEM_free(s->init_buf); |
| 237 | 446 | ||
| 238 | /* add extra stuff */ | 447 | /* add extra stuff */ |
| 239 | if (s->cipher_list != NULL) sk_free(s->cipher_list); | 448 | if (s->cipher_list != NULL) sk_SSL_CIPHER_free(s->cipher_list); |
| 240 | if (s->cipher_list_by_id != NULL) sk_free(s->cipher_list_by_id); | 449 | if (s->cipher_list_by_id != NULL) sk_SSL_CIPHER_free(s->cipher_list_by_id); |
| 241 | 450 | ||
| 242 | /* Make the next call work :-) */ | 451 | /* Make the next call work :-) */ |
| 243 | if (s->session != NULL) | 452 | if (s->session != NULL) |
| @@ -254,17 +463,14 @@ SSL *s; | |||
| 254 | if (s->ctx) SSL_CTX_free(s->ctx); | 463 | if (s->ctx) SSL_CTX_free(s->ctx); |
| 255 | 464 | ||
| 256 | if (s->client_CA != NULL) | 465 | if (s->client_CA != NULL) |
| 257 | sk_pop_free(s->client_CA,X509_NAME_free); | 466 | sk_X509_NAME_pop_free(s->client_CA,X509_NAME_free); |
| 258 | 467 | ||
| 259 | if (s->method != NULL) s->method->ssl_free(s); | 468 | if (s->method != NULL) s->method->ssl_free(s); |
| 260 | 469 | ||
| 261 | Free((char *)s); | 470 | OPENSSL_free(s); |
| 262 | } | 471 | } |
| 263 | 472 | ||
| 264 | void SSL_set_bio(s, rbio,wbio) | 473 | void SSL_set_bio(SSL *s,BIO *rbio,BIO *wbio) |
| 265 | SSL *s; | ||
| 266 | BIO *rbio; | ||
| 267 | BIO *wbio; | ||
| 268 | { | 474 | { |
| 269 | /* If the output buffering BIO is still in place, remove it | 475 | /* If the output buffering BIO is still in place, remove it |
| 270 | */ | 476 | */ |
| @@ -284,16 +490,18 @@ BIO *wbio; | |||
| 284 | s->wbio=wbio; | 490 | s->wbio=wbio; |
| 285 | } | 491 | } |
| 286 | 492 | ||
| 287 | BIO *SSL_get_rbio(s) | 493 | BIO *SSL_get_rbio(SSL *s) |
| 288 | SSL *s; | ||
| 289 | { return(s->rbio); } | 494 | { return(s->rbio); } |
| 290 | 495 | ||
| 291 | BIO *SSL_get_wbio(s) | 496 | BIO *SSL_get_wbio(SSL *s) |
| 292 | SSL *s; | ||
| 293 | { return(s->wbio); } | 497 | { return(s->wbio); } |
| 294 | 498 | ||
| 295 | int SSL_get_fd(s) | 499 | int SSL_get_fd(SSL *s) |
| 296 | SSL *s; | 500 | { |
| 501 | return(SSL_get_rfd(s)); | ||
| 502 | } | ||
| 503 | |||
| 504 | int SSL_get_rfd(SSL *s) | ||
| 297 | { | 505 | { |
| 298 | int ret= -1; | 506 | int ret= -1; |
| 299 | BIO *b,*r; | 507 | BIO *b,*r; |
| @@ -305,10 +513,20 @@ SSL *s; | |||
| 305 | return(ret); | 513 | return(ret); |
| 306 | } | 514 | } |
| 307 | 515 | ||
| 308 | #ifndef NO_SOCK | 516 | int SSL_get_wfd(SSL *s) |
| 309 | int SSL_set_fd(s, fd) | 517 | { |
| 310 | SSL *s; | 518 | int ret= -1; |
| 311 | int fd; | 519 | BIO *b,*r; |
| 520 | |||
| 521 | b=SSL_get_wbio(s); | ||
| 522 | r=BIO_find_type(b,BIO_TYPE_DESCRIPTOR); | ||
| 523 | if (r != NULL) | ||
| 524 | BIO_get_fd(r,&ret); | ||
| 525 | return(ret); | ||
| 526 | } | ||
| 527 | |||
| 528 | #ifndef OPENSSL_NO_SOCK | ||
| 529 | int SSL_set_fd(SSL *s,int fd) | ||
| 312 | { | 530 | { |
| 313 | int ret=0; | 531 | int ret=0; |
| 314 | BIO *bio=NULL; | 532 | BIO *bio=NULL; |
| @@ -327,9 +545,7 @@ err: | |||
| 327 | return(ret); | 545 | return(ret); |
| 328 | } | 546 | } |
| 329 | 547 | ||
| 330 | int SSL_set_wfd(s, fd) | 548 | int SSL_set_wfd(SSL *s,int fd) |
| 331 | SSL *s; | ||
| 332 | int fd; | ||
| 333 | { | 549 | { |
| 334 | int ret=0; | 550 | int ret=0; |
| 335 | BIO *bio=NULL; | 551 | BIO *bio=NULL; |
| @@ -351,9 +567,7 @@ err: | |||
| 351 | return(ret); | 567 | return(ret); |
| 352 | } | 568 | } |
| 353 | 569 | ||
| 354 | int SSL_set_rfd(s, fd) | 570 | int SSL_set_rfd(SSL *s,int fd) |
| 355 | SSL *s; | ||
| 356 | int fd; | ||
| 357 | { | 571 | { |
| 358 | int ret=0; | 572 | int ret=0; |
| 359 | BIO *bio=NULL; | 573 | BIO *bio=NULL; |
| @@ -379,61 +593,104 @@ err: | |||
| 379 | } | 593 | } |
| 380 | #endif | 594 | #endif |
| 381 | 595 | ||
| 382 | int SSL_get_verify_mode(s) | 596 | |
| 383 | SSL *s; | 597 | /* return length of latest Finished message we sent, copy to 'buf' */ |
| 598 | size_t SSL_get_finished(SSL *s, void *buf, size_t count) | ||
| 599 | { | ||
| 600 | size_t ret = 0; | ||
| 601 | |||
| 602 | if (s->s3 != NULL) | ||
| 603 | { | ||
| 604 | ret = s->s3->tmp.finish_md_len; | ||
| 605 | if (count > ret) | ||
| 606 | count = ret; | ||
| 607 | memcpy(buf, s->s3->tmp.finish_md, count); | ||
| 608 | } | ||
| 609 | return ret; | ||
| 610 | } | ||
| 611 | |||
| 612 | /* return length of latest Finished message we expected, copy to 'buf' */ | ||
| 613 | size_t SSL_get_peer_finished(SSL *s, void *buf, size_t count) | ||
| 614 | { | ||
| 615 | size_t ret = 0; | ||
| 616 | |||
| 617 | if (s->s3 != NULL) | ||
| 618 | { | ||
| 619 | ret = s->s3->tmp.peer_finish_md_len; | ||
| 620 | if (count > ret) | ||
| 621 | count = ret; | ||
| 622 | memcpy(buf, s->s3->tmp.peer_finish_md, count); | ||
| 623 | } | ||
| 624 | return ret; | ||
| 625 | } | ||
| 626 | |||
| 627 | |||
| 628 | int SSL_get_verify_mode(SSL *s) | ||
| 384 | { | 629 | { |
| 385 | return(s->verify_mode); | 630 | return(s->verify_mode); |
| 386 | } | 631 | } |
| 387 | 632 | ||
| 388 | int (*SSL_get_verify_callback(s))() | 633 | int SSL_get_verify_depth(SSL *s) |
| 389 | SSL *s; | 634 | { |
| 635 | return(s->verify_depth); | ||
| 636 | } | ||
| 637 | |||
| 638 | int (*SSL_get_verify_callback(SSL *s))(int,X509_STORE_CTX *) | ||
| 390 | { | 639 | { |
| 391 | return(s->verify_callback); | 640 | return(s->verify_callback); |
| 392 | } | 641 | } |
| 393 | 642 | ||
| 394 | int SSL_CTX_get_verify_mode(ctx) | 643 | int SSL_CTX_get_verify_mode(SSL_CTX *ctx) |
| 395 | SSL_CTX *ctx; | ||
| 396 | { | 644 | { |
| 397 | return(ctx->default_verify_mode); | 645 | return(ctx->verify_mode); |
| 398 | } | 646 | } |
| 399 | 647 | ||
| 400 | int (*SSL_CTX_get_verify_callback(ctx))() | 648 | int SSL_CTX_get_verify_depth(SSL_CTX *ctx) |
| 401 | SSL_CTX *ctx; | 649 | { |
| 650 | return(ctx->verify_depth); | ||
| 651 | } | ||
| 652 | |||
| 653 | int (*SSL_CTX_get_verify_callback(SSL_CTX *ctx))(int,X509_STORE_CTX *) | ||
| 402 | { | 654 | { |
| 403 | return(ctx->default_verify_callback); | 655 | return(ctx->default_verify_callback); |
| 404 | } | 656 | } |
| 405 | 657 | ||
| 406 | void SSL_set_verify(s, mode, callback) | 658 | void SSL_set_verify(SSL *s,int mode, |
| 407 | SSL *s; | 659 | int (*callback)(int ok,X509_STORE_CTX *ctx)) |
| 408 | int mode; | ||
| 409 | int (*callback)(); | ||
| 410 | { | 660 | { |
| 411 | s->verify_mode=mode; | 661 | s->verify_mode=mode; |
| 412 | if (callback != NULL) | 662 | if (callback != NULL) |
| 413 | s->verify_callback=callback; | 663 | s->verify_callback=callback; |
| 414 | } | 664 | } |
| 415 | 665 | ||
| 416 | void SSL_set_read_ahead(s, yes) | 666 | void SSL_set_verify_depth(SSL *s,int depth) |
| 417 | SSL *s; | 667 | { |
| 418 | int yes; | 668 | s->verify_depth=depth; |
| 669 | } | ||
| 670 | |||
| 671 | void SSL_set_read_ahead(SSL *s,int yes) | ||
| 419 | { | 672 | { |
| 420 | s->read_ahead=yes; | 673 | s->read_ahead=yes; |
| 421 | } | 674 | } |
| 422 | 675 | ||
| 423 | int SSL_get_read_ahead(s) | 676 | int SSL_get_read_ahead(SSL *s) |
| 424 | SSL *s; | ||
| 425 | { | 677 | { |
| 426 | return(s->read_ahead); | 678 | return(s->read_ahead); |
| 427 | } | 679 | } |
| 428 | 680 | ||
| 429 | int SSL_pending(s) | 681 | int SSL_pending(SSL *s) |
| 430 | SSL *s; | ||
| 431 | { | 682 | { |
| 683 | /* SSL_pending cannot work properly if read-ahead is enabled | ||
| 684 | * (SSL_[CTX_]ctrl(..., SSL_CTRL_SET_READ_AHEAD, 1, NULL)), | ||
| 685 | * and it is impossible to fix since SSL_pending cannot report | ||
| 686 | * errors that may be observed while scanning the new data. | ||
| 687 | * (Note that SSL_pending() is often used as a boolean value, | ||
| 688 | * so we'd better not return -1.) | ||
| 689 | */ | ||
| 432 | return(s->method->ssl_pending(s)); | 690 | return(s->method->ssl_pending(s)); |
| 433 | } | 691 | } |
| 434 | 692 | ||
| 435 | X509 *SSL_get_peer_certificate(s) | 693 | X509 *SSL_get_peer_certificate(SSL *s) |
| 436 | SSL *s; | ||
| 437 | { | 694 | { |
| 438 | X509 *r; | 695 | X509 *r; |
| 439 | 696 | ||
| @@ -449,23 +706,24 @@ SSL *s; | |||
| 449 | return(r); | 706 | return(r); |
| 450 | } | 707 | } |
| 451 | 708 | ||
| 452 | STACK *SSL_get_peer_cert_chain(s) | 709 | STACK_OF(X509) *SSL_get_peer_cert_chain(SSL *s) |
| 453 | SSL *s; | ||
| 454 | { | 710 | { |
| 455 | STACK *r; | 711 | STACK_OF(X509) *r; |
| 456 | 712 | ||
| 457 | if ((s == NULL) || (s->session == NULL) || (s->session->cert == NULL)) | 713 | if ((s == NULL) || (s->session == NULL) || (s->session->sess_cert == NULL)) |
| 458 | r=NULL; | 714 | r=NULL; |
| 459 | else | 715 | else |
| 460 | r=s->session->cert->cert_chain; | 716 | r=s->session->sess_cert->cert_chain; |
| 461 | 717 | ||
| 718 | /* If we are a client, cert_chain includes the peer's own | ||
| 719 | * certificate; if we are a server, it does not. */ | ||
| 720 | |||
| 462 | return(r); | 721 | return(r); |
| 463 | } | 722 | } |
| 464 | 723 | ||
| 465 | /* Now in theory, since the calling process own 't' it should be safe to | 724 | /* Now in theory, since the calling process own 't' it should be safe to |
| 466 | * modify. We need to be able to read f without being hassled */ | 725 | * modify. We need to be able to read f without being hassled */ |
| 467 | void SSL_copy_session_id(t,f) | 726 | void SSL_copy_session_id(SSL *t,SSL *f) |
| 468 | SSL *t,*f; | ||
| 469 | { | 727 | { |
| 470 | CERT *tmp; | 728 | CERT *tmp; |
| 471 | 729 | ||
| @@ -490,30 +748,29 @@ SSL *t,*f; | |||
| 490 | else | 748 | else |
| 491 | t->cert=NULL; | 749 | t->cert=NULL; |
| 492 | if (tmp != NULL) ssl_cert_free(tmp); | 750 | if (tmp != NULL) ssl_cert_free(tmp); |
| 751 | SSL_set_session_id_context(t,f->sid_ctx,f->sid_ctx_length); | ||
| 493 | } | 752 | } |
| 494 | 753 | ||
| 495 | /* Fix this so it checks all the valid key/cert options */ | 754 | /* Fix this so it checks all the valid key/cert options */ |
| 496 | int SSL_CTX_check_private_key(ctx) | 755 | int SSL_CTX_check_private_key(SSL_CTX *ctx) |
| 497 | SSL_CTX *ctx; | ||
| 498 | { | 756 | { |
| 499 | if ( (ctx == NULL) || | 757 | if ( (ctx == NULL) || |
| 500 | (ctx->default_cert == NULL) || | 758 | (ctx->cert == NULL) || |
| 501 | (ctx->default_cert->key->x509 == NULL)) | 759 | (ctx->cert->key->x509 == NULL)) |
| 502 | { | 760 | { |
| 503 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 761 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); |
| 504 | return(0); | 762 | return(0); |
| 505 | } | 763 | } |
| 506 | if (ctx->default_cert->key->privatekey == NULL) | 764 | if (ctx->cert->key->privatekey == NULL) |
| 507 | { | 765 | { |
| 508 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); | 766 | SSLerr(SSL_F_SSL_CTX_CHECK_PRIVATE_KEY,SSL_R_NO_PRIVATE_KEY_ASSIGNED); |
| 509 | return(0); | 767 | return(0); |
| 510 | } | 768 | } |
| 511 | return(X509_check_private_key(ctx->default_cert->key->x509, ctx->default_cert->key->privatekey)); | 769 | return(X509_check_private_key(ctx->cert->key->x509, ctx->cert->key->privatekey)); |
| 512 | } | 770 | } |
| 513 | 771 | ||
| 514 | /* Fix this function so that it takes an optional type parameter */ | 772 | /* Fix this function so that it takes an optional type parameter */ |
| 515 | int SSL_check_private_key(ssl) | 773 | int SSL_check_private_key(SSL *ssl) |
| 516 | SSL *ssl; | ||
| 517 | { | 774 | { |
| 518 | if (ssl == NULL) | 775 | if (ssl == NULL) |
| 519 | { | 776 | { |
| @@ -521,7 +778,10 @@ SSL *ssl; | |||
| 521 | return(0); | 778 | return(0); |
| 522 | } | 779 | } |
| 523 | if (ssl->cert == NULL) | 780 | if (ssl->cert == NULL) |
| 524 | return(SSL_CTX_check_private_key(ssl->ctx)); | 781 | { |
| 782 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | ||
| 783 | return 0; | ||
| 784 | } | ||
| 525 | if (ssl->cert->key->x509 == NULL) | 785 | if (ssl->cert->key->x509 == NULL) |
| 526 | { | 786 | { |
| 527 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); | 787 | SSLerr(SSL_F_SSL_CHECK_PRIVATE_KEY,SSL_R_NO_CERTIFICATE_ASSIGNED); |
| @@ -536,29 +796,37 @@ SSL *ssl; | |||
| 536 | ssl->cert->key->privatekey)); | 796 | ssl->cert->key->privatekey)); |
| 537 | } | 797 | } |
| 538 | 798 | ||
| 539 | int SSL_accept(s) | 799 | int SSL_accept(SSL *s) |
| 540 | SSL *s; | ||
| 541 | { | 800 | { |
| 801 | if (s->handshake_func == 0) | ||
| 802 | /* Not properly initialized yet */ | ||
| 803 | SSL_set_accept_state(s); | ||
| 804 | |||
| 542 | return(s->method->ssl_accept(s)); | 805 | return(s->method->ssl_accept(s)); |
| 543 | } | 806 | } |
| 544 | 807 | ||
| 545 | int SSL_connect(s) | 808 | int SSL_connect(SSL *s) |
| 546 | SSL *s; | ||
| 547 | { | 809 | { |
| 810 | if (s->handshake_func == 0) | ||
| 811 | /* Not properly initialized yet */ | ||
| 812 | SSL_set_connect_state(s); | ||
| 813 | |||
| 548 | return(s->method->ssl_connect(s)); | 814 | return(s->method->ssl_connect(s)); |
| 549 | } | 815 | } |
| 550 | 816 | ||
| 551 | long SSL_get_default_timeout(s) | 817 | long SSL_get_default_timeout(SSL *s) |
| 552 | SSL *s; | ||
| 553 | { | 818 | { |
| 554 | return(s->method->get_timeout()); | 819 | return(s->method->get_timeout()); |
| 555 | } | 820 | } |
| 556 | 821 | ||
| 557 | int SSL_read(s,buf,num) | 822 | int SSL_read(SSL *s,void *buf,int num) |
| 558 | SSL *s; | ||
| 559 | char *buf; | ||
| 560 | int num; | ||
| 561 | { | 823 | { |
| 824 | if (s->handshake_func == 0) | ||
| 825 | { | ||
| 826 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | ||
| 827 | return -1; | ||
| 828 | } | ||
| 829 | |||
| 562 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 830 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) |
| 563 | { | 831 | { |
| 564 | s->rwstate=SSL_NOTHING; | 832 | s->rwstate=SSL_NOTHING; |
| @@ -567,11 +835,14 @@ int num; | |||
| 567 | return(s->method->ssl_read(s,buf,num)); | 835 | return(s->method->ssl_read(s,buf,num)); |
| 568 | } | 836 | } |
| 569 | 837 | ||
| 570 | int SSL_peek(s,buf,num) | 838 | int SSL_peek(SSL *s,void *buf,int num) |
| 571 | SSL *s; | ||
| 572 | char *buf; | ||
| 573 | int num; | ||
| 574 | { | 839 | { |
| 840 | if (s->handshake_func == 0) | ||
| 841 | { | ||
| 842 | SSLerr(SSL_F_SSL_READ, SSL_R_UNINITIALIZED); | ||
| 843 | return -1; | ||
| 844 | } | ||
| 845 | |||
| 575 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) | 846 | if (s->shutdown & SSL_RECEIVED_SHUTDOWN) |
| 576 | { | 847 | { |
| 577 | return(0); | 848 | return(0); |
| @@ -579,11 +850,14 @@ int num; | |||
| 579 | return(s->method->ssl_peek(s,buf,num)); | 850 | return(s->method->ssl_peek(s,buf,num)); |
| 580 | } | 851 | } |
| 581 | 852 | ||
| 582 | int SSL_write(s,buf,num) | 853 | int SSL_write(SSL *s,const void *buf,int num) |
| 583 | SSL *s; | ||
| 584 | char *buf; | ||
| 585 | int num; | ||
| 586 | { | 854 | { |
| 855 | if (s->handshake_func == 0) | ||
| 856 | { | ||
| 857 | SSLerr(SSL_F_SSL_WRITE, SSL_R_UNINITIALIZED); | ||
| 858 | return -1; | ||
| 859 | } | ||
| 860 | |||
| 587 | if (s->shutdown & SSL_SENT_SHUTDOWN) | 861 | if (s->shutdown & SSL_SENT_SHUTDOWN) |
| 588 | { | 862 | { |
| 589 | s->rwstate=SSL_NOTHING; | 863 | s->rwstate=SSL_NOTHING; |
| @@ -593,42 +867,176 @@ int num; | |||
| 593 | return(s->method->ssl_write(s,buf,num)); | 867 | return(s->method->ssl_write(s,buf,num)); |
| 594 | } | 868 | } |
| 595 | 869 | ||
| 596 | int SSL_shutdown(s) | 870 | int SSL_shutdown(SSL *s) |
| 597 | SSL *s; | ||
| 598 | { | 871 | { |
| 872 | /* Note that this function behaves differently from what one might | ||
| 873 | * expect. Return values are 0 for no success (yet), | ||
| 874 | * 1 for success; but calling it once is usually not enough, | ||
| 875 | * even if blocking I/O is used (see ssl3_shutdown). | ||
| 876 | */ | ||
| 877 | |||
| 878 | if (s->handshake_func == 0) | ||
| 879 | { | ||
| 880 | SSLerr(SSL_F_SSL_SHUTDOWN, SSL_R_UNINITIALIZED); | ||
| 881 | return -1; | ||
| 882 | } | ||
| 883 | |||
| 599 | if ((s != NULL) && !SSL_in_init(s)) | 884 | if ((s != NULL) && !SSL_in_init(s)) |
| 600 | return(s->method->ssl_shutdown(s)); | 885 | return(s->method->ssl_shutdown(s)); |
| 601 | else | 886 | else |
| 602 | return(1); | 887 | return(1); |
| 603 | } | 888 | } |
| 604 | 889 | ||
| 605 | int SSL_renegotiate(s) | 890 | int SSL_renegotiate(SSL *s) |
| 606 | SSL *s; | ||
| 607 | { | 891 | { |
| 608 | s->new_session=1; | 892 | if (s->new_session == 0) |
| 893 | { | ||
| 894 | s->new_session=1; | ||
| 895 | } | ||
| 609 | return(s->method->ssl_renegotiate(s)); | 896 | return(s->method->ssl_renegotiate(s)); |
| 610 | } | 897 | } |
| 611 | 898 | ||
| 612 | long SSL_ctrl(s,cmd,larg,parg) | 899 | int SSL_renegotiate_pending(SSL *s) |
| 613 | SSL *s; | 900 | { |
| 614 | int cmd; | 901 | /* becomes true when negotiation is requested; |
| 615 | long larg; | 902 | * false again once a handshake has finished */ |
| 616 | char *parg; | 903 | return (s->new_session != 0); |
| 904 | } | ||
| 905 | |||
| 906 | long SSL_ctrl(SSL *s,int cmd,long larg,void *parg) | ||
| 617 | { | 907 | { |
| 618 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | 908 | long l; |
| 909 | |||
| 910 | switch (cmd) | ||
| 911 | { | ||
| 912 | case SSL_CTRL_GET_READ_AHEAD: | ||
| 913 | return(s->read_ahead); | ||
| 914 | case SSL_CTRL_SET_READ_AHEAD: | ||
| 915 | l=s->read_ahead; | ||
| 916 | s->read_ahead=larg; | ||
| 917 | return(l); | ||
| 918 | |||
| 919 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
| 920 | s->msg_callback_arg = parg; | ||
| 921 | return 1; | ||
| 922 | |||
| 923 | case SSL_CTRL_OPTIONS: | ||
| 924 | return(s->options|=larg); | ||
| 925 | case SSL_CTRL_MODE: | ||
| 926 | return(s->mode|=larg); | ||
| 927 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
| 928 | return(s->max_cert_list); | ||
| 929 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
| 930 | l=s->max_cert_list; | ||
| 931 | s->max_cert_list=larg; | ||
| 932 | return(l); | ||
| 933 | default: | ||
| 934 | return(s->method->ssl_ctrl(s,cmd,larg,parg)); | ||
| 935 | } | ||
| 936 | } | ||
| 937 | |||
| 938 | long SSL_callback_ctrl(SSL *s, int cmd, void (*fp)()) | ||
| 939 | { | ||
| 940 | switch(cmd) | ||
| 941 | { | ||
| 942 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
| 943 | s->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | ||
| 944 | return 1; | ||
| 945 | |||
| 946 | default: | ||
| 947 | return(s->method->ssl_callback_ctrl(s,cmd,fp)); | ||
| 948 | } | ||
| 619 | } | 949 | } |
| 620 | 950 | ||
| 621 | long SSL_CTX_ctrl(ctx,cmd,larg,parg) | 951 | struct lhash_st *SSL_CTX_sessions(SSL_CTX *ctx) |
| 622 | SSL_CTX *ctx; | ||
| 623 | int cmd; | ||
| 624 | long larg; | ||
| 625 | char *parg; | ||
| 626 | { | 952 | { |
| 627 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | 953 | return ctx->sessions; |
| 628 | } | 954 | } |
| 629 | 955 | ||
| 630 | int ssl_cipher_id_cmp(a,b) | 956 | long SSL_CTX_ctrl(SSL_CTX *ctx,int cmd,long larg,void *parg) |
| 631 | SSL_CIPHER *a,*b; | 957 | { |
| 958 | long l; | ||
| 959 | |||
| 960 | switch (cmd) | ||
| 961 | { | ||
| 962 | case SSL_CTRL_GET_READ_AHEAD: | ||
| 963 | return(ctx->read_ahead); | ||
| 964 | case SSL_CTRL_SET_READ_AHEAD: | ||
| 965 | l=ctx->read_ahead; | ||
| 966 | ctx->read_ahead=larg; | ||
| 967 | return(l); | ||
| 968 | |||
| 969 | case SSL_CTRL_SET_MSG_CALLBACK_ARG: | ||
| 970 | ctx->msg_callback_arg = parg; | ||
| 971 | return 1; | ||
| 972 | |||
| 973 | case SSL_CTRL_GET_MAX_CERT_LIST: | ||
| 974 | return(ctx->max_cert_list); | ||
| 975 | case SSL_CTRL_SET_MAX_CERT_LIST: | ||
| 976 | l=ctx->max_cert_list; | ||
| 977 | ctx->max_cert_list=larg; | ||
| 978 | return(l); | ||
| 979 | |||
| 980 | case SSL_CTRL_SET_SESS_CACHE_SIZE: | ||
| 981 | l=ctx->session_cache_size; | ||
| 982 | ctx->session_cache_size=larg; | ||
| 983 | return(l); | ||
| 984 | case SSL_CTRL_GET_SESS_CACHE_SIZE: | ||
| 985 | return(ctx->session_cache_size); | ||
| 986 | case SSL_CTRL_SET_SESS_CACHE_MODE: | ||
| 987 | l=ctx->session_cache_mode; | ||
| 988 | ctx->session_cache_mode=larg; | ||
| 989 | return(l); | ||
| 990 | case SSL_CTRL_GET_SESS_CACHE_MODE: | ||
| 991 | return(ctx->session_cache_mode); | ||
| 992 | |||
| 993 | case SSL_CTRL_SESS_NUMBER: | ||
| 994 | return(ctx->sessions->num_items); | ||
| 995 | case SSL_CTRL_SESS_CONNECT: | ||
| 996 | return(ctx->stats.sess_connect); | ||
| 997 | case SSL_CTRL_SESS_CONNECT_GOOD: | ||
| 998 | return(ctx->stats.sess_connect_good); | ||
| 999 | case SSL_CTRL_SESS_CONNECT_RENEGOTIATE: | ||
| 1000 | return(ctx->stats.sess_connect_renegotiate); | ||
| 1001 | case SSL_CTRL_SESS_ACCEPT: | ||
| 1002 | return(ctx->stats.sess_accept); | ||
| 1003 | case SSL_CTRL_SESS_ACCEPT_GOOD: | ||
| 1004 | return(ctx->stats.sess_accept_good); | ||
| 1005 | case SSL_CTRL_SESS_ACCEPT_RENEGOTIATE: | ||
| 1006 | return(ctx->stats.sess_accept_renegotiate); | ||
| 1007 | case SSL_CTRL_SESS_HIT: | ||
| 1008 | return(ctx->stats.sess_hit); | ||
| 1009 | case SSL_CTRL_SESS_CB_HIT: | ||
| 1010 | return(ctx->stats.sess_cb_hit); | ||
| 1011 | case SSL_CTRL_SESS_MISSES: | ||
| 1012 | return(ctx->stats.sess_miss); | ||
| 1013 | case SSL_CTRL_SESS_TIMEOUTS: | ||
| 1014 | return(ctx->stats.sess_timeout); | ||
| 1015 | case SSL_CTRL_SESS_CACHE_FULL: | ||
| 1016 | return(ctx->stats.sess_cache_full); | ||
| 1017 | case SSL_CTRL_OPTIONS: | ||
| 1018 | return(ctx->options|=larg); | ||
| 1019 | case SSL_CTRL_MODE: | ||
| 1020 | return(ctx->mode|=larg); | ||
| 1021 | default: | ||
| 1022 | return(ctx->method->ssl_ctx_ctrl(ctx,cmd,larg,parg)); | ||
| 1023 | } | ||
| 1024 | } | ||
| 1025 | |||
| 1026 | long SSL_CTX_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp)()) | ||
| 1027 | { | ||
| 1028 | switch(cmd) | ||
| 1029 | { | ||
| 1030 | case SSL_CTRL_SET_MSG_CALLBACK: | ||
| 1031 | ctx->msg_callback = (void (*)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg))(fp); | ||
| 1032 | return 1; | ||
| 1033 | |||
| 1034 | default: | ||
| 1035 | return(ctx->method->ssl_ctx_callback_ctrl(ctx,cmd,fp)); | ||
| 1036 | } | ||
| 1037 | } | ||
| 1038 | |||
| 1039 | int ssl_cipher_id_cmp(const SSL_CIPHER *a, const SSL_CIPHER *b) | ||
| 632 | { | 1040 | { |
| 633 | long l; | 1041 | long l; |
| 634 | 1042 | ||
| @@ -639,8 +1047,8 @@ SSL_CIPHER *a,*b; | |||
| 639 | return((l > 0)?1:-1); | 1047 | return((l > 0)?1:-1); |
| 640 | } | 1048 | } |
| 641 | 1049 | ||
| 642 | int ssl_cipher_ptr_id_cmp(ap,bp) | 1050 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 643 | SSL_CIPHER **ap,**bp; | 1051 | const SSL_CIPHER * const *bp) |
| 644 | { | 1052 | { |
| 645 | long l; | 1053 | long l; |
| 646 | 1054 | ||
| @@ -651,10 +1059,9 @@ SSL_CIPHER **ap,**bp; | |||
| 651 | return((l > 0)?1:-1); | 1059 | return((l > 0)?1:-1); |
| 652 | } | 1060 | } |
| 653 | 1061 | ||
| 654 | /* return a STACK of the ciphers available for the SSL and in order of | 1062 | /** return a STACK of the ciphers available for the SSL and in order of |
| 655 | * preference */ | 1063 | * preference */ |
| 656 | STACK *SSL_get_ciphers(s) | 1064 | STACK_OF(SSL_CIPHER) *SSL_get_ciphers(SSL *s) |
| 657 | SSL *s; | ||
| 658 | { | 1065 | { |
| 659 | if ((s != NULL) && (s->cipher_list != NULL)) | 1066 | if ((s != NULL) && (s->cipher_list != NULL)) |
| 660 | { | 1067 | { |
| @@ -668,10 +1075,9 @@ SSL *s; | |||
| 668 | return(NULL); | 1075 | return(NULL); |
| 669 | } | 1076 | } |
| 670 | 1077 | ||
| 671 | /* return a STACK of the ciphers available for the SSL and in order of | 1078 | /** return a STACK of the ciphers available for the SSL and in order of |
| 672 | * algorithm id */ | 1079 | * algorithm id */ |
| 673 | STACK *ssl_get_ciphers_by_id(s) | 1080 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s) |
| 674 | SSL *s; | ||
| 675 | { | 1081 | { |
| 676 | if ((s != NULL) && (s->cipher_list_by_id != NULL)) | 1082 | if ((s != NULL) && (s->cipher_list_by_id != NULL)) |
| 677 | { | 1083 | { |
| @@ -685,29 +1091,25 @@ SSL *s; | |||
| 685 | return(NULL); | 1091 | return(NULL); |
| 686 | } | 1092 | } |
| 687 | 1093 | ||
| 688 | /* The old interface to get the same thing as SSL_get_ciphers() */ | 1094 | /** The old interface to get the same thing as SSL_get_ciphers() */ |
| 689 | char *SSL_get_cipher_list(s,n) | 1095 | const char *SSL_get_cipher_list(SSL *s,int n) |
| 690 | SSL *s; | ||
| 691 | int n; | ||
| 692 | { | 1096 | { |
| 693 | SSL_CIPHER *c; | 1097 | SSL_CIPHER *c; |
| 694 | STACK *sk; | 1098 | STACK_OF(SSL_CIPHER) *sk; |
| 695 | 1099 | ||
| 696 | if (s == NULL) return(NULL); | 1100 | if (s == NULL) return(NULL); |
| 697 | sk=SSL_get_ciphers(s); | 1101 | sk=SSL_get_ciphers(s); |
| 698 | if ((sk == NULL) || (sk_num(sk) <= n)) | 1102 | if ((sk == NULL) || (sk_SSL_CIPHER_num(sk) <= n)) |
| 699 | return(NULL); | 1103 | return(NULL); |
| 700 | c=(SSL_CIPHER *)sk_value(sk,n); | 1104 | c=sk_SSL_CIPHER_value(sk,n); |
| 701 | if (c == NULL) return(NULL); | 1105 | if (c == NULL) return(NULL); |
| 702 | return(c->name); | 1106 | return(c->name); |
| 703 | } | 1107 | } |
| 704 | 1108 | ||
| 705 | /* specify the ciphers to be used by defaut by the SSL_CTX */ | 1109 | /** specify the ciphers to be used by default by the SSL_CTX */ |
| 706 | int SSL_CTX_set_cipher_list(ctx,str) | 1110 | int SSL_CTX_set_cipher_list(SSL_CTX *ctx, const char *str) |
| 707 | SSL_CTX *ctx; | ||
| 708 | char *str; | ||
| 709 | { | 1111 | { |
| 710 | STACK *sk; | 1112 | STACK_OF(SSL_CIPHER) *sk; |
| 711 | 1113 | ||
| 712 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, | 1114 | sk=ssl_create_cipher_list(ctx->method,&ctx->cipher_list, |
| 713 | &ctx->cipher_list_by_id,str); | 1115 | &ctx->cipher_list_by_id,str); |
| @@ -715,12 +1117,10 @@ char *str; | |||
| 715 | return((sk == NULL)?0:1); | 1117 | return((sk == NULL)?0:1); |
| 716 | } | 1118 | } |
| 717 | 1119 | ||
| 718 | /* specify the ciphers to be used by the SSL */ | 1120 | /** specify the ciphers to be used by the SSL */ |
| 719 | int SSL_set_cipher_list(s, str) | 1121 | int SSL_set_cipher_list(SSL *s,const char *str) |
| 720 | SSL *s; | ||
| 721 | char *str; | ||
| 722 | { | 1122 | { |
| 723 | STACK *sk; | 1123 | STACK_OF(SSL_CIPHER) *sk; |
| 724 | 1124 | ||
| 725 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, | 1125 | sk=ssl_create_cipher_list(s->ctx->method,&s->cipher_list, |
| 726 | &s->cipher_list_by_id,str); | 1126 | &s->cipher_list_by_id,str); |
| @@ -729,13 +1129,11 @@ char *str; | |||
| 729 | } | 1129 | } |
| 730 | 1130 | ||
| 731 | /* works well for SSLv2, not so good for SSLv3 */ | 1131 | /* works well for SSLv2, not so good for SSLv3 */ |
| 732 | char *SSL_get_shared_ciphers(s,buf,len) | 1132 | char *SSL_get_shared_ciphers(SSL *s,char *buf,int len) |
| 733 | SSL *s; | ||
| 734 | char *buf; | ||
| 735 | int len; | ||
| 736 | { | 1133 | { |
| 737 | char *p,*cp; | 1134 | char *p; |
| 738 | STACK *sk; | 1135 | const char *cp; |
| 1136 | STACK_OF(SSL_CIPHER) *sk; | ||
| 739 | SSL_CIPHER *c; | 1137 | SSL_CIPHER *c; |
| 740 | int i; | 1138 | int i; |
| 741 | 1139 | ||
| @@ -745,11 +1143,11 @@ int len; | |||
| 745 | 1143 | ||
| 746 | p=buf; | 1144 | p=buf; |
| 747 | sk=s->session->ciphers; | 1145 | sk=s->session->ciphers; |
| 748 | for (i=0; i<sk_num(sk); i++) | 1146 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
| 749 | { | 1147 | { |
| 750 | /* Decrement for either the ':' or a '\0' */ | 1148 | /* Decrement for either the ':' or a '\0' */ |
| 751 | len--; | 1149 | len--; |
| 752 | c=(SSL_CIPHER *)sk_value(sk,i); | 1150 | c=sk_SSL_CIPHER_value(sk,i); |
| 753 | for (cp=c->name; *cp; ) | 1151 | for (cp=c->name; *cp; ) |
| 754 | { | 1152 | { |
| 755 | if (len-- == 0) | 1153 | if (len-- == 0) |
| @@ -766,35 +1164,36 @@ int len; | |||
| 766 | return(buf); | 1164 | return(buf); |
| 767 | } | 1165 | } |
| 768 | 1166 | ||
| 769 | int ssl_cipher_list_to_bytes(s,sk,p) | 1167 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p) |
| 770 | SSL *s; | ||
| 771 | STACK *sk; | ||
| 772 | unsigned char *p; | ||
| 773 | { | 1168 | { |
| 774 | int i,j=0; | 1169 | int i,j=0; |
| 775 | SSL_CIPHER *c; | 1170 | SSL_CIPHER *c; |
| 776 | unsigned char *q; | 1171 | unsigned char *q; |
| 1172 | #ifndef OPENSSL_NO_KRB5 | ||
| 1173 | int nokrb5 = !kssl_tgt_is_available(s->kssl_ctx); | ||
| 1174 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 777 | 1175 | ||
| 778 | if (sk == NULL) return(0); | 1176 | if (sk == NULL) return(0); |
| 779 | q=p; | 1177 | q=p; |
| 780 | 1178 | ||
| 781 | for (i=0; i<sk_num(sk); i++) | 1179 | for (i=0; i<sk_SSL_CIPHER_num(sk); i++) |
| 782 | { | 1180 | { |
| 783 | c=(SSL_CIPHER *)sk_value(sk,i); | 1181 | c=sk_SSL_CIPHER_value(sk,i); |
| 1182 | #ifndef OPENSSL_NO_KRB5 | ||
| 1183 | if ((c->algorithms & SSL_KRB5) && nokrb5) | ||
| 1184 | continue; | ||
| 1185 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 784 | j=ssl_put_cipher_by_char(s,c,p); | 1186 | j=ssl_put_cipher_by_char(s,c,p); |
| 785 | p+=j; | 1187 | p+=j; |
| 786 | } | 1188 | } |
| 787 | return(p-q); | 1189 | return(p-q); |
| 788 | } | 1190 | } |
| 789 | 1191 | ||
| 790 | STACK *ssl_bytes_to_cipher_list(s,p,num,skp) | 1192 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, |
| 791 | SSL *s; | 1193 | STACK_OF(SSL_CIPHER) **skp) |
| 792 | unsigned char *p; | ||
| 793 | int num; | ||
| 794 | STACK **skp; | ||
| 795 | { | 1194 | { |
| 796 | SSL_CIPHER *c; | 1195 | SSL_CIPHER *c; |
| 797 | STACK *sk; | 1196 | STACK_OF(SSL_CIPHER) *sk; |
| 798 | int i,n; | 1197 | int i,n; |
| 799 | 1198 | ||
| 800 | n=ssl_put_cipher_by_char(s,NULL,NULL); | 1199 | n=ssl_put_cipher_by_char(s,NULL,NULL); |
| @@ -804,11 +1203,11 @@ STACK **skp; | |||
| 804 | return(NULL); | 1203 | return(NULL); |
| 805 | } | 1204 | } |
| 806 | if ((skp == NULL) || (*skp == NULL)) | 1205 | if ((skp == NULL) || (*skp == NULL)) |
| 807 | sk=sk_new(NULL); /* change perhaps later */ | 1206 | sk=sk_SSL_CIPHER_new_null(); /* change perhaps later */ |
| 808 | else | 1207 | else |
| 809 | { | 1208 | { |
| 810 | sk= *skp; | 1209 | sk= *skp; |
| 811 | sk_zero(sk); | 1210 | sk_SSL_CIPHER_zero(sk); |
| 812 | } | 1211 | } |
| 813 | 1212 | ||
| 814 | for (i=0; i<num; i+=n) | 1213 | for (i=0; i<num; i+=n) |
| @@ -817,7 +1216,7 @@ STACK **skp; | |||
| 817 | p+=n; | 1216 | p+=n; |
| 818 | if (c != NULL) | 1217 | if (c != NULL) |
| 819 | { | 1218 | { |
| 820 | if (!sk_push(sk,(char *)c)) | 1219 | if (!sk_SSL_CIPHER_push(sk,c)) |
| 821 | { | 1220 | { |
| 822 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); | 1221 | SSLerr(SSL_F_SSL_BYTES_TO_CIPHER_LIST,ERR_R_MALLOC_FAILURE); |
| 823 | goto err; | 1222 | goto err; |
| @@ -830,23 +1229,28 @@ STACK **skp; | |||
| 830 | return(sk); | 1229 | return(sk); |
| 831 | err: | 1230 | err: |
| 832 | if ((skp == NULL) || (*skp == NULL)) | 1231 | if ((skp == NULL) || (*skp == NULL)) |
| 833 | sk_free(sk); | 1232 | sk_SSL_CIPHER_free(sk); |
| 834 | return(NULL); | 1233 | return(NULL); |
| 835 | } | 1234 | } |
| 836 | 1235 | ||
| 837 | unsigned long SSL_SESSION_hash(a) | 1236 | unsigned long SSL_SESSION_hash(SSL_SESSION *a) |
| 838 | SSL_SESSION *a; | ||
| 839 | { | 1237 | { |
| 840 | unsigned long l; | 1238 | unsigned long l; |
| 841 | 1239 | ||
| 842 | l= (a->session_id[0] )|(a->session_id[1]<< 8L)| | 1240 | l=(unsigned long) |
| 843 | (a->session_id[2]<<16L)|(a->session_id[3]<<24L); | 1241 | ((unsigned int) a->session_id[0] )| |
| 1242 | ((unsigned int) a->session_id[1]<< 8L)| | ||
| 1243 | ((unsigned long)a->session_id[2]<<16L)| | ||
| 1244 | ((unsigned long)a->session_id[3]<<24L); | ||
| 844 | return(l); | 1245 | return(l); |
| 845 | } | 1246 | } |
| 846 | 1247 | ||
| 847 | int SSL_SESSION_cmp(a, b) | 1248 | /* NB: If this function (or indeed the hash function which uses a sort of |
| 848 | SSL_SESSION *a; | 1249 | * coarser function than this one) is changed, ensure |
| 849 | SSL_SESSION *b; | 1250 | * SSL_CTX_has_matching_session_id() is checked accordingly. It relies on being |
| 1251 | * able to construct an SSL_SESSION that will collide with any existing session | ||
| 1252 | * with a matching session ID. */ | ||
| 1253 | int SSL_SESSION_cmp(SSL_SESSION *a,SSL_SESSION *b) | ||
| 850 | { | 1254 | { |
| 851 | if (a->ssl_version != b->ssl_version) | 1255 | if (a->ssl_version != b->ssl_version) |
| 852 | return(1); | 1256 | return(1); |
| @@ -855,17 +1259,29 @@ SSL_SESSION *b; | |||
| 855 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); | 1259 | return(memcmp(a->session_id,b->session_id,a->session_id_length)); |
| 856 | } | 1260 | } |
| 857 | 1261 | ||
| 858 | SSL_CTX *SSL_CTX_new(meth) | 1262 | /* These wrapper functions should remain rather than redeclaring |
| 859 | SSL_METHOD *meth; | 1263 | * SSL_SESSION_hash and SSL_SESSION_cmp for void* types and casting each |
| 1264 | * variable. The reason is that the functions aren't static, they're exposed via | ||
| 1265 | * ssl.h. */ | ||
| 1266 | static IMPLEMENT_LHASH_HASH_FN(SSL_SESSION_hash, SSL_SESSION *) | ||
| 1267 | static IMPLEMENT_LHASH_COMP_FN(SSL_SESSION_cmp, SSL_SESSION *) | ||
| 1268 | |||
| 1269 | SSL_CTX *SSL_CTX_new(SSL_METHOD *meth) | ||
| 860 | { | 1270 | { |
| 861 | SSL_CTX *ret; | 1271 | SSL_CTX *ret=NULL; |
| 862 | 1272 | ||
| 863 | if (meth == NULL) | 1273 | if (meth == NULL) |
| 864 | { | 1274 | { |
| 865 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); | 1275 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_NULL_SSL_METHOD_PASSED); |
| 866 | return(NULL); | 1276 | return(NULL); |
| 867 | } | 1277 | } |
| 868 | ret=(SSL_CTX *)Malloc(sizeof(SSL_CTX)); | 1278 | |
| 1279 | if (SSL_get_ex_data_X509_STORE_CTX_idx() < 0) | ||
| 1280 | { | ||
| 1281 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_X509_VERIFICATION_SETUP_PROBLEMS); | ||
| 1282 | goto err; | ||
| 1283 | } | ||
| 1284 | ret=(SSL_CTX *)OPENSSL_malloc(sizeof(SSL_CTX)); | ||
| 869 | if (ret == NULL) | 1285 | if (ret == NULL) |
| 870 | goto err; | 1286 | goto err; |
| 871 | 1287 | ||
| @@ -882,21 +1298,12 @@ SSL_METHOD *meth; | |||
| 882 | /* We take the system default */ | 1298 | /* We take the system default */ |
| 883 | ret->session_timeout=meth->get_timeout(); | 1299 | ret->session_timeout=meth->get_timeout(); |
| 884 | 1300 | ||
| 885 | ret->new_session_cb=NULL; | 1301 | ret->new_session_cb=0; |
| 886 | ret->remove_session_cb=NULL; | 1302 | ret->remove_session_cb=0; |
| 887 | ret->get_session_cb=NULL; | 1303 | ret->get_session_cb=0; |
| 888 | 1304 | ret->generate_session_id=0; | |
| 889 | ret->sess_connect=0; | 1305 | |
| 890 | ret->sess_connect_good=0; | 1306 | memset((char *)&ret->stats,0,sizeof(ret->stats)); |
| 891 | ret->sess_accept=0; | ||
| 892 | ret->sess_accept_renegotiate=0; | ||
| 893 | ret->sess_connect_renegotiate=0; | ||
| 894 | ret->sess_accept_good=0; | ||
| 895 | ret->sess_miss=0; | ||
| 896 | ret->sess_timeout=0; | ||
| 897 | ret->sess_cache_full=0; | ||
| 898 | ret->sess_hit=0; | ||
| 899 | ret->sess_cb_hit=0; | ||
| 900 | 1307 | ||
| 901 | ret->references=1; | 1308 | ret->references=1; |
| 902 | ret->quiet_shutdown=0; | 1309 | ret->quiet_shutdown=0; |
| @@ -909,19 +1316,26 @@ SSL_METHOD *meth; | |||
| 909 | 1316 | ||
| 910 | ret->info_callback=NULL; | 1317 | ret->info_callback=NULL; |
| 911 | 1318 | ||
| 912 | ret->app_verify_callback=NULL; | 1319 | ret->app_verify_callback=0; |
| 913 | ret->app_verify_arg=NULL; | 1320 | ret->app_verify_arg=NULL; |
| 914 | 1321 | ||
| 915 | ret->default_read_ahead=0; | 1322 | ret->max_cert_list=SSL_MAX_CERT_LIST_DEFAULT; |
| 916 | ret->default_verify_mode=SSL_VERIFY_NONE; | 1323 | ret->read_ahead=0; |
| 1324 | ret->msg_callback=0; | ||
| 1325 | ret->msg_callback_arg=NULL; | ||
| 1326 | ret->verify_mode=SSL_VERIFY_NONE; | ||
| 1327 | ret->verify_depth=-1; /* Don't impose a limit (but x509_lu.c does) */ | ||
| 1328 | ret->sid_ctx_length=0; | ||
| 917 | ret->default_verify_callback=NULL; | 1329 | ret->default_verify_callback=NULL; |
| 918 | if ((ret->default_cert=ssl_cert_new()) == NULL) | 1330 | if ((ret->cert=ssl_cert_new()) == NULL) |
| 919 | goto err; | 1331 | goto err; |
| 920 | 1332 | ||
| 921 | ret->default_passwd_callback=NULL; | 1333 | ret->default_passwd_callback=0; |
| 922 | ret->client_cert_cb=NULL; | 1334 | ret->default_passwd_callback_userdata=NULL; |
| 1335 | ret->client_cert_cb=0; | ||
| 923 | 1336 | ||
| 924 | ret->sessions=lh_new(SSL_SESSION_hash,SSL_SESSION_cmp); | 1337 | ret->sessions=lh_new(LHASH_HASH_FN(SSL_SESSION_hash), |
| 1338 | LHASH_COMP_FN(SSL_SESSION_cmp)); | ||
| 925 | if (ret->sessions == NULL) goto err; | 1339 | if (ret->sessions == NULL) goto err; |
| 926 | ret->cert_store=X509_STORE_new(); | 1340 | ret->cert_store=X509_STORE_new(); |
| 927 | if (ret->cert_store == NULL) goto err; | 1341 | if (ret->cert_store == NULL) goto err; |
| @@ -929,7 +1343,8 @@ SSL_METHOD *meth; | |||
| 929 | ssl_create_cipher_list(ret->method, | 1343 | ssl_create_cipher_list(ret->method, |
| 930 | &ret->cipher_list,&ret->cipher_list_by_id, | 1344 | &ret->cipher_list,&ret->cipher_list_by_id, |
| 931 | SSL_DEFAULT_CIPHER_LIST); | 1345 | SSL_DEFAULT_CIPHER_LIST); |
| 932 | if ((ret->cipher_list == NULL) || (sk_num(ret->cipher_list) <= 0)) | 1346 | if (ret->cipher_list == NULL |
| 1347 | || sk_SSL_CIPHER_num(ret->cipher_list) <= 0) | ||
| 933 | { | 1348 | { |
| 934 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); | 1349 | SSLerr(SSL_F_SSL_CTX_NEW,SSL_R_LIBRARY_HAS_NO_CIPHERS); |
| 935 | goto err2; | 1350 | goto err2; |
| @@ -951,10 +1366,13 @@ SSL_METHOD *meth; | |||
| 951 | goto err2; | 1366 | goto err2; |
| 952 | } | 1367 | } |
| 953 | 1368 | ||
| 954 | if ((ret->client_CA=sk_new_null()) == NULL) | 1369 | if ((ret->client_CA=sk_X509_NAME_new_null()) == NULL) |
| 955 | goto err; | 1370 | goto err; |
| 956 | 1371 | ||
| 957 | CRYPTO_new_ex_data(ssl_ctx_meth,(char *)ret,&ret->ex_data); | 1372 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_CTX, ret, &ret->ex_data); |
| 1373 | |||
| 1374 | ret->extra_certs=NULL; | ||
| 1375 | ret->comp_methods=SSL_COMP_get_compression_methods(); | ||
| 958 | 1376 | ||
| 959 | return(ret); | 1377 | return(ret); |
| 960 | err: | 1378 | err: |
| @@ -964,8 +1382,12 @@ err2: | |||
| 964 | return(NULL); | 1382 | return(NULL); |
| 965 | } | 1383 | } |
| 966 | 1384 | ||
| 967 | void SSL_CTX_free(a) | 1385 | #if 0 |
| 968 | SSL_CTX *a; | 1386 | static void SSL_COMP_free(SSL_COMP *comp) |
| 1387 | { OPENSSL_free(comp); } | ||
| 1388 | #endif | ||
| 1389 | |||
| 1390 | void SSL_CTX_free(SSL_CTX *a) | ||
| 969 | { | 1391 | { |
| 970 | int i; | 1392 | int i; |
| 971 | 1393 | ||
| @@ -983,7 +1405,7 @@ SSL_CTX *a; | |||
| 983 | abort(); /* ok */ | 1405 | abort(); /* ok */ |
| 984 | } | 1406 | } |
| 985 | #endif | 1407 | #endif |
| 986 | CRYPTO_free_ex_data(ssl_ctx_meth,(char *)a,&a->ex_data); | 1408 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_CTX, a, &a->ex_data); |
| 987 | 1409 | ||
| 988 | if (a->sessions != NULL) | 1410 | if (a->sessions != NULL) |
| 989 | { | 1411 | { |
| @@ -993,96 +1415,105 @@ SSL_CTX *a; | |||
| 993 | if (a->cert_store != NULL) | 1415 | if (a->cert_store != NULL) |
| 994 | X509_STORE_free(a->cert_store); | 1416 | X509_STORE_free(a->cert_store); |
| 995 | if (a->cipher_list != NULL) | 1417 | if (a->cipher_list != NULL) |
| 996 | sk_free(a->cipher_list); | 1418 | sk_SSL_CIPHER_free(a->cipher_list); |
| 997 | if (a->cipher_list_by_id != NULL) | 1419 | if (a->cipher_list_by_id != NULL) |
| 998 | sk_free(a->cipher_list_by_id); | 1420 | sk_SSL_CIPHER_free(a->cipher_list_by_id); |
| 999 | if (a->default_cert != NULL) | 1421 | if (a->cert != NULL) |
| 1000 | ssl_cert_free(a->default_cert); | 1422 | ssl_cert_free(a->cert); |
| 1001 | if (a->client_CA != NULL) | 1423 | if (a->client_CA != NULL) |
| 1002 | sk_pop_free(a->client_CA,X509_NAME_free); | 1424 | sk_X509_NAME_pop_free(a->client_CA,X509_NAME_free); |
| 1003 | Free((char *)a); | 1425 | if (a->extra_certs != NULL) |
| 1426 | sk_X509_pop_free(a->extra_certs,X509_free); | ||
| 1427 | #if 0 /* This should never be done, since it removes a global database */ | ||
| 1428 | if (a->comp_methods != NULL) | ||
| 1429 | sk_SSL_COMP_pop_free(a->comp_methods,SSL_COMP_free); | ||
| 1430 | #else | ||
| 1431 | a->comp_methods = NULL; | ||
| 1432 | #endif | ||
| 1433 | OPENSSL_free(a); | ||
| 1004 | } | 1434 | } |
| 1005 | 1435 | ||
| 1006 | void SSL_CTX_set_default_passwd_cb(ctx,cb) | 1436 | void SSL_CTX_set_default_passwd_cb(SSL_CTX *ctx, pem_password_cb *cb) |
| 1007 | SSL_CTX *ctx; | ||
| 1008 | int (*cb)(); | ||
| 1009 | { | 1437 | { |
| 1010 | ctx->default_passwd_callback=cb; | 1438 | ctx->default_passwd_callback=cb; |
| 1011 | } | 1439 | } |
| 1012 | 1440 | ||
| 1013 | void SSL_CTX_set_cert_verify_cb(ctx,cb,arg) | 1441 | void SSL_CTX_set_default_passwd_cb_userdata(SSL_CTX *ctx,void *u) |
| 1014 | SSL_CTX *ctx; | 1442 | { |
| 1015 | int (*cb)(); | 1443 | ctx->default_passwd_callback_userdata=u; |
| 1016 | char *arg; | 1444 | } |
| 1445 | |||
| 1446 | void SSL_CTX_set_cert_verify_callback(SSL_CTX *ctx, int (*cb)(X509_STORE_CTX *,void *), void *arg) | ||
| 1017 | { | 1447 | { |
| 1018 | ctx->app_verify_callback=cb; | 1448 | ctx->app_verify_callback=cb; |
| 1019 | ctx->app_verify_arg=arg; | 1449 | ctx->app_verify_arg=arg; |
| 1020 | } | 1450 | } |
| 1021 | 1451 | ||
| 1022 | void SSL_CTX_set_verify(ctx,mode,cb) | 1452 | void SSL_CTX_set_verify(SSL_CTX *ctx,int mode,int (*cb)(int, X509_STORE_CTX *)) |
| 1023 | SSL_CTX *ctx; | ||
| 1024 | int mode; | ||
| 1025 | int (*cb)(); | ||
| 1026 | { | 1453 | { |
| 1027 | ctx->default_verify_mode=mode; | 1454 | ctx->verify_mode=mode; |
| 1028 | ctx->default_verify_callback=cb; | 1455 | ctx->default_verify_callback=cb; |
| 1029 | /* This needs cleaning up EAY EAY EAY */ | ||
| 1030 | X509_STORE_set_verify_cb_func(ctx->cert_store,cb); | ||
| 1031 | } | 1456 | } |
| 1032 | 1457 | ||
| 1033 | void ssl_set_cert_masks(c) | 1458 | void SSL_CTX_set_verify_depth(SSL_CTX *ctx,int depth) |
| 1034 | CERT *c; | 1459 | { |
| 1460 | ctx->verify_depth=depth; | ||
| 1461 | } | ||
| 1462 | |||
| 1463 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher) | ||
| 1035 | { | 1464 | { |
| 1036 | CERT_PKEY *cpk; | 1465 | CERT_PKEY *cpk; |
| 1037 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; | 1466 | int rsa_enc,rsa_tmp,rsa_sign,dh_tmp,dh_rsa,dh_dsa,dsa_sign; |
| 1038 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; | 1467 | int rsa_enc_export,dh_rsa_export,dh_dsa_export; |
| 1039 | int rsa_tmp_export,dh_tmp_export; | 1468 | int rsa_tmp_export,dh_tmp_export,kl; |
| 1040 | unsigned long mask,emask; | 1469 | unsigned long mask,emask; |
| 1041 | 1470 | ||
| 1042 | if ((c == NULL) || (c->valid)) return; | 1471 | if (c == NULL) return; |
| 1043 | 1472 | ||
| 1044 | #ifndef NO_RSA | 1473 | kl=SSL_C_EXPORT_PKEYLENGTH(cipher); |
| 1045 | rsa_tmp=((c->rsa_tmp != NULL) || (c->rsa_tmp_cb != NULL))?1:0; | 1474 | |
| 1046 | rsa_tmp_export=((c->rsa_tmp_cb != NULL) || | 1475 | #ifndef OPENSSL_NO_RSA |
| 1047 | (rsa_tmp && (RSA_size(c->rsa_tmp)*8 <= 512)))?1:0; | 1476 | rsa_tmp=(c->rsa_tmp != NULL || c->rsa_tmp_cb != NULL); |
| 1477 | rsa_tmp_export=(c->rsa_tmp_cb != NULL || | ||
| 1478 | (rsa_tmp && RSA_size(c->rsa_tmp)*8 <= kl)); | ||
| 1048 | #else | 1479 | #else |
| 1049 | rsa_tmp=rsa_tmp_export=0; | 1480 | rsa_tmp=rsa_tmp_export=0; |
| 1050 | #endif | 1481 | #endif |
| 1051 | #ifndef NO_DH | 1482 | #ifndef OPENSSL_NO_DH |
| 1052 | dh_tmp=((c->dh_tmp != NULL) || (c->dh_tmp_cb != NULL))?1:0; | 1483 | dh_tmp=(c->dh_tmp != NULL || c->dh_tmp_cb != NULL); |
| 1053 | dh_tmp_export=((c->dh_tmp_cb != NULL) || | 1484 | dh_tmp_export=(c->dh_tmp_cb != NULL || |
| 1054 | (dh_tmp && (DH_size(c->dh_tmp)*8 <= 512)))?1:0; | 1485 | (dh_tmp && DH_size(c->dh_tmp)*8 <= kl)); |
| 1055 | #else | 1486 | #else |
| 1056 | dh_tmp=dh_tmp_export=0; | 1487 | dh_tmp=dh_tmp_export=0; |
| 1057 | #endif | 1488 | #endif |
| 1058 | 1489 | ||
| 1059 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); | 1490 | cpk= &(c->pkeys[SSL_PKEY_RSA_ENC]); |
| 1060 | rsa_enc= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; | 1491 | rsa_enc= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1061 | rsa_enc_export=(rsa_enc && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; | 1492 | rsa_enc_export=(rsa_enc && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 1062 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); | 1493 | cpk= &(c->pkeys[SSL_PKEY_RSA_SIGN]); |
| 1063 | rsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; | 1494 | rsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1064 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); | 1495 | cpk= &(c->pkeys[SSL_PKEY_DSA_SIGN]); |
| 1065 | dsa_sign=((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; | 1496 | dsa_sign=(cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1066 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); | 1497 | cpk= &(c->pkeys[SSL_PKEY_DH_RSA]); |
| 1067 | dh_rsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; | 1498 | dh_rsa= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1068 | dh_rsa_export=(dh_rsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; | 1499 | dh_rsa_export=(dh_rsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 1069 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); | 1500 | cpk= &(c->pkeys[SSL_PKEY_DH_DSA]); |
| 1070 | /* FIX THIS EAY EAY EAY */ | 1501 | /* FIX THIS EAY EAY EAY */ |
| 1071 | dh_dsa= ((cpk->x509 != NULL) && (cpk->privatekey != NULL))?1:0; | 1502 | dh_dsa= (cpk->x509 != NULL && cpk->privatekey != NULL); |
| 1072 | dh_dsa_export=(dh_dsa && (EVP_PKEY_size(cpk->privatekey)*8 <= 512))?1:0; | 1503 | dh_dsa_export=(dh_dsa && EVP_PKEY_size(cpk->privatekey)*8 <= kl); |
| 1073 | 1504 | ||
| 1074 | mask=0; | 1505 | mask=0; |
| 1075 | emask=0; | 1506 | emask=0; |
| 1076 | 1507 | ||
| 1077 | #ifdef CIPHER_DEBUG | 1508 | #ifdef CIPHER_DEBUG |
| 1078 | printf("rt=%d dht=%d re=%d rs=%d ds=%d dhr=%d dhd=%d\n", | 1509 | printf("rt=%d rte=%d dht=%d re=%d ree=%d rs=%d ds=%d dhr=%d dhd=%d\n", |
| 1079 | rsa_tmp,dh_tmp, | 1510 | rsa_tmp,rsa_tmp_export,dh_tmp, |
| 1080 | rsa_enc,rsa_sign,dsa_sign,dh_rsa,dh_dsa); | 1511 | rsa_enc,rsa_enc_export,rsa_sign,dsa_sign,dh_rsa,dh_dsa); |
| 1081 | #endif | 1512 | #endif |
| 1082 | 1513 | ||
| 1083 | if (rsa_enc || (rsa_tmp && rsa_sign)) | 1514 | if (rsa_enc || (rsa_tmp && rsa_sign)) |
| 1084 | mask|=SSL_kRSA; | 1515 | mask|=SSL_kRSA; |
| 1085 | if (rsa_enc_export || (rsa_tmp_export && rsa_sign)) | 1516 | if (rsa_enc_export || (rsa_tmp_export && (rsa_sign || rsa_enc))) |
| 1086 | emask|=SSL_kRSA; | 1517 | emask|=SSL_kRSA; |
| 1087 | 1518 | ||
| 1088 | #if 0 | 1519 | #if 0 |
| @@ -1119,9 +1550,12 @@ CERT *c; | |||
| 1119 | emask|=SSL_aDSS; | 1550 | emask|=SSL_aDSS; |
| 1120 | } | 1551 | } |
| 1121 | 1552 | ||
| 1122 | #ifdef SSL_ALLOW_ADH | ||
| 1123 | mask|=SSL_aNULL; | 1553 | mask|=SSL_aNULL; |
| 1124 | emask|=SSL_aNULL; | 1554 | emask|=SSL_aNULL; |
| 1555 | |||
| 1556 | #ifndef OPENSSL_NO_KRB5 | ||
| 1557 | mask|=SSL_kKRB5|SSL_aKRB5; | ||
| 1558 | emask|=SSL_kKRB5|SSL_aKRB5; | ||
| 1125 | #endif | 1559 | #endif |
| 1126 | 1560 | ||
| 1127 | c->mask=mask; | 1561 | c->mask=mask; |
| @@ -1130,18 +1564,17 @@ CERT *c; | |||
| 1130 | } | 1564 | } |
| 1131 | 1565 | ||
| 1132 | /* THIS NEEDS CLEANING UP */ | 1566 | /* THIS NEEDS CLEANING UP */ |
| 1133 | X509 *ssl_get_server_send_cert(s) | 1567 | X509 *ssl_get_server_send_cert(SSL *s) |
| 1134 | SSL *s; | ||
| 1135 | { | 1568 | { |
| 1136 | unsigned long alg,mask,kalg; | 1569 | unsigned long alg,mask,kalg; |
| 1137 | CERT *c; | 1570 | CERT *c; |
| 1138 | int i,export; | 1571 | int i,is_export; |
| 1139 | 1572 | ||
| 1140 | c=s->cert; | 1573 | c=s->cert; |
| 1141 | ssl_set_cert_masks(c); | 1574 | ssl_set_cert_masks(c, s->s3->tmp.new_cipher); |
| 1142 | alg=s->s3->tmp.new_cipher->algorithms; | 1575 | alg=s->s3->tmp.new_cipher->algorithms; |
| 1143 | export=(alg & SSL_EXPORT)?1:0; | 1576 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 1144 | mask=(export)?c->export_mask:c->mask; | 1577 | mask=is_export?c->export_mask:c->mask; |
| 1145 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); | 1578 | kalg=alg&(SSL_MKEY_MASK|SSL_AUTH_MASK); |
| 1146 | 1579 | ||
| 1147 | if (kalg & SSL_kDHr) | 1580 | if (kalg & SSL_kDHr) |
| @@ -1157,18 +1590,21 @@ SSL *s; | |||
| 1157 | else | 1590 | else |
| 1158 | i=SSL_PKEY_RSA_ENC; | 1591 | i=SSL_PKEY_RSA_ENC; |
| 1159 | } | 1592 | } |
| 1593 | else if (kalg & SSL_aKRB5) | ||
| 1594 | { | ||
| 1595 | /* VRS something else here? */ | ||
| 1596 | return(NULL); | ||
| 1597 | } | ||
| 1160 | else /* if (kalg & SSL_aNULL) */ | 1598 | else /* if (kalg & SSL_aNULL) */ |
| 1161 | { | 1599 | { |
| 1162 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,SSL_R_INTERNAL_ERROR); | 1600 | SSLerr(SSL_F_SSL_GET_SERVER_SEND_CERT,ERR_R_INTERNAL_ERROR); |
| 1163 | return(NULL); | 1601 | return(NULL); |
| 1164 | } | 1602 | } |
| 1165 | if (c->pkeys[i].x509 == NULL) return(NULL); | 1603 | if (c->pkeys[i].x509 == NULL) return(NULL); |
| 1166 | return(c->pkeys[i].x509); | 1604 | return(c->pkeys[i].x509); |
| 1167 | } | 1605 | } |
| 1168 | 1606 | ||
| 1169 | EVP_PKEY *ssl_get_sign_pkey(s,cipher) | 1607 | EVP_PKEY *ssl_get_sign_pkey(SSL *s,SSL_CIPHER *cipher) |
| 1170 | SSL *s; | ||
| 1171 | SSL_CIPHER *cipher; | ||
| 1172 | { | 1608 | { |
| 1173 | unsigned long alg; | 1609 | unsigned long alg; |
| 1174 | CERT *c; | 1610 | CERT *c; |
| @@ -1190,14 +1626,12 @@ SSL_CIPHER *cipher; | |||
| 1190 | } | 1626 | } |
| 1191 | else /* if (alg & SSL_aNULL) */ | 1627 | else /* if (alg & SSL_aNULL) */ |
| 1192 | { | 1628 | { |
| 1193 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,SSL_R_INTERNAL_ERROR); | 1629 | SSLerr(SSL_F_SSL_GET_SIGN_PKEY,ERR_R_INTERNAL_ERROR); |
| 1194 | return(NULL); | 1630 | return(NULL); |
| 1195 | } | 1631 | } |
| 1196 | } | 1632 | } |
| 1197 | 1633 | ||
| 1198 | void ssl_update_cache(s,mode) | 1634 | void ssl_update_cache(SSL *s,int mode) |
| 1199 | SSL *s; | ||
| 1200 | int mode; | ||
| 1201 | { | 1635 | { |
| 1202 | int i; | 1636 | int i; |
| 1203 | 1637 | ||
| @@ -1205,9 +1639,10 @@ int mode; | |||
| 1205 | * and it would be rather hard to do anyway :-) */ | 1639 | * and it would be rather hard to do anyway :-) */ |
| 1206 | if (s->session->session_id_length == 0) return; | 1640 | if (s->session->session_id_length == 0) return; |
| 1207 | 1641 | ||
| 1208 | if ((s->ctx->session_cache_mode & mode) | 1642 | i=s->ctx->session_cache_mode; |
| 1209 | && (!s->hit) | 1643 | if ((i & mode) && (!s->hit) |
| 1210 | && SSL_CTX_add_session(s->ctx,s->session) | 1644 | && ((i & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP) |
| 1645 | || SSL_CTX_add_session(s->ctx,s->session)) | ||
| 1211 | && (s->ctx->new_session_cb != NULL)) | 1646 | && (s->ctx->new_session_cb != NULL)) |
| 1212 | { | 1647 | { |
| 1213 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); | 1648 | CRYPTO_add(&s->session->references,1,CRYPTO_LOCK_SSL_SESSION); |
| @@ -1216,28 +1651,24 @@ int mode; | |||
| 1216 | } | 1651 | } |
| 1217 | 1652 | ||
| 1218 | /* auto flush every 255 connections */ | 1653 | /* auto flush every 255 connections */ |
| 1219 | i=s->ctx->session_cache_mode; | ||
| 1220 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && | 1654 | if ((!(i & SSL_SESS_CACHE_NO_AUTO_CLEAR)) && |
| 1221 | ((i & mode) == mode)) | 1655 | ((i & mode) == mode)) |
| 1222 | { | 1656 | { |
| 1223 | if ( (((mode & SSL_SESS_CACHE_CLIENT) | 1657 | if ( (((mode & SSL_SESS_CACHE_CLIENT) |
| 1224 | ?s->ctx->sess_connect_good | 1658 | ?s->ctx->stats.sess_connect_good |
| 1225 | :s->ctx->sess_accept_good) & 0xff) == 0xff) | 1659 | :s->ctx->stats.sess_accept_good) & 0xff) == 0xff) |
| 1226 | { | 1660 | { |
| 1227 | SSL_CTX_flush_sessions(s->ctx,time(NULL)); | 1661 | SSL_CTX_flush_sessions(s->ctx,time(NULL)); |
| 1228 | } | 1662 | } |
| 1229 | } | 1663 | } |
| 1230 | } | 1664 | } |
| 1231 | 1665 | ||
| 1232 | SSL_METHOD *SSL_get_ssl_method(s) | 1666 | SSL_METHOD *SSL_get_ssl_method(SSL *s) |
| 1233 | SSL *s; | ||
| 1234 | { | 1667 | { |
| 1235 | return(s->method); | 1668 | return(s->method); |
| 1236 | } | 1669 | } |
| 1237 | 1670 | ||
| 1238 | int SSL_set_ssl_method(s,meth) | 1671 | int SSL_set_ssl_method(SSL *s,SSL_METHOD *meth) |
| 1239 | SSL *s; | ||
| 1240 | SSL_METHOD *meth; | ||
| 1241 | { | 1672 | { |
| 1242 | int conn= -1; | 1673 | int conn= -1; |
| 1243 | int ret=1; | 1674 | int ret=1; |
| @@ -1264,17 +1695,23 @@ SSL_METHOD *meth; | |||
| 1264 | return(ret); | 1695 | return(ret); |
| 1265 | } | 1696 | } |
| 1266 | 1697 | ||
| 1267 | int SSL_get_error(s,i) | 1698 | int SSL_get_error(SSL *s,int i) |
| 1268 | SSL *s; | ||
| 1269 | int i; | ||
| 1270 | { | 1699 | { |
| 1271 | int reason; | 1700 | int reason; |
| 1701 | unsigned long l; | ||
| 1272 | BIO *bio; | 1702 | BIO *bio; |
| 1273 | 1703 | ||
| 1274 | if (i > 0) return(SSL_ERROR_NONE); | 1704 | if (i > 0) return(SSL_ERROR_NONE); |
| 1275 | 1705 | ||
| 1276 | if (ERR_peek_error() != 0) | 1706 | /* Make things return SSL_ERROR_SYSCALL when doing SSL_do_handshake |
| 1277 | return(SSL_ERROR_SSL); | 1707 | * etc, where we do encode the error */ |
| 1708 | if ((l=ERR_peek_error()) != 0) | ||
| 1709 | { | ||
| 1710 | if (ERR_GET_LIB(l) == ERR_LIB_SYS) | ||
| 1711 | return(SSL_ERROR_SYSCALL); | ||
| 1712 | else | ||
| 1713 | return(SSL_ERROR_SSL); | ||
| 1714 | } | ||
| 1278 | 1715 | ||
| 1279 | if ((i < 0) && SSL_want_read(s)) | 1716 | if ((i < 0) && SSL_want_read(s)) |
| 1280 | { | 1717 | { |
| @@ -1282,12 +1719,23 @@ int i; | |||
| 1282 | if (BIO_should_read(bio)) | 1719 | if (BIO_should_read(bio)) |
| 1283 | return(SSL_ERROR_WANT_READ); | 1720 | return(SSL_ERROR_WANT_READ); |
| 1284 | else if (BIO_should_write(bio)) | 1721 | else if (BIO_should_write(bio)) |
| 1722 | /* This one doesn't make too much sense ... We never try | ||
| 1723 | * to write to the rbio, and an application program where | ||
| 1724 | * rbio and wbio are separate couldn't even know what it | ||
| 1725 | * should wait for. | ||
| 1726 | * However if we ever set s->rwstate incorrectly | ||
| 1727 | * (so that we have SSL_want_read(s) instead of | ||
| 1728 | * SSL_want_write(s)) and rbio and wbio *are* the same, | ||
| 1729 | * this test works around that bug; so it might be safer | ||
| 1730 | * to keep it. */ | ||
| 1285 | return(SSL_ERROR_WANT_WRITE); | 1731 | return(SSL_ERROR_WANT_WRITE); |
| 1286 | else if (BIO_should_io_special(bio)) | 1732 | else if (BIO_should_io_special(bio)) |
| 1287 | { | 1733 | { |
| 1288 | reason=BIO_get_retry_reason(bio); | 1734 | reason=BIO_get_retry_reason(bio); |
| 1289 | if (reason == BIO_RR_CONNECT) | 1735 | if (reason == BIO_RR_CONNECT) |
| 1290 | return(SSL_ERROR_WANT_CONNECT); | 1736 | return(SSL_ERROR_WANT_CONNECT); |
| 1737 | else if (reason == BIO_RR_ACCEPT) | ||
| 1738 | return(SSL_ERROR_WANT_ACCEPT); | ||
| 1291 | else | 1739 | else |
| 1292 | return(SSL_ERROR_SYSCALL); /* unknown */ | 1740 | return(SSL_ERROR_SYSCALL); /* unknown */ |
| 1293 | } | 1741 | } |
| @@ -1299,12 +1747,15 @@ int i; | |||
| 1299 | if (BIO_should_write(bio)) | 1747 | if (BIO_should_write(bio)) |
| 1300 | return(SSL_ERROR_WANT_WRITE); | 1748 | return(SSL_ERROR_WANT_WRITE); |
| 1301 | else if (BIO_should_read(bio)) | 1749 | else if (BIO_should_read(bio)) |
| 1750 | /* See above (SSL_want_read(s) with BIO_should_write(bio)) */ | ||
| 1302 | return(SSL_ERROR_WANT_READ); | 1751 | return(SSL_ERROR_WANT_READ); |
| 1303 | else if (BIO_should_io_special(bio)) | 1752 | else if (BIO_should_io_special(bio)) |
| 1304 | { | 1753 | { |
| 1305 | reason=BIO_get_retry_reason(bio); | 1754 | reason=BIO_get_retry_reason(bio); |
| 1306 | if (reason == BIO_RR_CONNECT) | 1755 | if (reason == BIO_RR_CONNECT) |
| 1307 | return(SSL_ERROR_WANT_CONNECT); | 1756 | return(SSL_ERROR_WANT_CONNECT); |
| 1757 | else if (reason == BIO_RR_ACCEPT) | ||
| 1758 | return(SSL_ERROR_WANT_ACCEPT); | ||
| 1308 | else | 1759 | else |
| 1309 | return(SSL_ERROR_SYSCALL); | 1760 | return(SSL_ERROR_SYSCALL); |
| 1310 | } | 1761 | } |
| @@ -1331,8 +1782,7 @@ int i; | |||
| 1331 | return(SSL_ERROR_SYSCALL); | 1782 | return(SSL_ERROR_SYSCALL); |
| 1332 | } | 1783 | } |
| 1333 | 1784 | ||
| 1334 | int SSL_do_handshake(s) | 1785 | int SSL_do_handshake(SSL *s) |
| 1335 | SSL *s; | ||
| 1336 | { | 1786 | { |
| 1337 | int ret=1; | 1787 | int ret=1; |
| 1338 | 1788 | ||
| @@ -1341,7 +1791,9 @@ SSL *s; | |||
| 1341 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); | 1791 | SSLerr(SSL_F_SSL_DO_HANDSHAKE,SSL_R_CONNECTION_TYPE_NOT_SET); |
| 1342 | return(-1); | 1792 | return(-1); |
| 1343 | } | 1793 | } |
| 1344 | if (s->s3->renegotiate) ssl3_renegotiate_check(s); | 1794 | |
| 1795 | s->method->ssl_renegotiate_check(s); | ||
| 1796 | |||
| 1345 | if (SSL_in_init(s) || SSL_in_before(s)) | 1797 | if (SSL_in_init(s) || SSL_in_before(s)) |
| 1346 | { | 1798 | { |
| 1347 | ret=s->handshake_func(s); | 1799 | ret=s->handshake_func(s); |
| @@ -1351,9 +1803,9 @@ SSL *s; | |||
| 1351 | 1803 | ||
| 1352 | /* For the next 2 functions, SSL_clear() sets shutdown and so | 1804 | /* For the next 2 functions, SSL_clear() sets shutdown and so |
| 1353 | * one of these calls will reset it */ | 1805 | * one of these calls will reset it */ |
| 1354 | void SSL_set_accept_state(s) | 1806 | void SSL_set_accept_state(SSL *s) |
| 1355 | SSL *s; | ||
| 1356 | { | 1807 | { |
| 1808 | s->server=1; | ||
| 1357 | s->shutdown=0; | 1809 | s->shutdown=0; |
| 1358 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; | 1810 | s->state=SSL_ST_ACCEPT|SSL_ST_BEFORE; |
| 1359 | s->handshake_func=s->method->ssl_accept; | 1811 | s->handshake_func=s->method->ssl_accept; |
| @@ -1361,9 +1813,9 @@ SSL *s; | |||
| 1361 | ssl_clear_cipher_ctx(s); | 1813 | ssl_clear_cipher_ctx(s); |
| 1362 | } | 1814 | } |
| 1363 | 1815 | ||
| 1364 | void SSL_set_connect_state(s) | 1816 | void SSL_set_connect_state(SSL *s) |
| 1365 | SSL *s; | ||
| 1366 | { | 1817 | { |
| 1818 | s->server=0; | ||
| 1367 | s->shutdown=0; | 1819 | s->shutdown=0; |
| 1368 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; | 1820 | s->state=SSL_ST_CONNECT|SSL_ST_BEFORE; |
| 1369 | s->handshake_func=s->method->ssl_connect; | 1821 | s->handshake_func=s->method->ssl_connect; |
| @@ -1371,22 +1823,19 @@ SSL *s; | |||
| 1371 | ssl_clear_cipher_ctx(s); | 1823 | ssl_clear_cipher_ctx(s); |
| 1372 | } | 1824 | } |
| 1373 | 1825 | ||
| 1374 | int ssl_undefined_function(s) | 1826 | int ssl_undefined_function(SSL *s) |
| 1375 | SSL *s; | ||
| 1376 | { | 1827 | { |
| 1377 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1828 | SSLerr(SSL_F_SSL_UNDEFINED_FUNCTION,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 1378 | return(0); | 1829 | return(0); |
| 1379 | } | 1830 | } |
| 1380 | 1831 | ||
| 1381 | SSL_METHOD *ssl_bad_method(ver) | 1832 | SSL_METHOD *ssl_bad_method(int ver) |
| 1382 | int ver; | ||
| 1383 | { | 1833 | { |
| 1384 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); | 1834 | SSLerr(SSL_F_SSL_BAD_METHOD,ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); |
| 1385 | return(NULL); | 1835 | return(NULL); |
| 1386 | } | 1836 | } |
| 1387 | 1837 | ||
| 1388 | char *SSL_get_version(s) | 1838 | const char *SSL_get_version(SSL *s) |
| 1389 | SSL *s; | ||
| 1390 | { | 1839 | { |
| 1391 | if (s->version == TLS1_VERSION) | 1840 | if (s->version == TLS1_VERSION) |
| 1392 | return("TLSv1"); | 1841 | return("TLSv1"); |
| @@ -1398,30 +1847,67 @@ SSL *s; | |||
| 1398 | return("unknown"); | 1847 | return("unknown"); |
| 1399 | } | 1848 | } |
| 1400 | 1849 | ||
| 1401 | SSL *SSL_dup(s) | 1850 | SSL *SSL_dup(SSL *s) |
| 1402 | SSL *s; | 1851 | { |
| 1403 | { | 1852 | STACK_OF(X509_NAME) *sk; |
| 1404 | STACK *sk; | ||
| 1405 | X509_NAME *xn; | 1853 | X509_NAME *xn; |
| 1406 | SSL *ret; | 1854 | SSL *ret; |
| 1407 | int i; | 1855 | int i; |
| 1408 | 1856 | ||
| 1409 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) return(NULL); | 1857 | if ((ret=SSL_new(SSL_get_SSL_CTX(s))) == NULL) |
| 1410 | 1858 | return(NULL); | |
| 1411 | /* This copies version, session-id, SSL_METHOD and 'cert' */ | 1859 | |
| 1412 | SSL_copy_session_id(ret,s); | 1860 | ret->version = s->version; |
| 1861 | ret->type = s->type; | ||
| 1862 | ret->method = s->method; | ||
| 1863 | |||
| 1864 | if (s->session != NULL) | ||
| 1865 | { | ||
| 1866 | /* This copies session-id, SSL_METHOD, sid_ctx, and 'cert' */ | ||
| 1867 | SSL_copy_session_id(ret,s); | ||
| 1868 | } | ||
| 1869 | else | ||
| 1870 | { | ||
| 1871 | /* No session has been established yet, so we have to expect | ||
| 1872 | * that s->cert or ret->cert will be changed later -- | ||
| 1873 | * they should not both point to the same object, | ||
| 1874 | * and thus we can't use SSL_copy_session_id. */ | ||
| 1413 | 1875 | ||
| 1876 | ret->method = s->method; | ||
| 1877 | ret->method->ssl_new(ret); | ||
| 1878 | |||
| 1879 | if (s->cert != NULL) | ||
| 1880 | { | ||
| 1881 | if (ret->cert != NULL) | ||
| 1882 | { | ||
| 1883 | ssl_cert_free(ret->cert); | ||
| 1884 | } | ||
| 1885 | ret->cert = ssl_cert_dup(s->cert); | ||
| 1886 | if (ret->cert == NULL) | ||
| 1887 | goto err; | ||
| 1888 | } | ||
| 1889 | |||
| 1890 | SSL_set_session_id_context(ret, | ||
| 1891 | s->sid_ctx, s->sid_ctx_length); | ||
| 1892 | } | ||
| 1893 | |||
| 1894 | ret->options=s->options; | ||
| 1895 | ret->mode=s->mode; | ||
| 1896 | SSL_set_max_cert_list(ret,SSL_get_max_cert_list(s)); | ||
| 1414 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); | 1897 | SSL_set_read_ahead(ret,SSL_get_read_ahead(s)); |
| 1898 | ret->msg_callback = s->msg_callback; | ||
| 1899 | ret->msg_callback_arg = s->msg_callback_arg; | ||
| 1415 | SSL_set_verify(ret,SSL_get_verify_mode(s), | 1900 | SSL_set_verify(ret,SSL_get_verify_mode(s), |
| 1416 | SSL_get_verify_callback(s)); | 1901 | SSL_get_verify_callback(s)); |
| 1902 | SSL_set_verify_depth(ret,SSL_get_verify_depth(s)); | ||
| 1903 | ret->generate_session_id = s->generate_session_id; | ||
| 1417 | 1904 | ||
| 1418 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); | 1905 | SSL_set_info_callback(ret,SSL_get_info_callback(s)); |
| 1419 | 1906 | ||
| 1420 | ret->debug=s->debug; | 1907 | ret->debug=s->debug; |
| 1421 | ret->options=s->options; | ||
| 1422 | 1908 | ||
| 1423 | /* copy app data, a little dangerous perhaps */ | 1909 | /* copy app data, a little dangerous perhaps */ |
| 1424 | if (!CRYPTO_dup_ex_data(ssl_meth,&ret->ex_data,&s->ex_data)) | 1910 | if (!CRYPTO_dup_ex_data(CRYPTO_EX_INDEX_SSL, &ret->ex_data, &s->ex_data)) |
| 1425 | goto err; | 1911 | goto err; |
| 1426 | 1912 | ||
| 1427 | /* setup rbio, and wbio */ | 1913 | /* setup rbio, and wbio */ |
| @@ -1440,27 +1926,40 @@ SSL *s; | |||
| 1440 | else | 1926 | else |
| 1441 | ret->wbio=ret->rbio; | 1927 | ret->wbio=ret->rbio; |
| 1442 | } | 1928 | } |
| 1929 | ret->rwstate = s->rwstate; | ||
| 1930 | ret->in_handshake = s->in_handshake; | ||
| 1931 | ret->handshake_func = s->handshake_func; | ||
| 1932 | ret->server = s->server; | ||
| 1933 | ret->new_session = s->new_session; | ||
| 1934 | ret->quiet_shutdown = s->quiet_shutdown; | ||
| 1935 | ret->shutdown=s->shutdown; | ||
| 1936 | ret->state=s->state; /* SSL_dup does not really work at any state, though */ | ||
| 1937 | ret->rstate=s->rstate; | ||
| 1938 | ret->init_num = 0; /* would have to copy ret->init_buf, ret->init_msg, ret->init_num, ret->init_off */ | ||
| 1939 | ret->hit=s->hit; | ||
| 1940 | ret->purpose=s->purpose; | ||
| 1941 | ret->trust=s->trust; | ||
| 1443 | 1942 | ||
| 1444 | /* dup the cipher_list and cipher_list_by_id stacks */ | 1943 | /* dup the cipher_list and cipher_list_by_id stacks */ |
| 1445 | if (s->cipher_list != NULL) | 1944 | if (s->cipher_list != NULL) |
| 1446 | { | 1945 | { |
| 1447 | if ((ret->cipher_list=sk_dup(s->cipher_list)) == NULL) | 1946 | if ((ret->cipher_list=sk_SSL_CIPHER_dup(s->cipher_list)) == NULL) |
| 1448 | goto err; | 1947 | goto err; |
| 1449 | } | 1948 | } |
| 1450 | if (s->cipher_list_by_id != NULL) | 1949 | if (s->cipher_list_by_id != NULL) |
| 1451 | if ((ret->cipher_list_by_id=sk_dup(s->cipher_list_by_id)) | 1950 | if ((ret->cipher_list_by_id=sk_SSL_CIPHER_dup(s->cipher_list_by_id)) |
| 1452 | == NULL) | 1951 | == NULL) |
| 1453 | goto err; | 1952 | goto err; |
| 1454 | 1953 | ||
| 1455 | /* Dup the client_CA list */ | 1954 | /* Dup the client_CA list */ |
| 1456 | if (s->client_CA != NULL) | 1955 | if (s->client_CA != NULL) |
| 1457 | { | 1956 | { |
| 1458 | if ((sk=sk_dup(s->client_CA)) == NULL) goto err; | 1957 | if ((sk=sk_X509_NAME_dup(s->client_CA)) == NULL) goto err; |
| 1459 | ret->client_CA=sk; | 1958 | ret->client_CA=sk; |
| 1460 | for (i=0; i<sk_num(sk); i++) | 1959 | for (i=0; i<sk_X509_NAME_num(sk); i++) |
| 1461 | { | 1960 | { |
| 1462 | xn=(X509_NAME *)sk_value(sk,i); | 1961 | xn=sk_X509_NAME_value(sk,i); |
| 1463 | if ((sk_value(sk,i)=(char *)X509_NAME_dup(xn)) == NULL) | 1962 | if (sk_X509_NAME_set(sk,i,X509_NAME_dup(xn)) == NULL) |
| 1464 | { | 1963 | { |
| 1465 | X509_NAME_free(xn); | 1964 | X509_NAME_free(xn); |
| 1466 | goto err; | 1965 | goto err; |
| @@ -1468,10 +1967,6 @@ SSL *s; | |||
| 1468 | } | 1967 | } |
| 1469 | } | 1968 | } |
| 1470 | 1969 | ||
| 1471 | ret->shutdown=s->shutdown; | ||
| 1472 | ret->state=s->state; | ||
| 1473 | ret->handshake_func=s->handshake_func; | ||
| 1474 | |||
| 1475 | if (0) | 1970 | if (0) |
| 1476 | { | 1971 | { |
| 1477 | err: | 1972 | err: |
| @@ -1481,26 +1976,34 @@ err: | |||
| 1481 | return(ret); | 1976 | return(ret); |
| 1482 | } | 1977 | } |
| 1483 | 1978 | ||
| 1484 | void ssl_clear_cipher_ctx(s) | 1979 | void ssl_clear_cipher_ctx(SSL *s) |
| 1485 | SSL *s; | ||
| 1486 | { | 1980 | { |
| 1487 | if (s->enc_read_ctx != NULL) | 1981 | if (s->enc_read_ctx != NULL) |
| 1488 | { | 1982 | { |
| 1489 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); | 1983 | EVP_CIPHER_CTX_cleanup(s->enc_read_ctx); |
| 1490 | Free(s->enc_read_ctx); | 1984 | OPENSSL_free(s->enc_read_ctx); |
| 1491 | s->enc_read_ctx=NULL; | 1985 | s->enc_read_ctx=NULL; |
| 1492 | } | 1986 | } |
| 1493 | if (s->enc_write_ctx != NULL) | 1987 | if (s->enc_write_ctx != NULL) |
| 1494 | { | 1988 | { |
| 1495 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); | 1989 | EVP_CIPHER_CTX_cleanup(s->enc_write_ctx); |
| 1496 | Free(s->enc_write_ctx); | 1990 | OPENSSL_free(s->enc_write_ctx); |
| 1497 | s->enc_write_ctx=NULL; | 1991 | s->enc_write_ctx=NULL; |
| 1498 | } | 1992 | } |
| 1993 | if (s->expand != NULL) | ||
| 1994 | { | ||
| 1995 | COMP_CTX_free(s->expand); | ||
| 1996 | s->expand=NULL; | ||
| 1997 | } | ||
| 1998 | if (s->compress != NULL) | ||
| 1999 | { | ||
| 2000 | COMP_CTX_free(s->compress); | ||
| 2001 | s->compress=NULL; | ||
| 2002 | } | ||
| 1499 | } | 2003 | } |
| 1500 | 2004 | ||
| 1501 | /* Fix this function so that it takes an optional type parameter */ | 2005 | /* Fix this function so that it takes an optional type parameter */ |
| 1502 | X509 *SSL_get_certificate(s) | 2006 | X509 *SSL_get_certificate(SSL *s) |
| 1503 | SSL *s; | ||
| 1504 | { | 2007 | { |
| 1505 | if (s->cert != NULL) | 2008 | if (s->cert != NULL) |
| 1506 | return(s->cert->key->x509); | 2009 | return(s->cert->key->x509); |
| @@ -1509,8 +2012,7 @@ SSL *s; | |||
| 1509 | } | 2012 | } |
| 1510 | 2013 | ||
| 1511 | /* Fix this function so that it takes an optional type parameter */ | 2014 | /* Fix this function so that it takes an optional type parameter */ |
| 1512 | EVP_PKEY *SSL_get_privatekey(s) | 2015 | EVP_PKEY *SSL_get_privatekey(SSL *s) |
| 1513 | SSL *s; | ||
| 1514 | { | 2016 | { |
| 1515 | if (s->cert != NULL) | 2017 | if (s->cert != NULL) |
| 1516 | return(s->cert->key->privatekey); | 2018 | return(s->cert->key->privatekey); |
| @@ -1518,17 +2020,14 @@ SSL *s; | |||
| 1518 | return(NULL); | 2020 | return(NULL); |
| 1519 | } | 2021 | } |
| 1520 | 2022 | ||
| 1521 | SSL_CIPHER *SSL_get_current_cipher(s) | 2023 | SSL_CIPHER *SSL_get_current_cipher(SSL *s) |
| 1522 | SSL *s; | ||
| 1523 | { | 2024 | { |
| 1524 | if ((s->session != NULL) && (s->session->cipher != NULL)) | 2025 | if ((s->session != NULL) && (s->session->cipher != NULL)) |
| 1525 | return(s->session->cipher); | 2026 | return(s->session->cipher); |
| 1526 | return(NULL); | 2027 | return(NULL); |
| 1527 | } | 2028 | } |
| 1528 | 2029 | ||
| 1529 | int ssl_init_wbio_buffer(s,push) | 2030 | int ssl_init_wbio_buffer(SSL *s,int push) |
| 1530 | SSL *s; | ||
| 1531 | int push; | ||
| 1532 | { | 2031 | { |
| 1533 | BIO *bbio; | 2032 | BIO *bbio; |
| 1534 | 2033 | ||
| @@ -1544,7 +2043,7 @@ int push; | |||
| 1544 | if (s->bbio == s->wbio) | 2043 | if (s->bbio == s->wbio) |
| 1545 | s->wbio=BIO_pop(s->wbio); | 2044 | s->wbio=BIO_pop(s->wbio); |
| 1546 | } | 2045 | } |
| 1547 | BIO_reset(bbio); | 2046 | (void)BIO_reset(bbio); |
| 1548 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ | 2047 | /* if (!BIO_set_write_buffer_size(bbio,16*1024)) */ |
| 1549 | if (!BIO_set_read_buffer_size(bbio,1)) | 2048 | if (!BIO_set_read_buffer_size(bbio,1)) |
| 1550 | { | 2049 | { |
| @@ -1563,159 +2062,230 @@ int push; | |||
| 1563 | } | 2062 | } |
| 1564 | return(1); | 2063 | return(1); |
| 1565 | } | 2064 | } |
| 2065 | |||
| 2066 | void ssl_free_wbio_buffer(SSL *s) | ||
| 2067 | { | ||
| 2068 | if (s->bbio == NULL) return; | ||
| 2069 | |||
| 2070 | if (s->bbio == s->wbio) | ||
| 2071 | { | ||
| 2072 | /* remove buffering */ | ||
| 2073 | s->wbio=BIO_pop(s->wbio); | ||
| 2074 | #ifdef REF_CHECK /* not the usual REF_CHECK, but this avoids adding one more preprocessor symbol */ | ||
| 2075 | assert(s->wbio != NULL); | ||
| 2076 | #endif | ||
| 2077 | } | ||
| 2078 | BIO_free(s->bbio); | ||
| 2079 | s->bbio=NULL; | ||
| 2080 | } | ||
| 1566 | 2081 | ||
| 1567 | void SSL_CTX_set_quiet_shutdown(ctx,mode) | 2082 | void SSL_CTX_set_quiet_shutdown(SSL_CTX *ctx,int mode) |
| 1568 | SSL_CTX *ctx; | ||
| 1569 | int mode; | ||
| 1570 | { | 2083 | { |
| 1571 | ctx->quiet_shutdown=mode; | 2084 | ctx->quiet_shutdown=mode; |
| 1572 | } | 2085 | } |
| 1573 | 2086 | ||
| 1574 | int SSL_CTX_get_quiet_shutdown(ctx) | 2087 | int SSL_CTX_get_quiet_shutdown(SSL_CTX *ctx) |
| 1575 | SSL_CTX *ctx; | ||
| 1576 | { | 2088 | { |
| 1577 | return(ctx->quiet_shutdown); | 2089 | return(ctx->quiet_shutdown); |
| 1578 | } | 2090 | } |
| 1579 | 2091 | ||
| 1580 | void SSL_set_quiet_shutdown(s,mode) | 2092 | void SSL_set_quiet_shutdown(SSL *s,int mode) |
| 1581 | SSL *s; | ||
| 1582 | int mode; | ||
| 1583 | { | 2093 | { |
| 1584 | s->quiet_shutdown=mode; | 2094 | s->quiet_shutdown=mode; |
| 1585 | } | 2095 | } |
| 1586 | 2096 | ||
| 1587 | int SSL_get_quiet_shutdown(s) | 2097 | int SSL_get_quiet_shutdown(SSL *s) |
| 1588 | SSL *s; | ||
| 1589 | { | 2098 | { |
| 1590 | return(s->quiet_shutdown); | 2099 | return(s->quiet_shutdown); |
| 1591 | } | 2100 | } |
| 1592 | 2101 | ||
| 1593 | void SSL_set_shutdown(s,mode) | 2102 | void SSL_set_shutdown(SSL *s,int mode) |
| 1594 | SSL *s; | ||
| 1595 | int mode; | ||
| 1596 | { | 2103 | { |
| 1597 | s->shutdown=mode; | 2104 | s->shutdown=mode; |
| 1598 | } | 2105 | } |
| 1599 | 2106 | ||
| 1600 | int SSL_get_shutdown(s) | 2107 | int SSL_get_shutdown(SSL *s) |
| 1601 | SSL *s; | ||
| 1602 | { | 2108 | { |
| 1603 | return(s->shutdown); | 2109 | return(s->shutdown); |
| 1604 | } | 2110 | } |
| 1605 | 2111 | ||
| 1606 | int SSL_version(s) | 2112 | int SSL_version(SSL *s) |
| 1607 | SSL *s; | ||
| 1608 | { | 2113 | { |
| 1609 | return(s->version); | 2114 | return(s->version); |
| 1610 | } | 2115 | } |
| 1611 | 2116 | ||
| 1612 | SSL_CTX *SSL_get_SSL_CTX(ssl) | 2117 | SSL_CTX *SSL_get_SSL_CTX(SSL *ssl) |
| 1613 | SSL *ssl; | ||
| 1614 | { | 2118 | { |
| 1615 | return(ssl->ctx); | 2119 | return(ssl->ctx); |
| 1616 | } | 2120 | } |
| 1617 | 2121 | ||
| 1618 | int SSL_CTX_set_default_verify_paths(ctx) | 2122 | #ifndef OPENSSL_NO_STDIO |
| 1619 | SSL_CTX *ctx; | 2123 | int SSL_CTX_set_default_verify_paths(SSL_CTX *ctx) |
| 1620 | { | 2124 | { |
| 1621 | return(X509_STORE_set_default_paths(ctx->cert_store)); | 2125 | return(X509_STORE_set_default_paths(ctx->cert_store)); |
| 1622 | } | 2126 | } |
| 1623 | 2127 | ||
| 1624 | int SSL_CTX_load_verify_locations(ctx,CAfile,CApath) | 2128 | int SSL_CTX_load_verify_locations(SSL_CTX *ctx, const char *CAfile, |
| 1625 | SSL_CTX *ctx; | 2129 | const char *CApath) |
| 1626 | char *CAfile; | ||
| 1627 | char *CApath; | ||
| 1628 | { | 2130 | { |
| 1629 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); | 2131 | return(X509_STORE_load_locations(ctx->cert_store,CAfile,CApath)); |
| 1630 | } | 2132 | } |
| 2133 | #endif | ||
| 1631 | 2134 | ||
| 1632 | void SSL_set_info_callback(ssl,cb) | 2135 | void SSL_set_info_callback(SSL *ssl, |
| 1633 | SSL *ssl; | 2136 | void (*cb)(const SSL *ssl,int type,int val)) |
| 1634 | void (*cb)(); | ||
| 1635 | { | 2137 | { |
| 1636 | ssl->info_callback=cb; | 2138 | ssl->info_callback=cb; |
| 1637 | } | 2139 | } |
| 1638 | 2140 | ||
| 1639 | void (*SSL_get_info_callback(ssl))() | 2141 | void (*SSL_get_info_callback(SSL *ssl))(const SSL *ssl,int type,int val) |
| 1640 | SSL *ssl; | ||
| 1641 | { | 2142 | { |
| 1642 | return(ssl->info_callback); | 2143 | return ssl->info_callback; |
| 1643 | } | 2144 | } |
| 1644 | 2145 | ||
| 1645 | int SSL_state(ssl) | 2146 | int SSL_state(SSL *ssl) |
| 1646 | SSL *ssl; | ||
| 1647 | { | 2147 | { |
| 1648 | return(ssl->state); | 2148 | return(ssl->state); |
| 1649 | } | 2149 | } |
| 1650 | 2150 | ||
| 1651 | void SSL_set_verify_result(ssl,arg) | 2151 | void SSL_set_verify_result(SSL *ssl,long arg) |
| 1652 | SSL *ssl; | ||
| 1653 | long arg; | ||
| 1654 | { | 2152 | { |
| 1655 | ssl->verify_result=arg; | 2153 | ssl->verify_result=arg; |
| 1656 | } | 2154 | } |
| 1657 | 2155 | ||
| 1658 | long SSL_get_verify_result(ssl) | 2156 | long SSL_get_verify_result(SSL *ssl) |
| 1659 | SSL *ssl; | ||
| 1660 | { | 2157 | { |
| 1661 | return(ssl->verify_result); | 2158 | return(ssl->verify_result); |
| 1662 | } | 2159 | } |
| 1663 | 2160 | ||
| 1664 | int SSL_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 2161 | int SSL_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, |
| 1665 | long argl; | 2162 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) |
| 1666 | char *argp; | 2163 | { |
| 1667 | int (*new_func)(); | 2164 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL, argl, argp, |
| 1668 | int (*dup_func)(); | 2165 | new_func, dup_func, free_func); |
| 1669 | void (*free_func)(); | 2166 | } |
| 1670 | { | ||
| 1671 | ssl_meth_num++; | ||
| 1672 | return(CRYPTO_get_ex_new_index(ssl_meth_num-1, | ||
| 1673 | &ssl_meth,argl,argp,new_func,dup_func,free_func)); | ||
| 1674 | } | ||
| 1675 | 2167 | ||
| 1676 | int SSL_set_ex_data(s,idx,arg) | 2168 | int SSL_set_ex_data(SSL *s,int idx,void *arg) |
| 1677 | SSL *s; | ||
| 1678 | int idx; | ||
| 1679 | char *arg; | ||
| 1680 | { | 2169 | { |
| 1681 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 2170 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); |
| 1682 | } | 2171 | } |
| 1683 | 2172 | ||
| 1684 | char *SSL_get_ex_data(s,idx) | 2173 | void *SSL_get_ex_data(SSL *s,int idx) |
| 1685 | SSL *s; | ||
| 1686 | int idx; | ||
| 1687 | { | 2174 | { |
| 1688 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 2175 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); |
| 1689 | } | 2176 | } |
| 1690 | 2177 | ||
| 1691 | int SSL_CTX_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 2178 | int SSL_CTX_get_ex_new_index(long argl,void *argp,CRYPTO_EX_new *new_func, |
| 1692 | long argl; | 2179 | CRYPTO_EX_dup *dup_func,CRYPTO_EX_free *free_func) |
| 1693 | char *argp; | 2180 | { |
| 1694 | int (*new_func)(); | 2181 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_CTX, argl, argp, |
| 1695 | int (*dup_func)(); | 2182 | new_func, dup_func, free_func); |
| 1696 | void (*free_func)(); | 2183 | } |
| 1697 | { | ||
| 1698 | ssl_ctx_meth_num++; | ||
| 1699 | return(CRYPTO_get_ex_new_index(ssl_ctx_meth_num-1, | ||
| 1700 | &ssl_ctx_meth,argl,argp,new_func,dup_func,free_func)); | ||
| 1701 | } | ||
| 1702 | 2184 | ||
| 1703 | int SSL_CTX_set_ex_data(s,idx,arg) | 2185 | int SSL_CTX_set_ex_data(SSL_CTX *s,int idx,void *arg) |
| 1704 | SSL_CTX *s; | ||
| 1705 | int idx; | ||
| 1706 | char *arg; | ||
| 1707 | { | 2186 | { |
| 1708 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 2187 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); |
| 1709 | } | 2188 | } |
| 1710 | 2189 | ||
| 1711 | char *SSL_CTX_get_ex_data(s,idx) | 2190 | void *SSL_CTX_get_ex_data(SSL_CTX *s,int idx) |
| 1712 | SSL_CTX *s; | ||
| 1713 | int idx; | ||
| 1714 | { | 2191 | { |
| 1715 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 2192 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); |
| 1716 | } | 2193 | } |
| 1717 | 2194 | ||
| 1718 | #if defined(_WINDLL) && defined(WIN16) | 2195 | int ssl_ok(SSL *s) |
| 2196 | { | ||
| 2197 | return(1); | ||
| 2198 | } | ||
| 2199 | |||
| 2200 | X509_STORE *SSL_CTX_get_cert_store(SSL_CTX *ctx) | ||
| 2201 | { | ||
| 2202 | return(ctx->cert_store); | ||
| 2203 | } | ||
| 2204 | |||
| 2205 | void SSL_CTX_set_cert_store(SSL_CTX *ctx,X509_STORE *store) | ||
| 2206 | { | ||
| 2207 | if (ctx->cert_store != NULL) | ||
| 2208 | X509_STORE_free(ctx->cert_store); | ||
| 2209 | ctx->cert_store=store; | ||
| 2210 | } | ||
| 2211 | |||
| 2212 | int SSL_want(SSL *s) | ||
| 2213 | { | ||
| 2214 | return(s->rwstate); | ||
| 2215 | } | ||
| 2216 | |||
| 2217 | /*! | ||
| 2218 | * \brief Set the callback for generating temporary RSA keys. | ||
| 2219 | * \param ctx the SSL context. | ||
| 2220 | * \param cb the callback | ||
| 2221 | */ | ||
| 2222 | |||
| 2223 | #ifndef OPENSSL_NO_RSA | ||
| 2224 | void SSL_CTX_set_tmp_rsa_callback(SSL_CTX *ctx,RSA *(*cb)(SSL *ssl, | ||
| 2225 | int is_export, | ||
| 2226 | int keylength)) | ||
| 2227 | { | ||
| 2228 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | ||
| 2229 | } | ||
| 2230 | |||
| 2231 | void SSL_set_tmp_rsa_callback(SSL *ssl,RSA *(*cb)(SSL *ssl, | ||
| 2232 | int is_export, | ||
| 2233 | int keylength)) | ||
| 2234 | { | ||
| 2235 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_RSA_CB,(void (*)())cb); | ||
| 2236 | } | ||
| 2237 | #endif | ||
| 2238 | |||
| 2239 | #ifdef DOXYGEN | ||
| 2240 | /*! | ||
| 2241 | * \brief The RSA temporary key callback function. | ||
| 2242 | * \param ssl the SSL session. | ||
| 2243 | * \param is_export \c TRUE if the temp RSA key is for an export ciphersuite. | ||
| 2244 | * \param keylength if \c is_export is \c TRUE, then \c keylength is the size | ||
| 2245 | * of the required key in bits. | ||
| 2246 | * \return the temporary RSA key. | ||
| 2247 | * \sa SSL_CTX_set_tmp_rsa_callback, SSL_set_tmp_rsa_callback | ||
| 2248 | */ | ||
| 2249 | |||
| 2250 | RSA *cb(SSL *ssl,int is_export,int keylength) | ||
| 2251 | {} | ||
| 2252 | #endif | ||
| 2253 | |||
| 2254 | /*! | ||
| 2255 | * \brief Set the callback for generating temporary DH keys. | ||
| 2256 | * \param ctx the SSL context. | ||
| 2257 | * \param dh the callback | ||
| 2258 | */ | ||
| 2259 | |||
| 2260 | #ifndef OPENSSL_NO_DH | ||
| 2261 | void SSL_CTX_set_tmp_dh_callback(SSL_CTX *ctx,DH *(*dh)(SSL *ssl,int is_export, | ||
| 2262 | int keylength)) | ||
| 2263 | { | ||
| 2264 | SSL_CTX_callback_ctrl(ctx,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | ||
| 2265 | } | ||
| 2266 | |||
| 2267 | void SSL_set_tmp_dh_callback(SSL *ssl,DH *(*dh)(SSL *ssl,int is_export, | ||
| 2268 | int keylength)) | ||
| 2269 | { | ||
| 2270 | SSL_callback_ctrl(ssl,SSL_CTRL_SET_TMP_DH_CB,(void (*)())dh); | ||
| 2271 | } | ||
| 2272 | #endif | ||
| 2273 | |||
| 2274 | |||
| 2275 | void SSL_CTX_set_msg_callback(SSL_CTX *ctx, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 2276 | { | ||
| 2277 | SSL_CTX_callback_ctrl(ctx, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | ||
| 2278 | } | ||
| 2279 | void SSL_set_msg_callback(SSL *ssl, void (*cb)(int write_p, int version, int content_type, const void *buf, size_t len, SSL *ssl, void *arg)) | ||
| 2280 | { | ||
| 2281 | SSL_callback_ctrl(ssl, SSL_CTRL_SET_MSG_CALLBACK, (void (*)())cb); | ||
| 2282 | } | ||
| 2283 | |||
| 2284 | |||
| 2285 | |||
| 2286 | #if defined(_WINDLL) && defined(OPENSSL_SYS_WIN16) | ||
| 1719 | #include "../crypto/bio/bss_file.c" | 2287 | #include "../crypto/bio/bss_file.c" |
| 1720 | #endif | 2288 | #endif |
| 1721 | 2289 | ||
| 2290 | IMPLEMENT_STACK_OF(SSL_CIPHER) | ||
| 2291 | IMPLEMENT_STACK_OF(SSL_COMP) | ||
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index b29517081b..17e9bef832 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h | |||
| @@ -55,6 +55,59 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2001 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #ifndef HEADER_SSL_LOCL_H | 112 | #ifndef HEADER_SSL_LOCL_H |
| 60 | #define HEADER_SSL_LOCL_H | 113 | #define HEADER_SSL_LOCL_H |
| @@ -65,15 +118,23 @@ | |||
| 65 | 118 | ||
| 66 | #include "e_os.h" | 119 | #include "e_os.h" |
| 67 | 120 | ||
| 68 | #include "buffer.h" | 121 | #include <openssl/buffer.h> |
| 69 | #include "bio.h" | 122 | #include <openssl/comp.h> |
| 70 | #include "crypto.h" | 123 | #include <openssl/bio.h> |
| 71 | #include "evp.h" | 124 | #include <openssl/crypto.h> |
| 72 | #include "stack.h" | 125 | #include <openssl/evp.h> |
| 73 | #include "x509.h" | 126 | #include <openssl/stack.h> |
| 74 | #include "err.h" | 127 | #include <openssl/x509.h> |
| 75 | #include "ssl.h" | 128 | #include <openssl/err.h> |
| 129 | #include <openssl/ssl.h> | ||
| 130 | #include <openssl/symhacks.h> | ||
| 131 | |||
| 132 | #ifdef OPENSSL_BUILD_SHLIBSSL | ||
| 133 | # undef OPENSSL_EXTERN | ||
| 134 | # define OPENSSL_EXTERN OPENSSL_EXPORT | ||
| 135 | #endif | ||
| 76 | 136 | ||
| 137 | #define PKCS1_CHECK | ||
| 77 | 138 | ||
| 78 | #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ | 139 | #define c2l(c,l) (l = ((unsigned long)(*((c)++))) , \ |
| 79 | l|=(((unsigned long)(*((c)++)))<< 8), \ | 140 | l|=(((unsigned long)(*((c)++)))<< 8), \ |
| @@ -126,18 +187,18 @@ | |||
| 126 | } \ | 187 | } \ |
| 127 | } | 188 | } |
| 128 | 189 | ||
| 129 | #define n2s(c,s) (s =((unsigned int)(*((c)++)))<< 8, \ | 190 | #define n2s(c,s) ((s=(((unsigned int)(c[0]))<< 8)| \ |
| 130 | s|=((unsigned int)(*((c)++)))) | 191 | (((unsigned int)(c[1])) )),c+=2) |
| 131 | #define s2n(s,c) (*((c)++)=(unsigned char)(((s)>> 8)&0xff), \ | 192 | #define s2n(s,c) ((c[0]=(unsigned char)(((s)>> 8)&0xff), \ |
| 132 | *((c)++)=(unsigned char)(((s) )&0xff)) | 193 | c[1]=(unsigned char)(((s) )&0xff)),c+=2) |
| 133 | 194 | ||
| 134 | #define n2l3(c,l) (l =((unsigned long)(*((c)++)))<<16, \ | 195 | #define n2l3(c,l) ((l =(((unsigned long)(c[0]))<<16)| \ |
| 135 | l|=((unsigned long)(*((c)++)))<< 8, \ | 196 | (((unsigned long)(c[1]))<< 8)| \ |
| 136 | l|=((unsigned long)(*((c)++)))) | 197 | (((unsigned long)(c[2])) )),c+=3) |
| 137 | 198 | ||
| 138 | #define l2n3(l,c) (*((c)++)=(unsigned char)(((l)>>16)&0xff), \ | 199 | #define l2n3(l,c) ((c[0]=(unsigned char)(((l)>>16)&0xff), \ |
| 139 | *((c)++)=(unsigned char)(((l)>> 8)&0xff), \ | 200 | c[1]=(unsigned char)(((l)>> 8)&0xff), \ |
| 140 | *((c)++)=(unsigned char)(((l) )&0xff)) | 201 | c[2]=(unsigned char)(((l) )&0xff)),c+=3) |
| 141 | 202 | ||
| 142 | /* LOCAL STUFF */ | 203 | /* LOCAL STUFF */ |
| 143 | 204 | ||
| @@ -153,60 +214,128 @@ | |||
| 153 | #define DEC32(a) ((a)=((a)-1)&0xffffffffL) | 214 | #define DEC32(a) ((a)=((a)-1)&0xffffffffL) |
| 154 | #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ | 215 | #define MAX_MAC_SIZE 20 /* up from 16 for SSLv3 */ |
| 155 | 216 | ||
| 156 | #define SSL_MKEY_MASK 0x0000001FL | 217 | /* |
| 218 | * Define the Bitmasks for SSL_CIPHER.algorithms. | ||
| 219 | * This bits are used packed as dense as possible. If new methods/ciphers | ||
| 220 | * etc will be added, the bits a likely to change, so this information | ||
| 221 | * is for internal library use only, even though SSL_CIPHER.algorithms | ||
| 222 | * can be publicly accessed. | ||
| 223 | * Use the according functions for cipher management instead. | ||
| 224 | * | ||
| 225 | * The bit mask handling in the selection and sorting scheme in | ||
| 226 | * ssl_create_cipher_list() has only limited capabilities, reflecting | ||
| 227 | * that the different entities within are mutually exclusive: | ||
| 228 | * ONLY ONE BIT PER MASK CAN BE SET AT A TIME. | ||
| 229 | */ | ||
| 230 | #define SSL_MKEY_MASK 0x0000003FL | ||
| 157 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ | 231 | #define SSL_kRSA 0x00000001L /* RSA key exchange */ |
| 158 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ | 232 | #define SSL_kDHr 0x00000002L /* DH cert RSA CA cert */ |
| 159 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ | 233 | #define SSL_kDHd 0x00000004L /* DH cert DSA CA cert */ |
| 160 | #define SSL_kFZA 0x00000008L | 234 | #define SSL_kFZA 0x00000008L |
| 161 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ | 235 | #define SSL_kEDH 0x00000010L /* tmp DH key no DH cert */ |
| 236 | #define SSL_kKRB5 0x00000020L /* Kerberos5 key exchange */ | ||
| 162 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) | 237 | #define SSL_EDH (SSL_kEDH|(SSL_AUTH_MASK^SSL_aNULL)) |
| 163 | 238 | ||
| 164 | #define SSL_AUTH_MASK 0x000003e0L | 239 | #define SSL_AUTH_MASK 0x00000FC0L |
| 165 | #define SSL_aRSA 0x00000020L /* Authenticate with RSA */ | 240 | #define SSL_aRSA 0x00000040L /* Authenticate with RSA */ |
| 166 | #define SSL_aDSS 0x00000040L /* Authenticate with DSS */ | 241 | #define SSL_aDSS 0x00000080L /* Authenticate with DSS */ |
| 167 | #define SSL_DSS SSL_aDSS | 242 | #define SSL_DSS SSL_aDSS |
| 168 | #define SSL_aFZA 0x00000080L | 243 | #define SSL_aFZA 0x00000100L |
| 169 | #define SSL_aNULL 0x00000100L /* no Authenticate, ADH */ | 244 | #define SSL_aNULL 0x00000200L /* no Authenticate, ADH */ |
| 170 | #define SSL_aDH 0x00000200L /* no Authenticate, ADH */ | 245 | #define SSL_aDH 0x00000400L /* no Authenticate, ADH */ |
| 246 | #define SSL_aKRB5 0x00000800L /* Authenticate with KRB5 */ | ||
| 171 | 247 | ||
| 172 | #define SSL_NULL (SSL_eNULL) | 248 | #define SSL_NULL (SSL_eNULL) |
| 173 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) | 249 | #define SSL_ADH (SSL_kEDH|SSL_aNULL) |
| 174 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) | 250 | #define SSL_RSA (SSL_kRSA|SSL_aRSA) |
| 175 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) | 251 | #define SSL_DH (SSL_kDHr|SSL_kDHd|SSL_kEDH) |
| 176 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) | 252 | #define SSL_FZA (SSL_aFZA|SSL_kFZA|SSL_eFZA) |
| 177 | 253 | #define SSL_KRB5 (SSL_kKRB5|SSL_aKRB5) | |
| 178 | #define SSL_ENC_MASK 0x0001Fc00L | 254 | |
| 179 | #define SSL_DES 0x00000400L | 255 | #define SSL_ENC_MASK 0x0087F000L |
| 180 | #define SSL_3DES 0x00000800L | 256 | #define SSL_DES 0x00001000L |
| 181 | #define SSL_RC4 0x00001000L | 257 | #define SSL_3DES 0x00002000L |
| 182 | #define SSL_RC2 0x00002000L | 258 | #define SSL_RC4 0x00004000L |
| 183 | #define SSL_IDEA 0x00004000L | 259 | #define SSL_RC2 0x00008000L |
| 184 | #define SSL_eFZA 0x00008000L | 260 | #define SSL_IDEA 0x00010000L |
| 185 | #define SSL_eNULL 0x00010000L | 261 | #define SSL_eFZA 0x00020000L |
| 186 | 262 | #define SSL_eNULL 0x00040000L | |
| 187 | #define SSL_MAC_MASK 0x00060000L | 263 | #define SSL_AES 0x00800000L |
| 188 | #define SSL_MD5 0x00020000L | 264 | |
| 189 | #define SSL_SHA1 0x00040000L | 265 | #define SSL_MAC_MASK 0x00180000L |
| 266 | #define SSL_MD5 0x00080000L | ||
| 267 | #define SSL_SHA1 0x00100000L | ||
| 190 | #define SSL_SHA (SSL_SHA1) | 268 | #define SSL_SHA (SSL_SHA1) |
| 191 | 269 | ||
| 192 | #define SSL_EXP_MASK 0x00300000L | 270 | #define SSL_SSL_MASK 0x00600000L |
| 193 | #define SSL_EXP 0x00100000L | 271 | #define SSL_SSLV2 0x00200000L |
| 194 | #define SSL_NOT_EXP 0x00200000L | 272 | #define SSL_SSLV3 0x00400000L |
| 195 | #define SSL_EXPORT SSL_EXP | 273 | #define SSL_TLSV1 SSL_SSLV3 /* for now */ |
| 196 | 274 | ||
| 197 | #define SSL_SSL_MASK 0x00c00000L | 275 | /* we have used 007fffff - 9 bits left to go */ |
| 198 | #define SSL_SSLV2 0x00400000L | 276 | |
| 199 | #define SSL_SSLV3 0x00800000L | 277 | /* |
| 278 | * Export and cipher strength information. For each cipher we have to decide | ||
| 279 | * whether it is exportable or not. This information is likely to change | ||
| 280 | * over time, since the export control rules are no static technical issue. | ||
| 281 | * | ||
| 282 | * Independent of the export flag the cipher strength is sorted into classes. | ||
| 283 | * SSL_EXP40 was denoting the 40bit US export limit of past times, which now | ||
| 284 | * is at 56bit (SSL_EXP56). If the exportable cipher class is going to change | ||
| 285 | * again (eg. to 64bit) the use of "SSL_EXP*" becomes blurred even more, | ||
| 286 | * since SSL_EXP64 could be similar to SSL_LOW. | ||
| 287 | * For this reason SSL_MICRO and SSL_MINI macros are included to widen the | ||
| 288 | * namespace of SSL_LOW-SSL_HIGH to lower values. As development of speed | ||
| 289 | * and ciphers goes, another extension to SSL_SUPER and/or SSL_ULTRA would | ||
| 290 | * be possible. | ||
| 291 | */ | ||
| 292 | #define SSL_EXP_MASK 0x00000003L | ||
| 293 | #define SSL_NOT_EXP 0x00000001L | ||
| 294 | #define SSL_EXPORT 0x00000002L | ||
| 295 | |||
| 296 | #define SSL_STRONG_MASK 0x0000007cL | ||
| 297 | #define SSL_EXP40 0x00000004L | ||
| 298 | #define SSL_MICRO (SSL_EXP40) | ||
| 299 | #define SSL_EXP56 0x00000008L | ||
| 300 | #define SSL_MINI (SSL_EXP56) | ||
| 301 | #define SSL_LOW 0x00000010L | ||
| 302 | #define SSL_MEDIUM 0x00000020L | ||
| 303 | #define SSL_HIGH 0x00000040L | ||
| 304 | |||
| 305 | /* we have used 0000007f - 25 bits left to go */ | ||
| 306 | |||
| 307 | /* | ||
| 308 | * Macros to check the export status and cipher strength for export ciphers. | ||
| 309 | * Even though the macros for EXPORT and EXPORT40/56 have similar names, | ||
| 310 | * their meaning is different: | ||
| 311 | * *_EXPORT macros check the 'exportable' status. | ||
| 312 | * *_EXPORT40/56 macros are used to check whether a certain cipher strength | ||
| 313 | * is given. | ||
| 314 | * Since the SSL_IS_EXPORT* and SSL_EXPORT* macros depend on the correct | ||
| 315 | * algorithm structure element to be passed (algorithms, algo_strength) and no | ||
| 316 | * typechecking can be done as they are all of type unsigned long, their | ||
| 317 | * direct usage is discouraged. | ||
| 318 | * Use the SSL_C_* macros instead. | ||
| 319 | */ | ||
| 320 | #define SSL_IS_EXPORT(a) ((a)&SSL_EXPORT) | ||
| 321 | #define SSL_IS_EXPORT56(a) ((a)&SSL_EXP56) | ||
| 322 | #define SSL_IS_EXPORT40(a) ((a)&SSL_EXP40) | ||
| 323 | #define SSL_C_IS_EXPORT(c) SSL_IS_EXPORT((c)->algo_strength) | ||
| 324 | #define SSL_C_IS_EXPORT56(c) SSL_IS_EXPORT56((c)->algo_strength) | ||
| 325 | #define SSL_C_IS_EXPORT40(c) SSL_IS_EXPORT40((c)->algo_strength) | ||
| 326 | |||
| 327 | #define SSL_EXPORT_KEYLENGTH(a,s) (SSL_IS_EXPORT40(s) ? 5 : \ | ||
| 328 | ((a)&SSL_ENC_MASK) == SSL_DES ? 8 : 7) | ||
| 329 | #define SSL_EXPORT_PKEYLENGTH(a) (SSL_IS_EXPORT40(a) ? 512 : 1024) | ||
| 330 | #define SSL_C_EXPORT_KEYLENGTH(c) SSL_EXPORT_KEYLENGTH((c)->algorithms, \ | ||
| 331 | (c)->algo_strength) | ||
| 332 | #define SSL_C_EXPORT_PKEYLENGTH(c) SSL_EXPORT_PKEYLENGTH((c)->algo_strength) | ||
| 200 | 333 | ||
| 201 | #define SSL_STRONG_MASK 0x07000000L | ||
| 202 | #define SSL_LOW 0x01000000L | ||
| 203 | #define SSL_MEDIUM 0x02000000L | ||
| 204 | #define SSL_HIGH 0x04000000L | ||
| 205 | 334 | ||
| 206 | /* we have used 0fffffff - 4 bits left to go */ | ||
| 207 | #define SSL_ALL 0xffffffffL | 335 | #define SSL_ALL 0xffffffffL |
| 208 | #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ | 336 | #define SSL_ALL_CIPHERS (SSL_MKEY_MASK|SSL_AUTH_MASK|SSL_ENC_MASK|\ |
| 209 | SSL_MAC_MASK|SSL_EXP_MASK) | 337 | SSL_MAC_MASK) |
| 338 | #define SSL_ALL_STRENGTHS (SSL_EXP_MASK|SSL_STRONG_MASK) | ||
| 210 | 339 | ||
| 211 | /* Mostly for SSLv3 */ | 340 | /* Mostly for SSLv3 */ |
| 212 | #define SSL_PKEY_RSA_ENC 0 | 341 | #define SSL_PKEY_RSA_ENC 0 |
| @@ -233,44 +362,59 @@ | |||
| 233 | typedef struct cert_pkey_st | 362 | typedef struct cert_pkey_st |
| 234 | { | 363 | { |
| 235 | X509 *x509; | 364 | X509 *x509; |
| 236 | /* EVP_PKEY *publickey; *//* when extracted */ | ||
| 237 | EVP_PKEY *privatekey; | 365 | EVP_PKEY *privatekey; |
| 238 | } CERT_PKEY; | 366 | } CERT_PKEY; |
| 239 | 367 | ||
| 240 | typedef struct cert_st | 368 | typedef struct cert_st |
| 241 | { | 369 | { |
| 242 | int cert_type; | ||
| 243 | |||
| 244 | #ifdef undef | ||
| 245 | X509 *x509; | ||
| 246 | EVP_PKEY *publickey; /* when extracted */ | ||
| 247 | EVP_PKEY *privatekey; | ||
| 248 | |||
| 249 | pkeys[SSL_PKEY_RSA_ENC].x509 | ||
| 250 | /* pkeys[SSL_PKEY_RSA_ENC].publickey */ | ||
| 251 | pkeys[SSL_PKEY_RSA_ENC].privatekey | ||
| 252 | #endif | ||
| 253 | |||
| 254 | /* Current active set */ | 370 | /* Current active set */ |
| 255 | CERT_PKEY *key; | 371 | CERT_PKEY *key; /* ALWAYS points to an element of the pkeys array |
| 256 | 372 | * Probably it would make more sense to store | |
| 373 | * an index, not a pointer. */ | ||
| 374 | |||
| 257 | /* The following masks are for the key and auth | 375 | /* The following masks are for the key and auth |
| 258 | * algorithms that are supported by the certs below */ | 376 | * algorithms that are supported by the certs below */ |
| 259 | int valid; | 377 | int valid; |
| 260 | unsigned long mask; | 378 | unsigned long mask; |
| 261 | unsigned long export_mask; | 379 | unsigned long export_mask; |
| 262 | 380 | #ifndef OPENSSL_NO_RSA | |
| 263 | RSA *rsa_tmp; | 381 | RSA *rsa_tmp; |
| 382 | RSA *(*rsa_tmp_cb)(SSL *ssl,int is_export,int keysize); | ||
| 383 | #endif | ||
| 384 | #ifndef OPENSSL_NO_DH | ||
| 264 | DH *dh_tmp; | 385 | DH *dh_tmp; |
| 265 | RSA *(*rsa_tmp_cb)(); | 386 | DH *(*dh_tmp_cb)(SSL *ssl,int is_export,int keysize); |
| 266 | DH *(*dh_tmp_cb)(); | 387 | #endif |
| 267 | CERT_PKEY pkeys[SSL_PKEY_NUM]; | ||
| 268 | 388 | ||
| 269 | STACK *cert_chain; | 389 | CERT_PKEY pkeys[SSL_PKEY_NUM]; |
| 270 | 390 | ||
| 271 | int references; | 391 | int references; /* >1 only if SSL_copy_session_id is used */ |
| 272 | } CERT; | 392 | } CERT; |
| 273 | 393 | ||
| 394 | |||
| 395 | typedef struct sess_cert_st | ||
| 396 | { | ||
| 397 | STACK_OF(X509) *cert_chain; /* as received from peer (not for SSL2) */ | ||
| 398 | |||
| 399 | /* The 'peer_...' members are used only by clients. */ | ||
| 400 | int peer_cert_type; | ||
| 401 | |||
| 402 | CERT_PKEY *peer_key; /* points to an element of peer_pkeys (never NULL!) */ | ||
| 403 | CERT_PKEY peer_pkeys[SSL_PKEY_NUM]; | ||
| 404 | /* Obviously we don't have the private keys of these, | ||
| 405 | * so maybe we shouldn't even use the CERT_PKEY type here. */ | ||
| 406 | |||
| 407 | #ifndef OPENSSL_NO_RSA | ||
| 408 | RSA *peer_rsa_tmp; /* not used for SSL 2 */ | ||
| 409 | #endif | ||
| 410 | #ifndef OPENSSL_NO_DH | ||
| 411 | DH *peer_dh_tmp; /* not used for SSL 2 */ | ||
| 412 | #endif | ||
| 413 | |||
| 414 | int references; /* actually always 1 at the moment */ | ||
| 415 | } SESS_CERT; | ||
| 416 | |||
| 417 | |||
| 274 | /*#define MAC_DEBUG */ | 418 | /*#define MAC_DEBUG */ |
| 275 | 419 | ||
| 276 | /*#define ERR_DEBUG */ | 420 | /*#define ERR_DEBUG */ |
| @@ -282,12 +426,7 @@ typedef struct cert_st | |||
| 282 | /*#define RSA_DEBUG */ | 426 | /*#define RSA_DEBUG */ |
| 283 | /*#define IDEA_DEBUG */ | 427 | /*#define IDEA_DEBUG */ |
| 284 | 428 | ||
| 285 | #ifndef NOPROTO | ||
| 286 | #define FP_ICC (int (*)(const void *,const void *)) | 429 | #define FP_ICC (int (*)(const void *,const void *)) |
| 287 | #else | ||
| 288 | #define FP_ICC | ||
| 289 | #endif | ||
| 290 | |||
| 291 | #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ | 430 | #define ssl_put_cipher_by_char(ssl,ciph,ptr) \ |
| 292 | ((ssl)->method->put_cipher_by_char((ciph),(ptr))) | 431 | ((ssl)->method->put_cipher_by_char((ciph),(ptr))) |
| 293 | #define ssl_get_cipher_by_char(ssl,ptr) \ | 432 | #define ssl_get_cipher_by_char(ssl,ptr) \ |
| @@ -295,29 +434,41 @@ typedef struct cert_st | |||
| 295 | 434 | ||
| 296 | /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff | 435 | /* This is for the SSLv3/TLSv1.0 differences in crypto/hash stuff |
| 297 | * It is a bit of a mess of functions, but hell, think of it as | 436 | * It is a bit of a mess of functions, but hell, think of it as |
| 298 | * an opaque strucute :-) */ | 437 | * an opaque structure :-) */ |
| 299 | typedef struct ssl3_enc_method | 438 | typedef struct ssl3_enc_method |
| 300 | { | 439 | { |
| 301 | int (*enc)(); | 440 | int (*enc)(SSL *, int); |
| 302 | int (*mac)(); | 441 | int (*mac)(SSL *, unsigned char *, int); |
| 303 | int (*setup_key_block)(); | 442 | int (*setup_key_block)(SSL *); |
| 304 | int (*generate_master_secret)(); | 443 | int (*generate_master_secret)(SSL *, unsigned char *, unsigned char *, int); |
| 305 | int (*change_cipher_state)(); | 444 | int (*change_cipher_state)(SSL *, int); |
| 306 | int (*final_finish_mac)(); | 445 | int (*final_finish_mac)(SSL *, EVP_MD_CTX *, EVP_MD_CTX *, const char *, int, unsigned char *); |
| 307 | int finish_mac_length; | 446 | int finish_mac_length; |
| 308 | int (*cert_verify_mac)(); | 447 | int (*cert_verify_mac)(SSL *, EVP_MD_CTX *, unsigned char *); |
| 309 | unsigned char client_finished[20]; | 448 | const char *client_finished_label; |
| 310 | int client_finished_len; | 449 | int client_finished_label_len; |
| 311 | unsigned char server_finished[20]; | 450 | const char *server_finished_label; |
| 312 | int server_finished_len; | 451 | int server_finished_label_len; |
| 313 | int (*alert_value)(); | 452 | int (*alert_value)(int); |
| 314 | } SSL3_ENC_METHOD; | 453 | } SSL3_ENC_METHOD; |
| 315 | 454 | ||
| 316 | extern SSL3_ENC_METHOD ssl3_undef_enc_method; | 455 | /* Used for holding the relevant compression methods loaded into SSL_CTX */ |
| 317 | extern SSL_CIPHER ssl2_ciphers[]; | 456 | typedef struct ssl3_comp_st |
| 318 | extern SSL_CIPHER ssl3_ciphers[]; | 457 | { |
| 458 | int comp_id; /* The identifier byte for this compression type */ | ||
| 459 | char *name; /* Text name used for the compression type */ | ||
| 460 | COMP_METHOD *method; /* The method :-) */ | ||
| 461 | } SSL3_COMP; | ||
| 462 | |||
| 463 | OPENSSL_EXTERN SSL3_ENC_METHOD ssl3_undef_enc_method; | ||
| 464 | OPENSSL_EXTERN SSL_CIPHER ssl2_ciphers[]; | ||
| 465 | OPENSSL_EXTERN SSL_CIPHER ssl3_ciphers[]; | ||
| 466 | |||
| 467 | #ifdef OPENSSL_SYS_VMS | ||
| 468 | #undef SSL_COMP_get_compression_methods | ||
| 469 | #define SSL_COMP_get_compression_methods SSL_COMP_get_compress_methods | ||
| 470 | #endif | ||
| 319 | 471 | ||
| 320 | #ifndef NOPROTO | ||
| 321 | 472 | ||
| 322 | SSL_METHOD *ssl_bad_method(int ver); | 473 | SSL_METHOD *ssl_bad_method(int ver); |
| 323 | SSL_METHOD *sslv2_base_method(void); | 474 | SSL_METHOD *sslv2_base_method(void); |
| @@ -327,33 +478,42 @@ SSL_METHOD *sslv3_base_method(void); | |||
| 327 | void ssl_clear_cipher_ctx(SSL *s); | 478 | void ssl_clear_cipher_ctx(SSL *s); |
| 328 | int ssl_clear_bad_session(SSL *s); | 479 | int ssl_clear_bad_session(SSL *s); |
| 329 | CERT *ssl_cert_new(void); | 480 | CERT *ssl_cert_new(void); |
| 481 | CERT *ssl_cert_dup(CERT *cert); | ||
| 482 | int ssl_cert_inst(CERT **o); | ||
| 330 | void ssl_cert_free(CERT *c); | 483 | void ssl_cert_free(CERT *c); |
| 331 | int ssl_set_cert_type(CERT *c, int type); | 484 | SESS_CERT *ssl_sess_cert_new(void); |
| 485 | void ssl_sess_cert_free(SESS_CERT *sc); | ||
| 486 | int ssl_set_peer_cert_type(SESS_CERT *c, int type); | ||
| 332 | int ssl_get_new_session(SSL *s, int session); | 487 | int ssl_get_new_session(SSL *s, int session); |
| 333 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len); | 488 | int ssl_get_prev_session(SSL *s, unsigned char *session,int len); |
| 334 | int ssl_cipher_id_cmp(SSL_CIPHER *a,SSL_CIPHER *b); | 489 | int ssl_cipher_id_cmp(const SSL_CIPHER *a,const SSL_CIPHER *b); |
| 335 | int ssl_cipher_ptr_id_cmp(SSL_CIPHER **ap,SSL_CIPHER **bp); | 490 | int ssl_cipher_ptr_id_cmp(const SSL_CIPHER * const *ap, |
| 336 | STACK *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num,STACK **skp); | 491 | const SSL_CIPHER * const *bp); |
| 337 | int ssl_cipher_list_to_bytes(SSL *s,STACK *sk,unsigned char *p); | 492 | STACK_OF(SSL_CIPHER) *ssl_bytes_to_cipher_list(SSL *s,unsigned char *p,int num, |
| 338 | STACK *ssl_create_cipher_list(SSL_METHOD *meth,STACK **pref, | 493 | STACK_OF(SSL_CIPHER) **skp); |
| 339 | STACK **sorted,char *str); | 494 | int ssl_cipher_list_to_bytes(SSL *s,STACK_OF(SSL_CIPHER) *sk,unsigned char *p); |
| 495 | STACK_OF(SSL_CIPHER) *ssl_create_cipher_list(const SSL_METHOD *meth, | ||
| 496 | STACK_OF(SSL_CIPHER) **pref, | ||
| 497 | STACK_OF(SSL_CIPHER) **sorted, | ||
| 498 | const char *rule_str); | ||
| 340 | void ssl_update_cache(SSL *s, int mode); | 499 | void ssl_update_cache(SSL *s, int mode); |
| 341 | int ssl_cipher_get_evp(SSL_CIPHER *c, EVP_CIPHER **enc, EVP_MD **md); | 500 | int ssl_cipher_get_evp(SSL_SESSION *s,const EVP_CIPHER **enc,const EVP_MD **md, |
| 342 | int ssl_verify_cert_chain(SSL *s,STACK *sk); | 501 | SSL_COMP **comp); |
| 502 | int ssl_verify_cert_chain(SSL *s,STACK_OF(X509) *sk); | ||
| 343 | int ssl_undefined_function(SSL *s); | 503 | int ssl_undefined_function(SSL *s); |
| 344 | X509 *ssl_get_server_send_cert(SSL *); | 504 | X509 *ssl_get_server_send_cert(SSL *); |
| 345 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); | 505 | EVP_PKEY *ssl_get_sign_pkey(SSL *,SSL_CIPHER *); |
| 346 | int ssl_cert_type(X509 *x,EVP_PKEY *pkey); | 506 | int ssl_cert_type(X509 *x,EVP_PKEY *pkey); |
| 347 | void ssl_set_cert_masks(CERT *c); | 507 | void ssl_set_cert_masks(CERT *c, SSL_CIPHER *cipher); |
| 348 | STACK *ssl_get_ciphers_by_id(SSL *s); | 508 | STACK_OF(SSL_CIPHER) *ssl_get_ciphers_by_id(SSL *s); |
| 349 | int ssl_verify_alarm_type(long type); | 509 | int ssl_verify_alarm_type(long type); |
| 350 | 510 | ||
| 351 | int ssl2_enc_init(SSL *s, int client); | 511 | int ssl2_enc_init(SSL *s, int client); |
| 352 | void ssl2_generate_key_material(SSL *s); | 512 | void ssl2_generate_key_material(SSL *s); |
| 353 | void ssl2_enc(SSL *s,int send_data); | 513 | void ssl2_enc(SSL *s,int send_data); |
| 354 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); | 514 | void ssl2_mac(SSL *s,unsigned char *mac,int send_data); |
| 355 | SSL_CIPHER *ssl2_get_cipher_by_char(unsigned char *p); | 515 | SSL_CIPHER *ssl2_get_cipher_by_char(const unsigned char *p); |
| 356 | int ssl2_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p); | 516 | int ssl2_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 357 | int ssl2_part_read(SSL *s, unsigned long f, int i); | 517 | int ssl2_part_read(SSL *s, unsigned long f, int i); |
| 358 | int ssl2_do_write(SSL *s); | 518 | int ssl2_do_write(SSL *s); |
| 359 | int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); | 519 | int ssl2_set_certificate(SSL *s, int type, int len, unsigned char *data); |
| @@ -365,17 +525,19 @@ int ssl2_new(SSL *s); | |||
| 365 | void ssl2_free(SSL *s); | 525 | void ssl2_free(SSL *s); |
| 366 | int ssl2_accept(SSL *s); | 526 | int ssl2_accept(SSL *s); |
| 367 | int ssl2_connect(SSL *s); | 527 | int ssl2_connect(SSL *s); |
| 368 | int ssl2_read(SSL *s, char *buf, int len); | 528 | int ssl2_read(SSL *s, void *buf, int len); |
| 369 | int ssl2_peek(SSL *s, char *buf, int len); | 529 | int ssl2_peek(SSL *s, void *buf, int len); |
| 370 | int ssl2_write(SSL *s, char *buf, int len); | 530 | int ssl2_write(SSL *s, const void *buf, int len); |
| 371 | int ssl2_shutdown(SSL *s); | 531 | int ssl2_shutdown(SSL *s); |
| 372 | void ssl2_clear(SSL *s); | 532 | void ssl2_clear(SSL *s); |
| 373 | long ssl2_ctrl(SSL *s,int cmd, long larg, char *parg); | 533 | long ssl2_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 374 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); | 534 | long ssl2_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 535 | long ssl2_callback_ctrl(SSL *s,int cmd, void (*fp)()); | ||
| 536 | long ssl2_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | ||
| 375 | int ssl2_pending(SSL *s); | 537 | int ssl2_pending(SSL *s); |
| 376 | 538 | ||
| 377 | SSL_CIPHER *ssl3_get_cipher_by_char(unsigned char *p); | 539 | SSL_CIPHER *ssl3_get_cipher_by_char(const unsigned char *p); |
| 378 | int ssl3_put_cipher_by_char(SSL_CIPHER *c,unsigned char *p); | 540 | int ssl3_put_cipher_by_char(const SSL_CIPHER *c,unsigned char *p); |
| 379 | void ssl3_init_finished_mac(SSL *s); | 541 | void ssl3_init_finished_mac(SSL *s); |
| 380 | int ssl3_send_server_certificate(SSL *s); | 542 | int ssl3_send_server_certificate(SSL *s); |
| 381 | int ssl3_get_finished(SSL *s,int state_a,int state_b); | 543 | int ssl3_get_finished(SSL *s,int state_a,int state_b); |
| @@ -389,35 +551,37 @@ int ssl3_generate_master_secret(SSL *s, unsigned char *out, | |||
| 389 | unsigned char *p, int len); | 551 | unsigned char *p, int len); |
| 390 | int ssl3_get_req_cert_type(SSL *s,unsigned char *p); | 552 | int ssl3_get_req_cert_type(SSL *s,unsigned char *p); |
| 391 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); | 553 | long ssl3_get_message(SSL *s, int st1, int stn, int mt, long max, int *ok); |
| 392 | int ssl3_send_finished(SSL *s, int a, int b, unsigned char *sender,int slen); | 554 | int ssl3_send_finished(SSL *s, int a, int b, const char *sender,int slen); |
| 393 | int ssl3_num_ciphers(void); | 555 | int ssl3_num_ciphers(void); |
| 394 | SSL_CIPHER *ssl3_get_cipher(unsigned int u); | 556 | SSL_CIPHER *ssl3_get_cipher(unsigned int u); |
| 395 | int ssl3_renegotiate(SSL *ssl); | 557 | int ssl3_renegotiate(SSL *ssl); |
| 396 | int ssl3_renegotiate_check(SSL *ssl); | 558 | int ssl3_renegotiate_check(SSL *ssl); |
| 397 | int ssl3_dispatch_alert(SSL *s); | 559 | int ssl3_dispatch_alert(SSL *s); |
| 398 | int ssl3_read_bytes(SSL *s, int type, char *buf, int len); | 560 | int ssl3_read_bytes(SSL *s, int type, unsigned char *buf, int len, int peek); |
| 399 | int ssl3_part_read(SSL *s, int i); | 561 | int ssl3_write_bytes(SSL *s, int type, const void *buf, int len); |
| 400 | int ssl3_write_bytes(SSL *s, int type, char *buf, int len); | 562 | int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1, EVP_MD_CTX *ctx2, |
| 401 | int ssl3_final_finish_mac(SSL *s, EVP_MD_CTX *ctx1,EVP_MD_CTX *ctx2, | 563 | const char *sender, int slen,unsigned char *p); |
| 402 | unsigned char *sender, int slen,unsigned char *p); | ||
| 403 | int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); | 564 | int ssl3_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); |
| 404 | void ssl3_finish_mac(SSL *s, unsigned char *buf, int len); | 565 | void ssl3_finish_mac(SSL *s, const unsigned char *buf, int len); |
| 405 | int ssl3_enc(SSL *s, int send_data); | 566 | int ssl3_enc(SSL *s, int send_data); |
| 406 | int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); | 567 | int ssl3_mac(SSL *ssl, unsigned char *md, int send_data); |
| 407 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); | 568 | unsigned long ssl3_output_cert_chain(SSL *s, X509 *x); |
| 408 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK *have,STACK *pref); | 569 | SSL_CIPHER *ssl3_choose_cipher(SSL *ssl,STACK_OF(SSL_CIPHER) *clnt, |
| 570 | STACK_OF(SSL_CIPHER) *srvr); | ||
| 409 | int ssl3_setup_buffers(SSL *s); | 571 | int ssl3_setup_buffers(SSL *s); |
| 410 | int ssl3_new(SSL *s); | 572 | int ssl3_new(SSL *s); |
| 411 | void ssl3_free(SSL *s); | 573 | void ssl3_free(SSL *s); |
| 412 | int ssl3_accept(SSL *s); | 574 | int ssl3_accept(SSL *s); |
| 413 | int ssl3_connect(SSL *s); | 575 | int ssl3_connect(SSL *s); |
| 414 | int ssl3_read(SSL *s, char *buf, int len); | 576 | int ssl3_read(SSL *s, void *buf, int len); |
| 415 | int ssl3_peek(SSL *s,char *buf, int len); | 577 | int ssl3_peek(SSL *s, void *buf, int len); |
| 416 | int ssl3_write(SSL *s, char *buf, int len); | 578 | int ssl3_write(SSL *s, const void *buf, int len); |
| 417 | int ssl3_shutdown(SSL *s); | 579 | int ssl3_shutdown(SSL *s); |
| 418 | void ssl3_clear(SSL *s); | 580 | void ssl3_clear(SSL *s); |
| 419 | long ssl3_ctrl(SSL *s,int cmd, long larg, char *parg); | 581 | long ssl3_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 420 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, char *parg); | 582 | long ssl3_ctx_ctrl(SSL_CTX *s,int cmd, long larg, void *parg); |
| 583 | long ssl3_callback_ctrl(SSL *s,int cmd, void (*fp)()); | ||
| 584 | long ssl3_ctx_callback_ctrl(SSL_CTX *s,int cmd, void (*fp)()); | ||
| 421 | int ssl3_pending(SSL *s); | 585 | int ssl3_pending(SSL *s); |
| 422 | 586 | ||
| 423 | int ssl23_accept(SSL *s); | 587 | int ssl23_accept(SSL *s); |
| @@ -428,131 +592,28 @@ int ssl23_write_bytes(SSL *s); | |||
| 428 | int tls1_new(SSL *s); | 592 | int tls1_new(SSL *s); |
| 429 | void tls1_free(SSL *s); | 593 | void tls1_free(SSL *s); |
| 430 | void tls1_clear(SSL *s); | 594 | void tls1_clear(SSL *s); |
| 431 | long tls1_ctrl(SSL *s,int cmd, long larg, char *parg); | 595 | long tls1_ctrl(SSL *s,int cmd, long larg, void *parg); |
| 596 | long tls1_callback_ctrl(SSL *s,int cmd, void (*fp)()); | ||
| 432 | SSL_METHOD *tlsv1_base_method(void ); | 597 | SSL_METHOD *tlsv1_base_method(void ); |
| 433 | 598 | ||
| 434 | |||
| 435 | int ssl_init_wbio_buffer(SSL *s, int push); | 599 | int ssl_init_wbio_buffer(SSL *s, int push); |
| 600 | void ssl_free_wbio_buffer(SSL *s); | ||
| 436 | 601 | ||
| 437 | int tls1_change_cipher_state(SSL *s, int which); | 602 | int tls1_change_cipher_state(SSL *s, int which); |
| 438 | int tls1_setup_key_block(SSL *s); | 603 | int tls1_setup_key_block(SSL *s); |
| 439 | int tls1_enc(SSL *s, int snd); | 604 | int tls1_enc(SSL *s, int snd); |
| 440 | int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, | 605 | int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, |
| 441 | unsigned char *str, int slen, unsigned char *p); | 606 | const char *str, int slen, unsigned char *p); |
| 442 | int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); | 607 | int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in, unsigned char *p); |
| 443 | int tls1_mac(SSL *ssl, unsigned char *md, int snd); | 608 | int tls1_mac(SSL *ssl, unsigned char *md, int snd); |
| 444 | int tls1_generate_master_secret(SSL *s, unsigned char *out, | 609 | int tls1_generate_master_secret(SSL *s, unsigned char *out, |
| 445 | unsigned char *p, int len); | 610 | unsigned char *p, int len); |
| 446 | int tls1_alert_code(int code); | 611 | int tls1_alert_code(int code); |
| 447 | int ssl3_alert_code(int code); | 612 | int ssl3_alert_code(int code); |
| 613 | int ssl_ok(SSL *s); | ||
| 448 | 614 | ||
| 615 | SSL_COMP *ssl3_comp_find(STACK_OF(SSL_COMP) *sk, int n); | ||
| 616 | STACK_OF(SSL_COMP) *SSL_COMP_get_compression_methods(void); | ||
| 449 | 617 | ||
| 450 | #else | ||
| 451 | |||
| 452 | SSL_METHOD *ssl_bad_method(); | ||
| 453 | SSL_METHOD *sslv2_base_method(); | ||
| 454 | SSL_METHOD *sslv23_base_method(); | ||
| 455 | SSL_METHOD *sslv3_base_method(); | ||
| 456 | |||
| 457 | void ssl_clear_cipher_ctx(); | ||
| 458 | int ssl_clear_bad_session(); | ||
| 459 | CERT *ssl_cert_new(); | ||
| 460 | void ssl_cert_free(); | ||
| 461 | int ssl_set_cert_type(); | ||
| 462 | int ssl_get_new_session(); | ||
| 463 | int ssl_get_prev_session(); | ||
| 464 | int ssl_cipher_id_cmp(); | ||
| 465 | int ssl_cipher_ptr_id_cmp(); | ||
| 466 | STACK *ssl_bytes_to_cipher_list(); | ||
| 467 | int ssl_cipher_list_to_bytes(); | ||
| 468 | STACK *ssl_create_cipher_list(); | ||
| 469 | void ssl_update_cache(); | ||
| 470 | int ssl_session_get_ciphers(); | ||
| 471 | int ssl_verify_cert_chain(); | ||
| 472 | int ssl_undefined_function(); | ||
| 473 | X509 *ssl_get_server_send_cert(); | ||
| 474 | EVP_PKEY *ssl_get_sign_pkey(); | ||
| 475 | int ssl_cert_type(); | ||
| 476 | void ssl_set_cert_masks(); | ||
| 477 | STACK *ssl_get_ciphers_by_id(); | ||
| 478 | int ssl_verify_alarm_type(); | ||
| 479 | |||
| 480 | int ssl2_enc_init(); | ||
| 481 | void ssl2_generate_key_material(); | ||
| 482 | void ssl2_enc(); | ||
| 483 | void ssl2_mac(); | ||
| 484 | SSL_CIPHER *ssl2_get_cipher_by_char(); | ||
| 485 | int ssl2_put_cipher_by_char(); | ||
| 486 | int ssl2_part_read(); | ||
| 487 | int ssl2_do_write(); | ||
| 488 | int ssl2_set_certificate(); | ||
| 489 | void ssl2_return_error(); | ||
| 490 | void ssl2_write_error(); | ||
| 491 | int ssl2_num_ciphers(); | ||
| 492 | SSL_CIPHER *ssl2_get_cipher(); | ||
| 493 | int ssl2_new(); | ||
| 494 | void ssl2_free(); | ||
| 495 | int ssl2_accept(); | ||
| 496 | int ssl2_connect(); | ||
| 497 | int ssl2_read(); | ||
| 498 | int ssl2_peek(); | ||
| 499 | int ssl2_write(); | ||
| 500 | int ssl2_shutdown(); | ||
| 501 | void ssl2_clear(); | ||
| 502 | long ssl2_ctrl(); | ||
| 503 | long ssl2_ctx_ctrl(); | ||
| 504 | int ssl2_pending(); | ||
| 505 | |||
| 506 | SSL_CIPHER *ssl3_get_cipher_by_char(); | ||
| 507 | int ssl3_put_cipher_by_char(); | ||
| 508 | void ssl3_init_finished_mac(); | ||
| 509 | int ssl3_send_server_certificate(); | ||
| 510 | int ssl3_get_finished(); | ||
| 511 | int ssl3_setup_key_block(); | ||
| 512 | int ssl3_send_change_cipher_spec(); | ||
| 513 | int ssl3_change_cipher_state(); | ||
| 514 | void ssl3_cleanup_key_block(); | ||
| 515 | int ssl3_do_write(); | ||
| 516 | void ssl3_send_alert(); | ||
| 517 | int ssl3_generate_master_secret(); | ||
| 518 | int ssl3_get_req_cert_type(); | ||
| 519 | long ssl3_get_message(); | ||
| 520 | int ssl3_send_finished(); | ||
| 521 | int ssl3_num_ciphers(); | ||
| 522 | SSL_CIPHER *ssl3_get_cipher(); | ||
| 523 | int ssl3_renegotiate(); | ||
| 524 | int ssl3_renegotiate_check(); | ||
| 525 | int ssl3_dispatch_alert(); | ||
| 526 | int ssl3_read_bytes(); | ||
| 527 | int ssl3_part_read(); | ||
| 528 | int ssl3_write_bytes(); | ||
| 529 | int ssl3_final_finish_mac(); | ||
| 530 | void ssl3_finish_mac(); | ||
| 531 | int ssl3_enc(); | ||
| 532 | int ssl3_mac(); | ||
| 533 | unsigned long ssl3_output_cert_chain(); | ||
| 534 | SSL_CIPHER *ssl3_choose_cipher(); | ||
| 535 | int ssl3_setup_buffers(); | ||
| 536 | int ssl3_new(); | ||
| 537 | void ssl3_free(); | ||
| 538 | int ssl3_accept(); | ||
| 539 | int ssl3_connect(); | ||
| 540 | int ssl3_read(); | ||
| 541 | int ssl3_peek(); | ||
| 542 | int ssl3_write(); | ||
| 543 | int ssl3_shutdown(); | ||
| 544 | void ssl3_clear(); | ||
| 545 | long ssl3_ctrl(); | ||
| 546 | long ssl3_ctx_ctrl(); | ||
| 547 | int ssl3_pending(); | ||
| 548 | |||
| 549 | int ssl23_accept(); | ||
| 550 | int ssl23_connect(); | ||
| 551 | int ssl23_read_bytes(); | ||
| 552 | int ssl23_write_bytes(); | ||
| 553 | |||
| 554 | int ssl_init_wbio_buffer(); | ||
| 555 | |||
| 556 | #endif | ||
| 557 | 618 | ||
| 558 | #endif | 619 | #endif |
diff --git a/src/lib/libssl/ssl_rsa.c b/src/lib/libssl/ssl_rsa.c index 140475e5fb..1cf8e20934 100644 --- a/src/lib/libssl/ssl_rsa.c +++ b/src/lib/libssl/ssl_rsa.c | |||
| @@ -57,53 +57,32 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "bio.h" | 60 | #include <openssl/bio.h> |
| 61 | #include "objects.h" | 61 | #include <openssl/objects.h> |
| 62 | #include "evp.h" | 62 | #include <openssl/evp.h> |
| 63 | #include "x509.h" | 63 | #include <openssl/x509.h> |
| 64 | #include "pem.h" | 64 | #include <openssl/pem.h> |
| 65 | #include "ssl_locl.h" | 65 | #include "ssl_locl.h" |
| 66 | 66 | ||
| 67 | #ifndef NOPROTO | ||
| 68 | static int ssl_set_cert(CERT *c, X509 *x509); | 67 | static int ssl_set_cert(CERT *c, X509 *x509); |
| 69 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); | 68 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey); |
| 70 | #else | 69 | int SSL_use_certificate(SSL *ssl, X509 *x) |
| 71 | static int ssl_set_cert(); | ||
| 72 | static int ssl_set_pkey(); | ||
| 73 | #endif | ||
| 74 | |||
| 75 | int SSL_use_certificate(ssl, x) | ||
| 76 | SSL *ssl; | ||
| 77 | X509 *x; | ||
| 78 | { | 70 | { |
| 79 | CERT *c; | ||
| 80 | |||
| 81 | if (x == NULL) | 71 | if (x == NULL) |
| 82 | { | 72 | { |
| 83 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 73 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); |
| 84 | return(0); | 74 | return(0); |
| 85 | } | 75 | } |
| 86 | if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) | 76 | if (!ssl_cert_inst(&ssl->cert)) |
| 87 | { | 77 | { |
| 88 | c=ssl_cert_new(); | 78 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 89 | if (c == NULL) | 79 | return(0); |
| 90 | { | ||
| 91 | SSLerr(SSL_F_SSL_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 92 | return(0); | ||
| 93 | } | ||
| 94 | if (ssl->cert != NULL) ssl_cert_free(ssl->cert); | ||
| 95 | ssl->cert=c; | ||
| 96 | } | 80 | } |
| 97 | c=ssl->cert; | 81 | return(ssl_set_cert(ssl->cert,x)); |
| 98 | |||
| 99 | return(ssl_set_cert(c,x)); | ||
| 100 | } | 82 | } |
| 101 | 83 | ||
| 102 | #ifndef NO_STDIO | 84 | #ifndef OPENSSL_NO_STDIO |
| 103 | int SSL_use_certificate_file(ssl, file, type) | 85 | int SSL_use_certificate_file(SSL *ssl, const char *file, int type) |
| 104 | SSL *ssl; | ||
| 105 | char *file; | ||
| 106 | int type; | ||
| 107 | { | 86 | { |
| 108 | int j; | 87 | int j; |
| 109 | BIO *in; | 88 | BIO *in; |
| @@ -130,7 +109,7 @@ int type; | |||
| 130 | else if (type == SSL_FILETYPE_PEM) | 109 | else if (type == SSL_FILETYPE_PEM) |
| 131 | { | 110 | { |
| 132 | j=ERR_R_PEM_LIB; | 111 | j=ERR_R_PEM_LIB; |
| 133 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback); | 112 | x=PEM_read_bio_X509(in,NULL,ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); |
| 134 | } | 113 | } |
| 135 | else | 114 | else |
| 136 | { | 115 | { |
| @@ -152,10 +131,7 @@ end: | |||
| 152 | } | 131 | } |
| 153 | #endif | 132 | #endif |
| 154 | 133 | ||
| 155 | int SSL_use_certificate_ASN1(ssl, len, d) | 134 | int SSL_use_certificate_ASN1(SSL *ssl, unsigned char *d, int len) |
| 156 | SSL *ssl; | ||
| 157 | int len; | ||
| 158 | unsigned char *d; | ||
| 159 | { | 135 | { |
| 160 | X509 *x; | 136 | X509 *x; |
| 161 | int ret; | 137 | int ret; |
| @@ -172,12 +148,9 @@ unsigned char *d; | |||
| 172 | return(ret); | 148 | return(ret); |
| 173 | } | 149 | } |
| 174 | 150 | ||
| 175 | #ifndef NO_RSA | 151 | #ifndef OPENSSL_NO_RSA |
| 176 | int SSL_use_RSAPrivateKey(ssl, rsa) | 152 | int SSL_use_RSAPrivateKey(SSL *ssl, RSA *rsa) |
| 177 | SSL *ssl; | ||
| 178 | RSA *rsa; | ||
| 179 | { | 153 | { |
| 180 | CERT *c; | ||
| 181 | EVP_PKEY *pkey; | 154 | EVP_PKEY *pkey; |
| 182 | int ret; | 155 | int ret; |
| 183 | 156 | ||
| @@ -186,37 +159,27 @@ RSA *rsa; | |||
| 186 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 159 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); |
| 187 | return(0); | 160 | return(0); |
| 188 | } | 161 | } |
| 189 | 162 | if (!ssl_cert_inst(&ssl->cert)) | |
| 190 | if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) | 163 | { |
| 191 | { | 164 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); |
| 192 | c=ssl_cert_new(); | 165 | return(0); |
| 193 | if (c == NULL) | ||
| 194 | { | ||
| 195 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 196 | return(0); | ||
| 197 | } | ||
| 198 | if (ssl->cert != NULL) ssl_cert_free(ssl->cert); | ||
| 199 | ssl->cert=c; | ||
| 200 | } | 166 | } |
| 201 | c=ssl->cert; | ||
| 202 | if ((pkey=EVP_PKEY_new()) == NULL) | 167 | if ((pkey=EVP_PKEY_new()) == NULL) |
| 203 | { | 168 | { |
| 204 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | 169 | SSLerr(SSL_F_SSL_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); |
| 205 | return(0); | 170 | return(0); |
| 206 | } | 171 | } |
| 207 | 172 | ||
| 208 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | 173 | RSA_up_ref(rsa); |
| 209 | EVP_PKEY_assign_RSA(pkey,rsa); | 174 | EVP_PKEY_assign_RSA(pkey,rsa); |
| 210 | 175 | ||
| 211 | ret=ssl_set_pkey(c,pkey); | 176 | ret=ssl_set_pkey(ssl->cert,pkey); |
| 212 | EVP_PKEY_free(pkey); | 177 | EVP_PKEY_free(pkey); |
| 213 | return(ret); | 178 | return(ret); |
| 214 | } | 179 | } |
| 215 | #endif | 180 | #endif |
| 216 | 181 | ||
| 217 | static int ssl_set_pkey(c,pkey) | 182 | static int ssl_set_pkey(CERT *c, EVP_PKEY *pkey) |
| 218 | CERT *c; | ||
| 219 | EVP_PKEY *pkey; | ||
| 220 | { | 183 | { |
| 221 | int i,ok=0,bad=0; | 184 | int i,ok=0,bad=0; |
| 222 | 185 | ||
| @@ -229,7 +192,13 @@ EVP_PKEY *pkey; | |||
| 229 | 192 | ||
| 230 | if (c->pkeys[i].x509 != NULL) | 193 | if (c->pkeys[i].x509 != NULL) |
| 231 | { | 194 | { |
| 232 | #ifndef NO_RSA | 195 | EVP_PKEY *pktmp; |
| 196 | pktmp = X509_get_pubkey(c->pkeys[i].x509); | ||
| 197 | EVP_PKEY_copy_parameters(pktmp,pkey); | ||
| 198 | EVP_PKEY_free(pktmp); | ||
| 199 | ERR_clear_error(); | ||
| 200 | |||
| 201 | #ifndef OPENSSL_NO_RSA | ||
| 233 | /* Don't check the public/private key, this is mostly | 202 | /* Don't check the public/private key, this is mostly |
| 234 | * for smart cards. */ | 203 | * for smart cards. */ |
| 235 | if ((pkey->type == EVP_PKEY_RSA) && | 204 | if ((pkey->type == EVP_PKEY_RSA) && |
| @@ -282,12 +251,9 @@ EVP_PKEY *pkey; | |||
| 282 | return(1); | 251 | return(1); |
| 283 | } | 252 | } |
| 284 | 253 | ||
| 285 | #ifndef NO_RSA | 254 | #ifndef OPENSSL_NO_RSA |
| 286 | #ifndef NO_STDIO | 255 | #ifndef OPENSSL_NO_STDIO |
| 287 | int SSL_use_RSAPrivateKey_file(ssl, file, type) | 256 | int SSL_use_RSAPrivateKey_file(SSL *ssl, const char *file, int type) |
| 288 | SSL *ssl; | ||
| 289 | char *file; | ||
| 290 | int type; | ||
| 291 | { | 257 | { |
| 292 | int j,ret=0; | 258 | int j,ret=0; |
| 293 | BIO *in; | 259 | BIO *in; |
| @@ -314,7 +280,7 @@ int type; | |||
| 314 | { | 280 | { |
| 315 | j=ERR_R_PEM_LIB; | 281 | j=ERR_R_PEM_LIB; |
| 316 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 282 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, |
| 317 | ssl->ctx->default_passwd_callback); | 283 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); |
| 318 | } | 284 | } |
| 319 | else | 285 | else |
| 320 | { | 286 | { |
| @@ -334,13 +300,10 @@ end: | |||
| 334 | } | 300 | } |
| 335 | #endif | 301 | #endif |
| 336 | 302 | ||
| 337 | int SSL_use_RSAPrivateKey_ASN1(ssl,d,len) | 303 | int SSL_use_RSAPrivateKey_ASN1(SSL *ssl, unsigned char *d, long len) |
| 338 | SSL *ssl; | ||
| 339 | unsigned char *d; | ||
| 340 | long len; | ||
| 341 | { | 304 | { |
| 342 | int ret; | 305 | int ret; |
| 343 | unsigned char *p; | 306 | const unsigned char *p; |
| 344 | RSA *rsa; | 307 | RSA *rsa; |
| 345 | 308 | ||
| 346 | p=d; | 309 | p=d; |
| @@ -354,13 +317,10 @@ long len; | |||
| 354 | RSA_free(rsa); | 317 | RSA_free(rsa); |
| 355 | return(ret); | 318 | return(ret); |
| 356 | } | 319 | } |
| 357 | #endif /* !NO_RSA */ | 320 | #endif /* !OPENSSL_NO_RSA */ |
| 358 | 321 | ||
| 359 | int SSL_use_PrivateKey(ssl, pkey) | 322 | int SSL_use_PrivateKey(SSL *ssl, EVP_PKEY *pkey) |
| 360 | SSL *ssl; | ||
| 361 | EVP_PKEY *pkey; | ||
| 362 | { | 323 | { |
| 363 | CERT *c; | ||
| 364 | int ret; | 324 | int ret; |
| 365 | 325 | ||
| 366 | if (pkey == NULL) | 326 | if (pkey == NULL) |
| @@ -368,29 +328,17 @@ EVP_PKEY *pkey; | |||
| 368 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 328 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); |
| 369 | return(0); | 329 | return(0); |
| 370 | } | 330 | } |
| 371 | 331 | if (!ssl_cert_inst(&ssl->cert)) | |
| 372 | if ((ssl->cert == NULL) || (ssl->cert == ssl->ctx->default_cert)) | 332 | { |
| 373 | { | 333 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); |
| 374 | c=ssl_cert_new(); | 334 | return(0); |
| 375 | if (c == NULL) | ||
| 376 | { | ||
| 377 | SSLerr(SSL_F_SSL_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 378 | return(0); | ||
| 379 | } | ||
| 380 | if (ssl->cert != NULL) ssl_cert_free(ssl->cert); | ||
| 381 | ssl->cert=c; | ||
| 382 | } | 335 | } |
| 383 | c=ssl->cert; | 336 | ret=ssl_set_pkey(ssl->cert,pkey); |
| 384 | |||
| 385 | ret=ssl_set_pkey(c,pkey); | ||
| 386 | return(ret); | 337 | return(ret); |
| 387 | } | 338 | } |
| 388 | 339 | ||
| 389 | #ifndef NO_STDIO | 340 | #ifndef OPENSSL_NO_STDIO |
| 390 | int SSL_use_PrivateKey_file(ssl, file, type) | 341 | int SSL_use_PrivateKey_file(SSL *ssl, const char *file, int type) |
| 391 | SSL *ssl; | ||
| 392 | char *file; | ||
| 393 | int type; | ||
| 394 | { | 342 | { |
| 395 | int j,ret=0; | 343 | int j,ret=0; |
| 396 | BIO *in; | 344 | BIO *in; |
| @@ -412,7 +360,7 @@ int type; | |||
| 412 | { | 360 | { |
| 413 | j=ERR_R_PEM_LIB; | 361 | j=ERR_R_PEM_LIB; |
| 414 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 362 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 415 | ssl->ctx->default_passwd_callback); | 363 | ssl->ctx->default_passwd_callback,ssl->ctx->default_passwd_callback_userdata); |
| 416 | } | 364 | } |
| 417 | else | 365 | else |
| 418 | { | 366 | { |
| @@ -432,11 +380,7 @@ end: | |||
| 432 | } | 380 | } |
| 433 | #endif | 381 | #endif |
| 434 | 382 | ||
| 435 | int SSL_use_PrivateKey_ASN1(type,ssl,d,len) | 383 | int SSL_use_PrivateKey_ASN1(int type, SSL *ssl, unsigned char *d, long len) |
| 436 | int type; | ||
| 437 | SSL *ssl; | ||
| 438 | unsigned char *d; | ||
| 439 | long len; | ||
| 440 | { | 384 | { |
| 441 | int ret; | 385 | int ret; |
| 442 | unsigned char *p; | 386 | unsigned char *p; |
| @@ -454,36 +398,22 @@ long len; | |||
| 454 | return(ret); | 398 | return(ret); |
| 455 | } | 399 | } |
| 456 | 400 | ||
| 457 | int SSL_CTX_use_certificate(ctx, x) | 401 | int SSL_CTX_use_certificate(SSL_CTX *ctx, X509 *x) |
| 458 | SSL_CTX *ctx; | ||
| 459 | X509 *x; | ||
| 460 | { | 402 | { |
| 461 | CERT *c; | ||
| 462 | |||
| 463 | if (x == NULL) | 403 | if (x == NULL) |
| 464 | { | 404 | { |
| 465 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); | 405 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_PASSED_NULL_PARAMETER); |
| 466 | return(0); | 406 | return(0); |
| 467 | } | 407 | } |
| 468 | 408 | if (!ssl_cert_inst(&ctx->cert)) | |
| 469 | if (ctx->default_cert == NULL) | ||
| 470 | { | 409 | { |
| 471 | c=ssl_cert_new(); | 410 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); |
| 472 | if (c == NULL) | 411 | return(0); |
| 473 | { | ||
| 474 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE,ERR_R_MALLOC_FAILURE); | ||
| 475 | return(0); | ||
| 476 | } | ||
| 477 | ctx->default_cert=c; | ||
| 478 | } | 412 | } |
| 479 | c=ctx->default_cert; | 413 | return(ssl_set_cert(ctx->cert, x)); |
| 480 | |||
| 481 | return(ssl_set_cert(c,x)); | ||
| 482 | } | 414 | } |
| 483 | 415 | ||
| 484 | static int ssl_set_cert(c,x) | 416 | static int ssl_set_cert(CERT *c, X509 *x) |
| 485 | CERT *c; | ||
| 486 | X509 *x; | ||
| 487 | { | 417 | { |
| 488 | EVP_PKEY *pkey; | 418 | EVP_PKEY *pkey; |
| 489 | int i,ok=0,bad=0; | 419 | int i,ok=0,bad=0; |
| @@ -499,11 +429,25 @@ X509 *x; | |||
| 499 | if (i < 0) | 429 | if (i < 0) |
| 500 | { | 430 | { |
| 501 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); | 431 | SSLerr(SSL_F_SSL_SET_CERT,SSL_R_UNKNOWN_CERTIFICATE_TYPE); |
| 432 | EVP_PKEY_free(pkey); | ||
| 502 | return(0); | 433 | return(0); |
| 503 | } | 434 | } |
| 504 | 435 | ||
| 505 | if (c->pkeys[i].privatekey != NULL) | 436 | if (c->pkeys[i].privatekey != NULL) |
| 506 | { | 437 | { |
| 438 | EVP_PKEY_copy_parameters(pkey,c->pkeys[i].privatekey); | ||
| 439 | ERR_clear_error(); | ||
| 440 | |||
| 441 | #ifndef OPENSSL_NO_RSA | ||
| 442 | /* Don't check the public/private key, this is mostly | ||
| 443 | * for smart cards. */ | ||
| 444 | if ((c->pkeys[i].privatekey->type == EVP_PKEY_RSA) && | ||
| 445 | (RSA_flags(c->pkeys[i].privatekey->pkey.rsa) & | ||
| 446 | RSA_METHOD_FLAG_NO_CHECK)) | ||
| 447 | ok=1; | ||
| 448 | else | ||
| 449 | #endif | ||
| 450 | { | ||
| 507 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) | 451 | if (!X509_check_private_key(x,c->pkeys[i].privatekey)) |
| 508 | { | 452 | { |
| 509 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) | 453 | if ((i == SSL_PKEY_DH_RSA) || (i == SSL_PKEY_DH_DSA)) |
| @@ -527,10 +471,12 @@ X509 *x; | |||
| 527 | } | 471 | } |
| 528 | else | 472 | else |
| 529 | ok=1; | 473 | ok=1; |
| 474 | } /* OPENSSL_NO_RSA */ | ||
| 530 | } | 475 | } |
| 531 | else | 476 | else |
| 532 | ok=1; | 477 | ok=1; |
| 533 | 478 | ||
| 479 | EVP_PKEY_free(pkey); | ||
| 534 | if (bad) | 480 | if (bad) |
| 535 | { | 481 | { |
| 536 | EVP_PKEY_free(c->pkeys[i].privatekey); | 482 | EVP_PKEY_free(c->pkeys[i].privatekey); |
| @@ -547,11 +493,8 @@ X509 *x; | |||
| 547 | return(1); | 493 | return(1); |
| 548 | } | 494 | } |
| 549 | 495 | ||
| 550 | #ifndef NO_STDIO | 496 | #ifndef OPENSSL_NO_STDIO |
| 551 | int SSL_CTX_use_certificate_file(ctx, file, type) | 497 | int SSL_CTX_use_certificate_file(SSL_CTX *ctx, const char *file, int type) |
| 552 | SSL_CTX *ctx; | ||
| 553 | char *file; | ||
| 554 | int type; | ||
| 555 | { | 498 | { |
| 556 | int j; | 499 | int j; |
| 557 | BIO *in; | 500 | BIO *in; |
| @@ -578,7 +521,7 @@ int type; | |||
| 578 | else if (type == SSL_FILETYPE_PEM) | 521 | else if (type == SSL_FILETYPE_PEM) |
| 579 | { | 522 | { |
| 580 | j=ERR_R_PEM_LIB; | 523 | j=ERR_R_PEM_LIB; |
| 581 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback); | 524 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); |
| 582 | } | 525 | } |
| 583 | else | 526 | else |
| 584 | { | 527 | { |
| @@ -600,10 +543,7 @@ end: | |||
| 600 | } | 543 | } |
| 601 | #endif | 544 | #endif |
| 602 | 545 | ||
| 603 | int SSL_CTX_use_certificate_ASN1(ctx, len, d) | 546 | int SSL_CTX_use_certificate_ASN1(SSL_CTX *ctx, int len, unsigned char *d) |
| 604 | SSL_CTX *ctx; | ||
| 605 | int len; | ||
| 606 | unsigned char *d; | ||
| 607 | { | 547 | { |
| 608 | X509 *x; | 548 | X509 *x; |
| 609 | int ret; | 549 | int ret; |
| @@ -620,13 +560,10 @@ unsigned char *d; | |||
| 620 | return(ret); | 560 | return(ret); |
| 621 | } | 561 | } |
| 622 | 562 | ||
| 623 | #ifndef NO_RSA | 563 | #ifndef OPENSSL_NO_RSA |
| 624 | int SSL_CTX_use_RSAPrivateKey(ctx, rsa) | 564 | int SSL_CTX_use_RSAPrivateKey(SSL_CTX *ctx, RSA *rsa) |
| 625 | SSL_CTX *ctx; | ||
| 626 | RSA *rsa; | ||
| 627 | { | 565 | { |
| 628 | int ret; | 566 | int ret; |
| 629 | CERT *c; | ||
| 630 | EVP_PKEY *pkey; | 567 | EVP_PKEY *pkey; |
| 631 | 568 | ||
| 632 | if (rsa == NULL) | 569 | if (rsa == NULL) |
| @@ -634,37 +571,27 @@ RSA *rsa; | |||
| 634 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 571 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); |
| 635 | return(0); | 572 | return(0); |
| 636 | } | 573 | } |
| 637 | if (ctx->default_cert == NULL) | 574 | if (!ssl_cert_inst(&ctx->cert)) |
| 638 | { | 575 | { |
| 639 | c=ssl_cert_new(); | 576 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); |
| 640 | if (c == NULL) | 577 | return(0); |
| 641 | { | ||
| 642 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 643 | return(0); | ||
| 644 | } | ||
| 645 | ctx->default_cert=c; | ||
| 646 | } | 578 | } |
| 647 | c=ctx->default_cert; | ||
| 648 | |||
| 649 | if ((pkey=EVP_PKEY_new()) == NULL) | 579 | if ((pkey=EVP_PKEY_new()) == NULL) |
| 650 | { | 580 | { |
| 651 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); | 581 | SSLerr(SSL_F_SSL_CTX_USE_RSAPRIVATEKEY,ERR_R_EVP_LIB); |
| 652 | return(0); | 582 | return(0); |
| 653 | } | 583 | } |
| 654 | 584 | ||
| 655 | CRYPTO_add(&rsa->references,1,CRYPTO_LOCK_RSA); | 585 | RSA_up_ref(rsa); |
| 656 | EVP_PKEY_assign_RSA(pkey,rsa); | 586 | EVP_PKEY_assign_RSA(pkey,rsa); |
| 657 | 587 | ||
| 658 | ret=ssl_set_pkey(c,pkey); | 588 | ret=ssl_set_pkey(ctx->cert, pkey); |
| 659 | EVP_PKEY_free(pkey); | 589 | EVP_PKEY_free(pkey); |
| 660 | return(ret); | 590 | return(ret); |
| 661 | } | 591 | } |
| 662 | 592 | ||
| 663 | #ifndef NO_STDIO | 593 | #ifndef OPENSSL_NO_STDIO |
| 664 | int SSL_CTX_use_RSAPrivateKey_file(ctx, file, type) | 594 | int SSL_CTX_use_RSAPrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 665 | SSL_CTX *ctx; | ||
| 666 | char *file; | ||
| 667 | int type; | ||
| 668 | { | 595 | { |
| 669 | int j,ret=0; | 596 | int j,ret=0; |
| 670 | BIO *in; | 597 | BIO *in; |
| @@ -691,7 +618,7 @@ int type; | |||
| 691 | { | 618 | { |
| 692 | j=ERR_R_PEM_LIB; | 619 | j=ERR_R_PEM_LIB; |
| 693 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, | 620 | rsa=PEM_read_bio_RSAPrivateKey(in,NULL, |
| 694 | ctx->default_passwd_callback); | 621 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); |
| 695 | } | 622 | } |
| 696 | else | 623 | else |
| 697 | { | 624 | { |
| @@ -711,13 +638,10 @@ end: | |||
| 711 | } | 638 | } |
| 712 | #endif | 639 | #endif |
| 713 | 640 | ||
| 714 | int SSL_CTX_use_RSAPrivateKey_ASN1(ctx,d,len) | 641 | int SSL_CTX_use_RSAPrivateKey_ASN1(SSL_CTX *ctx, unsigned char *d, long len) |
| 715 | SSL_CTX *ctx; | ||
| 716 | unsigned char *d; | ||
| 717 | long len; | ||
| 718 | { | 642 | { |
| 719 | int ret; | 643 | int ret; |
| 720 | unsigned char *p; | 644 | const unsigned char *p; |
| 721 | RSA *rsa; | 645 | RSA *rsa; |
| 722 | 646 | ||
| 723 | p=d; | 647 | p=d; |
| @@ -731,40 +655,25 @@ long len; | |||
| 731 | RSA_free(rsa); | 655 | RSA_free(rsa); |
| 732 | return(ret); | 656 | return(ret); |
| 733 | } | 657 | } |
| 734 | #endif /* !NO_RSA */ | 658 | #endif /* !OPENSSL_NO_RSA */ |
| 735 | 659 | ||
| 736 | int SSL_CTX_use_PrivateKey(ctx, pkey) | 660 | int SSL_CTX_use_PrivateKey(SSL_CTX *ctx, EVP_PKEY *pkey) |
| 737 | SSL_CTX *ctx; | ||
| 738 | EVP_PKEY *pkey; | ||
| 739 | { | 661 | { |
| 740 | CERT *c; | ||
| 741 | |||
| 742 | if (pkey == NULL) | 662 | if (pkey == NULL) |
| 743 | { | 663 | { |
| 744 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); | 664 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_PASSED_NULL_PARAMETER); |
| 745 | return(0); | 665 | return(0); |
| 746 | } | 666 | } |
| 747 | 667 | if (!ssl_cert_inst(&ctx->cert)) | |
| 748 | if (ctx->default_cert == NULL) | ||
| 749 | { | 668 | { |
| 750 | c=ssl_cert_new(); | 669 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); |
| 751 | if (c == NULL) | 670 | return(0); |
| 752 | { | ||
| 753 | SSLerr(SSL_F_SSL_CTX_USE_PRIVATEKEY,ERR_R_MALLOC_FAILURE); | ||
| 754 | return(0); | ||
| 755 | } | ||
| 756 | ctx->default_cert=c; | ||
| 757 | } | 671 | } |
| 758 | c=ctx->default_cert; | 672 | return(ssl_set_pkey(ctx->cert,pkey)); |
| 759 | |||
| 760 | return(ssl_set_pkey(c,pkey)); | ||
| 761 | } | 673 | } |
| 762 | 674 | ||
| 763 | #ifndef NO_STDIO | 675 | #ifndef OPENSSL_NO_STDIO |
| 764 | int SSL_CTX_use_PrivateKey_file(ctx, file, type) | 676 | int SSL_CTX_use_PrivateKey_file(SSL_CTX *ctx, const char *file, int type) |
| 765 | SSL_CTX *ctx; | ||
| 766 | char *file; | ||
| 767 | int type; | ||
| 768 | { | 677 | { |
| 769 | int j,ret=0; | 678 | int j,ret=0; |
| 770 | BIO *in; | 679 | BIO *in; |
| @@ -786,7 +695,7 @@ int type; | |||
| 786 | { | 695 | { |
| 787 | j=ERR_R_PEM_LIB; | 696 | j=ERR_R_PEM_LIB; |
| 788 | pkey=PEM_read_bio_PrivateKey(in,NULL, | 697 | pkey=PEM_read_bio_PrivateKey(in,NULL, |
| 789 | ctx->default_passwd_callback); | 698 | ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); |
| 790 | } | 699 | } |
| 791 | else | 700 | else |
| 792 | { | 701 | { |
| @@ -806,11 +715,8 @@ end: | |||
| 806 | } | 715 | } |
| 807 | #endif | 716 | #endif |
| 808 | 717 | ||
| 809 | int SSL_CTX_use_PrivateKey_ASN1(type,ctx,d,len) | 718 | int SSL_CTX_use_PrivateKey_ASN1(int type, SSL_CTX *ctx, unsigned char *d, |
| 810 | int type; | 719 | long len) |
| 811 | SSL_CTX *ctx; | ||
| 812 | unsigned char *d; | ||
| 813 | long len; | ||
| 814 | { | 720 | { |
| 815 | int ret; | 721 | int ret; |
| 816 | unsigned char *p; | 722 | unsigned char *p; |
| @@ -829,3 +735,81 @@ long len; | |||
| 829 | } | 735 | } |
| 830 | 736 | ||
| 831 | 737 | ||
| 738 | #ifndef OPENSSL_NO_STDIO | ||
| 739 | /* Read a file that contains our certificate in "PEM" format, | ||
| 740 | * possibly followed by a sequence of CA certificates that should be | ||
| 741 | * sent to the peer in the Certificate message. | ||
| 742 | */ | ||
| 743 | int SSL_CTX_use_certificate_chain_file(SSL_CTX *ctx, const char *file) | ||
| 744 | { | ||
| 745 | BIO *in; | ||
| 746 | int ret=0; | ||
| 747 | X509 *x=NULL; | ||
| 748 | |||
| 749 | in=BIO_new(BIO_s_file_internal()); | ||
| 750 | if (in == NULL) | ||
| 751 | { | ||
| 752 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_BUF_LIB); | ||
| 753 | goto end; | ||
| 754 | } | ||
| 755 | |||
| 756 | if (BIO_read_filename(in,file) <= 0) | ||
| 757 | { | ||
| 758 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_SYS_LIB); | ||
| 759 | goto end; | ||
| 760 | } | ||
| 761 | |||
| 762 | x=PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata); | ||
| 763 | if (x == NULL) | ||
| 764 | { | ||
| 765 | SSLerr(SSL_F_SSL_CTX_USE_CERTIFICATE_CHAIN_FILE,ERR_R_PEM_LIB); | ||
| 766 | goto end; | ||
| 767 | } | ||
| 768 | |||
| 769 | ret=SSL_CTX_use_certificate(ctx,x); | ||
| 770 | if (ERR_peek_error() != 0) | ||
| 771 | ret = 0; /* Key/certificate mismatch doesn't imply ret==0 ... */ | ||
| 772 | if (ret) | ||
| 773 | { | ||
| 774 | /* If we could set up our certificate, now proceed to | ||
| 775 | * the CA certificates. | ||
| 776 | */ | ||
| 777 | X509 *ca; | ||
| 778 | int r; | ||
| 779 | unsigned long err; | ||
| 780 | |||
| 781 | if (ctx->extra_certs != NULL) | ||
| 782 | { | ||
| 783 | sk_X509_pop_free(ctx->extra_certs, X509_free); | ||
| 784 | ctx->extra_certs = NULL; | ||
| 785 | } | ||
| 786 | |||
| 787 | while ((ca = PEM_read_bio_X509(in,NULL,ctx->default_passwd_callback,ctx->default_passwd_callback_userdata)) | ||
| 788 | != NULL) | ||
| 789 | { | ||
| 790 | r = SSL_CTX_add_extra_chain_cert(ctx, ca); | ||
| 791 | if (!r) | ||
| 792 | { | ||
| 793 | X509_free(ca); | ||
| 794 | ret = 0; | ||
| 795 | goto end; | ||
| 796 | } | ||
| 797 | /* Note that we must not free r if it was successfully | ||
| 798 | * added to the chain (while we must free the main | ||
| 799 | * certificate, since its reference count is increased | ||
| 800 | * by SSL_CTX_use_certificate). */ | ||
| 801 | } | ||
| 802 | /* When the while loop ends, it's usually just EOF. */ | ||
| 803 | err = ERR_peek_last_error(); | ||
| 804 | if (ERR_GET_LIB(err) == ERR_LIB_PEM && ERR_GET_REASON(err) == PEM_R_NO_START_LINE) | ||
| 805 | (void)ERR_get_error(); | ||
| 806 | else | ||
| 807 | ret = 0; /* some real error */ | ||
| 808 | } | ||
| 809 | |||
| 810 | end: | ||
| 811 | if (x != NULL) X509_free(x); | ||
| 812 | if (in != NULL) BIO_free(in); | ||
| 813 | return(ret); | ||
| 814 | } | ||
| 815 | #endif | ||
diff --git a/src/lib/libssl/ssl_sess.c b/src/lib/libssl/ssl_sess.c index 8212600e40..6424f775e2 100644 --- a/src/lib/libssl/ssl_sess.c +++ b/src/lib/libssl/ssl_sess.c | |||
| @@ -57,60 +57,57 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "lhash.h" | 60 | #include <openssl/lhash.h> |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "ssl_locl.h" | 62 | #include "ssl_locl.h" |
| 63 | 63 | ||
| 64 | #ifndef NOPROTO | ||
| 65 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); | 64 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s); |
| 66 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); | 65 | static void SSL_SESSION_list_add(SSL_CTX *ctx,SSL_SESSION *s); |
| 67 | #else | 66 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck); |
| 68 | static void SSL_SESSION_list_remove(); | ||
| 69 | static void SSL_SESSION_list_add(); | ||
| 70 | #endif | ||
| 71 | |||
| 72 | static ssl_session_num=0; | ||
| 73 | static STACK *ssl_session_meth=NULL; | ||
| 74 | 67 | ||
| 75 | SSL_SESSION *SSL_get_session(ssl) | 68 | SSL_SESSION *SSL_get_session(SSL *ssl) |
| 76 | SSL *ssl; | 69 | /* aka SSL_get0_session; gets 0 objects, just returns a copy of the pointer */ |
| 77 | { | 70 | { |
| 78 | return(ssl->session); | 71 | return(ssl->session); |
| 79 | } | 72 | } |
| 80 | 73 | ||
| 81 | int SSL_SESSION_get_ex_new_index(argl,argp,new_func,dup_func,free_func) | 74 | SSL_SESSION *SSL_get1_session(SSL *ssl) |
| 82 | long argl; | 75 | /* variant of SSL_get_session: caller really gets something */ |
| 83 | char *argp; | 76 | { |
| 84 | int (*new_func)(); | 77 | SSL_SESSION *sess; |
| 85 | int (*dup_func)(); | 78 | /* Need to lock this all up rather than just use CRYPTO_add so that |
| 86 | void (*free_func)(); | 79 | * somebody doesn't free ssl->session between when we check it's |
| 87 | { | 80 | * non-null and when we up the reference count. */ |
| 88 | ssl_session_num++; | 81 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_SESSION); |
| 89 | return(CRYPTO_get_ex_new_index(ssl_session_num-1, | 82 | sess = ssl->session; |
| 90 | &ssl_session_meth, | 83 | if(sess) |
| 91 | argl,argp,new_func,dup_func,free_func)); | 84 | sess->references++; |
| 92 | } | 85 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_SESSION); |
| 93 | 86 | return(sess); | |
| 94 | int SSL_SESSION_set_ex_data(s,idx,arg) | 87 | } |
| 95 | SSL_SESSION *s; | 88 | |
| 96 | int idx; | 89 | int SSL_SESSION_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, |
| 97 | char *arg; | 90 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) |
| 91 | { | ||
| 92 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_SSL_SESSION, argl, argp, | ||
| 93 | new_func, dup_func, free_func); | ||
| 94 | } | ||
| 95 | |||
| 96 | int SSL_SESSION_set_ex_data(SSL_SESSION *s, int idx, void *arg) | ||
| 98 | { | 97 | { |
| 99 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); | 98 | return(CRYPTO_set_ex_data(&s->ex_data,idx,arg)); |
| 100 | } | 99 | } |
| 101 | 100 | ||
| 102 | char *SSL_SESSION_get_ex_data(s,idx) | 101 | void *SSL_SESSION_get_ex_data(SSL_SESSION *s, int idx) |
| 103 | SSL_SESSION *s; | ||
| 104 | int idx; | ||
| 105 | { | 102 | { |
| 106 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); | 103 | return(CRYPTO_get_ex_data(&s->ex_data,idx)); |
| 107 | } | 104 | } |
| 108 | 105 | ||
| 109 | SSL_SESSION *SSL_SESSION_new() | 106 | SSL_SESSION *SSL_SESSION_new(void) |
| 110 | { | 107 | { |
| 111 | SSL_SESSION *ss; | 108 | SSL_SESSION *ss; |
| 112 | 109 | ||
| 113 | ss=(SSL_SESSION *)Malloc(sizeof(SSL_SESSION)); | 110 | ss=(SSL_SESSION *)OPENSSL_malloc(sizeof(SSL_SESSION)); |
| 114 | if (ss == NULL) | 111 | if (ss == NULL) |
| 115 | { | 112 | { |
| 116 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); | 113 | SSLerr(SSL_F_SSL_SESSION_NEW,ERR_R_MALLOC_FAILURE); |
| @@ -118,26 +115,64 @@ SSL_SESSION *SSL_SESSION_new() | |||
| 118 | } | 115 | } |
| 119 | memset(ss,0,sizeof(SSL_SESSION)); | 116 | memset(ss,0,sizeof(SSL_SESSION)); |
| 120 | 117 | ||
| 118 | ss->verify_result = 1; /* avoid 0 (= X509_V_OK) just in case */ | ||
| 121 | ss->references=1; | 119 | ss->references=1; |
| 122 | ss->timeout=60*5+4; /* 5 minute timeout by default */ | 120 | ss->timeout=60*5+4; /* 5 minute timeout by default */ |
| 123 | ss->time=time(NULL); | 121 | ss->time=time(NULL); |
| 124 | ss->prev=NULL; | 122 | ss->prev=NULL; |
| 125 | ss->next=NULL; | 123 | ss->next=NULL; |
| 126 | CRYPTO_new_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data); | 124 | ss->compress_meth=0; |
| 125 | CRYPTO_new_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); | ||
| 127 | return(ss); | 126 | return(ss); |
| 128 | } | 127 | } |
| 129 | 128 | ||
| 130 | int ssl_get_new_session(s, session) | 129 | /* Even with SSLv2, we have 16 bytes (128 bits) of session ID space. SSLv3/TLSv1 |
| 131 | SSL *s; | 130 | * has 32 bytes (256 bits). As such, filling the ID with random gunk repeatedly |
| 132 | int session; | 131 | * until we have no conflict is going to complete in one iteration pretty much |
| 132 | * "most" of the time (btw: understatement). So, if it takes us 10 iterations | ||
| 133 | * and we still can't avoid a conflict - well that's a reasonable point to call | ||
| 134 | * it quits. Either the RAND code is broken or someone is trying to open roughly | ||
| 135 | * very close to 2^128 (or 2^256) SSL sessions to our server. How you might | ||
| 136 | * store that many sessions is perhaps a more interesting question ... */ | ||
| 137 | |||
| 138 | #define MAX_SESS_ID_ATTEMPTS 10 | ||
| 139 | static int def_generate_session_id(const SSL *ssl, unsigned char *id, | ||
| 140 | unsigned int *id_len) | ||
| 141 | { | ||
| 142 | unsigned int retry = 0; | ||
| 143 | do | ||
| 144 | RAND_pseudo_bytes(id, *id_len); | ||
| 145 | while(SSL_has_matching_session_id(ssl, id, *id_len) && | ||
| 146 | (++retry < MAX_SESS_ID_ATTEMPTS)); | ||
| 147 | if(retry < MAX_SESS_ID_ATTEMPTS) | ||
| 148 | return 1; | ||
| 149 | /* else - woops a session_id match */ | ||
| 150 | /* XXX We should also check the external cache -- | ||
| 151 | * but the probability of a collision is negligible, and | ||
| 152 | * we could not prevent the concurrent creation of sessions | ||
| 153 | * with identical IDs since we currently don't have means | ||
| 154 | * to atomically check whether a session ID already exists | ||
| 155 | * and make a reservation for it if it does not | ||
| 156 | * (this problem applies to the internal cache as well). | ||
| 157 | */ | ||
| 158 | return 0; | ||
| 159 | } | ||
| 160 | |||
| 161 | int ssl_get_new_session(SSL *s, int session) | ||
| 133 | { | 162 | { |
| 163 | /* This gets used by clients and servers. */ | ||
| 164 | |||
| 165 | unsigned int tmp; | ||
| 134 | SSL_SESSION *ss=NULL; | 166 | SSL_SESSION *ss=NULL; |
| 167 | GEN_SESSION_CB cb = def_generate_session_id; | ||
| 135 | 168 | ||
| 136 | if ((ss=SSL_SESSION_new()) == NULL) return(0); | 169 | if ((ss=SSL_SESSION_new()) == NULL) return(0); |
| 137 | 170 | ||
| 138 | /* If the context has a default timeout, use it */ | 171 | /* If the context has a default timeout, use it */ |
| 139 | if (s->ctx->session_timeout != 0) | 172 | if (s->ctx->session_timeout == 0) |
| 140 | ss->timeout=SSL_get_default_timeout(s); | 173 | ss->timeout=SSL_get_default_timeout(s); |
| 174 | else | ||
| 175 | ss->timeout=s->ctx->session_timeout; | ||
| 141 | 176 | ||
| 142 | if (s->session != NULL) | 177 | if (s->session != NULL) |
| 143 | { | 178 | { |
| @@ -147,7 +182,7 @@ int session; | |||
| 147 | 182 | ||
| 148 | if (session) | 183 | if (session) |
| 149 | { | 184 | { |
| 150 | if (s->version == SSL2_CLIENT_VERSION) | 185 | if (s->version == SSL2_VERSION) |
| 151 | { | 186 | { |
| 152 | ss->ssl_version=SSL2_VERSION; | 187 | ss->ssl_version=SSL2_VERSION; |
| 153 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; | 188 | ss->session_id_length=SSL2_SSL_SESSION_ID_LENGTH; |
| @@ -168,18 +203,46 @@ int session; | |||
| 168 | SSL_SESSION_free(ss); | 203 | SSL_SESSION_free(ss); |
| 169 | return(0); | 204 | return(0); |
| 170 | } | 205 | } |
| 171 | 206 | /* Choose which callback will set the session ID */ | |
| 172 | for (;;) | 207 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 208 | if(s->generate_session_id) | ||
| 209 | cb = s->generate_session_id; | ||
| 210 | else if(s->ctx->generate_session_id) | ||
| 211 | cb = s->ctx->generate_session_id; | ||
| 212 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 213 | /* Choose a session ID */ | ||
| 214 | tmp = ss->session_id_length; | ||
| 215 | if(!cb(s, ss->session_id, &tmp)) | ||
| 216 | { | ||
| 217 | /* The callback failed */ | ||
| 218 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 219 | SSL_R_SSL_SESSION_ID_CALLBACK_FAILED); | ||
| 220 | SSL_SESSION_free(ss); | ||
| 221 | return(0); | ||
| 222 | } | ||
| 223 | /* Don't allow the callback to set the session length to zero. | ||
| 224 | * nor set it higher than it was. */ | ||
| 225 | if(!tmp || (tmp > ss->session_id_length)) | ||
| 226 | { | ||
| 227 | /* The callback set an illegal length */ | ||
| 228 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, | ||
| 229 | SSL_R_SSL_SESSION_ID_HAS_BAD_LENGTH); | ||
| 230 | SSL_SESSION_free(ss); | ||
| 231 | return(0); | ||
| 232 | } | ||
| 233 | /* If the session length was shrunk and we're SSLv2, pad it */ | ||
| 234 | if((tmp < ss->session_id_length) && (s->version == SSL2_VERSION)) | ||
| 235 | memset(ss->session_id + tmp, 0, ss->session_id_length - tmp); | ||
| 236 | else | ||
| 237 | ss->session_id_length = tmp; | ||
| 238 | /* Finally, check for a conflict */ | ||
| 239 | if(SSL_has_matching_session_id(s, ss->session_id, | ||
| 240 | ss->session_id_length)) | ||
| 173 | { | 241 | { |
| 174 | SSL_SESSION *r; | 242 | SSLerr(SSL_F_SSL_GET_NEW_SESSION, |
| 175 | 243 | SSL_R_SSL_SESSION_ID_CONFLICT); | |
| 176 | RAND_bytes(ss->session_id,ss->session_id_length); | 244 | SSL_SESSION_free(ss); |
| 177 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 245 | return(0); |
| 178 | r=(SSL_SESSION *)lh_retrieve(s->ctx->sessions, | ||
| 179 | (char *)ss); | ||
| 180 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | ||
| 181 | if (r == NULL) break; | ||
| 182 | /* else - woops a session_id match */ | ||
| 183 | } | 246 | } |
| 184 | } | 247 | } |
| 185 | else | 248 | else |
| @@ -187,58 +250,100 @@ int session; | |||
| 187 | ss->session_id_length=0; | 250 | ss->session_id_length=0; |
| 188 | } | 251 | } |
| 189 | 252 | ||
| 253 | memcpy(ss->sid_ctx,s->sid_ctx,s->sid_ctx_length); | ||
| 254 | ss->sid_ctx_length=s->sid_ctx_length; | ||
| 190 | s->session=ss; | 255 | s->session=ss; |
| 191 | ss->ssl_version=s->version; | 256 | ss->ssl_version=s->version; |
| 257 | ss->verify_result = X509_V_OK; | ||
| 192 | 258 | ||
| 193 | return(1); | 259 | return(1); |
| 194 | } | 260 | } |
| 195 | 261 | ||
| 196 | int ssl_get_prev_session(s,session_id,len) | 262 | int ssl_get_prev_session(SSL *s, unsigned char *session_id, int len) |
| 197 | SSL *s; | ||
| 198 | unsigned char *session_id; | ||
| 199 | int len; | ||
| 200 | { | 263 | { |
| 264 | /* This is used only by servers. */ | ||
| 265 | |||
| 201 | SSL_SESSION *ret=NULL,data; | 266 | SSL_SESSION *ret=NULL,data; |
| 267 | int fatal = 0; | ||
| 202 | 268 | ||
| 203 | /* conn_init();*/ | ||
| 204 | data.ssl_version=s->version; | 269 | data.ssl_version=s->version; |
| 205 | data.session_id_length=len; | 270 | data.session_id_length=len; |
| 206 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) | 271 | if (len > SSL_MAX_SSL_SESSION_ID_LENGTH) |
| 207 | return(0); | 272 | goto err; |
| 208 | memcpy(data.session_id,session_id,len);; | 273 | memcpy(data.session_id,session_id,len); |
| 209 | 274 | ||
| 210 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) | 275 | if (!(s->ctx->session_cache_mode & SSL_SESS_CACHE_NO_INTERNAL_LOOKUP)) |
| 211 | { | 276 | { |
| 212 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); | 277 | CRYPTO_r_lock(CRYPTO_LOCK_SSL_CTX); |
| 213 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,(char *)&data); | 278 | ret=(SSL_SESSION *)lh_retrieve(s->ctx->sessions,&data); |
| 279 | if (ret != NULL) | ||
| 280 | /* don't allow other threads to steal it: */ | ||
| 281 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
| 214 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); | 282 | CRYPTO_r_unlock(CRYPTO_LOCK_SSL_CTX); |
| 215 | } | 283 | } |
| 216 | 284 | ||
| 217 | if (ret == NULL) | 285 | if (ret == NULL) |
| 218 | { | 286 | { |
| 219 | int copy=1; | 287 | int copy=1; |
| 220 | 288 | ||
| 221 | s->ctx->sess_miss++; | 289 | s->ctx->stats.sess_miss++; |
| 222 | ret=NULL; | 290 | ret=NULL; |
| 223 | if ((s->ctx->get_session_cb != NULL) && | 291 | if (s->ctx->get_session_cb != NULL |
| 224 | ((ret=s->ctx->get_session_cb(s,session_id,len,©)) | 292 | && (ret=s->ctx->get_session_cb(s,session_id,len,©)) |
| 225 | != NULL)) | 293 | != NULL) |
| 226 | { | 294 | { |
| 227 | s->ctx->sess_cb_hit++; | 295 | s->ctx->stats.sess_cb_hit++; |
| 296 | |||
| 297 | /* Increment reference count now if the session callback | ||
| 298 | * asks us to do so (note that if the session structures | ||
| 299 | * returned by the callback are shared between threads, | ||
| 300 | * it must handle the reference count itself [i.e. copy == 0], | ||
| 301 | * or things won't be thread-safe). */ | ||
| 302 | if (copy) | ||
| 303 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | ||
| 228 | 304 | ||
| 229 | /* The following should not return 1, otherwise, | 305 | /* The following should not return 1, otherwise, |
| 230 | * things are very strange */ | 306 | * things are very strange */ |
| 231 | SSL_CTX_add_session(s->ctx,ret); | 307 | SSL_CTX_add_session(s->ctx,ret); |
| 232 | /* auto free it */ | ||
| 233 | if (!copy) | ||
| 234 | SSL_SESSION_free(ret); | ||
| 235 | } | 308 | } |
| 236 | if (ret == NULL) return(0); | 309 | if (ret == NULL) |
| 310 | goto err; | ||
| 311 | } | ||
| 312 | |||
| 313 | /* Now ret is non-NULL, and we own one of its reference counts. */ | ||
| 314 | |||
| 315 | if((s->verify_mode&SSL_VERIFY_PEER) | ||
| 316 | && (!s->sid_ctx_length || ret->sid_ctx_length != s->sid_ctx_length | ||
| 317 | || memcmp(ret->sid_ctx,s->sid_ctx,ret->sid_ctx_length))) | ||
| 318 | { | ||
| 319 | /* We've found the session named by the client, but we don't | ||
| 320 | * want to use it in this context. */ | ||
| 321 | |||
| 322 | if (s->sid_ctx_length == 0) | ||
| 323 | { | ||
| 324 | /* application should have used SSL[_CTX]_set_session_id_context | ||
| 325 | * -- we could tolerate this and just pretend we never heard | ||
| 326 | * of this session, but then applications could effectively | ||
| 327 | * disable the session cache by accident without anyone noticing */ | ||
| 328 | |||
| 329 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_SESSION_ID_CONTEXT_UNINITIALIZED); | ||
| 330 | fatal = 1; | ||
| 331 | goto err; | ||
| 332 | } | ||
| 333 | else | ||
| 334 | { | ||
| 335 | #if 0 /* The client cannot always know when a session is not appropriate, | ||
| 336 | * so we shouldn't generate an error message. */ | ||
| 337 | |||
| 338 | SSLerr(SSL_F_SSL_GET_PREV_SESSION,SSL_R_ATTEMPT_TO_REUSE_SESSION_IN_DIFFERENT_CONTEXT); | ||
| 339 | #endif | ||
| 340 | goto err; /* treat like cache miss */ | ||
| 341 | } | ||
| 237 | } | 342 | } |
| 238 | 343 | ||
| 239 | if (ret->cipher == NULL) | 344 | if (ret->cipher == NULL) |
| 240 | { | 345 | { |
| 241 | char buf[5],*p; | 346 | unsigned char buf[5],*p; |
| 242 | unsigned long l; | 347 | unsigned long l; |
| 243 | 348 | ||
| 244 | p=buf; | 349 | p=buf; |
| @@ -249,25 +354,28 @@ int len; | |||
| 249 | else | 354 | else |
| 250 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); | 355 | ret->cipher=ssl_get_cipher_by_char(s,&(buf[1])); |
| 251 | if (ret->cipher == NULL) | 356 | if (ret->cipher == NULL) |
| 252 | return(0); | 357 | goto err; |
| 253 | } | 358 | } |
| 254 | 359 | ||
| 360 | |||
| 361 | #if 0 /* This is way too late. */ | ||
| 362 | |||
| 255 | /* If a thread got the session, then 'swaped', and another got | 363 | /* If a thread got the session, then 'swaped', and another got |
| 256 | * it and then due to a time-out decided to 'Free' it we could | 364 | * it and then due to a time-out decided to 'OPENSSL_free' it we could |
| 257 | * be in trouble. So I'll increment it now, then double decrement | 365 | * be in trouble. So I'll increment it now, then double decrement |
| 258 | * later - am I speaking rubbish?. */ | 366 | * later - am I speaking rubbish?. */ |
| 259 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); | 367 | CRYPTO_add(&ret->references,1,CRYPTO_LOCK_SSL_SESSION); |
| 368 | #endif | ||
| 260 | 369 | ||
| 261 | if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ | 370 | if ((long)(ret->time+ret->timeout) < (long)time(NULL)) /* timeout */ |
| 262 | { | 371 | { |
| 263 | s->ctx->sess_timeout++; | 372 | s->ctx->stats.sess_timeout++; |
| 264 | /* remove it from the cache */ | 373 | /* remove it from the cache */ |
| 265 | SSL_CTX_remove_session(s->ctx,ret); | 374 | SSL_CTX_remove_session(s->ctx,ret); |
| 266 | SSL_SESSION_free(ret); /* again to actually Free it */ | 375 | goto err; |
| 267 | return(0); | ||
| 268 | } | 376 | } |
| 269 | 377 | ||
| 270 | s->ctx->sess_hit++; | 378 | s->ctx->stats.sess_hit++; |
| 271 | 379 | ||
| 272 | /* ret->time=time(NULL); */ /* rezero timeout? */ | 380 | /* ret->time=time(NULL); */ /* rezero timeout? */ |
| 273 | /* again, just leave the session | 381 | /* again, just leave the session |
| @@ -276,37 +384,64 @@ int len; | |||
| 276 | if (s->session != NULL) | 384 | if (s->session != NULL) |
| 277 | SSL_SESSION_free(s->session); | 385 | SSL_SESSION_free(s->session); |
| 278 | s->session=ret; | 386 | s->session=ret; |
| 387 | s->verify_result = s->session->verify_result; | ||
| 279 | return(1); | 388 | return(1); |
| 389 | |||
| 390 | err: | ||
| 391 | if (ret != NULL) | ||
| 392 | SSL_SESSION_free(ret); | ||
| 393 | if (fatal) | ||
| 394 | return -1; | ||
| 395 | else | ||
| 396 | return 0; | ||
| 280 | } | 397 | } |
| 281 | 398 | ||
| 282 | int SSL_CTX_add_session(ctx,c) | 399 | int SSL_CTX_add_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 283 | SSL_CTX *ctx; | ||
| 284 | SSL_SESSION *c; | ||
| 285 | { | 400 | { |
| 286 | int ret=0; | 401 | int ret=0; |
| 287 | SSL_SESSION *s; | 402 | SSL_SESSION *s; |
| 288 | 403 | ||
| 289 | /* conn_init(); */ | 404 | /* add just 1 reference count for the SSL_CTX's session cache |
| 405 | * even though it has two ways of access: each session is in a | ||
| 406 | * doubly linked list and an lhash */ | ||
| 290 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); | 407 | CRYPTO_add(&c->references,1,CRYPTO_LOCK_SSL_SESSION); |
| 408 | /* if session c is in already in cache, we take back the increment later */ | ||
| 291 | 409 | ||
| 292 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 410 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 293 | s=(SSL_SESSION *)lh_insert(ctx->sessions,(char *)c); | 411 | s=(SSL_SESSION *)lh_insert(ctx->sessions,c); |
| 294 | 412 | ||
| 295 | /* Put on the end of the queue unless it is already in the cache */ | 413 | /* s != NULL iff we already had a session with the given PID. |
| 414 | * In this case, s == c should hold (then we did not really modify | ||
| 415 | * ctx->sessions), or we're in trouble. */ | ||
| 416 | if (s != NULL && s != c) | ||
| 417 | { | ||
| 418 | /* We *are* in trouble ... */ | ||
| 419 | SSL_SESSION_list_remove(ctx,s); | ||
| 420 | SSL_SESSION_free(s); | ||
| 421 | /* ... so pretend the other session did not exist in cache | ||
| 422 | * (we cannot handle two SSL_SESSION structures with identical | ||
| 423 | * session ID in the same cache, which could happen e.g. when | ||
| 424 | * two threads concurrently obtain the same session from an external | ||
| 425 | * cache) */ | ||
| 426 | s = NULL; | ||
| 427 | } | ||
| 428 | |||
| 429 | /* Put at the head of the queue unless it is already in the cache */ | ||
| 296 | if (s == NULL) | 430 | if (s == NULL) |
| 297 | SSL_SESSION_list_add(ctx,c); | 431 | SSL_SESSION_list_add(ctx,c); |
| 298 | 432 | ||
| 299 | /* If the same session if is being 're-added', Free the old | ||
| 300 | * one when the last person stops using it. | ||
| 301 | * This will also work if it is alread in the cache. | ||
| 302 | * The references will go up and then down :-) */ | ||
| 303 | if (s != NULL) | 433 | if (s != NULL) |
| 304 | { | 434 | { |
| 305 | SSL_SESSION_free(s); | 435 | /* existing cache entry -- decrement previously incremented reference |
| 436 | * count because it already takes into account the cache */ | ||
| 437 | |||
| 438 | SSL_SESSION_free(s); /* s == c */ | ||
| 306 | ret=0; | 439 | ret=0; |
| 307 | } | 440 | } |
| 308 | else | 441 | else |
| 309 | { | 442 | { |
| 443 | /* new cache entry -- remove old ones if cache has become too large */ | ||
| 444 | |||
| 310 | ret=1; | 445 | ret=1; |
| 311 | 446 | ||
| 312 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) | 447 | if (SSL_CTX_sess_get_cache_size(ctx) > 0) |
| @@ -314,11 +449,11 @@ SSL_SESSION *c; | |||
| 314 | while (SSL_CTX_sess_number(ctx) > | 449 | while (SSL_CTX_sess_number(ctx) > |
| 315 | SSL_CTX_sess_get_cache_size(ctx)) | 450 | SSL_CTX_sess_get_cache_size(ctx)) |
| 316 | { | 451 | { |
| 317 | if (!SSL_CTX_remove_session(ctx, | 452 | if (!remove_session_lock(ctx, |
| 318 | ctx->session_cache_tail)) | 453 | ctx->session_cache_tail, 0)) |
| 319 | break; | 454 | break; |
| 320 | else | 455 | else |
| 321 | ctx->sess_cache_full++; | 456 | ctx->stats.sess_cache_full++; |
| 322 | } | 457 | } |
| 323 | } | 458 | } |
| 324 | } | 459 | } |
| @@ -326,24 +461,27 @@ SSL_SESSION *c; | |||
| 326 | return(ret); | 461 | return(ret); |
| 327 | } | 462 | } |
| 328 | 463 | ||
| 329 | int SSL_CTX_remove_session(ctx,c) | 464 | int SSL_CTX_remove_session(SSL_CTX *ctx, SSL_SESSION *c) |
| 330 | SSL_CTX *ctx; | 465 | { |
| 331 | SSL_SESSION *c; | 466 | return remove_session_lock(ctx, c, 1); |
| 467 | } | ||
| 468 | |||
| 469 | static int remove_session_lock(SSL_CTX *ctx, SSL_SESSION *c, int lck) | ||
| 332 | { | 470 | { |
| 333 | SSL_SESSION *r; | 471 | SSL_SESSION *r; |
| 334 | int ret=0; | 472 | int ret=0; |
| 335 | 473 | ||
| 336 | if ((c != NULL) && (c->session_id_length != 0)) | 474 | if ((c != NULL) && (c->session_id_length != 0)) |
| 337 | { | 475 | { |
| 338 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 476 | if(lck) CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 339 | r=(SSL_SESSION *)lh_delete(ctx->sessions,(char *)c); | 477 | if ((r = (SSL_SESSION *)lh_retrieve(ctx->sessions,c)) == c) |
| 340 | if (r != NULL) | ||
| 341 | { | 478 | { |
| 342 | ret=1; | 479 | ret=1; |
| 480 | r=(SSL_SESSION *)lh_delete(ctx->sessions,c); | ||
| 343 | SSL_SESSION_list_remove(ctx,c); | 481 | SSL_SESSION_list_remove(ctx,c); |
| 344 | } | 482 | } |
| 345 | 483 | ||
| 346 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 484 | if(lck) CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 347 | 485 | ||
| 348 | if (ret) | 486 | if (ret) |
| 349 | { | 487 | { |
| @@ -358,11 +496,13 @@ SSL_SESSION *c; | |||
| 358 | return(ret); | 496 | return(ret); |
| 359 | } | 497 | } |
| 360 | 498 | ||
| 361 | void SSL_SESSION_free(ss) | 499 | void SSL_SESSION_free(SSL_SESSION *ss) |
| 362 | SSL_SESSION *ss; | ||
| 363 | { | 500 | { |
| 364 | int i; | 501 | int i; |
| 365 | 502 | ||
| 503 | if(ss == NULL) | ||
| 504 | return; | ||
| 505 | |||
| 366 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); | 506 | i=CRYPTO_add(&ss->references,-1,CRYPTO_LOCK_SSL_SESSION); |
| 367 | #ifdef REF_PRINT | 507 | #ifdef REF_PRINT |
| 368 | REF_PRINT("SSL_SESSION",ss); | 508 | REF_PRINT("SSL_SESSION",ss); |
| @@ -376,21 +516,19 @@ SSL_SESSION *ss; | |||
| 376 | } | 516 | } |
| 377 | #endif | 517 | #endif |
| 378 | 518 | ||
| 379 | CRYPTO_free_ex_data(ssl_session_meth,(char *)ss,&ss->ex_data); | 519 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_SSL_SESSION, ss, &ss->ex_data); |
| 380 | 520 | ||
| 381 | memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); | 521 | memset(ss->key_arg,0,SSL_MAX_KEY_ARG_LENGTH); |
| 382 | memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); | 522 | memset(ss->master_key,0,SSL_MAX_MASTER_KEY_LENGTH); |
| 383 | memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); | 523 | memset(ss->session_id,0,SSL_MAX_SSL_SESSION_ID_LENGTH); |
| 384 | if (ss->cert != NULL) ssl_cert_free(ss->cert); | 524 | if (ss->sess_cert != NULL) ssl_sess_cert_free(ss->sess_cert); |
| 385 | if (ss->peer != NULL) X509_free(ss->peer); | 525 | if (ss->peer != NULL) X509_free(ss->peer); |
| 386 | if (ss->ciphers != NULL) sk_free(ss->ciphers); | 526 | if (ss->ciphers != NULL) sk_SSL_CIPHER_free(ss->ciphers); |
| 387 | memset(ss,0,sizeof(*ss)); | 527 | memset(ss,0,sizeof(*ss)); |
| 388 | Free(ss); | 528 | OPENSSL_free(ss); |
| 389 | } | 529 | } |
| 390 | 530 | ||
| 391 | int SSL_set_session(s, session) | 531 | int SSL_set_session(SSL *s, SSL_SESSION *session) |
| 392 | SSL *s; | ||
| 393 | SSL_SESSION *session; | ||
| 394 | { | 532 | { |
| 395 | int ret=0; | 533 | int ret=0; |
| 396 | SSL_METHOD *meth; | 534 | SSL_METHOD *meth; |
| @@ -410,14 +548,29 @@ SSL_SESSION *session; | |||
| 410 | { | 548 | { |
| 411 | if (!SSL_set_ssl_method(s,meth)) | 549 | if (!SSL_set_ssl_method(s,meth)) |
| 412 | return(0); | 550 | return(0); |
| 413 | session->timeout=SSL_get_default_timeout(s); | 551 | if (s->ctx->session_timeout == 0) |
| 552 | session->timeout=SSL_get_default_timeout(s); | ||
| 553 | else | ||
| 554 | session->timeout=s->ctx->session_timeout; | ||
| 414 | } | 555 | } |
| 415 | 556 | ||
| 557 | #ifndef OPENSSL_NO_KRB5 | ||
| 558 | if (s->kssl_ctx && !s->kssl_ctx->client_princ && | ||
| 559 | session->krb5_client_princ_len > 0) | ||
| 560 | { | ||
| 561 | s->kssl_ctx->client_princ = (char *)malloc(session->krb5_client_princ_len + 1); | ||
| 562 | memcpy(s->kssl_ctx->client_princ,session->krb5_client_princ, | ||
| 563 | session->krb5_client_princ_len); | ||
| 564 | s->kssl_ctx->client_princ[session->krb5_client_princ_len] = '\0'; | ||
| 565 | } | ||
| 566 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 567 | |||
| 416 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ | 568 | /* CRYPTO_w_lock(CRYPTO_LOCK_SSL);*/ |
| 417 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); | 569 | CRYPTO_add(&session->references,1,CRYPTO_LOCK_SSL_SESSION); |
| 418 | if (s->session != NULL) | 570 | if (s->session != NULL) |
| 419 | SSL_SESSION_free(s->session); | 571 | SSL_SESSION_free(s->session); |
| 420 | s->session=session; | 572 | s->session=session; |
| 573 | s->verify_result = s->session->verify_result; | ||
| 421 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ | 574 | /* CRYPTO_w_unlock(CRYPTO_LOCK_SSL);*/ |
| 422 | ret=1; | 575 | ret=1; |
| 423 | } | 576 | } |
| @@ -428,42 +581,59 @@ SSL_SESSION *session; | |||
| 428 | SSL_SESSION_free(s->session); | 581 | SSL_SESSION_free(s->session); |
| 429 | s->session=NULL; | 582 | s->session=NULL; |
| 430 | } | 583 | } |
| 584 | |||
| 585 | meth=s->ctx->method; | ||
| 586 | if (meth != s->method) | ||
| 587 | { | ||
| 588 | if (!SSL_set_ssl_method(s,meth)) | ||
| 589 | return(0); | ||
| 590 | } | ||
| 591 | ret=1; | ||
| 431 | } | 592 | } |
| 432 | return(ret); | 593 | return(ret); |
| 433 | } | 594 | } |
| 434 | 595 | ||
| 435 | long SSL_SESSION_set_timeout(s,t) | 596 | long SSL_SESSION_set_timeout(SSL_SESSION *s, long t) |
| 436 | SSL_SESSION *s; | ||
| 437 | long t; | ||
| 438 | { | 597 | { |
| 439 | if (s == NULL) return(0); | 598 | if (s == NULL) return(0); |
| 440 | s->timeout=t; | 599 | s->timeout=t; |
| 441 | return(1); | 600 | return(1); |
| 442 | } | 601 | } |
| 443 | 602 | ||
| 444 | long SSL_SESSION_get_timeout(s) | 603 | long SSL_SESSION_get_timeout(SSL_SESSION *s) |
| 445 | SSL_SESSION *s; | ||
| 446 | { | 604 | { |
| 447 | if (s == NULL) return(0); | 605 | if (s == NULL) return(0); |
| 448 | return(s->timeout); | 606 | return(s->timeout); |
| 449 | } | 607 | } |
| 450 | 608 | ||
| 451 | long SSL_SESSION_get_time(s) | 609 | long SSL_SESSION_get_time(SSL_SESSION *s) |
| 452 | SSL_SESSION *s; | ||
| 453 | { | 610 | { |
| 454 | if (s == NULL) return(0); | 611 | if (s == NULL) return(0); |
| 455 | return(s->time); | 612 | return(s->time); |
| 456 | } | 613 | } |
| 457 | 614 | ||
| 458 | long SSL_SESSION_set_time(s,t) | 615 | long SSL_SESSION_set_time(SSL_SESSION *s, long t) |
| 459 | SSL_SESSION *s; | ||
| 460 | long t; | ||
| 461 | { | 616 | { |
| 462 | if (s == NULL) return(0); | 617 | if (s == NULL) return(0); |
| 463 | s->time=t; | 618 | s->time=t; |
| 464 | return(t); | 619 | return(t); |
| 465 | } | 620 | } |
| 466 | 621 | ||
| 622 | long SSL_CTX_set_timeout(SSL_CTX *s, long t) | ||
| 623 | { | ||
| 624 | long l; | ||
| 625 | if (s == NULL) return(0); | ||
| 626 | l=s->session_timeout; | ||
| 627 | s->session_timeout=t; | ||
| 628 | return(l); | ||
| 629 | } | ||
| 630 | |||
| 631 | long SSL_CTX_get_timeout(SSL_CTX *s) | ||
| 632 | { | ||
| 633 | if (s == NULL) return(0); | ||
| 634 | return(s->session_timeout); | ||
| 635 | } | ||
| 636 | |||
| 467 | typedef struct timeout_param_st | 637 | typedef struct timeout_param_st |
| 468 | { | 638 | { |
| 469 | SSL_CTX *ctx; | 639 | SSL_CTX *ctx; |
| @@ -471,15 +641,13 @@ typedef struct timeout_param_st | |||
| 471 | LHASH *cache; | 641 | LHASH *cache; |
| 472 | } TIMEOUT_PARAM; | 642 | } TIMEOUT_PARAM; |
| 473 | 643 | ||
| 474 | static void timeout(s,p) | 644 | static void timeout(SSL_SESSION *s, TIMEOUT_PARAM *p) |
| 475 | SSL_SESSION *s; | ||
| 476 | TIMEOUT_PARAM *p; | ||
| 477 | { | 645 | { |
| 478 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ | 646 | if ((p->time == 0) || (p->time > (s->time+s->timeout))) /* timeout */ |
| 479 | { | 647 | { |
| 480 | /* The reason we don't call SSL_CTX_remove_session() is to | 648 | /* The reason we don't call SSL_CTX_remove_session() is to |
| 481 | * save on locking overhead */ | 649 | * save on locking overhead */ |
| 482 | lh_delete(p->cache,(char *)s); | 650 | lh_delete(p->cache,s); |
| 483 | SSL_SESSION_list_remove(p->ctx,s); | 651 | SSL_SESSION_list_remove(p->ctx,s); |
| 484 | s->not_resumable=1; | 652 | s->not_resumable=1; |
| 485 | if (p->ctx->remove_session_cb != NULL) | 653 | if (p->ctx->remove_session_cb != NULL) |
| @@ -488,27 +656,26 @@ TIMEOUT_PARAM *p; | |||
| 488 | } | 656 | } |
| 489 | } | 657 | } |
| 490 | 658 | ||
| 491 | void SSL_CTX_flush_sessions(s,t) | 659 | static IMPLEMENT_LHASH_DOALL_ARG_FN(timeout, SSL_SESSION *, TIMEOUT_PARAM *) |
| 492 | SSL_CTX *s; | 660 | |
| 493 | long t; | 661 | void SSL_CTX_flush_sessions(SSL_CTX *s, long t) |
| 494 | { | 662 | { |
| 495 | unsigned long i; | 663 | unsigned long i; |
| 496 | TIMEOUT_PARAM tp; | 664 | TIMEOUT_PARAM tp; |
| 497 | 665 | ||
| 498 | tp.ctx=s; | 666 | tp.ctx=s; |
| 499 | tp.cache=SSL_CTX_sessions(s); | 667 | tp.cache=s->sessions; |
| 500 | if (tp.cache == NULL) return; | 668 | if (tp.cache == NULL) return; |
| 501 | tp.time=t; | 669 | tp.time=t; |
| 502 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); | 670 | CRYPTO_w_lock(CRYPTO_LOCK_SSL_CTX); |
| 503 | i=tp.cache->down_load; | 671 | i=tp.cache->down_load; |
| 504 | tp.cache->down_load=0; | 672 | tp.cache->down_load=0; |
| 505 | lh_doall_arg(tp.cache,(void (*)())timeout,(char *)&tp); | 673 | lh_doall_arg(tp.cache, LHASH_DOALL_ARG_FN(timeout), &tp); |
| 506 | tp.cache->down_load=i; | 674 | tp.cache->down_load=i; |
| 507 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); | 675 | CRYPTO_w_unlock(CRYPTO_LOCK_SSL_CTX); |
| 508 | } | 676 | } |
| 509 | 677 | ||
| 510 | int ssl_clear_bad_session(s) | 678 | int ssl_clear_bad_session(SSL *s) |
| 511 | SSL *s; | ||
| 512 | { | 679 | { |
| 513 | if ( (s->session != NULL) && | 680 | if ( (s->session != NULL) && |
| 514 | !(s->shutdown & SSL_SENT_SHUTDOWN) && | 681 | !(s->shutdown & SSL_SENT_SHUTDOWN) && |
| @@ -522,9 +689,7 @@ SSL *s; | |||
| 522 | } | 689 | } |
| 523 | 690 | ||
| 524 | /* locked by SSL_CTX in the calling function */ | 691 | /* locked by SSL_CTX in the calling function */ |
| 525 | static void SSL_SESSION_list_remove(ctx,s) | 692 | static void SSL_SESSION_list_remove(SSL_CTX *ctx, SSL_SESSION *s) |
| 526 | SSL_CTX *ctx; | ||
| 527 | SSL_SESSION *s; | ||
| 528 | { | 693 | { |
| 529 | if ((s->next == NULL) || (s->prev == NULL)) return; | 694 | if ((s->next == NULL) || (s->prev == NULL)) return; |
| 530 | 695 | ||
| @@ -557,9 +722,7 @@ SSL_SESSION *s; | |||
| 557 | s->prev=s->next=NULL; | 722 | s->prev=s->next=NULL; |
| 558 | } | 723 | } |
| 559 | 724 | ||
| 560 | static void SSL_SESSION_list_add(ctx,s) | 725 | static void SSL_SESSION_list_add(SSL_CTX *ctx, SSL_SESSION *s) |
| 561 | SSL_CTX *ctx; | ||
| 562 | SSL_SESSION *s; | ||
| 563 | { | 726 | { |
| 564 | if ((s->next != NULL) && (s->prev != NULL)) | 727 | if ((s->next != NULL) && (s->prev != NULL)) |
| 565 | SSL_SESSION_list_remove(ctx,s); | 728 | SSL_SESSION_list_remove(ctx,s); |
diff --git a/src/lib/libssl/ssl_stat.c b/src/lib/libssl/ssl_stat.c index a1daf25dd4..b16d253081 100644 --- a/src/lib/libssl/ssl_stat.c +++ b/src/lib/libssl/ssl_stat.c | |||
| @@ -59,23 +59,22 @@ | |||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "ssl_locl.h" | 60 | #include "ssl_locl.h" |
| 61 | 61 | ||
| 62 | char *SSL_state_string_long(s) | 62 | const char *SSL_state_string_long(const SSL *s) |
| 63 | SSL *s; | ||
| 64 | { | 63 | { |
| 65 | char *str; | 64 | const char *str; |
| 66 | 65 | ||
| 67 | switch (s->state) | 66 | switch (s->state) |
| 68 | { | 67 | { |
| 69 | case SSL_ST_BEFORE: str="before SSL initalisation"; break; | 68 | case SSL_ST_BEFORE: str="before SSL initialization"; break; |
| 70 | case SSL_ST_ACCEPT: str="before accept initalisation"; break; | 69 | case SSL_ST_ACCEPT: str="before accept initialization"; break; |
| 71 | case SSL_ST_CONNECT: str="before connect initalisation"; break; | 70 | case SSL_ST_CONNECT: str="before connect initialization"; break; |
| 72 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; | 71 | case SSL_ST_OK: str="SSL negotiation finished successfully"; break; |
| 73 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; | 72 | case SSL_ST_RENEGOTIATE: str="SSL renegotiate ciphers"; break; |
| 74 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initalisation"; break; | 73 | case SSL_ST_BEFORE|SSL_ST_CONNECT: str="before/connect initialization"; break; |
| 75 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initalisation"; break; | 74 | case SSL_ST_OK|SSL_ST_CONNECT: str="ok/connect SSL initialization"; break; |
| 76 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initalisation"; break; | 75 | case SSL_ST_BEFORE|SSL_ST_ACCEPT: str="before/accept initialization"; break; |
| 77 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initalisation"; break; | 76 | case SSL_ST_OK|SSL_ST_ACCEPT: str="ok/accept SSL initialization"; break; |
| 78 | #ifndef NO_SSL2 | 77 | #ifndef OPENSSL_NO_SSL2 |
| 79 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; | 78 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="SSLv2 client start encryption"; break; |
| 80 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; | 79 | case SSL2_ST_SERVER_START_ENCRYPTION: str="SSLv2 server start encryption"; break; |
| 81 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; | 80 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="SSLv2 write client hello A"; break; |
| @@ -116,7 +115,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="SSLv2 X509 read server certificat | |||
| 116 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; | 115 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="SSLv2 X509 read client certificate"; break; |
| 117 | #endif | 116 | #endif |
| 118 | 117 | ||
| 119 | #ifndef NO_SSL3 | 118 | #ifndef OPENSSL_NO_SSL3 |
| 120 | /* SSLv3 additions */ | 119 | /* SSLv3 additions */ |
| 121 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; | 120 | case SSL3_ST_CW_CLNT_HELLO_A: str="SSLv3 write client hello A"; break; |
| 122 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; | 121 | case SSL3_ST_CW_CLNT_HELLO_B: str="SSLv3 write client hello B"; break; |
| @@ -132,10 +131,12 @@ case SSL3_ST_CR_SRVR_DONE_A: str="SSLv3 read server done A"; break; | |||
| 132 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; | 131 | case SSL3_ST_CR_SRVR_DONE_B: str="SSLv3 read server done B"; break; |
| 133 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; | 132 | case SSL3_ST_CW_CERT_A: str="SSLv3 write client certificate A"; break; |
| 134 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; | 133 | case SSL3_ST_CW_CERT_B: str="SSLv3 write client certificate B"; break; |
| 134 | case SSL3_ST_CW_CERT_C: str="SSLv3 write client certificate C"; break; | ||
| 135 | case SSL3_ST_CW_CERT_D: str="SSLv3 write client certificate D"; break; | ||
| 135 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; | 136 | case SSL3_ST_CW_KEY_EXCH_A: str="SSLv3 write client key exchange A"; break; |
| 136 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; | 137 | case SSL3_ST_CW_KEY_EXCH_B: str="SSLv3 write client key exchange B"; break; |
| 137 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; | 138 | case SSL3_ST_CW_CERT_VRFY_A: str="SSLv3 write certificate verify A"; break; |
| 138 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify A"; break; | 139 | case SSL3_ST_CW_CERT_VRFY_B: str="SSLv3 write certificate verify B"; break; |
| 139 | 140 | ||
| 140 | case SSL3_ST_CW_CHANGE_A: | 141 | case SSL3_ST_CW_CHANGE_A: |
| 141 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; | 142 | case SSL3_ST_SW_CHANGE_A: str="SSLv3 write change cipher spec A"; break; |
| @@ -144,7 +145,7 @@ case SSL3_ST_SW_CHANGE_B: str="SSLv3 write change cipher spec B"; break; | |||
| 144 | case SSL3_ST_CW_FINISHED_A: | 145 | case SSL3_ST_CW_FINISHED_A: |
| 145 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; | 146 | case SSL3_ST_SW_FINISHED_A: str="SSLv3 write finished A"; break; |
| 146 | case SSL3_ST_CW_FINISHED_B: | 147 | case SSL3_ST_CW_FINISHED_B: |
| 147 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished A"; break; | 148 | case SSL3_ST_SW_FINISHED_B: str="SSLv3 write finished B"; break; |
| 148 | case SSL3_ST_CR_CHANGE_A: | 149 | case SSL3_ST_CR_CHANGE_A: |
| 149 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; | 150 | case SSL3_ST_SR_CHANGE_A: str="SSLv3 read change cipher spec A"; break; |
| 150 | case SSL3_ST_CR_CHANGE_B: | 151 | case SSL3_ST_CR_CHANGE_B: |
| @@ -181,8 +182,8 @@ case SSL3_ST_SR_CERT_VRFY_A: str="SSLv3 read certificate verify A"; break; | |||
| 181 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; | 182 | case SSL3_ST_SR_CERT_VRFY_B: str="SSLv3 read certificate verify B"; break; |
| 182 | #endif | 183 | #endif |
| 183 | 184 | ||
| 184 | #if !defined(NO_SSL2) && !defined(NO_SSL3) | 185 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 185 | /* SSLv2/v3 compatablitity states */ | 186 | /* SSLv2/v3 compatibility states */ |
| 186 | /* client */ | 187 | /* client */ |
| 187 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; | 188 | case SSL23_ST_CW_CLNT_HELLO_A: str="SSLv2/v3 write client hello A"; break; |
| 188 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; | 189 | case SSL23_ST_CW_CLNT_HELLO_B: str="SSLv2/v3 write client hello B"; break; |
| @@ -198,10 +199,9 @@ default: str="unknown state"; break; | |||
| 198 | return(str); | 199 | return(str); |
| 199 | } | 200 | } |
| 200 | 201 | ||
| 201 | char *SSL_rstate_string_long(s) | 202 | const char *SSL_rstate_string_long(const SSL *s) |
| 202 | SSL *s; | ||
| 203 | { | 203 | { |
| 204 | char *str; | 204 | const char *str; |
| 205 | 205 | ||
| 206 | switch (s->rstate) | 206 | switch (s->rstate) |
| 207 | { | 207 | { |
| @@ -213,10 +213,9 @@ SSL *s; | |||
| 213 | return(str); | 213 | return(str); |
| 214 | } | 214 | } |
| 215 | 215 | ||
| 216 | char *SSL_state_string(s) | 216 | const char *SSL_state_string(const SSL *s) |
| 217 | SSL *s; | ||
| 218 | { | 217 | { |
| 219 | char *str; | 218 | const char *str; |
| 220 | 219 | ||
| 221 | switch (s->state) | 220 | switch (s->state) |
| 222 | { | 221 | { |
| @@ -224,7 +223,7 @@ case SSL_ST_BEFORE: str="PINIT "; break; | |||
| 224 | case SSL_ST_ACCEPT: str="AINIT "; break; | 223 | case SSL_ST_ACCEPT: str="AINIT "; break; |
| 225 | case SSL_ST_CONNECT: str="CINIT "; break; | 224 | case SSL_ST_CONNECT: str="CINIT "; break; |
| 226 | case SSL_ST_OK: str="SSLOK "; break; | 225 | case SSL_ST_OK: str="SSLOK "; break; |
| 227 | #ifndef NO_SSL2 | 226 | #ifndef OPENSSL_NO_SSL2 |
| 228 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; | 227 | case SSL2_ST_CLIENT_START_ENCRYPTION: str="2CSENC"; break; |
| 229 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; | 228 | case SSL2_ST_SERVER_START_ENCRYPTION: str="2SSENC"; break; |
| 230 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; | 229 | case SSL2_ST_SEND_CLIENT_HELLO_A: str="2SCH_A"; break; |
| @@ -265,7 +264,7 @@ case SSL2_ST_X509_GET_SERVER_CERTIFICATE: str="2X9GSC"; break; | |||
| 265 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; | 264 | case SSL2_ST_X509_GET_CLIENT_CERTIFICATE: str="2X9GCC"; break; |
| 266 | #endif | 265 | #endif |
| 267 | 266 | ||
| 268 | #ifndef NO_SSL3 | 267 | #ifndef OPENSSL_NO_SSL3 |
| 269 | /* SSLv3 additions */ | 268 | /* SSLv3 additions */ |
| 270 | case SSL3_ST_SW_FLUSH: | 269 | case SSL3_ST_SW_FLUSH: |
| 271 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; | 270 | case SSL3_ST_CW_FLUSH: str="3FLUSH"; break; |
| @@ -283,6 +282,8 @@ case SSL3_ST_CR_SRVR_DONE_A: str="3RSD_A"; break; | |||
| 283 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; | 282 | case SSL3_ST_CR_SRVR_DONE_B: str="3RSD_B"; break; |
| 284 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; | 283 | case SSL3_ST_CW_CERT_A: str="3WCC_A"; break; |
| 285 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; | 284 | case SSL3_ST_CW_CERT_B: str="3WCC_B"; break; |
| 285 | case SSL3_ST_CW_CERT_C: str="3WCC_C"; break; | ||
| 286 | case SSL3_ST_CW_CERT_D: str="3WCC_D"; break; | ||
| 286 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; | 287 | case SSL3_ST_CW_KEY_EXCH_A: str="3WCKEA"; break; |
| 287 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; | 288 | case SSL3_ST_CW_KEY_EXCH_B: str="3WCKEB"; break; |
| 288 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; | 289 | case SSL3_ST_CW_CERT_VRFY_A: str="3WCV_A"; break; |
| @@ -329,8 +330,8 @@ case SSL3_ST_SR_CERT_VRFY_A: str="3RCV_A"; break; | |||
| 329 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; | 330 | case SSL3_ST_SR_CERT_VRFY_B: str="3RCV_B"; break; |
| 330 | #endif | 331 | #endif |
| 331 | 332 | ||
| 332 | #if !defined(NO_SSL2) && !defined(NO_SSL3) | 333 | #if !defined(OPENSSL_NO_SSL2) && !defined(OPENSSL_NO_SSL3) |
| 333 | /* SSLv2/v3 compatablitity states */ | 334 | /* SSLv2/v3 compatibility states */ |
| 334 | /* client */ | 335 | /* client */ |
| 335 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; | 336 | case SSL23_ST_CW_CLNT_HELLO_A: str="23WCHA"; break; |
| 336 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; | 337 | case SSL23_ST_CW_CLNT_HELLO_B: str="23WCHB"; break; |
| @@ -346,8 +347,7 @@ default: str="UNKWN "; break; | |||
| 346 | return(str); | 347 | return(str); |
| 347 | } | 348 | } |
| 348 | 349 | ||
| 349 | char *SSL_alert_type_string_long(value) | 350 | const char *SSL_alert_type_string_long(int value) |
| 350 | int value; | ||
| 351 | { | 351 | { |
| 352 | value>>=8; | 352 | value>>=8; |
| 353 | if (value == SSL3_AL_WARNING) | 353 | if (value == SSL3_AL_WARNING) |
| @@ -358,8 +358,7 @@ int value; | |||
| 358 | return("unknown"); | 358 | return("unknown"); |
| 359 | } | 359 | } |
| 360 | 360 | ||
| 361 | char *SSL_alert_type_string(value) | 361 | const char *SSL_alert_type_string(int value) |
| 362 | int value; | ||
| 363 | { | 362 | { |
| 364 | value>>=8; | 363 | value>>=8; |
| 365 | if (value == SSL3_AL_WARNING) | 364 | if (value == SSL3_AL_WARNING) |
| @@ -370,10 +369,9 @@ int value; | |||
| 370 | return("U"); | 369 | return("U"); |
| 371 | } | 370 | } |
| 372 | 371 | ||
| 373 | char *SSL_alert_desc_string(value) | 372 | const char *SSL_alert_desc_string(int value) |
| 374 | int value; | ||
| 375 | { | 373 | { |
| 376 | char *str; | 374 | const char *str; |
| 377 | 375 | ||
| 378 | switch (value & 0xff) | 376 | switch (value & 0xff) |
| 379 | { | 377 | { |
| @@ -389,15 +387,26 @@ int value; | |||
| 389 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; | 387 | case SSL3_AD_CERTIFICATE_EXPIRED: str="CE"; break; |
| 390 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; | 388 | case SSL3_AD_CERTIFICATE_UNKNOWN: str="CU"; break; |
| 391 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; | 389 | case SSL3_AD_ILLEGAL_PARAMETER: str="IP"; break; |
| 390 | case TLS1_AD_DECRYPTION_FAILED: str="DC"; break; | ||
| 391 | case TLS1_AD_RECORD_OVERFLOW: str="RO"; break; | ||
| 392 | case TLS1_AD_UNKNOWN_CA: str="CA"; break; | ||
| 393 | case TLS1_AD_ACCESS_DENIED: str="AD"; break; | ||
| 394 | case TLS1_AD_DECODE_ERROR: str="DE"; break; | ||
| 395 | case TLS1_AD_DECRYPT_ERROR: str="CY"; break; | ||
| 396 | case TLS1_AD_EXPORT_RESTRICTION: str="ER"; break; | ||
| 397 | case TLS1_AD_PROTOCOL_VERSION: str="PV"; break; | ||
| 398 | case TLS1_AD_INSUFFICIENT_SECURITY: str="IS"; break; | ||
| 399 | case TLS1_AD_INTERNAL_ERROR: str="IE"; break; | ||
| 400 | case TLS1_AD_USER_CANCELLED: str="US"; break; | ||
| 401 | case TLS1_AD_NO_RENEGOTIATION: str="NR"; break; | ||
| 392 | default: str="UK"; break; | 402 | default: str="UK"; break; |
| 393 | } | 403 | } |
| 394 | return(str); | 404 | return(str); |
| 395 | } | 405 | } |
| 396 | 406 | ||
| 397 | char *SSL_alert_desc_string_long(value) | 407 | const char *SSL_alert_desc_string_long(int value) |
| 398 | int value; | ||
| 399 | { | 408 | { |
| 400 | char *str; | 409 | const char *str; |
| 401 | 410 | ||
| 402 | switch (value & 0xff) | 411 | switch (value & 0xff) |
| 403 | { | 412 | { |
| @@ -405,7 +414,7 @@ int value; | |||
| 405 | str="close notify"; | 414 | str="close notify"; |
| 406 | break; | 415 | break; |
| 407 | case SSL3_AD_UNEXPECTED_MESSAGE: | 416 | case SSL3_AD_UNEXPECTED_MESSAGE: |
| 408 | str="unexected_message"; | 417 | str="unexpected_message"; |
| 409 | break; | 418 | break; |
| 410 | case SSL3_AD_BAD_RECORD_MAC: | 419 | case SSL3_AD_BAD_RECORD_MAC: |
| 411 | str="bad record mac"; | 420 | str="bad record mac"; |
| @@ -432,20 +441,55 @@ int value; | |||
| 432 | str="certificate expired"; | 441 | str="certificate expired"; |
| 433 | break; | 442 | break; |
| 434 | case SSL3_AD_CERTIFICATE_UNKNOWN: | 443 | case SSL3_AD_CERTIFICATE_UNKNOWN: |
| 435 | str="certifcate unknown"; | 444 | str="certificate unknown"; |
| 436 | break; | 445 | break; |
| 437 | case SSL3_AD_ILLEGAL_PARAMETER: | 446 | case SSL3_AD_ILLEGAL_PARAMETER: |
| 438 | str="illegal parameter"; | 447 | str="illegal parameter"; |
| 439 | break; | 448 | break; |
| 449 | case TLS1_AD_DECRYPTION_FAILED: | ||
| 450 | str="decryption failed"; | ||
| 451 | break; | ||
| 452 | case TLS1_AD_RECORD_OVERFLOW: | ||
| 453 | str="record overflow"; | ||
| 454 | break; | ||
| 455 | case TLS1_AD_UNKNOWN_CA: | ||
| 456 | str="unknown CA"; | ||
| 457 | break; | ||
| 458 | case TLS1_AD_ACCESS_DENIED: | ||
| 459 | str="access denied"; | ||
| 460 | break; | ||
| 461 | case TLS1_AD_DECODE_ERROR: | ||
| 462 | str="decode error"; | ||
| 463 | break; | ||
| 464 | case TLS1_AD_DECRYPT_ERROR: | ||
| 465 | str="decrypt error"; | ||
| 466 | break; | ||
| 467 | case TLS1_AD_EXPORT_RESTRICTION: | ||
| 468 | str="export restriction"; | ||
| 469 | break; | ||
| 470 | case TLS1_AD_PROTOCOL_VERSION: | ||
| 471 | str="protocol version"; | ||
| 472 | break; | ||
| 473 | case TLS1_AD_INSUFFICIENT_SECURITY: | ||
| 474 | str="insufficient security"; | ||
| 475 | break; | ||
| 476 | case TLS1_AD_INTERNAL_ERROR: | ||
| 477 | str="internal error"; | ||
| 478 | break; | ||
| 479 | case TLS1_AD_USER_CANCELLED: | ||
| 480 | str="user canceled"; | ||
| 481 | break; | ||
| 482 | case TLS1_AD_NO_RENEGOTIATION: | ||
| 483 | str="no renegotiation"; | ||
| 484 | break; | ||
| 440 | default: str="unknown"; break; | 485 | default: str="unknown"; break; |
| 441 | } | 486 | } |
| 442 | return(str); | 487 | return(str); |
| 443 | } | 488 | } |
| 444 | 489 | ||
| 445 | char *SSL_rstate_string(s) | 490 | const char *SSL_rstate_string(const SSL *s) |
| 446 | SSL *s; | ||
| 447 | { | 491 | { |
| 448 | char *str; | 492 | const char *str; |
| 449 | 493 | ||
| 450 | switch (s->rstate) | 494 | switch (s->rstate) |
| 451 | { | 495 | { |
diff --git a/src/lib/libssl/ssl_txt.c b/src/lib/libssl/ssl_txt.c index ce60e1a6dd..40b76b1b26 100644 --- a/src/lib/libssl/ssl_txt.c +++ b/src/lib/libssl/ssl_txt.c | |||
| @@ -57,35 +57,31 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "buffer.h" | 60 | #include <openssl/buffer.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | #ifndef NO_FP_API | 63 | #ifndef OPENSSL_NO_FP_API |
| 64 | int SSL_SESSION_print_fp(fp, x) | 64 | int SSL_SESSION_print_fp(FILE *fp, SSL_SESSION *x) |
| 65 | FILE *fp; | 65 | { |
| 66 | SSL_SESSION *x; | 66 | BIO *b; |
| 67 | { | 67 | int ret; |
| 68 | BIO *b; | ||
| 69 | int ret; | ||
| 70 | 68 | ||
| 71 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) | 69 | if ((b=BIO_new(BIO_s_file_internal())) == NULL) |
| 72 | { | 70 | { |
| 73 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); | 71 | SSLerr(SSL_F_SSL_SESSION_PRINT_FP,ERR_R_BUF_LIB); |
| 74 | return(0); | 72 | return(0); |
| 75 | } | 73 | } |
| 76 | BIO_set_fp(b,fp,BIO_NOCLOSE); | 74 | BIO_set_fp(b,fp,BIO_NOCLOSE); |
| 77 | ret=SSL_SESSION_print(b,x); | 75 | ret=SSL_SESSION_print(b,x); |
| 78 | BIO_free(b); | 76 | BIO_free(b); |
| 79 | return(ret); | 77 | return(ret); |
| 80 | } | 78 | } |
| 81 | #endif | 79 | #endif |
| 82 | 80 | ||
| 83 | int SSL_SESSION_print(bp,x) | 81 | int SSL_SESSION_print(BIO *bp, SSL_SESSION *x) |
| 84 | BIO *bp; | ||
| 85 | SSL_SESSION *x; | ||
| 86 | { | 82 | { |
| 87 | int i; | 83 | unsigned int i; |
| 88 | char str[128],*s; | 84 | char *s; |
| 89 | 85 | ||
| 90 | if (x == NULL) goto err; | 86 | if (x == NULL) goto err; |
| 91 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; | 87 | if (BIO_puts(bp,"SSL-Session:\n") <= 0) goto err; |
| @@ -97,30 +93,41 @@ SSL_SESSION *x; | |||
| 97 | s="TLSv1"; | 93 | s="TLSv1"; |
| 98 | else | 94 | else |
| 99 | s="unknown"; | 95 | s="unknown"; |
| 100 | sprintf(str," Protocol : %s\n",s); | 96 | if (BIO_printf(bp," Protocol : %s\n",s) <= 0) goto err; |
| 101 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 102 | 97 | ||
| 103 | if (x->cipher == NULL) | 98 | if (x->cipher == NULL) |
| 104 | { | 99 | { |
| 105 | if (((x->cipher_id) & 0xff000000) == 0x02000000) | 100 | if (((x->cipher_id) & 0xff000000) == 0x02000000) |
| 106 | sprintf(str," Cipher : %06lX\n",x->cipher_id&0xffffff); | 101 | { |
| 102 | if (BIO_printf(bp," Cipher : %06lX\n",x->cipher_id&0xffffff) <= 0) | ||
| 103 | goto err; | ||
| 104 | } | ||
| 107 | else | 105 | else |
| 108 | sprintf(str," Cipher : %04lX\n",x->cipher_id&0xffff); | 106 | { |
| 107 | if (BIO_printf(bp," Cipher : %04lX\n",x->cipher_id&0xffff) <= 0) | ||
| 108 | goto err; | ||
| 109 | } | ||
| 109 | } | 110 | } |
| 110 | else | 111 | else |
| 111 | sprintf(str," Cipher : %s\n",(x->cipher == NULL)?"unknown":x->cipher->name); | 112 | { |
| 112 | if (BIO_puts(bp,str) <= 0) goto err; | 113 | if (BIO_printf(bp," Cipher : %s\n",((x->cipher == NULL)?"unknown":x->cipher->name)) <= 0) |
| 114 | goto err; | ||
| 115 | } | ||
| 113 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; | 116 | if (BIO_puts(bp," Session-ID: ") <= 0) goto err; |
| 114 | for (i=0; i<(int)x->session_id_length; i++) | 117 | for (i=0; i<x->session_id_length; i++) |
| 118 | { | ||
| 119 | if (BIO_printf(bp,"%02X",x->session_id[i]) <= 0) goto err; | ||
| 120 | } | ||
| 121 | if (BIO_puts(bp,"\n Session-ID-ctx: ") <= 0) goto err; | ||
| 122 | for (i=0; i<x->sid_ctx_length; i++) | ||
| 115 | { | 123 | { |
| 116 | sprintf(str,"%02X",x->session_id[i]); | 124 | if (BIO_printf(bp,"%02X",x->sid_ctx[i]) <= 0) |
| 117 | if (BIO_puts(bp,str) <= 0) goto err; | 125 | goto err; |
| 118 | } | 126 | } |
| 119 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; | 127 | if (BIO_puts(bp,"\n Master-Key: ") <= 0) goto err; |
| 120 | for (i=0; i<(int)x->master_key_length; i++) | 128 | for (i=0; i<(unsigned int)x->master_key_length; i++) |
| 121 | { | 129 | { |
| 122 | sprintf(str,"%02X",x->master_key[i]); | 130 | if (BIO_printf(bp,"%02X",x->master_key[i]) <= 0) goto err; |
| 123 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 124 | } | 131 | } |
| 125 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; | 132 | if (BIO_puts(bp,"\n Key-Arg : ") <= 0) goto err; |
| 126 | if (x->key_arg_length == 0) | 133 | if (x->key_arg_length == 0) |
| @@ -128,22 +135,49 @@ SSL_SESSION *x; | |||
| 128 | if (BIO_puts(bp,"None") <= 0) goto err; | 135 | if (BIO_puts(bp,"None") <= 0) goto err; |
| 129 | } | 136 | } |
| 130 | else | 137 | else |
| 131 | for (i=0; i<(int)x->key_arg_length; i++) | 138 | for (i=0; i<x->key_arg_length; i++) |
| 132 | { | 139 | { |
| 133 | sprintf(str,"%02X",x->key_arg[i]); | 140 | if (BIO_printf(bp,"%02X",x->key_arg[i]) <= 0) goto err; |
| 134 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 135 | } | 141 | } |
| 142 | #ifndef OPENSSL_NO_KRB5 | ||
| 143 | if (BIO_puts(bp,"\n Krb5 Principal: ") <= 0) goto err; | ||
| 144 | if (x->krb5_client_princ_len == 0) | ||
| 145 | { | ||
| 146 | if (BIO_puts(bp,"None") <= 0) goto err; | ||
| 147 | } | ||
| 148 | else | ||
| 149 | for (i=0; i<x->krb5_client_princ_len; i++) | ||
| 150 | { | ||
| 151 | if (BIO_printf(bp,"%02X",x->krb5_client_princ[i]) <= 0) goto err; | ||
| 152 | } | ||
| 153 | #endif /* OPENSSL_NO_KRB5 */ | ||
| 154 | if (x->compress_meth != 0) | ||
| 155 | { | ||
| 156 | SSL_COMP *comp; | ||
| 157 | |||
| 158 | ssl_cipher_get_evp(x,NULL,NULL,&comp); | ||
| 159 | if (comp == NULL) | ||
| 160 | { | ||
| 161 | if (BIO_printf(bp,"\n Compression: %d",x->compress_meth) <= 0) goto err; | ||
| 162 | } | ||
| 163 | else | ||
| 164 | { | ||
| 165 | if (BIO_printf(bp,"\n Compression: %d (%s)", comp->id,comp->method->name) <= 0) goto err; | ||
| 166 | } | ||
| 167 | } | ||
| 136 | if (x->time != 0L) | 168 | if (x->time != 0L) |
| 137 | { | 169 | { |
| 138 | sprintf(str,"\n Start Time: %ld",x->time); | 170 | if (BIO_printf(bp, "\n Start Time: %ld",x->time) <= 0) goto err; |
| 139 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 140 | } | 171 | } |
| 141 | if (x->timeout != 0L) | 172 | if (x->timeout != 0L) |
| 142 | { | 173 | { |
| 143 | sprintf(str,"\n Timeout : %ld (sec)",x->timeout); | 174 | if (BIO_printf(bp, "\n Timeout : %ld (sec)",x->timeout) <= 0) goto err; |
| 144 | if (BIO_puts(bp,str) <= 0) goto err; | ||
| 145 | } | 175 | } |
| 146 | if (BIO_puts(bp,"\n") <= 0) goto err; | 176 | if (BIO_puts(bp,"\n") <= 0) goto err; |
| 177 | |||
| 178 | if (BIO_puts(bp, " Verify return code: ") <= 0) goto err; | ||
| 179 | if (BIO_printf(bp, "%ld (%s)\n", x->verify_result, | ||
| 180 | X509_verify_cert_error_string(x->verify_result)) <= 0) goto err; | ||
| 147 | 181 | ||
| 148 | return(1); | 182 | return(1); |
| 149 | err: | 183 | err: |
diff --git a/src/lib/libssl/t1_clnt.c b/src/lib/libssl/t1_clnt.c index 986d2436e2..9745630a00 100644 --- a/src/lib/libssl/t1_clnt.c +++ b/src/lib/libssl/t1_clnt.c | |||
| @@ -57,14 +57,14 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "buffer.h" | 60 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "ssl_locl.h" | 64 | #include "ssl_locl.h" |
| 65 | 65 | ||
| 66 | static SSL_METHOD *tls1_get_client_method(ver) | 66 | static SSL_METHOD *tls1_get_client_method(int ver); |
| 67 | int ver; | 67 | static SSL_METHOD *tls1_get_client_method(int ver) |
| 68 | { | 68 | { |
| 69 | if (ver == TLS1_VERSION) | 69 | if (ver == TLS1_VERSION) |
| 70 | return(TLSv1_client_method()); | 70 | return(TLSv1_client_method()); |
| @@ -72,18 +72,18 @@ int ver; | |||
| 72 | return(NULL); | 72 | return(NULL); |
| 73 | } | 73 | } |
| 74 | 74 | ||
| 75 | SSL_METHOD *TLSv1_client_method() | 75 | SSL_METHOD *TLSv1_client_method(void) |
| 76 | { | 76 | { |
| 77 | static int init=1; | 77 | static int init=1; |
| 78 | static SSL_METHOD TLSv1_client_data; | 78 | static SSL_METHOD TLSv1_client_data; |
| 79 | 79 | ||
| 80 | if (init) | 80 | if (init) |
| 81 | { | 81 | { |
| 82 | init=0; | ||
| 83 | memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), | 82 | memcpy((char *)&TLSv1_client_data,(char *)tlsv1_base_method(), |
| 84 | sizeof(SSL_METHOD)); | 83 | sizeof(SSL_METHOD)); |
| 85 | TLSv1_client_data.ssl_connect=ssl3_connect; | 84 | TLSv1_client_data.ssl_connect=ssl3_connect; |
| 86 | TLSv1_client_data.get_ssl_method=tls1_get_client_method; | 85 | TLSv1_client_data.get_ssl_method=tls1_get_client_method; |
| 86 | init=0; | ||
| 87 | } | 87 | } |
| 88 | return(&TLSv1_client_data); | 88 | return(&TLSv1_client_data); |
| 89 | } | 89 | } |
diff --git a/src/lib/libssl/t1_enc.c b/src/lib/libssl/t1_enc.c index fbdd3bffb5..b80525f3ba 100644 --- a/src/lib/libssl/t1_enc.c +++ b/src/lib/libssl/t1_enc.c | |||
| @@ -55,20 +55,70 @@ | |||
| 55 | * copied and put under another distribution licence | 55 | * copied and put under another distribution licence |
| 56 | * [including the GNU Public Licence.] | 56 | * [including the GNU Public Licence.] |
| 57 | */ | 57 | */ |
| 58 | /* ==================================================================== | ||
| 59 | * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved. | ||
| 60 | * | ||
| 61 | * Redistribution and use in source and binary forms, with or without | ||
| 62 | * modification, are permitted provided that the following conditions | ||
| 63 | * are met: | ||
| 64 | * | ||
| 65 | * 1. Redistributions of source code must retain the above copyright | ||
| 66 | * notice, this list of conditions and the following disclaimer. | ||
| 67 | * | ||
| 68 | * 2. Redistributions in binary form must reproduce the above copyright | ||
| 69 | * notice, this list of conditions and the following disclaimer in | ||
| 70 | * the documentation and/or other materials provided with the | ||
| 71 | * distribution. | ||
| 72 | * | ||
| 73 | * 3. All advertising materials mentioning features or use of this | ||
| 74 | * software must display the following acknowledgment: | ||
| 75 | * "This product includes software developed by the OpenSSL Project | ||
| 76 | * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" | ||
| 77 | * | ||
| 78 | * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to | ||
| 79 | * endorse or promote products derived from this software without | ||
| 80 | * prior written permission. For written permission, please contact | ||
| 81 | * openssl-core@openssl.org. | ||
| 82 | * | ||
| 83 | * 5. Products derived from this software may not be called "OpenSSL" | ||
| 84 | * nor may "OpenSSL" appear in their names without prior written | ||
| 85 | * permission of the OpenSSL Project. | ||
| 86 | * | ||
| 87 | * 6. Redistributions of any form whatsoever must retain the following | ||
| 88 | * acknowledgment: | ||
| 89 | * "This product includes software developed by the OpenSSL Project | ||
| 90 | * for use in the OpenSSL Toolkit (http://www.openssl.org/)" | ||
| 91 | * | ||
| 92 | * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY | ||
| 93 | * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | ||
| 94 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR | ||
| 95 | * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR | ||
| 96 | * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, | ||
| 97 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT | ||
| 98 | * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; | ||
| 99 | * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | ||
| 100 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, | ||
| 101 | * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) | ||
| 102 | * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED | ||
| 103 | * OF THE POSSIBILITY OF SUCH DAMAGE. | ||
| 104 | * ==================================================================== | ||
| 105 | * | ||
| 106 | * This product includes cryptographic software written by Eric Young | ||
| 107 | * (eay@cryptsoft.com). This product includes software written by Tim | ||
| 108 | * Hudson (tjh@cryptsoft.com). | ||
| 109 | * | ||
| 110 | */ | ||
| 58 | 111 | ||
| 59 | #include <stdio.h> | 112 | #include <stdio.h> |
| 60 | #include "evp.h" | 113 | #include <openssl/comp.h> |
| 61 | #include "hmac.h" | 114 | #include <openssl/evp.h> |
| 115 | #include <openssl/hmac.h> | ||
| 62 | #include "ssl_locl.h" | 116 | #include "ssl_locl.h" |
| 117 | #include <openssl/md5.h> | ||
| 63 | 118 | ||
| 64 | static void tls1_P_hash(md,sec,sec_len,seed,seed_len,out,olen) | 119 | static void tls1_P_hash(const EVP_MD *md, const unsigned char *sec, |
| 65 | EVP_MD *md; | 120 | int sec_len, unsigned char *seed, int seed_len, |
| 66 | unsigned char *sec; | 121 | unsigned char *out, int olen) |
| 67 | int sec_len; | ||
| 68 | unsigned char *seed; | ||
| 69 | int seed_len; | ||
| 70 | unsigned char *out; | ||
| 71 | int olen; | ||
| 72 | { | 122 | { |
| 73 | int chunk,n; | 123 | int chunk,n; |
| 74 | unsigned int j; | 124 | unsigned int j; |
| @@ -79,16 +129,20 @@ int olen; | |||
| 79 | 129 | ||
| 80 | chunk=EVP_MD_size(md); | 130 | chunk=EVP_MD_size(md); |
| 81 | 131 | ||
| 82 | HMAC_Init(&ctx,sec,sec_len,md); | 132 | HMAC_CTX_init(&ctx); |
| 133 | HMAC_CTX_init(&ctx_tmp); | ||
| 134 | HMAC_Init_ex(&ctx,sec,sec_len,md, NULL); | ||
| 135 | HMAC_Init_ex(&ctx_tmp,sec,sec_len,md, NULL); | ||
| 83 | HMAC_Update(&ctx,seed,seed_len); | 136 | HMAC_Update(&ctx,seed,seed_len); |
| 84 | HMAC_Final(&ctx,A1,&A1_len); | 137 | HMAC_Final(&ctx,A1,&A1_len); |
| 85 | 138 | ||
| 86 | n=0; | 139 | n=0; |
| 87 | for (;;) | 140 | for (;;) |
| 88 | { | 141 | { |
| 89 | HMAC_Init(&ctx,NULL,0,NULL); /* re-init */ | 142 | HMAC_Init_ex(&ctx,NULL,0,NULL,NULL); /* re-init */ |
| 143 | HMAC_Init_ex(&ctx_tmp,NULL,0,NULL,NULL); /* re-init */ | ||
| 90 | HMAC_Update(&ctx,A1,A1_len); | 144 | HMAC_Update(&ctx,A1,A1_len); |
| 91 | memcpy(&ctx_tmp,&ctx,sizeof(ctx)); /* Copy for A2 */ /* not needed for last one */ | 145 | HMAC_Update(&ctx_tmp,A1,A1_len); |
| 92 | HMAC_Update(&ctx,seed,seed_len); | 146 | HMAC_Update(&ctx,seed,seed_len); |
| 93 | 147 | ||
| 94 | if (olen > chunk) | 148 | if (olen > chunk) |
| @@ -105,24 +159,18 @@ int olen; | |||
| 105 | break; | 159 | break; |
| 106 | } | 160 | } |
| 107 | } | 161 | } |
| 108 | HMAC_cleanup(&ctx); | 162 | HMAC_CTX_cleanup(&ctx); |
| 109 | HMAC_cleanup(&ctx_tmp); | 163 | HMAC_CTX_cleanup(&ctx_tmp); |
| 110 | memset(A1,0,sizeof(A1)); | 164 | memset(A1,0,sizeof(A1)); |
| 111 | } | 165 | } |
| 112 | 166 | ||
| 113 | static void tls1_PRF(md5,sha1,label,label_len,sec,slen,out1,out2,olen) | 167 | static void tls1_PRF(const EVP_MD *md5, const EVP_MD *sha1, |
| 114 | EVP_MD *md5; | 168 | unsigned char *label, int label_len, |
| 115 | EVP_MD *sha1; | 169 | const unsigned char *sec, int slen, unsigned char *out1, |
| 116 | unsigned char *label; | 170 | unsigned char *out2, int olen) |
| 117 | int label_len; | ||
| 118 | unsigned char *sec; | ||
| 119 | int slen; | ||
| 120 | unsigned char *out1; | ||
| 121 | unsigned char *out2; | ||
| 122 | int olen; | ||
| 123 | { | 171 | { |
| 124 | int len,i; | 172 | int len,i; |
| 125 | unsigned char *S1,*S2; | 173 | const unsigned char *S1,*S2; |
| 126 | 174 | ||
| 127 | len=slen/2; | 175 | len=slen/2; |
| 128 | S1=sec; | 176 | S1=sec; |
| @@ -137,10 +185,8 @@ int olen; | |||
| 137 | out1[i]^=out2[i]; | 185 | out1[i]^=out2[i]; |
| 138 | } | 186 | } |
| 139 | 187 | ||
| 140 | static void tls1_generate_key_block(s,km,tmp,num) | 188 | static void tls1_generate_key_block(SSL *s, unsigned char *km, |
| 141 | SSL *s; | 189 | unsigned char *tmp, int num) |
| 142 | unsigned char *km,*tmp; | ||
| 143 | int num; | ||
| 144 | { | 190 | { |
| 145 | unsigned char *p; | 191 | unsigned char *p; |
| 146 | unsigned char buf[SSL3_RANDOM_SIZE*2+ | 192 | unsigned char buf[SSL3_RANDOM_SIZE*2+ |
| @@ -155,15 +201,25 @@ int num; | |||
| 155 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); | 201 | memcpy(p,s->s3->client_random,SSL3_RANDOM_SIZE); |
| 156 | p+=SSL3_RANDOM_SIZE; | 202 | p+=SSL3_RANDOM_SIZE; |
| 157 | 203 | ||
| 158 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf, | 204 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf), |
| 159 | s->session->master_key,s->session->master_key_length, | 205 | s->session->master_key,s->session->master_key_length, |
| 160 | km,tmp,num); | 206 | km,tmp,num); |
| 207 | #ifdef KSSL_DEBUG | ||
| 208 | printf("tls1_generate_key_block() ==> %d byte master_key =\n\t", | ||
| 209 | s->session->master_key_length); | ||
| 210 | { | ||
| 211 | int i; | ||
| 212 | for (i=0; i < s->session->master_key_length; i++) | ||
| 213 | { | ||
| 214 | printf("%02X", s->session->master_key[i]); | ||
| 215 | } | ||
| 216 | printf("\n"); } | ||
| 217 | #endif /* KSSL_DEBUG */ | ||
| 161 | } | 218 | } |
| 162 | 219 | ||
| 163 | int tls1_change_cipher_state(s,which) | 220 | int tls1_change_cipher_state(SSL *s, int which) |
| 164 | SSL *s; | ||
| 165 | int which; | ||
| 166 | { | 221 | { |
| 222 | static const unsigned char empty[]=""; | ||
| 167 | unsigned char *p,*key_block,*mac_secret; | 223 | unsigned char *p,*key_block,*mac_secret; |
| 168 | unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ | 224 | unsigned char *exp_label,buf[TLS_MD_MAX_CONST_SIZE+ |
| 169 | SSL3_RANDOM_SIZE*2]; | 225 | SSL3_RANDOM_SIZE*2]; |
| @@ -174,47 +230,103 @@ int which; | |||
| 174 | unsigned char *ms,*key,*iv,*er1,*er2; | 230 | unsigned char *ms,*key,*iv,*er1,*er2; |
| 175 | int client_write; | 231 | int client_write; |
| 176 | EVP_CIPHER_CTX *dd; | 232 | EVP_CIPHER_CTX *dd; |
| 177 | EVP_CIPHER *c; | 233 | const EVP_CIPHER *c; |
| 178 | SSL_COMPRESSION *comp; | 234 | const SSL_COMP *comp; |
| 179 | EVP_MD *m; | 235 | const EVP_MD *m; |
| 180 | int exp,n,i,j,k,exp_label_len; | 236 | int is_export,n,i,j,k,exp_label_len,cl; |
| 237 | int reuse_dd = 0; | ||
| 181 | 238 | ||
| 182 | exp=(s->s3->tmp.new_cipher->algorithms & SSL_EXPORT)?1:0; | 239 | is_export=SSL_C_IS_EXPORT(s->s3->tmp.new_cipher); |
| 183 | c=s->s3->tmp.new_sym_enc; | 240 | c=s->s3->tmp.new_sym_enc; |
| 184 | m=s->s3->tmp.new_hash; | 241 | m=s->s3->tmp.new_hash; |
| 185 | comp=s->s3->tmp.new_compression; | 242 | comp=s->s3->tmp.new_compression; |
| 186 | key_block=s->s3->tmp.key_block; | 243 | key_block=s->s3->tmp.key_block; |
| 187 | 244 | ||
| 245 | #ifdef KSSL_DEBUG | ||
| 246 | printf("tls1_change_cipher_state(which= %d) w/\n", which); | ||
| 247 | printf("\talg= %ld, comp= %p\n", s->s3->tmp.new_cipher->algorithms, | ||
| 248 | comp); | ||
| 249 | printf("\tevp_cipher == %p ==? &d_cbc_ede_cipher3\n", c); | ||
| 250 | printf("\tevp_cipher: nid, blksz= %d, %d, keylen=%d, ivlen=%d\n", | ||
| 251 | c->nid,c->block_size,c->key_len,c->iv_len); | ||
| 252 | printf("\tkey_block: len= %d, data= ", s->s3->tmp.key_block_length); | ||
| 253 | { | ||
| 254 | int i; | ||
| 255 | for (i=0; i<s->s3->tmp.key_block_length; i++) | ||
| 256 | printf("%02x", key_block[i]); printf("\n"); | ||
| 257 | } | ||
| 258 | #endif /* KSSL_DEBUG */ | ||
| 259 | |||
| 188 | if (which & SSL3_CC_READ) | 260 | if (which & SSL3_CC_READ) |
| 189 | { | 261 | { |
| 190 | if ((s->enc_read_ctx == NULL) && | 262 | if (s->enc_read_ctx != NULL) |
| 191 | ((s->enc_read_ctx=(EVP_CIPHER_CTX *) | 263 | reuse_dd = 1; |
| 192 | Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 264 | else if ((s->enc_read_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) |
| 193 | goto err; | 265 | goto err; |
| 194 | dd= s->enc_read_ctx; | 266 | dd= s->enc_read_ctx; |
| 195 | s->read_hash=m; | 267 | s->read_hash=m; |
| 196 | s->read_compression=comp; | 268 | if (s->expand != NULL) |
| 269 | { | ||
| 270 | COMP_CTX_free(s->expand); | ||
| 271 | s->expand=NULL; | ||
| 272 | } | ||
| 273 | if (comp != NULL) | ||
| 274 | { | ||
| 275 | s->expand=COMP_CTX_new(comp->method); | ||
| 276 | if (s->expand == NULL) | ||
| 277 | { | ||
| 278 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); | ||
| 279 | goto err2; | ||
| 280 | } | ||
| 281 | if (s->s3->rrec.comp == NULL) | ||
| 282 | s->s3->rrec.comp=(unsigned char *) | ||
| 283 | OPENSSL_malloc(SSL3_RT_MAX_ENCRYPTED_LENGTH); | ||
| 284 | if (s->s3->rrec.comp == NULL) | ||
| 285 | goto err; | ||
| 286 | } | ||
| 197 | memset(&(s->s3->read_sequence[0]),0,8); | 287 | memset(&(s->s3->read_sequence[0]),0,8); |
| 198 | mac_secret= &(s->s3->read_mac_secret[0]); | 288 | mac_secret= &(s->s3->read_mac_secret[0]); |
| 199 | } | 289 | } |
| 200 | else | 290 | else |
| 201 | { | 291 | { |
| 292 | if (s->enc_write_ctx != NULL) | ||
| 293 | reuse_dd = 1; | ||
| 294 | else if ((s->enc_write_ctx=OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL) | ||
| 295 | goto err; | ||
| 202 | if ((s->enc_write_ctx == NULL) && | 296 | if ((s->enc_write_ctx == NULL) && |
| 203 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) | 297 | ((s->enc_write_ctx=(EVP_CIPHER_CTX *) |
| 204 | Malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) | 298 | OPENSSL_malloc(sizeof(EVP_CIPHER_CTX))) == NULL)) |
| 205 | goto err; | 299 | goto err; |
| 206 | dd= s->enc_write_ctx; | 300 | dd= s->enc_write_ctx; |
| 207 | s->write_hash=m; | 301 | s->write_hash=m; |
| 208 | s->write_compression=comp; | 302 | if (s->compress != NULL) |
| 303 | { | ||
| 304 | COMP_CTX_free(s->compress); | ||
| 305 | s->compress=NULL; | ||
| 306 | } | ||
| 307 | if (comp != NULL) | ||
| 308 | { | ||
| 309 | s->compress=COMP_CTX_new(comp->method); | ||
| 310 | if (s->compress == NULL) | ||
| 311 | { | ||
| 312 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_COMPRESSION_LIBRARY_ERROR); | ||
| 313 | goto err2; | ||
| 314 | } | ||
| 315 | } | ||
| 209 | memset(&(s->s3->write_sequence[0]),0,8); | 316 | memset(&(s->s3->write_sequence[0]),0,8); |
| 210 | mac_secret= &(s->s3->write_mac_secret[0]); | 317 | mac_secret= &(s->s3->write_mac_secret[0]); |
| 211 | } | 318 | } |
| 212 | 319 | ||
| 320 | if (reuse_dd) | ||
| 321 | EVP_CIPHER_CTX_cleanup(dd); | ||
| 213 | EVP_CIPHER_CTX_init(dd); | 322 | EVP_CIPHER_CTX_init(dd); |
| 214 | 323 | ||
| 215 | p=s->s3->tmp.key_block; | 324 | p=s->s3->tmp.key_block; |
| 216 | i=EVP_MD_size(m); | 325 | i=EVP_MD_size(m); |
| 217 | j=(exp)?5:EVP_CIPHER_key_length(c); | 326 | cl=EVP_CIPHER_key_length(c); |
| 327 | j=is_export ? (cl < SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher) ? | ||
| 328 | cl : SSL_C_EXPORT_KEYLENGTH(s->s3->tmp.new_cipher)) : cl; | ||
| 329 | /* Was j=(exp)?5:EVP_CIPHER_key_length(c); */ | ||
| 218 | k=EVP_CIPHER_iv_length(c); | 330 | k=EVP_CIPHER_iv_length(c); |
| 219 | er1= &(s->s3->client_random[0]); | 331 | er1= &(s->s3->client_random[0]); |
| 220 | er2= &(s->s3->server_random[0]); | 332 | er2= &(s->s3->server_random[0]); |
| @@ -241,7 +353,7 @@ int which; | |||
| 241 | 353 | ||
| 242 | if (n > s->s3->tmp.key_block_length) | 354 | if (n > s->s3->tmp.key_block_length) |
| 243 | { | 355 | { |
| 244 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,SSL_R_INTERNAL_ERROR); | 356 | SSLerr(SSL_F_TLS1_CHANGE_CIPHER_STATE,ERR_R_INTERNAL_ERROR); |
| 245 | goto err2; | 357 | goto err2; |
| 246 | } | 358 | } |
| 247 | 359 | ||
| @@ -250,7 +362,7 @@ int which; | |||
| 250 | printf("which = %04X\nmac key=",which); | 362 | printf("which = %04X\nmac key=",which); |
| 251 | { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } | 363 | { int z; for (z=0; z<i; z++) printf("%02X%c",ms[z],((z+1)%16)?' ':'\n'); } |
| 252 | #endif | 364 | #endif |
| 253 | if (exp) | 365 | if (is_export) |
| 254 | { | 366 | { |
| 255 | /* In here I set both the read and write key/iv to the | 367 | /* In here I set both the read and write key/iv to the |
| 256 | * same value since only the correct one will be used :-). | 368 | * same value since only the correct one will be used :-). |
| @@ -262,8 +374,8 @@ printf("which = %04X\nmac key=",which); | |||
| 262 | p+=SSL3_RANDOM_SIZE; | 374 | p+=SSL3_RANDOM_SIZE; |
| 263 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | 375 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); |
| 264 | p+=SSL3_RANDOM_SIZE; | 376 | p+=SSL3_RANDOM_SIZE; |
| 265 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,key,j, | 377 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(p-buf),key,j, |
| 266 | tmp1,tmp2,EVP_CIPHER_key_length(c)); | 378 | tmp1,tmp2,EVP_CIPHER_key_length(c)); |
| 267 | key=tmp1; | 379 | key=tmp1; |
| 268 | 380 | ||
| 269 | if (k > 0) | 381 | if (k > 0) |
| @@ -276,8 +388,8 @@ printf("which = %04X\nmac key=",which); | |||
| 276 | p+=SSL3_RANDOM_SIZE; | 388 | p+=SSL3_RANDOM_SIZE; |
| 277 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); | 389 | memcpy(p,s->s3->server_random,SSL3_RANDOM_SIZE); |
| 278 | p+=SSL3_RANDOM_SIZE; | 390 | p+=SSL3_RANDOM_SIZE; |
| 279 | tls1_PRF(s->ctx->md5,s->ctx->sha1, | 391 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,p-buf,empty,0, |
| 280 | buf,p-buf,"",0,iv1,iv2,k*2); | 392 | iv1,iv2,k*2); |
| 281 | if (client_write) | 393 | if (client_write) |
| 282 | iv=iv1; | 394 | iv=iv1; |
| 283 | else | 395 | else |
| @@ -286,8 +398,18 @@ printf("which = %04X\nmac key=",which); | |||
| 286 | } | 398 | } |
| 287 | 399 | ||
| 288 | s->session->key_arg_length=0; | 400 | s->session->key_arg_length=0; |
| 401 | #ifdef KSSL_DEBUG | ||
| 402 | { | ||
| 403 | int i; | ||
| 404 | printf("EVP_CipherInit_ex(dd,c,key=,iv=,which)\n"); | ||
| 405 | printf("\tkey= "); for (i=0; i<c->key_len; i++) printf("%02x", key[i]); | ||
| 406 | printf("\n"); | ||
| 407 | printf("\t iv= "); for (i=0; i<c->iv_len; i++) printf("%02x", iv[i]); | ||
| 408 | printf("\n"); | ||
| 409 | } | ||
| 410 | #endif /* KSSL_DEBUG */ | ||
| 289 | 411 | ||
| 290 | EVP_CipherInit(dd,c,key,iv,(which & SSL3_CC_WRITE)); | 412 | EVP_CipherInit_ex(dd,c,NULL,key,iv,(which & SSL3_CC_WRITE)); |
| 291 | #ifdef TLS_DEBUG | 413 | #ifdef TLS_DEBUG |
| 292 | printf("which = %04X\nkey=",which); | 414 | printf("which = %04X\nkey=",which); |
| 293 | { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); } | 415 | { int z; for (z=0; z<EVP_CIPHER_key_length(c); z++) printf("%02X%c",key[z],((z+1)%16)?' ':'\n'); } |
| @@ -307,18 +429,22 @@ err2: | |||
| 307 | return(0); | 429 | return(0); |
| 308 | } | 430 | } |
| 309 | 431 | ||
| 310 | int tls1_setup_key_block(s) | 432 | int tls1_setup_key_block(SSL *s) |
| 311 | SSL *s; | ||
| 312 | { | 433 | { |
| 313 | unsigned char *p1,*p2; | 434 | unsigned char *p1,*p2; |
| 314 | EVP_CIPHER *c; | 435 | const EVP_CIPHER *c; |
| 315 | EVP_MD *hash; | 436 | const EVP_MD *hash; |
| 316 | int num,exp; | 437 | int num; |
| 438 | SSL_COMP *comp; | ||
| 439 | |||
| 440 | #ifdef KSSL_DEBUG | ||
| 441 | printf ("tls1_setup_key_block()\n"); | ||
| 442 | #endif /* KSSL_DEBUG */ | ||
| 317 | 443 | ||
| 318 | if (s->s3->tmp.key_block_length != 0) | 444 | if (s->s3->tmp.key_block_length != 0) |
| 319 | return(1); | 445 | return(1); |
| 320 | 446 | ||
| 321 | if (!ssl_cipher_get_evp(s->session->cipher,&c,&hash)) | 447 | if (!ssl_cipher_get_evp(s->session,&c,&hash,&comp)) |
| 322 | { | 448 | { |
| 323 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); | 449 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,SSL_R_CIPHER_OR_HASH_UNAVAILABLE); |
| 324 | return(0); | 450 | return(0); |
| @@ -327,16 +453,14 @@ SSL *s; | |||
| 327 | s->s3->tmp.new_sym_enc=c; | 453 | s->s3->tmp.new_sym_enc=c; |
| 328 | s->s3->tmp.new_hash=hash; | 454 | s->s3->tmp.new_hash=hash; |
| 329 | 455 | ||
| 330 | exp=(s->session->cipher->algorithms & SSL_EXPORT)?1:0; | ||
| 331 | |||
| 332 | num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); | 456 | num=EVP_CIPHER_key_length(c)+EVP_MD_size(hash)+EVP_CIPHER_iv_length(c); |
| 333 | num*=2; | 457 | num*=2; |
| 334 | 458 | ||
| 335 | ssl3_cleanup_key_block(s); | 459 | ssl3_cleanup_key_block(s); |
| 336 | 460 | ||
| 337 | if ((p1=(unsigned char *)Malloc(num)) == NULL) | 461 | if ((p1=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| 338 | goto err; | 462 | goto err; |
| 339 | if ((p2=(unsigned char *)Malloc(num)) == NULL) | 463 | if ((p2=(unsigned char *)OPENSSL_malloc(num)) == NULL) |
| 340 | goto err; | 464 | goto err; |
| 341 | 465 | ||
| 342 | s->s3->tmp.key_block_length=num; | 466 | s->s3->tmp.key_block_length=num; |
| @@ -353,28 +477,33 @@ printf("pre-master\n"); | |||
| 353 | #endif | 477 | #endif |
| 354 | tls1_generate_key_block(s,p1,p2,num); | 478 | tls1_generate_key_block(s,p1,p2,num); |
| 355 | memset(p2,0,num); | 479 | memset(p2,0,num); |
| 356 | Free(p2); | 480 | OPENSSL_free(p2); |
| 357 | #ifdef TLS_DEBUG | 481 | #ifdef TLS_DEBUG |
| 358 | printf("\nkey block\n"); | 482 | printf("\nkey block\n"); |
| 359 | { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } | 483 | { int z; for (z=0; z<num; z++) printf("%02X%c",p1[z],((z+1)%16)?' ':'\n'); } |
| 360 | #endif | 484 | #endif |
| 361 | 485 | ||
| 486 | /* enable vulnerability countermeasure for CBC ciphers with | ||
| 487 | * known-IV problem (http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
| 488 | s->s3->need_empty_fragments = 1; | ||
| 489 | #ifndef NO_RC4 | ||
| 490 | if ((s->session->cipher != NULL) && ((s->session->cipher->algorithms & SSL_ENC_MASK) == SSL_RC4)) | ||
| 491 | s->s3->need_empty_fragments = 0; | ||
| 492 | #endif | ||
| 493 | |||
| 362 | return(1); | 494 | return(1); |
| 363 | err: | 495 | err: |
| 364 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); | 496 | SSLerr(SSL_F_TLS1_SETUP_KEY_BLOCK,ERR_R_MALLOC_FAILURE); |
| 365 | return(0); | 497 | return(0); |
| 366 | } | 498 | } |
| 367 | 499 | ||
| 368 | int tls1_enc(s,send) | 500 | int tls1_enc(SSL *s, int send) |
| 369 | SSL *s; | ||
| 370 | int send; | ||
| 371 | { | 501 | { |
| 372 | SSL3_RECORD *rec; | 502 | SSL3_RECORD *rec; |
| 373 | EVP_CIPHER_CTX *ds; | 503 | EVP_CIPHER_CTX *ds; |
| 374 | unsigned long l; | 504 | unsigned long l; |
| 375 | int bs,i,ii,j,k,n=0; | 505 | int bs,i,ii,j,k,n=0; |
| 376 | EVP_CIPHER *enc; | 506 | const EVP_CIPHER *enc; |
| 377 | SSL_COMPRESSION *comp; | ||
| 378 | 507 | ||
| 379 | if (send) | 508 | if (send) |
| 380 | { | 509 | { |
| @@ -383,12 +512,9 @@ int send; | |||
| 383 | ds=s->enc_write_ctx; | 512 | ds=s->enc_write_ctx; |
| 384 | rec= &(s->s3->wrec); | 513 | rec= &(s->s3->wrec); |
| 385 | if (s->enc_write_ctx == NULL) | 514 | if (s->enc_write_ctx == NULL) |
| 386 | { enc=NULL; comp=NULL; } | 515 | enc=NULL; |
| 387 | else | 516 | else |
| 388 | { | ||
| 389 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); | 517 | enc=EVP_CIPHER_CTX_cipher(s->enc_write_ctx); |
| 390 | comp=s->write_compression; | ||
| 391 | } | ||
| 392 | } | 518 | } |
| 393 | else | 519 | else |
| 394 | { | 520 | { |
| @@ -397,18 +523,19 @@ int send; | |||
| 397 | ds=s->enc_read_ctx; | 523 | ds=s->enc_read_ctx; |
| 398 | rec= &(s->s3->rrec); | 524 | rec= &(s->s3->rrec); |
| 399 | if (s->enc_read_ctx == NULL) | 525 | if (s->enc_read_ctx == NULL) |
| 400 | { enc=NULL; comp=NULL; } | 526 | enc=NULL; |
| 401 | else | 527 | else |
| 402 | { | ||
| 403 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); | 528 | enc=EVP_CIPHER_CTX_cipher(s->enc_read_ctx); |
| 404 | comp=s->read_compression; | ||
| 405 | } | ||
| 406 | } | 529 | } |
| 407 | 530 | ||
| 531 | #ifdef KSSL_DEBUG | ||
| 532 | printf("tls1_enc(%d)\n", send); | ||
| 533 | #endif /* KSSL_DEBUG */ | ||
| 534 | |||
| 408 | if ((s->session == NULL) || (ds == NULL) || | 535 | if ((s->session == NULL) || (ds == NULL) || |
| 409 | ((enc == NULL) && (comp == NULL))) | 536 | (enc == NULL)) |
| 410 | { | 537 | { |
| 411 | memcpy(rec->data,rec->input,rec->length); | 538 | memmove(rec->data,rec->input,rec->length); |
| 412 | rec->input=rec->data; | 539 | rec->input=rec->data; |
| 413 | } | 540 | } |
| 414 | else | 541 | else |
| @@ -435,11 +562,48 @@ int send; | |||
| 435 | rec->length+=i; | 562 | rec->length+=i; |
| 436 | } | 563 | } |
| 437 | 564 | ||
| 565 | #ifdef KSSL_DEBUG | ||
| 566 | { | ||
| 567 | unsigned long ui; | ||
| 568 | printf("EVP_Cipher(ds=%p,rec->data=%p,rec->input=%p,l=%ld) ==>\n", | ||
| 569 | ds,rec->data,rec->input,l); | ||
| 570 | printf("\tEVP_CIPHER_CTX: %d buf_len, %d key_len [%d %d], %d iv_len\n", | ||
| 571 | ds->buf_len, ds->cipher->key_len, | ||
| 572 | DES_KEY_SZ, DES_SCHEDULE_SZ, | ||
| 573 | ds->cipher->iv_len); | ||
| 574 | printf("\t\tIV: "); | ||
| 575 | for (i=0; i<ds->cipher->iv_len; i++) printf("%02X", ds->iv[i]); | ||
| 576 | printf("\n"); | ||
| 577 | printf("\trec->input="); | ||
| 578 | for (ui=0; ui<l; ui++) printf(" %02x", rec->input[ui]); | ||
| 579 | printf("\n"); | ||
| 580 | } | ||
| 581 | #endif /* KSSL_DEBUG */ | ||
| 582 | |||
| 583 | if (!send) | ||
| 584 | { | ||
| 585 | if (l == 0 || l%bs != 0) | ||
| 586 | { | ||
| 587 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | ||
| 588 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | ||
| 589 | return 0; | ||
| 590 | } | ||
| 591 | } | ||
| 592 | |||
| 438 | EVP_Cipher(ds,rec->data,rec->input,l); | 593 | EVP_Cipher(ds,rec->data,rec->input,l); |
| 439 | 594 | ||
| 595 | #ifdef KSSL_DEBUG | ||
| 596 | { | ||
| 597 | unsigned long i; | ||
| 598 | printf("\trec->data="); | ||
| 599 | for (i=0; i<l; i++) | ||
| 600 | printf(" %02x", rec->data[i]); printf("\n"); | ||
| 601 | } | ||
| 602 | #endif /* KSSL_DEBUG */ | ||
| 603 | |||
| 440 | if ((bs != 1) && !send) | 604 | if ((bs != 1) && !send) |
| 441 | { | 605 | { |
| 442 | ii=i=rec->data[l-1]; | 606 | ii=i=rec->data[l-1]; /* padding_length */ |
| 443 | i++; | 607 | i++; |
| 444 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) | 608 | if (s->options&SSL_OP_TLS_BLOCK_PADDING_BUG) |
| 445 | { | 609 | { |
| @@ -450,19 +614,22 @@ int send; | |||
| 450 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) | 614 | if (s->s3->flags & TLS1_FLAGS_TLS_PADDING_BUG) |
| 451 | i--; | 615 | i--; |
| 452 | } | 616 | } |
| 617 | /* TLS 1.0 does not bound the number of padding bytes by the block size. | ||
| 618 | * All of them must have value 'padding_length'. */ | ||
| 453 | if (i > (int)rec->length) | 619 | if (i > (int)rec->length) |
| 454 | { | 620 | { |
| 455 | SSLerr(SSL_F_TLS1_ENC,SSL_R_BLOCK_CIPHER_PAD_IS_WRONG); | 621 | /* Incorrect padding. SSLerr() and ssl3_alert are done |
| 456 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | 622 | * by caller: we don't want to reveal whether this is |
| 457 | return(0); | 623 | * a decryption error or a MAC verification failure |
| 624 | * (see http://www.openssl.org/~bodo/tls-cbc.txt) */ | ||
| 625 | return -1; | ||
| 458 | } | 626 | } |
| 459 | for (j=(int)(l-i); j<(int)l; j++) | 627 | for (j=(int)(l-i); j<(int)l; j++) |
| 460 | { | 628 | { |
| 461 | if (rec->data[j] != ii) | 629 | if (rec->data[j] != ii) |
| 462 | { | 630 | { |
| 463 | SSLerr(SSL_F_TLS1_ENC,SSL_R_DECRYPTION_FAILED); | 631 | /* Incorrect padding */ |
| 464 | ssl3_send_alert(s,SSL3_AL_FATAL,SSL_AD_DECRYPTION_FAILED); | 632 | return -1; |
| 465 | return(0); | ||
| 466 | } | 633 | } |
| 467 | } | 634 | } |
| 468 | rec->length-=i; | 635 | rec->length-=i; |
| @@ -471,25 +638,20 @@ int send; | |||
| 471 | return(1); | 638 | return(1); |
| 472 | } | 639 | } |
| 473 | 640 | ||
| 474 | int tls1_cert_verify_mac(s,in_ctx,out) | 641 | int tls1_cert_verify_mac(SSL *s, EVP_MD_CTX *in_ctx, unsigned char *out) |
| 475 | SSL *s; | ||
| 476 | EVP_MD_CTX *in_ctx; | ||
| 477 | unsigned char *out; | ||
| 478 | { | 642 | { |
| 479 | unsigned int ret; | 643 | unsigned int ret; |
| 480 | EVP_MD_CTX ctx; | 644 | EVP_MD_CTX ctx; |
| 481 | 645 | ||
| 482 | memcpy(&ctx,in_ctx,sizeof(EVP_MD_CTX)); | 646 | EVP_MD_CTX_init(&ctx); |
| 483 | EVP_DigestFinal(&ctx,out,&ret); | 647 | EVP_MD_CTX_copy_ex(&ctx,in_ctx); |
| 648 | EVP_DigestFinal_ex(&ctx,out,&ret); | ||
| 649 | EVP_MD_CTX_cleanup(&ctx); | ||
| 484 | return((int)ret); | 650 | return((int)ret); |
| 485 | } | 651 | } |
| 486 | 652 | ||
| 487 | int tls1_final_finish_mac(s,in1_ctx,in2_ctx,str,slen,out) | 653 | int tls1_final_finish_mac(SSL *s, EVP_MD_CTX *in1_ctx, EVP_MD_CTX *in2_ctx, |
| 488 | SSL *s; | 654 | const char *str, int slen, unsigned char *out) |
| 489 | EVP_MD_CTX *in1_ctx,*in2_ctx; | ||
| 490 | unsigned char *str; | ||
| 491 | int slen; | ||
| 492 | unsigned char *out; | ||
| 493 | { | 655 | { |
| 494 | unsigned int i; | 656 | unsigned int i; |
| 495 | EVP_MD_CTX ctx; | 657 | EVP_MD_CTX ctx; |
| @@ -500,29 +662,27 @@ unsigned char *out; | |||
| 500 | memcpy(q,str,slen); | 662 | memcpy(q,str,slen); |
| 501 | q+=slen; | 663 | q+=slen; |
| 502 | 664 | ||
| 503 | memcpy(&ctx,in1_ctx,sizeof(EVP_MD_CTX)); | 665 | EVP_MD_CTX_init(&ctx); |
| 504 | EVP_DigestFinal(&ctx,q,&i); | 666 | EVP_MD_CTX_copy_ex(&ctx,in1_ctx); |
| 667 | EVP_DigestFinal_ex(&ctx,q,&i); | ||
| 505 | q+=i; | 668 | q+=i; |
| 506 | memcpy(&ctx,in2_ctx,sizeof(EVP_MD_CTX)); | 669 | EVP_MD_CTX_copy_ex(&ctx,in2_ctx); |
| 507 | EVP_DigestFinal(&ctx,q,&i); | 670 | EVP_DigestFinal_ex(&ctx,q,&i); |
| 508 | q+=i; | 671 | q+=i; |
| 509 | 672 | ||
| 510 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,q-buf, | 673 | tls1_PRF(s->ctx->md5,s->ctx->sha1,buf,(int)(q-buf), |
| 511 | s->session->master_key,s->session->master_key_length, | 674 | s->session->master_key,s->session->master_key_length, |
| 512 | out,buf2,12); | 675 | out,buf2,12); |
| 513 | memset(&ctx,0,sizeof(EVP_MD_CTX)); | 676 | EVP_MD_CTX_cleanup(&ctx); |
| 514 | 677 | ||
| 515 | return((int)12); | 678 | return((int)12); |
| 516 | } | 679 | } |
| 517 | 680 | ||
| 518 | int tls1_mac(ssl,md,send) | 681 | int tls1_mac(SSL *ssl, unsigned char *md, int send) |
| 519 | SSL *ssl; | ||
| 520 | unsigned char *md; | ||
| 521 | int send; | ||
| 522 | { | 682 | { |
| 523 | SSL3_RECORD *rec; | 683 | SSL3_RECORD *rec; |
| 524 | unsigned char *mac_sec,*seq; | 684 | unsigned char *mac_sec,*seq; |
| 525 | EVP_MD *hash; | 685 | const EVP_MD *hash; |
| 526 | unsigned int md_size; | 686 | unsigned int md_size; |
| 527 | int i; | 687 | int i; |
| 528 | HMAC_CTX hmac; | 688 | HMAC_CTX hmac; |
| @@ -552,41 +712,47 @@ int send; | |||
| 552 | buf[4]=rec->length&0xff; | 712 | buf[4]=rec->length&0xff; |
| 553 | 713 | ||
| 554 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ | 714 | /* I should fix this up TLS TLS TLS TLS TLS XXXXXXXX */ |
| 555 | HMAC_Init(&hmac,mac_sec,EVP_MD_size(hash),hash); | 715 | HMAC_CTX_init(&hmac); |
| 716 | HMAC_Init_ex(&hmac,mac_sec,EVP_MD_size(hash),hash,NULL); | ||
| 556 | HMAC_Update(&hmac,seq,8); | 717 | HMAC_Update(&hmac,seq,8); |
| 557 | HMAC_Update(&hmac,buf,5); | 718 | HMAC_Update(&hmac,buf,5); |
| 558 | HMAC_Update(&hmac,rec->input,rec->length); | 719 | HMAC_Update(&hmac,rec->input,rec->length); |
| 559 | HMAC_Final(&hmac,md,&md_size); | 720 | HMAC_Final(&hmac,md,&md_size); |
| 721 | HMAC_CTX_cleanup(&hmac); | ||
| 560 | 722 | ||
| 561 | #ifdef TLS_DEBUG | 723 | #ifdef TLS_DEBUG |
| 562 | printf("sec="); | 724 | printf("sec="); |
| 563 | {int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } | 725 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",mac_sec[z]); printf("\n"); } |
| 564 | printf("seq="); | 726 | printf("seq="); |
| 565 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } | 727 | {int z; for (z=0; z<8; z++) printf("%02X ",seq[z]); printf("\n"); } |
| 566 | printf("buf="); | 728 | printf("buf="); |
| 567 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } | 729 | {int z; for (z=0; z<5; z++) printf("%02X ",buf[z]); printf("\n"); } |
| 568 | printf("rec="); | 730 | printf("rec="); |
| 569 | {int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } | 731 | {unsigned int z; for (z=0; z<rec->length; z++) printf("%02X ",buf[z]); printf("\n"); } |
| 570 | #endif | 732 | #endif |
| 571 | 733 | ||
| 572 | for (i=7; i>=0; i--) | 734 | for (i=7; i>=0; i--) |
| 573 | if (++seq[i]) break; | 735 | { |
| 736 | ++seq[i]; | ||
| 737 | if (seq[i] != 0) break; | ||
| 738 | } | ||
| 574 | 739 | ||
| 575 | #ifdef TLS_DEBUG | 740 | #ifdef TLS_DEBUG |
| 576 | {int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } | 741 | {unsigned int z; for (z=0; z<md_size; z++) printf("%02X ",md[z]); printf("\n"); } |
| 577 | #endif | 742 | #endif |
| 578 | return(md_size); | 743 | return(md_size); |
| 579 | } | 744 | } |
| 580 | 745 | ||
| 581 | int tls1_generate_master_secret(s,out,p,len) | 746 | int tls1_generate_master_secret(SSL *s, unsigned char *out, unsigned char *p, |
| 582 | SSL *s; | 747 | int len) |
| 583 | unsigned char *out; | ||
| 584 | unsigned char *p; | ||
| 585 | int len; | ||
| 586 | { | 748 | { |
| 587 | unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; | 749 | unsigned char buf[SSL3_RANDOM_SIZE*2+TLS_MD_MASTER_SECRET_CONST_SIZE]; |
| 588 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; | 750 | unsigned char buff[SSL_MAX_MASTER_KEY_LENGTH]; |
| 589 | 751 | ||
| 752 | #ifdef KSSL_DEBUG | ||
| 753 | printf ("tls1_generate_master_secret(%p,%p, %p, %d)\n", s,out, p,len); | ||
| 754 | #endif /* KSSL_DEBUG */ | ||
| 755 | |||
| 590 | /* Setup the stuff to munge */ | 756 | /* Setup the stuff to munge */ |
| 591 | memcpy(buf,TLS_MD_MASTER_SECRET_CONST, | 757 | memcpy(buf,TLS_MD_MASTER_SECRET_CONST, |
| 592 | TLS_MD_MASTER_SECRET_CONST_SIZE); | 758 | TLS_MD_MASTER_SECRET_CONST_SIZE); |
| @@ -597,11 +763,13 @@ int len; | |||
| 597 | tls1_PRF(s->ctx->md5,s->ctx->sha1, | 763 | tls1_PRF(s->ctx->md5,s->ctx->sha1, |
| 598 | buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, | 764 | buf,TLS_MD_MASTER_SECRET_CONST_SIZE+SSL3_RANDOM_SIZE*2,p,len, |
| 599 | s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); | 765 | s->session->master_key,buff,SSL3_MASTER_SECRET_SIZE); |
| 766 | #ifdef KSSL_DEBUG | ||
| 767 | printf ("tls1_generate_master_secret() complete\n"); | ||
| 768 | #endif /* KSSL_DEBUG */ | ||
| 600 | return(SSL3_MASTER_SECRET_SIZE); | 769 | return(SSL3_MASTER_SECRET_SIZE); |
| 601 | } | 770 | } |
| 602 | 771 | ||
| 603 | int tls1_alert_code(code) | 772 | int tls1_alert_code(int code) |
| 604 | int code; | ||
| 605 | { | 773 | { |
| 606 | switch (code) | 774 | switch (code) |
| 607 | { | 775 | { |
| @@ -623,11 +791,11 @@ int code; | |||
| 623 | case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); | 791 | case SSL_AD_ACCESS_DENIED: return(TLS1_AD_ACCESS_DENIED); |
| 624 | case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); | 792 | case SSL_AD_DECODE_ERROR: return(TLS1_AD_DECODE_ERROR); |
| 625 | case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); | 793 | case SSL_AD_DECRYPT_ERROR: return(TLS1_AD_DECRYPT_ERROR); |
| 626 | case SSL_AD_EXPORT_RESTRICION: return(TLS1_AD_EXPORT_RESTRICION); | 794 | case SSL_AD_EXPORT_RESTRICTION: return(TLS1_AD_EXPORT_RESTRICTION); |
| 627 | case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); | 795 | case SSL_AD_PROTOCOL_VERSION: return(TLS1_AD_PROTOCOL_VERSION); |
| 628 | case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); | 796 | case SSL_AD_INSUFFICIENT_SECURITY:return(TLS1_AD_INSUFFICIENT_SECURITY); |
| 629 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); | 797 | case SSL_AD_INTERNAL_ERROR: return(TLS1_AD_INTERNAL_ERROR); |
| 630 | case SSL_AD_USER_CANCLED: return(TLS1_AD_USER_CANCLED); | 798 | case SSL_AD_USER_CANCELLED: return(TLS1_AD_USER_CANCELLED); |
| 631 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); | 799 | case SSL_AD_NO_RENEGOTIATION: return(TLS1_AD_NO_RENEGOTIATION); |
| 632 | default: return(-1); | 800 | default: return(-1); |
| 633 | } | 801 | } |
diff --git a/src/lib/libssl/t1_lib.c b/src/lib/libssl/t1_lib.c index f9fbfa414c..ca6c03d5af 100644 --- a/src/lib/libssl/t1_lib.c +++ b/src/lib/libssl/t1_lib.c | |||
| @@ -57,16 +57,12 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "objects.h" | 60 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | char *tls1_version_str="TLSv1 part of SSLeay 0.9.0b 29-Jun-1998"; | 63 | const char *tls1_version_str="TLSv1" OPENSSL_VERSION_PTEXT; |
| 64 | 64 | ||
| 65 | #ifndef NO_PROTO | ||
| 66 | static long tls1_default_timeout(void); | 65 | static long tls1_default_timeout(void); |
| 67 | #else | ||
| 68 | static long tls1_default_timeout(); | ||
| 69 | #endif | ||
| 70 | 66 | ||
| 71 | static SSL3_ENC_METHOD TLSv1_enc_data={ | 67 | static SSL3_ENC_METHOD TLSv1_enc_data={ |
| 72 | tls1_enc, | 68 | tls1_enc, |
| @@ -94,6 +90,7 @@ static SSL_METHOD TLSv1_data= { | |||
| 94 | ssl3_write, | 90 | ssl3_write, |
| 95 | ssl3_shutdown, | 91 | ssl3_shutdown, |
| 96 | ssl3_renegotiate, | 92 | ssl3_renegotiate, |
| 93 | ssl3_renegotiate_check, | ||
| 97 | ssl3_ctrl, | 94 | ssl3_ctrl, |
| 98 | ssl3_ctx_ctrl, | 95 | ssl3_ctx_ctrl, |
| 99 | ssl3_get_cipher_by_char, | 96 | ssl3_get_cipher_by_char, |
| @@ -104,47 +101,48 @@ static SSL_METHOD TLSv1_data= { | |||
| 104 | ssl_bad_method, | 101 | ssl_bad_method, |
| 105 | tls1_default_timeout, | 102 | tls1_default_timeout, |
| 106 | &TLSv1_enc_data, | 103 | &TLSv1_enc_data, |
| 104 | ssl_undefined_function, | ||
| 105 | ssl3_callback_ctrl, | ||
| 106 | ssl3_ctx_callback_ctrl, | ||
| 107 | }; | 107 | }; |
| 108 | 108 | ||
| 109 | static long tls1_default_timeout() | 109 | static long tls1_default_timeout(void) |
| 110 | { | 110 | { |
| 111 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec | 111 | /* 2 hours, the 24 hours mentioned in the TLSv1 spec |
| 112 | * is way too long for http, the cache would over fill */ | 112 | * is way too long for http, the cache would over fill */ |
| 113 | return(60*60*2); | 113 | return(60*60*2); |
| 114 | } | 114 | } |
| 115 | 115 | ||
| 116 | SSL_METHOD *tlsv1_base_method() | 116 | SSL_METHOD *tlsv1_base_method(void) |
| 117 | { | 117 | { |
| 118 | return(&TLSv1_data); | 118 | return(&TLSv1_data); |
| 119 | } | 119 | } |
| 120 | 120 | ||
| 121 | int tls1_new(s) | 121 | int tls1_new(SSL *s) |
| 122 | SSL *s; | ||
| 123 | { | 122 | { |
| 124 | if (!ssl3_new(s)) return(0); | 123 | if (!ssl3_new(s)) return(0); |
| 125 | s->method->ssl_clear(s); | 124 | s->method->ssl_clear(s); |
| 126 | return(1); | 125 | return(1); |
| 127 | } | 126 | } |
| 128 | 127 | ||
| 129 | void tls1_free(s) | 128 | void tls1_free(SSL *s) |
| 130 | SSL *s; | ||
| 131 | { | 129 | { |
| 132 | ssl3_free(s); | 130 | ssl3_free(s); |
| 133 | } | 131 | } |
| 134 | 132 | ||
| 135 | void tls1_clear(s) | 133 | void tls1_clear(SSL *s) |
| 136 | SSL *s; | ||
| 137 | { | 134 | { |
| 138 | ssl3_clear(s); | 135 | ssl3_clear(s); |
| 139 | s->version=TLS1_VERSION; | 136 | s->version=TLS1_VERSION; |
| 140 | } | 137 | } |
| 141 | 138 | ||
| 142 | #if 0 | 139 | #if 0 |
| 143 | long tls1_ctrl(s,cmd,larg,parg) | 140 | long tls1_ctrl(SSL *s, int cmd, long larg, char *parg) |
| 144 | SSL *s; | 141 | { |
| 145 | int cmd; | 142 | return(0); |
| 146 | long larg; | 143 | } |
| 147 | char *parg; | 144 | |
| 145 | long tls1_callback_ctrl(SSL *s, int cmd, void *(*fp)()) | ||
| 148 | { | 146 | { |
| 149 | return(0); | 147 | return(0); |
| 150 | } | 148 | } |
diff --git a/src/lib/libssl/t1_meth.c b/src/lib/libssl/t1_meth.c index 512c2078e7..9bb36a7d1c 100644 --- a/src/lib/libssl/t1_meth.c +++ b/src/lib/libssl/t1_meth.c | |||
| @@ -57,11 +57,11 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "objects.h" | 60 | #include <openssl/objects.h> |
| 61 | #include "ssl_locl.h" | 61 | #include "ssl_locl.h" |
| 62 | 62 | ||
| 63 | static SSL_METHOD *tls1_get_method(ver) | 63 | static SSL_METHOD *tls1_get_method(int ver); |
| 64 | int ver; | 64 | static SSL_METHOD *tls1_get_method(int ver) |
| 65 | { | 65 | { |
| 66 | if (ver == TLS1_VERSION) | 66 | if (ver == TLS1_VERSION) |
| 67 | return(TLSv1_method()); | 67 | return(TLSv1_method()); |
| @@ -69,19 +69,19 @@ int ver; | |||
| 69 | return(NULL); | 69 | return(NULL); |
| 70 | } | 70 | } |
| 71 | 71 | ||
| 72 | SSL_METHOD *TLSv1_method() | 72 | SSL_METHOD *TLSv1_method(void) |
| 73 | { | 73 | { |
| 74 | static int init=1; | 74 | static int init=1; |
| 75 | static SSL_METHOD TLSv1_data; | 75 | static SSL_METHOD TLSv1_data; |
| 76 | 76 | ||
| 77 | if (init) | 77 | if (init) |
| 78 | { | 78 | { |
| 79 | init=0; | ||
| 80 | memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), | 79 | memcpy((char *)&TLSv1_data,(char *)tlsv1_base_method(), |
| 81 | sizeof(SSL_METHOD)); | 80 | sizeof(SSL_METHOD)); |
| 82 | TLSv1_data.ssl_connect=ssl3_connect; | 81 | TLSv1_data.ssl_connect=ssl3_connect; |
| 83 | TLSv1_data.ssl_accept=ssl3_accept; | 82 | TLSv1_data.ssl_accept=ssl3_accept; |
| 84 | TLSv1_data.get_ssl_method=tls1_get_method; | 83 | TLSv1_data.get_ssl_method=tls1_get_method; |
| 84 | init=0; | ||
| 85 | } | 85 | } |
| 86 | return(&TLSv1_data); | 86 | return(&TLSv1_data); |
| 87 | } | 87 | } |
diff --git a/src/lib/libssl/t1_srvr.c b/src/lib/libssl/t1_srvr.c index 8cf0addcd9..996b7ca8e2 100644 --- a/src/lib/libssl/t1_srvr.c +++ b/src/lib/libssl/t1_srvr.c | |||
| @@ -57,15 +57,15 @@ | |||
| 57 | */ | 57 | */ |
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include "buffer.h" | 60 | #include <openssl/buffer.h> |
| 61 | #include "rand.h" | 61 | #include <openssl/rand.h> |
| 62 | #include "objects.h" | 62 | #include <openssl/objects.h> |
| 63 | #include "evp.h" | 63 | #include <openssl/evp.h> |
| 64 | #include "x509.h" | 64 | #include <openssl/x509.h> |
| 65 | #include "ssl_locl.h" | 65 | #include "ssl_locl.h" |
| 66 | 66 | ||
| 67 | static SSL_METHOD *tls1_get_server_method(ver) | 67 | static SSL_METHOD *tls1_get_server_method(int ver); |
| 68 | int ver; | 68 | static SSL_METHOD *tls1_get_server_method(int ver) |
| 69 | { | 69 | { |
| 70 | if (ver == TLS1_VERSION) | 70 | if (ver == TLS1_VERSION) |
| 71 | return(TLSv1_server_method()); | 71 | return(TLSv1_server_method()); |
| @@ -73,18 +73,18 @@ int ver; | |||
| 73 | return(NULL); | 73 | return(NULL); |
| 74 | } | 74 | } |
| 75 | 75 | ||
| 76 | SSL_METHOD *TLSv1_server_method() | 76 | SSL_METHOD *TLSv1_server_method(void) |
| 77 | { | 77 | { |
| 78 | static int init=1; | 78 | static int init=1; |
| 79 | static SSL_METHOD TLSv1_server_data; | 79 | static SSL_METHOD TLSv1_server_data; |
| 80 | 80 | ||
| 81 | if (init) | 81 | if (init) |
| 82 | { | 82 | { |
| 83 | init=0; | ||
| 84 | memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), | 83 | memcpy((char *)&TLSv1_server_data,(char *)tlsv1_base_method(), |
| 85 | sizeof(SSL_METHOD)); | 84 | sizeof(SSL_METHOD)); |
| 86 | TLSv1_server_data.ssl_accept=ssl3_accept; | 85 | TLSv1_server_data.ssl_accept=ssl3_accept; |
| 87 | TLSv1_server_data.get_ssl_method=tls1_get_server_method; | 86 | TLSv1_server_data.get_ssl_method=tls1_get_server_method; |
| 87 | init=0; | ||
| 88 | } | 88 | } |
| 89 | return(&TLSv1_server_data); | 89 | return(&TLSv1_server_data); |
| 90 | } | 90 | } |
diff --git a/src/lib/libssl/test/methtest.c b/src/lib/libssl/test/methtest.c index 630d29dc91..06ccb3b310 100644 --- a/src/lib/libssl/test/methtest.c +++ b/src/lib/libssl/test/methtest.c | |||
| @@ -58,10 +58,10 @@ | |||
| 58 | 58 | ||
| 59 | #include <stdio.h> | 59 | #include <stdio.h> |
| 60 | #include <stdlib.h> | 60 | #include <stdlib.h> |
| 61 | #include "rsa.h" | 61 | #include <openssl/rsa.h> |
| 62 | #include "x509.h" | 62 | #include <openssl/x509.h> |
| 63 | #include "meth.h" | 63 | #include "meth.h" |
| 64 | #include "err.h" | 64 | #include <openssl/err.h> |
| 65 | 65 | ||
| 66 | int main(argc,argv) | 66 | int main(argc,argv) |
| 67 | int argc; | 67 | int argc; |
diff --git a/src/lib/libssl/test/tcrl b/src/lib/libssl/test/tcrl index 859fba452f..acaf8f3c47 100644 --- a/src/lib/libssl/test/tcrl +++ b/src/lib/libssl/test/tcrl | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay crl' | 6 | cmd='../apps/openssl crl' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
diff --git a/src/lib/libssl/test/testca b/src/lib/libssl/test/testca index a28402f9ca..88c186b6ab 100644 --- a/src/lib/libssl/test/testca +++ b/src/lib/libssl/test/testca | |||
| @@ -23,7 +23,7 @@ if [ $? != 0 ]; then | |||
| 23 | fi | 23 | fi |
| 24 | 24 | ||
| 25 | 25 | ||
| 26 | SSLEAY_CONFIG="-config ../apps/ssleay.cnf" | 26 | SSLEAY_CONFIG="-config ../apps/openssl.cnf" |
| 27 | export SSLEAY_CONFIG | 27 | export SSLEAY_CONFIG |
| 28 | $SH ../apps/CA.sh -sign <<EOF | 28 | $SH ../apps/CA.sh -sign <<EOF |
| 29 | y | 29 | y |
diff --git a/src/lib/libssl/test/testenc b/src/lib/libssl/test/testenc index 42db56c2be..0656c7f525 100644 --- a/src/lib/libssl/test/testenc +++ b/src/lib/libssl/test/testenc | |||
| @@ -2,7 +2,7 @@ | |||
| 2 | 2 | ||
| 3 | testsrc=Makefile.ssl | 3 | testsrc=Makefile.ssl |
| 4 | test=./p | 4 | test=./p |
| 5 | cmd=../apps/ssleay | 5 | cmd=../apps/openssl |
| 6 | 6 | ||
| 7 | cat $testsrc >$test; | 7 | cat $testsrc >$test; |
| 8 | 8 | ||
| @@ -27,15 +27,7 @@ else | |||
| 27 | /bin/rm $test.cipher $test.clear | 27 | /bin/rm $test.cipher $test.clear |
| 28 | fi | 28 | fi |
| 29 | 29 | ||
| 30 | for i in rc4 \ | 30 | for i in `$cmd list-cipher-commands` |
| 31 | des-cfb des-ede-cfb des-ede3-cfb \ | ||
| 32 | des-ofb des-ede-ofb des-ede3-ofb \ | ||
| 33 | des-ecb des-ede des-ede3 desx \ | ||
| 34 | des-cbc des-ede-cbc des-ede3-cbc \ | ||
| 35 | idea-ecb idea-cfb idea-ofb idea-cbc \ | ||
| 36 | rc2-ecb rc2-cfb rc2-ofb rc2-cbc \ | ||
| 37 | bf-ecb bf-cfb bf-ofb bf-cbc rc4 \ | ||
| 38 | cast5-ecb cast5-cfb cast5-ofb cast5-cbc | ||
| 39 | do | 31 | do |
| 40 | echo $i | 32 | echo $i |
| 41 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher | 33 | $cmd $i -bufsize 113 -e -k test < $test > $test.$i.cipher |
diff --git a/src/lib/libssl/test/testgen b/src/lib/libssl/test/testgen index 12a4ca4cea..6a4b6b9221 100644 --- a/src/lib/libssl/test/testgen +++ b/src/lib/libssl/test/testgen | |||
| @@ -11,17 +11,25 @@ export PATH | |||
| 11 | 11 | ||
| 12 | echo "generating certificate request" | 12 | echo "generating certificate request" |
| 13 | 13 | ||
| 14 | echo "There should be a 2 sequences of .'s and some +'s." | 14 | echo "string to make the random number generator think it has entropy" >> ./.rnd |
| 15 | echo "There should not be more that at most 80 per line" | 15 | |
| 16 | if ../apps/openssl no-rsa; then | ||
| 17 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
| 18 | else | ||
| 19 | req_new='-new' | ||
| 20 | echo "There should be a 2 sequences of .'s and some +'s." | ||
| 21 | echo "There should not be more that at most 80 per line" | ||
| 22 | fi | ||
| 23 | |||
| 16 | echo "This could take some time." | 24 | echo "This could take some time." |
| 17 | 25 | ||
| 18 | ../apps/ssleay req -config test.cnf -new -out testreq.pem | 26 | ../apps/openssl req -config test.cnf $req_new -out testreq.pem |
| 19 | if [ $? != 0 ]; then | 27 | if [ $? != 0 ]; then |
| 20 | echo problems creating request | 28 | echo problems creating request |
| 21 | exit 1 | 29 | exit 1 |
| 22 | fi | 30 | fi |
| 23 | 31 | ||
| 24 | ../apps/ssleay req -verify -in testreq.pem -noout | 32 | ../apps/openssl req -config test.cnf -verify -in testreq.pem -noout |
| 25 | if [ $? != 0 ]; then | 33 | if [ $? != 0 ]; then |
| 26 | echo signature on req is wrong | 34 | echo signature on req is wrong |
| 27 | exit 1 | 35 | exit 1 |
diff --git a/src/lib/libssl/test/testp7.pem b/src/lib/libssl/test/testp7.pem index b3b6dba830..e5b7866c31 100644 --- a/src/lib/libssl/test/testp7.pem +++ b/src/lib/libssl/test/testp7.pem | |||
| @@ -1,46 +1,46 @@ | |||
| 1 | -----BEGIN PKCS7----- | 1 | -----BEGIN PKCS7----- |
| 2 | MIAGCSqGSIb3DQEHAqCAMIIIBwIBATEAMIAGCSqGSIb3DQEHAQAAoIIGPDCCBHIw | 2 | MIIIGAYJKoZIhvcNAQcCoIIICTCCCAUCAQExADALBgkqhkiG9w0BBwGgggY8MIIE |
| 3 | ggQcoAMCAQICEHkvjiX1iVGQMenF9HgIjI8wDQYJKoZIhvcNAQEEBQAwYjERMA8G | 3 | cjCCBBygAwIBAgIQeS+OJfWJUZAx6cX0eAiMjzANBgkqhkiG9w0BAQQFADBiMREw |
| 4 | A1UEBxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQL | 4 | DwYDVQQHEwhJbnRlcm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNV |
| 5 | EytWZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMB4X | 5 | BAsTK1ZlcmlTaWduIENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIw |
| 6 | DTk2MDcxOTAwMDAwMFoXDTk3MDMzMDIzNTk1OVowgdUxETAPBgNVBAcTCEludGVy | 6 | HhcNOTYwNzE5MDAwMDAwWhcNOTcwMzMwMjM1OTU5WjCB1TERMA8GA1UEBxMISW50 |
| 7 | bmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNpZ24g | ||
| 8 | Q2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjEoMCYGA1UECxMfRGln | ||
| 9 | aXRhbCBJRCBDbGFzcyAxIC0gU01JTUUgVGVzdDFHMEUGA1UECxM+d3d3LnZlcmlz | ||
| 10 | aWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLjAgSW5jLiBieSBSZWYuLExJQUIuTFRE | ||
| 11 | KGMpOTYwWzANBgkqhkiG9w0BAQEFAANKADBHAkAOy7xxCAIkOfuIA2LyRpxgKlDO | ||
| 12 | Rl8htdXYhF5iBGUx1GYaK6KF+bK/CCI0l4j2OfWGFBUrwGoWqxTNcWgTfMzRAgMB | ||
| 13 | AAGjggI5MIICNTAJBgNVHRMEAjAAMIICJgYDVR0DBIICHTCCAhkwggIVMIICEQYL | ||
| 14 | YIZIAYb4RQEHAQEwggIAFoIBq1RoaXMgY2VydGlmaWNhdGUgaW5jb3Jwb3JhdGVz | ||
| 15 | IGJ5IHJlZmVyZW5jZSwgYW5kIGl0cyB1c2UgaXMgc3RyaWN0bHkgc3ViamVjdCB0 | ||
| 16 | bywgdGhlIFZlcmlTaWduIENlcnRpZmljYXRpb24gUHJhY3RpY2UgU3RhdGVtZW50 | ||
| 17 | IChDUFMpLCBhdmFpbGFibGUgYXQ6IGh0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9D | ||
| 18 | UFMtMS4wOyBieSBFLW1haWwgYXQgQ1BTLXJlcXVlc3RzQHZlcmlzaWduLmNvbTsg | ||
| 19 | b3IgYnkgbWFpbCBhdCBWZXJpU2lnbiwgSW5jLiwgMjU5MyBDb2FzdCBBdmUuLCBN | ||
| 20 | b3VudGFpbiBWaWV3LCBDQSA5NDA0MyBVU0EgVGVsLiArMSAoNDE1KSA5NjEtODgz | ||
| 21 | MCBDb3B5cmlnaHQgKGMpIDE5OTYgVmVyaVNpZ24sIEluYy4gIEFsbCBSaWdodHMg | ||
| 22 | UmVzZXJ2ZWQuIENFUlRBSU4gV0FSUkFOVElFUyBESVNDTEFJTUVEIGFuZCBMSUFC | ||
| 23 | SUxJVFkgTElNSVRFRC6gDgYMYIZIAYb4RQEHAQEBoQ4GDGCGSAGG+EUBBwEBAjAv | ||
| 24 | MC0WK2h0dHBzOi8vd3d3LnZlcmlzaWduLmNvbS9yZXBvc2l0b3J5L0NQUy0xLgMw | ||
| 25 | DQYJKoZIhvcNAQEEBQADQQDAmA7km/3iJWEsWN9Z2WU2gmZAknx45WnDKHxMa3Bf | ||
| 26 | gNsh6BLk/ngkJKjNKTDR13XVHqEPUY1flbjATZputw1GMIIBwjCCAWygAwIBAgIQ | ||
| 27 | fAmE6tW5ERSQWDneu3KfSTANBgkqhkiG9w0BAQIFADA+MQswCQYDVQQGEwJVUzEX | ||
| 28 | MBUGA1UEChMOVmVyaVNpZ24sIEluYy4xFjAUBgNVBAsTDVRFU1QgUm9vdCBQQ0Ew | ||
| 29 | HhcNOTYwNzE3MDAwMDAwWhcNOTcwNzE3MjM1OTU5WjBiMREwDwYDVQQHEwhJbnRl | ||
| 30 | cm5ldDEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNDAyBgNVBAsTK1ZlcmlTaWdu | ||
| 31 | IENsYXNzIDEgQ0EgLSBJbmRpdmlkdWFsIFN1YnNjcmliZXIwXDANBgkqhkiG9w0B | ||
| 32 | AQEFAANLADBIAkEA7Fc6zYJw4WwCWa1ni3fYNbzGSQNluuw990024GusjLfhEk1h | ||
| 33 | MsIUukTT/n8yxoO7rYp4x+LS+tHF2tBtuxg7CwIDAQABoyIwIDALBgNVHQ8EBAMC | ||
| 34 | AQYwEQYJYIZIAYb4QgEBBAQDAgIEMA0GCSqGSIb3DQEBAgUAA0EAFKem0cJGg9nd | ||
| 35 | TAbP5o1HIEyNn11ZlvLU5v1Hejs1MKQt72IMm4jjgOH+pjguXW8lB6yzrK4oVOO2 | ||
| 36 | UNCaNQ1H26GCAa0wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UEBxMISW50 | ||
| 37 | ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln | 7 | ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytWZXJpU2ln |
| 38 | biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3MTcxNzU5 | 8 | biBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyMSgwJgYDVQQLEx9E |
| 39 | MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsWsQmste9f | 9 | aWdpdGFsIElEIENsYXNzIDEgLSBTTUlNRSBUZXN0MUcwRQYDVQQLEz53d3cudmVy |
| 40 | +UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9XfZsaiiI | 10 | aXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEuMCBJbmMuIGJ5IFJlZi4sTElBQi5M |
| 41 | gotQHjCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVTMRcwFQYDVQQK | 11 | VEQoYyk5NjBbMA0GCSqGSIb3DQEBAQUAA0oAMEcCQA7LvHEIAiQ5+4gDYvJGnGAq |
| 42 | Ew5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBDQRcNOTYwNzE3 | 12 | UM5GXyG11diEXmIEZTHUZhorooX5sr8IIjSXiPY59YYUFSvAaharFM1xaBN8zNEC |
| 43 | MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANBAHitA0/xAukC | 13 | AwEAAaOCAjkwggI1MAkGA1UdEwQCMAAwggImBgNVHQMEggIdMIICGTCCAhUwggIR |
| 44 | jHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMlExONA3ju10f7 | 14 | BgtghkgBhvhFAQcBATCCAgAWggGrVGhpcyBjZXJ0aWZpY2F0ZSBpbmNvcnBvcmF0 |
| 45 | owIq3s3wx10xAAAAAAA= | 15 | ZXMgYnkgcmVmZXJlbmNlLCBhbmQgaXRzIHVzZSBpcyBzdHJpY3RseSBzdWJqZWN0 |
| 16 | IHRvLCB0aGUgVmVyaVNpZ24gQ2VydGlmaWNhdGlvbiBQcmFjdGljZSBTdGF0ZW1l | ||
| 17 | bnQgKENQUyksIGF2YWlsYWJsZSBhdDogaHR0cHM6Ly93d3cudmVyaXNpZ24uY29t | ||
| 18 | L0NQUy0xLjA7IGJ5IEUtbWFpbCBhdCBDUFMtcmVxdWVzdHNAdmVyaXNpZ24uY29t | ||
| 19 | OyBvciBieSBtYWlsIGF0IFZlcmlTaWduLCBJbmMuLCAyNTkzIENvYXN0IEF2ZS4s | ||
| 20 | IE1vdW50YWluIFZpZXcsIENBIDk0MDQzIFVTQSBUZWwuICsxICg0MTUpIDk2MS04 | ||
| 21 | ODMwIENvcHlyaWdodCAoYykgMTk5NiBWZXJpU2lnbiwgSW5jLiAgQWxsIFJpZ2h0 | ||
| 22 | cyBSZXNlcnZlZC4gQ0VSVEFJTiBXQVJSQU5USUVTIERJU0NMQUlNRUQgYW5kIExJ | ||
| 23 | QUJJTElUWSBMSU1JVEVELqAOBgxghkgBhvhFAQcBAQGhDgYMYIZIAYb4RQEHAQEC | ||
| 24 | MC8wLRYraHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTLTEu | ||
| 25 | AzANBgkqhkiG9w0BAQQFAANBAMCYDuSb/eIlYSxY31nZZTaCZkCSfHjlacMofExr | ||
| 26 | cF+A2yHoEuT+eCQkqM0pMNHXddUeoQ9RjV+VuMBNmm63DUYwggHCMIIBbKADAgEC | ||
| 27 | AhB8CYTq1bkRFJBYOd67cp9JMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
| 28 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
| 29 | QTAeFw05NjA3MTcwMDAwMDBaFw05NzA3MTcyMzU5NTlaMGIxETAPBgNVBAcTCElu | ||
| 30 | dGVybmV0MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjE0MDIGA1UECxMrVmVyaVNp | ||
| 31 | Z24gQ2xhc3MgMSBDQSAtIEluZGl2aWR1YWwgU3Vic2NyaWJlcjBcMA0GCSqGSIb3 | ||
| 32 | DQEBAQUAA0sAMEgCQQDsVzrNgnDhbAJZrWeLd9g1vMZJA2W67D33TTbga6yMt+ES | ||
| 33 | TWEywhS6RNP+fzLGg7utinjH4tL60cXa0G27GDsLAgMBAAGjIjAgMAsGA1UdDwQE | ||
| 34 | AwIBBjARBglghkgBhvhCAQEEBAMCAgQwDQYJKoZIhvcNAQECBQADQQAUp6bRwkaD | ||
| 35 | 2d1MBs/mjUcgTI2fXVmW8tTm/Ud6OzUwpC3vYgybiOOA4f6mOC5dbyUHrLOsrihU | ||
| 36 | 47ZQ0Jo1DUfboYIBrTCBwTBtMA0GCSqGSIb3DQEBAgUAMD4xCzAJBgNVBAYTAlVT | ||
| 37 | MRcwFQYDVQQKEw5WZXJpU2lnbiwgSW5jLjEWMBQGA1UECxMNVEVTVCBSb290IFBD | ||
| 38 | QRcNOTYwNzE3MTc0NDA5WhcNOTgwNzE3MDAwMDAwWjANBgkqhkiG9w0BAQIFAANB | ||
| 39 | AHitA0/xAukCjHzeh1AMT/l2oC68N+yFb+aJPHBBMxc6gG2MaKjBNwb5hcXUllMl | ||
| 40 | ExONA3ju10f7owIq3s3wx10wgeYwgZEwDQYJKoZIhvcNAQECBQAwYjERMA8GA1UE | ||
| 41 | BxMISW50ZXJuZXQxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMTQwMgYDVQQLEytW | ||
| 42 | ZXJpU2lnbiBDbGFzcyAxIENBIC0gSW5kaXZpZHVhbCBTdWJzY3JpYmVyFw05NjA3 | ||
| 43 | MTcxNzU5MjlaFw05NzA3MTgwMDAwMDBaMA0GCSqGSIb3DQEBAgUAA0EAubVWYTsW | ||
| 44 | sQmste9f+UgMw8BkjDlM25fwQLrCfmmnLxjewey10kSROypUaJLb+r4oRALc0fG9 | ||
| 45 | XfZsaiiIgotQHjEA | ||
| 46 | -----END PKCS7----- | 46 | -----END PKCS7----- |
diff --git a/src/lib/libssl/test/testsid.pem b/src/lib/libssl/test/testsid.pem index cd8617be2e..7ffd008f66 100644 --- a/src/lib/libssl/test/testsid.pem +++ b/src/lib/libssl/test/testsid.pem | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | -----BEGIN SSL SESSION PARAMETERS----- | 1 | -----BEGIN SSL SESSION PARAMETERS----- |
| 2 | MIIBxwIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV | 2 | MIIB1gIBAQIBAgQDAQCABBCi11xa5qkOP8xrr02K/NQCBBBkIYQZM0Bt95W0EHNV |
| 3 | bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw | 3 | bA58oQYCBDIBr7WiBAICASyjggGGMIIBgjCCASwCAQMwDQYJKoZIhvcNAQEEBQAw |
| 4 | ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz | 4 | ODELMAkGA1UEBhMCQVUxDDAKBgNVBAgTA1FMRDEbMBkGA1UEAxMSU1NMZWF5L3Jz |
| 5 | YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG | 5 | YSB0ZXN0IENBMB4XDTk1MTAwOTIzMzEzNFoXDTk4MDcwNTIzMzEzNFowYDELMAkG |
| @@ -8,5 +8,5 @@ LjELMAkGA1UECxMCQ1MxGzAZBgNVBAMTElNTTGVheSBkZW1vIGNsaWVudDBcMA0G | |||
| 8 | CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD | 8 | CSqGSIb3DQEBAQUAA0sAMEgCQQC4pcXEL1lgVA+B5Q3TcuW/O3LZHoA73IYm8oFD |
| 9 | TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI | 9 | TezgCDhL2RTMn+seKWF36UtJKRIOBU9jZHCVVd0Me5ls6BEjAgMBAAEwDQYJKoZI |
| 10 | hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L | 10 | hvcNAQEEBQADQQBoIpOcwUY1qlVF7j3ROSGvUsbvByOBFmYWkIBgsCqR+9qo1A7L |
| 11 | CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTv | 11 | CrWF5i8LWt/vLwAHaxWNx2YuBJMFyuK81fTvpA0EC3Rlc3Rjb250ZXh0 |
| 12 | -----END SSL SESSION PARAMETERS----- | 12 | -----END SSL SESSION PARAMETERS----- |
diff --git a/src/lib/libssl/test/testss b/src/lib/libssl/test/testss index a5aecf4694..8d3557f356 100644 --- a/src/lib/libssl/test/testss +++ b/src/lib/libssl/test/testss | |||
| @@ -1,9 +1,10 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | digest='-mdc2' | 3 | digest='-md5' |
| 4 | reqcmd="../apps/ssleay req" | 4 | reqcmd="../apps/openssl req" |
| 5 | x509cmd="../apps/ssleay x509 $digest" | 5 | x509cmd="../apps/openssl x509 $digest" |
| 6 | verifycmd="../apps/ssleay verify" | 6 | verifycmd="../apps/openssl verify" |
| 7 | dummycnf="../apps/openssl.cnf" | ||
| 7 | 8 | ||
| 8 | CAkey="keyCA.ss" | 9 | CAkey="keyCA.ss" |
| 9 | CAcert="certCA.ss" | 10 | CAcert="certCA.ss" |
| @@ -18,7 +19,16 @@ Ucert="certU.ss" | |||
| 18 | 19 | ||
| 19 | echo | 20 | echo |
| 20 | echo "make a certificate request using 'req'" | 21 | echo "make a certificate request using 'req'" |
| 21 | $reqcmd -config $CAconf -out $CAreq -keyout $CAkey -new #>err.ss | 22 | |
| 23 | echo "string to make the random number generator think it has entropy" >> ./.rnd | ||
| 24 | |||
| 25 | if ../apps/openssl no-rsa; then | ||
| 26 | req_new='-newkey dsa:../apps/dsa512.pem' | ||
| 27 | else | ||
| 28 | req_new='-new' | ||
| 29 | fi | ||
| 30 | |||
| 31 | $reqcmd -config $CAconf -out $CAreq -keyout $CAkey $req_new #>err.ss | ||
| 22 | if [ $? != 0 ]; then | 32 | if [ $? != 0 ]; then |
| 23 | echo "error using 'req' to generate a certificate request" | 33 | echo "error using 'req' to generate a certificate request" |
| 24 | exit 1 | 34 | exit 1 |
| @@ -39,13 +49,13 @@ if [ $? != 0 ]; then | |||
| 39 | exit 1 | 49 | exit 1 |
| 40 | fi | 50 | fi |
| 41 | 51 | ||
| 42 | $reqcmd -verify -in $CAreq -noout | 52 | $reqcmd -config $dummycnf -verify -in $CAreq -noout |
| 43 | if [ $? != 0 ]; then | 53 | if [ $? != 0 ]; then |
| 44 | echo first generated request is invalid | 54 | echo first generated request is invalid |
| 45 | exit 1 | 55 | exit 1 |
| 46 | fi | 56 | fi |
| 47 | 57 | ||
| 48 | $reqcmd -verify -in $CAreq2 -noout | 58 | $reqcmd -config $dummycnf -verify -in $CAreq2 -noout |
| 49 | if [ $? != 0 ]; then | 59 | if [ $? != 0 ]; then |
| 50 | echo second generated request is invalid | 60 | echo second generated request is invalid |
| 51 | exit 1 | 61 | exit 1 |
| @@ -59,7 +69,7 @@ fi | |||
| 59 | 69 | ||
| 60 | echo | 70 | echo |
| 61 | echo "make another certificate request using 'req'" | 71 | echo "make another certificate request using 'req'" |
| 62 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey -new >err.ss | 72 | $reqcmd -config $Uconf -out $Ureq -keyout $Ukey $req_new >err.ss |
| 63 | if [ $? != 0 ]; then | 73 | if [ $? != 0 ]; then |
| 64 | echo "error using 'req' to generate a certificate request" | 74 | echo "error using 'req' to generate a certificate request" |
| 65 | exit 1 | 75 | exit 1 |
diff --git a/src/lib/libssl/test/testssl b/src/lib/libssl/test/testssl index f115adb8e1..ba5e41c861 100644 --- a/src/lib/libssl/test/testssl +++ b/src/lib/libssl/test/testssl | |||
| @@ -1,40 +1,137 @@ | |||
| 1 | #!/bin/sh | 1 | #!/bin/sh |
| 2 | 2 | ||
| 3 | if [ "$1" = "" ]; then | ||
| 4 | key=../apps/server.pem | ||
| 5 | else | ||
| 6 | key="$1" | ||
| 7 | fi | ||
| 8 | if [ "$2" = "" ]; then | ||
| 9 | cert=../apps/server.pem | ||
| 10 | else | ||
| 11 | cert="$2" | ||
| 12 | fi | ||
| 13 | ssltest="./ssltest -key $key -cert $cert -c_key $key -c_cert $cert" | ||
| 14 | |||
| 15 | if ../apps/openssl x509 -in $cert -text -noout | fgrep 'DSA Public Key' >/dev/null; then | ||
| 16 | dsa_cert=YES | ||
| 17 | else | ||
| 18 | dsa_cert=NO | ||
| 19 | fi | ||
| 20 | |||
| 21 | if [ "$3" = "" ]; then | ||
| 22 | CA="-CApath ../certs" | ||
| 23 | else | ||
| 24 | CA="-CAfile $3" | ||
| 25 | fi | ||
| 26 | |||
| 27 | if [ "$4" = "" ]; then | ||
| 28 | extra="" | ||
| 29 | else | ||
| 30 | extra="$4" | ||
| 31 | fi | ||
| 32 | |||
| 33 | ############################################################################# | ||
| 34 | |||
| 3 | echo test sslv2 | 35 | echo test sslv2 |
| 4 | ./ssltest -ssl2 || exit 1 | 36 | $ssltest -ssl2 $extra || exit 1 |
| 5 | 37 | ||
| 6 | echo test sslv2 with server authentication | 38 | echo test sslv2 with server authentication |
| 7 | ./ssltest -ssl2 -server_auth -CApath ../certs || exit 1 | 39 | $ssltest -ssl2 -server_auth $CA $extra || exit 1 |
| 8 | 40 | ||
| 9 | echo test sslv2 with client authentication | 41 | if [ $dsa_cert = NO ]; then |
| 10 | ./ssltest -ssl2 -client_auth -CApath ../certs || exit 1 | 42 | echo test sslv2 with client authentication |
| 43 | $ssltest -ssl2 -client_auth $CA $extra || exit 1 | ||
| 11 | 44 | ||
| 12 | echo test sslv2 with both client and server authentication | 45 | echo test sslv2 with both client and server authentication |
| 13 | ./ssltest -ssl2 -server_auth -client_auth -CApath ../certs || exit 1 | 46 | $ssltest -ssl2 -server_auth -client_auth $CA $extra || exit 1 |
| 47 | fi | ||
| 14 | 48 | ||
| 15 | echo test sslv3 | 49 | echo test sslv3 |
| 16 | ./ssltest -ssl3 || exit 1 | 50 | $ssltest -ssl3 $extra || exit 1 |
| 17 | 51 | ||
| 18 | echo test sslv3 with server authentication | 52 | echo test sslv3 with server authentication |
| 19 | ./ssltest -ssl3 -server_auth -CApath ../certs || exit 1 | 53 | $ssltest -ssl3 -server_auth $CA $extra || exit 1 |
| 20 | 54 | ||
| 21 | echo test sslv3 with client authentication | 55 | echo test sslv3 with client authentication |
| 22 | ./ssltest -ssl3 -client_auth -CApath ../certs || exit 1 | 56 | $ssltest -ssl3 -client_auth $CA $extra || exit 1 |
| 23 | 57 | ||
| 24 | echo test sslv3 with both client and server authentication | 58 | echo test sslv3 with both client and server authentication |
| 25 | ./ssltest -ssl3 -server_auth -client_auth -CApath ../certs || exit 1 | 59 | $ssltest -ssl3 -server_auth -client_auth $CA $extra || exit 1 |
| 26 | 60 | ||
| 27 | echo test sslv2/sslv3 | 61 | echo test sslv2/sslv3 |
| 28 | ./ssltest || exit 1 | 62 | $ssltest $extra || exit 1 |
| 29 | 63 | ||
| 30 | echo test sslv2/sslv3 with server authentication | 64 | echo test sslv2/sslv3 with server authentication |
| 31 | ./ssltest -server_auth -CApath ../certs || exit 1 | 65 | $ssltest -server_auth $CA $extra || exit 1 |
| 32 | 66 | ||
| 33 | echo test sslv2/sslv3 with client authentication | 67 | echo test sslv2/sslv3 with client authentication |
| 34 | ./ssltest -client_auth -CApath ../certs || exit 1 | 68 | $ssltest -client_auth $CA $extra || exit 1 |
| 35 | 69 | ||
| 36 | echo test sslv2/sslv3 with both client and server authentication | 70 | echo test sslv2/sslv3 with both client and server authentication |
| 37 | ./ssltest -server_auth -client_auth -CApath ../certs || exit 1 | 71 | $ssltest -server_auth -client_auth $CA $extra || exit 1 |
| 38 | 72 | ||
| 39 | exit 0 | 73 | echo test sslv2 via BIO pair |
| 74 | $ssltest -bio_pair -ssl2 $extra || exit 1 | ||
| 75 | |||
| 76 | echo test sslv2 with server authentication via BIO pair | ||
| 77 | $ssltest -bio_pair -ssl2 -server_auth $CA $extra || exit 1 | ||
| 78 | |||
| 79 | if [ $dsa_cert = NO ]; then | ||
| 80 | echo test sslv2 with client authentication via BIO pair | ||
| 81 | $ssltest -bio_pair -ssl2 -client_auth $CA $extra || exit 1 | ||
| 82 | |||
| 83 | echo test sslv2 with both client and server authentication via BIO pair | ||
| 84 | $ssltest -bio_pair -ssl2 -server_auth -client_auth $CA $extra || exit 1 | ||
| 85 | fi | ||
| 86 | |||
| 87 | echo test sslv3 via BIO pair | ||
| 88 | $ssltest -bio_pair -ssl3 $extra || exit 1 | ||
| 89 | |||
| 90 | echo test sslv3 with server authentication via BIO pair | ||
| 91 | $ssltest -bio_pair -ssl3 -server_auth $CA $extra || exit 1 | ||
| 92 | |||
| 93 | echo test sslv3 with client authentication via BIO pair | ||
| 94 | $ssltest -bio_pair -ssl3 -client_auth $CA $extra || exit 1 | ||
| 95 | |||
| 96 | echo test sslv3 with both client and server authentication via BIO pair | ||
| 97 | $ssltest -bio_pair -ssl3 -server_auth -client_auth $CA $extra || exit 1 | ||
| 40 | 98 | ||
| 99 | echo test sslv2/sslv3 via BIO pair | ||
| 100 | $ssltest $extra || exit 1 | ||
| 101 | |||
| 102 | if [ $dsa_cert = NO ]; then | ||
| 103 | echo test sslv2/sslv3 w/o DHE via BIO pair | ||
| 104 | $ssltest -bio_pair -no_dhe $extra || exit 1 | ||
| 105 | fi | ||
| 106 | |||
| 107 | echo test sslv2/sslv3 with 1024bit DHE via BIO pair | ||
| 108 | $ssltest -bio_pair -dhe1024dsa -v $extra || exit 1 | ||
| 109 | |||
| 110 | echo test sslv2/sslv3 with server authentication | ||
| 111 | $ssltest -bio_pair -server_auth $CA $extra || exit 1 | ||
| 112 | |||
| 113 | echo test sslv2/sslv3 with client authentication via BIO pair | ||
| 114 | $ssltest -bio_pair -client_auth $CA $extra || exit 1 | ||
| 115 | |||
| 116 | echo test sslv2/sslv3 with both client and server authentication via BIO pair | ||
| 117 | $ssltest -bio_pair -server_auth -client_auth $CA $extra || exit 1 | ||
| 118 | |||
| 119 | echo test sslv2/sslv3 with both client and server authentication via BIO pair and app verify | ||
| 120 | $ssltest -bio_pair -server_auth -client_auth -app_verify $CA $extra || exit 1 | ||
| 121 | |||
| 122 | ############################################################################# | ||
| 123 | |||
| 124 | echo test tls1 with 1024bit anonymous DH, multiple handshakes | ||
| 125 | $ssltest -v -bio_pair -tls1 -cipher ADH -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
| 126 | |||
| 127 | if ../apps/openssl no-rsa; then | ||
| 128 | echo skipping RSA tests | ||
| 129 | else | ||
| 130 | echo test tls1 with 1024bit RSA, no DHE, multiple handshakes | ||
| 131 | ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -no_dhe -num 10 -f -time $extra || exit 1 | ||
| 132 | |||
| 133 | echo test tls1 with 1024bit RSA, 1024bit DHE, multiple handshakes | ||
| 134 | ./ssltest -v -bio_pair -tls1 -cert ../apps/server2.pem -dhe1024dsa -num 10 -f -time $extra || exit 1 | ||
| 135 | fi | ||
| 136 | |||
| 137 | exit 0 | ||
diff --git a/src/lib/libssl/test/tpkcs7 b/src/lib/libssl/test/tpkcs7 index ea1f005dac..15bbba42c0 100644 --- a/src/lib/libssl/test/tpkcs7 +++ b/src/lib/libssl/test/tpkcs7 | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay pkcs7' | 6 | cmd='../apps/openssl pkcs7' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
diff --git a/src/lib/libssl/test/tpkcs7d b/src/lib/libssl/test/tpkcs7d index c8f18fb09c..46e5aa2bd6 100644 --- a/src/lib/libssl/test/tpkcs7d +++ b/src/lib/libssl/test/tpkcs7d | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay pkcs7' | 6 | cmd='../apps/openssl pkcs7' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
| @@ -11,7 +11,7 @@ else | |||
| 11 | t=pkcs7-1.pem | 11 | t=pkcs7-1.pem |
| 12 | fi | 12 | fi |
| 13 | 13 | ||
| 14 | echo testing pkcs7 conversions | 14 | echo "testing pkcs7 conversions (2)" |
| 15 | cp $t fff.p | 15 | cp $t fff.p |
| 16 | 16 | ||
| 17 | echo "p -> d" | 17 | echo "p -> d" |
diff --git a/src/lib/libssl/test/treq b/src/lib/libssl/test/treq index e5f1d8cc41..9f5eb7eea5 100644 --- a/src/lib/libssl/test/treq +++ b/src/lib/libssl/test/treq | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay req' | 6 | cmd='../apps/openssl req -config ../apps/openssl.cnf' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
| @@ -11,6 +11,11 @@ else | |||
| 11 | t=testreq.pem | 11 | t=testreq.pem |
| 12 | fi | 12 | fi |
| 13 | 13 | ||
| 14 | if $cmd -in $t -inform p -noout -text | fgrep 'Unknown Public Key'; then | ||
| 15 | echo "skipping req conversion test for $t" | ||
| 16 | exit 0 | ||
| 17 | fi | ||
| 18 | |||
| 14 | echo testing req conversions | 19 | echo testing req conversions |
| 15 | cp $t fff.p | 20 | cp $t fff.p |
| 16 | 21 | ||
diff --git a/src/lib/libssl/test/trsa b/src/lib/libssl/test/trsa index e5b8fe0448..bd6c07650a 100644 --- a/src/lib/libssl/test/trsa +++ b/src/lib/libssl/test/trsa | |||
| @@ -3,7 +3,12 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay rsa' | 6 | if ../apps/openssl no-rsa; then |
| 7 | echo skipping rsa conversion test | ||
| 8 | exit 0 | ||
| 9 | fi | ||
| 10 | |||
| 11 | cmd='../apps/openssl rsa' | ||
| 7 | 12 | ||
| 8 | if [ "$1"x != "x" ]; then | 13 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 14 | t=$1 |
diff --git a/src/lib/libssl/test/tsid b/src/lib/libssl/test/tsid index 8c7e9b1387..9e0854516c 100644 --- a/src/lib/libssl/test/tsid +++ b/src/lib/libssl/test/tsid | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay sess_id' | 6 | cmd='../apps/openssl sess_id' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
diff --git a/src/lib/libssl/test/tx509 b/src/lib/libssl/test/tx509 index f8d1f82cdd..35169f3a43 100644 --- a/src/lib/libssl/test/tx509 +++ b/src/lib/libssl/test/tx509 | |||
| @@ -3,7 +3,7 @@ | |||
| 3 | PATH=../apps:$PATH | 3 | PATH=../apps:$PATH |
| 4 | export PATH | 4 | export PATH |
| 5 | 5 | ||
| 6 | cmd='../apps/ssleay x509' | 6 | cmd='../apps/openssl x509' |
| 7 | 7 | ||
| 8 | if [ "$1"x != "x" ]; then | 8 | if [ "$1"x != "x" ]; then |
| 9 | t=$1 | 9 | t=$1 |
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index 60978613ef..88ec5fb527 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h | |||
| @@ -59,12 +59,14 @@ | |||
| 59 | #ifndef HEADER_TLS1_H | 59 | #ifndef HEADER_TLS1_H |
| 60 | #define HEADER_TLS1_H | 60 | #define HEADER_TLS1_H |
| 61 | 61 | ||
| 62 | #include "buffer.h" | 62 | #include <openssl/buffer.h> |
| 63 | 63 | ||
| 64 | #ifdef __cplusplus | 64 | #ifdef __cplusplus |
| 65 | extern "C" { | 65 | extern "C" { |
| 66 | #endif | 66 | #endif |
| 67 | 67 | ||
| 68 | #define TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES 1 | ||
| 69 | |||
| 68 | #define TLS1_VERSION 0x0301 | 70 | #define TLS1_VERSION 0x0301 |
| 69 | #define TLS1_VERSION_MAJOR 0x03 | 71 | #define TLS1_VERSION_MAJOR 0x03 |
| 70 | #define TLS1_VERSION_MINOR 0x01 | 72 | #define TLS1_VERSION_MINOR 0x01 |
| @@ -75,13 +77,71 @@ extern "C" { | |||
| 75 | #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ | 77 | #define TLS1_AD_ACCESS_DENIED 49 /* fatal */ |
| 76 | #define TLS1_AD_DECODE_ERROR 50 /* fatal */ | 78 | #define TLS1_AD_DECODE_ERROR 50 /* fatal */ |
| 77 | #define TLS1_AD_DECRYPT_ERROR 51 | 79 | #define TLS1_AD_DECRYPT_ERROR 51 |
| 78 | #define TLS1_AD_EXPORT_RESTRICION 60 /* fatal */ | 80 | #define TLS1_AD_EXPORT_RESTRICTION 60 /* fatal */ |
| 79 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ | 81 | #define TLS1_AD_PROTOCOL_VERSION 70 /* fatal */ |
| 80 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ | 82 | #define TLS1_AD_INSUFFICIENT_SECURITY 71 /* fatal */ |
| 81 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ | 83 | #define TLS1_AD_INTERNAL_ERROR 80 /* fatal */ |
| 82 | #define TLS1_AD_USER_CANCLED 90 | 84 | #define TLS1_AD_USER_CANCELLED 90 |
| 83 | #define TLS1_AD_NO_RENEGOTIATION 100 | 85 | #define TLS1_AD_NO_RENEGOTIATION 100 |
| 84 | 86 | ||
| 87 | /* Additional TLS ciphersuites from draft-ietf-tls-56-bit-ciphersuites-00.txt | ||
| 88 | * (available if TLS1_ALLOW_EXPERIMENTAL_CIPHERSUITES is defined, see | ||
| 89 | * s3_lib.c). We actually treat them like SSL 3.0 ciphers, which we probably | ||
| 90 | * shouldn't. */ | ||
| 91 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_MD5 0x03000060 | ||
| 92 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 0x03000061 | ||
| 93 | #define TLS1_CK_RSA_EXPORT1024_WITH_DES_CBC_SHA 0x03000062 | ||
| 94 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA 0x03000063 | ||
| 95 | #define TLS1_CK_RSA_EXPORT1024_WITH_RC4_56_SHA 0x03000064 | ||
| 96 | #define TLS1_CK_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA 0x03000065 | ||
| 97 | #define TLS1_CK_DHE_DSS_WITH_RC4_128_SHA 0x03000066 | ||
| 98 | |||
| 99 | /* AES ciphersuites from draft ietf-tls-ciphersuite-03.txt */ | ||
| 100 | |||
| 101 | #define TLS1_CK_RSA_WITH_AES_128_SHA 0x0300002F | ||
| 102 | #define TLS1_CK_DH_DSS_WITH_AES_128_SHA 0x03000030 | ||
| 103 | #define TLS1_CK_DH_RSA_WITH_AES_128_SHA 0x03000031 | ||
| 104 | #define TLS1_CK_DHE_DSS_WITH_AES_128_SHA 0x03000032 | ||
| 105 | #define TLS1_CK_DHE_RSA_WITH_AES_128_SHA 0x03000033 | ||
| 106 | #define TLS1_CK_ADH_WITH_AES_128_SHA 0x03000034 | ||
| 107 | |||
| 108 | #define TLS1_CK_RSA_WITH_AES_256_SHA 0x03000035 | ||
| 109 | #define TLS1_CK_DH_DSS_WITH_AES_256_SHA 0x03000036 | ||
| 110 | #define TLS1_CK_DH_RSA_WITH_AES_256_SHA 0x03000037 | ||
| 111 | #define TLS1_CK_DHE_DSS_WITH_AES_256_SHA 0x03000038 | ||
| 112 | #define TLS1_CK_DHE_RSA_WITH_AES_256_SHA 0x03000039 | ||
| 113 | #define TLS1_CK_ADH_WITH_AES_256_SHA 0x0300003A | ||
| 114 | |||
| 115 | /* XXX | ||
| 116 | * Inconsistency alert: | ||
| 117 | * The OpenSSL names of ciphers with ephemeral DH here include the string | ||
| 118 | * "DHE", while elsewhere it has always been "EDH". | ||
| 119 | * (The alias for the list of all such ciphers also is "EDH".) | ||
| 120 | * The specifications speak of "EDH"; maybe we should allow both forms | ||
| 121 | * for everything. */ | ||
| 122 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_MD5 "EXP1024-RC4-MD5" | ||
| 123 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC2_CBC_56_MD5 "EXP1024-RC2-CBC-MD5" | ||
| 124 | #define TLS1_TXT_RSA_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DES-CBC-SHA" | ||
| 125 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA "EXP1024-DHE-DSS-DES-CBC-SHA" | ||
| 126 | #define TLS1_TXT_RSA_EXPORT1024_WITH_RC4_56_SHA "EXP1024-RC4-SHA" | ||
| 127 | #define TLS1_TXT_DHE_DSS_EXPORT1024_WITH_RC4_56_SHA "EXP1024-DHE-DSS-RC4-SHA" | ||
| 128 | #define TLS1_TXT_DHE_DSS_WITH_RC4_128_SHA "DHE-DSS-RC4-SHA" | ||
| 129 | /* AES ciphersuites from draft-ietf-tls-ciphersuite-06.txt */ | ||
| 130 | #define TLS1_TXT_RSA_WITH_AES_128_SHA "AESdraft128-SHA" | ||
| 131 | #define TLS1_TXT_DH_DSS_WITH_AES_128_SHA "DH-DSS-AESdraft128-SHA" | ||
| 132 | #define TLS1_TXT_DH_RSA_WITH_AES_128_SHA "DH-RSA-AESdraft128-SHA" | ||
| 133 | #define TLS1_TXT_DHE_DSS_WITH_AES_128_SHA "DHE-DSS-AESdraft128-SHA" | ||
| 134 | #define TLS1_TXT_DHE_RSA_WITH_AES_128_SHA "DHE-RSA-AESdraft128-SHA" | ||
| 135 | #define TLS1_TXT_ADH_WITH_AES_128_SHA "ADH-AESdraft128-SHA" | ||
| 136 | |||
| 137 | #define TLS1_TXT_RSA_WITH_AES_256_SHA "AESdraft256-SHA" | ||
| 138 | #define TLS1_TXT_DH_DSS_WITH_AES_256_SHA "DH-DSS-AESdraft256-SHA" | ||
| 139 | #define TLS1_TXT_DH_RSA_WITH_AES_256_SHA "DH-RSA-AESdraft256-SHA" | ||
| 140 | #define TLS1_TXT_DHE_DSS_WITH_AES_256_SHA "DHE-DSS-AESdraft256-SHA" | ||
| 141 | #define TLS1_TXT_DHE_RSA_WITH_AES_256_SHA "DHE-RSA-AESdraft256-SHA" | ||
| 142 | #define TLS1_TXT_ADH_WITH_AES_256_SHA "ADH-AESdraft256-SHA" | ||
| 143 | |||
| 144 | |||
| 85 | #define TLS_CT_RSA_SIGN 1 | 145 | #define TLS_CT_RSA_SIGN 1 |
| 86 | #define TLS_CT_DSS_SIGN 2 | 146 | #define TLS_CT_DSS_SIGN 2 |
| 87 | #define TLS_CT_RSA_FIXED_DH 3 | 147 | #define TLS_CT_RSA_FIXED_DH 3 |
| @@ -108,6 +168,25 @@ extern "C" { | |||
| 108 | #define TLS_MD_MASTER_SECRET_CONST "master secret" | 168 | #define TLS_MD_MASTER_SECRET_CONST "master secret" |
| 109 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 | 169 | #define TLS_MD_MASTER_SECRET_CONST_SIZE 13 |
| 110 | 170 | ||
| 171 | #ifdef CHARSET_EBCDIC | ||
| 172 | #undef TLS_MD_CLIENT_FINISH_CONST | ||
| 173 | #define TLS_MD_CLIENT_FINISH_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*client finished*/ | ||
| 174 | #undef TLS_MD_SERVER_FINISH_CONST | ||
| 175 | #define TLS_MD_SERVER_FINISH_CONST "\x73\x65\x72\x76\x65\x72\x20\x66\x69\x6e\x69\x73\x68\x65\x64" /*server finished*/ | ||
| 176 | #undef TLS_MD_SERVER_WRITE_KEY_CONST | ||
| 177 | #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ | ||
| 178 | #undef TLS_MD_KEY_EXPANSION_CONST | ||
| 179 | #define TLS_MD_KEY_EXPANSION_CONST "\x6b\x65\x79\x20\x65\x78\x70\x61\x6e\x73\x69\x6f\x6e" /*key expansion*/ | ||
| 180 | #undef TLS_MD_CLIENT_WRITE_KEY_CONST | ||
| 181 | #define TLS_MD_CLIENT_WRITE_KEY_CONST "\x63\x6c\x69\x65\x6e\x74\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*client write key*/ | ||
| 182 | #undef TLS_MD_SERVER_WRITE_KEY_CONST | ||
| 183 | #define TLS_MD_SERVER_WRITE_KEY_CONST "\x73\x65\x72\x76\x65\x72\x20\x77\x72\x69\x74\x65\x20\x6b\x65\x79" /*server write key*/ | ||
| 184 | #undef TLS_MD_IV_BLOCK_CONST | ||
| 185 | #define TLS_MD_IV_BLOCK_CONST "\x49\x56\x20\x62\x6c\x6f\x63\x6b" /*IV block*/ | ||
| 186 | #undef TLS_MD_MASTER_SECRET_CONST | ||
| 187 | #define TLS_MD_MASTER_SECRET_CONST "\x6d\x61\x73\x74\x65\x72\x20\x73\x65\x63\x72\x65\x74" /*master secret*/ | ||
| 188 | #endif | ||
| 189 | |||
| 111 | #ifdef __cplusplus | 190 | #ifdef __cplusplus |
| 112 | } | 191 | } |
| 113 | #endif | 192 | #endif |